Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-6980

Add support for a global read only superuser

    XMLWordPrintable

Details

    • Epic
    • Resolution: Unresolved
    • Major
    • None
    • None
    • quay
    • quay-global-readonly-superuser
    • False
    • None
    • False
    • Not Selected
    • To Do
    • PROJQUAY-6961 - Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP users
    • PROJQUAY-6961Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP users
    • 0
    • 0% 0%
    • 0

    Description

      Epic Goal

      • The role GLOBAL_READONLY_SUPER_USERS must allows members to read anything in Quay.

      Why is this important?

      • For security auditing purposes, users are requesting that there be a superuser that lacks write access but can read anything. They want to be able to use LDAP to select the users.

      Scenarios

      1. The GLOBAL_READONLY_SUPER_USERS role exists and users can be added to it via LDAP or list.
      2. The role allows unrestricted read access to anything in Quay.

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • ...

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      1. We had previously attempted to implement this, however, a few bugs and limitations have appeared. The focus of this Epic is largely on allowing unrestricted access to anything in Quay and allowing users to define members via LDAP.
      2. See linked bugs for functionality that needs to be addresses
      3. https://issues.redhat.com/browse/PROJQUAY-2604

      Open questions::

      1. ...

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. PROJQUAY-4729 Quay 3.8.0 global readonly superuser can't see organization under other user's namespace on new UI

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • New

          Bug - A problem that impairs or prevents the functions of the product. PROJQUAY-6631 Customer is reporting that the GLOBAL_READONLY_SUPER_USERS is not working as expected.

          • Critical - To be worked on immediately following BLOCKER issues.
          • To Do

          Bug - A problem that impairs or prevents the functions of the product. PROJQUAY-4730 Quay 3.8.0 global readonly superuser can't get the organization members of normal users organization

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Planning

          Bug - A problem that impairs or prevents the functions of the product. PROJQUAY-4731 Quay 3.8.0 global readonly superuser can't get the logs from superuser API

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Planning

          Bug - A problem that impairs or prevents the functions of the product. PROJQUAY-4706 Quay 3.8.0 GLOBAL_READONLY_SUPER_USERS doesn't work

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              bcaton@redhat.com Brandon Caton
              doconnor@redhat.com Dave O'Connor
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: