-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing access to /retentions for Robot Accounts #16862
Comments
please refer to #14145 (comment) |
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days. |
Hi @wy65701436 I just checked it again and I get UNAUTHORIZED error instead of FORBIDDEN whatever I set as permissions. Here is what I have tried:
Is this a bug or intended behavior that RobotAccount cannot edit retentions? |
please share the payload when you try to create a robot. |
I'm on harbor v2.7.1 and am having the same issues. I've tried to give * permissions to both system and projects for testing and still get a forbidden response. I've tried other endpoints and have had no issues but all /retentions endpoints except metadatas return forbidden. The robot account payload is below
Then I am trying to do a get to /api/v2.0/retentions/3 and the response is 403 forbidden. |
@wy65701436 would you be able to help provide any insight? |
Hi, I was trying to use a system RobotAccount that would be able to manage Retention Policies without luck, getting 403 errors.
To workaround this issue I used OIDC account and passed CSRF token, it is a tricky and very dirty workaround.
Question: Is there any undocumented permission that needs to be assigned to RobotAccount that I could be missing?
If there is no such permission, then I'm submitting there a feature request :)
Version: Harbor v2.4.0
Thanks :)
The text was updated successfully, but these errors were encountered: