Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-7446

Global read-only super user can't get correct information by calling API listRepos

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • quay-v3.12.1
    • quay-v3.12.0
    • quay
    • False
    • None
    • False

      Description of problem:

      After setting a user as global read-only super user,  this user can't get correct information by calling API listRepos.

      Version-Release number of selected component (if applicable):

      quay-operator-bundle-container-v3.12.0-16
      ------------------------------
      registry.redhat.io/quay/quay-rhel8@sha256:159d866d862b94cb954c1765393f963cd648b79892e8cc7a19a4df42f767c0cd
      ------------------------------
      registry.redhat.io/quay/quay-rhel8@sha256:d0735d2e3bf076ac5d4b0c68bf791c29a214b94ffbcc98f57aa6bb564649f204
      ------------------------------

      How reproducible:

      1. enable GLOBAL_READONLY_SUPER_USERS in quay config.yaml

      SUPER_USERS:
        - whuquay
      GLOBAL_READONLY_SUPER_USERS:
        - whuro 
      BROWSER_API_CALLS_XHR_ONLY: false
      FEATURE_UI_V2: true
      ........

      2. Create a normal user "user1" , a super user "whuquay" and a global read-only super user "whuro"

      3. log in quay by normal user "user1" and create a repository "user1_org/user1_repo"

      4  Call API listRepos by global read-only super user

      Actual results:

      Global read-only super user can't get repository created by normal user by calling API "GET /api/v1/repository".

      =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*==*=*=
      -> super user token    : Mw3x76zioddyVpeDcGRaSwLOWFLXNeV8wGJjFYte
      -> readonly user token : oKTKhu9XJXqDz8iKDZ1bmbOcRI3dUNBAbFyvpiQG
      -> normal user token   : TjIqXlZ5HMvT4ppbAq2XDL6NDJ3DPoMjpXeNIVjr
      ->
      -> list repositories by read-only user
      =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*==*=*=
      ------------------------------
      $ curl -k -X GET -H "Content-Type: application/json" -H "Authorization: Bearer oKTKhu9XJXqDz8iKDZ1bmbOcRI3dUNBAbFyvpiQG"  -G -d "starred=false" -d "public=false" -d "namespace=user1_org" https://quayregistry-quay-quay-enterprise.apps.whu414az48.qe.azure.devcluster.openshift.com/api/v1/repository
        % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                       Dload  Upload   Total   Spent    Left  Speed
      100    21  100    21    0     0     14      0  0:00:01  0:00:01 --:--:--    14
      {
        "repositories": []
      }
      
      

      Expected results

      Global read-only super user should get repositories created by all user by calling API "GET /api/v1/repository".

      Additional information:

      =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*==*=*=
      -> super user token    : Mw3x76zioddyVpeDcGRaSwLOWFLXNeV8wGJjFYte
      -> readonly user token : oKTKhu9XJXqDz8iKDZ1bmbOcRI3dUNBAbFyvpiQG
      -> normal user token   : TjIqXlZ5HMvT4ppbAq2XDL6NDJ3DPoMjpXeNIVjr
      ->
      -> list repositories by normal user
      =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*==*=*=
      ------------------------------
      $ curl -k -X GET -H "Content-Type: application/json" -H "Authorization: Bearer TjIqXlZ5HMvT4ppbAq2XDL6NDJ3DPoMjpXeNIVjr"  -G -d "starred=false" -d "public=false" -d "namespace=user1_org" https://quayregistry-quay-quay-enterprise.apps.whu414az48.qe.azure.devcluster.openshift.com/api/v1/repository
        % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                       Dload  Upload   Total   Spent    Left  Speed
      100   271  100   271    0     0    216      0  0:00:01  0:00:01 --:--:--   216
      {
        "repositories": [
          {
            "namespace": "user1_org",
            "name": "user1_repo",
            "description": "this is new image repo user1_repo",
            "is_public": false,
            "kind": "image",
            "state": "NORMAL",
            "is_starred": false,
            "quota_report": {
              "quota_bytes": 5594576,
              "configured_quota": 100000000
            }
          }
        ]
      }   

              bcaton@redhat.com Brandon Caton
              rhwhu Weihua Hu
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: