xref: /openbmc/webui-vue/src/store/modules/SecurityAndAccess/LdapStore.js (revision 450bdb0a31778b8da885a172f8456ba31e08ad86)
1import api from '@/store/api';
2import i18n from '@/i18n';
3import { find } from 'lodash';
4
5const LdapStore = {
6  namespaced: true,
7  state: {
8    isServiceEnabled: null,
9    ldap: {
10      serviceEnabled: null,
11      serviceAddress: null,
12      bindDn: null,
13      baseDn: null,
14      userAttribute: null,
15      groupsAttribute: null,
16      roleGroups: [],
17    },
18    activeDirectory: {
19      serviceEnabled: null,
20      serviceAddress: null,
21      bindDn: null,
22      baseDn: null,
23      userAttribute: null,
24      groupsAttribute: null,
25      roleGroups: [],
26    },
27  },
28  getters: {
29    isServiceEnabled: (state) => state.isServiceEnabled,
30    ldap: (state) => state.ldap,
31    activeDirectory: (state) => state.activeDirectory,
32    isActiveDirectoryEnabled: (state) => {
33      return state.activeDirectory.serviceEnabled;
34    },
35    enabledRoleGroups: (state, getters) => {
36      const serviceType = getters.isActiveDirectoryEnabled
37        ? 'activeDirectory'
38        : 'ldap';
39      return state[serviceType].roleGroups;
40    },
41  },
42  mutations: {
43    setServiceEnabled: (state, serviceEnabled) =>
44      (state.isServiceEnabled = serviceEnabled),
45    setLdapProperties: (
46      state,
47      {
48        ServiceEnabled,
49        ServiceAddresses = [],
50        Authentication = {},
51        LDAPService: {
52          SearchSettings: {
53            BaseDistinguishedNames = [],
54            UsernameAttribute,
55            GroupsAttribute,
56          } = {},
57        } = {},
58        RemoteRoleMapping = [],
59      }
60    ) => {
61      state.ldap.serviceAddress = ServiceAddresses[0];
62      state.ldap.serviceEnabled = ServiceEnabled;
63      state.ldap.baseDn = BaseDistinguishedNames[0];
64      state.ldap.bindDn = Authentication.Username;
65      state.ldap.userAttribute = UsernameAttribute;
66      state.ldap.groupsAttribute = GroupsAttribute;
67      state.ldap.roleGroups = RemoteRoleMapping;
68    },
69    setActiveDirectoryProperties: (
70      state,
71      {
72        ServiceEnabled,
73        ServiceAddresses = [],
74        Authentication = {},
75        LDAPService: {
76          SearchSettings: {
77            BaseDistinguishedNames = [],
78            UsernameAttribute,
79            GroupsAttribute,
80          } = {},
81        } = {},
82        RemoteRoleMapping = [],
83      }
84    ) => {
85      state.activeDirectory.serviceEnabled = ServiceEnabled;
86      state.activeDirectory.serviceAddress = ServiceAddresses[0];
87      state.activeDirectory.bindDn = Authentication.Username;
88      state.activeDirectory.baseDn = BaseDistinguishedNames[0];
89      state.activeDirectory.userAttribute = UsernameAttribute;
90      state.activeDirectory.groupsAttribute = GroupsAttribute;
91      state.activeDirectory.roleGroups = RemoteRoleMapping;
92    },
93  },
94  actions: {
95    async getAccountSettings({ commit }) {
96      return await api
97        .get('/redfish/v1/AccountService')
98        .then(({ data: { LDAP = {}, ActiveDirectory = {} } }) => {
99          const ldapEnabled = LDAP.ServiceEnabled;
100          const activeDirectoryEnabled = ActiveDirectory.ServiceEnabled;
101
102          commit('setServiceEnabled', ldapEnabled || activeDirectoryEnabled);
103          commit('setLdapProperties', LDAP);
104          commit('setActiveDirectoryProperties', ActiveDirectory);
105        })
106        .catch((error) => console.log(error));
107    },
108    async saveLdapSettings({ state, dispatch }, properties) {
109      const data = { LDAP: properties };
110      if (state.activeDirectory.serviceEnabled) {
111        // Disable Active Directory service if enabled
112        await api.patch('/redfish/v1/AccountService', {
113          ActiveDirectory: { ServiceEnabled: false },
114        });
115      }
116      return await api
117        .patch('/redfish/v1/AccountService', data)
118        .then(() => dispatch('getAccountSettings'))
119        .then(() => i18n.t('pageLdap.toast.successSaveLdapSettings'))
120        .catch((error) => {
121          console.log(error);
122          throw new Error(i18n.t('pageLdap.toast.errorSaveLdapSettings'));
123        });
124    },
125    async saveActiveDirectorySettings({ state, dispatch }, properties) {
126      const data = { ActiveDirectory: properties };
127      if (state.ldap.serviceEnabled) {
128        // Disable LDAP service if enabled
129        await api.patch('/redfish/v1/AccountService', {
130          LDAP: { ServiceEnabled: false },
131        });
132      }
133      return await api
134        .patch('/redfish/v1/AccountService', data)
135        .then(() => dispatch('getAccountSettings'))
136        .then(() => i18n.t('pageLdap.toast.successSaveActiveDirectorySettings'))
137        .catch((error) => {
138          console.log(error);
139          throw new Error(
140            i18n.t('pageLdap.toast.errorSaveActiveDirectorySettings')
141          );
142        });
143    },
144    async saveAccountSettings(
145      { dispatch },
146      {
147        serviceEnabled,
148        serviceAddress,
149        activeDirectoryEnabled,
150        bindDn,
151        bindPassword,
152        baseDn,
153        userIdAttribute,
154        groupIdAttribute,
155      }
156    ) {
157      const data = {
158        ServiceEnabled: serviceEnabled,
159        ServiceAddresses: [serviceAddress],
160        Authentication: {
161          Username: bindDn,
162          Password: bindPassword,
163        },
164        LDAPService: {
165          SearchSettings: {
166            BaseDistinguishedNames: [baseDn],
167          },
168        },
169      };
170      if (groupIdAttribute)
171        data.LDAPService.SearchSettings.GroupsAttribute = groupIdAttribute;
172      if (userIdAttribute)
173        data.LDAPService.SearchSettings.UsernameAttribute = userIdAttribute;
174
175      if (activeDirectoryEnabled) {
176        return await dispatch('saveActiveDirectorySettings', data);
177      } else {
178        return await dispatch('saveLdapSettings', data);
179      }
180    },
181    async addNewRoleGroup(
182      { dispatch, getters },
183      { groupName, groupPrivilege }
184    ) {
185      const data = {};
186      const enabledRoleGroups = getters['enabledRoleGroups'];
187      const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled'];
188      const RemoteRoleMapping = [
189        ...enabledRoleGroups,
190        {
191          LocalRole: groupPrivilege,
192          RemoteGroup: groupName,
193        },
194      ];
195      if (isActiveDirectoryEnabled) {
196        data.ActiveDirectory = { RemoteRoleMapping };
197      } else {
198        data.LDAP = { RemoteRoleMapping };
199      }
200      return await api
201        .patch('/redfish/v1/AccountService', data)
202        .then(() => dispatch('getAccountSettings'))
203        .then(() =>
204          i18n.t('pageLdap.toast.successAddRoleGroup', {
205            groupName,
206          })
207        )
208        .catch((error) => {
209          console.log(error);
210          throw new Error(i18n.t('pageLdap.toast.errorAddRoleGroup'));
211        });
212    },
213    async saveRoleGroup({ dispatch, getters }, { groupName, groupPrivilege }) {
214      const data = {};
215      const enabledRoleGroups = getters['enabledRoleGroups'];
216      const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled'];
217      const RemoteRoleMapping = enabledRoleGroups.map((group) => {
218        if (group.RemoteGroup === groupName) {
219          return {
220            RemoteGroup: groupName,
221            LocalRole: groupPrivilege,
222          };
223        } else {
224          return {};
225        }
226      });
227      if (isActiveDirectoryEnabled) {
228        data.ActiveDirectory = { RemoteRoleMapping };
229      } else {
230        data.LDAP = { RemoteRoleMapping };
231      }
232      return await api
233        .patch('/redfish/v1/AccountService', data)
234        .then(() => dispatch('getAccountSettings'))
235        .then(() =>
236          i18n.t('pageLdap.toast.successSaveRoleGroup', { groupName })
237        )
238        .catch((error) => {
239          console.log(error);
240          throw new Error(i18n.t('pageLdap.toast.errorSaveRoleGroup'));
241        });
242    },
243    async deleteRoleGroup({ dispatch, getters }, { roleGroups = [] }) {
244      const data = {};
245      const enabledRoleGroups = getters['enabledRoleGroups'];
246      const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled'];
247      const RemoteRoleMapping = enabledRoleGroups.map((group) => {
248        if (find(roleGroups, { groupName: group.RemoteGroup })) {
249          return null;
250        } else {
251          return {};
252        }
253      });
254      if (isActiveDirectoryEnabled) {
255        data.ActiveDirectory = { RemoteRoleMapping };
256      } else {
257        data.LDAP = { RemoteRoleMapping };
258      }
259      return await api
260        .patch('/redfish/v1/AccountService', data)
261        .then(() => dispatch('getAccountSettings'))
262        .then(() =>
263          i18n.tc('pageLdap.toast.successDeleteRoleGroup', roleGroups.length)
264        )
265        .catch((error) => {
266          console.log(error);
267          throw new Error(
268            i18n.tc('pageLdap.toast.errorDeleteRoleGroup', roleGroups.length)
269          );
270        });
271    },
272  },
273};
274
275export default LdapStore;
276