Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-6980

Add support for a global read only superuser

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done-Errata
    • Icon: Major Major
    • None
    • None
    • quay
    • quay-global-readonly-superuser
    • BU Product Work
    • False
    • None
    • False
    • Not Selected
    • To Do
    • PROJQUAY-6961 - Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP users
    • PROJQUAY-6961Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP users
    • 15% To Do, 3% In Progress, 83% Done

      Epic Goal

      • The role GLOBAL_READONLY_SUPER_USERS must allows members to read anything in Quay.

      Why is this important?

      • For security auditing purposes, users are requesting that there be a superuser that lacks write access but can read anything. They want to be able to use LDAP to select the users.

      Scenarios

      1. The GLOBAL_READONLY_SUPER_USERS role exists and users can be added to it via LDAP or list.
      2. The role allows unrestricted read access to anything in Quay.

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • ...

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      1. We had previously attempted to implement this, however, a few bugs and limitations have appeared. The focus of this Epic is largely on allowing unrestricted access to anything in Quay and allowing users to define members via LDAP.
      2. See linked bugs for functionality that needs to be addresses
      3. https://issues.redhat.com/browse/PROJQUAY-2604

      Open questions::

      1. ...

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

        1. image-2024-07-26-13-21-15-922.png
          40 kB
          Raul Fernandez
        2. image-2024-07-26-13-21-56-007.png
          47 kB
          Raul Fernandez

              bcaton@redhat.com Brandon Caton
              doconnor@redhat.com Dave O'Connor
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: