IAM: get_user() should return PasswordLastUsed-field if set (#5942)

2023-02-18 09:48:02 -01:00 · 2023-02-18 09:48:02 -01:00 · eb79d064e8
commit eb79d064e8
parent 0b1333c66d
3 changed files with 47 additions and 0 deletions
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -1181,6 +1181,13 @@ class User(CloudFormationModel):
    def created_iso_8601(self):
        return iso_8601_datetime_with_milliseconds(self.create_date)

+    @property
+    def password_last_used_iso_8601(self):
+        if self.password_last_used is not None:
+            return iso_8601_datetime_with_milliseconds(self.password_last_used)
+        else:
+            return None
+
    def get_policy(self, policy_name):
        policy_json = None
        try:
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@ -1805,6 +1805,9 @@ USER_TEMPLATE = """<{{ action }}UserResponse>
         <UserId>{{ user.id }}</UserId>
         <CreateDate>{{ user.created_iso_8601 }}</CreateDate>
         <Arn>{{ user.arn }}</Arn>
+         {% if user.password_last_used_iso_8601 %}
+         <PasswordLastUsed>{{ user.password_last_used_iso_8601 }}</PasswordLastUsed>
+         {% endif %}
         {% if tags %}
         <Tags>
            {% for tag in tags %}
--- a/tests/test_iam/test_iam_password_last_used.py
+++ b/tests/test_iam/test_iam_password_last_used.py
@ -0,0 +1,37 @@
+import boto3
+from datetime import datetime
+from moto import mock_iam, settings
+from moto.backends import get_backend
+from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
+from unittest import SkipTest
+
+
+@mock_iam
+def test_password_last_used():
+    if settings.TEST_SERVER_MODE:
+        raise SkipTest("Can't set password_last_used in ServerMode")
+    client = boto3.client("iam", "us-east-1")
+    username = "test.user"
+    client.create_user(Path="/staff/", UserName=username)["User"]
+    client.create_login_profile(
+        UserName=username, Password="Password1", PasswordResetRequired=False
+    )
+
+    access_key = client.create_access_key(UserName=username)["AccessKey"]
+
+    as_new_user = boto3.resource(
+        "iam",
+        region_name="us-east-1",
+        aws_access_key_id=access_key["AccessKeyId"],
+        aws_secret_access_key=access_key["SecretAccessKey"],
+    )
+
+    # Username is set, but password not yet
+    assert as_new_user.CurrentUser().user_name == username
+    assert not as_new_user.CurrentUser().password_last_used
+
+    iam_backend = get_backend("iam")[ACCOUNT_ID]["global"]
+    iam_backend.users[username].password_last_used = datetime.utcnow()
+
+    # Password is returned now
+    assert as_new_user.CurrentUser().password_last_used