test/auth: Check that 'fine_grained' is rightly set when querying the…

… current identity info Signed-off-by: Gabriel Mougard <[email protected]>
canonical · Jan 8, 2025 · d87a4ea · d87a4ea
1 parent e416748
commit d87a4ea
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/test/suites/auth.sh b/test/suites/auth.sh
@@ -147,7 +147,9 @@ groups:
 tls_certificate: ""
 effective_groups:
 - test-group
-effective_permissions: []'
+effective_permissions: []
+fine_grained: true'
+
   [ "$(lxc auth identity info oidc:)" = "${expectedOIDCInfo}" ]
 
   expectedTLSInfo="authentication_method: tls
@@ -160,7 +162,9 @@ tls_certificate: |
 $(awk '{printf "  %s\n", $0}' "${LXD_CONF2}/client.crt")
 effective_groups:
 - test-group
-effective_permissions: []"
+effective_permissions: []
+fine_grained: true"
+
   [ "$(LXD_CONF="${LXD_CONF2}" lxc auth identity info tls:)" = "${expectedTLSInfo}" ]
 
 
@@ -274,6 +278,13 @@ effective_permissions: []"
   [ "$(LXD_CONF="${LXD_CONF4}" lxc_remote query tls:/1.0 | jq -r '.auth')" = "trusted" ]
   [ "$(LXD_CONF="${LXD_CONF5}" lxc_remote query tls:/1.0 | jq -r '.auth')" = "untrusted" ]
 
+  # Check that, by default, an identity is not fine grained if it has no group membership.
+  LXD_CONF6=$(mktemp -d -p "${TEST_DIR}" XXX)
+  LXD_CONF="${LXD_CONF6}" gen_cert_and_key "client"
+  token="$(lxc auth identity create tls/test-user6 --quiet)"
+  LXD_CONF="${LXD_CONF6}" lxc_remote remote add tls "${token}"
+  ! LXD_CONF="${LXD_CONF6}" lxc auth identity info tls: | grep 'fine_grained: true' || false
+
   # Cleanup
   lxc auth group delete test-group
   lxc auth identity-provider-group delete test-idp-group
@@ -284,6 +295,7 @@ effective_permissions: []"
   rm -r "${LXD_CONF3}"
   rm -r "${LXD_CONF4}"
   rm -r "${LXD_CONF5}"
+  rm -r "${LXD_CONF6}"
   lxc config unset core.remote_token_expiry
   lxc config unset oidc.issuer
   lxc config unset oidc.client.id