added support for update IAM groups (#4633)

2021-11-26 03:06:33 +05:30 · 2021-11-26 03:06:33 +05:30 · ce0d21e9c6
commit ce0d21e9c6
parent a2c6e00e22
3 changed files with 35 additions and 0 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -1574,6 +1574,8 @@ class IAMBackend(BaseBackend):
            policy = arns[policy_arn]
        except KeyError:
            raise IAMNotFoundException("Policy {0} was not found.".format(policy_arn))
+        if policy.arn in self.get_group(group_name).managed_policies.keys():
+            return
        policy.attach_to(self.get_group(group_name))

    def detach_group_policy(self, policy_arn, group_name):
@ -2120,6 +2122,29 @@ class IAMBackend(BaseBackend):
                "The group with name {0} cannot be found.".format(group_name)
            )

+    def update_group(self, group_name, new_group_name, new_path="/"):
+        if new_group_name:
+            if new_group_name in self.groups:
+                raise IAMConflictException(
+                    "Group {0} already exists".format(new_group_name)
+                )
+            try:
+                group = self.groups[group_name]
+            except KeyError:
+                raise IAMNotFoundException(
+                    "The group with name {0} cannot be found.".format(group_name)
+                )
+
+            existing_policies = group.managed_policies.copy()
+            for policy_arn in existing_policies:
+                self.detach_group_policy(policy_arn, group_name)
+            if new_path:
+                group.path = new_path
+            group.name = new_group_name
+            self.groups[new_group_name] = self.groups.pop(group_name)
+            for policy_arn in existing_policies:
+                self.attach_group_policy(policy_arn, new_group_name)
+
    def create_user(self, user_name, path="/", tags=None):
        if user_name in self.users:
            raise IAMConflictException(
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@ -504,6 +504,14 @@ class IamResponse(BaseResponse):
        template = self.response_template(GENERIC_EMPTY_TEMPLATE)
        return template.render(name="DeleteGroup")

+    def update_group(self):
+        group_name = self._get_param("GroupName")
+        new_group_name = self._get_param("NewGroupName")
+        new_path = self._get_param("NewPath", "/")
+        iam_backend.update_group(group_name, new_group_name, new_path)
+        template = self.response_template(GENERIC_EMPTY_TEMPLATE)
+        return template.render(name="UpdateGroup")
+
    def create_user(self):
        user_name = self._get_param("UserName")
        path = self._get_param("Path")
--- a/tests/terraform-tests.success.txt
+++ b/tests/terraform-tests.success.txt
@ -118,3 +118,5 @@ TestAccAWSENI_basic
 TestAccAWSENI_IPv6
 TestAccAWSENI_disappears
 TestAccAWSS3BucketObject_
+TestAccAWSIAMPolicy_
+TestAccAWSIAMGroup_