TPT-4397: Refactor of integration tests for IAM RBAC

linode_api4/groups/iam.py

@@ -96,3 +96,49 @@ def entities(self, *filters):
         return self.client._get_and_filter(
             LinodeEntity, *filters, endpoint="/entities"
         )
+
+    def account_permissions_get(self, username):
+        """
+        Returns the account-level permissions for the specified user.
+
+        This is intended to be called off of the :any:`LinodeClient`
+        class, like this::
+
+           permissions_account = client.account_permissions_get("myusername")
+
+        API Documentation: TODO
+
+        :param username: The username to get permissions for.
+        :type username: str
+
+        :returns: The account-level permissions for the user.
+        :rtype: List[str]
+        """
+        return self.client.get(
+            f"/iam/users/{username}/permissions/account",
+        )
+
+    def entity_permissions_get(self, username, entity_type, entity_id):
+        """
+        Returns the entity-level permissions for the specified user on a specific entity.
+
+        This is intended to be called off of the :any:`LinodeClient`
+        class, like this::
+
+           permissions_entity = client.entity_permissions_get("myusername", "linode", 123456)
+
+        API Documentation: TODO
+
+        :param username: The username to get permissions for.
+        :type username: str
+        :param entity_type: The type of entity (e.g., "linode", "firewall").
+        :type entity_type: str
+        :param entity_id: The ID of the specific entity.
+        :type entity_id: int
+
+        :returns: The entity-level permissions for the user on the specified entity.
+        :rtype: List[str]
+        """
+        return self.client.get(
+            f"/iam/users/{username}/permissions/{entity_type}/{entity_id}"
+        )

test/fixtures/iam_users_myusername_permissions_account.json

@@ -0,0 +1,8 @@
+[
+    "list_events",
+    "list_entities",
+    "view_account_settings",
+    "view_invoice_item",
+    "cancel_account",
+    "create_vpc"
+]

test/fixtures/iam_users_myusername_permissions_linode_1.json

@@ -0,0 +1,8 @@
+[
+    "generate_linode_lish_token_remote",
+    "rebuild_linode",
+    "shutdown_linode",
+    "create_linode_config_profile",
+    "rescue_linode",
+    "list_linode_volumes"
+]

test/integration/models/iam/iam_test.py

@@ -24,24 +24,28 @@ def test_get_user_role_permissions(test_linode_client):
     assert isinstance(user_permissions["account_access"], list)
 
 
-@pytest.mark.skip(
-    reason="Updating IAM role permissions may require elevated privileges."
-)
-def test_set_user_role_permissions(test_linode_client):
+def test_set_user_role_permissions(test_linode_client, test_firewall):
     client = test_linode_client
-    iam = client.iam
+    firewall_id = test_firewall.id
 
     username = client.profile().username
-    entity_access = [EntityAccess(id=1, type="linode", roles=["read_only"])]
-
-    updated = iam.role_permissions_user_set(
+    user_permissions = client.iam.role_permissions_user_get(username)[
+        "account_access"
+    ]
+    entity_access = EntityAccess(
+        id=firewall_id, type="firewall", roles=["firewall_admin"]
+    ).dict
+
+    updated_perms = client.iam.role_permissions_user_set(
         username,
-        account_access=["read_only"],
-        entity_access=entity_access,
+        account_access=user_permissions,
+        entity_access=[entity_access],
     )
 
-    assert "account_access" in updated
-    assert "entity_access" in updated
+    assert "account_access" in updated_perms
+    assert updated_perms["entity_access"][0]["id"] == firewall_id
+    assert updated_perms["entity_access"][0]["roles"] == ["firewall_admin"]
+    assert updated_perms["entity_access"][0]["type"] == "firewall"
 
 
 def test_list_entities(test_linode_client):
@@ -58,3 +62,35 @@ def test_list_entities(test_linode_client):
         assert hasattr(entity, "type")
     else:
         pytest.skip("No entities found in IAM response.")
+
+
+def test_get_account_permissions(test_linode_client):
+    client = test_linode_client
+    username = client.profile().username
+
+    account_permissions = client.iam.account_permissions_get(username)
+
+    if not account_permissions:
+        pytest.fail("No account permissions found for the user.")
+    else:
+        assert len(account_permissions) > 0
+
+
+def test_get_entity_permissions(test_linode_client):
+    client = test_linode_client
+    username = client.profile().username
+
+    entities = client.iam.entities()
+    if not entities:
+        pytest.fail("No entities found in IAM response.")
+    else:
+        entity = entities[0]
+        entity_permissions = client.iam.entity_permissions_get(
+            username, entity.type, entity.id
+        )
+        if not entity_permissions:
+            pytest.fail(
+                "No entity permissions found for the user and chosen entity."
+            )
+        else:
+            assert len(entity_permissions) > 0

test/unit/groups/iam_test.py

@@ -240,3 +240,40 @@ def test_role_permissions_user_set(self):
         self.assertEqual(
             m.call_data["entity_access"][1]["roles"], ["firewall_admin"]
         )
+
+    def test_account_permissions_get(self):
+        """
+        Test that account permissions can be properly retrieved for a user
+        """
+        permissions_account = self.client.iam.account_permissions_get(
+            "myusername"
+        )
+
+        # Add assertions based on your fixture data
+        self.assertEqual(len(permissions_account), 6)
+        self.assertEqual(permissions_account[0], "list_events")
+        self.assertEqual(permissions_account[1], "list_entities")
+        self.assertEqual(permissions_account[2], "view_account_settings")
+        self.assertEqual(permissions_account[3], "view_invoice_item")
+        self.assertEqual(permissions_account[4], "cancel_account")
+        self.assertEqual(permissions_account[5], "create_vpc")
+
+    def test_entity_permissions_get(self):
+        """
+        Test that entity permissions can be properly retrieved for a user
+        and given entity type and id
+        """
+        permissions_entity = self.client.iam.entity_permissions_get(
+            "myusername", "linode", 1
+        )
+
+        # Add assertions based on your fixture data
+        self.assertEqual(len(permissions_entity), 6)
+        self.assertEqual(
+            permissions_entity[0], "generate_linode_lish_token_remote"
+        )
+        self.assertEqual(permissions_entity[1], "rebuild_linode")
+        self.assertEqual(permissions_entity[2], "shutdown_linode")
+        self.assertEqual(permissions_entity[3], "create_linode_config_profile")
+        self.assertEqual(permissions_entity[4], "rescue_linode")
+        self.assertEqual(permissions_entity[5], "list_linode_volumes")