Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Connect user with virtual mfa device

Browse Source
This commit is contained in:
gruebel 2019-10-21 22:51:00 +02:00
parent 1d9382b5e5
commit 802fb3baad
3 changed files with 87 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
moto/iam/models.py
View File

@ -1251,6 +1251,21 @@ class IAMBackend(BaseBackend):
"Device {0} already exists".format(serial_number)
)
device = self.virtual_mfa_devices.get(serial_number, None)
if device:
device.enable_date = datetime.utcnow()
device.user = user
device.user_attribute = {
'Path': user.path,
'UserName': user.name,
'UserId': user.id,
'Arn': user.arn,
'CreateDate': user.created_iso_8601,
'PasswordLastUsed': None, # not supported
'PermissionsBoundary': {}, # ToDo: add put_user_permissions_boundary() functionality
'Tags': {} # ToDo: add tag_user() functionality
}
user.enable_mfa_device(
serial_number,
authentication_code_1,
@ -1265,6 +1280,12 @@ class IAMBackend(BaseBackend):
"Device {0} not found".format(serial_number)
)
device = self.virtual_mfa_devices.get(serial_number, None)
if device:
device.enable_date = None
device.user = None
device.user_attribute = None
user.deactivate_mfa_device(serial_number)
def list_mfa_devices(self, user_name):

10
moto/iam/responses.py
View File

@ -1739,11 +1739,11 @@ LIST_VIRTUAL_MFA_DEVICES_TEMPLATE = """<ListVirtualMFADevicesResponse xmlns="htt
{% endif %}
{% if device.user %}
<User>
<Path>{{ user.path }}</Path>
<UserName>{{ user.name }}</UserName>
<UserId>{{ user.id }}</UserId>
<CreateDate>{{ user.created_iso_8601 }}</CreateDate>
<Arn>{{ user.arn }}</Arn>
<Path>{{ device.user.path }}</Path>
<UserName>{{ device.user.name }}</UserName>
<UserId>{{ device.user.id }}</UserId>
<CreateDate>{{ device.user.created_iso_8601 }}</CreateDate>
<Arn>{{ device.user.arn }}</Arn>
</User>
{% endif %}
</member>

61
tests/test_iam/test_iam.py
View File

@ -919,6 +919,67 @@ def test_list_virtual_mfa_devices_errors():
)
@mock_iam
def test_enable_virtual_mfa_device():
client = boto3.client('iam', region_name='us-east-1')
response = client.create_virtual_mfa_device(
VirtualMFADeviceName='test-device'
)
serial_number = response['VirtualMFADevice']['SerialNumber']
client.create_user(UserName='test-user')
client.enable_mfa_device(
UserName='test-user',
SerialNumber=serial_number,
AuthenticationCode1='234567',
AuthenticationCode2='987654'
)
response = client.list_virtual_mfa_devices(
AssignmentStatus='Unassigned'
)
response['VirtualMFADevices'].should.have.length_of(0)
response['IsTruncated'].should_not.be.ok
response = client.list_virtual_mfa_devices(
AssignmentStatus='Assigned'
)
device = response['VirtualMFADevices'][0]
device['SerialNumber'].should.equal(serial_number)
device['User']['Path'].should.equal('/')
device['User']['UserName'].should.equal('test-user')
device['User']['UserId'].should_not.be.empty
device['User']['Arn'].should.equal('arn:aws:iam::123456789012:user/test-user')
device['User']['CreateDate'].should.be.a(datetime)
device['EnableDate'].should.be.a(datetime)
response['IsTruncated'].should_not.be.ok
client.deactivate_mfa_device(
UserName='test-user',
SerialNumber=serial_number
)
response = client.list_virtual_mfa_devices(
AssignmentStatus='Assigned'
)
response['VirtualMFADevices'].should.have.length_of(0)
response['IsTruncated'].should_not.be.ok
response = client.list_virtual_mfa_devices(
AssignmentStatus = 'Unassigned'
)
response['VirtualMFADevices'].should.equal([
{
'SerialNumber': serial_number
}
])
response['IsTruncated'].should_not.be.ok
@mock_iam_deprecated()
def test_delete_user_deprecated():
conn = boto.connect_iam()