From dfceab9bf0f54a3cc8738322f3d4d00a6dfdf444 Mon Sep 17 00:00:00 2001
From: Mike Grima <mgrima@netflix.com>
Date: Mon, 4 Feb 2019 13:44:01 -0800
Subject: [PATCH] Some fixes to get_account_authorization_details

---
 moto/iam/responses.py      | 63 +++++++++++++++++++++++++-------------
 tests/test_iam/test_iam.py | 40 +++++++++++++++++-------
 2 files changed, 71 insertions(+), 32 deletions(-)

diff --git a/moto/iam/responses.py b/moto/iam/responses.py
index aeeb54936..818c6de36 100644
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@@ -554,7 +554,8 @@ class IamResponse(BaseResponse):
             policies=account_details['managed_policies'],
             users=account_details['users'],
             groups=account_details['groups'],
-            roles=account_details['roles']
+            roles=account_details['roles'],
+            get_groups_for_user=iam_backend.get_groups_for_user
         )
 
     def create_saml_provider(self):
@@ -1499,8 +1500,19 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
     <UserDetailList>
     {% for user in users %}
       <member>
-        <GroupList />
-        <AttachedManagedPolicies/>
+        <GroupList>
+        {% for group in get_groups_for_user(user.name) %}
+          <member>{{ group.name }}</member>
+        {% endfor %}
+        </GroupList>
+        <AttachedManagedPolicies>
+        {% for policy in user.managed_policies %}
+          <member>
+            <PolicyName>{{ user.managed_policies[policy].name }}</PolicyName>
+            <PolicyArn>{{ policy }}</PolicyArn>
+          </member>
+        {% endfor %}
+        </AttachedManagedPolicies>
         <UserId>{{ user.id }}</UserId>
         <Path>{{ user.path }}</Path>
         <UserName>{{ user.name }}</UserName>
@@ -1514,25 +1526,39 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
       <member>
         <GroupId>{{ group.id }}</GroupId>
         <AttachedManagedPolicies>
-          {% for policy in group.managed_policies %}
-          <member>
-            <PolicyName>{{ policy.name }}</PolicyName>
-            <PolicyArn>{{ policy.arn }}</PolicyArn>
-          </member>
+          {% for policy_arn in group.managed_policies %}
+            <member>
+                <PolicyName>{{ group.managed_policies[policy_arn].name }}</PolicyName>
+                <PolicyArn>{{ policy_arn }}</PolicyArn>
+            </member>
           {% endfor %}
         </AttachedManagedPolicies>
         <GroupName>{{ group.name }}</GroupName>
         <Path>{{ group.path }}</Path>
         <Arn>{{ group.arn }}</Arn>
         <CreateDate>{{ group.create_date }}</CreateDate>
-        <GroupPolicyList/>
+        <GroupPolicyList>
+        {% for policy in group.policies %}
+            <member>
+                <PolicyName>{{ policy }}</PolicyName>
+                <PolicyDocument>{{ group.get_policy(policy) }}</PolicyDocument>
+            </member>
+        {% endfor %}
+        </GroupPolicyList>
       </member>
     {% endfor %}
     </GroupDetailList>
     <RoleDetailList>
     {% for role in roles %}
       <member>
-        <RolePolicyList/>
+        <RolePolicyList>
+        {% for inline_policy in role.policies %}
+            <member>
+                <PolicyName>{{ inline_policy }}</PolicyName>
+                <PolicyDocument>{{ role.policies[inline_policy] }}</PolicyDocument>
+            </member>
+        {% endfor %}
+        </RolePolicyList>
         <AttachedManagedPolicies>
         {% for policy in role.managed_policies %}
             <member>
@@ -1589,19 +1615,14 @@ GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsR
         <PolicyId>{{ policy.id }}</PolicyId>
         <Path>{{ policy.path }}</Path>
         <PolicyVersionList>
+        {% for policy_version in policy.versions %}
           <member>
-            <Document>
-              {"Version":"2012-10-17","Statement":{"Effect":"Allow",
-              "Action":["iam:CreatePolicy","iam:CreatePolicyVersion",
-              "iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy",
-              "iam:GetPolicyVersion","iam:ListPolicies",
-              "iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"],
-              "Resource":"*"}}
-            </Document>
-            <IsDefaultVersion>true</IsDefaultVersion>
-            <VersionId>v1</VersionId>
-            <CreateDate>2012-05-09T16:27:11Z</CreateDate>
+            <Document>{{ policy_version.document }}</Document>
+            <IsDefaultVersion>{{ policy_version.is_default }}</IsDefaultVersion>
+            <VersionId>{{ policy_version.version_id }}</VersionId>
+            <CreateDate>{{ policy_version.create_datetime }}</CreateDate>
           </member>
+        {% endfor %}
         </PolicyVersionList>
         <Arn>{{ policy.arn }}</Arn>
         <AttachmentCount>1</AttachmentCount>
diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py
index 15364928a..ac538649c 100644
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@@ -759,6 +759,17 @@ def test_get_access_key_last_used():
 @mock_iam
 def test_get_account_authorization_details():
     import json
+    test_policy = json.dumps({
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Action": "s3:ListBucket",
+                "Resource": "*",
+                "Effect": "Allow",
+            }
+        ]
+    })
+
     conn = boto3.client('iam', region_name='us-east-1')
     conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/my-path/")
     conn.create_user(Path='/', UserName='testUser')
@@ -766,22 +777,22 @@ def test_get_account_authorization_details():
     conn.create_policy(
         PolicyName='testPolicy',
         Path='/',
-        PolicyDocument=json.dumps({
-            "Version": "2012-10-17",
-            "Statement": [
-                {
-                    "Action": "s3:ListBucket",
-                    "Resource": "*",
-                    "Effect": "Allow",
-                }
-            ]
-        }),
+        PolicyDocument=test_policy,
         Description='Test Policy'
     )
 
+    # Attach things to the user and group:
+    conn.put_user_policy(UserName='testUser', PolicyName='testPolicy', PolicyDocument=test_policy)
+    conn.put_group_policy(GroupName='testGroup', PolicyName='testPolicy', PolicyDocument=test_policy)
+
+    conn.attach_user_policy(UserName='testUser', PolicyArn='arn:aws:iam::123456789012:policy/testPolicy')
+    conn.attach_group_policy(GroupName='testGroup', PolicyArn='arn:aws:iam::123456789012:policy/testPolicy')
+
+    conn.add_user_to_group(UserName='testUser', GroupName='testGroup')
+
+    # Add things to the role:
     conn.create_instance_profile(InstanceProfileName='ipn')
     conn.add_role_to_instance_profile(InstanceProfileName='ipn', RoleName='my-role')
-
     conn.tag_role(RoleName='my-role', Tags=[
         {
             'Key': 'somekey',
@@ -792,6 +803,7 @@ def test_get_account_authorization_details():
             'Value': 'someothervalue'
         }
     ])
+    conn.put_role_policy(RoleName='my-role', PolicyName='test-policy', PolicyDocument=test_policy)
 
     result = conn.get_account_authorization_details(Filter=['Role'])
     assert len(result['RoleDetailList']) == 1
@@ -800,10 +812,13 @@ def test_get_account_authorization_details():
     assert len(result['Policies']) == 0
     assert len(result['RoleDetailList'][0]['InstanceProfileList']) == 1
     assert len(result['RoleDetailList'][0]['Tags']) == 2
+    assert len(result['RoleDetailList'][0]['RolePolicyList']) == 1
 
     result = conn.get_account_authorization_details(Filter=['User'])
     assert len(result['RoleDetailList']) == 0
     assert len(result['UserDetailList']) == 1
+    assert len(result['UserDetailList'][0]['GroupList']) == 1
+    assert len(result['UserDetailList'][0]['AttachedManagedPolicies']) == 1
     assert len(result['GroupDetailList']) == 0
     assert len(result['Policies']) == 0
 
@@ -811,6 +826,8 @@ def test_get_account_authorization_details():
     assert len(result['RoleDetailList']) == 0
     assert len(result['UserDetailList']) == 0
     assert len(result['GroupDetailList']) == 1
+    assert len(result['GroupDetailList'][0]['GroupPolicyList']) == 1
+    assert len(result['GroupDetailList'][0]['AttachedManagedPolicies']) == 1
     assert len(result['Policies']) == 0
 
     result = conn.get_account_authorization_details(Filter=['LocalManagedPolicy'])
@@ -818,6 +835,7 @@ def test_get_account_authorization_details():
     assert len(result['UserDetailList']) == 0
     assert len(result['GroupDetailList']) == 0
     assert len(result['Policies']) == 1
+    assert len(result['Policies'][0]['PolicyVersionList']) == 1
 
     # Check for greater than 1 since this should always be greater than one but might change.
     # See iam/aws_managed_policies.py