Hide Forgot
Description of problem: Web wrongly displays private access policy as shared access Version-Release number of selected component (if applicable): openshift v3.4.0.24+52fd77b cockpit 118 Image id on test env: $ docker images | grep registry-console registry.ops..../openshift3/registry-console 3.3 f8a757a055c5 2 days 223.8 MB How reproducible: Always Steps to Reproduce: 1. On Overview page, click 'New project' 2. Input name xxia-private, in Access Policy, select 'Private: Allow only specific users or groups to pull images', click Create 3. On Overview page, check the lock icon for project xxia-private 4. Click nav menu 'Projects', select one shared project, click 'Project access policy', change Access Policy to 'Private ...', click Change. Then click 'Project access policy' again, check Access Policy Actual results: 3. The lock icon is unlocked, see attachment. 4. Check again after Change, Access Policy is still 'Shared: Allow any ...' Expected results: 3. The lock icon should be locked 4. Access Policy should be 'Private ...' Additional info: The CLI policy is correct, though. i.e. it does not has this line: registry-viewer /registry-viewer system:authenticated $ oc get rolebinding -n xxia-private NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS registry-admin /registry-admin xxia system:deployers /system:deployer deployer system:image-builders /system:image-builder builder system:image-pullers /system:image-puller system:serviceaccounts:xxia-private admin /admin xxia
Created attachment 1219295 [details] Lock_icon_unlocked_for_private_project
Oh, set up another env with image verified in https://bugzilla.redhat.com/show_bug.cgi?id=1373446#c8 brew-pulp-...redhat.com:8888/openshift3/registry-console 3.3 445ef31dcaaf 2 days ago 223.8 MB Above problem disappears
Where can I get a container with openshift v3.4.0.24+52fd77b
I wasn't able to reproduce, does this happen for you from a clean install? Or is there possibly changes effecting it? Is it intermittent, does refreshing the browser change anything? Is there a way I can get a full (json or yaml) dump of all your images and auth related oc objects so I can see what might be causing it?
The time when reporting the bug, it is ALWAYS reproduced. Strangely, today tested on an env, which sets up the standalone registry using the same repo registry.ops and image f8a757a055c5 as comment 0, the problem is NOT reproduced at all. Not familiar with the env installation. The envs are installed by installation team for scheduled test.
Because it works for me now, the issue is not happening, closing it. Thanks!
Reopening. In registry console of cockpit version 151, it occurs again with completely same result. More env version info is same as https://bugzilla.redhat.com/show_bug.cgi?id=1507460#c0 Checked in registry console of cockpit version 148, that still worked, though.
All user management is broken in 3.7. So I don't think this regression is related to the original issue.