Use parse.quote for URL formatting (#309)

## 📝 Description

This change enforces path escaping for all string formatted URL
endpoints.

## ✔️ How to Test

```
pytest test
```

Author: lgarber-akamai

linode_api4/groups/object_storage.py

@@ -1,3 +1,5 @@
+from urllib import parse
+
 from linode_api4.errors import UnexpectedResponseError
 from linode_api4.groups import Group
 from linode_api4.objects import (
@@ -327,7 +329,7 @@ def object_url_create(
 
         result = self.client.post(
             "/object-storage/buckets/{}/{}/object-url".format(
-                cluster_id, bucket
+                parse.quote(str(cluster_id)), parse.quote(str(bucket))
             ),
             data=drop_null_keys(params),
         )

linode_api4/linode_client.py

@@ -3,6 +3,7 @@
 import json
 import logging
 from typing import BinaryIO, Tuple
+from urllib import parse
 
 import pkg_resources
 import requests
@@ -227,7 +228,10 @@ def _api_call(
             raise ValueError("Method is required for API calls!")
 
         if model:
-            endpoint = endpoint.format(**vars(model))
+            endpoint = endpoint.format(
+                **{k: parse.quote(str(v)) for k, v in vars(model).items()}
+            )
+
         url = "{}{}".format(self.base_url, endpoint)
         headers = {
             "Authorization": "Bearer {}".format(self.token),

linode_api4/objects/linode.py

@@ -4,6 +4,7 @@
 from enum import Enum
 from os import urandom
 from random import randint
+from urllib import parse
 
 from linode_api4 import util
 from linode_api4.common import load_and_validate_keys
@@ -590,7 +591,11 @@ def transfer_year_month(self, year, month):
         """
 
         result = self._client.get(
-            "{}/transfer/{}/{}".format(Instance.api_endpoint, year, month),
+            "{}/transfer/{}/{}".format(
+                Instance.api_endpoint,
+                parse.quote(str(year)),
+                parse.quote(str(month)),
+            ),
             model=self,
         )
 
@@ -1415,7 +1420,9 @@ def stats_for(self, dt):
         if not isinstance(dt, datetime):
             raise TypeError("stats_for requires a datetime object!")
         return self._client.get(
-            "{}/stats/{}".format(Instance.api_endpoint, dt.strftime("%Y/%m")),
+            "{}/stats/{}".format(
+                Instance.api_endpoint, parse.quote(dt.strftime("%Y/%m"))
+            ),
             model=self,
         )
 

linode_api4/objects/lke.py

@@ -1,3 +1,5 @@
+from urllib import parse
+
 from linode_api4.errors import UnexpectedResponseError
 from linode_api4.objects import (
     Base,
@@ -254,7 +256,10 @@ def node_view(self, nodeId):
         """
 
         node = self._client.get(
-            "{}/nodes/{}".format(LKECluster.api_endpoint, nodeId), model=self
+            "{}/nodes/{}".format(
+                LKECluster.api_endpoint, parse.quote(str(nodeId))
+            ),
+            model=self,
         )
 
         return LKENodePoolNode(self._client, node)
@@ -270,7 +275,10 @@ def node_delete(self, nodeId):
         """
 
         self._client.delete(
-            "{}/nodes/{}".format(LKECluster.api_endpoint, nodeId), model=self
+            "{}/nodes/{}".format(
+                LKECluster.api_endpoint, parse.quote(str(nodeId))
+            ),
+            model=self,
         )
 
     def node_recycle(self, nodeId):
@@ -284,7 +292,9 @@ def node_recycle(self, nodeId):
         """
 
         self._client.post(
-            "{}/nodes/{}/recycle".format(LKECluster.api_endpoint, nodeId),
+            "{}/nodes/{}/recycle".format(
+                LKECluster.api_endpoint, parse.quote(str(nodeId))
+            ),
             model=self,
         )
 

linode_api4/objects/networking.py

@@ -7,7 +7,7 @@ class IPv6Pool(Base):
     DEPRECATED
     """
 
-    api_endpoint = "/networking/ipv6/pools/{}"
+    api_endpoint = "/networking/ipv6/pools/{range}"
     id_attribute = "range"
 
     properties = {
@@ -101,7 +101,7 @@ class VLAN(Base):
     API Documentation: https://www.linode.com/docs/api/networking/#vlans-list
     """
 
-    api_endpoint = "/networking/vlans/{}"
+    api_endpoint = "/networking/vlans/{label}"
     id_attribute = "label"
 
     properties = {

linode_api4/objects/nodebalancer.py

@@ -1,4 +1,5 @@
 import os
+from urllib import parse
 
 from linode_api4.errors import UnexpectedResponseError
 from linode_api4.objects import (
@@ -271,7 +272,7 @@ def config_rebuild(self, config_id, nodes, **kwargs):
 
         result = self._client.post(
             "{}/configs/{}/rebuild".format(
-                NodeBalancer.api_endpoint, config_id
+                NodeBalancer.api_endpoint, parse.quote(str(config_id))
             ),
             model=self,
             data=params,

linode_api4/objects/object_storage.py

@@ -1,3 +1,5 @@
+from urllib import parse
+
 from linode_api4.errors import UnexpectedResponseError
 from linode_api4.objects import (
     Base,
@@ -99,7 +101,7 @@ def access_modify(
 
         resp = self._client.post(
             "/object-storage/buckets/{}/{}/access".format(
-                self.cluster, self.id
+                parse.quote(str(self.cluster)), parse.quote(str(self.id))
             ),
             data=drop_null_keys(params),
         )
@@ -147,7 +149,7 @@ def access_update(
 
         resp = self._client.put(
             "/object-storage/buckets/{}/{}/access".format(
-                self.cluster, self.id
+                parse.quote(str(self.cluster)), parse.quote(str(self.id))
             ),
             data=drop_null_keys(params),
         )
@@ -177,7 +179,9 @@ def ssl_cert_delete(self):
         """
 
         resp = self._client.delete(
-            "/object-storage/buckets/{}/{}/ssl".format(self.cluster, self.id)
+            "/object-storage/buckets/{}/{}/ssl".format(
+                parse.quote(str(self.cluster)), parse.quote(str(self.id))
+            )
         )
 
         if "error" in resp:
@@ -206,7 +210,9 @@ def ssl_cert(self):
         :rtype: MappedObject
         """
         result = self._client.get(
-            "/object-storage/buckets/{}/{}/ssl".format(self.cluster, self.id)
+            "/object-storage/buckets/{}/{}/ssl".format(
+                parse.quote(str(self.cluster)), parse.quote(str(self.id))
+            )
         )
 
         if not "ssl" in result:
@@ -253,7 +259,9 @@ def ssl_cert_upload(self, certificate, private_key):
             "private_key": private_key,
         }
         result = self._client.post(
-            "/object-storage/buckets/{}/{}/ssl".format(self.cluster, self.id),
+            "/object-storage/buckets/{}/{}/ssl".format(
+                parse.quote(str(self.cluster)), parse.quote(str(self.id))
+            ),
             data=params,
         )
 
@@ -325,7 +333,7 @@ def contents(
         }
         result = self._client.get(
             "/object-storage/buckets/{}/{}/object-list".format(
-                self.cluster, self.id
+                parse.quote(str(self.cluster)), parse.quote(str(self.id))
             ),
             data=drop_null_keys(params),
         )
@@ -492,7 +500,9 @@ def buckets_in_cluster(self, *filters):
         return self._client._get_and_filter(
             ObjectStorageBucket,
             *filters,
-            endpoint="/object-storage/buckets/{}".format(self.id),
+            endpoint="/object-storage/buckets/{}".format(
+                parse.quote(str(self.id))
+            ),
         )