iam - add RoleLastUsed to get_role response (#5302)

2022-08-05 02:18:06 +10:00 · 2022-08-05 02:18:06 +10:00 · 12d58bbf29
commit 12d58bbf29
parent 02270ffcef
2 changed files with 37 additions and 0 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -592,6 +592,8 @@ class Role(CloudFormationModel):
        self.managed_policies = {}
        self.create_date = datetime.utcnow()
        self.tags = tags
+        self.last_used = None
+        self.last_used_region = None
        self.description = description
        self.permissions_boundary = permissions_boundary
        self.max_session_duration = max_session_duration
@ -601,6 +603,11 @@ class Role(CloudFormationModel):
    def created_iso_8601(self):
        return iso_8601_datetime_with_milliseconds(self.create_date)

+    @property
+    def last_used_iso_8601(self):
+        if self.last_used:
+            return iso_8601_datetime_with_milliseconds(self.last_used)
+
    @staticmethod
    def cloudformation_name_type():
        return "RoleName"
@ -788,6 +795,14 @@ class Role(CloudFormationModel):
        {% endfor %}
      </Tags>
      {% endif %}
+      <RoleLastUsed>
+        {% if role.last_used %}
+        <LastUsedDate>{{ role.last_used_iso_8601 }}</LastUsedDate>
+        {% endif %}
+        {% if role.last_used_region %}
+        <Region>{{ role.last_used_region }}</Region>
+        {% endif %}
+      </RoleLastUsed>
    </Role>"""
        )
        return template.render(role=self)
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -79,6 +79,28 @@ def test_get_role__should_throw__when_role_does_not_exist():
    err["Message"].should.contain("not found")


+@mock_iam
+def test_get_role__should_contain_last_used():
+    conn = boto3.client("iam", region_name="us-east-1")
+    conn.create_role(
+        RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/"
+    )
+    role = conn.get_role(RoleName="my-role")["Role"]
+    role["RoleLastUsed"].should.equal({})
+
+    if not settings.TEST_SERVER_MODE:
+        iam_backend = get_backend("iam")["global"]
+        last_used = datetime.strptime(
+            "2022-07-18T10:30:00+00:00", "%Y-%m-%dT%H:%M:%S+00:00"
+        )
+        region = "us-west-1"
+        iam_backend.roles[role["RoleId"]].last_used = last_used
+        iam_backend.roles[role["RoleId"]].last_used_region = region
+        roleLastUsed = conn.get_role(RoleName="my-role")["Role"]["RoleLastUsed"]
+        roleLastUsed["LastUsedDate"].replace(tzinfo=None).should.equal(last_used)
+        roleLastUsed["Region"].should.equal(region)
+
+
@mock_iam
 def test_get_instance_profile__should_throw__when_instance_profile_does_not_exist():
    conn = boto3.client("iam", region_name="us-east-1")