add tests

2020-04-29 15:49:14 -05:00 · 2020-04-29 15:49:14 -05:00 · 51e7002cbb
commit 51e7002cbb
parent 48304f81b1
3 changed files with 74 additions and 11 deletions
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@ -4,6 +4,7 @@ import json

 import boto
 import boto3
+import csv
 import os
 import sure  # noqa
 import sys
@ -12,12 +13,14 @@ from botocore.exceptions import ClientError
 from dateutil.tz import tzutc

 from moto import mock_iam, mock_iam_deprecated
-from moto.iam.models import aws_managed_policies
 from moto.core import ACCOUNT_ID
+from moto.iam.models import aws_managed_policies
+from moto.backends import get_backend
 from nose.tools import assert_raises, assert_equals
 from nose.tools import raises

 from datetime import datetime
+from datetime import timezone
 from tests.helpers import requires_boto_gte
 from uuid import uuid4

@ -1215,6 +1218,44 @@ def test_boto3_get_credential_report():
    report.should.match(r".*my-user.*")


+@mock_iam
+def test_boto3_get_credential_report_content():
+    conn = boto3.client("iam", region_name="us-east-1")
+    username = "my-user"
+    conn.create_user(UserName=username)
+    key1 = conn.create_access_key(UserName=username)["AccessKey"]
+    conn.update_access_key(
+        UserName=username, AccessKeyId=key1["AccessKeyId"], Status="Inactive"
+    )
+    key1 = conn.create_access_key(UserName=username)["AccessKey"]
+    iam_backend = get_backend("iam")["global"]
+    timestamp = datetime.now(tz=timezone.utc)
+    iam_backend.users[username].access_keys[1].last_used = timestamp
+    with assert_raises(ClientError):
+        conn.get_credential_report()
+    result = conn.generate_credential_report()
+    while result["State"] != "COMPLETE":
+        result = conn.generate_credential_report()
+    result = conn.get_credential_report()
+    report = result["Content"].decode("utf-8")
+    header = report.split("\n")[0]
+    header.should.equal(
+        "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated"
+    )
+    report_dict = csv.DictReader(report.split("\n"))
+    user = next(report_dict)
+    user["user"].should.equal("my-user")
+    user["access_key_1_active"].should.equal("false")
+    user["access_key_1_last_rotated"].should.equal(
+        timestamp.isoformat(timespec="seconds")
+    )
+    user["access_key_1_last_used_date"].should.equal("N/A")
+    user["access_key_2_active"].should.equal("true")
+    user["access_key_2_last_used_date"].should.equal(
+        timestamp.isoformat(timespec="seconds")
+    )
+
+
@requires_boto_gte("2.39")
@mock_iam_deprecated()
 def test_managed_policy():
@ -1382,7 +1423,7 @@ def test_update_access_key():


@mock_iam
-def test_get_access_key_last_used():
+def test_get_access_key_last_used_when_unused():
    iam = boto3.resource("iam", region_name="us-east-1")
    client = iam.meta.client
    username = "test-user"
@ -1393,11 +1434,28 @@ def test_get_access_key_last_used():
    resp = client.get_access_key_last_used(
        AccessKeyId=create_key_response["AccessKeyId"]
    )
+    resp["AccessKeyLastUsed"].should_not.contain("LastUsedDate")
+    resp["UserName"].should.equal(create_key_response["UserName"])

+
+@mock_iam
+def test_get_access_key_last_used_when_used():
+    iam = boto3.resource("iam", region_name="us-east-1")
+    client = iam.meta.client
+    username = "test-user"
+    iam.create_user(UserName=username)
+    with assert_raises(ClientError):
+        client.get_access_key_last_used(AccessKeyId="non-existent-key-id")
+    create_key_response = client.create_access_key(UserName=username)["AccessKey"]
+    # Set last used date using the IAM backend. Moto currently does not have a mechanism for tracking usage of access keys
+    iam_backend = get_backend("iam")["global"]
+    iam_backend.users[username].access_keys[0].last_used = datetime.utcnow()
+    resp = client.get_access_key_last_used(
+        AccessKeyId=create_key_response["AccessKeyId"]
+    )
    datetime.strftime(
        resp["AccessKeyLastUsed"]["LastUsedDate"], "%Y-%m-%d"
    ).should.equal(datetime.strftime(datetime.utcnow(), "%Y-%m-%d"))
-    resp["UserName"].should.equal(create_key_response["UserName"])


@mock_iam