Skip to content

Add support for account and entity permissions endpoints#639

Open
dawiddzhafarov wants to merge 2 commits intolinode:proj/iamfrom
dawiddzhafarov:feature/TPT-3966-linodepy-support-for-new-iam-endpoints
Open

Add support for account and entity permissions endpoints#639
dawiddzhafarov wants to merge 2 commits intolinode:proj/iamfrom
dawiddzhafarov:feature/TPT-3966-linodepy-support-for-new-iam-endpoints

Conversation

@dawiddzhafarov
Copy link

@dawiddzhafarov dawiddzhafarov commented Feb 4, 2026

📝 Description

This PR adds support for two new IAM endpoints:

  • GET /iam/users/{username}/permissions/{entityType}/{entityId}
  • GET /iam/users/{username}/permissions/account

Changes include basic unit test cases along the integration tests.

✔️ How to Test

Use DEVCLOUD linode token along the URL: https://api.devcloud.linode.com/v4beta/.
iam_beta customer tag is required.

To run unit tests:
make test-unit

To run new integration tests:

  • make TEST_CASE=test_get_entity_permissions test-int
  • make TEST_CASE=test_get_account_permissions test-int

Or run all IAM integration tests:
make TEST_SUITE="iam" test-int

Note that the IAM endpoints might not be stable and return random 500s.

@dawiddzhafarov dawiddzhafarov added the new-feature for new features in the changelog. label Feb 4, 2026
@dawiddzhafarov dawiddzhafarov marked this pull request as ready for review February 4, 2026 13:36
@dawiddzhafarov dawiddzhafarov requested a review from a team as a code owner February 4, 2026 13:36
@dawiddzhafarov dawiddzhafarov requested review from mgwoj and vshanthe and removed request for a team February 4, 2026 13:36
@vshanthe vshanthe requested a review from Copilot February 4, 2026 13:44
Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for two new IAM endpoints that allow retrieving user permissions at both account and entity levels. The implementation includes the core API methods, unit tests with fixtures, and integration tests.

Changes:

  • Added two new methods to the IAM group for retrieving account-level and entity-level permissions
  • Created unit tests with JSON fixtures to validate the new methods
  • Added integration tests to verify the endpoints work with live API

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
linode_api4/groups/iam.py Implements account_permissions_get and entity_permissions_get methods for the IAM group
test/unit/groups/iam_test.py Adds unit tests for both new permission endpoints
test/fixtures/iam_users_myusername_permissions_account.json Fixture data for account permissions unit test
test/fixtures/iam_users_myusername_permissions_linode_1.json Fixture data for entity permissions unit test
test/integration/models/iam/iam_test.py Adds integration tests for both permission endpoints

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

test/integration/models/iam/iam_test.py Outdated
account_permissions = client.iam.account_permissions_get(username)

if len(account_permissions) > 0:
assert len(account_permissions) > 0
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assertion is redundant since the same condition is checked in the if statement on line 69. Remove this duplicate check.

Copilot uses AI. Check for mistakes.
test/integration/models/iam/iam_test.py Outdated
username, entity.type, entity.id
)
if len(entity_permissions) > 0:
assert len(entity_permissions) > 0
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assertion is redundant since the same condition is checked in the if statement on line 85. Remove this duplicate check.

Suggested change
assert len(entity_permissions) > 0
pass

Copilot uses AI. Check for mistakes.
linode_api4/groups/iam.py
This is intended to be called off of the :any:`LinodeClient`
class, like this::

permissions_account = client.account_permissions_get("myusername")
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The example shows calling the method on client directly, but based on the docstring context ('This is intended to be called off of the :any:LinodeClient class'), it should be client.iam.account_permissions_get('myusername') to match the actual API structure.

Suggested change
permissions_account = client.account_permissions_get("myusername")
permissions_account = client.iam.account_permissions_get("myusername")

Copilot uses AI. Check for mistakes.
linode_api4/groups/iam.py
This is intended to be called off of the :any:`LinodeClient`
class, like this::

permissions_entity = client.entity_permissions_get("myusername", "linode", 123456)
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The example shows calling the method on client directly, but it should be client.iam.entity_permissions_get('myusername', 'linode', 123456) to match the actual API structure and be consistent with how the IAM group methods are accessed.

Suggested change
permissions_entity = client.entity_permissions_get("myusername", "linode", 123456)
permissions_entity = client.iam.entity_permissions_get("myusername", "linode", 123456)

Copilot uses AI. Check for mistakes.
dawiddzhafarov
dawiddzhafarov commented Feb 4, 2026
View reviewed changes
test/integration/models/iam/iam_test.py Outdated

account_permissions = client.iam.account_permissions_get(username)

if len(account_permissions) > 0:
Copy link
Author

@dawiddzhafarov dawiddzhafarov Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wondered how can I mark the test as passing if the response is not empty, otherwise skip the test. Let me know whether I should follow copilot suggestion or is there any other approach?

vshanthe
vshanthe requested changes Feb 5, 2026
View reviewed changes
test/integration/models/iam/iam_test.py Outdated
username = client.profile().username

entities = client.iam.entities()
if len(entities) > 0:
Copy link
Contributor

@vshanthe vshanthe Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can skip here itself if no entities
if not entities:
pytest.skip("no entities")

Copy link
Author

@dawiddzhafarov dawiddzhafarov Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adjusted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vshanthe vshanthe vshanthe requested changes

@mgwoj mgwoj Awaiting requested review from mgwoj mgwoj is a code owner automatically assigned from linode/dx

@jriddle-linode jriddle-linode Awaiting requested review from jriddle-linode

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

new-feature for new features in the changelog.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dawiddzhafarov @vshanthe