Open fletch3555 opened 3 days ago
I just found this issue #20382, which appears to be the same issue, just via API rather than the web UI. Appears there are others with similar complaints.
For what it's worth, the retag permission is granted to all users in the Guest role or higher (including Developer) according to the docs, so I would expect it to work via the UI (and API) as well. Developer role does not have access to delete tags, so doing it as a 2-step process is not possible. I don't think granting everyone Maintainer or Admin access is a valid path forward, nor is it clear in the docs that this would even resolve this use-case.
If desired, we could add a warning prompt about the tag already existing. At the very least, the docs should be updated to clarify this access is only granted via Docker CLI. Though again, I believe this should be allowed within the Harbor API/UI.
If you are reporting a problem, please make sure the following information are provided:
Expected behavior and actual behavior: We have users with the Developer role.
Working within the Harbor UI, they are able to manually assign new tags to images, however, they are unable to assign existing tags to images.
To clarify, if a separate image hash is already tagged "abcd", they will be unable to "Add Tag" with the name "abcd".
Doing this through the docker CLI works correctly (and assuming your docker CLI is authenticated to Harbor with a user assigned the "Developer" role)
Steps to reproduce the problem:
sha256:4c3d11be
in above screenshot)Versions: Please specify the versions of following systems.
Additional context:
(I don't believe these are relevant to my report, but I can provide them if requested)