-
Bug
-
Resolution: Done
-
Normal
-
quay-v3.9.7, quay-v3.10.5, quay-v3.11.1
-
False
-
None
-
False
-
PROJQUAY-6961 - Implement GLOBAL_READONLY_SUPER_USERS feature for LDAP users
-
-
Description:
Quay global readonly superuser can't get any resources from normal user's organization by API
Quay Version:
3.11
Reproduced steps:
1.set global readonly superuser for quay
GLOBAL_READONLY_SUPER_USERS: - quay
2.create organization by normal user
3.global readonly superuser get resource by api
$ curl -k -H "Content-Type: application/json" -H "Authorization: Bearer LAs0DSWhDkEl3bSxNtoRqvsizrLbqrqp" "https://<quay>/api/v1/organization/qeteam/robots" -v
Actual results:
failed with error
{"detail": "Unauthorized", "error_message": "Unauthorized", "error_type": "insufficient_scope", "title": "insufficient_scope", "type": "https://api/v1/error/insufficient_scope", "status": 403}
Additional infomation:
all api failed below:
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/aggregatelogs
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/logs
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/quota/{quota_id}/limit
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/quota/{quota_id}
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/quota
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/collaborators
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/applications/{client_id}
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/applications
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/proxycache
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/members/{membername}
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/members{}
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/autoprunepolicy/
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/autoprunepolicy/{policy_uuid}
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/prototypes
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/robots/{robot_shortname}/permissions
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/robots/{robot_shortname}
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/robots
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/team/{teamname}/permissions
- [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/team/{teamname}/members
- is cloned by
-
PROJQUAY-7544 [redhat-3.11] Quay global readonly superuser can't get any resources from organization API
- Closed
-
PROJQUAY-7545 [redhat-3.10] Quay global readonly superuser can't get any resources from organization API
- Closed
- links to
-
RHBA-2024:136817 Red Hat Quay v3.12.1 bug fix release
- mentioned on
(5 links to, 3 mentioned on)