-
Epic
-
Resolution: Done-Errata
-
Major
-
None
-
None
-
quay-global-readonly-superuser
-
BU Product Work
-
False
-
None
-
False
-
Not Selected
-
To Do
-
PROJQUAY-6961 - Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP users
-
PROJQUAY-6961Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP users
-
15% To Do, 3% In Progress, 83% Done
Epic Goal
- The role GLOBAL_READONLY_SUPER_USERS must allows members to read anything in Quay.
Why is this important?
- For security auditing purposes, users are requesting that there be a superuser that lacks write access but can read anything. They want to be able to use LDAP to select the users.
Scenarios
- The GLOBAL_READONLY_SUPER_USERS role exists and users can be added to it via LDAP or list.
- The role allows unrestricted read access to anything in Quay.
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- ...
Dependencies (internal and external)
- ...
Previous Work (Optional):
- We had previously attempted to implement this, however, a few bugs and limitations have appeared. The focus of this Epic is largely on allowing unrestricted access to anything in Quay and allowing users to define members via LDAP.
- See linked bugs for functionality that needs to be addresses
- https://issues.redhat.com/browse/PROJQUAY-2604
Open questions::
- ...
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- is related to
-
PROJQUAY-4729 Quay global readonly superuser can't see organization under other user's namespace on new UI
- New
-
PROJQUAY-7568 Allow global readonly superuser to view organizations in new UI
- New
-
PROJQUAY-6631 Customer is reporting that the GLOBAL_READONLY_SUPER_USERS is not working as expected.
- To Do
-
PROJQUAY-4731 Quay global readonly superuser can't get any components from superuser API
- Planning
-
PROJQUAY-4706 Quay 3.8.0 GLOBAL_READONLY_SUPER_USERS doesn't work
- Closed
-
PROJQUAY-4730 Quay global readonly superuser can't get the organization members of normal users organization
- Closed
- links to
-
RHBA-2024:4525 Red Hat Quay v3.12.0 bug fix release