Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-7544

[redhat-3.11] Quay global readonly superuser can't get any resources from organization API

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • quay-v3.11.4
    • quay-v3.9.7, quay-v3.10.5, quay-v3.11.1
    • quay

      Description:

      Quay global readonly superuser can't get any resources from normal user's organization by API

      Quay Version:

      3.11

      Reproduced steps:

      1.set global readonly superuser for quay

       

      GLOBAL_READONLY_SUPER_USERS:
        - quay 

      2.create organization by normal user

       

      3.global readonly superuser get resource by api

       

      $ curl -k -H "Content-Type: application/json" -H "Authorization: Bearer LAs0DSWhDkEl3bSxNtoRqvsizrLbqrqp" "https://<quay>/api/v1/organization/qeteam/robots" -v 

      Actual results:

       

      failed with error

       

      {"detail": "Unauthorized", "error_message": "Unauthorized", "error_type": "insufficient_scope", "title": "insufficient_scope", "type": "https://api/v1/error/insufficient_scope", "status": 403}

      Additional infomation:

       

      all api failed below:

      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/aggregatelogs
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/logs
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/quota/{quota_id}/limit
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/quota/{quota_id}
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/quota
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/collaborators
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/applications/{client_id}
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/applications
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/proxycache
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/members/{membername}
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/members{}
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/autoprunepolicy/
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/autoprunepolicy/{policy_uuid}
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/prototypes
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/robots/{robot_shortname}/permissions
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/robots/{robot_shortname}
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/robots
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/team/{teamname}/permissions
      • [{*}{*}Tested & Failed{*} *] /api/v1/organization/{orgname}/team/{teamname}/members

              bcaton@redhat.com Brandon Caton
              rhn-support-dyan Dongbo Yan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: