Chapter 1. Users and organizations in Red Hat Quay

Before you begin creating repositories to hold your container images in Red Hat Quay, you should consider how you want to organize those repositories. Every repository in a Red Hat Quay instance must be associated with either an Organization or a User.

1.1. Red Hat Quay tenancy model

Quay tenancy model

  • Organizations provide a way of sharing repositories under a common namespace which does not belong to a single user, but rather to many users in a shared setting (such as a company).
  • Teams provide a way for an organization to delegate permissions (both global and on specific repositories) to sets or groups of users.
  • Users can log in to a registry through the Red Hat Quay web UI or a client (such as podman login). Each user automatically gets a user namespace, for example, quay-server.example.com/user/<username>.
  • Super users have enhanced access and privileges via the Super User Admin Panel in the user interface and through Super User API calls that are not visible or accessible to normal users.
  • Robot accounts provide automated access to repositories for non-human users such as pipeline tools and are similar in nature to OpenShift service accounts. Permissions can be granted to a robot account in a repository by adding that account like any other user or team.

1.2. Creating user accounts

To create a new user for your Red Hat Quay instance:

  1. Log in to Red Hat Quay as the superuser (quay by default).
  2. Select your account name from the upper right corner of the home page and choose Super User Admin Panel.
  3. Select the Users icon from the left column.
  4. Select the Create User button.
  5. Enter the new user’s Username and Email address, then select the Create User button.

  6. Back on the Users page, select the Options icon to the right of the new Username. A drop-down menu appears, as shown in the following figure:

    Select Options drop-down to change user passwords

  7. Choose Change Password from the menu.
  8. Add the new password and verify it, then select the Change User Password button.

The new user can now use that username and password to log in via the web ui or through some container client.

1.3. Deleting a Red Hat Quay user from the command line

When accessing the Users tab in the Superuser Admin panel of the Red Hat Quay UI, you might encounter a situation where no users are listed. Instead, a message appears, indicating that Red Hat Quay is configured to use external authentication, and users can only be created in that system.

This error occurs for one of two reasons:

  • The web UI times out when loading users. When this happens, users are not accessible to perform any operations on.
  • On LDAP authentication. When a userID is changed but the associated email is not. Currently, Red Hat Quay does not allow the creation of a new user with an old email address.

Use the following procedure to delete a user from Red Hat Quay when facing this issue.

Procedure

  • Enter the following curl command to delete a user from the command line: 

    $ curl -X DELETE -H "Authorization: Bearer <insert token here>" https://<quay_hostname>/api/v1/superuser/users/<name_of_user>
    Note

    After deleting the user, any repositories that this user had in his private account become unavailable.

1.4. Creating organization accounts

Any user can create their own organization to share repositories of container images. To create a new organization:

  1. While logged in as any user, select the plus sign (+) from the upper right corner of the home page and choose New Organization.
  2. Type the name of the organization. The name must be alphanumeric, all lower case, and between 2 and 255 characters long

  3. Select Create Organization. The new organization appears, ready for you to begin adding repositories, teams, robot accounts and other features from icons on the left column. The following figure shows an example of the new organization’s page with the settings tab selected.

    Create new repos and teams from an Organization page