linode_api4-python/linode_api4/groups/iam.py at 3c90301fb58ab079b96b0b8cbb77dd27a16e991a · linode/linode_api4-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
from typing import Any, Dict, List, Optional, Union

from linode_api4.errors import UnexpectedResponseError
from linode_api4.groups import Group
from linode_api4.objects import EntityAccess, LinodeEntity


class IAMGroup(Group):
    def role_permissions(self):
        """
        Returns the permissions available on the account assigned to any user of the account.

        This is intended to be called off of the :any:`LinodeClient`
        class, like this::

           permissions = client.role_permissions()

        API Documentation: TODO

        :returns: The JSON role permissions for the account.
        """
        return self.client.get("/iam/role-permissions", model=self)

    def role_permissions_user_get(self, username):
        """
        Returns the permissions available on the account assigned to the specified user.

        This is intended to be called off of the :any:`LinodeClient`
        class, like this::

           permissions = client.role_permissions_user_get("myusername")

        API Documentation: TODO

        :returns: The JSON role permissions for the user.
        """
        return self.client.get(
            f"/iam/users/{username}/role-permissions", model=self
        )

    def role_permissions_user_set(
        self,
        username,
        account_access: Optional[List[str]] = None,
        entity_access: Optional[
            Union[List[EntityAccess], Dict[str, Any]]
        ] = None,
    ):
        """
        Assigns the specified permissions to the specified user, and returns them.

        This is intended to be called off of the :any:`LinodeClient`
        class, like this::

           permissions = client.role_permissions_user_set("muusername")

        API Documentation: TODO

        :returns: The JSON role permissions for the user.
        """
        params = {
            "account_access": account_access,
            "entity_access": entity_access,
        }

        result = self.client.put(
            f"/iam/users/{username}/role-permissions",
            data=params,
        )

        if "account_access" not in result:
            raise UnexpectedResponseError(
                "Unexpected response updating role permissions!", json=result
            )

        return result

    def entities(self, *filters):
        """
        Returns the current entities of the account.

        This is intended to be called off of the :any:`LinodeClient`
        class, like this::

           permissions = client.entities()

        API Documentation: TODO

        :param filters: Any number of filters to apply to this query.
                        See :doc:`Filtering Collections</linode_api4/objects/filtering>`
                        for more details on filtering.

        :returns: A list of entities that match the query.
        :rtype: PaginatedList of Entity
        """
        return self.client._get_and_filter(
            LinodeEntity, *filters, endpoint="/entities"
        )

    def account_permissions_get(self, username):
        """
        Returns the account-level permissions for the specified user.

        This is intended to be called off of the :any:`LinodeClient`
        class, like this::

           permissions_account = client.account_permissions_get("myusername")

        API Documentation: TODO

        :param username: The username to get permissions for.
        :type username: str

        :returns: The account-level permissions for the user.
        :rtype: List[str]
        """
        return self.client.get(
            f"/iam/users/{username}/permissions/account",
        )

    def entity_permissions_get(self, username, entity_type, entity_id):
        """
        Returns the entity-level permissions for the specified user on a specific entity.

        This is intended to be called off of the :any:`LinodeClient`
        class, like this::

           permissions_entity = client.entity_permissions_get("myusername", "linode", 123456)

        API Documentation: TODO

        :param username: The username to get permissions for.
        :type username: str
        :param entity_type: The type of entity (e.g., "linode", "firewall").
        :type entity_type: str
        :param entity_id: The ID of the specific entity.
        :type entity_id: int

        :returns: The entity-level permissions for the user on the specified entity.
        :rtype: List[str]
        """
        return self.client.get(
            f"/iam/users/{username}/permissions/{entity_type}/{entity_id}"
        )