Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4731

Quay 3.8.0 global readonly superuser can't get any components from superuser API

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • quay-v3.8.0
    • quay
    • False
    • None
    • False
    • Critical
    • 0

      Description:

      This is an issue of Quay 3.8.0 new feature "Global readonly superuser", and add normal user "admin" to the list of GLOBAL_READONLY_SUPER_USERS, found this user doesn't have permission to access the logs from superuser API. Pls review this issue.

      Quay Image: quay-operator-bundle-container-v3.8.0-115

      https://quayregistry-quay-quay-enterprise-13351.apps.quaytest-13351.qe.gcp.devcluster.openshift.com/api/v1/superuser/logs 

      GLOBAL_READONLY_SUPER_USERS:
- admin
SUPER_USERS:
- quay
      Global readonly superuser can't the access logs of superuser API:

      ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
AUTHENTICATION_TYPE: Database
BROWSER_API_CALLS_XHR_ONLY: false
BUILDLOGS_REDIS:
  host: quayregistry-quay-redis
  port: 6379
CREATE_NAMESPACE_ON_PUSH: true
CREATE_PRIVATE_REPO_ON_PUSH: true
CREATE_REPOSITORY_ON_PUSH_PUBLIC: true
DATABASE_SECRET_KEY: 23La0kEAAkdlFPvnXRvcCHJ9FGr7sIvaocIT3gdfmFPHWj-CBp1BzEkBFI8ClxUtHiO58k2Jxs-58H90
DB_CONNECTION_ARGS:
  autorollback: true
  threadlocals: true
DB_URI: postgresql://quayregistry-quay-database:JAnEuDq1LTXy6ooZNU9jKcxW81il3m6ChfcgHkBpEZUQUl-tSyNI2-7aVEkKrvz-FTTCvXUzrE-epmvV@quayregistry-quay-database:5432/quayregistry-quay-database
DEFAULT_TAG_EXPIRATION: 2w
DISTRIBUTED_STORAGE_CONFIG:
  default:
  - GoogleCloudStorage
  - access_key: ******
    bucket_name: quaygcp13351
    secret_key: ******
    storage_path: /quay3401230a
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
- default
DISTRIBUTED_STORAGE_PREFERENCE:
- default
ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
EXTERNAL_TLS_TERMINATION: true
FEATURE_BUILD_SUPPORT: false
FEATURE_DIRECT_LOGIN: true
FEATURE_EXTENDED_REPOSITORY_NAMES: true
FEATURE_GENERAL_OCI_SUPPORT: true
FEATURE_HELM_OCI_SUPPORT: true
FEATURE_MAILING: false
FEATURE_PROXY_CACHE: true
FEATURE_PROXY_STORAGE: true
FEATURE_QUOTA_MANAGEMENT: true
FEATURE_REPO_MIRROR: true
FEATURE_SECURITY_NOTIFICATIONS: true
FEATURE_SECURITY_SCANNER: true
FEATURE_SUPERUSERS_FULL_ACCESS: true
FEATURE_UI_V2: true
FEATURE_USER_INITIALIZE: true
GLOBAL_READONLY_SUPER_USERS:
- admin
PREFERRED_URL_SCHEME: https
REGISTRY_TITLE: Red Hat Quay
REGISTRY_TITLE_SHORT: Red Hat Quay
REPO_MIRROR_INTERVAL: 30
REPO_MIRROR_TLS_VERIFY: true
SECRET_KEY: 9TiivoLW1yQT7oLQDz8dKdk1HJ2bUrilFHDkhZd2qieovQPj9D89qixjvGHDOa22YUg-OBFQqh17-wwJ
SECURITY_SCANNER_INDEXING_INTERVAL: 30
SECURITY_SCANNER_V4_ENDPOINT: http://quayregistry-clair-app.quay-enterprise-13351.svc.cluster.local
SECURITY_SCANNER_V4_NAMESPACE_WHITELIST:
- admin
SECURITY_SCANNER_V4_PSK: Q2d5SW1iY1BBUXV2emlLeUZ6aVoyOWMzdml2YnhmN3o=
SERVER_HOSTNAME: quayregistry-quay-quay-enterprise-13351.apps.quaytest-13351.qe.gcp.devcluster.openshift.com
SETUP_COMPLETE: true
SUPER_USERS:
- quay
TAG_EXPIRATION_OPTIONS:
- 2w
TEAM_RESYNC_STALE_TIME: 60m
TESTING: false
USER_EVENTS_REDIS:
  host: quayregistry-quay-redis
  port: 6379

        1. image-2022-11-10-15-44-59-728.png
          image-2022-11-10-15-44-59-728.png
          221 kB

            Unassigned Unassigned
            lzha1981 luffy zhang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: