test/auth: Check that 'fine_grained' is rightly set when querying the…

… current identity info

Signed-off-by: Gabriel Mougard <[email protected]>

test/suites/auth.sh

@@ -147,7 +147,9 @@ groups:
 tls_certificate: ""
 effective_groups:
 - test-group
-effective_permissions: []'
+effective_permissions: []
+fine_grained: true'
+
   [ "$(lxc auth identity info oidc:)" = "${expectedOIDCInfo}" ]
 
   expectedTLSInfo="authentication_method: tls
@@ -160,7 +162,9 @@ tls_certificate: |
 $(awk '{printf "  %s\n", $0}' "${LXD_CONF2}/client.crt")
 effective_groups:
 - test-group
-effective_permissions: []"
+effective_permissions: []
+fine_grained: true"
+
   [ "$(LXD_CONF="${LXD_CONF2}" lxc auth identity info tls:)" = "${expectedTLSInfo}" ]
 
 
@@ -274,6 +278,13 @@ effective_permissions: []"
   [ "$(LXD_CONF="${LXD_CONF4}" lxc_remote query tls:/1.0 | jq -r '.auth')" = "trusted" ]
   [ "$(LXD_CONF="${LXD_CONF5}" lxc_remote query tls:/1.0 | jq -r '.auth')" = "untrusted" ]
 
+  # Check that an unrestricted client certificate is not fine grained.
+  LXD_CONF6=$(mktemp -d -p "${TEST_DIR}" XXX)
+  LXD_CONF="${LXD_CONF6}" gen_cert_and_key "client"
+  LXD_CONF="${LXD_CONF6}" lxc config trust add "${LXD_CONF}/client.crt"
+  lxc config trust show "$(openssl x509 -in "${LXD_CONF}/client.crt" -outform der | sha256sum | head -c12)" | grep -xF "restricted: false"
+  [ $(CERTNAME=client my_curl -X GET "https://${LXD_ADDR}/1.0/auth/identities/current" | jq -r .metadata.fine_grained) = "false" ]
+
   # Cleanup
   lxc auth group delete test-group
   lxc auth identity-provider-group delete test-idp-group
@@ -284,6 +295,7 @@ effective_permissions: []"
   rm -r "${LXD_CONF3}"
   rm -r "${LXD_CONF4}"
   rm -r "${LXD_CONF5}"
+  rm -r "${LXD_CONF6}"
   lxc config unset core.remote_token_expiry
   lxc config unset oidc.issuer
   lxc config unset oidc.client.id