-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
quay-v3.8.0, quay-v3.12.0
-
False
-
None
-
False
-
-
-
Critical
-
Rejected
Description:
This is an issue of Quay 3.8.0 new feature "Global readonly super user ", with flag "GLOBAL_READONLY_SUPER_USERS", found the global readonly superuser "admin" can't see the organizations of other user namespaces on new UI. Pls review this issue.
GLOBAL_READONLY_SUPER_USERS: - admin SUPER_USERS: - quay
Quay Image: quay-operator-bundle-container-v3.8.0-115
Super user quay can see all organizations and user namespace:
Normal user "tom001":
Global readonly super user "admin" can only see the user and org of this user:
ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false AUTHENTICATION_TYPE: Database BROWSER_API_CALLS_XHR_ONLY: false BUILDLOGS_REDIS: host: quayregistry-quay-redis port: 6379 CREATE_NAMESPACE_ON_PUSH: true CREATE_PRIVATE_REPO_ON_PUSH: true CREATE_REPOSITORY_ON_PUSH_PUBLIC: true DATABASE_SECRET_KEY: 23La0kEAAkdlFPvnXRvcCHJ9FGr7sIvaocIT3gdfmFPHWj-CBp1BzEkBFI8ClxUtHiO58k2Jxs-58H90 DB_CONNECTION_ARGS: autorollback: true threadlocals: true DB_URI: postgresql://quayregistry-quay-database:JAnEuDq1LTXy6ooZNU9jKcxW81il3m6ChfcgHkBpEZUQUl-tSyNI2-7aVEkKrvz-FTTCvXUzrE-epmvV@quayregistry-quay-database:5432/quayregistry-quay-database DEFAULT_TAG_EXPIRATION: 2w DISTRIBUTED_STORAGE_CONFIG: default: - GoogleCloudStorage - access_key: ****** bucket_name: quaygcp13351 secret_key: ****** storage_path: /quay3401230a DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: - default DISTRIBUTED_STORAGE_PREFERENCE: - default ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg EXTERNAL_TLS_TERMINATION: true FEATURE_BUILD_SUPPORT: false FEATURE_DIRECT_LOGIN: true FEATURE_EXTENDED_REPOSITORY_NAMES: true FEATURE_GENERAL_OCI_SUPPORT: true FEATURE_HELM_OCI_SUPPORT: true FEATURE_MAILING: false FEATURE_PROXY_CACHE: true FEATURE_PROXY_STORAGE: true FEATURE_QUOTA_MANAGEMENT: true FEATURE_REPO_MIRROR: true FEATURE_SECURITY_NOTIFICATIONS: true FEATURE_SECURITY_SCANNER: true FEATURE_SUPERUSERS_FULL_ACCESS: true FEATURE_UI_V2: true FEATURE_USER_INITIALIZE: true GLOBAL_READONLY_SUPER_USERS: - admin PREFERRED_URL_SCHEME: https REGISTRY_TITLE: Red Hat Quay REGISTRY_TITLE_SHORT: Red Hat Quay REPO_MIRROR_INTERVAL: 30 REPO_MIRROR_TLS_VERIFY: true SECRET_KEY: 9TiivoLW1yQT7oLQDz8dKdk1HJ2bUrilFHDkhZd2qieovQPj9D89qixjvGHDOa22YUg-OBFQqh17-wwJ SECURITY_SCANNER_INDEXING_INTERVAL: 30 SECURITY_SCANNER_V4_ENDPOINT: http://quayregistry-clair-app.quay-enterprise-13351.svc.cluster.local SECURITY_SCANNER_V4_NAMESPACE_WHITELIST: - admin SECURITY_SCANNER_V4_PSK: Q2d5SW1iY1BBUXV2emlLeUZ6aVoyOWMzdml2YnhmN3o= SERVER_HOSTNAME: quayregistry-quay-quay-enterprise-13351.apps.quaytest-13351.qe.gcp.devcluster.openshift.com SETUP_COMPLETE: true SUPER_USERS: - quay TAG_EXPIRATION_OPTIONS: - 2w TEAM_RESYNC_STALE_TIME: 60m TESTING: false USER_EVENTS_REDIS: host: quayregistry-quay-redis port: 6379
- relates to
-
PROJQUAY-6980 Add support for a global read only superuser
- Closed