Correct group inline policy rendering (#3069)

* Correct group inline policy rendering in iam:GetAccountAuthorizationDetails response * Include user inline policy if exists * Add tests for IAM inline policies * Remove unnecessary print stmts
2020-06-14 17:23:52 +09:00 · 2020-06-14 17:23:52 +09:00 · 849f16ff2d
commit 849f16ff2d
parent 1f2e6b8925
2 changed files with 21 additions and 1 deletions
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@ -2083,6 +2083,16 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
        <UserName>{{ user.name }}</UserName>
        <Arn>{{ user.arn }}</Arn>
        <CreateDate>{{ user.created_iso_8601 }}</CreateDate>
+        {% if user.policies %}
+        <UserPolicyList>
+        {% for policy in user.policies %}
+            <member>
+                <PolicyName>{{ policy }}</PolicyName>
+                <PolicyDocument>{{ user.policies[policy] }}</PolicyDocument>
+            </member>
+        {% endfor %}
+        </UserPolicyList>
+        {% endif %}
      </member>
    {% endfor %}
    </UserDetailList>
@ -2106,7 +2116,7 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
        {% for policy in group.policies %}
            <member>
                <PolicyName>{{ policy }}</PolicyName>
-                <PolicyDocument>{{ group.get_policy(policy) }}</PolicyDocument>
+                <PolicyDocument>{{ group.policies[policy] }}</PolicyDocument>
            </member>
        {% endfor %}
        </GroupPolicyList>
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -1690,11 +1690,15 @@ def test_get_account_authorization_details():
    assert result["RoleDetailList"][0]["AttachedManagedPolicies"][0][
        "PolicyArn"
    ] == "arn:aws:iam::{}:policy/testPolicy".format(ACCOUNT_ID)
+    assert result["RoleDetailList"][0]["RolePolicyList"][0][
+        "PolicyDocument"
+    ] == json.loads(test_policy)

    result = conn.get_account_authorization_details(Filter=["User"])
    assert len(result["RoleDetailList"]) == 0
    assert len(result["UserDetailList"]) == 1
    assert len(result["UserDetailList"][0]["GroupList"]) == 1
+    assert len(result["UserDetailList"][0]["UserPolicyList"]) == 1
    assert len(result["UserDetailList"][0]["AttachedManagedPolicies"]) == 1
    assert len(result["GroupDetailList"]) == 0
    assert len(result["Policies"]) == 0
@ -1705,6 +1709,9 @@ def test_get_account_authorization_details():
    assert result["UserDetailList"][0]["AttachedManagedPolicies"][0][
        "PolicyArn"
    ] == "arn:aws:iam::{}:policy/testPolicy".format(ACCOUNT_ID)
+    assert result["UserDetailList"][0]["UserPolicyList"][0][
+        "PolicyDocument"
+    ] == json.loads(test_policy)

    result = conn.get_account_authorization_details(Filter=["Group"])
    assert len(result["RoleDetailList"]) == 0
@ -1720,6 +1727,9 @@ def test_get_account_authorization_details():
    assert result["GroupDetailList"][0]["AttachedManagedPolicies"][0][
        "PolicyArn"
    ] == "arn:aws:iam::{}:policy/testPolicy".format(ACCOUNT_ID)
+    assert result["GroupDetailList"][0]["GroupPolicyList"][0][
+        "PolicyDocument"
+    ] == json.loads(test_policy)

    result = conn.get_account_authorization_details(Filter=["LocalManagedPolicy"])
    assert len(result["RoleDetailList"]) == 0