Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-6842

Quay 3.11 team can't sync the change when OIDC user is removed from OIDC

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • quay-v3.11.0
    • quay
    • False
    • None
    • False
    • 0
    • Proposed

      Description:

      This is an issue found in Quay 3.11 new feature "Allow team synchronization via OIDC on Azure", after Quay team synced users from OIDC group successfully, then removed the user from OIDC, found the user was not removed from Quay Team, and can still use the robot account token and app token to push/pull images from quay, the expected behavior should be once the user is removed from OIDC, Quay should remove that user and all related tokens, pls review this issue.

      Quay:  quay-operator-bundle-container-v3.11.0-23

      Customer Scenario:

      A user logs in to Quay UI via OIDC generates a docker CLI or robot token and an API token and uses that on their machine to pull/push images and script the API, later the user leaves the company and is deleted from OIDC.

      Quay team can't sync the change when OIDC user "quaytest002" is removed from OIDC group:

            Unassigned Unassigned
            lzha1981 luffy zhang
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: