Your IP : 216.73.216.220
import{j as e,d as s,em as H,T,r as C,v as B,en as Z,eo as ee,ep as te,eq as se,x as v,w as ne,R as oe,er as ie,p as q,b as O,u as Y,es as ae,A as _,et as K,z as M,eu as re,H as le,y as ce,L as de,b0 as ue,f as me,h as pe,k as he,m as ge,ev as fe,b3 as ye,e as xe,bu as be,V as je,ew as $}from"./index-BsQN_SZU.js";import{S as Se}from"./SelectableMainTable-DBx4rRiq.js";import{S as Ie}from"./SelectedTableNotification-BpePAhdG.js";import{u as Ce}from"./useSortTableData-DkMx8bMp.js";import{u as E,G as Ne,L as z,S as ve,A as we,Q as Te,i as Ge,T as Pe,P as ke}from"./GroupOrIdentityChangesTable-BL03ROPA.js";import{u as G,p as Q}from"./usePanelParams-CNAJZsSX.js";import{P as F}from"./PageHeader-BkhUaI4-.js";import{H as Ae}from"./HelpLink-BJF9zWZL.js";import{u as W}from"./ModifiedStatusAction-BFtE1DQS.js";import{G as V}from"./GroupSelection-BCidmw-m.js";import{G as Le}from"./GroupSelectionActions-CHeMh4Rc.js";import{u as X}from"./useAuthGroups-D8vRxz3-.js";import{B as De}from"./BulkDeleteButton-DbqPCHnz.js";import{C as U}from"./CodeSnippetWithCopyButton-X-nQ1jRt.js";import{N as Fe}from"./NameWithGroupForm-CI9Ry6wx.js";import"./searchAndFilter-DtC_P-vv.js";import"./PermissionGroupsFilter-CX61qN2q.js";const Me=({identities:n,className:a,...l})=>{const{canEditIdentity:p}=E(),c=G(),o=n.length>1?`Modify groups for ${n.length} identities`:"Modify groups",i=n.filter(g=>!p(g)),r=()=>{const g=i.map(h=>`
- ${H(h)}`).join("");return`You do not have permission to modify ${i.length>1?"some of the selected":"the selected"} ${T("identity",i.length)}:${g}`};return e.jsx(e.Fragment,{children:e.jsxs(s.Button,{onClick:()=>{c.openIdentityGroups()},"aria-label":"Modify groups",title:i.length?r():"Modify groups",className:a,disabled:!!i.length||!n.length||!!c.panel,hasIcon:!0,...l,children:[e.jsx(s.Icon,{name:"user-group"}),e.jsx("span",{children:o})]})})},Be=({onConfirm:n,close:a,addedGroups:l,removedGroups:p,selectedIdentities:c})=>{const[o,i]=C.useState(!1),r=s.useNotify(),g=G(),h=B(),y=s.useToastNotification(),S=Z(c,l,p),x=ee(S),d=()=>{i(!0);const b=te(l,p,c),u=c.map(m=>({...m,groups:b[m.id]}));se(u).then(()=>{h.invalidateQueries({predicate:P=>[v.identities,v.authGroups].includes(P.queryKey[0])});const m=Object.keys(S),N=m.length>1?`Updated groups for ${m.length} identities`:e.jsxs(e.Fragment,{children:["Updated groups for"," ",e.jsx(ne,{type:"oidc-identity",value:m[0],to:`${oe}/ui/permissions/identities`})]});y.success(N),g.clear(),r.clear()}).catch(m=>{r.failure("Update groups failed",m)}).finally(()=>{i(!1),n()})};return e.jsx(s.ConfirmationModal,{confirmButtonLabel:"Confirm changes",confirmButtonAppearance:"positive",onConfirm:d,close:a,title:"Confirm modification",className:"permission-confirm-modal",confirmButtonLoading:o,children:e.jsx(Ne,{identityGroupsChangeSummary:S,groupIdentitiesChangeSummary:x,identities:c,initialGroupBy:"identity"})})},Ee=({identities:n,onClose:a})=>{const l=G(),p=s.useNotify(),[c,o]=C.useState(!1),{data:i=[],error:r,isLoading:g}=X(),{desiredState:h,save:y,undo:S}=W({initialState:{groupsAdded:new Set,groupsRemoved:new Set}});r&&p.failure("Loading panel details failed",r),C.useEffect(()=>{if(!n.length){l.clear();return}},[n]);const{groupsForAllIdentities:x,groupsForSomeIdentities:d,groupsForNoIdentities:b}=ie(i,n),u=new Set(h.groupsAdded);for(const f of x)h.groupsRemoved.has(f)||u.add(f);const m=new Set(d.filter(f=>!u.has(f)&&!h.groupsRemoved.has(f))),N=()=>{const f=new Set;for(const j of x)u.has(j)||f.add(j);for(const j of d)m.has(j)||f.add(j);for(const j of b)u.has(j)&&f.add(j);return f},P=(f,j)=>{y(j?{groupsAdded:new Set,groupsRemoved:new Set(i.map(A=>A.name))}:{groupsAdded:new Set(f),groupsRemoved:new Set})},k=f=>{const j=u.has(f),A=m.has(f),L=new Set(h.groupsAdded),D=new Set(h.groupsRemoved);j||A?(L.delete(f),D.add(f)):(L.add(f),D.delete(f)),y({groupsAdded:L,groupsRemoved:D})},R=()=>{l.clear(),p.clear(),o(!1),a()},t=()=>{p.clear(),o(!1)},I=N(),w=n.length>1?`Change auth groups for ${n.length} identities`:`Change auth groups for ${n[0]?.name}`;return e.jsxs(e.Fragment,{children:[e.jsxs(s.SidePanel,{loading:g,hasError:!i,children:[e.jsx(s.SidePanel.Header,{children:e.jsx(s.SidePanel.HeaderTitle,{className:"u-truncate",children:w})}),e.jsx(q,{className:"u-no-padding"}),e.jsx(s.SidePanel.Content,{className:"u-no-padding",children:e.jsx(V,{groups:i,modifiedGroups:I,parentItemName:"identity",parentItems:n,selectedGroups:u,setSelectedGroups:P,indeterminateGroups:m,toggleGroup:k,scrollDependencies:[I.size,p.notification]})}),e.jsx(s.SidePanel.Footer,{className:"u-align--right",children:e.jsx(Le,{modifiedGroups:I,undoChange:S,closePanel:R,onSubmit:()=>{o(!0)},disabled:I.size===0,isEdit:!0})})]}),c&&e.jsx(Be,{close:t,onConfirm:t,selectedIdentities:n,addedGroups:h.groupsAdded,removedGroups:h.groupsRemoved})]})},Re=({identities:n})=>{const a=B(),l=s.useNotify(),p=s.useToastNotification(),c=`Delete ${T("identity",n.length)}`,[o,i]=C.useState(!1),{canDeleteIdentity:r}=E(),{data:g}=O(),{authMethod:h}=Y(),y=g?.auth_user_name??"",S=n.some(m=>m.id===y),x=[],d=[];n.forEach(m=>{r(m)?d.push(m):x.push(m)});const b=()=>{i(!0);const m=`${d.length} ${T("identity",d.length)} successfully deleted`;ae(d).then(()=>{if(S&&h===_.OIDC){K();return}a.invalidateQueries({predicate:N=>[v.identities,v.authGroups,v.settings].includes(N.queryKey[0])}),p.success(m),i(!1)}).catch(N=>{l.failure("Identity deletion failed",N),i(!1)})},u=()=>{if(x.length)return[`${d.length} ${T("identity",d.length)} will be deleted.`,`${x.length} ${T("identity",x.length)} that you do not have permission to delete will be ignored.`]};return e.jsx(De,{entities:n,deletableEntities:d,entityType:"identity",onDelete:b,disabledReason:d.length?void 0:`You do not have permission to delete the selected ${T("identity",n.length)}`,className:"u-no-margin--bottom",confirmationButtonProps:{loading:o},buttonLabel:c,bulkDeleteBreakdown:u(),modalContentPrefix:e.jsx(z,{isVisible:S})})},$e=({identity:n})=>{const a=B(),l=s.useNotify(),p=s.useToastNotification(),[c,o]=C.useState(!1),{canDeleteIdentity:i}=E(),{data:r}=O(),{authMethod:g}=Y(),h=r?.auth_user_name??"",y=n.id===h,S=()=>{o(!0),re(n).then(()=>{if(y&&g===_.OIDC){K();return}a.invalidateQueries({predicate:x=>[v.identities,v.authGroups,v.settings].includes(x.queryKey[0])}),p.success(e.jsxs(e.Fragment,{children:["Identity"," ",e.jsx(M,{type:"certificate",value:n.name,bold:!0,truncate:!0})," ","deleted."]})),o(!1),close()}).catch(x=>{o(!1),l.failure("Identity deletion failed",x,e.jsx(M,{type:"certificate",value:n.name,bold:!0,truncate:!0}))})};return e.jsx(s.ConfirmationButton,{onHoverText:i(n)?"Delete identity":"You do not have permission to delete this identity",appearance:"base","aria-label":"Delete identity",className:"has-icon u-no-margin--bottom is-dense",confirmationModalProps:{title:"Confirm delete",children:e.jsxs(e.Fragment,{children:[e.jsx(z,{isVisible:y}),e.jsxs("p",{children:["This will permanently delete identity"," ",e.jsx(M,{type:"certificate",value:n.name,bold:!0}),".",e.jsx("br",{}),"This action cannot be undone, and can result in data loss."]})]}),confirmButtonLabel:"Delete",onConfirm:S},shiftClickEnabled:!0,showShiftClickHint:!0,loading:c,disabled:!i(n)||c,children:e.jsx(s.Icon,{name:"delete"})})},He=({openPanel:n})=>{const a=le(),{canCreateIdentities:l}=ce();return e.jsx(e.Fragment,{children:e.jsxs(s.Button,{appearance:"positive",className:"u-float-right u-no-margin--bottom",onClick:n,hasIcon:!a,title:l()?"":"You do not have permission to create identities",disabled:!l(),children:[!a&&e.jsx(s.Icon,{name:"plus",light:!0}),e.jsx("span",{children:"Create TLS Identity"})]})})},Oe=({onClose:n,token:a,identityName:l})=>{const[p,c]=C.useState(!1),[o,i]=C.useState("cli-tab");return e.jsx(s.Modal,{className:"create-tls-identity",title:e.jsxs(e.Fragment,{children:["Identity"," ",e.jsx(M,{type:"certificate",value:l,bold:!0,truncate:!0})," ","created successfully"]}),buttonRow:[e.jsx("span",{className:"u-float-left confirm-input",children:e.jsx(ue,{label:"I have copied the token",confirmed:[p,c]})},"confirm-input"),e.jsx(s.ActionButton,{appearance:"positive",className:"u-no-margin--bottom",onClick:n,disabled:!p,children:"Done"},"confirm-action-button")],closeOnOutsideClick:!1,children:a&&e.jsxs(e.Fragment,{children:[e.jsx(U,{code:a,title:"Your identity trust token",tooltipMessage:"Copy token",onCopyButtonClick:()=>{c(!0)}}),e.jsxs(s.Notification,{severity:"caution",title:"Copy the identity trust token",children:["You will need the token to authenticate your client. ",e.jsx("br",{}),"Make sure to copy it now as you will not be able to see this again."]}),e.jsx(s.Accordion,{sections:[{title:"How to use it?",content:e.jsxs(e.Fragment,{children:[e.jsx(s.Tabs,{links:[{label:"CLI",active:o==="cli-tab",onClick:()=>{i("cli-tab")}},{label:"UI",active:o==="ui-tab",onClick:()=>{i("ui-tab")}}]}),o==="cli-tab"&&e.jsxs(e.Fragment,{children:["For use with the LXC command-line tool, run:",e.jsx(U,{code:`lxc remote add ${location.hostname} ${a}`,tooltipMessage:"Copy command",className:"u-no-margin--bottom"}),e.jsxs("span",{className:"u-text--muted p-text--small u-sv3",children:["You can replace ",e.jsx("code",{children:location.hostname})," with a nickname for this server."]})]}),o==="ui-tab"&&e.jsx(s.List,{className:"u-no-margin--bottom",items:[e.jsxs(e.Fragment,{children:["Open an unauthenticated browser on"," ",e.jsx(de,{to:location.origin,children:location.origin}),"."]}),e.jsxs(e.Fragment,{children:["Select ",e.jsx("b",{children:"Setup TLS login"})," and follow the instructions to configure the browser certificate."]}),e.jsx(e.Fragment,{children:"Use this identity trust token to add the new browser certificate to this server's trust store."})]})]})}]})]})})},_e=({onSuccess:n})=>{const a=G(),l=s.useNotify(),p=B(),{data:c=[],error:o,isLoading:i}=X(),{desiredState:r,save:g}=W({initialState:{groupsAdded:new Set}});o&&l.failure("Loading panel details failed",o);const h=(b,u)=>{g(u?{groupsAdded:new Set}:{groupsAdded:new Set(b)})},y=()=>{a.clear(),l.clear()},S=b=>{ge(b.name,Array.from(r.groupsAdded)).then(u=>{const m=fe(u);n(b.name,m),p.invalidateQueries({queryKey:[v.identities]}),y()}).catch(u=>{l.failure("Identity creation failed",u)})},x=me().shape({name:pe().required("Identity name is required")}),d=he({initialValues:{name:"",groups:[]},validationSchema:x,onSubmit:S});return e.jsx(e.Fragment,{children:e.jsxs(s.SidePanel,{loading:i,hasError:!c,children:[e.jsx(s.SidePanel.Header,{children:e.jsx(s.SidePanel.HeaderTitle,{children:"Create identity"})}),e.jsx(q,{className:"u-no-padding"}),e.jsx(Fe,{formik:d}),e.jsx("p",{children:"Auth groups"}),e.jsx(s.SidePanel.Content,{className:"u-no-padding",children:e.jsx(V,{groups:c,modifiedGroups:r.groupsAdded,parentItemName:"",selectedGroups:r.groupsAdded,setSelectedGroups:h,toggleGroup:b=>{const u=new Set([...r.groupsAdded]);u.has(b)?u.delete(b):u.add(b),h([...u],u.size===0)},scrollDependencies:[c,r.groupsAdded.size,l.notification,d]})}),e.jsxs(s.SidePanel.Footer,{className:"u-align--right",children:[e.jsx(s.Button,{appearance:"base",onClick:y,className:"u-no-margin--bottom",children:"Cancel"}),e.jsx(s.ActionButton,{appearance:"positive",onClick:()=>{d.submitForm()},className:"u-no-margin--bottom",disabled:!d.isValid||d.isSubmitting||!d.values.name,loading:d.isSubmitting,children:"Create identity"})]})]})})},Ue=()=>{const n=G(),{openPortal:a,closePortal:l,isOpen:p,Portal:c}=s.usePortal({programmaticallyOpen:!0}),[o,i]=C.useState(""),[r,g]=C.useState("");return e.jsxs(e.Fragment,{children:[p&&e.jsx(c,{children:e.jsx(Oe,{onClose:l,token:o,identityName:r})}),n.panel===Q.createTLSIdentity&&e.jsx(_e,{onSuccess:(h,y)=>{g(h),i(y),a()}})]})},qe=()=>!!localStorage.getItem("ssoNotificationClosed"),Ye=()=>{localStorage.setItem("ssoNotificationClosed","yes")},Ke=({hasOidc:n})=>{const[a,l]=C.useState(qe());if(a||n)return null;const p=()=>{Ye(),l(!0)};return e.jsx(e.Fragment,{children:e.jsx(s.Notification,{severity:"information",title:"Did you know?",onDismiss:p,actions:[e.jsx(ye,{docPath:"/howto/oidc/",children:"Show me how"},"sso-doc-link")],children:"LXD can be configured to log in using a single sign-on provider."})})},dt=()=>{const n=s.useNotify(),{data:a=[],error:l,isLoading:p}=xe(),{data:c}=O(),o=G(),[i]=be(),[r,g]=C.useState([]),{hasAccessManagementTLS:h}=je(),{canEditIdentity:y}=E(),S=c?.auth_methods?.includes(_.OIDC);C.useEffect(()=>{const t=new Set(a.map(w=>w.id)),I=r.filter(w=>t.has(w));I.length!==r.length&&g(I)},[a]),l&&n.failure("Loading identities failed",l);const x=[{content:"Name",className:"name",sortKey:"name"},{content:"ID",sortKey:"id",className:"identity-id"},{content:"Auth method",sortKey:"authmethod",className:"auth-method"},{content:"Type",sortKey:"type",className:"identity-type"},{content:"Groups",sortKey:"groups",className:"u-align--right group-count"},{"aria-label":"Actions",className:"u-align--right actions"}],d={queries:i.getAll(Te),authMethod:i.getAll(we),systemIdentities:i.get(ve)},b=a.filter(t=>!(d.systemIdentities==="hide"&&Ge(t)||!d.queries.every(I=>H(t).toLowerCase().includes(I)||t.id.toLowerCase().includes(I))||d.authMethod.length>0&&!d.authMethod.includes(t.authentication_method))),u=a.filter(t=>r.includes(t.id)),m=b.map(t=>{const I=c?.auth_user_name===t.id,w=()=>{o.openIdentityGroups(t.id),g([t.id])},f=()=>{if(y(t))return e.jsx(s.Button,{appearance:"link",dense:!0,onClick:w,children:t.groups?.length||0});const L=T("group",t.groups?.length??0),D=t.groups?.join(`
- `),J=`Assigned ${L}:
- ${D}`;return e.jsx("div",{title:t.groups?.length?J:"",children:t.groups?.length||0})},j=H(t),A=()=>t.type.startsWith("Client certificate")?"certificate":t.type.startsWith("OIDC client")?"oidc-identity":t.type.startsWith("Server certificate")?"cluster-member":t.type.startsWith("Metrics certificate")?"metric":"certificate";return{key:t.id,name:$(t)?"":t.id,className:"u-row",columns:[{content:e.jsxs(e.Fragment,{children:[e.jsx(M,{type:A(),value:j})," ",e.jsx(Pe,{isVisible:I,children:"You"})]}),role:"rowheader","aria-label":"Name",className:"u-truncate",title:j},{content:t.id,role:"cell","aria-label":"ID",className:"u-truncate identity-id",title:t.id},{content:t.authentication_method.toUpperCase(),role:"cell","aria-label":"Auth method",className:"auth-method"},{content:t.type,role:"cell","aria-label":"Type",className:"u-truncate identity-type"},{content:f(),role:"cell",className:"u-align--right group-count","aria-label":"Groups for this identity"},{content:!$(t)&&e.jsxs(e.Fragment,{children:[e.jsx(s.Button,{appearance:"base",className:"u-no-margin--bottom",hasIcon:!0,dense:!0,onClick:w,type:"button","aria-label":"Manage groups",title:y()?"Manage groups":"You do not have permission to modify this identity",disabled:!y(t),children:e.jsx(s.Icon,{name:"user-group"})}),h&&e.jsx($e,{identity:t})]}),className:"actions u-align--right",role:"cell","aria-label":"Actions"}],sortData:{id:t.id,name:j.toLowerCase(),authentication_method:t.authentication_method,type:t.type,groups:t.groups?.length||0}}}),{rows:N,updateSort:P}=Ce({rows:m,defaultSort:"name"}),k=a.filter(t=>!$(t));if(p)return e.jsx(s.Spinner,{className:"u-loader",text:"Loading...",isMainComponent:!0});const R=()=>{const t=m.length>1?`Showing all ${m.length} identities`:"Showing 1 out of 1 identity";return r.length>0?e.jsx(Ie,{totalCount:k.length??0,itemName:"identity",selectedNames:r,setSelectedNames:g,filteredNames:k.map(I=>I.id),hideActions:!!o.panel}):t};return e.jsxs(e.Fragment,{children:[e.jsxs(s.CustomLayout,{mainClassName:"permission-identities-list",contentClassName:"u-no-padding--bottom",header:e.jsxs(F,{children:[e.jsxs(F.Left,{children:[e.jsx(F.Title,{children:e.jsx(Ae,{docPath:"/explanation/authorization",title:"Learn more about permissions",children:"Identities"})}),!r.length&&!o.panel&&e.jsx(F.Search,{children:e.jsx(ke,{})}),!!r.length&&e.jsx(Me,{identities:u,className:"u-no-margin--bottom"}),!!r.length&&h&&e.jsx(Re,{identities:u})]}),e.jsx(F.BaseActions,{children:e.jsx(He,{openPanel:o.openCreateTLSIdentity})})]}),children:[!o.panel&&e.jsxs("div",{className:"row",children:[e.jsx(s.NotificationConsumer,{}),e.jsx(Ke,{hasOidc:S??!1})]}),e.jsx(s.Row,{children:e.jsx(s.ScrollableTable,{dependencies:[a],tableId:"identities-table",belowIds:["status-bar"],children:e.jsx(s.TablePagination,{data:N,id:"pagination",itemName:"identity",className:"u-no-margin--top","aria-label":"Table pagination control",description:R(),children:e.jsx(Se,{id:"identities-table",className:"permission-identities-table",headers:x,rows:N,sortable:!0,emptyStateMsg:"No identities found matching this search",onUpdateSort:P,itemName:"identity",parentName:"",selectedNames:r,setSelectedNames:g,disabledNames:[],filteredNames:k.map(t=>t.id),disableSelect:!!o.panel})})})})]}),e.jsx(Ue,{}),o.panel===Q.identityGroups&&e.jsx(Ee,{identities:u,onClose:()=>{g([])}})]})};export{dt as default};