From 6417b8bf578a5a048d70142afaa3e17e4c442a0d Mon Sep 17 00:00:00 2001
From: Will Bengtson <wbengtson@netflix.com>
Date: Tue, 24 Jul 2018 09:52:39 -0700
Subject: [PATCH 1/4] start of get_account_authorization_details for iam

---
 moto/iam/models.py    |   3 +
 moto/iam/responses.py | 427 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 430 insertions(+)

diff --git a/moto/iam/models.py b/moto/iam/models.py
index 8b632e555092..650b9e487621 100644
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@@ -905,5 +905,8 @@ def create_account_alias(self, alias):
     def delete_account_alias(self, alias):
         self.account_aliases = []
 
+    def get_account_authorization_details(self, filter):
+        return {}
+
 
 iam_backend = IAMBackend()
diff --git a/moto/iam/responses.py b/moto/iam/responses.py
index 786afab08253..b2c7fc6dad3b 100644
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@@ -534,6 +534,14 @@ def delete_account_alias(self):
         template = self.response_template(DELETE_ACCOUNT_ALIAS_TEMPLATE)
         return template.render()
 
+    def get_account_authorization_details(self):
+        print('enter get_account')
+        filter_param = self._get_param('Filter')
+        iam_backend.get_account_authorization_details(filter_param)
+        template = self.response_template(GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE)
+        print('render template')
+        return template.render()
+
 
 ATTACH_ROLE_POLICY_TEMPLATE = """<AttachRolePolicyResponse>
   <ResponseMetadata>
@@ -1309,3 +1317,422 @@ def delete_account_alias(self):
     <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
   </ResponseMetadata>
 </DeleteAccountAliasResponse>"""
+
+
+LIST_GROUPS_FOR_USER_TEMPLATE = """<ListGroupsForUserResponse>
+  <ListGroupsForUserResult>
+    <Groups>
+        {% for group in groups %}
+        <member>
+            <Path>{{ group.path }}</Path>
+            <GroupName>{{ group.name }}</GroupName>
+            <GroupId>{{ group.id }}</GroupId>
+            <Arn>{{ group.arn }}</Arn>
+        </member>
+        {% endfor %}
+    </Groups>
+    <IsTruncated>false</IsTruncated>
+  </ListGroupsForUserResult>
+  <ResponseMetadata>
+    <RequestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</RequestId>
+  </ResponseMetadata>
+</ListGroupsForUserResponse>"""
+
+
+GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+  <GetAccountAuthorizationDetailsResult>
+    <IsTruncated>true</IsTruncated>
+    <UserDetailList>
+      <member>
+        <GroupList>
+          <member>Admins</member>
+        </GroupList>
+        <AttachedManagedPolicies/>
+        <UserId>AIDACKCEVSQ6C2EXAMPLE</UserId>
+        <Path>/</Path>
+        <UserName>Alice</UserName>
+        <Arn>arn:aws:iam::123456789012:user/Alice</Arn>
+        <CreateDate>2013-10-14T18:32:24Z</CreateDate>
+      </member>
+      <member>
+        <GroupList>
+          <member>Admins</member>
+        </GroupList>
+        <AttachedManagedPolicies/>
+        <UserPolicyList>
+          <member>
+            <PolicyName>DenyBillingAndIAMPolicy</PolicyName>
+            <PolicyDocument>
+              {"Version":"2012-10-17","Statement":{"Effect":"Deny","Action":
+              ["aws-portal:*","iam:*"],"Resource":"*"}}
+            </PolicyDocument>
+          </member>
+        </UserPolicyList>
+        <UserId>AIDACKCEVSQ6C3EXAMPLE</UserId>
+        <Path>/</Path>
+        <UserName>Bob</UserName>
+        <Arn>arn:aws:iam::123456789012:user/Bob</Arn>
+        <CreateDate>2013-10-14T18:32:25Z</CreateDate>
+      </member>
+      <member>
+        <GroupList>
+          <member>Dev</member>
+        <AttachedManagedPolicies/>
+        </GroupList>
+        <UserId>AIDACKCEVSQ6C4EXAMPLE</UserId>
+        <Path>/</Path>
+        <UserName>Charlie</UserName>
+        <Arn>arn:aws:iam::123456789012:user/Charlie</Arn>
+        <CreateDate>2013-10-14T18:33:56Z</CreateDate>
+      </member>
+      <member>
+        <GroupList>
+          <member>Dev</member>
+        </GroupList>
+        <AttachedManagedPolicies/>
+        <UserId>AIDACKCEVSQ6C5EXAMPLE</UserId>
+        <Path>/</Path>
+        <UserName>Danielle</UserName>
+        <Arn>arn:aws:iam::123456789012:user/Danielle</Arn>
+        <CreateDate>2013-10-14T18:33:56Z</CreateDate>
+      </member>
+      <member>
+        <GroupList>
+          <member>Finance</member>
+        </GroupList>
+        <AttachedManagedPolicies/>
+        <UserId>AIDACKCEVSQ6C6EXAMPLE</UserId>
+        <Path>/</Path>
+        <UserName>Elaine</UserName>
+        <Arn>arn:aws:iam::123456789012:user/Elaine</Arn>
+        <CreateDate>2013-10-14T18:57:48Z</CreateDate>
+      </member>
+    </UserDetailList>
+    <Marker>
+      EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/
+      bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE
+    </Marker>
+    <GroupDetailList>
+      <member>
+        <GroupId>AIDACKCEVSQ6C7EXAMPLE</GroupId>
+        <AttachedManagedPolicies>
+          <member>
+            <PolicyName>AdministratorAccess</PolicyName>
+            <PolicyArn>arn:aws:iam::aws:policy/AdministratorAccess</PolicyArn>
+          </member>
+        </AttachedManagedPolicies>
+        <GroupName>Admins</GroupName>
+        <Path>/</Path>
+        <Arn>arn:aws:iam::123456789012:group/Admins</Arn>
+        <CreateDate>2013-10-14T18:32:24Z</CreateDate>
+        <GroupPolicyList/>
+      </member>
+      <member>
+        <GroupId>AIDACKCEVSQ6C8EXAMPLE</GroupId>
+        <AttachedManagedPolicies>
+          <member>
+            <PolicyName>PowerUserAccess</PolicyName>
+            <PolicyArn>arn:aws:iam::aws:policy/PowerUserAccess</PolicyArn>
+          </member>
+        </AttachedManagedPolicies>
+        <GroupName>Dev</GroupName>
+        <Path>/</Path>
+        <Arn>arn:aws:iam::123456789012:group/Dev</Arn>
+        <CreateDate>2013-10-14T18:33:55Z</CreateDate>
+        <GroupPolicyList/>
+      </member>
+      <member>
+        <GroupId>AIDACKCEVSQ6C9EXAMPLE</GroupId>
+        <AttachedManagedPolicies/>
+        <GroupName>Finance</GroupName>
+        <Path>/</Path>
+        <Arn>arn:aws:iam::123456789012:group/Finance</Arn>
+        <CreateDate>2013-10-14T18:57:48Z</CreateDate>
+        <GroupPolicyList>
+          <member>
+            <PolicyName>policygen-201310141157</PolicyName>
+            <PolicyDocument>
+              {"Version":"2012-10-17","Statement":[{"Action":["aws-portal:*"],
+              "Sid":"Stmt1381777017000","Resource":["*"],"Effect":"Allow"}]}
+            </PolicyDocument>
+          </member>
+        </GroupPolicyList>
+      </member>
+    </GroupDetailList>
+    <RoleDetailList>
+      <member>
+        <RolePolicyList/>
+        <AttachedManagedPolicies>
+          <member>
+            <PolicyName>AmazonS3FullAccess</PolicyName>
+            <PolicyArn>arn:aws:iam::aws:policy/AmazonS3FullAccess</PolicyArn>
+          </member>
+          <member>
+            <PolicyName>AmazonDynamoDBFullAccess</PolicyName>
+            <PolicyArn>arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess</PolicyArn>
+          </member>
+        </AttachedManagedPolicies>
+        <InstanceProfileList>
+          <member>
+            <InstanceProfileName>EC2role</InstanceProfileName>
+            <Roles>
+              <member>
+                <Path>/</Path>
+                <Arn>arn:aws:iam::123456789012:role/EC2role</Arn>
+                <RoleName>EC2role</RoleName>
+                <AssumeRolePolicyDocument>
+                  {"Version":"2012-10-17","Statement":[{"Sid":"",
+                  "Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},
+                  "Action":"sts:AssumeRole"}]}
+                </AssumeRolePolicyDocument>
+                <CreateDate>2014-07-30T17:09:20Z</CreateDate>
+                <RoleId>AROAFP4BKI7Y7TEXAMPLE</RoleId>
+              </member>
+            </Roles>
+            <Path>/</Path>
+            <Arn>arn:aws:iam::123456789012:instance-profile/EC2role</Arn>
+            <InstanceProfileId>AIPAFFYRBHWXW2EXAMPLE</InstanceProfileId>
+            <CreateDate>2014-07-30T17:09:20Z</CreateDate>
+          </member>
+        </InstanceProfileList>
+        <Path>/</Path>
+        <Arn>arn:aws:iam::123456789012:role/EC2role</Arn>
+        <RoleName>EC2role</RoleName>
+        <AssumeRolePolicyDocument>
+          {"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow",
+          "Principal":{"Service":"ec2.amazonaws.com"},
+          "Action":"sts:AssumeRole"}]}
+        </AssumeRolePolicyDocument>
+        <CreateDate>2014-07-30T17:09:20Z</CreateDate>
+        <RoleId>AROAFP4BKI7Y7TEXAMPLE</RoleId>
+      </member>
+    </RoleDetailList>
+    <Policies>
+      <member>
+        <PolicyName>create-update-delete-set-managed-policies</PolicyName>
+        <DefaultVersionId>v1</DefaultVersionId>
+        <PolicyId>ANPAJ2UCCR6DPCEXAMPLE</PolicyId>
+        <Path>/</Path>
+        <PolicyVersionList>
+          <member>
+            <Document>
+              {"Version":"2012-10-17","Statement":{"Effect":"Allow",
+              "Action":["iam:CreatePolicy","iam:CreatePolicyVersion",
+              "iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy",
+              "iam:GetPolicyVersion","iam:ListPolicies",
+              "iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"],
+              "Resource":"*"}}
+            </Document>
+            <IsDefaultVersion>true</IsDefaultVersion>
+            <VersionId>v1</VersionId>
+            <CreateDate>2015-02-06T19:58:34Z</CreateDate>
+          </member>
+        </PolicyVersionList>
+        <Arn>
+          arn:aws:iam::123456789012:policy/create-update-delete-set-managed-policies
+        </Arn>
+        <AttachmentCount>1</AttachmentCount>
+        <CreateDate>2015-02-06T19:58:34Z</CreateDate>
+        <IsAttachable>true</IsAttachable>
+        <UpdateDate>2015-02-06T19:58:34Z</UpdateDate>
+      </member>
+      <member>
+        <PolicyName>S3-read-only-specific-bucket</PolicyName>
+        <DefaultVersionId>v1</DefaultVersionId>
+        <PolicyId>ANPAJ4AE5446DAEXAMPLE</PolicyId>
+        <Path>/</Path>
+        <PolicyVersionList>
+          <member>
+            <Document>
+              {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":
+              ["s3:Get*","s3:List*"],"Resource":["arn:aws:s3:::example-bucket",
+              "arn:aws:s3:::example-bucket/*"]}]}
+            </Document>
+            <IsDefaultVersion>true</IsDefaultVersion>
+            <VersionId>v1</VersionId>
+            <CreateDate>2015-01-21T21:39:41Z</CreateDate>
+          </member>
+        </PolicyVersionList>
+        <Arn>arn:aws:iam::123456789012:policy/S3-read-only-specific-bucket</Arn>
+        <AttachmentCount>1</AttachmentCount>
+        <CreateDate>2015-01-21T21:39:41Z</CreateDate>
+        <IsAttachable>true</IsAttachable>
+        <UpdateDate>2015-01-21T23:39:41Z</UpdateDate>
+      </member>
+      <member>
+        <PolicyName>AWSOpsWorksRole</PolicyName>
+        <DefaultVersionId>v1</DefaultVersionId>
+        <PolicyId>ANPAE376NQ77WV6KGJEBE</PolicyId>
+        <Path>/service-role/</Path>
+        <PolicyVersionList>
+          <member>
+            <Document>
+              {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":
+              ["cloudwatch:GetMetricStatistics","ec2:DescribeAccountAttributes",
+              "ec2:DescribeAvailabilityZones","ec2:DescribeInstances",
+              "ec2:DescribeKeyPairs","ec2:DescribeSecurityGroups","ec2:DescribeSubnets",
+              "ec2:DescribeVpcs","elasticloadbalancing:DescribeInstanceHealth",
+              "elasticloadbalancing:DescribeLoadBalancers","iam:GetRolePolicy",
+              "iam:ListInstanceProfiles","iam:ListRoles","iam:ListUsers",
+              "iam:PassRole","opsworks:*","rds:*"],"Resource":["*"]}]}
+            </Document>
+            <IsDefaultVersion>true</IsDefaultVersion>
+            <VersionId>v1</VersionId>
+            <CreateDate>2014-12-10T22:57:47Z</CreateDate>
+          </member>
+        </PolicyVersionList>
+        <Arn>arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole</Arn>
+        <AttachmentCount>1</AttachmentCount>
+        <CreateDate>2015-02-06T18:41:27Z</CreateDate>
+        <IsAttachable>true</IsAttachable>
+        <UpdateDate>2015-02-06T18:41:27Z</UpdateDate>
+      </member>
+      <member>
+        <PolicyName>AmazonEC2FullAccess</PolicyName>
+        <DefaultVersionId>v1</DefaultVersionId>
+        <PolicyId>ANPAE3QWE5YT46TQ34WLG</PolicyId>
+        <Path>/</Path>
+        <PolicyVersionList>
+          <member>
+            <Document>
+              {"Version":"2012-10-17","Statement":[{"Action":"ec2:*",
+              "Effect":"Allow","Resource":"*"},{"Effect":"Allow",
+              "Action":"elasticloadbalancing:*","Resource":"*"},{"Effect":"Allow",
+              "Action":"cloudwatch:*","Resource":"*"},{"Effect":"Allow",
+              "Action":"autoscaling:*","Resource":"*"}]}
+            </Document>
+            <IsDefaultVersion>true</IsDefaultVersion>
+            <VersionId>v1</VersionId>
+            <CreateDate>2014-10-30T20:59:46Z</CreateDate>
+          </member>
+        </PolicyVersionList>
+        <Arn>arn:aws:iam::aws:policy/AmazonEC2FullAccess</Arn>
+        <AttachmentCount>1</AttachmentCount>
+        <CreateDate>2015-02-06T18:40:15Z</CreateDate>
+        <IsAttachable>true</IsAttachable>
+        <UpdateDate>2015-02-06T18:40:15Z</UpdateDate>
+      </member>
+    </Policies>
+  </GetAccountAuthorizationDetailsResult>
+  <ResponseMetadata>
+    <RequestId>92e79ae7-7399-11e4-8c85-4b53eEXAMPLE</RequestId>
+  </ResponseMetadata>
+</GetAccountAuthorizationDetailsResponse>"""
+# GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+#   <GetAccountAuthorizationDetailsResult>
+#     <IsTruncated>true</IsTruncated>
+#     <UserDetailList>
+#     {% for user in users %}
+#       <member>
+#         </GroupList>
+#         <AttachedManagedPolicies/>
+#         <UserId>{{ user.id }}</UserId>
+#         <Path>{{ user.path }}</Path>
+#         <UserName>{{ user.name }}</UserName>
+#         <Arn>{{ user.arn }}</Arn>
+#         <CreateDate>2012-05-09T15:45:35Z</CreateDate>
+#       </member>
+#     {% endfor %}
+#     </UserDetailList>
+#     <Marker>
+#       EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/
+#       bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE
+#     </Marker>
+#     <GroupDetailList>
+#     {% for group in groups %}
+#       <member>
+#         <GroupId>{{ group.id }}</GroupId>
+#         <AttachedManagedPolicies>
+#           <member>
+#             <PolicyName>AdministratorAccess</PolicyName>
+#             <PolicyArn>arn:aws:iam::aws:policy/AdministratorAccess</PolicyArn>
+#           </member>
+#         </AttachedManagedPolicies>
+#         <GroupName>{{ group.name }}</GroupName>
+#         <Path>{{ group.path }}</Path>
+#         <Arn>{{ group.arn }}</Arn>
+#         <CreateDate>{{ group.created_iso_8601 }}</CreateDate>
+#         <GroupPolicyList/>
+#       </member>
+#     {% endfor %}
+#     </GroupDetailList>
+#     <RoleDetailList>
+#     {% for role in roles %}
+#       <member>
+#         <RolePolicyList/>
+#         <AttachedManagedPolicies>
+#         {% for policy in policies %}
+#             <member>
+#                 <PolicyName>{{ policy.name }}</PolicyName>
+#                 <PolicyArn>{{ policy.arn }}</PolicyArn>
+#             </member>
+#         {% endfor %}
+#         </AttachedManagedPolicies>
+#         <InstanceProfileList>
+#             {% for profile in instance_profiles %}
+#             <member>
+#             <Id>{{ profile.id }}</Id>
+#               <Roles>
+#                 {% for role in profile.roles %}
+#                 <member>
+#                   <Path>{{ role.path }}</Path>
+#                   <Arn>{{ role.arn }}</Arn>
+#                   <RoleName>{{ role.name }}</RoleName>
+#                   <AssumeRolePolicyDocument>{{ role.assume_policy_document }}</AssumeRolePolicyDocument>
+#                   <CreateDate>2012-05-09T15:45:35Z</CreateDate>
+#                   <RoleId>{{ role.id }}</RoleId>
+#                 </member>
+#                 {% endfor %}
+#               </Roles>
+#               <InstanceProfileName>{{ profile.name }}</InstanceProfileName>
+#               <Path>{{ profile.path }}</Path>
+#               <Arn>{{ profile.arn }}</Arn>
+#               <CreateDate>2012-05-09T16:27:11Z</CreateDate>
+#             </member>
+#             {% endfor %}
+#         </InstanceProfileList>
+#         <Path>{{ role.path }}</Path>
+#         <Arn>{{ role.arn }}</Arn>
+#         <RoleName>{{ role.name }}</RoleName>
+#         <AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
+#         <CreateDate>2014-07-30T17:09:20Z</CreateDate>
+#         <RoleId>{{ role.id }}</RoleId>
+#       </member>
+#     {% endfor %}
+#     </RoleDetailList>
+#     <Policies>
+#     {% for policy in policies %}
+#       <member>
+#         <PolicyName>{{ policy.name }}</PolicyName>
+#         <DefaultVersionId>{{ policy.default_version_id }}</DefaultVersionId>
+#         <PolicyId>{{ policy.id }}</PolicyId>
+#         <Path>{{ policy.path }}</Path>
+#         <PolicyVersionList>
+#           <member>
+#             <Document>
+#               {"Version":"2012-10-17","Statement":{"Effect":"Allow",
+#               "Action":["iam:CreatePolicy","iam:CreatePolicyVersion",
+#               "iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy",
+#               "iam:GetPolicyVersion","iam:ListPolicies",
+#               "iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"],
+#               "Resource":"*"}}
+#             </Document>
+#             <IsDefaultVersion>true</IsDefaultVersion>
+#             <VersionId>v1</VersionId>
+#             <CreateDate>{{ policy.create_datetime.isoformat() }}</CreateDate>
+#           </member>
+#         </PolicyVersionList>
+#         <Arn>{{ policy.arn }}</Arn>
+#         <AttachmentCount>1</AttachmentCount>
+#         <CreateDate>{{ policy.create_datetime.isoformat() }}</CreateDate>
+#         <IsAttachable>true</IsAttachable>
+#         <UpdateDate>{{ policy.update_datetime.isoformat() }}</UpdateDate>
+#       </member>
+#     {% endfor %}
+#     </Policies>
+#   </GetAccountAuthorizationDetailsResult>
+#   <ResponseMetadata>
+#     <RequestId>92e79ae7-7399-11e4-8c85-4b53eEXAMPLE</RequestId>
+#   </ResponseMetadata>
+# </GetAccountAuthorizationDetailsResponse>"""
+

From f2cae1325e6cec622e727590ce51bf8d3a7a526c Mon Sep 17 00:00:00 2001
From: Will Bengtson <wbengtson@netflix.com>
Date: Tue, 24 Jul 2018 15:01:15 -0700
Subject: [PATCH 2/4] add get_account_authorization_details dynamic template

---
 moto/iam/models.py    |  16 +-
 moto/iam/responses.py | 692 +++++++++++++++++++++---------------------
 2 files changed, 364 insertions(+), 344 deletions(-)

diff --git a/moto/iam/models.py b/moto/iam/models.py
index 650b9e487621..243a4e3f37d9 100644
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@@ -906,7 +906,21 @@ def delete_account_alias(self, alias):
         self.account_aliases = []
 
     def get_account_authorization_details(self, filter):
-        return {}
+        policies = self.managed_policies.values()
+        local_policies = set(policies) - set(aws_managed_policies)
+        returned_policies = []
+
+        if 'AWSManagedPolicy' in filter:
+            returned_policies = aws_managed_policies
+        if 'LocalManagedPolicy' in filter:
+            returned_policies = returned_policies + list(local_policies)
 
+        return {
+            'instance_profiles': self.instance_profiles.values(),
+            'roles': self.roles.values(),
+            'groups': self.groups.values(),
+            'users': self.users.values(),
+            'managed_policies': returned_policies
+        }
 
 iam_backend = IAMBackend()
diff --git a/moto/iam/responses.py b/moto/iam/responses.py
index b2c7fc6dad3b..bd4ccf45d53a 100644
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@@ -535,12 +535,16 @@ def delete_account_alias(self):
         return template.render()
 
     def get_account_authorization_details(self):
-        print('enter get_account')
-        filter_param = self._get_param('Filter')
-        iam_backend.get_account_authorization_details(filter_param)
+        filter_param = self._get_multi_param('Filter.member')
+        account_details = iam_backend.get_account_authorization_details(filter_param)
         template = self.response_template(GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE)
-        print('render template')
-        return template.render()
+        return template.render(
+            instance_profiles=account_details['instance_profiles'],
+            policies=account_details['managed_policies'],
+            users=account_details['users'],
+            groups=account_details['groups'],
+            roles=account_details['roles']
+        )
 
 
 ATTACH_ROLE_POLICY_TEMPLATE = """<AttachRolePolicyResponse>
@@ -1339,374 +1343,180 @@ def get_account_authorization_details(self):
 </ListGroupsForUserResponse>"""
 
 
-GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
-  <GetAccountAuthorizationDetailsResult>
-    <IsTruncated>true</IsTruncated>
-    <UserDetailList>
-      <member>
-        <GroupList>
-          <member>Admins</member>
-        </GroupList>
-        <AttachedManagedPolicies/>
-        <UserId>AIDACKCEVSQ6C2EXAMPLE</UserId>
-        <Path>/</Path>
-        <UserName>Alice</UserName>
-        <Arn>arn:aws:iam::123456789012:user/Alice</Arn>
-        <CreateDate>2013-10-14T18:32:24Z</CreateDate>
-      </member>
-      <member>
-        <GroupList>
-          <member>Admins</member>
-        </GroupList>
-        <AttachedManagedPolicies/>
-        <UserPolicyList>
-          <member>
-            <PolicyName>DenyBillingAndIAMPolicy</PolicyName>
-            <PolicyDocument>
-              {"Version":"2012-10-17","Statement":{"Effect":"Deny","Action":
-              ["aws-portal:*","iam:*"],"Resource":"*"}}
-            </PolicyDocument>
-          </member>
-        </UserPolicyList>
-        <UserId>AIDACKCEVSQ6C3EXAMPLE</UserId>
-        <Path>/</Path>
-        <UserName>Bob</UserName>
-        <Arn>arn:aws:iam::123456789012:user/Bob</Arn>
-        <CreateDate>2013-10-14T18:32:25Z</CreateDate>
-      </member>
-      <member>
-        <GroupList>
-          <member>Dev</member>
-        <AttachedManagedPolicies/>
-        </GroupList>
-        <UserId>AIDACKCEVSQ6C4EXAMPLE</UserId>
-        <Path>/</Path>
-        <UserName>Charlie</UserName>
-        <Arn>arn:aws:iam::123456789012:user/Charlie</Arn>
-        <CreateDate>2013-10-14T18:33:56Z</CreateDate>
-      </member>
-      <member>
-        <GroupList>
-          <member>Dev</member>
-        </GroupList>
-        <AttachedManagedPolicies/>
-        <UserId>AIDACKCEVSQ6C5EXAMPLE</UserId>
-        <Path>/</Path>
-        <UserName>Danielle</UserName>
-        <Arn>arn:aws:iam::123456789012:user/Danielle</Arn>
-        <CreateDate>2013-10-14T18:33:56Z</CreateDate>
-      </member>
-      <member>
-        <GroupList>
-          <member>Finance</member>
-        </GroupList>
-        <AttachedManagedPolicies/>
-        <UserId>AIDACKCEVSQ6C6EXAMPLE</UserId>
-        <Path>/</Path>
-        <UserName>Elaine</UserName>
-        <Arn>arn:aws:iam::123456789012:user/Elaine</Arn>
-        <CreateDate>2013-10-14T18:57:48Z</CreateDate>
-      </member>
-    </UserDetailList>
-    <Marker>
-      EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/
-      bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE
-    </Marker>
-    <GroupDetailList>
-      <member>
-        <GroupId>AIDACKCEVSQ6C7EXAMPLE</GroupId>
-        <AttachedManagedPolicies>
-          <member>
-            <PolicyName>AdministratorAccess</PolicyName>
-            <PolicyArn>arn:aws:iam::aws:policy/AdministratorAccess</PolicyArn>
-          </member>
-        </AttachedManagedPolicies>
-        <GroupName>Admins</GroupName>
-        <Path>/</Path>
-        <Arn>arn:aws:iam::123456789012:group/Admins</Arn>
-        <CreateDate>2013-10-14T18:32:24Z</CreateDate>
-        <GroupPolicyList/>
-      </member>
-      <member>
-        <GroupId>AIDACKCEVSQ6C8EXAMPLE</GroupId>
-        <AttachedManagedPolicies>
-          <member>
-            <PolicyName>PowerUserAccess</PolicyName>
-            <PolicyArn>arn:aws:iam::aws:policy/PowerUserAccess</PolicyArn>
-          </member>
-        </AttachedManagedPolicies>
-        <GroupName>Dev</GroupName>
-        <Path>/</Path>
-        <Arn>arn:aws:iam::123456789012:group/Dev</Arn>
-        <CreateDate>2013-10-14T18:33:55Z</CreateDate>
-        <GroupPolicyList/>
-      </member>
-      <member>
-        <GroupId>AIDACKCEVSQ6C9EXAMPLE</GroupId>
-        <AttachedManagedPolicies/>
-        <GroupName>Finance</GroupName>
-        <Path>/</Path>
-        <Arn>arn:aws:iam::123456789012:group/Finance</Arn>
-        <CreateDate>2013-10-14T18:57:48Z</CreateDate>
-        <GroupPolicyList>
-          <member>
-            <PolicyName>policygen-201310141157</PolicyName>
-            <PolicyDocument>
-              {"Version":"2012-10-17","Statement":[{"Action":["aws-portal:*"],
-              "Sid":"Stmt1381777017000","Resource":["*"],"Effect":"Allow"}]}
-            </PolicyDocument>
-          </member>
-        </GroupPolicyList>
-      </member>
-    </GroupDetailList>
-    <RoleDetailList>
-      <member>
-        <RolePolicyList/>
-        <AttachedManagedPolicies>
-          <member>
-            <PolicyName>AmazonS3FullAccess</PolicyName>
-            <PolicyArn>arn:aws:iam::aws:policy/AmazonS3FullAccess</PolicyArn>
-          </member>
-          <member>
-            <PolicyName>AmazonDynamoDBFullAccess</PolicyName>
-            <PolicyArn>arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess</PolicyArn>
-          </member>
-        </AttachedManagedPolicies>
-        <InstanceProfileList>
-          <member>
-            <InstanceProfileName>EC2role</InstanceProfileName>
-            <Roles>
-              <member>
-                <Path>/</Path>
-                <Arn>arn:aws:iam::123456789012:role/EC2role</Arn>
-                <RoleName>EC2role</RoleName>
-                <AssumeRolePolicyDocument>
-                  {"Version":"2012-10-17","Statement":[{"Sid":"",
-                  "Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},
-                  "Action":"sts:AssumeRole"}]}
-                </AssumeRolePolicyDocument>
-                <CreateDate>2014-07-30T17:09:20Z</CreateDate>
-                <RoleId>AROAFP4BKI7Y7TEXAMPLE</RoleId>
-              </member>
-            </Roles>
-            <Path>/</Path>
-            <Arn>arn:aws:iam::123456789012:instance-profile/EC2role</Arn>
-            <InstanceProfileId>AIPAFFYRBHWXW2EXAMPLE</InstanceProfileId>
-            <CreateDate>2014-07-30T17:09:20Z</CreateDate>
-          </member>
-        </InstanceProfileList>
-        <Path>/</Path>
-        <Arn>arn:aws:iam::123456789012:role/EC2role</Arn>
-        <RoleName>EC2role</RoleName>
-        <AssumeRolePolicyDocument>
-          {"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow",
-          "Principal":{"Service":"ec2.amazonaws.com"},
-          "Action":"sts:AssumeRole"}]}
-        </AssumeRolePolicyDocument>
-        <CreateDate>2014-07-30T17:09:20Z</CreateDate>
-        <RoleId>AROAFP4BKI7Y7TEXAMPLE</RoleId>
-      </member>
-    </RoleDetailList>
-    <Policies>
-      <member>
-        <PolicyName>create-update-delete-set-managed-policies</PolicyName>
-        <DefaultVersionId>v1</DefaultVersionId>
-        <PolicyId>ANPAJ2UCCR6DPCEXAMPLE</PolicyId>
-        <Path>/</Path>
-        <PolicyVersionList>
-          <member>
-            <Document>
-              {"Version":"2012-10-17","Statement":{"Effect":"Allow",
-              "Action":["iam:CreatePolicy","iam:CreatePolicyVersion",
-              "iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy",
-              "iam:GetPolicyVersion","iam:ListPolicies",
-              "iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"],
-              "Resource":"*"}}
-            </Document>
-            <IsDefaultVersion>true</IsDefaultVersion>
-            <VersionId>v1</VersionId>
-            <CreateDate>2015-02-06T19:58:34Z</CreateDate>
-          </member>
-        </PolicyVersionList>
-        <Arn>
-          arn:aws:iam::123456789012:policy/create-update-delete-set-managed-policies
-        </Arn>
-        <AttachmentCount>1</AttachmentCount>
-        <CreateDate>2015-02-06T19:58:34Z</CreateDate>
-        <IsAttachable>true</IsAttachable>
-        <UpdateDate>2015-02-06T19:58:34Z</UpdateDate>
-      </member>
-      <member>
-        <PolicyName>S3-read-only-specific-bucket</PolicyName>
-        <DefaultVersionId>v1</DefaultVersionId>
-        <PolicyId>ANPAJ4AE5446DAEXAMPLE</PolicyId>
-        <Path>/</Path>
-        <PolicyVersionList>
-          <member>
-            <Document>
-              {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":
-              ["s3:Get*","s3:List*"],"Resource":["arn:aws:s3:::example-bucket",
-              "arn:aws:s3:::example-bucket/*"]}]}
-            </Document>
-            <IsDefaultVersion>true</IsDefaultVersion>
-            <VersionId>v1</VersionId>
-            <CreateDate>2015-01-21T21:39:41Z</CreateDate>
-          </member>
-        </PolicyVersionList>
-        <Arn>arn:aws:iam::123456789012:policy/S3-read-only-specific-bucket</Arn>
-        <AttachmentCount>1</AttachmentCount>
-        <CreateDate>2015-01-21T21:39:41Z</CreateDate>
-        <IsAttachable>true</IsAttachable>
-        <UpdateDate>2015-01-21T23:39:41Z</UpdateDate>
-      </member>
-      <member>
-        <PolicyName>AWSOpsWorksRole</PolicyName>
-        <DefaultVersionId>v1</DefaultVersionId>
-        <PolicyId>ANPAE376NQ77WV6KGJEBE</PolicyId>
-        <Path>/service-role/</Path>
-        <PolicyVersionList>
-          <member>
-            <Document>
-              {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":
-              ["cloudwatch:GetMetricStatistics","ec2:DescribeAccountAttributes",
-              "ec2:DescribeAvailabilityZones","ec2:DescribeInstances",
-              "ec2:DescribeKeyPairs","ec2:DescribeSecurityGroups","ec2:DescribeSubnets",
-              "ec2:DescribeVpcs","elasticloadbalancing:DescribeInstanceHealth",
-              "elasticloadbalancing:DescribeLoadBalancers","iam:GetRolePolicy",
-              "iam:ListInstanceProfiles","iam:ListRoles","iam:ListUsers",
-              "iam:PassRole","opsworks:*","rds:*"],"Resource":["*"]}]}
-            </Document>
-            <IsDefaultVersion>true</IsDefaultVersion>
-            <VersionId>v1</VersionId>
-            <CreateDate>2014-12-10T22:57:47Z</CreateDate>
-          </member>
-        </PolicyVersionList>
-        <Arn>arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole</Arn>
-        <AttachmentCount>1</AttachmentCount>
-        <CreateDate>2015-02-06T18:41:27Z</CreateDate>
-        <IsAttachable>true</IsAttachable>
-        <UpdateDate>2015-02-06T18:41:27Z</UpdateDate>
-      </member>
-      <member>
-        <PolicyName>AmazonEC2FullAccess</PolicyName>
-        <DefaultVersionId>v1</DefaultVersionId>
-        <PolicyId>ANPAE3QWE5YT46TQ34WLG</PolicyId>
-        <Path>/</Path>
-        <PolicyVersionList>
-          <member>
-            <Document>
-              {"Version":"2012-10-17","Statement":[{"Action":"ec2:*",
-              "Effect":"Allow","Resource":"*"},{"Effect":"Allow",
-              "Action":"elasticloadbalancing:*","Resource":"*"},{"Effect":"Allow",
-              "Action":"cloudwatch:*","Resource":"*"},{"Effect":"Allow",
-              "Action":"autoscaling:*","Resource":"*"}]}
-            </Document>
-            <IsDefaultVersion>true</IsDefaultVersion>
-            <VersionId>v1</VersionId>
-            <CreateDate>2014-10-30T20:59:46Z</CreateDate>
-          </member>
-        </PolicyVersionList>
-        <Arn>arn:aws:iam::aws:policy/AmazonEC2FullAccess</Arn>
-        <AttachmentCount>1</AttachmentCount>
-        <CreateDate>2015-02-06T18:40:15Z</CreateDate>
-        <IsAttachable>true</IsAttachable>
-        <UpdateDate>2015-02-06T18:40:15Z</UpdateDate>
-      </member>
-    </Policies>
-  </GetAccountAuthorizationDetailsResult>
-  <ResponseMetadata>
-    <RequestId>92e79ae7-7399-11e4-8c85-4b53eEXAMPLE</RequestId>
-  </ResponseMetadata>
-</GetAccountAuthorizationDetailsResponse>"""
 # GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
 #   <GetAccountAuthorizationDetailsResult>
-#     <IsTruncated>true</IsTruncated>
+#     <IsTruncated>false</IsTruncated>
 #     <UserDetailList>
-#     {% for user in users %}
 #       <member>
+#         <GroupList>
+#           <member>Admins</member>
 #         </GroupList>
 #         <AttachedManagedPolicies/>
-#         <UserId>{{ user.id }}</UserId>
-#         <Path>{{ user.path }}</Path>
-#         <UserName>{{ user.name }}</UserName>
-#         <Arn>{{ user.arn }}</Arn>
-#         <CreateDate>2012-05-09T15:45:35Z</CreateDate>
+#         <UserId>AIDACKCEVSQ6C2EXAMPLE</UserId>
+#         <Path>/</Path>
+#         <UserName>Alice</UserName>
+#         <Arn>arn:aws:iam::123456789012:user/Alice</Arn>
+#         <CreateDate>2013-10-14T18:32:24Z</CreateDate>
+#       </member>
+#       <member>
+#         <GroupList>
+#           <member>Admins</member>
+#         </GroupList>
+#         <AttachedManagedPolicies/>
+#         <UserPolicyList>
+#           <member>
+#             <PolicyName>DenyBillingAndIAMPolicy</PolicyName>
+#             <PolicyDocument>
+#               {"Version":"2012-10-17","Statement":{"Effect":"Deny","Action":
+#               ["aws-portal:*","iam:*"],"Resource":"*"}}
+#             </PolicyDocument>
+#           </member>
+#         </UserPolicyList>
+#         <UserId>AIDACKCEVSQ6C3EXAMPLE</UserId>
+#         <Path>/</Path>
+#         <UserName>Bob</UserName>
+#         <Arn>arn:aws:iam::123456789012:user/Bob</Arn>
+#         <CreateDate>2013-10-14T18:32:25Z</CreateDate>
+#       </member>
+#       <member>
+#         <GroupList>
+#           <member>Dev</member>
+#         <AttachedManagedPolicies/>
+#         </GroupList>
+#         <UserId>AIDACKCEVSQ6C4EXAMPLE</UserId>
+#         <Path>/</Path>
+#         <UserName>Charlie</UserName>
+#         <Arn>arn:aws:iam::123456789012:user/Charlie</Arn>
+#         <CreateDate>2013-10-14T18:33:56Z</CreateDate>
+#       </member>
+#       <member>
+#         <GroupList>
+#           <member>Dev</member>
+#         </GroupList>
+#         <AttachedManagedPolicies/>
+#         <UserId>AIDACKCEVSQ6C5EXAMPLE</UserId>
+#         <Path>/</Path>
+#         <UserName>Danielle</UserName>
+#         <Arn>arn:aws:iam::123456789012:user/Danielle</Arn>
+#         <CreateDate>2013-10-14T18:33:56Z</CreateDate>
+#       </member>
+#       <member>
+#         <GroupList>
+#           <member>Finance</member>
+#         </GroupList>
+#         <AttachedManagedPolicies/>
+#         <UserId>AIDACKCEVSQ6C6EXAMPLE</UserId>
+#         <Path>/</Path>
+#         <UserName>Elaine</UserName>
+#         <Arn>arn:aws:iam::123456789012:user/Elaine</Arn>
+#         <CreateDate>2013-10-14T18:57:48Z</CreateDate>
 #       </member>
-#     {% endfor %}
 #     </UserDetailList>
 #     <Marker>
 #       EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/
 #       bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE
 #     </Marker>
 #     <GroupDetailList>
-#     {% for group in groups %}
 #       <member>
-#         <GroupId>{{ group.id }}</GroupId>
+#         <GroupId>AIDACKCEVSQ6C7EXAMPLE</GroupId>
 #         <AttachedManagedPolicies>
 #           <member>
 #             <PolicyName>AdministratorAccess</PolicyName>
 #             <PolicyArn>arn:aws:iam::aws:policy/AdministratorAccess</PolicyArn>
 #           </member>
 #         </AttachedManagedPolicies>
-#         <GroupName>{{ group.name }}</GroupName>
-#         <Path>{{ group.path }}</Path>
-#         <Arn>{{ group.arn }}</Arn>
-#         <CreateDate>{{ group.created_iso_8601 }}</CreateDate>
+#         <GroupName>Admins</GroupName>
+#         <Path>/</Path>
+#         <Arn>arn:aws:iam::123456789012:group/Admins</Arn>
+#         <CreateDate>2013-10-14T18:32:24Z</CreateDate>
 #         <GroupPolicyList/>
 #       </member>
-#     {% endfor %}
+#       <member>
+#         <GroupId>AIDACKCEVSQ6C8EXAMPLE</GroupId>
+#         <AttachedManagedPolicies>
+#           <member>
+#             <PolicyName>PowerUserAccess</PolicyName>
+#             <PolicyArn>arn:aws:iam::aws:policy/PowerUserAccess</PolicyArn>
+#           </member>
+#         </AttachedManagedPolicies>
+#         <GroupName>Dev</GroupName>
+#         <Path>/</Path>
+#         <Arn>arn:aws:iam::123456789012:group/Dev</Arn>
+#         <CreateDate>2013-10-14T18:33:55Z</CreateDate>
+#         <GroupPolicyList/>
+#       </member>
+#       <member>
+#         <GroupId>AIDACKCEVSQ6C9EXAMPLE</GroupId>
+#         <AttachedManagedPolicies/>
+#         <GroupName>Finance</GroupName>
+#         <Path>/</Path>
+#         <Arn>arn:aws:iam::123456789012:group/Finance</Arn>
+#         <CreateDate>2013-10-14T18:57:48Z</CreateDate>
+#         <GroupPolicyList>
+#           <member>
+#             <PolicyName>policygen-201310141157</PolicyName>
+#             <PolicyDocument>
+#               {"Version":"2012-10-17","Statement":[{"Action":["aws-portal:*"],
+#               "Sid":"Stmt1381777017000","Resource":["*"],"Effect":"Allow"}]}
+#             </PolicyDocument>
+#           </member>
+#         </GroupPolicyList>
+#       </member>
 #     </GroupDetailList>
 #     <RoleDetailList>
-#     {% for role in roles %}
 #       <member>
 #         <RolePolicyList/>
 #         <AttachedManagedPolicies>
-#         {% for policy in policies %}
-#             <member>
-#                 <PolicyName>{{ policy.name }}</PolicyName>
-#                 <PolicyArn>{{ policy.arn }}</PolicyArn>
-#             </member>
-#         {% endfor %}
+#           <member>
+#             <PolicyName>AmazonS3FullAccess</PolicyName>
+#             <PolicyArn>arn:aws:iam::aws:policy/AmazonS3FullAccess</PolicyArn>
+#           </member>
+#           <member>
+#             <PolicyName>AmazonDynamoDBFullAccess</PolicyName>
+#             <PolicyArn>arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess</PolicyArn>
+#           </member>
 #         </AttachedManagedPolicies>
 #         <InstanceProfileList>
-#             {% for profile in instance_profiles %}
-#             <member>
-#             <Id>{{ profile.id }}</Id>
-#               <Roles>
-#                 {% for role in profile.roles %}
-#                 <member>
-#                   <Path>{{ role.path }}</Path>
-#                   <Arn>{{ role.arn }}</Arn>
-#                   <RoleName>{{ role.name }}</RoleName>
-#                   <AssumeRolePolicyDocument>{{ role.assume_policy_document }}</AssumeRolePolicyDocument>
-#                   <CreateDate>2012-05-09T15:45:35Z</CreateDate>
-#                   <RoleId>{{ role.id }}</RoleId>
-#                 </member>
-#                 {% endfor %}
-#               </Roles>
-#               <InstanceProfileName>{{ profile.name }}</InstanceProfileName>
-#               <Path>{{ profile.path }}</Path>
-#               <Arn>{{ profile.arn }}</Arn>
-#               <CreateDate>2012-05-09T16:27:11Z</CreateDate>
-#             </member>
-#             {% endfor %}
+#           <member>
+#             <InstanceProfileName>EC2role</InstanceProfileName>
+#             <Roles>
+#               <member>
+#                 <Path>/</Path>
+#                 <Arn>arn:aws:iam::123456789012:role/EC2role</Arn>
+#                 <RoleName>EC2role</RoleName>
+#                 <AssumeRolePolicyDocument>
+#                   {"Version":"2012-10-17","Statement":[{"Sid":"",
+#                   "Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},
+#                   "Action":"sts:AssumeRole"}]}
+#                 </AssumeRolePolicyDocument>
+#                 <CreateDate>2014-07-30T17:09:20Z</CreateDate>
+#                 <RoleId>AROAFP4BKI7Y7TEXAMPLE</RoleId>
+#               </member>
+#             </Roles>
+#             <Path>/</Path>
+#             <Arn>arn:aws:iam::123456789012:instance-profile/EC2role</Arn>
+#             <InstanceProfileId>AIPAFFYRBHWXW2EXAMPLE</InstanceProfileId>
+#             <CreateDate>2014-07-30T17:09:20Z</CreateDate>
+#           </member>
 #         </InstanceProfileList>
-#         <Path>{{ role.path }}</Path>
-#         <Arn>{{ role.arn }}</Arn>
-#         <RoleName>{{ role.name }}</RoleName>
-#         <AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
+#         <Path>/</Path>
+#         <Arn>arn:aws:iam::123456789012:role/EC2role</Arn>
+#         <RoleName>EC2role</RoleName>
+#         <AssumeRolePolicyDocument>
+#           {"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow",
+#           "Principal":{"Service":"ec2.amazonaws.com"},
+#           "Action":"sts:AssumeRole"}]}
+#         </AssumeRolePolicyDocument>
 #         <CreateDate>2014-07-30T17:09:20Z</CreateDate>
-#         <RoleId>{{ role.id }}</RoleId>
+#         <RoleId>AROAFP4BKI7Y7TEXAMPLE</RoleId>
 #       </member>
-#     {% endfor %}
 #     </RoleDetailList>
 #     <Policies>
-#     {% for policy in policies %}
 #       <member>
-#         <PolicyName>{{ policy.name }}</PolicyName>
-#         <DefaultVersionId>{{ policy.default_version_id }}</DefaultVersionId>
-#         <PolicyId>{{ policy.id }}</PolicyId>
-#         <Path>{{ policy.path }}</Path>
+#         <PolicyName>create-update-delete-set-managed-policies</PolicyName>
+#         <DefaultVersionId>v1</DefaultVersionId>
+#         <PolicyId>ANPAJ2UCCR6DPCEXAMPLE</PolicyId>
+#         <Path>/</Path>
 #         <PolicyVersionList>
 #           <member>
 #             <Document>
@@ -1719,20 +1529,216 @@ def get_account_authorization_details(self):
 #             </Document>
 #             <IsDefaultVersion>true</IsDefaultVersion>
 #             <VersionId>v1</VersionId>
-#             <CreateDate>{{ policy.create_datetime.isoformat() }}</CreateDate>
+#             <CreateDate>2015-02-06T19:58:34Z</CreateDate>
+#           </member>
+#         </PolicyVersionList>
+#         <Arn>
+#           arn:aws:iam::123456789012:policy/create-update-delete-set-managed-policies
+#         </Arn>
+#         <AttachmentCount>1</AttachmentCount>
+#         <CreateDate>2015-02-06T19:58:34Z</CreateDate>
+#         <IsAttachable>true</IsAttachable>
+#         <UpdateDate>2015-02-06T19:58:34Z</UpdateDate>
+#       </member>
+#       <member>
+#         <PolicyName>S3-read-only-specific-bucket</PolicyName>
+#         <DefaultVersionId>v1</DefaultVersionId>
+#         <PolicyId>ANPAJ4AE5446DAEXAMPLE</PolicyId>
+#         <Path>/</Path>
+#         <PolicyVersionList>
+#           <member>
+#             <Document>
+#               {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":
+#               ["s3:Get*","s3:List*"],"Resource":["arn:aws:s3:::example-bucket",
+#               "arn:aws:s3:::example-bucket/*"]}]}
+#             </Document>
+#             <IsDefaultVersion>true</IsDefaultVersion>
+#             <VersionId>v1</VersionId>
+#             <CreateDate>2015-01-21T21:39:41Z</CreateDate>
+#           </member>
+#         </PolicyVersionList>
+#         <Arn>arn:aws:iam::123456789012:policy/S3-read-only-specific-bucket</Arn>
+#         <AttachmentCount>1</AttachmentCount>
+#         <CreateDate>2015-01-21T21:39:41Z</CreateDate>
+#         <IsAttachable>true</IsAttachable>
+#         <UpdateDate>2015-01-21T23:39:41Z</UpdateDate>
+#       </member>
+#       <member>
+#         <PolicyName>AWSOpsWorksRole</PolicyName>
+#         <DefaultVersionId>v1</DefaultVersionId>
+#         <PolicyId>ANPAE376NQ77WV6KGJEBE</PolicyId>
+#         <Path>/service-role/</Path>
+#         <PolicyVersionList>
+#           <member>
+#             <Document>
+#               {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":
+#               ["cloudwatch:GetMetricStatistics","ec2:DescribeAccountAttributes",
+#               "ec2:DescribeAvailabilityZones","ec2:DescribeInstances",
+#               "ec2:DescribeKeyPairs","ec2:DescribeSecurityGroups","ec2:DescribeSubnets",
+#               "ec2:DescribeVpcs","elasticloadbalancing:DescribeInstanceHealth",
+#               "elasticloadbalancing:DescribeLoadBalancers","iam:GetRolePolicy",
+#               "iam:ListInstanceProfiles","iam:ListRoles","iam:ListUsers",
+#               "iam:PassRole","opsworks:*","rds:*"],"Resource":["*"]}]}
+#             </Document>
+#             <IsDefaultVersion>true</IsDefaultVersion>
+#             <VersionId>v1</VersionId>
+#             <CreateDate>2014-12-10T22:57:47Z</CreateDate>
+#           </member>
+#         </PolicyVersionList>
+#         <Arn>arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole</Arn>
+#         <AttachmentCount>1</AttachmentCount>
+#         <CreateDate>2015-02-06T18:41:27Z</CreateDate>
+#         <IsAttachable>true</IsAttachable>
+#         <UpdateDate>2015-02-06T18:41:27Z</UpdateDate>
+#       </member>
+#       <member>
+#         <PolicyName>AmazonEC2FullAccess</PolicyName>
+#         <DefaultVersionId>v1</DefaultVersionId>
+#         <PolicyId>ANPAE3QWE5YT46TQ34WLG</PolicyId>
+#         <Path>/</Path>
+#         <PolicyVersionList>
+#           <member>
+#             <Document>
+#               {"Version":"2012-10-17","Statement":[{"Action":"ec2:*",
+#               "Effect":"Allow","Resource":"*"},{"Effect":"Allow",
+#               "Action":"elasticloadbalancing:*","Resource":"*"},{"Effect":"Allow",
+#               "Action":"cloudwatch:*","Resource":"*"},{"Effect":"Allow",
+#               "Action":"autoscaling:*","Resource":"*"}]}
+#             </Document>
+#             <IsDefaultVersion>true</IsDefaultVersion>
+#             <VersionId>v1</VersionId>
+#             <CreateDate>2014-10-30T20:59:46Z</CreateDate>
 #           </member>
 #         </PolicyVersionList>
-#         <Arn>{{ policy.arn }}</Arn>
+#         <Arn>arn:aws:iam::aws:policy/AmazonEC2FullAccess</Arn>
 #         <AttachmentCount>1</AttachmentCount>
-#         <CreateDate>{{ policy.create_datetime.isoformat() }}</CreateDate>
+#         <CreateDate>2015-02-06T18:40:15Z</CreateDate>
 #         <IsAttachable>true</IsAttachable>
-#         <UpdateDate>{{ policy.update_datetime.isoformat() }}</UpdateDate>
+#         <UpdateDate>2015-02-06T18:40:15Z</UpdateDate>
 #       </member>
-#     {% endfor %}
 #     </Policies>
 #   </GetAccountAuthorizationDetailsResult>
 #   <ResponseMetadata>
 #     <RequestId>92e79ae7-7399-11e4-8c85-4b53eEXAMPLE</RequestId>
 #   </ResponseMetadata>
 # </GetAccountAuthorizationDetailsResponse>"""
+GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+  <GetAccountAuthorizationDetailsResult>
+    <IsTruncated>false</IsTruncated>
+    <UserDetailList>
+    {% for user in users %}
+      <member>
+        <GroupList />
+        <AttachedManagedPolicies/>
+        <UserId>{{ user.id }}</UserId>
+        <Path>{{ user.path }}</Path>
+        <UserName>{{ user.name }}</UserName>
+        <Arn>{{ user.arn }}</Arn>
+        <CreateDate>2012-05-09T15:45:35Z</CreateDate>
+      </member>
+    {% endfor %}
+    </UserDetailList>
+    <Marker>
+      EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/
+      bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE
+    </Marker>
+    <GroupDetailList>
+    {% for group in groups %}
+      <member>
+        <GroupId>{{ group.id }}</GroupId>
+        <AttachedManagedPolicies>
+          {% for policy in group.managed_policies %}
+          <member>
+            <PolicyName>{{ policy.name }}</PolicyName>
+            <PolicyArn>{{ policy.arn }}</PolicyArn>
+          </member>
+          {% endfor %}
+        </AttachedManagedPolicies>
+        <GroupName>{{ group.name }}</GroupName>
+        <Path>{{ group.path }}</Path>
+        <Arn>{{ group.arn }}</Arn>
+        <CreateDate>2012-05-09T16:27:11Z</CreateDate>
+        <GroupPolicyList/>
+      </member>
+    {% endfor %}
+    </GroupDetailList>
+    <RoleDetailList>
+    {% for role in roles %}
+      <member>
+        <RolePolicyList/>
+        <AttachedManagedPolicies>
+        {% for policy in role.managed_policies %}
+            <member>
+                <PolicyName>{{ policy.name }}</PolicyName>
+                <PolicyArn>{{ policy.arn }}</PolicyArn>
+            </member>
+        {% endfor %}
+        </AttachedManagedPolicies>
+        <InstanceProfileList>
+            {% for profile in instance_profiles %}
+            <member>
+            <Id>{{ profile.id }}</Id>
+              <Roles>
+                {% for role in profile.roles %}
+                <member>
+                  <Path>{{ role.path }}</Path>
+                  <Arn>{{ role.arn }}</Arn>
+                  <RoleName>{{ role.name }}</RoleName>
+                  <AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
+                  <CreateDate>2012-05-09T15:45:35Z</CreateDate>
+                  <RoleId>{{ role.id }}</RoleId>
+                </member>
+                {% endfor %}
+              </Roles>
+              <InstanceProfileName>{{ profile.name }}</InstanceProfileName>
+              <Path>{{ profile.path }}</Path>
+              <Arn>{{ profile.arn }}</Arn>
+              <CreateDate>2012-05-09T16:27:11Z</CreateDate>
+            </member>
+            {% endfor %}
+        </InstanceProfileList>
+        <Path>{{ role.path }}</Path>
+        <Arn>{{ role.arn }}</Arn>
+        <RoleName>{{ role.name }}</RoleName>
+        <AssumeRolePolicyDocument>{{ role.assume_role_policy_document }}</AssumeRolePolicyDocument>
+        <CreateDate>2014-07-30T17:09:20Z</CreateDate>
+        <RoleId>{{ role.id }}</RoleId>
+      </member>
+    {% endfor %}
+    </RoleDetailList>
+    <Policies>
+    {% for policy in policies %}
+      <member>
+        <PolicyName>{{ policy.name }}</PolicyName>
+        <DefaultVersionId>{{ policy.default_version_id }}</DefaultVersionId>
+        <PolicyId>{{ policy.id }}</PolicyId>
+        <Path>{{ policy.path }}</Path>
+        <PolicyVersionList>
+          <member>
+            <Document>
+              {"Version":"2012-10-17","Statement":{"Effect":"Allow",
+              "Action":["iam:CreatePolicy","iam:CreatePolicyVersion",
+              "iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy",
+              "iam:GetPolicyVersion","iam:ListPolicies",
+              "iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"],
+              "Resource":"*"}}
+            </Document>
+            <IsDefaultVersion>true</IsDefaultVersion>
+            <VersionId>v1</VersionId>
+            <CreateDate>2012-05-09T16:27:11Z</CreateDate>
+          </member>
+        </PolicyVersionList>
+        <Arn>{{ policy.arn }}</Arn>
+        <AttachmentCount>1</AttachmentCount>
+        <CreateDate>2012-05-09T16:27:11Z</CreateDate>
+        <IsAttachable>true</IsAttachable>
+        <UpdateDate>2012-05-09T16:27:11Z</UpdateDate>
+      </member>
+    {% endfor %}
+    </Policies>
+  </GetAccountAuthorizationDetailsResult>
+  <ResponseMetadata>
+    <RequestId>92e79ae7-7399-11e4-8c85-4b53eEXAMPLE</RequestId>
+  </ResponseMetadata>
+</GetAccountAuthorizationDetailsResponse>"""
 

From b1f7e7311fc191df4eb17bd9931d1d7c8a5b04f4 Mon Sep 17 00:00:00 2001
From: Will Bengtson <wbengtson@netflix.com>
Date: Tue, 24 Jul 2018 15:02:42 -0700
Subject: [PATCH 3/4] remove old commented out template

---
 moto/iam/responses.py | 279 ------------------------------------------
 1 file changed, 279 deletions(-)

diff --git a/moto/iam/responses.py b/moto/iam/responses.py
index bd4ccf45d53a..8718fd439c23 100644
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@@ -1343,285 +1343,6 @@ def get_account_authorization_details(self):
 </ListGroupsForUserResponse>"""
 
 
-# GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
-#   <GetAccountAuthorizationDetailsResult>
-#     <IsTruncated>false</IsTruncated>
-#     <UserDetailList>
-#       <member>
-#         <GroupList>
-#           <member>Admins</member>
-#         </GroupList>
-#         <AttachedManagedPolicies/>
-#         <UserId>AIDACKCEVSQ6C2EXAMPLE</UserId>
-#         <Path>/</Path>
-#         <UserName>Alice</UserName>
-#         <Arn>arn:aws:iam::123456789012:user/Alice</Arn>
-#         <CreateDate>2013-10-14T18:32:24Z</CreateDate>
-#       </member>
-#       <member>
-#         <GroupList>
-#           <member>Admins</member>
-#         </GroupList>
-#         <AttachedManagedPolicies/>
-#         <UserPolicyList>
-#           <member>
-#             <PolicyName>DenyBillingAndIAMPolicy</PolicyName>
-#             <PolicyDocument>
-#               {"Version":"2012-10-17","Statement":{"Effect":"Deny","Action":
-#               ["aws-portal:*","iam:*"],"Resource":"*"}}
-#             </PolicyDocument>
-#           </member>
-#         </UserPolicyList>
-#         <UserId>AIDACKCEVSQ6C3EXAMPLE</UserId>
-#         <Path>/</Path>
-#         <UserName>Bob</UserName>
-#         <Arn>arn:aws:iam::123456789012:user/Bob</Arn>
-#         <CreateDate>2013-10-14T18:32:25Z</CreateDate>
-#       </member>
-#       <member>
-#         <GroupList>
-#           <member>Dev</member>
-#         <AttachedManagedPolicies/>
-#         </GroupList>
-#         <UserId>AIDACKCEVSQ6C4EXAMPLE</UserId>
-#         <Path>/</Path>
-#         <UserName>Charlie</UserName>
-#         <Arn>arn:aws:iam::123456789012:user/Charlie</Arn>
-#         <CreateDate>2013-10-14T18:33:56Z</CreateDate>
-#       </member>
-#       <member>
-#         <GroupList>
-#           <member>Dev</member>
-#         </GroupList>
-#         <AttachedManagedPolicies/>
-#         <UserId>AIDACKCEVSQ6C5EXAMPLE</UserId>
-#         <Path>/</Path>
-#         <UserName>Danielle</UserName>
-#         <Arn>arn:aws:iam::123456789012:user/Danielle</Arn>
-#         <CreateDate>2013-10-14T18:33:56Z</CreateDate>
-#       </member>
-#       <member>
-#         <GroupList>
-#           <member>Finance</member>
-#         </GroupList>
-#         <AttachedManagedPolicies/>
-#         <UserId>AIDACKCEVSQ6C6EXAMPLE</UserId>
-#         <Path>/</Path>
-#         <UserName>Elaine</UserName>
-#         <Arn>arn:aws:iam::123456789012:user/Elaine</Arn>
-#         <CreateDate>2013-10-14T18:57:48Z</CreateDate>
-#       </member>
-#     </UserDetailList>
-#     <Marker>
-#       EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/
-#       bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE
-#     </Marker>
-#     <GroupDetailList>
-#       <member>
-#         <GroupId>AIDACKCEVSQ6C7EXAMPLE</GroupId>
-#         <AttachedManagedPolicies>
-#           <member>
-#             <PolicyName>AdministratorAccess</PolicyName>
-#             <PolicyArn>arn:aws:iam::aws:policy/AdministratorAccess</PolicyArn>
-#           </member>
-#         </AttachedManagedPolicies>
-#         <GroupName>Admins</GroupName>
-#         <Path>/</Path>
-#         <Arn>arn:aws:iam::123456789012:group/Admins</Arn>
-#         <CreateDate>2013-10-14T18:32:24Z</CreateDate>
-#         <GroupPolicyList/>
-#       </member>
-#       <member>
-#         <GroupId>AIDACKCEVSQ6C8EXAMPLE</GroupId>
-#         <AttachedManagedPolicies>
-#           <member>
-#             <PolicyName>PowerUserAccess</PolicyName>
-#             <PolicyArn>arn:aws:iam::aws:policy/PowerUserAccess</PolicyArn>
-#           </member>
-#         </AttachedManagedPolicies>
-#         <GroupName>Dev</GroupName>
-#         <Path>/</Path>
-#         <Arn>arn:aws:iam::123456789012:group/Dev</Arn>
-#         <CreateDate>2013-10-14T18:33:55Z</CreateDate>
-#         <GroupPolicyList/>
-#       </member>
-#       <member>
-#         <GroupId>AIDACKCEVSQ6C9EXAMPLE</GroupId>
-#         <AttachedManagedPolicies/>
-#         <GroupName>Finance</GroupName>
-#         <Path>/</Path>
-#         <Arn>arn:aws:iam::123456789012:group/Finance</Arn>
-#         <CreateDate>2013-10-14T18:57:48Z</CreateDate>
-#         <GroupPolicyList>
-#           <member>
-#             <PolicyName>policygen-201310141157</PolicyName>
-#             <PolicyDocument>
-#               {"Version":"2012-10-17","Statement":[{"Action":["aws-portal:*"],
-#               "Sid":"Stmt1381777017000","Resource":["*"],"Effect":"Allow"}]}
-#             </PolicyDocument>
-#           </member>
-#         </GroupPolicyList>
-#       </member>
-#     </GroupDetailList>
-#     <RoleDetailList>
-#       <member>
-#         <RolePolicyList/>
-#         <AttachedManagedPolicies>
-#           <member>
-#             <PolicyName>AmazonS3FullAccess</PolicyName>
-#             <PolicyArn>arn:aws:iam::aws:policy/AmazonS3FullAccess</PolicyArn>
-#           </member>
-#           <member>
-#             <PolicyName>AmazonDynamoDBFullAccess</PolicyName>
-#             <PolicyArn>arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess</PolicyArn>
-#           </member>
-#         </AttachedManagedPolicies>
-#         <InstanceProfileList>
-#           <member>
-#             <InstanceProfileName>EC2role</InstanceProfileName>
-#             <Roles>
-#               <member>
-#                 <Path>/</Path>
-#                 <Arn>arn:aws:iam::123456789012:role/EC2role</Arn>
-#                 <RoleName>EC2role</RoleName>
-#                 <AssumeRolePolicyDocument>
-#                   {"Version":"2012-10-17","Statement":[{"Sid":"",
-#                   "Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},
-#                   "Action":"sts:AssumeRole"}]}
-#                 </AssumeRolePolicyDocument>
-#                 <CreateDate>2014-07-30T17:09:20Z</CreateDate>
-#                 <RoleId>AROAFP4BKI7Y7TEXAMPLE</RoleId>
-#               </member>
-#             </Roles>
-#             <Path>/</Path>
-#             <Arn>arn:aws:iam::123456789012:instance-profile/EC2role</Arn>
-#             <InstanceProfileId>AIPAFFYRBHWXW2EXAMPLE</InstanceProfileId>
-#             <CreateDate>2014-07-30T17:09:20Z</CreateDate>
-#           </member>
-#         </InstanceProfileList>
-#         <Path>/</Path>
-#         <Arn>arn:aws:iam::123456789012:role/EC2role</Arn>
-#         <RoleName>EC2role</RoleName>
-#         <AssumeRolePolicyDocument>
-#           {"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow",
-#           "Principal":{"Service":"ec2.amazonaws.com"},
-#           "Action":"sts:AssumeRole"}]}
-#         </AssumeRolePolicyDocument>
-#         <CreateDate>2014-07-30T17:09:20Z</CreateDate>
-#         <RoleId>AROAFP4BKI7Y7TEXAMPLE</RoleId>
-#       </member>
-#     </RoleDetailList>
-#     <Policies>
-#       <member>
-#         <PolicyName>create-update-delete-set-managed-policies</PolicyName>
-#         <DefaultVersionId>v1</DefaultVersionId>
-#         <PolicyId>ANPAJ2UCCR6DPCEXAMPLE</PolicyId>
-#         <Path>/</Path>
-#         <PolicyVersionList>
-#           <member>
-#             <Document>
-#               {"Version":"2012-10-17","Statement":{"Effect":"Allow",
-#               "Action":["iam:CreatePolicy","iam:CreatePolicyVersion",
-#               "iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy",
-#               "iam:GetPolicyVersion","iam:ListPolicies",
-#               "iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"],
-#               "Resource":"*"}}
-#             </Document>
-#             <IsDefaultVersion>true</IsDefaultVersion>
-#             <VersionId>v1</VersionId>
-#             <CreateDate>2015-02-06T19:58:34Z</CreateDate>
-#           </member>
-#         </PolicyVersionList>
-#         <Arn>
-#           arn:aws:iam::123456789012:policy/create-update-delete-set-managed-policies
-#         </Arn>
-#         <AttachmentCount>1</AttachmentCount>
-#         <CreateDate>2015-02-06T19:58:34Z</CreateDate>
-#         <IsAttachable>true</IsAttachable>
-#         <UpdateDate>2015-02-06T19:58:34Z</UpdateDate>
-#       </member>
-#       <member>
-#         <PolicyName>S3-read-only-specific-bucket</PolicyName>
-#         <DefaultVersionId>v1</DefaultVersionId>
-#         <PolicyId>ANPAJ4AE5446DAEXAMPLE</PolicyId>
-#         <Path>/</Path>
-#         <PolicyVersionList>
-#           <member>
-#             <Document>
-#               {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":
-#               ["s3:Get*","s3:List*"],"Resource":["arn:aws:s3:::example-bucket",
-#               "arn:aws:s3:::example-bucket/*"]}]}
-#             </Document>
-#             <IsDefaultVersion>true</IsDefaultVersion>
-#             <VersionId>v1</VersionId>
-#             <CreateDate>2015-01-21T21:39:41Z</CreateDate>
-#           </member>
-#         </PolicyVersionList>
-#         <Arn>arn:aws:iam::123456789012:policy/S3-read-only-specific-bucket</Arn>
-#         <AttachmentCount>1</AttachmentCount>
-#         <CreateDate>2015-01-21T21:39:41Z</CreateDate>
-#         <IsAttachable>true</IsAttachable>
-#         <UpdateDate>2015-01-21T23:39:41Z</UpdateDate>
-#       </member>
-#       <member>
-#         <PolicyName>AWSOpsWorksRole</PolicyName>
-#         <DefaultVersionId>v1</DefaultVersionId>
-#         <PolicyId>ANPAE376NQ77WV6KGJEBE</PolicyId>
-#         <Path>/service-role/</Path>
-#         <PolicyVersionList>
-#           <member>
-#             <Document>
-#               {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":
-#               ["cloudwatch:GetMetricStatistics","ec2:DescribeAccountAttributes",
-#               "ec2:DescribeAvailabilityZones","ec2:DescribeInstances",
-#               "ec2:DescribeKeyPairs","ec2:DescribeSecurityGroups","ec2:DescribeSubnets",
-#               "ec2:DescribeVpcs","elasticloadbalancing:DescribeInstanceHealth",
-#               "elasticloadbalancing:DescribeLoadBalancers","iam:GetRolePolicy",
-#               "iam:ListInstanceProfiles","iam:ListRoles","iam:ListUsers",
-#               "iam:PassRole","opsworks:*","rds:*"],"Resource":["*"]}]}
-#             </Document>
-#             <IsDefaultVersion>true</IsDefaultVersion>
-#             <VersionId>v1</VersionId>
-#             <CreateDate>2014-12-10T22:57:47Z</CreateDate>
-#           </member>
-#         </PolicyVersionList>
-#         <Arn>arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole</Arn>
-#         <AttachmentCount>1</AttachmentCount>
-#         <CreateDate>2015-02-06T18:41:27Z</CreateDate>
-#         <IsAttachable>true</IsAttachable>
-#         <UpdateDate>2015-02-06T18:41:27Z</UpdateDate>
-#       </member>
-#       <member>
-#         <PolicyName>AmazonEC2FullAccess</PolicyName>
-#         <DefaultVersionId>v1</DefaultVersionId>
-#         <PolicyId>ANPAE3QWE5YT46TQ34WLG</PolicyId>
-#         <Path>/</Path>
-#         <PolicyVersionList>
-#           <member>
-#             <Document>
-#               {"Version":"2012-10-17","Statement":[{"Action":"ec2:*",
-#               "Effect":"Allow","Resource":"*"},{"Effect":"Allow",
-#               "Action":"elasticloadbalancing:*","Resource":"*"},{"Effect":"Allow",
-#               "Action":"cloudwatch:*","Resource":"*"},{"Effect":"Allow",
-#               "Action":"autoscaling:*","Resource":"*"}]}
-#             </Document>
-#             <IsDefaultVersion>true</IsDefaultVersion>
-#             <VersionId>v1</VersionId>
-#             <CreateDate>2014-10-30T20:59:46Z</CreateDate>
-#           </member>
-#         </PolicyVersionList>
-#         <Arn>arn:aws:iam::aws:policy/AmazonEC2FullAccess</Arn>
-#         <AttachmentCount>1</AttachmentCount>
-#         <CreateDate>2015-02-06T18:40:15Z</CreateDate>
-#         <IsAttachable>true</IsAttachable>
-#         <UpdateDate>2015-02-06T18:40:15Z</UpdateDate>
-#       </member>
-#     </Policies>
-#   </GetAccountAuthorizationDetailsResult>
-#   <ResponseMetadata>
-#     <RequestId>92e79ae7-7399-11e4-8c85-4b53eEXAMPLE</RequestId>
-#   </ResponseMetadata>
-# </GetAccountAuthorizationDetailsResponse>"""
 GET_ACCOUNT_AUTHORIZATION_DETAILS_TEMPLATE = """<GetAccountAuthorizationDetailsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
   <GetAccountAuthorizationDetailsResult>
     <IsTruncated>false</IsTruncated>

From e6dd9cbd0da16aecf6b44f96599ff178dfc8a09e Mon Sep 17 00:00:00 2001
From: Will Bengtson <wbengtson@netflix.com>
Date: Tue, 24 Jul 2018 15:30:04 -0700
Subject: [PATCH 4/4] Fix flake8 problems and add unit test

---
 moto/iam/models.py         | 16 ++++++++--
 moto/iam/responses.py      |  1 -
 tests/test_iam/test_iam.py | 65 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 78 insertions(+), 4 deletions(-)

diff --git a/moto/iam/models.py b/moto/iam/models.py
index 243a4e3f37d9..697be798884e 100644
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@@ -910,6 +910,15 @@ def get_account_authorization_details(self, filter):
         local_policies = set(policies) - set(aws_managed_policies)
         returned_policies = []
 
+        if len(filter) == 0:
+            return {
+                'instance_profiles': self.instance_profiles.values(),
+                'roles': self.roles.values(),
+                'groups': self.groups.values(),
+                'users': self.users.values(),
+                'managed_policies': self.managed_policies.values()
+            }
+
         if 'AWSManagedPolicy' in filter:
             returned_policies = aws_managed_policies
         if 'LocalManagedPolicy' in filter:
@@ -917,10 +926,11 @@ def get_account_authorization_details(self, filter):
 
         return {
             'instance_profiles': self.instance_profiles.values(),
-            'roles': self.roles.values(),
-            'groups': self.groups.values(),
-            'users': self.users.values(),
+            'roles': self.roles.values() if 'Role' in filter else [],
+            'groups': self.groups.values() if 'Group' in filter else [],
+            'users': self.users.values() if 'User' in filter else [],
             'managed_policies': returned_policies
         }
 
+
 iam_backend = IAMBackend()
diff --git a/moto/iam/responses.py b/moto/iam/responses.py
index 8718fd439c23..9c1241c365cd 100644
--- a/moto/iam/responses.py
+++ b/moto/iam/responses.py
@@ -1462,4 +1462,3 @@ def get_account_authorization_details(self):
     <RequestId>92e79ae7-7399-11e4-8c85-4b53eEXAMPLE</RequestId>
   </ResponseMetadata>
 </GetAccountAuthorizationDetailsResponse>"""
-
diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py
index 182a606613a6..2225f0644604 100644
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@@ -678,3 +678,68 @@ def test_update_access_key():
                              Status='Inactive')
     resp = client.list_access_keys(UserName=username)
     resp['AccessKeyMetadata'][0]['Status'].should.equal('Inactive')
+
+
+@mock_iam
+def test_get_account_authorization_details():
+    import json
+    conn = boto3.client('iam', region_name='us-east-1')
+    conn.create_role(RoleName="my-role", AssumeRolePolicyDocument="some policy", Path="/my-path/")
+    conn.create_user(Path='/', UserName='testCloudAuxUser')
+    conn.create_group(Path='/', GroupName='testCloudAuxGroup')
+    conn.create_policy(
+        PolicyName='testCloudAuxPolicy',
+        Path='/',
+        PolicyDocument=json.dumps({
+            "Version": "2012-10-17",
+            "Statement": [
+                {
+                    "Action": "s3:ListBucket",
+                    "Resource": "*",
+                    "Effect": "Allow",
+                }
+            ]
+        }),
+        Description='Test CloudAux Policy'
+    )
+
+    result = conn.get_account_authorization_details(Filter=['Role'])
+    len(result['RoleDetailList']) == 1
+    len(result['UserDetailList']) == 0
+    len(result['GroupDetailList']) == 0
+    len(result['Policies']) == 0
+
+    result = conn.get_account_authorization_details(Filter=['User'])
+    len(result['RoleDetailList']) == 0
+    len(result['UserDetailList']) == 1
+    len(result['GroupDetailList']) == 0
+    len(result['Policies']) == 0
+
+    result = conn.get_account_authorization_details(Filter=['Group'])
+    len(result['RoleDetailList']) == 0
+    len(result['UserDetailList']) == 0
+    len(result['GroupDetailList']) == 1
+    len(result['Policies']) == 0
+
+    result = conn.get_account_authorization_details(Filter=['LocalManagedPolicy'])
+    len(result['RoleDetailList']) == 0
+    len(result['UserDetailList']) == 0
+    len(result['GroupDetailList']) == 0
+    len(result['Policies']) == 1
+
+    # Check for greater than 1 since this should always be greater than one but might change.
+    # See iam/aws_managed_policies.py
+    result = conn.get_account_authorization_details(Filter=['AWSManagedPolicy'])
+    len(result['RoleDetailList']) == 0
+    len(result['UserDetailList']) == 0
+    len(result['GroupDetailList']) == 0
+    len(result['Policies']) > 1
+
+    result = conn.get_account_authorization_details()
+    len(result['RoleDetailList']) == 1
+    len(result['UserDetailList']) == 1
+    len(result['GroupDetailList']) == 1
+    len(result['Policies']) > 1
+
+
+