Skip to content

Add support for account and entity permissions endpoints #639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dawiddzhafarov wants to merge 2 commits into
base: proj/iam
Choose a base branch
from
Open

Add support for account and entity permissions endpoints #639

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f78260a
Add support for account and entity permissions endpoints
dawiddzhafarov Feb 4, 2026
d0aff48
Skip tests early if response is empty
dawiddzhafarov Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions linode_api4/groups/iam.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,3 +96,49 @@ def entities(self, *filters):
return self.client._get_and_filter(
LinodeEntity, *filters, endpoint="/entities"
)

def account_permissions_get(self, username):
"""
Returns the account-level permissions for the specified user.

This is intended to be called off of the :any:`LinodeClient`
class, like this::

permissions_account = client.account_permissions_get("myusername")
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The example shows calling the method on client directly, but based on the docstring context ('This is intended to be called off of the :any:LinodeClient class'), it should be client.iam.account_permissions_get('myusername') to match the actual API structure.

Suggested change
permissions_account = client.account_permissions_get("myusername")
permissions_account = client.iam.account_permissions_get("myusername")

Copilot uses AI. Check for mistakes.

API Documentation: TODO

:param username: The username to get permissions for.
:type username: str

:returns: The account-level permissions for the user.
:rtype: List[str]
"""
return self.client.get(
f"/iam/users/{username}/permissions/account",
)

def entity_permissions_get(self, username, entity_type, entity_id):
"""
Returns the entity-level permissions for the specified user on a specific entity.

This is intended to be called off of the :any:`LinodeClient`
class, like this::

permissions_entity = client.entity_permissions_get("myusername", "linode", 123456)
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The example shows calling the method on client directly, but it should be client.iam.entity_permissions_get('myusername', 'linode', 123456) to match the actual API structure and be consistent with how the IAM group methods are accessed.

Suggested change
permissions_entity = client.entity_permissions_get("myusername", "linode", 123456)
permissions_entity = client.iam.entity_permissions_get("myusername", "linode", 123456)

Copilot uses AI. Check for mistakes.

API Documentation: TODO

:param username: The username to get permissions for.
:type username: str
:param entity_type: The type of entity (e.g., "linode", "firewall").
:type entity_type: str
:param entity_id: The ID of the specific entity.
:type entity_id: int

:returns: The entity-level permissions for the user on the specified entity.
:rtype: List[str]
"""
return self.client.get(
f"/iam/users/{username}/permissions/{entity_type}/{entity_id}"
)
8 changes: 8 additions & 0 deletions test/fixtures/iam_users_myusername_permissions_account.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[
"list_events",
"list_entities",
"view_account_settings",
"view_invoice_item",
"cancel_account",
"create_vpc"
]
8 changes: 8 additions & 0 deletions test/fixtures/iam_users_myusername_permissions_linode_1.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[
"generate_linode_lish_token_remote",
"rebuild_linode",
"shutdown_linode",
"create_linode_config_profile",
"rescue_linode",
"list_linode_volumes"
]
32 changes: 32 additions & 0 deletions test/integration/models/iam/iam_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,3 +58,35 @@ def test_list_entities(test_linode_client):
assert hasattr(entity, "type")
else:
pytest.skip("No entities found in IAM response.")


def test_get_account_permissions(test_linode_client):
client = test_linode_client
username = client.profile().username

account_permissions = client.iam.account_permissions_get(username)

if not account_permissions:
pytest.skip("No account permissions found for the user.")
else:
assert len(account_permissions) > 0


def test_get_entity_permissions(test_linode_client):
client = test_linode_client
username = client.profile().username

entities = client.iam.entities()
if not entities:
pytest.skip("no entities")
else:
entity = entities[0]
entity_permissions = client.iam.entity_permissions_get(
username, entity.type, entity.id
)
if not entity_permissions:
pytest.skip(
"no entity permissions found for the user and chosen entity."
)
else:
assert len(entity_permissions) > 0
37 changes: 37 additions & 0 deletions test/unit/groups/iam_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,3 +240,40 @@ def test_role_permissions_user_set(self):
self.assertEqual(
m.call_data["entity_access"][1]["roles"], ["firewall_admin"]
)

def test_account_permissions_get(self):
"""
Test that account permissions can be properly retrieved for a user
"""
permissions_account = self.client.iam.account_permissions_get(
"myusername"
)

# Add assertions based on your fixture data
self.assertEqual(len(permissions_account), 6)
self.assertEqual(permissions_account[0], "list_events")
self.assertEqual(permissions_account[1], "list_entities")
self.assertEqual(permissions_account[2], "view_account_settings")
self.assertEqual(permissions_account[3], "view_invoice_item")
self.assertEqual(permissions_account[4], "cancel_account")
self.assertEqual(permissions_account[5], "create_vpc")

def test_entity_permissions_get(self):
"""
Test that entity permissions can be properly retrieved for a user
and given entity type and id
"""
permissions_entity = self.client.iam.entity_permissions_get(
"myusername", "linode", 1
)

# Add assertions based on your fixture data
self.assertEqual(len(permissions_entity), 6)
self.assertEqual(
permissions_entity[0], "generate_linode_lish_token_remote"
)
self.assertEqual(permissions_entity[1], "rebuild_linode")
self.assertEqual(permissions_entity[2], "shutdown_linode")
self.assertEqual(permissions_entity[3], "create_linode_config_profile")
self.assertEqual(permissions_entity[4], "rescue_linode")
self.assertEqual(permissions_entity[5], "list_linode_volumes")
Loading