Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4731

Quay global readonly superuser can't get any components from superuser API

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • quay-v3.8.0, quay-v3.11.1
    • quay
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      This issue is being reprioritized as Major since it has not been addressed within a few days or weeks of creation. We are using the OpenShift Bug Process critieria, https://source.redhat.com/groups/public/openshift/openshift_wiki/openshift_bugzilla_process#bug-priority:

      • BLOCKER: These are interrupt worthy bugs. Usually these would be CRITICAL or IMPORTANT severity bugs. Teams should immediately stop other items and address BLOCKER priority bugs. It should be worked until it is either resolved or the priority reduced. Leads and managers SHOULD always know the up-to-date status of these bugs.
      • CRITICAL: These are not necessarily immediately interrupt worthy, but likely cannot wait more than a few days for attention. Usually these would be CRITICAL or IMPORTANT severity bugs.
      • MAJOR: These should generally be scheduled for the current or next sprint and take precedence over feature work. These should not necessarily immediately interrupt ongoing work. Owners should be reporting daily on these in their standups.
      • NORMAL: These bugs should be evaluated, prioritized, and scheduled alongside all other work (ie. features) each sprint.
      • MINOR: These bugs should be periodically re-evaluated and may be scheduled along with other work. Bugs with a sustained low priority should be given strong consideration for closure.
      Show
      This issue is being reprioritized as Major since it has not been addressed within a few days or weeks of creation. We are using the OpenShift Bug Process critieria, https://source.redhat.com/groups/public/openshift/openshift_wiki/openshift_bugzilla_process#bug-priority: BLOCKER: These are interrupt worthy bugs. Usually these would be CRITICAL or IMPORTANT severity bugs. Teams should immediately stop other items and address BLOCKER priority bugs. It should be worked until it is either resolved or the priority reduced. Leads and managers SHOULD always know the up-to-date status of these bugs. CRITICAL: These are not necessarily immediately interrupt worthy, but likely cannot wait more than a few days for attention. Usually these would be CRITICAL or IMPORTANT severity bugs. MAJOR: These should generally be scheduled for the current or next sprint and take precedence over feature work. These should not necessarily immediately interrupt ongoing work. Owners should be reporting daily on these in their standups. NORMAL: These bugs should be evaluated, prioritized, and scheduled alongside all other work (ie. features) each sprint. MINOR: These bugs should be periodically re-evaluated and may be scheduled along with other work. Bugs with a sustained low priority should be given strong consideration for closure.
    • Critical

      Description:

      This is an issue of Quay 3.8.0 new feature "Global readonly superuser", and add normal user "admin" to the list of GLOBAL_READONLY_SUPER_USERS, found this user doesn't have permission to access the logs from superuser API. Pls review this issue.

      Quay Image: quay-operator-bundle-container-v3.8.0-115

      https://quayregistry-quay-quay-enterprise-13351.apps.quaytest-13351.qe.gcp.devcluster.openshift.com/api/v1/superuser/logs 

      GLOBAL_READONLY_SUPER_USERS:
- admin
SUPER_USERS:
- quay
      Global readonly superuser can't the access logs of superuser API:

      ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
AUTHENTICATION_TYPE: Database
BROWSER_API_CALLS_XHR_ONLY: false
BUILDLOGS_REDIS:
  host: quayregistry-quay-redis
  port: 6379
CREATE_NAMESPACE_ON_PUSH: true
CREATE_PRIVATE_REPO_ON_PUSH: true
CREATE_REPOSITORY_ON_PUSH_PUBLIC: true
DATABASE_SECRET_KEY: 23La0kEAAkdlFPvnXRvcCHJ9FGr7sIvaocIT3gdfmFPHWj-CBp1BzEkBFI8ClxUtHiO58k2Jxs-58H90
DB_CONNECTION_ARGS:
  autorollback: true
  threadlocals: true
DB_URI: postgresql://quayregistry-quay-database:JAnEuDq1LTXy6ooZNU9jKcxW81il3m6ChfcgHkBpEZUQUl-tSyNI2-7aVEkKrvz-FTTCvXUzrE-epmvV@quayregistry-quay-database:5432/quayregistry-quay-database
DEFAULT_TAG_EXPIRATION: 2w
DISTRIBUTED_STORAGE_CONFIG:
  default:
  - GoogleCloudStorage
  - access_key: ******
    bucket_name: quaygcp13351
    secret_key: ******
    storage_path: /quay3401230a
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
- default
DISTRIBUTED_STORAGE_PREFERENCE:
- default
ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
EXTERNAL_TLS_TERMINATION: true
FEATURE_BUILD_SUPPORT: false
FEATURE_DIRECT_LOGIN: true
FEATURE_EXTENDED_REPOSITORY_NAMES: true
FEATURE_GENERAL_OCI_SUPPORT: true
FEATURE_HELM_OCI_SUPPORT: true
FEATURE_MAILING: false
FEATURE_PROXY_CACHE: true
FEATURE_PROXY_STORAGE: true
FEATURE_QUOTA_MANAGEMENT: true
FEATURE_REPO_MIRROR: true
FEATURE_SECURITY_NOTIFICATIONS: true
FEATURE_SECURITY_SCANNER: true
FEATURE_SUPERUSERS_FULL_ACCESS: true
FEATURE_UI_V2: true
FEATURE_USER_INITIALIZE: true
GLOBAL_READONLY_SUPER_USERS:
- admin
PREFERRED_URL_SCHEME: https
REGISTRY_TITLE: Red Hat Quay
REGISTRY_TITLE_SHORT: Red Hat Quay
REPO_MIRROR_INTERVAL: 30
REPO_MIRROR_TLS_VERIFY: true
SECRET_KEY: 9TiivoLW1yQT7oLQDz8dKdk1HJ2bUrilFHDkhZd2qieovQPj9D89qixjvGHDOa22YUg-OBFQqh17-wwJ
SECURITY_SCANNER_INDEXING_INTERVAL: 30
SECURITY_SCANNER_V4_ENDPOINT: http://quayregistry-clair-app.quay-enterprise-13351.svc.cluster.local
SECURITY_SCANNER_V4_NAMESPACE_WHITELIST:
- admin
SECURITY_SCANNER_V4_PSK: Q2d5SW1iY1BBUXV2emlLeUZ6aVoyOWMzdml2YnhmN3o=
SERVER_HOSTNAME: quayregistry-quay-quay-enterprise-13351.apps.quaytest-13351.qe.gcp.devcluster.openshift.com
SETUP_COMPLETE: true
SUPER_USERS:
- quay
TAG_EXPIRATION_OPTIONS:
- 2w
TEAM_RESYNC_STALE_TIME: 60m
TESTING: false
USER_EVENTS_REDIS:
  host: quayregistry-quay-redis
  port: 6379

        1. image-2022-11-10-15-44-59-728.png
          image-2022-11-10-15-44-59-728.png
          221 kB

              Unassigned Unassigned
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: