530: Adds S3 Get and Put ObjectTagging to restore_object_role_policy

[paulpilone]

Summary of Changes

Addresses #530. A wildcard was removed from the GetObject and PutObject actions in restore_object_role_policy which implicitly removed the GetObjectTagging and PutObjectTagging actions. These actions are required for CopyObject and must be now added explicitly.

I targeted the release-10.0.0-beta branch here but feel free to adjust if it should be a different branch.

Changes

• Adds s3:GetObjectTagging and s3:PutObjectTagging to copy archive source buckets which are required for the S3 CopyObject command.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Please describe the tests (unit, integration, ad-hoc, or otherwise) that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

This was manually tested via the Cumulus Core integration tests. Previous testing was against cumulus-orca v9.0.4. When testing the same integration test against v10.0.0-beta the test failed with an s3 AccessDenied because these actions were implicitly removed.

Verified with a simple CopyObject command using the restore_object_role in a Lambda function.

[rizbihassan]

Can you also update our changelog to note the changes?

https://github.com/nasa/cumulus-orca/blob/release-10.0.0-beta/CHANGELOG.md#changed

[paulpilone]

Ah! Sorry about that! Added this change to the mentioned section of the change log. I linked to the GH issue so I hope that's ok. If there's a specific ORCA ticket for this I'm happy to change that.

[paulpilone]

It looks like VSCode formatted the CL on save which removed trailing white spaces and resulted in a bigger diff than needed. If that's an issue yell and I'll revert it. Otherwise I'll leave it as is since it's just getting rid of white space.

[rizbihassan]

Looks good.

[paulpilone]

@rizbihassan Thanks!

I'm going to be on PTO next week and wanted to ask if there's a timeline for this getting merged into the v10.0.0-beta release? I don't think it's a huge rush for us but I want to update the status on https://bugs.earthdata.nasa.gov/browse/CUMULUS-3768 before I head out in case someone else picks it up.

[rizbihassan]

@rizbihassan Thanks!

I'm going to be on PTO next week and wanted to ask if there's a timeline for this getting merged into the v10.0.0-beta release? I don't think it's a huge rush for us but I want to update the status on https://bugs.earthdata.nasa.gov/browse/CUMULUS-3768 before I head out in case someone else picks it up.

@zroehrich can you approve the PR so that we can merge it?

[zroehrich]

Looks good!