Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4750

Quay superuser can't create new image repo under normal user's organization or normal user's namespace on new UI when enabled superuser full access

XMLWordPrintable

    • False
    • None
    • False
    • Critical

      Description:

      This is an issue of Quay 3.80 new feature "superuser full access", after enable flag "FEATURE_SUPERUSERS_FULL_ACCESS: true", found superuser can't create new image repo under normal user's organization, but superuser can delete existing image repo under normal user's organization. Pls review this issue.

      Deliverable: "superuser can control and manage all organizations and content"

      Quay Image: quay-operator-bundle-container-v3.8.0-116

      Superuser can't create new image repo under normal user's organization on new UI:

      Quay Config.yaml:

      ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
AUTHENTICATION_TYPE: Database
BROWSER_API_CALLS_XHR_ONLY: false
BUILDLOGS_REDIS:
  host: quayregistry-quay-redis
  port: 6379
CREATE_NAMESPACE_ON_PUSH: true
CREATE_PRIVATE_REPO_ON_PUSH: true
CREATE_REPOSITORY_ON_PUSH_PUBLIC: true
DATABASE_SECRET_KEY: 9XdK4gv3bNo9VSXRYo6YPSG29y3Cu5wmJK2x1IiIf2FiZAuJUHTXIQV3SJYOum3E0-Xjzzufsmfuqweg
DB_CONNECTION_ARGS:
  autorollback: true
  threadlocals: true
DB_URI: postgresql://quayregistry-quay-database:BJRALKsccwIzIxHG4YVLlntQbNLp8RJtl3l-OSxmn6MdRSyXucc0F88ETJ-bJudK3ewXBnNWeLDlQMRq@quayregistry-quay-database:5432/quayregistry-quay-database
DEFAULT_TAG_EXPIRATION: 2w
DISTRIBUTED_STORAGE_CONFIG:
  local_us:
  - RHOCSStorage
  - access_key: HXPdxG9PU1z0IERsf6sO
    bucket_name: quay-datastore-5b129f9d-4a22-45a9-8745-645f7004a066
    hostname: s3.openshift-storage.svc.cluster.local
    is_secure: true
    port: 443
    secret_key: yTqjEq2Elt4OpoMJyKa96lypFsAZ8QFff+EyQ30y
    storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
- local_us
DISTRIBUTED_STORAGE_PREFERENCE:
- local_us
ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
EXTERNAL_TLS_TERMINATION: true
FEATURE_BUILD_SUPPORT: false
FEATURE_DIRECT_LOGIN: true
FEATURE_EXTENDED_REPOSITORY_NAMES: true
FEATURE_GENERAL_OCI_SUPPORT: true
FEATURE_HELM_OCI_SUPPORT: true
FEATURE_MAILING: false
FEATURE_PROXY_CACHE: true
FEATURE_PROXY_STORAGE: true
FEATURE_QUOTA_MANAGEMENT: true
FEATURE_REPO_MIRROR: true
FEATURE_SECURITY_NOTIFICATIONS: true
FEATURE_SECURITY_SCANNER: true
FEATURE_STORAGE_REPLICATION: false
FEATURE_SUPERUSERS_FULL_ACCESS: true
FEATURE_UI_V2: true
FEATURE_USER_INITIALIZE: true
PREFERRED_URL_SCHEME: https
REGISTRY_TITLE: Red Hat Quay
REGISTRY_TITLE_SHORT: Red Hat Quay
REPO_MIRROR_INTERVAL: 30
REPO_MIRROR_TLS_VERIFY: true
SECRET_KEY: M0Otkl3aEUZSeCD5Qw1CxPhXqItQJBqiRTAT-uegcfXZOa1OTzzuuznsdIkUz7b7PUG2bIIp3w2IqJ1O
SECURITY_SCANNER_INDEXING_INTERVAL: 30
SECURITY_SCANNER_V4_ENDPOINT: http://quayregistry-clair-app.quay-enterprise-13376.svc.cluster.local
SECURITY_SCANNER_V4_NAMESPACE_WHITELIST:
- admin
SECURITY_SCANNER_V4_PSK: Uldyd1NlREtIRlFOUDRGTnpuamdvY1pDLThsbzNpU0g=
SERVER_HOSTNAME: quayregistry-quay-quay-enterprise-13376.apps.quaytest-13376.qe.devcluster.openshift.com
SETUP_COMPLETE: true
SUPER_USERS:
- quay
- admin
TAG_EXPIRATION_OPTIONS:
- 2w
TEAM_RESYNC_STALE_TIME: 60m
TESTING: false
USER_EVENTS_REDIS:
  host: quayregistry-quay-redis
  port: 6379

        1. image-2022-11-16-15-55-55-798.png
          image-2022-11-16-15-55-55-798.png
          361 kB
        2. image-2022-11-16-16-05-31-793.png
          image-2022-11-16-16-05-31-793.png
          222 kB

              Unassigned Unassigned
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: