Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4732

Restricted user failed to create repo by image pushing to the existing organizations they are a member of

XMLWordPrintable

    • False
    • None
    • False
    • Quay Enterprise
    • Critical

      Description of problem:

      Restricted user failed to create repo by image pushing to the existing organizations they are a member of 

      Version-Release number of selected component (if applicable):

      'registry-proxy.engineering.redhat.com/rh-osbs/quay-quay-rhel8@sha256:12992549176d9f66188ec5ea035abaec7beb8576ed9a459e7b056795ad9c8034',
      'registry-proxy.engineering.redhat.com/rh-osbs/quay-quay-rhel8:v3.8.0-96'

      How reproducible:

      Always

      Steps to Reproduce:
      1. Enable FEATURE_RESTRICTED_USERS

      2. create a normal excluded in whitelist

      3. Add user in existing org, give it creator role that has permission to create repo in org

      4. Push image to non-existing repo under the org, like:

      $ skopeo copy --dest-creds=quay:password --dest-tls-verify=false docker://quay.io/projectquay/clair:4.4.4 docker://10.0.78.224:8443/newteam/clair

      Actual results:

      Pushing is failed

      Expected results:

      Push successfully

      Additional info:

      The restricted user can create repo in UI successfully

      config.yaml:

      AUTHENTICATION_TYPE: Database
      CREATE_NAMESPACE_ON_PUSH: true
      FEATURE_RESTRICTED_USERS: true
      RESTRICTED_USERS_WHITELIST:
        - user1

       

            sleesinc Kenny Lee Sin Cheong
            rhn-support-dyan Dongbo Yan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: