feature(GH-1613)- New policy management types

[TejasRGitHub]

Feature or Bugfix

• Feature

Detail

• Introduces the new policy management options as described in this GH issue ( [Feature Enhancement] Allow consumption roles to be used in shares with data.all not creating / managing policies for that role #1613 )

Relates

• [Feature Enhancement] Allow consumption roles to be used in shares with data.all not creating / managing policies for that role #1613

Testing

1. Adding consumption role with Fully, Partially and Externally Managed management types ✅
2. Created a share with each type ✅
3. For partially managed, removed share policy and ran share verifier and got unhealthy message complaining policy not attached. Ran reapplier and check that the policy was not attached ( as should be the case for partially managed role ) ✅
4. For fully managed, did exactly as test 3 and checked that the policy is attached ✅
5. For Externally managed, the policy was not attached when the share was created :check and after running share verifier the verifier didn't mark the share as unhealhy ✅
6. On the Environment Consumption Roles page, updated the Policy Management of the consumption roles ✅ . When changing consumption role from externally / partially managed to fully managed, checked that the share policy is attached. ✅

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

• Does this PR introduce or modify any input fields or queries - this includes
  fetching data from storage outside the application (e.g. a database, an S3 bucket)? Yes
  • Is the input sanitized? Yes
  • What precautions are you taking before deserializing the data you consume? Using gql wrapper defined in data.all
  • Is injection prevented by parametrizing queries? yes
  • Have you ensured no eval or similar functions are used? Yes
• Does this PR introduce any functionality or component that requires authorization? N/A
  • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  • Are you logging failed auth attempts?
• Are you using or adding any cryptographic features? N/A
  • Do you use a standard proven implementations?
  • Are the used keys controlled by the customer? Where are they stored?
• Are you introducing any new policies/roles/users? No
  • Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[TejasRGitHub]

removing print statement

[TejasRGitHub]

Earlier, when the dataallManaged = True, then share policies were getting attached via the API calls. But when dataallManaged = False, then the share policies were not attached via API calls instead are attached via CF templates.

Mapping this logic to the new policy management types and keeping the functionality same

[TejasRGitHub]

If the role is not a consumption role, then all other roles( i.e. env groups ,etc ) are treated as Fully Managed

[TejasRGitHub]

get_consumption_role_by_name , remving this static method as it was not used any where