From 3921e0ebd8be5b67bbf2e82e24e4107ef404b9c7 Mon Sep 17 00:00:00 2001 From: Seyed F Date: Tue, 24 Mar 2026 12:18:09 +0530 Subject: [PATCH] Added read only permissions to duo-client --- duo_client/admin.py | 28 ++++++++ tests/admin/test_integration.py | 120 ++++++++++++++++++++++++++++++++ 2 files changed, 148 insertions(+) diff --git a/duo_client/admin.py b/duo_client/admin.py index 5413923..79374a6 100644 --- a/duo_client/admin.py +++ b/duo_client/admin.py @@ -126,9 +126,11 @@ {'adminapi_admins': , 'adminapi_info': , 'adminapi_integrations': , + 'adminapi_integrations_read': , 'adminapi_read_log': , 'adminapi_read_resource': , 'adminapi_settings': , + 'adminapi_settings_read': , 'adminapi_write_resource': , 'self_service_allowed': , 'enroll_policy': , @@ -2624,12 +2626,16 @@ def create_integration(self, enroll_policy=None, username_normalization_policy=None, adminapi_admins=None, + adminapi_admins_read=None, adminapi_info=None, adminapi_integrations=None, + adminapi_integrations_read=None, adminapi_read_log=None, adminapi_read_resource=None, adminapi_settings=None, + adminapi_settings_read=None, adminapi_write_resource=None, + adminapi_allow_to_set_permissions=None, trusted_device_days=None, ip_whitelist=None, ip_whitelist_enroll_policy=None, @@ -2655,9 +2661,11 @@ def create_integration(self, adminapi_admins - |None adminapi_info - |None adminapi_integrations - |None + adminapi_integrations_read - |None adminapi_read_log - |None adminapi_read_resource - |None adminapi_settings - |None + adminapi_settings_read - |None adminapi_write_resource - |None groups_allowed - self_service_allowed - |None @@ -2693,10 +2701,14 @@ def create_integration(self, params['ip_whitelist_enroll_policy'] = ip_whitelist_enroll_policy if adminapi_admins is not None: params['adminapi_admins'] = '1' if adminapi_admins else '0' + if adminapi_admins_read is not None: + params['adminapi_admins_read'] = '1' if adminapi_admins_read else '0' if adminapi_info is not None: params['adminapi_info'] = '1' if adminapi_info else '0' if adminapi_integrations is not None: params['adminapi_integrations'] = '1' if adminapi_integrations else '0' + if adminapi_integrations_read is not None: + params['adminapi_integrations_read'] = '1' if adminapi_integrations_read else '0' if adminapi_read_log is not None: params['adminapi_read_log'] = '1' if adminapi_read_log else '0' if adminapi_read_resource is not None: @@ -2704,9 +2716,13 @@ def create_integration(self, '1' if adminapi_read_resource else '0') if adminapi_settings is not None: params['adminapi_settings'] = '1' if adminapi_settings else '0' + if adminapi_settings_read is not None: + params['adminapi_settings_read'] = '1' if adminapi_settings_read else '0' if adminapi_write_resource is not None: params['adminapi_write_resource'] = ( '1' if adminapi_write_resource else '0') + if adminapi_allow_to_set_permissions is not None: + params['adminapi_allow_to_set_permissions'] = '1' if adminapi_allow_to_set_permissions else '0' if groups_allowed is not None: params['groups_allowed'] = groups_allowed if self_service_allowed is not None: @@ -2827,11 +2843,14 @@ def update_integration(self, enroll_policy=None, username_normalization_policy=None, adminapi_admins=None, + adminapi_admins_read=None, adminapi_info=None, adminapi_integrations=None, + adminapi_integrations_read=None, adminapi_read_log=None, adminapi_read_resource=None, adminapi_settings=None, + adminapi_settings_read=None, adminapi_write_resource=None, reset_secret_key=None, trusted_device_days=None, @@ -2856,11 +2875,14 @@ def update_integration(self, ip_whitelist_enroll_policy - See adminapi docs for more details. adminapi_admins - |None + adminapi_admins_read - True|False|None adminapi_info - True|False|None adminapi_integrations - True|False|None + adminapi_integrations_read - True|False|None adminapi_read_log - True|False|None adminapi_read_resource - True|False|None adminapi_settings - True|False|None + adminapi_settings_read - True|False|None adminapi_write_resource - True|False|None reset_secret_key - |None groups_allowed - @@ -2901,10 +2923,14 @@ def update_integration(self, params['ip_whitelist_enroll_policy'] = ip_whitelist_enroll_policy if adminapi_admins is not None: params['adminapi_admins'] = '1' if adminapi_admins else '0' + if adminapi_admins_read is not None: + params['adminapi_admins_read'] = '1' if adminapi_admins_read else '0' if adminapi_info is not None: params['adminapi_info'] = '1' if adminapi_info else '0' if adminapi_integrations is not None: params['adminapi_integrations'] = '1' if adminapi_integrations else '0' + if adminapi_integrations_read is not None: + params['adminapi_integrations_read'] = '1' if adminapi_integrations_read else '0' if adminapi_read_log is not None: params['adminapi_read_log'] = '1' if adminapi_read_log else '0' if adminapi_read_resource is not None: @@ -2912,6 +2938,8 @@ def update_integration(self, '1' if adminapi_read_resource else '0') if adminapi_settings is not None: params['adminapi_settings'] = '1' if adminapi_settings else '0' + if adminapi_settings_read is not None: + params['adminapi_settings_read'] = '1' if adminapi_settings_read else '0' if adminapi_write_resource is not None: params['adminapi_write_resource'] = ( '1' if adminapi_write_resource else '0') diff --git a/tests/admin/test_integration.py b/tests/admin/test_integration.py index 4f1aca5..789882c 100644 --- a/tests/admin/test_integration.py +++ b/tests/admin/test_integration.py @@ -76,5 +76,125 @@ def test_update_integration_success(self): } ) + def test_create_integration_with_permissions(self): + response = self.client.create_integration( + name="Admin API integration", + integration_type="adminapi", + adminapi_admins=True, + adminapi_admins_read=True, + adminapi_info=True, + adminapi_integrations=True, + adminapi_integrations_read=True, + adminapi_read_log=True, + adminapi_read_resource=True, + adminapi_settings=True, + adminapi_settings_read=True, + adminapi_write_resource=True, + adminapi_allow_to_set_permissions=True, + self_service_allowed=True, + ) + + self.assertEqual(response['method'], 'POST') + self.assertEqual(response['uri'], '/admin/v3/integrations') + self.assertEqual(json.loads(response['body']), + { + "account_id": self.client.account_id, + "name": "Admin API integration", + "type": "adminapi", + "adminapi_admins": "1", + "adminapi_admins_read": "1", + "adminapi_info": "1", + "adminapi_integrations": "1", + "adminapi_integrations_read": "1", + "adminapi_read_log": "1", + "adminapi_read_resource": "1", + "adminapi_settings": "1", + "adminapi_settings_read": "1", + "adminapi_write_resource": "1", + "adminapi_allow_to_set_permissions": "1", + "self_service_allowed": "1", + } + ) + + def test_create_integration_with_permissions_disabled(self): + response = self.client.create_integration( + name="Admin API integration", + integration_type="adminapi", + adminapi_admins=False, + adminapi_admins_read=False, + adminapi_integrations_read=False, + adminapi_settings_read=False, + adminapi_allow_to_set_permissions=False, + ) + + self.assertEqual(response['method'], 'POST') + self.assertEqual(response['uri'], '/admin/v3/integrations') + self.assertEqual(json.loads(response['body']), + { + "account_id": self.client.account_id, + "name": "Admin API integration", + "type": "adminapi", + "adminapi_admins": "0", + "adminapi_admins_read": "0", + "adminapi_integrations_read": "0", + "adminapi_settings_read": "0", + "adminapi_allow_to_set_permissions": "0", + } + ) + + def test_update_integration_with_permissions(self): + response = self.client.update_integration( + self.integration_key, + adminapi_admins=True, + adminapi_admins_read=True, + adminapi_info=True, + adminapi_integrations=True, + adminapi_integrations_read=True, + adminapi_read_log=True, + adminapi_read_resource=True, + adminapi_settings=True, + adminapi_settings_read=True, + adminapi_write_resource=True, + self_service_allowed=True, + ) + + self.assertEqual(response['method'], 'POST') + self.assertEqual(response['uri'], '/admin/v3/integrations/{}'.format(self.integration_key)) + self.assertEqual(json.loads(response['body']), + { + "account_id": self.client.account_id, + "adminapi_admins": "1", + "adminapi_admins_read": "1", + "adminapi_info": "1", + "adminapi_integrations": "1", + "adminapi_integrations_read": "1", + "adminapi_read_log": "1", + "adminapi_read_resource": "1", + "adminapi_settings": "1", + "adminapi_settings_read": "1", + "adminapi_write_resource": "1", + "self_service_allowed": "1", + } + ) + + def test_update_integration_with_permissions_disabled(self): + response = self.client.update_integration( + self.integration_key, + adminapi_admins_read=False, + adminapi_integrations_read=False, + adminapi_settings_read=False, + ) + + self.assertEqual(response['method'], 'POST') + self.assertEqual(response['uri'], '/admin/v3/integrations/{}'.format(self.integration_key)) + self.assertEqual(json.loads(response['body']), + { + "account_id": self.client.account_id, + "adminapi_admins_read": "0", + "adminapi_integrations_read": "0", + "adminapi_settings_read": "0", + } + ) + if __name__ == '__main__': unittest.main()