From c4338b8aeaebe8e72c4e5b3231b146000e1be188 Mon Sep 17 00:00:00 2001
From: Macwan Nevil <macnev2013@gmail.com>
Date: Mon, 6 Dec 2021 02:29:31 +0530
Subject: [PATCH] added support for openid connect (#4656)

---
 moto/iam/models.py                | 49 +++++++++++++++-
 moto/iam/responses.py             | 93 ++++++++++++++++++++++++++++++-
 tests/terraform-tests.success.txt |  8 ++-
 3 files changed, 145 insertions(+), 5 deletions(-)

diff --git a/moto/iam/models.py b/moto/iam/models.py
index 23c8ff5d9..603edbad6 100644
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@@ -156,7 +156,7 @@ class SAMLProvider(BaseModel):
 
 
 class OpenIDConnectProvider(BaseModel):
-    def __init__(self, url, thumbprint_list, client_id_list=None):
+    def __init__(self, url, thumbprint_list, client_id_list=None, tags=None):
         self._errors = []
         self._validate(url, thumbprint_list, client_id_list)
 
@@ -165,6 +165,7 @@ class OpenIDConnectProvider(BaseModel):
         self.thumbprint_list = thumbprint_list
         self.client_id_list = client_id_list
         self.create_date = datetime.utcnow()
+        self.tags = tags
 
     @property
     def arn(self):
@@ -238,6 +239,9 @@ class OpenIDConnectProvider(BaseModel):
                 )
             )
 
+    def get_tags(self):
+        return [self.tags[tag] for tag in self.tags]
+
 
 class PolicyVersion(object):
     def __init__(
@@ -2618,8 +2622,13 @@ class IAMBackend(BaseBackend):
                     return user
         return None
 
-    def create_open_id_connect_provider(self, url, thumbprint_list, client_id_list):
-        open_id_provider = OpenIDConnectProvider(url, thumbprint_list, client_id_list)
+    def create_open_id_connect_provider(
+        self, url, thumbprint_list, client_id_list, tags
+    ):
+        clean_tags = self._tag_verification(tags)
+        open_id_provider = OpenIDConnectProvider(
+            url, thumbprint_list, client_id_list, clean_tags
+        )
 
         if open_id_provider.arn in self.open_id_providers:
             raise EntityAlreadyExists("Unknown")
@@ -2627,6 +2636,40 @@ class IAMBackend(BaseBackend):
         self.open_id_providers[open_id_provider.arn] = open_id_provider
         return open_id_provider
 
+    def update_open_id_connect_provider_thumbprint(self, arn, thumbprint_list):
+        open_id_provider = self.get_open_id_connect_provider(arn)
+        open_id_provider.thumbprint_list = thumbprint_list
+
+    def tag_open_id_connect_provider(self, arn, tags):
+        open_id_provider = self.get_open_id_connect_provider(arn)
+        clean_tags = self._tag_verification(tags)
+        open_id_provider.tags.update(clean_tags)
+
+    def untag_open_id_connect_provider(self, arn, tag_keys):
+        open_id_provider = self.get_open_id_connect_provider(arn)
+
+        for key in tag_keys:
+            ref_key = key.lower()
+            self._validate_tag_key(key, exception_param="tagKeys")
+            open_id_provider.tags.pop(ref_key, None)
+
+    def list_open_id_connect_provider_tags(self, arn, marker, max_items=100):
+        open_id_provider = self.get_open_id_connect_provider(arn)
+
+        max_items = int(max_items)
+        tag_index = sorted(open_id_provider.tags)
+        start_idx = int(marker) if marker else 0
+
+        tag_index = tag_index[start_idx : start_idx + max_items]
+
+        if len(open_id_provider.tags) <= (start_idx + max_items):
+            marker = None
+        else:
+            marker = str(start_idx + max_items)
+
+        tags = [open_id_provider.tags[tag] for tag in tag_index]
+        return tags, marker
+
     def delete_open_id_connect_provider(self, arn):
         self.open_id_providers.pop(arn, None)
 
diff --git a/moto/iam/responses.py b/moto/iam/responses.py
index 3846e3ae5..d4604645b 100644
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@@ -952,14 +952,54 @@ class IamResponse(BaseResponse):
         open_id_provider_url = self._get_param("Url")
         thumbprint_list = self._get_multi_param("ThumbprintList.member")
         client_id_list = self._get_multi_param("ClientIDList.member")
+        tags = self._get_multi_param("Tags.member")
 
         open_id_provider = iam_backend.create_open_id_connect_provider(
-            open_id_provider_url, thumbprint_list, client_id_list
+            open_id_provider_url, thumbprint_list, client_id_list, tags
         )
 
         template = self.response_template(CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE)
         return template.render(open_id_provider=open_id_provider)
 
+    def update_open_id_connect_provider_thumbprint(self):
+        open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
+        thumbprint_list = self._get_multi_param("ThumbprintList.member")
+
+        iam_backend.update_open_id_connect_provider_thumbprint(
+            open_id_provider_arn, thumbprint_list
+        )
+
+        template = self.response_template(UPDATE_OPEN_ID_CONNECT_PROVIDER_THUMBPRINT)
+        return template.render()
+
+    def tag_open_id_connect_provider(self):
+        open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
+        tags = self._get_multi_param("Tags.member")
+
+        iam_backend.tag_open_id_connect_provider(open_id_provider_arn, tags)
+
+        template = self.response_template(TAG_OPEN_ID_CONNECT_PROVIDER)
+        return template.render()
+
+    def untag_open_id_connect_provider(self):
+        open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
+        tag_keys = self._get_multi_param("TagKeys.member")
+
+        iam_backend.untag_open_id_connect_provider(open_id_provider_arn, tag_keys)
+
+        template = self.response_template(UNTAG_OPEN_ID_CONNECT_PROVIDER)
+        return template.render()
+
+    def list_open_id_connect_provider_tags(self):
+        open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
+        marker = self._get_param("Marker")
+        max_items = self._get_param("MaxItems", 100)
+        tags, marker = iam_backend.list_open_id_connect_provider_tags(
+            open_id_provider_arn, marker, max_items
+        )
+        template = self.response_template(LIST_OPEN_ID_CONNECT_PROVIDER_TAGS)
+        return template.render(tags=tags, marker=marker)
+
     def delete_open_id_connect_provider(self):
         open_id_provider_arn = self._get_param("OpenIDConnectProviderArn")
 
@@ -2567,6 +2607,27 @@ UNTAG_POLICY_TEMPLATE = """<UntagPolicyResponse xmlns="https://iam.amazonaws.com
   </ResponseMetadata>
 </UntagPolicyResponse>"""
 
+LIST_OPEN_ID_CONNECT_PROVIDER_TAGS = """<ListOpenIDConnectProviderTagsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+  <ListOpenIDConnectProviderTagsResult>
+    <IsTruncated>{{ 'true' if marker else 'false' }}</IsTruncated>
+    {% if marker %}
+    <Marker>{{ marker }}</Marker>
+    {% endif %}
+    <Tags>
+      {% for tag in tags %}
+      <member>
+        <Key>{{ tag['Key'] }}</Key>
+        <Value>{{ tag['Value'] }}</Value>
+      </member>
+      {% endfor %}
+    </Tags>
+  </ListOpenIDConnectProviderTagsResult>
+  <ResponseMetadata>
+    <RequestId>EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE</RequestId>
+  </ResponseMetadata>
+</ListOpenIDConnectProviderTagsResponse>
+"""
+
 
 CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<CreateOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
   <CreateOpenIDConnectProviderResult>
@@ -2577,6 +2638,26 @@ CREATE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<CreateOpenIDConnectProviderRespon
   </ResponseMetadata>
 </CreateOpenIDConnectProviderResponse>"""
 
+UPDATE_OPEN_ID_CONNECT_PROVIDER_THUMBPRINT = """<UpdateOpenIDConnectProviderThumbprintResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+  <ResponseMetadata>
+    <RequestId>29b6031c-4f66-11e4-aefa-bfd6aEXAMPLE</RequestId>
+  </ResponseMetadata>
+</UpdateOpenIDConnectProviderThumbprintResponse>
+"""
+
+TAG_OPEN_ID_CONNECT_PROVIDER = """<TagOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+  <ResponseMetadata>
+    <RequestId>EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE</RequestId>
+  </ResponseMetadata>
+</TagOpenIDConnectProviderResponse>
+"""
+
+UNTAG_OPEN_ID_CONNECT_PROVIDER = """<UntagOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+  <ResponseMetadata>
+    <RequestId>EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE</RequestId>
+  </ResponseMetadata>
+</UntagOpenIDConnectProviderResponse>
+"""
 
 DELETE_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<DeleteOpenIDConnectProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
   <ResponseMetadata>
@@ -2599,6 +2680,16 @@ GET_OPEN_ID_CONNECT_PROVIDER_TEMPLATE = """<GetOpenIDConnectProviderResponse xml
       {% endfor %}
     </ClientIDList>
     <Url>{{ open_id_provider.url }}</Url>
+    {% if open_id_provider.tags %}
+    <Tags>
+    {% for tag in open_id_provider.get_tags() %}
+        <member>
+            <Key>{{ tag['Key'] }}</Key>
+            <Value>{{ tag['Value'] }}</Value>
+        </member>
+    {% endfor %}
+    </Tags>
+    {% endif %}
   </GetOpenIDConnectProviderResult>
   <ResponseMetadata>
     <RequestId>2c91531b-4f65-11e4-aefa-bfd6aEXAMPLE</RequestId>
diff --git a/tests/terraform-tests.success.txt b/tests/terraform-tests.success.txt
index 455d66359..c9139b413 100644
--- a/tests/terraform-tests.success.txt
+++ b/tests/terraform-tests.success.txt
@@ -120,4 +120,10 @@ TestAccAWSENI_disappears
 TestAccAWSS3BucketObject_
 TestAccAWSIAMPolicy_
 TestAccAWSIAMGroup_
-TestAccAWSIAMRolePolicy
\ No newline at end of file
+TestAccAWSIAMRolePolicy
+TestAccAWSIAMUserPolicy
+TestAccAWSIAMGroupPolicy
+TestAccAWSDataSourceIAMRole
+TestAccAWSDataSourceIAMUser
+TestAccAWSIAMAccountAlias
+TestAccAWSIAMOpenIDConnectProvider