xref: /openbmc/webui-vue/src/store/modules/SecurityAndAccess/LdapStore.js (revision de23ea23d88451a2fa2774ec72053772603c23ae)
1import api from '@/store/api';
2import i18n from '@/i18n';
3import { find } from 'lodash';
4
5const LdapStore = {
6  namespaced: true,
7  state: {
8    isServiceEnabled: null,
9    ldap: {
10      serviceEnabled: null,
11      serviceAddress: null,
12      bindDn: null,
13      baseDn: null,
14      userAttribute: null,
15      groupsAttribute: null,
16      roleGroups: [],
17    },
18    activeDirectory: {
19      serviceEnabled: null,
20      serviceAddress: null,
21      bindDn: null,
22      baseDn: null,
23      userAttribute: null,
24      groupsAttribute: null,
25      roleGroups: [],
26    },
27  },
28  getters: {
29    isServiceEnabled: (state) => state.isServiceEnabled,
30    ldap: (state) => state.ldap,
31    activeDirectory: (state) => state.activeDirectory,
32    isActiveDirectoryEnabled: (state) => {
33      return state.activeDirectory.serviceEnabled;
34    },
35    enabledRoleGroups: (state, getters) => {
36      const serviceType = getters.isActiveDirectoryEnabled
37        ? 'activeDirectory'
38        : 'ldap';
39      return state[serviceType].roleGroups;
40    },
41  },
42  mutations: {
43    setServiceEnabled: (state, serviceEnabled) =>
44      (state.isServiceEnabled = serviceEnabled),
45    setLdapProperties: (
46      state,
47      {
48        ServiceEnabled,
49        ServiceAddresses = [],
50        Authentication = {},
51        LDAPService: {
52          SearchSettings: {
53            BaseDistinguishedNames = [],
54            UsernameAttribute,
55            GroupsAttribute,
56          } = {},
57        } = {},
58        RemoteRoleMapping = [],
59      },
60    ) => {
61      state.ldap.serviceAddress = ServiceAddresses[0];
62      state.ldap.serviceEnabled = ServiceEnabled;
63      state.ldap.baseDn = BaseDistinguishedNames[0];
64      state.ldap.bindDn = Authentication.Username;
65      state.ldap.userAttribute = UsernameAttribute;
66      state.ldap.groupsAttribute = GroupsAttribute;
67      state.ldap.roleGroups = RemoteRoleMapping;
68    },
69    setActiveDirectoryProperties: (
70      state,
71      {
72        ServiceEnabled,
73        ServiceAddresses = [],
74        Authentication = {},
75        LDAPService: {
76          SearchSettings: {
77            BaseDistinguishedNames = [],
78            UsernameAttribute,
79            GroupsAttribute,
80          } = {},
81        } = {},
82        RemoteRoleMapping = [],
83      },
84    ) => {
85      state.activeDirectory.serviceEnabled = ServiceEnabled;
86      state.activeDirectory.serviceAddress = ServiceAddresses[0];
87      state.activeDirectory.bindDn = Authentication.Username;
88      state.activeDirectory.baseDn = BaseDistinguishedNames[0];
89      state.activeDirectory.userAttribute = UsernameAttribute;
90      state.activeDirectory.groupsAttribute = GroupsAttribute;
91      state.activeDirectory.roleGroups = RemoteRoleMapping;
92    },
93  },
94  actions: {
95    async getAccountSettings({ commit }) {
96      return await api
97        .get('/redfish/v1/AccountService')
98        .then(({ data: { LDAP = {}, ActiveDirectory = {} } }) => {
99          const ldapEnabled = LDAP.ServiceEnabled;
100          const activeDirectoryEnabled = ActiveDirectory.ServiceEnabled;
101
102          commit('setServiceEnabled', ldapEnabled || activeDirectoryEnabled);
103          commit('setLdapProperties', LDAP);
104          commit('setActiveDirectoryProperties', ActiveDirectory);
105        })
106        .catch((error) => console.log(error));
107    },
108    async saveLdapSettings({ state, dispatch }, properties) {
109      const data = { LDAP: properties };
110      if (state.activeDirectory.serviceEnabled) {
111        // Disable Active Directory service if enabled
112        await api.patch('/redfish/v1/AccountService', {
113          ActiveDirectory: { ServiceEnabled: false },
114        });
115      }
116      return await api
117        .patch('/redfish/v1/AccountService', data)
118        .then(() => dispatch('getAccountSettings'))
119        .then(() => i18n.global.t('pageLdap.toast.successSaveLdapSettings'))
120        .catch((error) => {
121          console.log(error);
122          throw new Error(
123            i18n.global.t('pageLdap.toast.errorSaveLdapSettings'),
124          );
125        });
126    },
127    async saveActiveDirectorySettings({ state, dispatch }, properties) {
128      const data = { ActiveDirectory: properties };
129      if (state.ldap.serviceEnabled) {
130        // Disable LDAP service if enabled
131        await api.patch('/redfish/v1/AccountService', {
132          LDAP: { ServiceEnabled: false },
133        });
134      }
135      return await api
136        .patch('/redfish/v1/AccountService', data)
137        .then(() => dispatch('getAccountSettings'))
138        .then(() =>
139          i18n.global.t('pageLdap.toast.successSaveActiveDirectorySettings'),
140        )
141        .catch((error) => {
142          console.log(error);
143          throw new Error(
144            i18n.global.t('pageLdap.toast.errorSaveActiveDirectorySettings'),
145          );
146        });
147    },
148    async saveAccountSettings(
149      { dispatch },
150      {
151        serviceEnabled,
152        serviceAddress,
153        activeDirectoryEnabled,
154        bindDn,
155        bindPassword,
156        baseDn,
157        userIdAttribute,
158        groupIdAttribute,
159      },
160    ) {
161      const data = {
162        ServiceEnabled: serviceEnabled,
163        ServiceAddresses: [serviceAddress],
164        Authentication: {
165          Username: bindDn,
166          Password: bindPassword,
167        },
168        LDAPService: {
169          SearchSettings: {
170            BaseDistinguishedNames: [baseDn],
171          },
172        },
173      };
174      if (groupIdAttribute)
175        data.LDAPService.SearchSettings.GroupsAttribute = groupIdAttribute;
176      if (userIdAttribute)
177        data.LDAPService.SearchSettings.UsernameAttribute = userIdAttribute;
178
179      if (activeDirectoryEnabled) {
180        return await dispatch('saveActiveDirectorySettings', data);
181      } else {
182        return await dispatch('saveLdapSettings', data);
183      }
184    },
185    async addNewRoleGroup(
186      { dispatch, getters },
187      { groupName, groupPrivilege },
188    ) {
189      const data = {};
190      const enabledRoleGroups = getters['enabledRoleGroups'];
191      const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled'];
192      const RemoteRoleMapping = [
193        ...enabledRoleGroups,
194        {
195          LocalRole: groupPrivilege,
196          RemoteGroup: groupName,
197        },
198      ];
199      if (isActiveDirectoryEnabled) {
200        data.ActiveDirectory = { RemoteRoleMapping };
201      } else {
202        data.LDAP = { RemoteRoleMapping };
203      }
204      return await api
205        .patch('/redfish/v1/AccountService', data)
206        .then(() => dispatch('getAccountSettings'))
207        .then(() =>
208          i18n.global.t('pageLdap.toast.successAddRoleGroup', {
209            groupName,
210          }),
211        )
212        .catch((error) => {
213          console.log(error);
214          throw new Error(i18n.global.t('pageLdap.toast.errorAddRoleGroup'));
215        });
216    },
217    async saveRoleGroup({ dispatch, getters }, { groupName, groupPrivilege }) {
218      const data = {};
219      const enabledRoleGroups = getters['enabledRoleGroups'];
220      const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled'];
221      const RemoteRoleMapping = enabledRoleGroups.map((group) => {
222        if (group.RemoteGroup === groupName) {
223          return {
224            RemoteGroup: groupName,
225            LocalRole: groupPrivilege,
226          };
227        } else {
228          return {};
229        }
230      });
231      if (isActiveDirectoryEnabled) {
232        data.ActiveDirectory = { RemoteRoleMapping };
233      } else {
234        data.LDAP = { RemoteRoleMapping };
235      }
236      return await api
237        .patch('/redfish/v1/AccountService', data)
238        .then(() => dispatch('getAccountSettings'))
239        .then(() =>
240          i18n.global.t('pageLdap.toast.successSaveRoleGroup', { groupName }),
241        )
242        .catch((error) => {
243          console.log(error);
244          throw new Error(i18n.global.t('pageLdap.toast.errorSaveRoleGroup'));
245        });
246    },
247    async deleteRoleGroup({ dispatch, getters }, { roleGroups = [] }) {
248      const data = {};
249      const enabledRoleGroups = getters['enabledRoleGroups'];
250      const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled'];
251      const RemoteRoleMapping = enabledRoleGroups.map((group) => {
252        if (find(roleGroups, { groupName: group.RemoteGroup })) {
253          return null;
254        } else {
255          return {};
256        }
257      });
258      if (isActiveDirectoryEnabled) {
259        data.ActiveDirectory = { RemoteRoleMapping };
260      } else {
261        data.LDAP = { RemoteRoleMapping };
262      }
263      return await api
264        .patch('/redfish/v1/AccountService', data)
265        .then(() => dispatch('getAccountSettings'))
266        .then(() =>
267          i18n.global.t(
268            'pageLdap.toast.successDeleteRoleGroup',
269            roleGroups.length,
270          ),
271        )
272        .catch((error) => {
273          console.log(error);
274          throw new Error(
275            i18n.global.t(
276              'pageLdap.toast.errorDeleteRoleGroup',
277              roleGroups.length,
278            ),
279          );
280        });
281    },
282  },
283};
284
285export default LdapStore;
286