diff --git a/linode_api4/groups/iam.py b/linode_api4/groups/iam.py index c2bb5d7d6..1eae5f2ae 100644 --- a/linode_api4/groups/iam.py +++ b/linode_api4/groups/iam.py @@ -96,3 +96,49 @@ def entities(self, *filters): return self.client._get_and_filter( LinodeEntity, *filters, endpoint="/entities" ) + + def account_permissions_get(self, username): + """ + Returns the account-level permissions for the specified user. + + This is intended to be called off of the :any:`LinodeClient` + class, like this:: + + permissions_account = client.account_permissions_get("myusername") + + API Documentation: TODO + + :param username: The username to get permissions for. + :type username: str + + :returns: The account-level permissions for the user. + :rtype: List[str] + """ + return self.client.get( + f"/iam/users/{username}/permissions/account", + ) + + def entity_permissions_get(self, username, entity_type, entity_id): + """ + Returns the entity-level permissions for the specified user on a specific entity. + + This is intended to be called off of the :any:`LinodeClient` + class, like this:: + + permissions_entity = client.entity_permissions_get("myusername", "linode", 123456) + + API Documentation: TODO + + :param username: The username to get permissions for. + :type username: str + :param entity_type: The type of entity (e.g., "linode", "firewall"). + :type entity_type: str + :param entity_id: The ID of the specific entity. + :type entity_id: int + + :returns: The entity-level permissions for the user on the specified entity. + :rtype: List[str] + """ + return self.client.get( + f"/iam/users/{username}/permissions/{entity_type}/{entity_id}" + ) diff --git a/test/fixtures/iam_users_myusername_permissions_account.json b/test/fixtures/iam_users_myusername_permissions_account.json new file mode 100644 index 000000000..115b699e8 --- /dev/null +++ b/test/fixtures/iam_users_myusername_permissions_account.json @@ -0,0 +1,8 @@ +[ + "list_events", + "list_entities", + "view_account_settings", + "view_invoice_item", + "cancel_account", + "create_vpc" +] \ No newline at end of file diff --git a/test/fixtures/iam_users_myusername_permissions_linode_1.json b/test/fixtures/iam_users_myusername_permissions_linode_1.json new file mode 100644 index 000000000..0c317a8f9 --- /dev/null +++ b/test/fixtures/iam_users_myusername_permissions_linode_1.json @@ -0,0 +1,8 @@ +[ + "generate_linode_lish_token_remote", + "rebuild_linode", + "shutdown_linode", + "create_linode_config_profile", + "rescue_linode", + "list_linode_volumes" +] \ No newline at end of file diff --git a/test/integration/models/iam/iam_test.py b/test/integration/models/iam/iam_test.py index 9b054bf64..c5e968709 100644 --- a/test/integration/models/iam/iam_test.py +++ b/test/integration/models/iam/iam_test.py @@ -58,3 +58,35 @@ def test_list_entities(test_linode_client): assert hasattr(entity, "type") else: pytest.skip("No entities found in IAM response.") + + +def test_get_account_permissions(test_linode_client): + client = test_linode_client + username = client.profile().username + + account_permissions = client.iam.account_permissions_get(username) + + if not account_permissions: + pytest.skip("No account permissions found for the user.") + else: + assert len(account_permissions) > 0 + + +def test_get_entity_permissions(test_linode_client): + client = test_linode_client + username = client.profile().username + + entities = client.iam.entities() + if not entities: + pytest.skip("no entities") + else: + entity = entities[0] + entity_permissions = client.iam.entity_permissions_get( + username, entity.type, entity.id + ) + if not entity_permissions: + pytest.skip( + "no entity permissions found for the user and chosen entity." + ) + else: + assert len(entity_permissions) > 0 diff --git a/test/unit/groups/iam_test.py b/test/unit/groups/iam_test.py index c9242b48c..4f0958f78 100644 --- a/test/unit/groups/iam_test.py +++ b/test/unit/groups/iam_test.py @@ -240,3 +240,40 @@ def test_role_permissions_user_set(self): self.assertEqual( m.call_data["entity_access"][1]["roles"], ["firewall_admin"] ) + + def test_account_permissions_get(self): + """ + Test that account permissions can be properly retrieved for a user + """ + permissions_account = self.client.iam.account_permissions_get( + "myusername" + ) + + # Add assertions based on your fixture data + self.assertEqual(len(permissions_account), 6) + self.assertEqual(permissions_account[0], "list_events") + self.assertEqual(permissions_account[1], "list_entities") + self.assertEqual(permissions_account[2], "view_account_settings") + self.assertEqual(permissions_account[3], "view_invoice_item") + self.assertEqual(permissions_account[4], "cancel_account") + self.assertEqual(permissions_account[5], "create_vpc") + + def test_entity_permissions_get(self): + """ + Test that entity permissions can be properly retrieved for a user + and given entity type and id + """ + permissions_entity = self.client.iam.entity_permissions_get( + "myusername", "linode", 1 + ) + + # Add assertions based on your fixture data + self.assertEqual(len(permissions_entity), 6) + self.assertEqual( + permissions_entity[0], "generate_linode_lish_token_remote" + ) + self.assertEqual(permissions_entity[1], "rebuild_linode") + self.assertEqual(permissions_entity[2], "shutdown_linode") + self.assertEqual(permissions_entity[3], "create_linode_config_profile") + self.assertEqual(permissions_entity[4], "rescue_linode") + self.assertEqual(permissions_entity[5], "list_linode_volumes")