From Fedora Project Wiki
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
# From this list pick one VM_ID, say it's <code>7474af55-6869-4606-8815-df0674d56e2b</code> | # From this list pick one VM_ID, say it's <code>7474af55-6869-4606-8815-df0674d56e2b</code> | ||
# Next show the VM information via the vm-info command: {{command|vm-info 7474af55-6869-4606-8815-df0674d56e2b}}. Record the "User ID" information. Say this info is "1000(jon-doe)" | # Next show the VM information via the vm-info command: {{command|vm-info 7474af55-6869-4606-8815-df0674d56e2b}}. Record the "User ID" information. Say this info is "1000(jon-doe)" | ||
# Now in /etc/thermostat/thermostat-roles.properties change the following line of the recursive role "thermostat-client" (this needs to be done as root): | # Now in /etc/thermostat/thermostat-roles.properties change the following line of the recursive role "thermostat-client" (this needs to be done as root), save the file and run list-vms again: | ||
<pre> | <pre> | ||
# This granted a user which is member of "thermostat-client" to read all VMs running as any username on the target host. | # This granted a user which is member of "thermostat-client" to read all VMs running as any username on the target host. | ||
| Line 19: | Line 19: | ||
thermostat-vms-grant-read-username-jon-doe | thermostat-vms-grant-read-username-jon-doe | ||
</pre> | </pre> | ||
|results= | |results= | ||
# At step | # At step 7, list-vms should only show VMs which are running as "jon-doe". You can verify this by running vm-info on every VM_ID in the output of list-vms. | ||
}} | }} | ||
Revision as of 14:59, 2 December 2013
Description
This test case tests whether thermostat command channel interactions fail if the agent user is missing the thermostat-cmdc-verify role.
Setup
- Boot into the machine/VM you wish to test.
- If thermostat-webapp is not yet installed, install it.
- Perform all actions as described in the basic web service test case.
How to test
- Start the thermostat agent, connecting to webstorage:
thermostat agent -d http://127.0.0.1:8080/thermostat/storage - Start the thermostat shell:
thermostat shell - Connect to the thermostat web service at the shell prompt:
Thermostat > connect -d http://127.0.0.1:8080/thermostat/storage - List all VMs:
Thermostat > list-vms - From this list pick one VM_ID, say it's
7474af55-6869-4606-8815-df0674d56e2b - Next show the VM information via the vm-info command:
vm-info 7474af55-6869-4606-8815-df0674d56e2b. Record the "User ID" information. Say this info is "1000(jon-doe)" - Now in /etc/thermostat/thermostat-roles.properties change the following line of the recursive role "thermostat-client" (this needs to be done as root), save the file and run list-vms again:
# This granted a user which is member of "thermostat-client" to read all VMs running as any username on the target host. #thermostat-vms-grant-read-username-ALL # This grants a user which is member of "thermostat-client" to read all VMs running as user "jon-doe" thermostat-vms-grant-read-username-jon-doe
Expected Results
- At step 7, list-vms should only show VMs which are running as "jon-doe". You can verify this by running vm-info on every VM_ID in the output of list-vms.