Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-6371

Quay 3.10 superuser can't get all autoprune policy under user namespace when enable superuser full access

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • quay-v3.10.0
    • quay
    • False
    • None
    • False

      Description:

      This is an issue found in Quay 3.10, when enabled Superuser full access "FEATURE_SUPERUSERS_FULL_ACCESS: true",found with Quay Superusers Oauth2 token can't list all autoprune policy under user namespace. Now the current behavior is can only get the superuser's autoprune policy, pls review this issue.

      Quay: quay-operator-bundle-container-v3.10.0-142

      Use Normal User test001's Oauth2 Token:

      Get https://quay310-quay-quay310.apps.quaytest-1683-new.qe.azure.devcluster.openshift.com/api/v1/user/autoprunepolicy/

{    "policies": [        {            "uuid": "66c8689b-4d4d-465f-a433-884067d885f1",            "method": "creation_date",            "value": "7d"        }    ]}

      Use SuperUser Quay's Oauth2 Token:

      Get https://quay310-quay-quay310.apps.quaytest-1683-new.qe.azure.devcluster.openshift.com/api/v1/user/autoprunepolicy/

{    "policies": [        {            "uuid": "192aa845-31c1-4052-b221-67191f2c5347",            "method": "number_of_tags",            "value": 20        }    ]}

      Quay config.yaml:

      ALLOW_PULLS_WITHOUT_STRICT_LOGGING: false
AUTHENTICATION_TYPE: Database
BUILDLOGS_REDIS:
  host: quay310-quay-redis
  port: 6379
CREATE_NAMESPACE_ON_PUSH: true
CREATE_PRIVATE_REPO_ON_PUSH: true
DATABASE_SECRET_KEY: PQyE9qP6pxwI35qc8tbgh6y-ItFseIugPtfN0xn8WKF1cU78jY4j83cyZSZsuysU8ddIj34QvCDRpk1b
DB_CONNECTION_ARGS:
  autorollback: true
  threadlocals: true
DB_URI: postgresql://quay310-quay-database:xnYwO-8BsAyLR6yV274kvSEbQ4ftv5Fvr5duiJPAqSe03xNiEmCKxhGzgSj6OJFXtK3YaqyYM80BxFu1@quay310-quay-database:5432/quay310-quay-database
DEFAULT_TAG_EXPIRATION: 2w
DISTRIBUTED_STORAGE_CONFIG:
  local_us:
  - RHOCSStorage
  - access_key: ******
    bucket_name: quay-datastore-33b75b00-bbb0-4eac-bdd9-1c847c744ff3
    hostname: s3.openshift-storage.svc.cluster.local
    is_secure: true
    port: 443
    secret_key: ******
    storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
- local_us
DISTRIBUTED_STORAGE_PREFERENCE:
- local_us
ENTERPRISE_LOGO_URL: /static/img/RH_Logo_Quay_Black_UX-horizontal.svg
EXTERNAL_TLS_TERMINATION: true
FEATURE_AUTO_PRUNE: true
FEATURE_BUILD_SUPPORT: false
FEATURE_DIRECT_LOGIN: true
FEATURE_MAILING: false
FEATURE_PROXY_CACHE: true
FEATURE_PROXY_STORAGE: true
FEATURE_QUOTA_MANAGEMENT: true
FEATURE_REPO_MIRROR: true
FEATURE_SECURITY_NOTIFICATIONS: true
FEATURE_SECURITY_SCANNER: true
FEATURE_STORAGE_REPLICATION: false
FEATURE_SUPERUSERS_FULL_ACCESS: true
FEATURE_UI_V2: true
PERMANENTLY_DELETE_TAGS: true
PREFERRED_URL_SCHEME: https
REGISTRY_TITLE: Red Hat Quay
REGISTRY_TITLE_SHORT: Red Hat Quay
REPO_MIRROR_INTERVAL: 30
REPO_MIRROR_TLS_VERIFY: true
SECRET_KEY: jM0OR1WdP7qJ1Uk4t6X62gQTuFEtbZrLNdCa-dhNIZkyfgtylHsqUou5N3MgO2Yc0tcWW29svbLgUWgB
SECURITY_SCANNER_INDEXING_INTERVAL: 30
SECURITY_SCANNER_V4_ENDPOINT: http://quay310-clair-app.quay310.svc.cluster.local
SECURITY_SCANNER_V4_NAMESPACE_WHITELIST:
- admin
SECURITY_SCANNER_V4_PSK: SXhBS29CQjA4SDNzTExGMEtVY3RTbGNDc2tmeS1EMlI=
SERVER_HOSTNAME: quay310-quay-quay310.apps.quaytest-1683-new.qe.azure.devcluster.openshift.com
SETUP_COMPLETE: true
SUPER_USERS:
- quay
TAG_EXPIRATION_OPTIONS:
- 2w
TEAM_RESYNC_STALE_TIME: 60m
TESTING: false
USER_EVENTS_REDIS:
  host: quay310-quay-redis
  port: 6379

              Unassigned Unassigned
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: