Skip to content

Add support for account and entity permissions endpoints #639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dawiddzhafarov wants to merge 2 commits into
base: proj/iam
Choose a base branch
from
+131 −0
Open

Add support for account and entity permissions endpoints #639

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f78260a
Add support for account and entity permissions endpoints
dawiddzhafarov Feb 4, 2026
d0aff48
Skip tests early if response is empty
dawiddzhafarov Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions linode_api4/groups/iam.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,3 +96,49 @@ def entities(self, *filters):
return self.client._get_and_filter(
LinodeEntity, *filters, endpoint="/entities"
)

def account_permissions_get(self, username):
"""
Returns the account-level permissions for the specified user.

This is intended to be called off of the :any:`LinodeClient`
class, like this::

permissions_account = client.account_permissions_get("myusername")

API Documentation: TODO
Copy link
Contributor

@mgwoj mgwoj Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we provide link?

Copy link
Contributor Author

@dawiddzhafarov dawiddzhafarov Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To my latest knowledge there is no working link yet.


:param username: The username to get permissions for.
:type username: str

:returns: The account-level permissions for the user.
:rtype: List[str]
"""
return self.client.get(
f"/iam/users/{username}/permissions/account",
)

def entity_permissions_get(self, username, entity_type, entity_id):
"""
Returns the entity-level permissions for the specified user on a specific entity.

This is intended to be called off of the :any:`LinodeClient`
class, like this::

permissions_entity = client.entity_permissions_get("myusername", "linode", 123456)

API Documentation: TODO
Copy link
Contributor

@mgwoj mgwoj Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we provide link?

Copy link
Contributor Author

@dawiddzhafarov dawiddzhafarov Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To my latest knowledge there is no working link yet.


:param username: The username to get permissions for.
:type username: str
:param entity_type: The type of entity (e.g., "linode", "firewall").
:type entity_type: str
:param entity_id: The ID of the specific entity.
:type entity_id: int

:returns: The entity-level permissions for the user on the specified entity.
:rtype: List[str]
"""
return self.client.get(
f"/iam/users/{username}/permissions/{entity_type}/{entity_id}"
)
8 changes: 8 additions & 0 deletions test/fixtures/iam_users_myusername_permissions_account.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[
"list_events",
"list_entities",
"view_account_settings",
"view_invoice_item",
"cancel_account",
"create_vpc"
]
8 changes: 8 additions & 0 deletions test/fixtures/iam_users_myusername_permissions_linode_1.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[
"generate_linode_lish_token_remote",
"rebuild_linode",
"shutdown_linode",
"create_linode_config_profile",
"rescue_linode",
"list_linode_volumes"
]
32 changes: 32 additions & 0 deletions test/integration/models/iam/iam_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,3 +58,35 @@ def test_list_entities(test_linode_client):
assert hasattr(entity, "type")
else:
pytest.skip("No entities found in IAM response.")


def test_get_account_permissions(test_linode_client):
client = test_linode_client
username = client.profile().username

account_permissions = client.iam.account_permissions_get(username)

if not account_permissions:
pytest.skip("No account permissions found for the user.")
Copy link
Contributor

@mgwoj mgwoj Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we silently skip the test?

Copy link
Contributor Author

@dawiddzhafarov dawiddzhafarov Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know, checks for the details makes sense if the details exist. Should we fail the test?

Copy link
Contributor

@mgwoj mgwoj Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer to fail the test, but we can discuss it.

else:
assert len(account_permissions) > 0


def test_get_entity_permissions(test_linode_client):
client = test_linode_client
username = client.profile().username

entities = client.iam.entities()
if not entities:
pytest.skip("no entities")
else:
entity = entities[0]
entity_permissions = client.iam.entity_permissions_get(
username, entity.type, entity.id
)
if not entity_permissions:
pytest.skip(
"no entity permissions found for the user and chosen entity."
Copy link
Contributor

@mgwoj mgwoj Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/linode/linode_api4-python/pull/639/changes#r2904314708

Copy link
Contributor Author

@dawiddzhafarov dawiddzhafarov Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#639 (comment)

)
else:
assert len(entity_permissions) > 0
37 changes: 37 additions & 0 deletions test/unit/groups/iam_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,3 +240,40 @@ def test_role_permissions_user_set(self):
self.assertEqual(
m.call_data["entity_access"][1]["roles"], ["firewall_admin"]
)

def test_account_permissions_get(self):
"""
Test that account permissions can be properly retrieved for a user
"""
permissions_account = self.client.iam.account_permissions_get(
"myusername"
)

# Add assertions based on your fixture data
self.assertEqual(len(permissions_account), 6)
self.assertEqual(permissions_account[0], "list_events")
self.assertEqual(permissions_account[1], "list_entities")
self.assertEqual(permissions_account[2], "view_account_settings")
self.assertEqual(permissions_account[3], "view_invoice_item")
self.assertEqual(permissions_account[4], "cancel_account")
self.assertEqual(permissions_account[5], "create_vpc")

def test_entity_permissions_get(self):
"""
Test that entity permissions can be properly retrieved for a user
and given entity type and id
"""
permissions_entity = self.client.iam.entity_permissions_get(
"myusername", "linode", 1
)

# Add assertions based on your fixture data
self.assertEqual(len(permissions_entity), 6)
self.assertEqual(
permissions_entity[0], "generate_linode_lish_token_remote"
)
self.assertEqual(permissions_entity[1], "rebuild_linode")
self.assertEqual(permissions_entity[2], "shutdown_linode")
self.assertEqual(permissions_entity[3], "create_linode_config_profile")
self.assertEqual(permissions_entity[4], "rescue_linode")
self.assertEqual(permissions_entity[5], "list_linode_volumes")
Loading