From 56a2fd384cfac57da1702fbb0fca50cf5e5bc291 Mon Sep 17 00:00:00 2001
From: Kent Ou <84220825+kentnsw@users.noreply.github.com>
Date: Fri, 8 Apr 2022 02:35:08 +1000
Subject: [PATCH] Enhance IAM credentials report to dynamic mfa_active and
 password_last_used (#5004)

---
 moto/iam/models.py         | 6 +++++-
 tests/test_iam/test_iam.py | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/moto/iam/models.py b/moto/iam/models.py
index 7cbc98fa0..1d6d17aa3 100644
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@@ -1036,6 +1036,7 @@ class User(CloudFormationModel):
         self.access_keys = []
         self.ssh_public_keys = []
         self.password = None
+        self.password_last_used = None
         self.password_reset_required = False
         self.signing_certificates = {}
 
@@ -1163,6 +1164,8 @@ class User(CloudFormationModel):
         else:
             password_enabled = "true"
             password_last_used = "no_information"
+            if self.password_last_used:
+                password_last_used = self.password_last_used.strftime(date_format)
 
         if len(self.access_keys) == 0:
             access_key_1_active = "false"
@@ -1210,13 +1213,14 @@ class User(CloudFormationModel):
                 else self.access_keys[1].last_used.strftime(date_format)
             )
 
-        return "{0},{1},{2},{3},{4},{5},not_supported,false,{6},{7},{8},not_supported,not_supported,{9},{10},{11},not_supported,not_supported,false,N/A,false,N/A\n".format(
+        return "{0},{1},{2},{3},{4},{5},not_supported,{6},{7},{8},{9},not_supported,not_supported,{10},{11},{12},not_supported,not_supported,false,N/A,false,N/A\n".format(
             self.name,
             self.arn,
             date_created.strftime(date_format),
             password_enabled,
             password_last_used,
             date_created.strftime(date_format),
+            "true" if len(self.mfa_devices) else "false",
             access_key_1_active,
             access_key_1_last_rotated,
             access_key_1_last_used,
diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py
index ecbf8ce74..242687045 100644
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@@ -1760,6 +1760,7 @@ def test_boto3_get_credential_report_content():
     conn = boto3.client("iam", region_name="us-east-1")
     username = "my-user"
     conn.create_user(UserName=username)
+    conn.create_login_profile(UserName=username, Password="123")
     key1 = conn.create_access_key(UserName=username)["AccessKey"]
     conn.update_access_key(
         UserName=username, AccessKeyId=key1["AccessKeyId"], Status="Inactive"
@@ -1769,6 +1770,7 @@ def test_boto3_get_credential_report_content():
     if not settings.TEST_SERVER_MODE:
         iam_backend = get_backend("iam")["global"]
         iam_backend.users[username].access_keys[1].last_used = timestamp
+        iam_backend.users[username].password_last_used = timestamp
     with pytest.raises(ClientError):
         conn.get_credential_report()
     result = conn.generate_credential_report()
@@ -1789,8 +1791,10 @@ def test_boto3_get_credential_report_content():
     user["access_key_2_active"].should.equal("true")
     if not settings.TEST_SERVER_MODE:
         user["access_key_2_last_used_date"].should.match(timestamp.strftime("%Y-%m-%d"))
+        user["password_last_used"].should.match(timestamp.strftime("%Y-%m-%d"))
     else:
         user["access_key_2_last_used_date"].should.equal("N/A")
+        user["password_last_used"].should.equal("no_information")
 
 
 @mock_iam