From e265e86cfae92d50acd10829f889db9c8d6647c2 Mon Sep 17 00:00:00 2001 From: Konstantina Chremmou Date: Wed, 17 Nov 2021 22:11:15 +0000 Subject: [PATCH] Refactored and renamed class WizardPermission and the code areas using it. Corrections to RBAC messages. Sorted Messages.resx. Signed-off-by: Konstantina Chremmou --- XenAdmin/Commands/Command.cs | 18 +- XenAdmin/Commands/CopyTemplateCommand.cs | 42 ++- XenAdmin/Commands/CopyVMCommand.cs | 42 ++- .../BugToolWizardFiles/BugToolWizard.cs | 3 +- .../CrossPoolMigrateWizard.cs | 34 ++- .../Wizards/DRWizards/DRFailoverWizard.cs | 3 +- .../ExportWizard/ExportApplianceWizard.cs | 17 +- .../Wizards/GenericPages/RBACWarningPage.cs | 177 ++++++----- XenAdmin/Wizards/HAWizard.cs | 3 +- XenAdmin/Wizards/ImportWizard/ImportWizard.cs | 23 +- .../NewPolicyWizard/NewPolicyWizard.cs | 3 +- XenAdmin/Wizards/NewSRWizard.cs | 21 +- .../NewVMApplianceWizard.cs | 3 +- XenAdmin/Wizards/NewVMWizard/NewVMWizard.cs | 44 ++- XenModel/Actions/SR/SrRefreshAction.cs | 8 +- XenModel/Actions/VM/VMCloneAction.cs | 6 +- XenModel/Actions/VM/VMCopyAction.cs | 10 +- XenModel/Messages.Designer.cs | 41 ++- XenModel/Messages.resx | 275 +++++++++--------- 19 files changed, 404 insertions(+), 369 deletions(-) diff --git a/XenAdmin/Commands/Command.cs b/XenAdmin/Commands/Command.cs index 3b16d00630..c31c62d5b7 100644 --- a/XenAdmin/Commands/Command.cs +++ b/XenAdmin/Commands/Command.cs @@ -37,6 +37,7 @@ using XenAdmin.Actions; using XenAdmin.Core; using XenAdmin.Dialogs; +using XenAdmin.Network; using XenAPI; @@ -380,23 +381,6 @@ public void RunMultipleActions(IEnumerable actions, string title, s launcher.Run(); } - /// - /// Check that the list of RBAC methods can be executed with the session's roles on the given VM - /// - /// The VM to check roles on - /// List of the methods to check - /// true if the current roles can be used to execute the given methods - protected bool CheckRbacPermissions(VM vm, RbacMethodList staticRbacDependencies) - { - if (vm.Connection.Session.IsLocalSuperuser) - return true; - - var currentRoles = vm.Connection.Session.Roles; - var validRoles = Role.ValidRoleList(staticRbacDependencies, vm.Connection); - - return currentRoles.Any(currentRole => validRoles.Contains(currentRole)); - } - #region ICommand Members /// diff --git a/XenAdmin/Commands/CopyTemplateCommand.cs b/XenAdmin/Commands/CopyTemplateCommand.cs index 2ab1444243..e234b8d5ed 100644 --- a/XenAdmin/Commands/CopyTemplateCommand.cs +++ b/XenAdmin/Commands/CopyTemplateCommand.cs @@ -30,7 +30,10 @@ */ using System.Collections.Generic; +using System.Linq; +using XenAdmin.Actions; using XenAdmin.Actions.VMActions; +using XenAdmin.Core; using XenAdmin.Dialogs; using XenAPI; @@ -54,29 +57,42 @@ public CopyTemplateCommand(IMainWindow mainWindow, IEnumerable sel { } + private bool CheckRbacPermissions(VM vm, RbacMethodList methodList, string warningMessage) + { + if (vm.Connection.Session.IsLocalSuperuser) + return true; + + var currentRoles = vm.Connection.Session.Roles; + var validRoles = Role.ValidRoleList(methodList, vm.Connection); + + if (currentRoles.Any(currentRole => validRoles.Contains(currentRole))) + return true; + + currentRoles.Sort(); + + using (var dlg = new ErrorDialog(string.Format(warningMessage, currentRoles[0].FriendlyName()))) + dlg.ShowDialog(Parent); + + return false; + } + protected override void RunCore(SelectedItemCollection selection) { var template = (VM)selection[0].XenObject; if (CrossPoolCopyTemplateCommand.CanRun(template, null)) { - if (!CheckRbacPermissions(template, VMCrossPoolMigrateAction.StaticRBACDependencies)) - { - using (var dlg = new ErrorDialog(Messages.RBAC_CROSS_POOL_MIGRATE_VM_BLOCKED)) - dlg.ShowDialog(Parent); - return; - } new CrossPoolCopyTemplateCommand(MainWindowCommandInterface, selection).Run(); } else { - if (!CheckRbacPermissions(template, VMCopyAction.StaticRBACDependencies)) - { - using (var dlg = new ErrorDialog(Messages.RBAC_INTRA_POOL_COPY_VM_BLOCKED)) - dlg.ShowDialog(Parent); - return; - } - new CopyVMDialog(template).ShowPerXenObject(template, Program.MainWindow); + var rbac = new RbacMethodList(); + rbac.AddRange(SrRefreshAction.StaticRBACDependencies); + rbac.AddRange(VMCopyAction.StaticRBACDependencies); + rbac.AddRange(VMCloneAction.StaticRBACDependencies); + + if (CheckRbacPermissions(template, rbac, Messages.RBAC_INTRA_POOL_COPY_TEMPLATE_BLOCKED)) + new CopyVMDialog(template).ShowPerXenObject(template, Program.MainWindow); } } diff --git a/XenAdmin/Commands/CopyVMCommand.cs b/XenAdmin/Commands/CopyVMCommand.cs index 9fbdc32028..ce9f3bc4b3 100644 --- a/XenAdmin/Commands/CopyVMCommand.cs +++ b/XenAdmin/Commands/CopyVMCommand.cs @@ -30,7 +30,10 @@ */ using System.Collections.Generic; +using System.Linq; +using XenAdmin.Actions; using XenAdmin.Actions.VMActions; +using XenAdmin.Core; using XenAdmin.Dialogs; using XenAPI; @@ -54,29 +57,42 @@ public CopyVMCommand(IMainWindow mainWindow, IEnumerable selection { } + private bool CheckRbacPermissions(VM vm, RbacMethodList methodList, string warningMessage) + { + if (vm.Connection.Session.IsLocalSuperuser) + return true; + + var currentRoles = vm.Connection.Session.Roles; + var validRoles = Role.ValidRoleList(methodList, vm.Connection); + + if (currentRoles.Any(currentRole => validRoles.Contains(currentRole))) + return true; + + currentRoles.Sort(); + + using (var dlg = new ErrorDialog(string.Format(warningMessage, currentRoles[0].FriendlyName()))) + dlg.ShowDialog(Parent); + + return false; + } + protected override void RunCore(SelectedItemCollection selection) { var vm = (VM)selection[0].XenObject; if (CrossPoolCopyVMCommand.CanRun(vm, null)) { - if (!CheckRbacPermissions(vm, VMCrossPoolMigrateAction.StaticRBACDependencies)) - { - using (var dlg = new ErrorDialog(Messages.RBAC_CROSS_POOL_MIGRATE_VM_BLOCKED)) - dlg.ShowDialog(Parent); - return; - } new CrossPoolCopyVMCommand(MainWindowCommandInterface, selection).Run(); } else { - if (!CheckRbacPermissions(vm, VMCopyAction.StaticRBACDependencies)) - { - using (var dlg = new ErrorDialog(Messages.RBAC_INTRA_POOL_COPY_VM_BLOCKED)) - dlg.ShowDialog(Parent); - return; - } - new CopyVMDialog(vm).ShowPerXenObject(vm, Program.MainWindow); + var rbac = new RbacMethodList(); + rbac.AddRange(SrRefreshAction.StaticRBACDependencies); + rbac.AddRange(VMCopyAction.StaticRBACDependencies); + rbac.AddRange(VMCloneAction.StaticRBACDependencies); + + if (CheckRbacPermissions(vm, rbac, Messages.RBAC_INTRA_POOL_COPY_VM_BLOCKED)) + new CopyVMDialog(vm).ShowPerXenObject(vm, Program.MainWindow); } } diff --git a/XenAdmin/Wizards/BugToolWizardFiles/BugToolWizard.cs b/XenAdmin/Wizards/BugToolWizardFiles/BugToolWizard.cs index 76971bed0d..eac86756d8 100644 --- a/XenAdmin/Wizards/BugToolWizardFiles/BugToolWizard.cs +++ b/XenAdmin/Wizards/BugToolWizardFiles/BugToolWizard.cs @@ -146,7 +146,8 @@ protected override void UpdateWizardContent(XenTabPage senderPage) if (selectedHostsConnections.Any(Helpers.ConnectionRequiresRbac)) { - rbacWarningPage.AddApiMethodsCheck(selectedHostsConnections, SingleHostStatusAction.StaticRBACDependencies, Messages.RBAC_GET_SYSTEM_STATUS_BLOCKED); + rbacWarningPage.SetPermissionChecks(selectedHostsConnections, + new WizardRbacCheck(Messages.RBAC_GET_SYSTEM_STATUS_BLOCKED, SingleHostStatusAction.StaticRBACDependencies) {Blocking = true}); AddAfterPage(bugToolPageSelectHosts1, rbacWarningPage); } } diff --git a/XenAdmin/Wizards/CrossPoolMigrateWizard/CrossPoolMigrateWizard.cs b/XenAdmin/Wizards/CrossPoolMigrateWizard/CrossPoolMigrateWizard.cs index a8c39117da..54488880e8 100644 --- a/XenAdmin/Wizards/CrossPoolMigrateWizard/CrossPoolMigrateWizard.cs +++ b/XenAdmin/Wizards/CrossPoolMigrateWizard/CrossPoolMigrateWizard.cs @@ -356,9 +356,16 @@ protected override void UpdateWizardContent(XenTabPage page) if (Helpers.ConnectionRequiresRbac(xenConnection) || Helpers.ConnectionRequiresRbac(TargetConnection)) { - m_pageTargetRbac.AddApiMethodsCheck(new List { xenConnection, TargetConnection }, - VMCrossPoolMigrateAction.StaticRBACDependencies, - Messages.RBAC_CROSS_POOL_MIGRATE_VM_BLOCKED); + var message = wizardMode == WizardMode.Copy + ? m_vmMappings.Any(IsTemplate) + ? Messages.RBAC_CROSS_POOL_COPY_TEMPLATE_BLOCKED + : Messages.RBAC_CROSS_POOL_COPY_VM_BLOCKED + : m_vmMappings.Any(IsTemplate) + ? Messages.RBAC_CROSS_POOL_MIGRATE_TEMPLATE_BLOCKED + : Messages.RBAC_CROSS_POOL_MIGRATE_VM_BLOCKED; + + m_pageTargetRbac.SetPermissionChecks(new List {xenConnection, TargetConnection}, + new WizardRbacCheck(message, VMCrossPoolMigrateAction.StaticRBACDependencies) {Blocking = true}); AddAfterPage(m_pageDestination, m_pageTargetRbac); } @@ -403,9 +410,17 @@ protected override void UpdateWizardContent(XenTabPage page) AddAfterPage(m_pageCopyMode, m_pageIntraPoolCopy); if (Helpers.ConnectionRequiresRbac(xenConnection)) { - m_pageTargetRbac.AddApiMethodsCheck(xenConnection, - VMCopyAction.StaticRBACDependencies, - Messages.RBAC_INTRA_POOL_COPY_VM_BLOCKED); + var message = m_vmMappings.Any(IsTemplate) + ? Messages.RBAC_INTRA_POOL_COPY_TEMPLATE_BLOCKED + : Messages.RBAC_INTRA_POOL_COPY_VM_BLOCKED; + + var rbac = new RbacMethodList(); + rbac.AddRange(VMCopyAction.StaticRBACDependencies); + rbac.AddRange(VMCloneAction.StaticRBACDependencies); + rbac.AddRange(SrRefreshAction.StaticRBACDependencies); + + m_pageTargetRbac.SetPermissionChecks(xenConnection, + new WizardRbacCheck(message, rbac) {Blocking = true}); AddAfterPage(m_pageCopyMode, m_pageTargetRbac); } } @@ -413,13 +428,6 @@ protected override void UpdateWizardContent(XenTabPage page) { RemovePagesFrom(1); AddAfterPage(m_pageCopyMode, m_pageDestination, m_pageStorage, m_pageFinish); - if (Helpers.ConnectionRequiresRbac(xenConnection)) - { - m_pageTargetRbac.AddApiMethodsCheck(xenConnection, - VMCloneAction.StaticRBACDependencies, - Messages.RBAC_CROSS_POOL_CLONE_VM_BLOCKED); - AddAfterPage(m_pageCopyMode, m_pageTargetRbac); - } } } if (type != typeof(CrossPoolMigrateFinishPage)) diff --git a/XenAdmin/Wizards/DRWizards/DRFailoverWizard.cs b/XenAdmin/Wizards/DRWizards/DRFailoverWizard.cs index a172619e7d..d0236f5f9b 100644 --- a/XenAdmin/Wizards/DRWizards/DRFailoverWizard.cs +++ b/XenAdmin/Wizards/DRWizards/DRFailoverWizard.cs @@ -86,7 +86,8 @@ public DRFailoverWizard(Pool pool, DRWizardType wizardType) if (Helpers.ConnectionRequiresRbac(Pool.Connection)) { - RBACWarningPage.AddApiMethodsCheck(Pool.Connection, "DR_task.async_create", Messages.RBAC_DR_WIZARD_MESSAGE); + RBACWarningPage.SetPermissionChecks(Pool.Connection, + new WizardRbacCheck(Messages.RBAC_DR_WIZARD_MESSAGE, "DR_task.async_create") {Blocking = true}); AddPage(RBACWarningPage, 0); } diff --git a/XenAdmin/Wizards/ExportWizard/ExportApplianceWizard.cs b/XenAdmin/Wizards/ExportWizard/ExportApplianceWizard.cs index f6668eb646..3bf5fe7588 100644 --- a/XenAdmin/Wizards/ExportWizard/ExportApplianceWizard.cs +++ b/XenAdmin/Wizards/ExportWizard/ExportApplianceWizard.cs @@ -145,10 +145,8 @@ protected override void UpdateWizardContent(XenTabPage page) AddAfterPage(m_pageExportSelectVMs, ovfPages); } - if (!Helpers.ConnectionRequiresRbac(xenConnection)) - return; - - AddRbacPage(); + if (Helpers.ConnectionRequiresRbac(xenConnection)) + AddRbacPage(); } m_pageExportSelectVMs.ExportAsXva = (bool)m_exportAsXva; @@ -167,14 +165,13 @@ protected override void UpdateWizardContent(XenTabPage page) private void AddRbacPage() { - var exportAsXva = m_exportAsXva != null && (bool) m_exportAsXva; + var exportAsXva = m_exportAsXva.HasValue && m_exportAsXva.Value; - var rbacDependencies = exportAsXva - ? ExportVmAction.StaticRBACDependencies - : ApplianceAction.StaticRBACDependencies; - var check = exportAsXva ? Messages.RBAC_WARNING_EXPORT_WIZARD_XVA : Messages.RBAC_WARNING_EXPORT_WIZARD_APPLIANCE; + var rbacDependencies = exportAsXva ? ExportVmAction.StaticRBACDependencies : ApplianceAction.StaticRBACDependencies; + var message = exportAsXva ? Messages.RBAC_WARNING_EXPORT_WIZARD_XVA : Messages.RBAC_WARNING_EXPORT_WIZARD_APPLIANCE; - m_pageRbac.AddApiMethodsCheck(xenConnection, rbacDependencies, check); + m_pageRbac.SetPermissionChecks(xenConnection, + new WizardRbacCheck(message, rbacDependencies) {Blocking = true}); AddAfterPage(m_pageExportAppliance, m_pageRbac); } diff --git a/XenAdmin/Wizards/GenericPages/RBACWarningPage.cs b/XenAdmin/Wizards/GenericPages/RBACWarningPage.cs index 246b2fa925..cdbb12daaa 100644 --- a/XenAdmin/Wizards/GenericPages/RBACWarningPage.cs +++ b/XenAdmin/Wizards/GenericPages/RBACWarningPage.cs @@ -47,11 +47,11 @@ public partial class RBACWarningPage : XenTabPage { private static readonly log4net.ILog log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); - private readonly Dictionary> checksPerConnectionDict; + private readonly Dictionary> checksPerConnectionDict; private Thread bgThread; - private bool refreshPage = false; - private bool finished = false; - public bool blockProgress = false; + private bool refreshPage; + private bool finished; + private bool blockProgress; public RBACWarningPage(string description) : this() @@ -62,71 +62,55 @@ public RBACWarningPage(string description) public RBACWarningPage() { InitializeComponent(); - checksPerConnectionDict = new Dictionary>(); + checksPerConnectionDict = new Dictionary>(); } - public override string HelpID { get { return "RBAC"; } } + public override string HelpID => "RBAC"; - public override string Text { get { return Messages.RBAC_WARNING_PAGE_TEXT_TITLE; } } - - public override string PageTitle { get { return Messages.RBAC_WARNING_PAGE_TEXT_TITLE; } } + public override string Text => Messages.RBAC_WARNING_PAGE_TEXT_TITLE; + + public override string PageTitle => Messages.RBAC_WARNING_PAGE_TEXT_TITLE; #region AddApiMethodsCheck and overloads + /// - /// Add one check of all xapi methods for each of the given connections. Defaults to blocking checks. + /// Clears the existing permission checks and adds the ones specified. /// - public void AddApiMethodsCheck(IEnumerable connectionsToCheck, RbacMethodList apiMethodsToCheck, string warningMessage, bool blocking = true) + public void SetPermissionChecks(IEnumerable connectionsToCheck, params WizardRbacCheck[] checks) { ClearPermissionChecks(); - var permissionCheck = new WizardPermissionCheck(warningMessage) { Blocking = blocking }; - permissionCheck.AddApiCheckRange(apiMethodsToCheck); - - var connectionsAdded = new List(); - // only add connections once foreach (var connection in connectionsToCheck) - { - if (!connectionsAdded.Contains(connection)) - { - AddPermissionChecks(connection, permissionCheck); - connectionsAdded.Add(connection); - } - } + AddPermissionChecks(connection, checks); } /// - /// Add one check of all xapi methods for the given connection. Defaults to blocking checks. + /// Clears the existing permission checks and adds the ones specified. /// - public void AddApiMethodsCheck(IXenConnection connectionToCheck, RbacMethodList apiMethodsToCheck, string warningMessage, bool blocking = true) + public void SetPermissionChecks(IXenConnection connectionToCheck, params WizardRbacCheck[] checks) { - AddApiMethodsCheck(new List { connectionToCheck }, apiMethodsToCheck, warningMessage, blocking); + SetPermissionChecks(new List {connectionToCheck}, checks); } /// - /// Add one check of the xapi method for the given connection. Defaults to blocking checks. + /// Adds the permission checks specified to the existing ones (without clearing them first). /// - public void AddApiMethodsCheck(IXenConnection connectionToCheck, string apiMethodToCheck, string warningMessage, bool blocking = true) - { - AddApiMethodsCheck(new List { connectionToCheck }, new RbacMethodList(apiMethodToCheck), warningMessage, blocking); - } - #endregion - - public void AddPermissionChecks(IXenConnection connection, params WizardPermissionCheck[] permissionChecks) + public void AddPermissionChecks(IXenConnection connection, params WizardRbacCheck[] checks) { if (!checksPerConnectionDict.ContainsKey(connection)) - { - checksPerConnectionDict.Add(connection, new List()); - } + checksPerConnectionDict.Add(connection, new List()); - checksPerConnectionDict[connection].AddRange(permissionChecks); + checksPerConnectionDict[connection].AddRange(checks); } - public void ClearPermissionChecks() + private void ClearPermissionChecks() { DeregisterConnectionEvents(); checksPerConnectionDict.Clear(); } + #endregion + protected override void PageLoadedCore(PageLoadedDirection direction) { RegisterConnectionEvents(); @@ -186,23 +170,22 @@ private void DeregisterConnectionEvents() } } - private PermissionCheckResult RunPermissionChecks(IXenConnection connection, - List permissionChecks, out List errors, - out List warnings) + private PermissionCheckResult RunPermissionChecks(IXenConnection connection, List permissionChecks, + out List errors, out List warnings) { PermissionCheckResult checkResult = PermissionCheckResult.OK; - errors = new List(); - warnings = new List(); - foreach (WizardPermissionCheck wpc in permissionChecks) + errors = new List(); + warnings = new List(); + + foreach (WizardRbacCheck wpc in permissionChecks) { - List rolesAbleToComplete = Role.ValidRoleList(wpc.ApiCallsToCheck, connection); + List rolesAbleToComplete = wpc.GetValidRoles(connection); List subjectRoles = connection.Session.Roles; if (subjectRoles.Find(rolesAbleToComplete.Contains) != null) continue; - log.DebugFormat("Failed RBAC check: {0}", wpc.WarningMessage); if (wpc.Blocking) { errors.Add(wpc); @@ -234,8 +217,8 @@ private void RetrieveRBACWarnings() } else { - List errors; - List warnings; + List errors; + List warnings; checkResult = RunPermissionChecks(connection, connectionChecks.Value, out errors, out warnings); switch (checkResult) { @@ -255,7 +238,7 @@ private void RetrieveRBACWarnings() FinishedUpdating(); } - private void AddErrors(IXenConnection connection, List errors) + private void AddErrors(IXenConnection connection, List errors) { Program.AssertOffEventThread(); @@ -268,7 +251,7 @@ private void AddErrors(IXenConnection connection, List er List roleList = connection.Session.Roles; roleList.Sort(); - foreach (WizardPermissionCheck wizardPermissionCheck in errors) + foreach (WizardRbacCheck wizardPermissionCheck in errors) { // the string is a format string that needs to take the current role (we use the subject they were authorized under which could be a group or user) var description = string.Format(wizardPermissionCheck.WarningMessage, roleList[0].FriendlyName()); @@ -295,15 +278,14 @@ private void FinishedUpdating() }); } - private void AddWarnings(IXenConnection connection, List warnings) + private void AddWarnings(IXenConnection connection, List warnings) { List roleList = connection.Session.Roles; roleList.Sort(); - foreach (WizardPermissionCheck wizardPermissionCheck in warnings) + foreach (WizardRbacCheck wizardPermissionCheck in warnings) { - if (wizardPermissionCheck.WarningAction != null) - wizardPermissionCheck.WarningAction(); + wizardPermissionCheck.WarningAction?.Invoke(); // the string is a format string that needs to take the current role (we use the subject they were authorised under which could be a group or user) string description = String.Format(wizardPermissionCheck.WarningMessage, roleList[0].FriendlyName()); @@ -366,8 +348,10 @@ private void AddDetailsRow(string desc, PermissionCheckResult checkResult) }); } + internal enum PermissionCheckResult { OK, Warning, Failed } + private abstract class PermissionCheckGridRow : DataGridViewRow { protected DataGridViewImageCell iconCell = new DataGridViewImageCell(); @@ -420,52 +404,55 @@ public PermissionCheckDetailsRow(string desc, PermissionCheckResult checkResult) descriptionCell.Value = desc; } } + } - public delegate void PermissionCheckActionDelegate(); - public class WizardPermissionCheck - { - public RbacMethodList ApiCallsToCheck; - /// - /// This is the warning message will be displayed. It should be a format string which takes one input, the users current role, which will be supplied when the page is displayed. - /// - public string WarningMessage; - /// - /// If true, this warning will be the only one that displays, and will use the cross icon. - /// - public bool Blocking = false; - public PermissionCheckActionDelegate WarningAction; - - public WizardPermissionCheck(string warningMessage) - { - this.WarningMessage = warningMessage; - ApiCallsToCheck = new RbacMethodList(); - } - public void AddApiCheck(string s) - { - ApiCallsToCheck.Add(s); - } + public class WizardRbacCheck + { + private readonly RbacMethodList _apiMethodsToCheck = new RbacMethodList(); - public void AddApiCheck(RbacMethod method) - { - ApiCallsToCheck.Add(method); - } + /// + /// This is the warning message will be displayed. It should be a format string with one + /// placeholder for the user's current role, which will be supplied when the page is displayed. + /// + public string WarningMessage { get; } - public void AddApiCheckRange(params string[] strings) - { - ApiCallsToCheck.AddRange(strings); - } + /// + /// Whether this check should prevent the user from proceeding further on the wizard + /// + public bool Blocking { get; set; } - public void AddApiCheckRange(RbacMethodList methodList) - { - foreach (var method in methodList) - ApiCallsToCheck.Add(method); - } + public Action WarningAction { get; set; } - public void AddWarningAction(PermissionCheckActionDelegate d) - { - WarningAction = d; - } + public WizardRbacCheck(string warningMessage, RbacMethodList methodList) + { +#if DEBUG + System.Diagnostics.Debug.Assert(warningMessage.Contains("{0}"), + "WarningMessage should be a format string with one placeholder for the user's current role"); +#endif + WarningMessage = warningMessage; + _apiMethodsToCheck = methodList; + } + + public WizardRbacCheck(string warningMessage, params string[] strings) + : this(warningMessage, new RbacMethodList(strings)) + { + } + + public void AddApiMethods(params string[] strings) + { + _apiMethodsToCheck.AddRange(strings); + } + + public void AddApiMethods(RbacMethodList methodList) + { + foreach (var method in methodList) + _apiMethodsToCheck.Add(method); + } + + public List GetValidRoles(IXenConnection connection) + { + return Role.ValidRoleList(_apiMethodsToCheck, connection); } } } diff --git a/XenAdmin/Wizards/HAWizard.cs b/XenAdmin/Wizards/HAWizard.cs index d91fab3a96..241253e2ec 100644 --- a/XenAdmin/Wizards/HAWizard.cs +++ b/XenAdmin/Wizards/HAWizard.cs @@ -80,7 +80,8 @@ public HAWizard(Pool pool) "pool.set_ha_host_failures_to_tolerate", "pool.enable_ha", "sr.assert_can_host_ha_statefile"); - m_pageRbac.AddApiMethodsCheck(xenConnection, methodsToCheck, Messages.RBAC_HA_ENABLE_WARNING); + m_pageRbac.SetPermissionChecks(xenConnection, + new WizardRbacCheck(Messages.RBAC_HA_ENABLE_WARNING, methodsToCheck) {Blocking = true}); AddPage(m_pageRbac); } diff --git a/XenAdmin/Wizards/ImportWizard/ImportWizard.cs b/XenAdmin/Wizards/ImportWizard/ImportWizard.cs index e31618e023..084954b1d0 100644 --- a/XenAdmin/Wizards/ImportWizard/ImportWizard.cs +++ b/XenAdmin/Wizards/ImportWizard/ImportWizard.cs @@ -405,7 +405,6 @@ private void ConfigureRbacPage(IXenConnection selectedConnection) return; } - m_pageRbac.ClearPermissionChecks(); m_ignoreAffinitySet = false; switch (m_typeOfImport) @@ -414,10 +413,10 @@ private void ConfigureRbacPage(IXenConnection selectedConnection) case ImportType.Vhd: { var check = m_typeOfImport == ImportType.Ovf - ? new RBACWarningPage.WizardPermissionCheck(Messages.RBAC_WARNING_IMPORT_WIZARD_APPLIANCE) {Blocking = true} - : new RBACWarningPage.WizardPermissionCheck(Messages.RBAC_WARNING_IMPORT_WIZARD_IMAGE) {Blocking = true}; - check.AddApiCheckRange(ApplianceAction.StaticRBACDependencies); - m_pageRbac.AddPermissionChecks(selectedConnection, check); + ? new WizardRbacCheck(Messages.RBAC_WARNING_IMPORT_WIZARD_APPLIANCE) {Blocking = true} + : new WizardRbacCheck(Messages.RBAC_WARNING_IMPORT_WIZARD_IMAGE) {Blocking = true}; + check.AddApiMethods(ApplianceAction.StaticRBACDependencies); + m_pageRbac.SetPermissionChecks(selectedConnection, check); AddAfterPage(m_pageHost, m_pageRbac); } @@ -425,20 +424,20 @@ private void ConfigureRbacPage(IXenConnection selectedConnection) case ImportType.Xva: { //Check to see if they can import VMs at all - var importCheck = new RBACWarningPage.WizardPermissionCheck(Messages.RBAC_WARNING_IMPORT_WIZARD_XVA) {Blocking = true}; - importCheck.ApiCallsToCheck.AddRange(ImportVmAction.ConstantRBACRequirements); - importCheck.ApiCallsToCheck.Add("sr.scan");//CA-337323 + var importCheck = new WizardRbacCheck(Messages.RBAC_WARNING_IMPORT_WIZARD_XVA) {Blocking = true}; + importCheck.AddApiMethods(ImportVmAction.ConstantRBACRequirements); + importCheck.AddApiMethods("sr.scan");//CA-337323 //Check to see if they can set the VM's affinity - var affinityCheck = new RBACWarningPage.WizardPermissionCheck(Messages.RBAC_WARNING_IMPORT_WIZARD_AFFINITY); - affinityCheck.ApiCallsToCheck.Add("vm.set_affinity"); - affinityCheck.WarningAction = delegate + var affinityCheck = new WizardRbacCheck(Messages.RBAC_WARNING_IMPORT_WIZARD_AFFINITY); + affinityCheck.AddApiMethods("vm.set_affinity"); + affinityCheck.WarningAction = () => { //We cannot allow them to set the affinity, so we are only going //to offer them the choice of connection, not specific host m_ignoreAffinitySet = true; }; - m_pageRbac.AddPermissionChecks(selectedConnection, importCheck, affinityCheck); + m_pageRbac.SetPermissionChecks(selectedConnection, importCheck, affinityCheck); AddAfterPage(m_pageXvaHost, m_pageRbac); } break; diff --git a/XenAdmin/Wizards/NewPolicyWizard/NewPolicyWizard.cs b/XenAdmin/Wizards/NewPolicyWizard/NewPolicyWizard.cs index 3a6b126020..e4537a7966 100644 --- a/XenAdmin/Wizards/NewPolicyWizard/NewPolicyWizard.cs +++ b/XenAdmin/Wizards/NewPolicyWizard/NewPolicyWizard.cs @@ -71,7 +71,8 @@ public NewPolicyWizard(Pool pool) if (Helpers.ConnectionRequiresRbac(Pool.Connection)) { - xenTabPageRBAC.AddApiMethodsCheck(xenConnection, "VMSS.async_create", Messages.RBAC_WARNING_VMSS); + xenTabPageRBAC.SetPermissionChecks(xenConnection, + new WizardRbacCheck(Messages.RBAC_WARNING_VMSS, "VMSS.async_create") {Blocking = true}); AddPage(xenTabPageRBAC, 0); } diff --git a/XenAdmin/Wizards/NewSRWizard.cs b/XenAdmin/Wizards/NewSRWizard.cs index 575e516898..1ea431d0cd 100644 --- a/XenAdmin/Wizards/NewSRWizard.cs +++ b/XenAdmin/Wizards/NewSRWizard.cs @@ -160,38 +160,33 @@ private void ConfigureRbacPage(bool disasterRecoveryTask) xenTabPageRbacWarning.Connection = xenConnection; - xenTabPageRbacWarning.ClearPermissionChecks(); - - var warningMessage = (_srToReattach == null && !disasterRecoveryTask) + var warningMessage = _srToReattach == null && !disasterRecoveryTask ? Messages.RBAC_WARNING_SR_WIZARD_CREATE : Messages.RBAC_WARNING_SR_WIZARD_ATTACH; - RBACWarningPage.WizardPermissionCheck check = - new RBACWarningPage.WizardPermissionCheck(warningMessage) { Blocking = true }; - - + var check = new WizardRbacCheck(warningMessage) { Blocking = true }; + check.AddApiMethods("SR.probe"); - check.AddApiCheckRange(new RbacMethodList("SR.probe")); if (Helpers.KolkataOrGreater(xenConnection) && !Helpers.FeatureForbidden(xenConnection, Host.CorosyncDisabled)) - check.AddApiCheckRange(new RbacMethodList("SR.probe_ext")); + check.AddApiMethods("SR.probe_ext"); if (_srToReattach == null) { // create - check.AddApiCheckRange(SrCreateAction.StaticRBACDependencies); + check.AddApiMethods(SrCreateAction.StaticRBACDependencies); } else if (disasterRecoveryTask && SR.SupportsDatabaseReplication(xenConnection, _srToReattach)) { // "Attach SR needed for DR" case - check.AddApiCheckRange(DrTaskCreateAction.StaticRBACDependencies); + check.AddApiMethods(DrTaskCreateAction.StaticRBACDependencies); } else { // reattach - check.AddApiCheckRange(SrReattachAction.StaticRBACDependencies); + check.AddApiMethods(SrReattachAction.StaticRBACDependencies); } - xenTabPageRbacWarning.AddPermissionChecks(xenConnection, check); + xenTabPageRbacWarning.SetPermissionChecks(xenConnection, check); } private bool SetFCDevicesOnLVMoHBAPage(LVMoHBA page) diff --git a/XenAdmin/Wizards/NewVMApplianceWizard/NewVMApplianceWizard.cs b/XenAdmin/Wizards/NewVMApplianceWizard/NewVMApplianceWizard.cs index 26485370ab..a79eb50bea 100644 --- a/XenAdmin/Wizards/NewVMApplianceWizard/NewVMApplianceWizard.cs +++ b/XenAdmin/Wizards/NewVMApplianceWizard/NewVMApplianceWizard.cs @@ -65,7 +65,8 @@ public NewVMApplianceWizard(Pool pool) #region RBAC Warning Page Checks if (Helpers.ConnectionRequiresRbac(Pool.Connection)) { - xenTabPageRBAC.AddApiMethodsCheck(xenConnection, "VM_appliance.async_create", Messages.RBAC_WARNING_VMSS); + xenTabPageRBAC.SetPermissionChecks(xenConnection, + new WizardRbacCheck(Messages.RBAC_WARNING_VM_APPLIANCE, "VM_appliance.async_create") {Blocking = true}); AddPage(xenTabPageRBAC, 0); } #endregion diff --git a/XenAdmin/Wizards/NewVMWizard/NewVMWizard.cs b/XenAdmin/Wizards/NewVMWizard/NewVMWizard.cs index c2c781092f..c713f75c2d 100644 --- a/XenAdmin/Wizards/NewVMWizard/NewVMWizard.cs +++ b/XenAdmin/Wizards/NewVMWizard/NewVMWizard.cs @@ -90,42 +90,40 @@ public NewVMWizard(IXenConnection connection, VM template, Host affinity) #region RBAC Warning Page Checks if (Helpers.ConnectionRequiresRbac(connection)) { - var createCheck = new RBACWarningPage.WizardPermissionCheck(Messages.RBAC_WARNING_VM_WIZARD_BLOCK); - foreach (RbacMethod method in CreateVMAction.StaticRBACDependencies) - createCheck.AddApiCheck(method); - createCheck.Blocking = true; + var createCheck = new WizardRbacCheck(Messages.RBAC_WARNING_VM_WIZARD_BLOCK, + CreateVMAction.StaticRBACDependencies) {Blocking = true}; // Check to see if they can set memory values - var memCheck = new RBACWarningPage.WizardPermissionCheck(Messages.RBAC_WARNING_VM_WIZARD_MEM); - memCheck.AddApiCheck("vm.set_memory_limits"); - memCheck.WarningAction = new RBACWarningPage.PermissionCheckActionDelegate(delegate () + var memCheck = new WizardRbacCheck(Messages.RBAC_WARNING_VM_WIZARD_MEM, + "vm.set_memory_limits") { - // no point letting them continue - page_5_CpuMem.DisableMemoryControls(); - }); + WarningAction = () => page_5_CpuMem.DisableMemoryControls() + }; // Check to see if they can set the VM's affinity - var affinityCheck = new RBACWarningPage.WizardPermissionCheck(Messages.RBAC_WARNING_VM_WIZARD_AFFINITY); - affinityCheck.ApiCallsToCheck.Add("vm.set_affinity"); - affinityCheck.WarningAction = new RBACWarningPage.PermissionCheckActionDelegate(delegate () + var affinityCheck = new WizardRbacCheck(Messages.RBAC_WARNING_VM_WIZARD_AFFINITY, "vm.set_affinity") { - page_4_HomeServer.DisableStep = true; - BlockAffinitySelection = true; - Program.Invoke(this, RefreshProgress); - }); + WarningAction = () => + { + page_4_HomeServer.DisableStep = true; + BlockAffinitySelection = true; + Program.Invoke(this, RefreshProgress); + } + }; page_RbacWarning.AddPermissionChecks(xenConnection, createCheck, affinityCheck, memCheck); if (Helpers.GpuCapability(xenConnection)) { - var vgpuCheck = new RBACWarningPage.WizardPermissionCheck(Messages.RBAC_WARNING_VM_WIZARD_GPU); - vgpuCheck.ApiCallsToCheck.Add("vgpu.create"); - vgpuCheck.WarningAction = new RBACWarningPage.PermissionCheckActionDelegate(() => + var vgpuCheck = new WizardRbacCheck(Messages.RBAC_WARNING_VM_WIZARD_GPU, "vgpu.create") { - pageVgpu.DisableStep = true; - Program.Invoke(this, RefreshProgress); - }); + WarningAction = () => + { + pageVgpu.DisableStep = true; + Program.Invoke(this, RefreshProgress); + } + }; page_RbacWarning.AddPermissionChecks(xenConnection, vgpuCheck); } diff --git a/XenModel/Actions/SR/SrRefreshAction.cs b/XenModel/Actions/SR/SrRefreshAction.cs index 9869779759..11295bd9d9 100644 --- a/XenModel/Actions/SR/SrRefreshAction.cs +++ b/XenModel/Actions/SR/SrRefreshAction.cs @@ -29,23 +29,27 @@ * SUCH DAMAGE. */ +using XenAdmin.Core; using XenAPI; namespace XenAdmin.Actions { - public class SrRefreshAction : PureAsyncAction + public class SrRefreshAction : AsyncAction { public SrRefreshAction(SR Sr, bool suppress_history = false) : base(Sr.Connection, string.Format(Messages.SR_REFRESH_ACTION_TITLE, Sr.NameWithoutHost()), suppress_history) { SR = Sr; + ApiMethodsToRoleCheck.AddRange(StaticRBACDependencies); } + public static RbacMethodList StaticRBACDependencies => new RbacMethodList("SR.scan"); + protected override void Run() { Description = string.Format(Messages.SR_REFRESH_ACTION_DESC, SR.NameWithoutHost()); - XenAPI.SR.scan(Session, SR.opaque_ref); + SR.scan(Session, SR.opaque_ref); Description = Messages.COMPLETED; } } diff --git a/XenModel/Actions/VM/VMCloneAction.cs b/XenModel/Actions/VM/VMCloneAction.cs index 2eaf22efb8..c07ef6180b 100644 --- a/XenModel/Actions/VM/VMCloneAction.cs +++ b/XenModel/Actions/VM/VMCloneAction.cs @@ -51,10 +51,8 @@ public VMCloneAction(VM vm, string name, string description) this.Template = vm; _cloneName = name; _cloneDescription = description; - ApiMethodsToRoleCheck.AddRange(Role.CommonSessionApiList); - ApiMethodsToRoleCheck.AddRange(Role.CommonTaskApiList); - ApiMethodsToRoleCheck.Add("VM.clone"); - ApiMethodsToRoleCheck.Add("VM.set_name_description"); + + ApiMethodsToRoleCheck.AddRange(StaticRBACDependencies); } public static RbacMethodList StaticRBACDependencies diff --git a/XenModel/Actions/VM/VMCopyAction.cs b/XenModel/Actions/VM/VMCopyAction.cs index 9b33dacdae..5f9bea8658 100644 --- a/XenModel/Actions/VM/VMCopyAction.cs +++ b/XenModel/Actions/VM/VMCopyAction.cs @@ -52,16 +52,8 @@ public VMCopyAction(VM vm, Host host, SR sr, string nameLabel, string descriptio if (vm.is_a_template) this.Template = vm; _namedescription = description; - SetRBACPermissions(); - } - - private void SetRBACPermissions() - { - ApiMethodsToRoleCheck.AddRange(Role.CommonSessionApiList); - ApiMethodsToRoleCheck.AddRange(Role.CommonTaskApiList); - ApiMethodsToRoleCheck.Add("VM.copy"); - ApiMethodsToRoleCheck.Add("VM.set_name_description"); + ApiMethodsToRoleCheck.AddRange(StaticRBACDependencies); } public static RbacMethodList StaticRBACDependencies diff --git a/XenModel/Messages.Designer.cs b/XenModel/Messages.Designer.cs index c73ce58332..a4d12dd2f5 100755 --- a/XenModel/Messages.Designer.cs +++ b/XenModel/Messages.Designer.cs @@ -31834,16 +31834,34 @@ public class Messages { } /// - /// Looks up a localized string similar to Current access levels do not allow cloning of VMs across pools. Log in as a different user with sufficient privileges on the host and try again.. + /// Looks up a localized string similar to A {0} user cannot copy templates across pools. Log in as a different user with sufficient privileges on both source and destination servers and try again.. /// - public static string RBAC_CROSS_POOL_CLONE_VM_BLOCKED { + public static string RBAC_CROSS_POOL_COPY_TEMPLATE_BLOCKED { get { - return ResourceManager.GetString("RBAC_CROSS_POOL_CLONE_VM_BLOCKED", resourceCulture); + return ResourceManager.GetString("RBAC_CROSS_POOL_COPY_TEMPLATE_BLOCKED", resourceCulture); } } /// - /// Looks up a localized string similar to Current access levels do not allow migration of VMs across pools. Log in as a different user with sufficient privileges on both source and target hosts and try again.. + /// Looks up a localized string similar to A {0} user cannot copy VMs across pools. Log in as a different user with sufficient privileges on both source and destination servers and try again.. + /// + public static string RBAC_CROSS_POOL_COPY_VM_BLOCKED { + get { + return ResourceManager.GetString("RBAC_CROSS_POOL_COPY_VM_BLOCKED", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to A {0} user cannot migrate templates across pools. Log in as a different user with sufficient privileges on both source and destination servers and try again.. + /// + public static string RBAC_CROSS_POOL_MIGRATE_TEMPLATE_BLOCKED { + get { + return ResourceManager.GetString("RBAC_CROSS_POOL_MIGRATE_TEMPLATE_BLOCKED", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to A {0} user cannot migrate VMs across pools. Log in as a different user with sufficient privileges on both source and destination servers and try again.. /// public static string RBAC_CROSS_POOL_MIGRATE_VM_BLOCKED { get { @@ -31852,7 +31870,7 @@ public class Messages { } /// - /// Looks up a localized string similar to User {0} does not have sufficient permissions to run a Disaster Recovery wizard. Login as a different user with sufficient privileges and try again.. + /// Looks up a localized string similar to A {0} user does not have sufficient permissions to use Disaster Recovery. Login as a different user with sufficient privileges and try again.. /// public static string RBAC_DR_WIZARD_MESSAGE { get { @@ -31861,7 +31879,7 @@ public class Messages { } /// - /// Looks up a localized string similar to Current access levels do not allow download of system status report. Log in as a different user with sufficient privileges on the source host and try again.. + /// Looks up a localized string similar to A {0} user cannot download system status reports. Log in as a different user with sufficient privileges and try again.. /// public static string RBAC_GET_SYSTEM_STATUS_BLOCKED { get { @@ -31901,7 +31919,16 @@ public class Messages { } /// - /// Looks up a localized string similar to Current access levels do not allow copying of VMs. Log in as a different user with sufficient privileges on the host and try again.. + /// Looks up a localized string similar to A {0} user cannot copy templates. Log in as a different user with sufficient privileges and try again.. + /// + public static string RBAC_INTRA_POOL_COPY_TEMPLATE_BLOCKED { + get { + return ResourceManager.GetString("RBAC_INTRA_POOL_COPY_TEMPLATE_BLOCKED", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to A {0} user cannot copy VMs. Log in as a different user with sufficient privileges and try again.. /// public static string RBAC_INTRA_POOL_COPY_VM_BLOCKED { get { diff --git a/XenModel/Messages.resx b/XenModel/Messages.resx index 50cfa443fe..8804aca6c9 100755 --- a/XenModel/Messages.resx +++ b/XenModel/Messages.resx @@ -1596,6 +1596,9 @@ The user you are currently logged into '{1}' with is a member of '{0}'. Proceedi Do you want to continue? + + Please wait while {0} establishes your current external authentication configuration. + Subject could not be resolved in your AD @@ -1663,9 +1666,6 @@ Do you want to continue? Do you want to continue? - - Please wait while {0} establishes your current external authentication configuration. - AD is not currently configured for pool '{0}'. To enable AD authentication, click Join Domain. @@ -1916,12 +1916,12 @@ Note that if RBAC is enabled, only alerts which you have privileges to dismiss w Allowed MTU value: {0} - - Would you like {0} to periodically check the internet for new versions of {0} and {1}? - &Show internet proxy settings + + Would you like {0} to periodically check the internet for new versions of {0} and {1}? + &Allow to continue @@ -2664,15 +2664,15 @@ This will cancel compilation of the status report. Valid from {0} to {1} - - Certificate Verification - Enabled on the pool, but disabled on: Disabled, but enabled on the pool + + Certificate Verification + Ability to download updates @@ -2780,12 +2780,6 @@ Do you want to assign it to the schedule '{2}' instead? Checking security protocol - - vSwitch Controller check - - - Checking vSwitch Controller configuration - Checking reboots required @@ -2807,6 +2801,12 @@ Do you want to assign it to the schedule '{2}' instead? Checking upgrade hotfix status + + vSwitch Controller check + + + Checking vSwitch Controller configuration + Checking {0} version @@ -3673,6 +3673,9 @@ This action cannot be undone. Are you sure you want to continue? Convert VM to Template + + Coordinator + Copy @@ -5646,15 +5649,15 @@ Would you like to eject these ISOs before continuing? EULAs + + You cannot nominate a new coordinator while the pool is in the process of creating a cluster. + Enter Maintenance Mode - {0} {0} Eject the CD - - You cannot nominate a new coordinator while the pool is in the process of creating a cluster. - You cannot nominate a new coordinator while HA is being disabled on the pool. @@ -8297,9 +8300,6 @@ This will permanently delete and reinitialize all local storage on the servers. Subscription Advantage required - - Coordinator - Max @@ -8448,12 +8448,12 @@ Are you sure you want to detach this storage repository? Certificate verification is not enabled on '{0}'. Would you like to enable it now? - - Before enabling certificate verification ensure that there are no operations running in the pool, otherwise they will be interrupted. - &Yes, Enable certificate verification + + Before enabling certificate verification ensure that there are no operations running in the pool, otherwise they will be interrupted. + Unable to connect to server '{0}'. {1} @@ -8516,11 +8516,14 @@ This action is final and unrecoverable. Writing password information failed: {0} + + You cannot remove the coordinator from the pool. + The pool Coordinator will become a standalone server, are you sure you want to continue? - - You cannot remove the coordinator from the pool. + + You must eject all other pool members from the pool before you can delete the pool. [{0}] There has been an unexpected error. Technical details about this error have been saved to the following file. Please send this to your support representative. @@ -8564,9 +8567,6 @@ Do you want to continue? Do you want to continue? - - You must eject all other pool members from the pool before you can delete the pool. - This will delete the selected network interface permanently. Continue? @@ -8881,8 +8881,14 @@ You should only proceed if you have verified that these settings are correct. New Private Network - - Clustering is enabled on this server. + + The coordinator is still connecting + + + The coordinator is disconnected + + + Your current role on the coordinator is not authorized to add hosts to the coordinator's pool This server has different updates from the coordinator @@ -8926,15 +8932,6 @@ You should only proceed if you have verified that these settings are correct. This server's Linux pack installation state differs from that of the coordinator - - The coordinator is still connecting - - - The coordinator is disconnected - - - Your current role on the coordinator is not authorized to add hosts to the coordinator's pool - The pool has already reached the maximum number of servers allowed by your license @@ -9402,12 +9399,6 @@ Review these settings, then click Previous if you need to change anything. Other Locate the operating system installation media - - Disk '{0}' - - - Created by template provisioner - The default SR '{0}' cannot be seen from the VM's home server. @@ -9417,9 +9408,21 @@ Review these settings, then click Previous if you need to change anything. Other The default SR '{0}' does not have enough free space for the new VM's disks. + + Disk '{0}' + + + Created by template provisioner + Storage + + <no suitable storage> + + + The SR '{0}' is overcommitted. There is only {1} of free space and the new VM requires {2}. + The SR suggested by the template ('{0}') cannot be seen from the VM's home server. @@ -9429,12 +9432,6 @@ Review these settings, then click Previous if you need to change anything. Other The SR suggested by the template ('{0}') does not have enough free space for the new VM's disks. - - <no suitable storage> - - - The SR '{0}' is overcommitted. There is only {1} of free space and the new VM requires {2}. - Configure storage for the new VM @@ -9456,9 +9453,6 @@ Review these settings, then click Previous if you need to change anything. Other Gooroom - - Rocky - Linx @@ -9477,6 +9471,9 @@ Review these settings, then click Previous if you need to change anything. Other Red Hat + + Rocky + Scientific Linux @@ -9580,6 +9577,9 @@ Do you want to enable AD authentication on your server and join it to the same d All pool members must use the same authentication method. Do you want to enable AD authentication on these servers and join them to the same domain as the pool? + + Clustering is enabled on this server. + You are attempting to add the server '{0}' to a pool with a coordinator that is using an older CPU. @@ -9716,12 +9716,12 @@ It is strongly recommended that you Cancel and apply the latest version of the p SR-IOV is already enabled on all the SR-IOV capable NICs. - - {0} (Hidden) - {0} (Bonded member) + + {0} (Hidden) + Network Interface Cards @@ -9761,14 +9761,14 @@ It is strongly recommended that you Cancel and apply the latest version of the p Events: {0} - - {0} in progress + + 1 error {0} errors - - 1 error + + {0} in progress Events ({0} errors) @@ -10555,12 +10555,12 @@ File not found error. - - Server '{0}' could not be evacuated because there were no servers available to accommodate all the VMs being migrated from this server. Please reboot the other servers that are pending a reboot following the update installation, and then press Retry to resume the process. - Server '{0}' could not be evacuated because there was not enough free memory on the other servers to migrate all the VMs from this server. Please suspend or shut down some VMs and then press Retry to resume the process. + + Server '{0}' could not be evacuated because there were no servers available to accommodate all the VMs being migrated from this server. Please reboot the other servers that are pending a reboot following the update installation, and then press Retry to resume the process. + Installing {0} on '{1}'... @@ -10674,6 +10674,12 @@ Please reconnect the host and try again Pool: + + Pool coordinator + + + Could not find the pool coordinator in {0}'s cache. + Pool '{0}' has HA enabled. You must disable HA before making the pool into a standalone server. @@ -10740,12 +10746,6 @@ Please reconnect the host and try again Pool License - - Pool coordinator - - - Could not find the pool coordinator in {0}'s cache. - Pool name cannot be empty @@ -10799,12 +10799,24 @@ If this value does not correspond to a server within the selected resource pool Probing for LUNs on {0} - - {0}: Health Check has been removed in {1} {2}. + + {0}: The coordinator needs to be rebooted first + + + {0}: This update requires the coordinator to be rebooted first + + + {0}: Toolstack on coordinator needs to be restarted first + + + {0}: This update requires the toolstack on coordinator to be restarted first Disable Health Check + + {0}: Health Check has been removed in {1} {2}. + Server '{0}' @@ -10820,15 +10832,6 @@ If this value does not correspond to a server within the selected resource pool If you are upgrading to {0} and above, you will not be able to use security protocols earlier than TLS 1.2 for communication with the server and you may lose permanently access to it. - - {0}: Support for the vSwitch Controller has been removed in {1}. - - - Support for the vSwitch Controller has been removed in {0}. You must deconfigure the controller because any features that require it will no longer work. Please click the link below for more information. - - - If you are upgrading to {0} and above, you must deconfigure the vSwitch Controller because support for it has been removed in this release and any features that require it will no longer work. Please click the link below for more information. - The MAC address entered has already been assigned to the VM: {1} @@ -10838,18 +10841,6 @@ Are you sure you want to continue? Duplicate MAC address - - {0}: The coordinator needs to be rebooted first - - - {0}: This update requires the coordinator to be rebooted first - - - {0}: Toolstack on coordinator needs to be restarted first - - - {0}: This update requires the toolstack on coordinator to be restarted first - Pool '{0}' @@ -10876,6 +10867,15 @@ Click Previous if you need to go back and specify a different network location o VM '{0}' + + {0}: Support for the vSwitch Controller has been removed in {1}. + + + Support for the vSwitch Controller has been removed in {0}. You must deconfigure the controller because any features that require it will no longer work. Please click the link below for more information. + + + If you are upgrading to {0} and above, you must deconfigure the vSwitch Controller because support for it has been removed in this release and any features that require it will no longer work. Please click the link below for more information. + {0} version @@ -11028,11 +11028,23 @@ To access this console switch to an account with the following role: {1} + + A {0} user cannot copy templates across pools. Log in as a different user with sufficient privileges on both source and destination servers and try again. + + + A {0} user cannot copy VMs across pools. Log in as a different user with sufficient privileges on both source and destination servers and try again. + + + A {0} user cannot migrate templates across pools. Log in as a different user with sufficient privileges on both source and destination servers and try again. + - Current access levels do not allow migration of VMs across pools. Log in as a different user with sufficient privileges on both source and target hosts and try again. + A {0} user cannot migrate VMs across pools. Log in as a different user with sufficient privileges on both source and destination servers and try again. - User {0} does not have sufficient permissions to run a Disaster Recovery wizard. Login as a different user with sufficient privileges and try again. + A {0} user does not have sufficient permissions to use Disaster Recovery. Login as a different user with sufficient privileges and try again. + + + A {0} user cannot download system status reports. Log in as a different user with sufficient privileges and try again. Your current role is '{1}'. @@ -11047,6 +11059,12 @@ To configure HA settings, switch to an account with one of the following roles: A {0} user cannot perform this action. + + A {0} user cannot copy templates. Log in as a different user with sufficient privileges and try again. + + + A {0} user cannot copy VMs. Log in as a different user with sufficient privileges and try again. + Check complete, you have full access to the features in this wizard. @@ -11530,6 +11548,9 @@ The coordinator must be upgraded first, so if you skip the coordinator, the roll You cannot rotate the pool secret when HA is on. + + Rotate &Pool Secret + You cannot enable clustering while a pool secret rotation is in progress. @@ -11539,9 +11560,6 @@ The coordinator must be upgraded first, so if you skip the coordinator, the roll You cannot nominate a new coordinator while a pool secret rotation is in progress. - - Rotate &Pool Secret - A {0} user does not have sufficient permissions to rotate the pool secret. Please login using an account with one of the following roles: @@ -11619,12 +11637,12 @@ The coordinator must be upgraded first, so if you skip the coordinator, the roll Saving search '{0}'... - - Saving VM properties - Saving configuration... + + Saving VM properties + Saving Workload Balancing configuration. @@ -11937,16 +11955,6 @@ The coordinator must be upgraded first, so if you skip the coordinator, the roll Slack: - - Server '{0}' is a member of pool '{1}' and is already connected. - - - Server '{0}' is in a pool. To connect to a pool, you must connect to the pool coordinator. -Do you want to connect to the pool coordinator '{1}'? - - - This pool contains servers earlier than {0} {1}. Please use an earlier version of {2} to manage this pool. - smaller than @@ -12143,13 +12151,13 @@ You may need to reboot your server(s) to enable SR-IOV network. The SR is currently detached. + + You cannot create a disk greater than {0} on this SR. + Initial allocation: {0} Incremental allocation: {1} - - You cannot create a disk greater than {0} on this SR. - This SR does not need to be upgraded. @@ -12168,12 +12176,12 @@ Incremental allocation: {1} VMs without a home server cannot have disks on local storage - - Disk size ({0}) exceeds SR size ({1}) - SR '{0}' does not have {1} of free space to import virtual disk {2}. + + Disk size ({0}) exceeds SR size ({1}) + {0} required when only {1} available @@ -12401,6 +12409,16 @@ The upper limit: SR size / {2} Sun + + Server '{0}' is a member of pool '{1}' and is already connected. + + + Server '{0}' is in a pool. To connect to a pool, you must connect to the pool coordinator. +Do you want to connect to the pool coordinator '{1}'? + + + This pool contains servers earlier than {0} {1}. Please use an earlier version of {2} to manage this pool. + {0} (version {1}) @@ -13120,12 +13138,12 @@ Note that if RBAC is enabled, only updates which you have privileges to dismiss {0}: Check skipped because hosts in pool '{1}' have incompatible CPUs - - Upgrade host {0} - Upgrade coordinator {0} + + Upgrade host {0} + Apply Upgrade @@ -13386,14 +13404,14 @@ To start a {0} trial, click the button below. {0} - currently in use by '{1}' - - The vCPUs can only be changed when the VM is shut down. - The number of VCPUs is greater than the number of physical CPUs on the host server. This will significantly reduce VM performance. To optimize VM performance, you should reduce the number of VCPUs to less than or equal to the number of physical CPUs. + + The vCPUs can only be changed when the VM is shut down. + VDI @@ -14725,13 +14743,4 @@ Any disk in your VM's DVD drive will be ejected when installing {1}. You are here - - Current access levels do not allow cloning of VMs across pools. Log in as a different user with sufficient privileges on the host and try again. - - - Current access levels do not allow copying of VMs. Log in as a different user with sufficient privileges on the host and try again. - - - Current access levels do not allow download of system status report. Log in as a different user with sufficient privileges on the source host and try again. - \ No newline at end of file