Your IP : 216.73.216.189
import{j as e,d as s,dk as O,U as w,r as C,t as B,dl as Z,dm as ee,dn as te,dp as se,w as v,v as ne,R as oe,dq as ie,p as q,b as H,u as K,dr as ae,A as _,ds as Y,y as M,dt as re,O as le,x as ce,L as de,D as ue,e as V,f as me,h as pe,k as he,m as ge,F as fe,M as ye,b8 as xe,K as be,du as $}from"./index-BFGypnt-.js";import{S as je}from"./SelectableMainTable-BZaSR8Vv.js";import{S as Se}from"./SelectedTableNotification-D7txT2Gz.js";import{u as Ie}from"./useSortTableData-DMPSUVcX.js";import{u as E,G as Ce,L as Q,S as Ne,A as ve,Q as Te,i as we,T as Ge,P as Pe}from"./GroupOrIdentityChangesTable-C5GyT60U.js";import{u as G,p as W}from"./usePanelParams-CV5ZHNeu.js";import{P as A}from"./PageHeader-DZVSTM6q.js";import{H as ke}from"./HelpLink-l4aaXUp-.js";import{u as Le}from"./ModifiedStatusAction-BK_Bam7Z.js";import{G as z}from"./GroupSelection-sYtH6Ve5.js";import{G as Fe}from"./GroupSelectionActions-Du5fVlDW.js";import{u as X}from"./useAuthGroups-3GAYR02a.js";import{B as De}from"./BulkDeleteButton-Cy-zhz39.js";import{C as U}from"./CodeSnippetWithCopyButton-DAE09ff3.js";import{N as Ae}from"./NameWithGroupForm-D6xMGnkA.js";import"./searchAndFilter-DtC_P-vv.js";import"./PermissionGroupsFilter-BWepc9mD.js";const Me=({identities:n,className:a,...r})=>{const{canEditIdentity:p}=E(),d=G(),o=n.length>1?`Modify groups for ${n.length} identities`:"Modify groups",i=n.filter(g=>!p(g)),m=()=>{const g=i.map(h=>`
- ${O(h)}`).join("");return`You do not have permission to modify ${i.length>1?"some of the selected":"the selected"} ${w("identity",i.length)}:${g}`};return e.jsx(e.Fragment,{children:e.jsxs(s.Button,{onClick:()=>{d.openIdentityGroups()},"aria-label":"Modify groups",title:i.length?m():"Modify groups",className:a,disabled:!!i.length||!n.length||!!d.panel,hasIcon:!0,...r,children:[e.jsx(s.Icon,{name:"user-group"}),e.jsx("span",{children:o})]})})},Be=({onConfirm:n,close:a,addedGroups:r,removedGroups:p,selectedIdentities:d})=>{const[o,i]=C.useState(!1),m=s.useNotify(),g=G(),h=B(),b=s.useToastNotification(),S=Z(d,r,p),l=ee(S),u=()=>{i(!0);const x=te(r,p,d),f=d.map(c=>({...c,groups:x[c.id]}));se(f).then(()=>{h.invalidateQueries({predicate:P=>[v.identities,v.authGroups].includes(P.queryKey[0])});const c=Object.keys(S),N=c.length>1?`Updated groups for ${c.length} identities.`:e.jsxs(e.Fragment,{children:["Updated groups for"," ",e.jsx(ne,{type:"oidc-identity",value:c[0],to:`${oe}/ui/permissions/identities`}),"."]});b.success(N),g.clear(),m.clear()}).catch(c=>{m.failure("Update groups failed",c)}).finally(()=>{i(!1),n()})};return e.jsx(s.ConfirmationModal,{confirmButtonLabel:"Confirm changes",confirmButtonAppearance:"positive",onConfirm:u,close:a,title:"Confirm modification",className:"permission-confirm-modal",confirmButtonLoading:o,children:e.jsx(Ce,{identityGroupsChangeSummary:S,groupIdentitiesChangeSummary:l,identities:d,initialGroupBy:"identity"})})},Ee=({identities:n,onClose:a})=>{const r=G(),p=s.useNotify(),[d,o]=C.useState(!1),{data:i=[],error:m,isLoading:g}=X(),{desiredState:h,save:b,undo:S}=Le({initialState:{groupsAdded:new Set,groupsRemoved:new Set}});m&&p.failure("Loading panel details failed",m),C.useEffect(()=>{if(!n.length){r.clear();return}},[n]);const{groupsForAllIdentities:l,groupsForSomeIdentities:u,groupsForNoIdentities:x}=ie(i,n),f=new Set(h.groupsAdded);for(const y of l)h.groupsRemoved.has(y)||f.add(y);const c=new Set(u.filter(y=>!f.has(y)&&!h.groupsRemoved.has(y))),N=()=>{const y=new Set;for(const j of l)f.has(j)||y.add(j);for(const j of u)c.has(j)||y.add(j);for(const j of x)f.has(j)&&y.add(j);return y},P=(y,j)=>{b(j?{groupsAdded:new Set,groupsRemoved:new Set(i.map(L=>L.name))}:{groupsAdded:new Set(y),groupsRemoved:new Set})},k=y=>{const j=f.has(y),L=c.has(y),F=new Set(h.groupsAdded),D=new Set(h.groupsRemoved);j||L?(F.delete(y),D.add(y)):(F.add(y),D.delete(y)),b({groupsAdded:F,groupsRemoved:D})},R=()=>{r.clear(),p.clear(),o(!1),a()},t=()=>{p.clear(),o(!1)},I=N(),T=n.length>1?`Change auth groups for ${n.length} identities`:`Change auth groups for ${n[0]?.name}`;return e.jsxs(e.Fragment,{children:[e.jsxs(s.SidePanel,{loading:g,hasError:!i,children:[e.jsx(s.SidePanel.Header,{children:e.jsx(s.SidePanel.HeaderTitle,{className:"u-truncate",children:T})}),e.jsx(q,{className:"u-no-padding"}),e.jsx(s.SidePanel.Content,{className:"u-no-padding",children:e.jsx(z,{groups:i,modifiedGroups:I,parentItemName:"identity",parentItems:n,selectedGroups:f,setSelectedGroups:P,indeterminateGroups:c,toggleGroup:k,scrollDependencies:[I.size,p.notification]})}),e.jsx(s.SidePanel.Footer,{className:"u-align--right",children:e.jsx(Fe,{modifiedGroups:I,undoChange:S,closePanel:R,onSubmit:()=>{o(!0)},disabled:I.size===0,isEdit:!0})})]}),d&&e.jsx(Be,{close:t,onConfirm:t,selectedIdentities:n,addedGroups:h.groupsAdded,removedGroups:h.groupsRemoved})]})},Re=({identities:n})=>{const a=B(),r=s.useNotify(),p=s.useToastNotification(),d=`Delete ${w("identity",n.length)}`,[o,i]=C.useState(!1),{canDeleteIdentity:m}=E(),{data:g}=H(),{authMethod:h}=K(),b=g?.auth_user_name??"",S=n.some(c=>c.id===b),l=[],u=[];n.forEach(c=>{m(c)?u.push(c):l.push(c)});const x=()=>{i(!0);const c=`${u.length} ${w("identity",u.length)} successfully deleted`;ae(u).then(()=>{if(S&&h===_.OIDC){Y();return}a.invalidateQueries({predicate:N=>[v.identities,v.authGroups,v.settings].includes(N.queryKey[0])}),p.success(c),i(!1)}).catch(N=>{r.failure("Identity deletion failed",N),i(!1)})},f=()=>{if(l.length)return[`${u.length} ${w("identity",u.length)} will be deleted.`,`${l.length} ${w("identity",l.length)} that you do not have permission to delete will be ignored.`]};return e.jsx(De,{entities:n,deletableEntities:u,entityType:"identity",onDelete:x,disabledReason:u.length?void 0:`You do not have permission to delete the selected ${w("identity",n.length)}`,className:"u-no-margin--bottom",confirmationButtonProps:{loading:o},buttonLabel:d,bulkDeleteBreakdown:f(),modalContentPrefix:e.jsx(Q,{isVisible:S})})},$e=({identity:n})=>{const a=B(),r=s.useNotify(),p=s.useToastNotification(),[d,o]=C.useState(!1),{canDeleteIdentity:i}=E(),{data:m}=H(),{authMethod:g}=K(),h=m?.auth_user_name??"",b=n.id===h,S=()=>{o(!0),re(n).then(()=>{if(b&&g===_.OIDC){Y();return}a.invalidateQueries({predicate:l=>[v.identities,v.authGroups,v.settings].includes(l.queryKey[0])}),p.success(e.jsxs(e.Fragment,{children:["Identity"," ",e.jsx(M,{type:"certificate",value:n.name,bold:!0,truncate:!0})," ","deleted."]})),o(!1),close()}).catch(l=>{o(!1),r.failure("Identity deletion failed",l,e.jsx(M,{type:"certificate",value:n.name,bold:!0,truncate:!0}))})};return e.jsx(s.ConfirmationButton,{onHoverText:i(n)?"Delete identity":"You do not have permission to delete this identity",appearance:"base","aria-label":"Delete identity",className:"has-icon u-no-margin--bottom is-dense",confirmationModalProps:{title:"Confirm delete",children:e.jsxs(e.Fragment,{children:[e.jsx(Q,{isVisible:b}),e.jsxs("p",{children:["This will permanently delete identity"," ",e.jsx(M,{type:"certificate",value:n.name,bold:!0}),".",e.jsx("br",{}),"This action cannot be undone, and can result in data loss."]})]}),confirmButtonLabel:"Delete",onConfirm:S},shiftClickEnabled:!0,showShiftClickHint:!0,loading:d,disabled:!i(n)||d,children:e.jsx(s.Icon,{name:"delete"})})},Oe=({openPanel:n})=>{const a=le(),{canCreateIdentities:r}=ce();return e.jsx(e.Fragment,{children:e.jsxs(s.Button,{appearance:"positive",className:"u-float-right u-no-margin--bottom",onClick:n,hasIcon:!a,title:r()?"":"You do not have permission to create identities",disabled:!r(),children:[!a&&e.jsx(s.Icon,{name:"plus",light:!0}),e.jsx("span",{children:"Create TLS Identity"})]})})},He=({onClose:n,token:a,identityName:r})=>{const[p,d]=C.useState(!1),[o,i]=C.useState("ui-tab");return e.jsx(s.Modal,{className:"create-tls-identity",title:e.jsxs(e.Fragment,{children:["Identity"," ",e.jsx(M,{type:"certificate",value:r,bold:!0,truncate:!0})," ","created successfully"]}),buttonRow:[e.jsx("span",{className:"u-float-left confirm-input",children:e.jsx(ue,{label:"I have copied the token",confirmed:[p,d]})},"confirm-input"),e.jsx(s.ActionButton,{appearance:"positive",className:"u-no-margin--bottom",onClick:n,disabled:!p,children:"Done"},"confirm-action-button")],closeOnOutsideClick:!1,children:a&&e.jsxs(e.Fragment,{children:[e.jsx(U,{code:a,title:"Your identity trust token",tooltipMessage:"Copy token",onCopyButtonClick:()=>{d(!0)}}),e.jsxs(s.Notification,{severity:"caution",title:"Copy the identity trust token",children:["You will need the token to authenticate your client. ",e.jsx("br",{}),"Make sure to copy it now as you will not be able to see this again."]}),e.jsx(s.Accordion,{sections:[{title:"How to use it?",content:e.jsxs(e.Fragment,{children:[e.jsx(s.Tabs,{links:[{label:"CLI",active:o==="cli-tab",onClick:()=>{i("cli-tab")}},{label:"UI",active:o==="ui-tab",onClick:()=>{i("ui-tab")}}]}),o==="cli-tab"&&e.jsxs(e.Fragment,{children:["For use with the LXC command-line tool, run:",e.jsx(U,{code:`lxc remote add ${location.hostname} ${a}`,tooltipMessage:"Copy command",className:"u-no-margin--bottom"}),e.jsxs("span",{className:"u-text--muted p-text--small u-sv3",children:["You can replace ",e.jsx("code",{children:location.hostname})," with a nickname for this server."]})]}),o==="ui-tab"&&e.jsx(s.List,{className:"u-no-margin--bottom",items:[e.jsxs(e.Fragment,{children:["Open an unauthenticated browser on"," ",e.jsx(de,{to:location.origin,children:location.origin}),"."]}),e.jsxs(e.Fragment,{children:["Select ",e.jsx("b",{children:"Setup TLS login"})," and follow the instructions to configure the browser certificate."]}),e.jsx(e.Fragment,{children:"Use this identity trust token to add the new browser certificate to this server's trust store."})]})]})}]})]})})},_e=({onSuccess:n})=>{const a=G(),r=s.useNotify(),p=B(),{data:d=[],error:o,isLoading:i}=X(),{data:m=[]}=V();o&&r.failure("Loading panel details failed",o);const g=(x,f)=>{f?l.setFieldValue("groups",[]):l.setFieldValue("groups",x)},h=()=>{a.clear(),r.clear()},b=x=>{ge(x.name,x.groups??[]).then(f=>{const c=fe(f);n(x.name,c),p.invalidateQueries({queryKey:[v.identities]}),h()}).catch(f=>{l.setSubmitting(!1),r.failure("Identity creation failed",f)})},S=me().shape({name:pe().required("Identity name is required").test("unique-name","An identity with this name already exists",function(x){return x?!m.map(c=>c.name).includes(x):!0})}),l=he({initialValues:{name:"",groups:[]},validationSchema:S,onSubmit:b}),u=new Set(l.values.groups??[]);return e.jsx(e.Fragment,{children:e.jsxs(s.SidePanel,{loading:i,hasError:!d,children:[e.jsx(s.SidePanel.Header,{children:e.jsx(s.SidePanel.HeaderTitle,{children:"Create identity"})}),e.jsx(q,{className:"u-no-padding"}),e.jsx(Ae,{formik:l}),e.jsx("p",{children:"Auth groups"}),e.jsx(s.SidePanel.Content,{className:"u-no-padding",children:e.jsx(z,{groups:d,modifiedGroups:u,parentItemName:"",selectedGroups:u,setSelectedGroups:g,toggleGroup:x=>{u.has(x)?u.delete(x):u.add(x),l.setFieldValue("groups",Array.from(u))},scrollDependencies:[d,u.size,r.notification,l]})}),e.jsxs(s.SidePanel.Footer,{className:"u-align--right",children:[e.jsx(s.Button,{appearance:"base",onClick:h,className:"u-no-margin--bottom",children:"Cancel"}),e.jsx(s.ActionButton,{appearance:"positive",onClick:()=>{l.submitForm()},className:"u-no-margin--bottom",disabled:!l.isValid||l.isSubmitting||!l.values.name,loading:l.isSubmitting,children:"Create identity"})]})]})})},Ue=()=>{const n=G(),{openPortal:a,closePortal:r,isOpen:p,Portal:d}=s.usePortal({programmaticallyOpen:!0}),[o,i]=C.useState(""),[m,g]=C.useState("");return e.jsxs(e.Fragment,{children:[p&&e.jsx(d,{children:e.jsx(He,{onClose:r,token:o,identityName:m})}),n.panel===W.createTLSIdentity&&e.jsx(_e,{onSuccess:(h,b)=>{g(h),i(b),a()}})]})},qe=()=>!!localStorage.getItem("ssoNotificationClosed"),Ke=()=>{localStorage.setItem("ssoNotificationClosed","yes")},Ye=({hasOidc:n})=>{const[a,r]=C.useState(qe());if(a||n)return null;const p=()=>{Ke(),r(!0)};return e.jsx(e.Fragment,{children:e.jsx(s.Notification,{severity:"information",title:"Did you know?",onDismiss:p,actions:[e.jsx(ye,{docPath:"/howto/oidc/",children:"Show me how"},"sso-doc-link")],children:"LXD can be configured to log in using a single sign-on provider."})})},dt=()=>{const n=s.useNotify(),{data:a=[],error:r,isLoading:p}=V(),{data:d}=H(),o=G(),[i]=xe(),[m,g]=C.useState([]),{hasAccessManagementTLS:h}=be(),{canEditIdentity:b}=E(),S=d?.auth_methods?.includes(_.OIDC);C.useEffect(()=>{const t=new Set(a.map(T=>T.id)),I=m.filter(T=>t.has(T));I.length!==m.length&&g(I)},[a]),r&&n.failure("Loading identities failed",r);const l=[{content:"Name",className:"name",sortKey:"name"},{content:"ID",sortKey:"id",className:"identity-id"},{content:"Auth method",sortKey:"authmethod",className:"auth-method"},{content:"Type",sortKey:"type",className:"identity-type"},{content:"Groups",sortKey:"groups",className:"u-align--right group-count"},{"aria-label":"Actions",className:"u-align--right actions"}],u={queries:i.getAll(Te),authMethod:i.getAll(ve),systemIdentities:i.get(Ne)},x=a.filter(t=>!(u.systemIdentities==="hide"&&we(t)||!u.queries.every(I=>O(t).toLowerCase().includes(I)||t.id.toLowerCase().includes(I))||u.authMethod.length>0&&!u.authMethod.includes(t.authentication_method))),f=a.filter(t=>m.includes(t.id)),c=x.map(t=>{const I=d?.auth_user_name===t.id,T=()=>{o.openIdentityGroups(t.id),g([t.id])},y=()=>{if(b(t))return e.jsx(s.Button,{appearance:"link",dense:!0,onClick:T,children:t.groups?.length||0});const F=w("group",t.groups?.length??0),D=t.groups?.join(`
- `),J=`Assigned ${F}:
- ${D}`;return e.jsx("div",{title:t.groups?.length?J:"",children:t.groups?.length||0})},j=O(t),L=()=>t.type.startsWith("Client certificate")?"certificate":t.type.startsWith("OIDC client")?"oidc-identity":t.type.startsWith("Server certificate")?"cluster-member":t.type.startsWith("Metrics certificate")?"metric":"certificate";return{key:t.id,name:$(t)?"":t.id,className:"u-row",columns:[{content:e.jsxs(e.Fragment,{children:[e.jsx(M,{type:L(),value:j})," ",e.jsx(Ge,{isVisible:I,children:"You"})]}),role:"rowheader","aria-label":"Name",className:"u-truncate",title:j},{content:t.id,role:"cell","aria-label":"ID",className:"u-truncate identity-id",title:t.id},{content:t.authentication_method.toUpperCase(),role:"cell","aria-label":"Auth method",className:"auth-method"},{content:t.type,role:"cell","aria-label":"Type",className:"u-truncate identity-type"},{content:y(),role:"cell",className:"u-align--right group-count","aria-label":"Groups for this identity"},{content:!$(t)&&e.jsxs(e.Fragment,{children:[e.jsx(s.Button,{appearance:"base",className:"u-no-margin--bottom",hasIcon:!0,dense:!0,onClick:T,type:"button","aria-label":"Manage groups",title:b()?"Manage groups":"You do not have permission to modify this identity",disabled:!b(t),children:e.jsx(s.Icon,{name:"user-group"})}),h&&e.jsx($e,{identity:t})]}),className:"actions u-align--right",role:"cell","aria-label":"Actions"}],sortData:{id:t.id,name:j.toLowerCase(),authentication_method:t.authentication_method,type:t.type,groups:t.groups?.length||0}}}),{rows:N,updateSort:P}=Ie({rows:c,defaultSort:"name"}),k=a.filter(t=>!$(t));if(p)return e.jsx(s.Spinner,{className:"u-loader",text:"Loading...",isMainComponent:!0});const R=()=>{const t=c.length>1?`Showing all ${c.length} identities`:"Showing 1 out of 1 identity";return m.length>0?e.jsx(Se,{totalCount:k.length??0,itemName:"identity",selectedNames:m,setSelectedNames:g,filteredNames:k.map(I=>I.id),hideActions:!!o.panel}):t};return e.jsxs(e.Fragment,{children:[e.jsxs(s.CustomLayout,{mainClassName:"permission-identities-list",contentClassName:"u-no-padding--bottom",header:e.jsxs(A,{children:[e.jsxs(A.Left,{children:[e.jsx(A.Title,{children:e.jsx(ke,{docPath:"/explanation/authorization",title:"Learn more about permissions",children:"Identities"})}),!m.length&&!o.panel&&e.jsx(A.Search,{children:e.jsx(Pe,{})}),!!m.length&&e.jsx(Me,{identities:f,className:"u-no-margin--bottom"}),!!m.length&&h&&e.jsx(Re,{identities:f})]}),e.jsx(A.BaseActions,{children:e.jsx(Oe,{openPanel:o.openCreateTLSIdentity})})]}),children:[!o.panel&&e.jsxs("div",{className:"row",children:[e.jsx(s.NotificationConsumer,{}),e.jsx(Ye,{hasOidc:S??!1})]}),e.jsx(s.Row,{children:e.jsx(s.ScrollableTable,{dependencies:[a],tableId:"identities-table",belowIds:["status-bar"],children:e.jsx(s.TablePagination,{data:N,id:"pagination",itemName:"identity",className:"u-no-margin--top","aria-label":"Table pagination control",description:R(),children:e.jsx(je,{id:"identities-table",className:"permission-identities-table",headers:l,rows:N,sortable:!0,emptyStateMsg:"No identities found matching this search",onUpdateSort:P,itemName:"identity",parentName:"",selectedNames:m,setSelectedNames:g,disabledNames:[],filteredNames:k.map(t=>t.id),disableSelect:!!o.panel})})})})]}),e.jsx(Ue,{}),o.panel===W.identityGroups&&e.jsx(Ee,{identities:f,onClose:()=>{g([])}})]})};export{dt as default};