From e677bee2e64255b503d680635facb6c2db16c721 Mon Sep 17 00:00:00 2001
From: rafcio19 <therafcio9@gmail.com>
Date: Fri, 19 May 2023 13:33:56 +0100
Subject: [PATCH] IAM: missing CreateDate from get_group response (#6328)

* fix: missing CreateDate from get_group response

* tests: fix servermode tests

* feat: PasswordLastUsed in groups response

---------

Co-authored-by: raf <rafal.jankowicz@avanti.space>
---
 moto/iam/responses.py             |  4 ++++
 tests/test_iam/test_iam_groups.py | 37 ++++++++++++++++++++++++++-----
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/moto/iam/responses.py b/moto/iam/responses.py
index ac321c912..60ab3b508 100644
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@@ -1738,6 +1738,10 @@ GET_GROUP_TEMPLATE = """<GetGroupResponse>
             <UserName>{{ user.name }}</UserName>
             <UserId>{{ user.id }}</UserId>
             <Arn>{{ user.arn }}</Arn>
+            <CreateDate>{{ user.created_iso_8601 }}</CreateDate>
+            {% if user.password_last_used_iso_8601 %}
+              <PasswordLastUsed>{{ user.password_last_used_iso_8601 }}</PasswordLastUsed>
+            {% endif %}
           </member>
         {% endfor %}
       </Users>
diff --git a/tests/test_iam/test_iam_groups.py b/tests/test_iam/test_iam_groups.py
index 332d4cf56..58976757f 100644
--- a/tests/test_iam/test_iam_groups.py
+++ b/tests/test_iam/test_iam_groups.py
@@ -6,8 +6,11 @@ import json
 
 import pytest
 from botocore.exceptions import ClientError
-from moto import mock_iam
+from moto import mock_iam, settings
 from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
+from moto.backends import get_backend
+from freezegun import freeze_time
+from dateutil.tz import tzlocal
 
 MOCK_POLICY = """
 {
@@ -107,10 +110,34 @@ def test_add_user_to_unknown_group():
 
 @mock_iam
 def test_add_user_to_group():
-    conn = boto3.client("iam", region_name="us-east-1")
-    conn.create_group(GroupName="my-group")
-    conn.create_user(UserName="my-user")
-    conn.add_user_to_group(GroupName="my-group", UserName="my-user")
+    # Setup
+    frozen_time = datetime(2023, 5, 20, 10, 20, 30, tzinfo=tzlocal())
+
+    group = "my-group"
+    user = "my-user"
+    with freeze_time(frozen_time):
+        conn = boto3.client("iam", region_name="us-east-1")
+        conn.create_group(GroupName=group)
+        conn.create_user(UserName=user)
+        conn.add_user_to_group(GroupName=group, UserName=user)
+
+        # use internal api to set password, doesn't work in servermode
+        if not settings.TEST_SERVER_MODE:
+            iam_backend = get_backend("iam")[ACCOUNT_ID]["global"]
+            iam_backend.users[user].password_last_used = datetime.utcnow()
+    # Execute
+    result = conn.get_group(GroupName=group)
+
+    # Verify
+    assert len(result["Users"]) == 1
+
+    # if in servermode then we can't test for password because we can't
+    # manipulate the backend with internal an api
+    if settings.TEST_SERVER_MODE:
+        assert "CreateDate" in result["Users"][0]
+        return
+    assert result["Users"][0]["CreateDate"] == frozen_time
+    assert result["Users"][0]["PasswordLastUsed"] == frozen_time
 
 
 @mock_iam