Implement IAM {update,get}_login_profile

This commit is contained in:
Jack Danger 2017-07-23 22:31:58 -07:00
parent 4028fe1abd
commit e445c81e83
3 changed files with 87 additions and 6 deletions

View File

@ -256,6 +256,7 @@ class User(BaseModel):
self.policies = {}
self.access_keys = []
self.password = None
self.password_reset_required = False
@property
def arn(self):
@ -772,6 +773,24 @@ class IAMBackend(BaseBackend):
raise IAMConflictException(
"User {0} already has password".format(user_name))
user.password = password
return user
def get_login_profile(self, user_name):
user = self.get_user(user_name)
if not user.password:
raise IAMNotFoundException(
"Login profile for {0} not found".format(user_name))
return user
def update_login_profile(self, user_name, password, password_reset_required):
# This does not currently deal with PasswordPolicyViolation.
user = self.get_user(user_name)
if not user.password:
raise IAMNotFoundException(
"Login profile for {0} not found".format(user_name))
user.password = password
user.password_reset_required = password_reset_required
return user
def delete_login_profile(self, user_name):
user = self.get_user(user_name)

View File

@ -290,10 +290,27 @@ class IamResponse(BaseResponse):
def create_login_profile(self):
user_name = self._get_param('UserName')
password = self._get_param('Password')
iam_backend.create_login_profile(user_name, password)
password = self._get_param('Password')
user = iam_backend.create_login_profile(user_name, password)
template = self.response_template(CREATE_LOGIN_PROFILE_TEMPLATE)
return template.render(user_name=user_name)
return template.render(user=user)
def get_login_profile(self):
user_name = self._get_param('UserName')
user = iam_backend.get_login_profile(user_name)
template = self.response_template(GET_LOGIN_PROFILE_TEMPLATE)
return template.render(user=user)
def update_login_profile(self):
user_name = self._get_param('UserName')
password = self._get_param('Password')
password_reset_required = self._get_param('PasswordResetRequired')
user = iam_backend.update_login_profile(user_name, password, password_reset_required)
template = self.response_template(UPDATE_LOGIN_PROFILE_TEMPLATE)
return template.render(user=user)
def add_user_to_group(self):
group_name = self._get_param('GroupName')
@ -918,12 +935,11 @@ LIST_USERS_TEMPLATE = """<{{ action }}UsersResponse>
</ResponseMetadata>
</{{ action }}UsersResponse>"""
CREATE_LOGIN_PROFILE_TEMPLATE = """
<CreateLoginProfileResponse>
CREATE_LOGIN_PROFILE_TEMPLATE = """<CreateLoginProfileResponse>
<CreateLoginProfileResult>
<LoginProfile>
<UserName>{{ user_name }}</UserName>
<CreateDate>2011-09-19T23:00:56Z</CreateDate>
<UserName>{{ user.name }}</UserName>
<CreateDate>{{ user.created_iso_8601 }}</CreateDate>
</LoginProfile>
</CreateLoginProfileResult>
<ResponseMetadata>
@ -932,6 +948,29 @@ CREATE_LOGIN_PROFILE_TEMPLATE = """
</CreateLoginProfileResponse>
"""
GET_LOGIN_PROFILE_TEMPLATE = """<GetLoginProfileResponse>
<GetLoginProfileResult>
<LoginProfile>
<UserName>{{ user.name }}</UserName>
<CreateDate>{{ user.created_iso_8601 }}</CreateDate>
{% if user.password_reset_required %}
<PasswordResetRequired>true</PasswordResetRequired>
{% endif %}
</LoginProfile>
</GetLoginProfileResult>
<ResponseMetadata>
<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
</ResponseMetadata>
</GetLoginProfileResponse>
"""
UPDATE_LOGIN_PROFILE_TEMPLATE = """<UpdateLoginProfileResponse>
<ResponseMetadata>
<RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
</ResponseMetadata>
</UpdateLoginProfileResponse>
"""
GET_USER_POLICY_TEMPLATE = """<GetUserPolicyResponse>
<GetUserPolicyResult>
<UserName>{{ user_name }}</UserName>

View File

@ -114,6 +114,29 @@ def test_remove_role_from_instance_profile():
dict(profile.roles).should.be.empty
@mock_iam()
def test_get_login_profile():
conn = boto3.client('iam', region_name='us-east-1')
conn.create_user(UserName='my-user')
conn.create_login_profile(UserName='my-user', Password='my-pass')
response = conn.get_login_profile(UserName='my-user')
response['LoginProfile']['UserName'].should.equal('my-user')
@mock_iam()
def test_update_login_profile():
conn = boto3.client('iam', region_name='us-east-1')
conn.create_user(UserName='my-user')
conn.create_login_profile(UserName='my-user', Password='my-pass')
response = conn.get_login_profile(UserName='my-user')
response['LoginProfile'].get('PasswordResetRequired').should.equal(None)
conn.update_login_profile(UserName='my-user', Password='new-pass', PasswordResetRequired=True)
response = conn.get_login_profile(UserName='my-user')
response['LoginProfile'].get('PasswordResetRequired').should.equal(True)
@mock_iam()
def test_delete_role():
conn = boto3.client('iam', region_name='us-east-1')