Enhance IAM credentials report to dynamic mfa_active and password_last_used (#5004)
This commit is contained in:
Kent Ou
GitHub
parent
2a6ba0ddd1
commit
56a2fd384c
@ -1036,6 +1036,7 @@ class User(CloudFormationModel):
|
||||
self.access_keys = []
|
||||
self.ssh_public_keys = []
|
||||
self.password = None
|
||||
self.password_last_used = None
|
||||
self.password_reset_required = False
|
||||
self.signing_certificates = {}
|
||||
|
||||
@ -1163,6 +1164,8 @@ class User(CloudFormationModel):
|
||||
else:
|
||||
password_enabled = "true"
|
||||
password_last_used = "no_information"
|
||||
if self.password_last_used:
|
||||
password_last_used = self.password_last_used.strftime(date_format)
|
||||
|
||||
if len(self.access_keys) == 0:
|
||||
access_key_1_active = "false"
|
||||
@ -1210,13 +1213,14 @@ class User(CloudFormationModel):
|
||||
else self.access_keys[1].last_used.strftime(date_format)
|
||||
)
|
||||
|
||||
return "{0},{1},{2},{3},{4},{5},not_supported,false,{6},{7},{8},not_supported,not_supported,{9},{10},{11},not_supported,not_supported,false,N/A,false,N/A\n".format(
|
||||
return "{0},{1},{2},{3},{4},{5},not_supported,{6},{7},{8},{9},not_supported,not_supported,{10},{11},{12},not_supported,not_supported,false,N/A,false,N/A\n".format(
|
||||
self.name,
|
||||
self.arn,
|
||||
date_created.strftime(date_format),
|
||||
password_enabled,
|
||||
password_last_used,
|
||||
date_created.strftime(date_format),
|
||||
"true" if len(self.mfa_devices) else "false",
|
||||
access_key_1_active,
|
||||
access_key_1_last_rotated,
|
||||
access_key_1_last_used,
|
||||
|
||||
@ -1760,6 +1760,7 @@ def test_boto3_get_credential_report_content():
|
||||
conn = boto3.client("iam", region_name="us-east-1")
|
||||
username = "my-user"
|
||||
conn.create_user(UserName=username)
|
||||
conn.create_login_profile(UserName=username, Password="123")
|
||||
key1 = conn.create_access_key(UserName=username)["AccessKey"]
|
||||
conn.update_access_key(
|
||||
UserName=username, AccessKeyId=key1["AccessKeyId"], Status="Inactive"
|
||||
@ -1769,6 +1770,7 @@ def test_boto3_get_credential_report_content():
|
||||
if not settings.TEST_SERVER_MODE:
|
||||
iam_backend = get_backend("iam")["global"]
|
||||
iam_backend.users[username].access_keys[1].last_used = timestamp
|
||||
iam_backend.users[username].password_last_used = timestamp
|
||||
with pytest.raises(ClientError):
|
||||
conn.get_credential_report()
|
||||
result = conn.generate_credential_report()
|
||||
@ -1789,8 +1791,10 @@ def test_boto3_get_credential_report_content():
|
||||
user["access_key_2_active"].should.equal("true")
|
||||
if not settings.TEST_SERVER_MODE:
|
||||
user["access_key_2_last_used_date"].should.match(timestamp.strftime("%Y-%m-%d"))
|
||||
user["password_last_used"].should.match(timestamp.strftime("%Y-%m-%d"))
|
||||
else:
|
||||
user["access_key_2_last_used_date"].should.equal("N/A")
|
||||
user["password_last_used"].should.equal("no_information")
|
||||
|
||||
|
||||
@mock_iam
|
||||
|
||||
Loading…
Reference in New Issue
Block a user