From Fedora Project Wiki

No edit summary
No edit summary
Line 6: Line 6:
# Perform all actions as described in the [[QA:Testcase_thermostat_web_basic|basic web service test case]].
# Perform all actions as described in the [[QA:Testcase_thermostat_web_basic|basic web service test case]].
|actions=
|actions=
# Open /etc/thermostat/thermostat-roles.properties and remove the role "thermostat-cmdc-verify" role from the "thermostat-agent" recursive role definition (right side of '=').
# Start the thermostat agent, connecting to webstorage: {{command|thermostat agent -d http://127.0.0.1:8080/thermostat/storage}}
# Start the thermostat agent, connecting to webstorage: {{command|thermostat agent -d http://127.0.0.1:8080/thermostat/storage}}
# Start the thermostat shell: {{command|thermostat shell}}
# Start the thermostat shell: {{command|thermostat shell}}
# Connect to the thermostat web service at the shell prompt:  {{command| Thermostat > connect -d http://127.0.0.1:8080/thermostat/storage}}
# Connect to the thermostat web service at the shell prompt:  {{command| Thermostat > connect -d http://127.0.0.1:8080/thermostat/storage}}
# Figure out the host ID of a running agent (a,k.a. agent ID). Note that this list-vms command will use web storage rather than mongodb directly. {{command| Thermostat > list-vms}}
# List all VMs: {{command| Thermostat > list-vms}}
# On the thermostat shell, attempt to ping the host ID (please replace <hostID> with the real ID): {{command| <nowiki>Thermostat > ping <hostID></nowiki>}}
# From this list pick one VM_ID, say it's <code>7474af55-6869-4606-8815-df0674d56e2b</code>
|results=
# Next show the VM information via the vm-info command: {{command|vm-info 7474af55-6869-4606-8815-df0674d56e2b}}. Record the "User ID" information. Say this info is "1000(jon-doe)"
# At step 6, the ping should come back with:
# Now in /etc/thermostat/thermostat-roles.properties change the following line of the recursive role "thermostat-client" (this needs to be done as root):
<pre>
<pre>
Queuing ping request. Destination: /127.0.0.1:12000
# This granted a user which is member of "thermostat-client" to read all VMs running as any username on the target host.
Unknown result from ping command
#thermostat-vms-grant-read-username-ALL
# This grants a user which is member of "thermostat-client" to read all VMs running as user "jon-doe"
thermostat-vms-grant-read-username-jon-doe
</pre>
</pre>
# It is a known issue that the error message shown to the user is "Unknown result from ping command". This will be fixed upstream very soon. The new error message will detail the real reason "authentication/authorization issue".
# Save the changed thermostat-roles.properties file.
# On the thermostat shell list vms: {{command| Thermostat > list-vms}}
|results=
# At step 6, list-vms should only show VMs which are running as "jon-doe". You can verify this by running vm-info on every VM_ID in the output of list-vms.
}}
}}

Revision as of 14:57, 2 December 2013

Description

This test case tests whether thermostat command channel interactions fail if the agent user is missing the thermostat-cmdc-verify role.

Setup

  1. Boot into the machine/VM you wish to test.
  2. If thermostat-webapp is not yet installed, install it.
  3. Perform all actions as described in the basic web service test case.

How to test

  1. Start the thermostat agent, connecting to webstorage: thermostat agent -d http://127.0.0.1:8080/thermostat/storage
  2. Start the thermostat shell: thermostat shell
  3. Connect to the thermostat web service at the shell prompt: Thermostat > connect -d http://127.0.0.1:8080/thermostat/storage
  4. List all VMs: Thermostat > list-vms
  5. From this list pick one VM_ID, say it's 7474af55-6869-4606-8815-df0674d56e2b
  6. Next show the VM information via the vm-info command: vm-info 7474af55-6869-4606-8815-df0674d56e2b. Record the "User ID" information. Say this info is "1000(jon-doe)"
  7. Now in /etc/thermostat/thermostat-roles.properties change the following line of the recursive role "thermostat-client" (this needs to be done as root):
# This granted a user which is member of "thermostat-client" to read all VMs running as any username on the target host.
#thermostat-vms-grant-read-username-ALL
# This grants a user which is member of "thermostat-client" to read all VMs running as user "jon-doe"
thermostat-vms-grant-read-username-jon-doe
  1. Save the changed thermostat-roles.properties file.
  2. On the thermostat shell list vms: Thermostat > list-vms

Expected Results

  1. At step 6, list-vms should only show VMs which are running as "jon-doe". You can verify this by running vm-info on every VM_ID in the output of list-vms.



Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_thermostat_web_auth&oldid=363000"