Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-6961

Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP users

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • None
    • BU Product Work
    • False
    • None
    • False
    • Not Selected
    • 0% To Do, 0% In Progress, 100% Done

      From our testing in quay 3.8 the feature GLOBAL_READONLY_SUPER_USERS is not available to LDAP users.

       

      Our client would like this feature implemented so that they can have an auditor account that is able to see and pull all images in the registry so that they can be scanned with an external vulnerability scanner(prisma). This was one of the features they were hoping to take advantage of in Quay 3.8

      1. Proposed title of this feature request

      >> Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP user authentication

      2. What is the nature and description of the request?

      >> In quay 3.8 the feature GLOBAL_READONLY_SUPER_USERS is not available to LDAP users, only database authentication. We would like to be able to use the GLOBAL_READONLY_SUPER_USERS with LDAP users.

      3. Why does the customer need this? (List the business requirements here)

      >>So that we can have an auditor account that is able to see and pull all images in the registry so that they can be scanned with an external vulnerability scanner(prisma). Currently we have a work around of adding a Prizma service account to be a member of every org/repo but it is not ideal for us.

      4. List any affected packages or components.

      >> Quay

      5. Do have any specific timeline dependencies and which release would they like to target?

      >> Medium priority, we have a workaround for now but this feature would make scanning images with prizma easier to manage going forward. We do not have a specific timeline on when we ould like to see the release but preferably still in 3.8

      6. Are you able to assist in testing this functionality if implemented?

      >> Yes we would be happy to test this when ready

              Unassigned Unassigned
              rhn-gps-jperezes Jose Perez (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: