From 94ff84ee2a7231cce8e8ff1a4d74db7dff7e12a5 Mon Sep 17 00:00:00 2001
From: Mark Laing <mark.laing@canonical.com>
Date: Wed, 2 Oct 2024 15:52:56 +0100
Subject: [PATCH] test/suites: Test identity deletion.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
---
 test/suites/auth.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/test/suites/auth.sh b/test/suites/auth.sh
index 2f807ec64030..9dc30f471d19 100644
--- a/test/suites/auth.sh
+++ b/test/suites/auth.sh
@@ -143,6 +143,12 @@ EOF
   # Perform access check compatibility with project feature flags
   auth_project_features
 
+  # The OIDC identity should be able to delete themselves without any permissions.
+  lxc auth identity group remove oidc/test-user@example.com test-group
+  lxc_remote auth identity info oidc: | grep -Fq 'effective_permissions: []'
+  lxc_remote auth identity delete oidc:oidc/test-user@example.com
+  ! lxc auth identity list --format csv | grep -Fq 'test-user@example.com' || false
+
   # Cleanup
   lxc auth group delete test-group
   lxc auth identity-provider-group delete test-idp-group