-
Bug
-
Resolution: Done
-
Major
-
quay-v3.12.0
Description of problem:
After setting a user as global read-only super user, this user can't get correct information by calling API listRepos.
Version-Release number of selected component (if applicable):
quay-operator-bundle-container-v3.12.0-16
------------------------------
registry.redhat.io/quay/quay-rhel8@sha256:159d866d862b94cb954c1765393f963cd648b79892e8cc7a19a4df42f767c0cd
------------------------------
registry.redhat.io/quay/quay-rhel8@sha256:d0735d2e3bf076ac5d4b0c68bf791c29a214b94ffbcc98f57aa6bb564649f204
------------------------------
How reproducible:
1. enable GLOBAL_READONLY_SUPER_USERS in quay config.yaml
SUPER_USERS: - whuquay GLOBAL_READONLY_SUPER_USERS: - whuro BROWSER_API_CALLS_XHR_ONLY: false FEATURE_UI_V2: true ........
2. Create a normal user "user1" , a super user "whuquay" and a global read-only super user "whuro"
3. log in quay by normal user "user1" and create a repository "user1_org/user1_repo"
4 Call API listRepos by global read-only super user
Actual results:
Global read-only super user can't get repository created by normal user by calling API "GET /api/v1/repository".
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*==*=*= -> super user token : Mw3x76zioddyVpeDcGRaSwLOWFLXNeV8wGJjFYte -> readonly user token : oKTKhu9XJXqDz8iKDZ1bmbOcRI3dUNBAbFyvpiQG -> normal user token : TjIqXlZ5HMvT4ppbAq2XDL6NDJ3DPoMjpXeNIVjr -> -> list repositories by read-only user =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*==*=*= ------------------------------ $ curl -k -X GET -H "Content-Type: application/json" -H "Authorization: Bearer oKTKhu9XJXqDz8iKDZ1bmbOcRI3dUNBAbFyvpiQG" -G -d "starred=false" -d "public=false" -d "namespace=user1_org" https://quayregistry-quay-quay-enterprise.apps.whu414az48.qe.azure.devcluster.openshift.com/api/v1/repository % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 21 100 21 0 0 14 0 0:00:01 0:00:01 --:--:-- 14 { "repositories": [] }
Expected results
Global read-only super user should get repositories created by all user by calling API "GET /api/v1/repository".
Additional information:
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*==*=*= -> super user token : Mw3x76zioddyVpeDcGRaSwLOWFLXNeV8wGJjFYte -> readonly user token : oKTKhu9XJXqDz8iKDZ1bmbOcRI3dUNBAbFyvpiQG -> normal user token : TjIqXlZ5HMvT4ppbAq2XDL6NDJ3DPoMjpXeNIVjr -> -> list repositories by normal user =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*==*=*= ------------------------------ $ curl -k -X GET -H "Content-Type: application/json" -H "Authorization: Bearer TjIqXlZ5HMvT4ppbAq2XDL6NDJ3DPoMjpXeNIVjr" -G -d "starred=false" -d "public=false" -d "namespace=user1_org" https://quayregistry-quay-quay-enterprise.apps.whu414az48.qe.azure.devcluster.openshift.com/api/v1/repository % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 271 100 271 0 0 216 0 0:00:01 0:00:01 --:--:-- 216 { "repositories": [ { "namespace": "user1_org", "name": "user1_repo", "description": "this is new image repo user1_repo", "is_public": false, "kind": "image", "state": "NORMAL", "is_starred": false, "quota_report": { "quota_bytes": 5594576, "configured_quota": 100000000 } } ] }
- is cloned by
-
PROJQUAY-7549 [redhat-3.10] Global read-only super user can't get correct information by calling API listRepos
- Testing
-
PROJQUAY-7548 [redhat-3.11] Global read-only super user can't get correct information by calling API listRepos
- Closed
- links to
-
RHBA-2024:136817 Red Hat Quay v3.12.1 bug fix release
- mentioned on