Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4750

Quay superuser can't create new image repo under normal user's organization or normal user's namespace on new UI when enabled superuser full access

XMLWordPrintable

    • False
    • None
    • False
    • Critical

      Description:

      This is an issue of Quay 3.80 new feature "superuser full access", after enable flag "FEATURE_SUPERUSERS_FULL_ACCESS: true", found superuser can't create new image repo under normal user's organization, but superuser can delete existing image repo under normal user's organization. Pls review this issue.

      Deliverable: "superuser can control and manage all organizations and content"

      Quay Image: quay-operator-bundle-container-v3.8.0-116

      Superuser can't create new image repo under normal user's organization on new UI:

      Quay Config.yaml:

      ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
      AUTHENTICATION_TYPE: Database
      BROWSER_API_CALLS_XHR_ONLY: false
      BUILDLOGS_REDIS:
        host: quayregistry-quay-redis
        port: 6379
      CREATE_NAMESPACE_ON_PUSH: true
      CREATE_PRIVATE_REPO_ON_PUSH: true
      CREATE_REPOSITORY_ON_PUSH_PUBLIC: true
      DATABASE_SECRET_KEY: 9XdK4gv3bNo9VSXRYo6YPSG29y3Cu5wmJK2x1IiIf2FiZAuJUHTXIQV3SJYOum3E0-Xjzzufsmfuqweg
      DB_CONNECTION_ARGS:
        autorollback: true
        threadlocals: true
      DB_URI: postgresql://quayregistry-quay-database:BJRALKsccwIzIxHG4YVLlntQbNLp8RJtl3l-OSxmn6MdRSyXucc0F88ETJ-bJudK3ewXBnNWeLDlQMRq@quayregistry-quay-database:5432/quayregistry-quay-database
      DEFAULT_TAG_EXPIRATION: 2w
      DISTRIBUTED_STORAGE_CONFIG:
        local_us:
        - RHOCSStorage
        - access_key: HXPdxG9PU1z0IERsf6sO
          bucket_name: quay-datastore-5b129f9d-4a22-45a9-8745-645f7004a066
          hostname: s3.openshift-storage.svc.cluster.local
          is_secure: true
          port: 443
          secret_key: yTqjEq2Elt4OpoMJyKa96lypFsAZ8QFff+EyQ30y
          storage_path: /datastorage/registry
      DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
      - local_us
      DISTRIBUTED_STORAGE_PREFERENCE:
      - local_us
      ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
      EXTERNAL_TLS_TERMINATION: true
      FEATURE_BUILD_SUPPORT: false
      FEATURE_DIRECT_LOGIN: true
      FEATURE_EXTENDED_REPOSITORY_NAMES: true
      FEATURE_GENERAL_OCI_SUPPORT: true
      FEATURE_HELM_OCI_SUPPORT: true
      FEATURE_MAILING: false
      FEATURE_PROXY_CACHE: true
      FEATURE_PROXY_STORAGE: true
      FEATURE_QUOTA_MANAGEMENT: true
      FEATURE_REPO_MIRROR: true
      FEATURE_SECURITY_NOTIFICATIONS: true
      FEATURE_SECURITY_SCANNER: true
      FEATURE_STORAGE_REPLICATION: false
      FEATURE_SUPERUSERS_FULL_ACCESS: true
      FEATURE_UI_V2: true
      FEATURE_USER_INITIALIZE: true
      PREFERRED_URL_SCHEME: https
      REGISTRY_TITLE: Red Hat Quay
      REGISTRY_TITLE_SHORT: Red Hat Quay
      REPO_MIRROR_INTERVAL: 30
      REPO_MIRROR_TLS_VERIFY: true
      SECRET_KEY: M0Otkl3aEUZSeCD5Qw1CxPhXqItQJBqiRTAT-uegcfXZOa1OTzzuuznsdIkUz7b7PUG2bIIp3w2IqJ1O
      SECURITY_SCANNER_INDEXING_INTERVAL: 30
      SECURITY_SCANNER_V4_ENDPOINT: http://quayregistry-clair-app.quay-enterprise-13376.svc.cluster.local
      SECURITY_SCANNER_V4_NAMESPACE_WHITELIST:
      - admin
      SECURITY_SCANNER_V4_PSK: Uldyd1NlREtIRlFOUDRGTnpuamdvY1pDLThsbzNpU0g=
      SERVER_HOSTNAME: quayregistry-quay-quay-enterprise-13376.apps.quaytest-13376.qe.devcluster.openshift.com
      SETUP_COMPLETE: true
      SUPER_USERS:
      - quay
      - admin
      TAG_EXPIRATION_OPTIONS:
      - 2w
      TEAM_RESYNC_STALE_TIME: 60m
      TESTING: false
      USER_EVENTS_REDIS:
        host: quayregistry-quay-redis
        port: 6379 

              Unassigned Unassigned
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: