We are currently evaluating Katello/Foreman as a repository solution managing security updates for our customers. We were thinking to create one location per customer.
I was playing around with the “Locations” Feature and either i’m not using “locations” correctly or there are lots of bugs in the currrent release (foreman 3.11.1-1, katello 4.13.1-1)
We are trying to setup 2 Organizations which also have completely separate locations.
We currently have 3 Users. The default admin with Administrator role and one “Organization admin” for every Organization.
Issue 1) Can’t manage locations via “Organization Admin”
Logged in as “Organization Admin”
When creating a new location there is an error screen right after submitting the location:
Location not found Please try to update your request
When going back to the UI and even after reload, the new created Location is nowhere to be found
It is visible when logging in with the default admin User, but no Organization is selected, so it seems it is created but not with the correct rights ?
Issue 2) Organization Admins can view Locations not tied to their Organization
We created a new Location and tied it to Organization A, and selected “All Users” in the user tab
Logging in as “Organization Admin” for Organization B, the unrelated Location is visible in the dropdown. Seems “All Users” takes preference over the “Organization” filter, which is unfortunate.
Because Orgs are supposed to be used in a multi-tenant way where you can’t even share common repositories, i think this shoud not happen.
Issue 3) In Administrator View - Locations are not filtered by Organization
When logged in as default admin, when I select an Organization, i would expect the Location dropdown to only show locations that are “active” for that Organization. But it is always the full list.
We had some limited success by, creating a Location, tying it to one specific user and one Organization. Then it is at least shown correctly in the “Organization Admin” views…but only when creating the Location with these settings from the start. Imagine having more users who should have access, propably manged by LDAP, and lots of locations, this approach seems like a nightmare to manage, also Issue 4) gets in the way of doing this dynamically
Issue 4) Changes to the Location are not directly reflected
We created a new Location and tied it to Organization A, and selected “All Users” in the user tab.
Now as descibed in “Issue 2” bot Org Admins can unfortunately see the location.
Then we remove the “all users” mark and add only org admin A.
After that change Org Admin B can still see the location for some time even after page reload/logout/re-login
Maybe this is some kind of caching issue ??
What is your experience with Locations ? Are you using them ? Do they work for you ? Is there another concept I’m missed out on ?