Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enhance IAM credentials report to dynamic mfa_active and password_last_used (#5004)

Browse Source
This commit is contained in:
Kent Ou 2022-04-08 02:35:08 +10:00 committed by GitHub
parent 2a6ba0ddd1
commit 56a2fd384c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
moto/iam/models.py
View File

@ -1036,6 +1036,7 @@ class User(CloudFormationModel):
self.access_keys = [] self.access_keys = []
self.ssh_public_keys = [] self.ssh_public_keys = []
self.password = None self.password = None
self.password_last_used = None
self.password_reset_required = False self.password_reset_required = False
self.signing_certificates = {} self.signing_certificates = {}
@ -1163,6 +1164,8 @@ class User(CloudFormationModel):
else: else:
password_enabled = "true" password_enabled = "true"
password_last_used = "no_information" password_last_used = "no_information"
if self.password_last_used:
password_last_used = self.password_last_used.strftime(date_format)
if len(self.access_keys) == 0: if len(self.access_keys) == 0:
access_key_1_active = "false" access_key_1_active = "false"
@ -1210,13 +1213,14 @@ class User(CloudFormationModel):
else self.access_keys[1].last_used.strftime(date_format) else self.access_keys[1].last_used.strftime(date_format)
) )
return "{0},{1},{2},{3},{4},{5},not_supported,false,{6},{7},{8},not_supported,not_supported,{9},{10},{11},not_supported,not_supported,false,N/A,false,N/A\n".format( return "{0},{1},{2},{3},{4},{5},not_supported,{6},{7},{8},{9},not_supported,not_supported,{10},{11},{12},not_supported,not_supported,false,N/A,false,N/A\n".format(
self.name, self.name,
self.arn, self.arn,
date_created.strftime(date_format), date_created.strftime(date_format),
password_enabled, password_enabled,
password_last_used, password_last_used,
date_created.strftime(date_format), date_created.strftime(date_format),
"true" if len(self.mfa_devices) else "false",
access_key_1_active, access_key_1_active,
access_key_1_last_rotated, access_key_1_last_rotated,
access_key_1_last_used, access_key_1_last_used,

4
tests/test_iam/test_iam.py
View File

@ -1760,6 +1760,7 @@ def test_boto3_get_credential_report_content():
conn = boto3.client("iam", region_name="us-east-1") conn = boto3.client("iam", region_name="us-east-1")
username = "my-user" username = "my-user"
conn.create_user(UserName=username) conn.create_user(UserName=username)
conn.create_login_profile(UserName=username, Password="123")
key1 = conn.create_access_key(UserName=username)["AccessKey"] key1 = conn.create_access_key(UserName=username)["AccessKey"]
conn.update_access_key( conn.update_access_key(
UserName=username, AccessKeyId=key1["AccessKeyId"], Status="Inactive" UserName=username, AccessKeyId=key1["AccessKeyId"], Status="Inactive"
@ -1769,6 +1770,7 @@ def test_boto3_get_credential_report_content():
if not settings.TEST_SERVER_MODE: if not settings.TEST_SERVER_MODE:
iam_backend = get_backend("iam")["global"] iam_backend = get_backend("iam")["global"]
iam_backend.users[username].access_keys[1].last_used = timestamp iam_backend.users[username].access_keys[1].last_used = timestamp
iam_backend.users[username].password_last_used = timestamp
with pytest.raises(ClientError): with pytest.raises(ClientError):
conn.get_credential_report() conn.get_credential_report()
result = conn.generate_credential_report() result = conn.generate_credential_report()
@ -1789,8 +1791,10 @@ def test_boto3_get_credential_report_content():
user["access_key_2_active"].should.equal("true") user["access_key_2_active"].should.equal("true")
if not settings.TEST_SERVER_MODE: if not settings.TEST_SERVER_MODE:
user["access_key_2_last_used_date"].should.match(timestamp.strftime("%Y-%m-%d")) user["access_key_2_last_used_date"].should.match(timestamp.strftime("%Y-%m-%d"))
user["password_last_used"].should.match(timestamp.strftime("%Y-%m-%d"))
else: else:
user["access_key_2_last_used_date"].should.equal("N/A") user["access_key_2_last_used_date"].should.equal("N/A")
user["password_last_used"].should.equal("no_information")
@mock_iam @mock_iam