[NEXUS-27439] Global anonymous configuration takes precedence over repository configuration - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: New
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.30.1
Fix Version/s: None
Component/s: Docker, Security
Labels:
- security
- triaged
Environment:
Rhel 7

Description

I have anonymous access granted globally using default anonymous role permissions

(repository view * all browse & read access)

I have a hosted docker registry with the anonymous access disabled.

Users are able to pull images from the registry while being unauthenticated.

As a work around i created a new anonymous role, I granted read&browse access to the new role to every repository except the hosted docker registry.

I confirmed that unauthenticated users are no longer able to pull images from that registry.

for whatever reason, it appears that the global anonymous setting is taking precedence over repository configuration which is not intended based on the document

https://help.sonatype.com/repomanager3/formats/docker-registry/docker-authentication#DockerAuthentication-UnauthenticatedAccesstoDockerRepositories

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: mitch talbot

Last Updated By:: Joe Tom

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/22/21 07:43 PM

Updated:: 04/30/21 09:28 PM

Date of First Response:: 23/Apr/21 6:58 PM