Merge pull request #1021 from JackDanger/implement-get-update-login-profiles

Implement IAM {update,get}_login_profile
2017-07-27 14:36:12 -07:00 · 2017-07-27 14:36:12 -07:00 · 2564953ce7
commit 2564953ce7
parent 1387013879 e445c81e83
3 changed files with 87 additions and 6 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -256,6 +256,7 @@ class User(BaseModel):
        self.policies = {}
        self.access_keys = []
        self.password = None
+        self.password_reset_required = False

    @property
    def arn(self):
@ -772,6 +773,24 @@ class IAMBackend(BaseBackend):
            raise IAMConflictException(
                "User {0} already has password".format(user_name))
        user.password = password
+        return user
+
+    def get_login_profile(self, user_name):
+        user = self.get_user(user_name)
+        if not user.password:
+            raise IAMNotFoundException(
+                "Login profile for {0} not found".format(user_name))
+        return user
+
+    def update_login_profile(self, user_name, password, password_reset_required):
+        # This does not currently deal with PasswordPolicyViolation.
+        user = self.get_user(user_name)
+        if not user.password:
+            raise IAMNotFoundException(
+                "Login profile for {0} not found".format(user_name))
+        user.password = password
+        user.password_reset_required = password_reset_required
+        return user

    def delete_login_profile(self, user_name):
        user = self.get_user(user_name)
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@ -290,10 +290,27 @@ class IamResponse(BaseResponse):
    def create_login_profile(self):
        user_name = self._get_param('UserName')
        password = self._get_param('Password')
-        iam_backend.create_login_profile(user_name, password)
+        password = self._get_param('Password')
+        user = iam_backend.create_login_profile(user_name, password)

        template = self.response_template(CREATE_LOGIN_PROFILE_TEMPLATE)
-        return template.render(user_name=user_name)
+        return template.render(user=user)
+
+    def get_login_profile(self):
+        user_name = self._get_param('UserName')
+        user = iam_backend.get_login_profile(user_name)
+
+        template = self.response_template(GET_LOGIN_PROFILE_TEMPLATE)
+        return template.render(user=user)
+
+    def update_login_profile(self):
+        user_name = self._get_param('UserName')
+        password = self._get_param('Password')
+        password_reset_required = self._get_param('PasswordResetRequired')
+        user = iam_backend.update_login_profile(user_name, password, password_reset_required)
+
+        template = self.response_template(UPDATE_LOGIN_PROFILE_TEMPLATE)
+        return template.render(user=user)

    def add_user_to_group(self):
        group_name = self._get_param('GroupName')
@ -918,12 +935,11 @@ LIST_USERS_TEMPLATE = """<{{ action }}UsersResponse>
   </ResponseMetadata>
 </{{ action }}UsersResponse>"""

-CREATE_LOGIN_PROFILE_TEMPLATE = """
-<CreateLoginProfileResponse>
+CREATE_LOGIN_PROFILE_TEMPLATE = """<CreateLoginProfileResponse>
   <CreateLoginProfileResult>
      <LoginProfile>
-         <UserName>{{ user_name }}</UserName>
-         <CreateDate>2011-09-19T23:00:56Z</CreateDate>
+         <UserName>{{ user.name }}</UserName>
+         <CreateDate>{{ user.created_iso_8601 }}</CreateDate>
      </LoginProfile>
   </CreateLoginProfileResult>
   <ResponseMetadata>
@ -932,6 +948,29 @@ CREATE_LOGIN_PROFILE_TEMPLATE = """
 </CreateLoginProfileResponse>
 """

+GET_LOGIN_PROFILE_TEMPLATE = """<GetLoginProfileResponse>
+   <GetLoginProfileResult>
+      <LoginProfile>
+         <UserName>{{ user.name }}</UserName>
+         <CreateDate>{{ user.created_iso_8601 }}</CreateDate>
+         {% if user.password_reset_required %}
+         <PasswordResetRequired>true</PasswordResetRequired>
+         {% endif %}
+      </LoginProfile>
+   </GetLoginProfileResult>
+   <ResponseMetadata>
+      <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
+   </ResponseMetadata>
+</GetLoginProfileResponse>
+"""
+
+UPDATE_LOGIN_PROFILE_TEMPLATE = """<UpdateLoginProfileResponse>
+   <ResponseMetadata>
+      <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
+   </ResponseMetadata>
+</UpdateLoginProfileResponse>
+"""
+
 GET_USER_POLICY_TEMPLATE = """<GetUserPolicyResponse>
   <GetUserPolicyResult>
      <UserName>{{ user_name }}</UserName>
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -114,6 +114,29 @@ def test_remove_role_from_instance_profile():
    dict(profile.roles).should.be.empty


+@mock_iam()
+def test_get_login_profile():
+    conn = boto3.client('iam', region_name='us-east-1')
+    conn.create_user(UserName='my-user')
+    conn.create_login_profile(UserName='my-user', Password='my-pass')
+
+    response = conn.get_login_profile(UserName='my-user')
+    response['LoginProfile']['UserName'].should.equal('my-user')
+
+
+@mock_iam()
+def test_update_login_profile():
+    conn = boto3.client('iam', region_name='us-east-1')
+    conn.create_user(UserName='my-user')
+    conn.create_login_profile(UserName='my-user', Password='my-pass')
+    response = conn.get_login_profile(UserName='my-user')
+    response['LoginProfile'].get('PasswordResetRequired').should.equal(None)
+
+    conn.update_login_profile(UserName='my-user', Password='new-pass', PasswordResetRequired=True)
+    response = conn.get_login_profile(UserName='my-user')
+    response['LoginProfile'].get('PasswordResetRequired').should.equal(True)
+
+
@mock_iam()
 def test_delete_role():
    conn = boto3.client('iam', region_name='us-east-1')