Description

This test case tests whether thermostat command channel interactions fail if the agent user is missing the thermostat-cmdc-verify role.

Setup

1. Boot into the machine/VM you wish to test.
2. If thermostat-webapp is not yet installed, install it.
3. Perform all actions as described in the basic web service test case.

How to test

1. Start the thermostat agent, connecting to webstorage: thermostat agent -d http://127.0.0.1:8080/thermostat/storage
2. Start the thermostat shell: thermostat shell
3. Connect to the thermostat web service at the shell prompt: Thermostat > connect -d http://127.0.0.1:8080/thermostat/storage
4. List all VMs: Thermostat > list-vms
5. From this list pick one VM_ID, say it's 7474af55-6869-4606-8815-df0674d56e2b
6. Next show the VM information via the vm-info command: vm-info 7474af55-6869-4606-8815-df0674d56e2b. Record the "User ID" information. Say this info is "1000(jon-doe)"
7. Now in /etc/thermostat/thermostat-roles.properties change the following line of the recursive role "thermostat-client" (this needs to be done as root):

# This granted a user which is member of "thermostat-client" to read all VMs running as any username on the target host.
#thermostat-vms-grant-read-username-ALL
# This grants a user which is member of "thermostat-client" to read all VMs running as user "jon-doe"
thermostat-vms-grant-read-username-jon-doe

1. Save the changed thermostat-roles.properties file.
2. On the thermostat shell list vms: Thermostat > list-vms

Expected Results

1. At step 6, list-vms should only show VMs which are running as "jon-doe". You can verify this by running vm-info on every VM_ID in the output of list-vms.