From 432054f9fd1876cc77dedc1b82e0341c1ab64d99 Mon Sep 17 00:00:00 2001
From: Grisha <codpure@gmail.com>
Date: Mon, 11 Dec 2023 14:38:27 +0200
Subject: [PATCH] user-management endpoints (#147)

* user-management endpoints

* types

---------

Co-authored-by: Gregory Koltoun <gregory@fireblocks.com>
---
 fireblocks_sdk/api_types.py | 11 +++++
 fireblocks_sdk/sdk.py       | 82 +++++++++++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+)

diff --git a/fireblocks_sdk/api_types.py b/fireblocks_sdk/api_types.py
index 8c63689..04678bc 100644
--- a/fireblocks_sdk/api_types.py
+++ b/fireblocks_sdk/api_types.py
@@ -450,6 +450,17 @@ class AuthorizationLogic(str, Enum):
     AND = "AND"
     OR = "OR"
 
+class Role(str, Enum):
+    ADMIN = "ADMIN"
+    SIGNER = "SIGNER"
+    EDITOR = "EDITOR"
+    APPROVER = "APPROVER"
+    VIEWER = "VIEWER"
+    NON_SIGNING_ADMIN = "NON_SIGNING_ADMIN"
+    AUDITOR = "AUDITOR"
+    NCW_ADMIN = "NCW_ADMIN"
+    NCW_SIGNER = "NCW_SIGNER"
+
 
 class AuthorizationGroup:
     def __init__(self, users: Optional[List[str]] = None, users_groups: Optional[List[str]] = None, th: int = 0):
diff --git a/fireblocks_sdk/sdk.py b/fireblocks_sdk/sdk.py
index 83a4079..e70fbad 100644
--- a/fireblocks_sdk/sdk.py
+++ b/fireblocks_sdk/sdk.py
@@ -36,6 +36,7 @@
     StakeRequestDto,
     UnstakeRequestDto,
     WithdrawRequestDto,
+    Role,
 )
 from .tokenization_api_types import \
     CreateTokenRequest, \
@@ -2176,6 +2177,87 @@ def delete_user_group(self, id: str) -> None:
 
         return self._delete_request(url)
 
+    def get_console_users(self) -> List[Dict[str, Any]]:
+        """
+        Gets all Console Users for your tenant
+        """
+
+        url = "/v1/management/console-users"
+
+        return self._get_request(url)
+
+    def get_api_users(self) -> List[Dict[str, Any]]:
+        """
+        Gets all Api Users for your tenant
+        """
+
+        url = "/v1/management/api-users"
+
+        return self._get_request(url)
+
+    def create_console_user(self, first_name: str, last_name: str, email: str, role: Role) -> None:
+        """
+        Create Console User for your tenant
+        @param first_name: firstName of the user, example: "Johnny".  Maximum length: 30 chars.
+        @param last_name: lastName of the user. Maximum length: 30 chars.
+        @param email: email of the user, example: "email@example.com"
+        @param role: role of the user, for example: "ADMIN"
+        """
+
+        url = "/v1/management/console-users"
+
+        body = {
+            "firstName": first_name,
+            "lastName": last_name,
+            "email": email,
+            "role": role
+        }
+
+        return self._post_request(url, body)
+
+    def create_api_user(self, name: str, role: Role, csr_pem: str, co_signer_setup: Optional[str] = None, co_signer_setup_is_first_user: Optional[bool] = False) -> None:
+        """
+        Create Api User for your tenant
+        @param role: role of the user, for example: "ADMIN"
+        @param name: name of the api user, example: "Johnny The Api".  Maximum length: 30 chars.
+        @param csr_pem: generate .csr file and provide its string content here, example:  "-----BEGIN CERTIFICATE REQUEST-----aaa-----END CERTIFICATE REQUEST-----"
+        You can find more info about csrPem and how to create it here: https://developers.fireblocks.com/docs/quickstart
+        @param co_signer_setup: your cosigner, for example: "SGX_MACHINE", read more: https://developers.fireblocks.com/docs/quickstart
+        @param co_signer_setup_is_first_user: [SGX server enabled only] If you are the first user to be configured on this SGX-enabled Co-Signer server, this has to be true
+        """
+
+        url = "/v1/management/api-users"
+
+        body = {
+            "role": role,
+            "name": name,
+            "csrPem": csr_pem,
+            "coSignerSetup": co_signer_setup,
+            "coSignerSetupIsFirstUser": co_signer_setup_is_first_user
+        }
+
+        return self._post_request(url, body)
+
+    def reset_device_request(self, id: str) -> None:
+        """
+        Re-enroll Mobile Device of a user in your tenant
+        @param id: userId of the user to reset device
+        """
+
+        url = f"/v1/management/console-users/{id}/reset-device"
+
+        return self._post_request(url)
+
+    def get_whitelisted_ip_addresses(self, id: str) ->  Dict[str, Any]:
+        """
+        Get whitelisted addresses of api user in your tenant
+        @param id: userId of the user
+        """
+
+        url = f"/v1/management/api-users/{id}/whitelist-ip-addresses"
+
+        return self._get_request(url)
+
     def get_off_exchanges(self):
         """
         Get your connected off exchanges virtual accounts