User Avatar support in the Foreman, keep it or drop it?

Marek_Hulan · February 13, 2023, 2:57pm

Hello,

we used to have gravatar support once but it was dropped in 2018 as it didn’t meet FIPS requirements. We still have limited support for getting user avatars to Foreman. In a nutshell, user must use LDAP as external auth source. Foreman can then fetch jpegPhoto binary data, stores it on FS and can serve such images. Well, that worked until recently, we’re now missing ProxyPass definition in our apache config (one-liner to fix). If we fix it and user sets that up, as a reward, they can see user avatar in the Administer → Users list page. We don’t display it anywhere else. I’d personally say that

this is not overly useful and we would have to add the picture to more places like: top right menu, audits list, host detail page (owner)
it would be only useful if people could upload the picture directly without necessity to use LDAP for it
if we have this for users, we should also add it for user groups since they can also be host owner
if we allow to do this through WebUI, we should also make this possible through API, CLI and possibly foreman ansible modules

That’s quite some work and I’m afraid we don’t have resources for the improvements listed above. If there’s someone willing to work on this, please respond. If we keep this as is, it’s additional code to maintain and source of problems for some environments (the avatar filename is based on SHA1 hash).

Therefore I propose to drop this functionality. Let’s have a poll on this, we’ll close it in a month from now.

Feel free to drop the avatar functionality
Please keep it as it is, it’s valuable

0 voters

Please also share any further details below in comments. Thank you!

Dirk · February 14, 2023, 7:59am

I as currently the only one voted for keeping it.

I really like the feature in larger environments as I am bad at names but good with faces, so it makes it easier for me to address the correct person. I am also happy with the “get it from LDAP” feature as this is how I feel it should be in a professional environment. In our active directory everyone’s picture is stored which gets taken on the first day and enforced as avatar where this feature is available. I have seen similar policies at some customers, others allow the upload of any picture from the client.

So from your list of improvements I would only like to see the first, others are not necessary (at least immediately) as I see this as a totally different feature.

ananace · February 15, 2023, 5:37pm

We ended up creating a plugin to do the avatar retrieval and storage using Rake tasks at Linköping University - because it turns out that lots of us are also much better with faces than with names.
For us, points 2-4 wouldn’t offer any real benefit, but the changes listed in point 1 would make using Foreman easier for several of our admins.

Marek_Hulan · February 22, 2023, 3:33pm

As it seems this is useful for some users (poll not closed yet, vote if you haven’t!), would it make sense to take this functionality and merge it to your plugin? I saw it is a bit liu.se specific, but also adds nice functionality. I think there would be a better chance of having more people contributing to that functionality if it’s at single place.

I also hear what you both are saying about the suggested new functionality. Adding just 1 is probably useful for all users currently using the LDAP feature. 2-4 is more for adding full avatar support, even for people not using it today.