Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: quay-v3.15.2
Affects Version/s: quay-v3.13.7, quay-v3.14.4, quay-v3.15.6
Component/s: quay
Labels:
- triage
- triaged

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Affects:

User Experience
Estimated Difficulty:
Low
Intelligence Requested:
Market:

Target Version:

quay-v3.15.2

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

Reproducer:

quay-operator.v3.13.7
ProxyCache Organization
- public accessible repositories

Once a Repository in an ProxyCache Organization is set to public access, the code commited with Download blob not cached when pulling manifests with blobs available locally (PROJQUAY-6708) assumes that there is always a user by calling

queue_id = proxy_cache_blob_queue.put(
                [self._user.username, str(repo_id), str(layer.digest)],
                json.dumps(
                    {
                        "digest": str(layer.digest),
                        "repo_id": repo_id,
                        "username": self._user.username,
                        "namespace": self._user.username,
                    }
                ),
                available_after=5,
            )

where self._user.username get's decorated with get_authenticated_user in ./endpoints/decorators.py from the auth flask framework.

The code needs to ensure that if set to public access the _user = None object is not evaluated for the username attribute.

I also want to encourage that we get this in the QE process as well.