Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Once revoked share request leads to error when approved again #233

Closed
degoldner opened this issue Dec 2, 2022 · 4 comments
Closed

Once revoked share request leads to error when approved again #233

degoldner opened this issue Dec 2, 2022 · 4 comments
Assignees
@noah-paige
Labels
type: bug Something isn't working

Comments

@degoldner
Copy link
Contributor

degoldner commented Dec 2, 2022
edited
Loading

Describe the bug

A share request between cross account which has been approved and then revoked leads to an error when the requester submits the same requests again and it is approved by the owner.

How to Reproduce

When
There was a successful share request which has been submitted and approved between two groups belonging to two different environments represented by different AWS account.
The share request is then revoked by the owner.
The requester then submits this rejected share request again.
The owner approves the share request again

Then
The share request fails

In the logs we can find the following error message:
CW Logs: /dataall/test/ecs/share-manager Failed to share table dataall_test_managed_291122_2_utlfth3j from source account xxxx//eu-central-1 with target account xxxx/eu-central-1 due to: Database with name: dataall_test_managed_291122_2_utlfth3j already exists in target account: xxxx in region: eu-central-1

Expected behavior

Submitting and approving a once rejected share request again should lead to the same result as for a new share request.

Your project

No response

Screenshots

No response

OS

AWS deployment

Python version

3.7

AWS data.all version

1.0.0

Additional context

No response
@degoldner degoldner added the type: bug Something isn't working label Dec 2, 2022
@degoldner degoldner changed the title Once rejected share request leads to error when approved again Once revoked share request leads to error when approved again Dec 5, 2022
@noah-paige
Copy link
Contributor

I have tried to replicate the above error but received the expected behavior from the following steps:

  • Creating share requested from ENV B (requester) to ENV A (owner) and approved by ENV A
  • ENV A later revoking the existing share request and receiving a Revoke_Succeeded Status and ENV B no longer can access the data
  • ENV B re-submitting the share request and re-approved by ENV A
  • ENV B receiving Share_Succeeded status and can access shared data again

Can you provide some additional detail to the above? Did the revoke share delete the shared database on the requester account (ENV B)? Are you using the latest release of the data.all solution?

@degoldner
Copy link
Contributor Author

Hi Noah,
thanks for looking into this issue!
We are still using the 1.0.0 version of data.all and this might be the reason for the different results here.
We are currently updating our share logic to the newest version of data.all and will test this again on my end.

@noah-paige
Copy link
Contributor

No problem! I will close this issue for now and happy to re-open if you are still seeing issues with the new share logic

@degoldner
Copy link
Contributor Author

Thanks, the issue is resolved with the newest version!

anushka-singh pushed a commit to anushka-singh/aws-dataall that referenced this issue Jun 20, 2024
@noah-paige @dlpzx
@dependabot @jaidisido @mourya-33 @nikpodsh @manjulaK @kasturmp @zsaltys @lorchda @TejasRGitHub @SofiaSazonova @anushka-singh
Data712 y branch 2 5 (data-dot-all#375)
32bea9d 
* Bigdata867 3 (data-dot-all#24)

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy BIGDATA 867: Implement revoke share in data_sharing_service

* Bucket Policy BIGDATA 867: Implement revoke share in data_sharing_service

* trajopadhye- BIGDATA-756 -> Added Tests for Task D and E

* trajopadhye - BIGDATA-756 Corrected file data_sharing_service.py to address revokedStateSM for revoked items

* trajopadhye- BIGDATA-756 - Slight correction in comments

* trajopadhye- BIGDATA-756 Correction on Share Status for revoke share tests

* Addresed changes from the review of PR

* [BIGDATA-625] Implement bucket share processor (data-dot-all#21)

* Implement bucket share processor

* Fix Revoke UI sharetype

* BIGDATA-612 - push source from SD container to CodeCommit.  Initial Makefile and SD yaml configuration.

* Remove synth

* Add force push

* Add default cdk.context.json

* Add param for branchname

* Comments.

* Fix email address

* Add instance specific cdk.context.json

* BIGDATA-612 - truncate the cfn encryption policy prefix so that together with branch name, it will fit within 32 char limit.

* Update screwdriver.yaml

* Change nodejs version in screwdriver Makefile to supported version 16 (data-dot-all#89) (data-dot-all#90)

* Change screwdriver node version to 16

* Remove all non-environment setup steps for testing

* Skip getting AWS credentials for testing

* Fixing npm install version

* Remove extra npm install

* Restore all prior functions.

* Remove AmplifyContext customizations, no longer needed. (data-dot-all#92)

* Change nodejs version in screwdriver Makefile to supported version 16 (data-dot-all#89)

* Change screwdriver node version to 16

* Remove all non-environment setup steps for testing

* Skip getting AWS credentials for testing

* Fixing npm install version

* Remove extra npm install

* Restore all prior functions.

* Remove AmplifyContext customizations, no longer needed. (data-dot-all#91)

* Fix screwdriver yaml for new EMR template step. (data-dot-all#116)

* Bigdata 1397 mvp 3 stagingdeploy 20231129 (data-dot-all#178)

* BIGDATA-1211 - Release notes initial commit

* Mvp3 deploy 20231129 - S3 Bucket share + KMS explosion fix - MERGE FROM OPENSOURCE (data-dot-all#176)

* Enabling S3 bucket share  (data-dot-all#848)

- Feature

- We want to enable bucket sharing along with access point share which
already exists in data all right now.
- A user will be able to request shares at bucket level and at the
folder level with access points.
- Please NOTE: There is some common code between Access point share
managers and processors and S3 Bucket managers and processors. We will
send out a separate PR for that refactoring work at a later time.

- data-dot-all#284
- data-dot-all#823
-
https://github.com/awslabs/aws-dataall/pull/846/files#diff-c1f522a1f50d8bcf7b6e5b2e586e40a8de784caa80345f4e05a6329ae2a372d0

- Contents of this PR have been contributed by @anushka-singh,
@blitzmohit, @rbernotas, @TejasRGitHub

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Kms explosion fix (data-dot-all#882)

- Bugfix

- DataAll currently creates one SID per role in the KMS policy attached
to a bucket with RoleID as the SID name.
- We want to collapse these SIDs into one SID.
- Access point and Bucket share will have different SIDs in KMS policy.
- Use role ARN instead of role ID.
- NOTE: if KMS policy was previously created, it will remain the same.
SID will be the user ID and not the KMS decrypt SID created in this PR.
It will not impact any future shares though.
- NOTE: This is to be merged after bucket share PR is merged.

- Tested this on local dev environment and KMS policy now has 1
statement with kms decrypt and using SID of KMS decrypt.

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Updated Release Notes 20231201

* Format changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* [BIGDATA-1391] - Fix for cannot see all cognito groups when inviting teams (data-dot-all#177)

* trajopadhye | BIGDATA-1391 - Fix for incomplete groups list fetched for invite org and env

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Bigdata 1397 mvp 3 stagingdeploy 20231129 1 (data-dot-all#180)

* BIGDATA-1211 - Release notes initial commit

* Mvp3 deploy 20231129 - S3 Bucket share + KMS explosion fix - MERGE FROM OPENSOURCE (data-dot-all#176)

* Enabling S3 bucket share  (data-dot-all#848)

- Feature

- We want to enable bucket sharing along with access point share which
already exists in data all right now.
- A user will be able to request shares at bucket level and at the
folder level with access points.
- Please NOTE: There is some common code between Access point share
managers and processors and S3 Bucket managers and processors. We will
send out a separate PR for that refactoring work at a later time.

- data-dot-all#284
- data-dot-all#823
-
https://github.com/awslabs/aws-dataall/pull/846/files#diff-c1f522a1f50d8bcf7b6e5b2e586e40a8de784caa80345f4e05a6329ae2a372d0

- Contents of this PR have been contributed by @anushka-singh,
@blitzmohit, @rbernotas, @TejasRGitHub

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Kms explosion fix (data-dot-all#882)

- Bugfix

- DataAll currently creates one SID per role in the KMS policy attached
to a bucket with RoleID as the SID name.
- We want to collapse these SIDs into one SID.
- Access point and Bucket share will have different SIDs in KMS policy.
- Use role ARN instead of role ID.
- NOTE: if KMS policy was previously created, it will remain the same.
SID will be the user ID and not the KMS decrypt SID created in this PR.
It will not impact any future shares though.
- NOTE: This is to be merged after bucket share PR is merged.

- Tested this on local dev environment and KMS policy now has 1
statement with kms decrypt and using SID of KMS decrypt.

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Updated Release Notes 20231201

* Format changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* [BIGDATA-1391] - Fix for cannot see all cognito groups when inviting teams (data-dot-all#177)

* trajopadhye | BIGDATA-1391 - Fix for incomplete groups list fetched for invite org and env

* Bugfix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Bugfix (data-dot-all#181)

* Bugfix

* Bugfix

* [Data 409] Athenz Certs Domain and User Pool Domain Changes (data-dot-all#221) (data-dot-all#222)

* trajopadhye | DATA-409- Code changes for Athenz certs domain and user pool domain

* [Data-413] GA stagingdeploy 20231228 - Fix for email notifications with Athenz.  Auto-create Pivot Role (data-dot-all#224)

* trajopadhye | DATA-412 - Added Athenz configs and Ports in AWS Worker lambda and enabling Auto Create Pivot Role

* DATA-416 - Fix while migrating from manual pivot role to auto created  (data-dot-all#230) (data-dot-all#233)

* trajopadhye | DATA-416 - Fix for environment updates when using auto pivot role. Changing the way KMS keys are specified in env role

* [Data 447] ga stagingdeploy 20240116 (data-dot-all#244)

* [Data-446] Fix for consumption role not showing up

* [Data 415] Dataset import fix for circular dependency error + local dev setup fixes  (data-dot-all#243)

* DATA-428 - Local env fixes

* Data 448 ga stagingdeploy 20240117 (data-dot-all#246)

* trajopadhye | DATA-440 - Adding else if to sync glue tabls in RDS

* Data 461 ga deploy 20240125 (data-dot-all#258)

* DATA-404 - Add git fetch --all to the CodeCommit repo sync

* DATA-420 - Switch from Cognito to Okta on Prod (data-dot-all#254)

DATA-420 - Switch from Cognito to Okta on Prod

* DATA-455: Shares stuck in progress when AWS does not have root access on KMS key (data-dot-all#256)

* Update release notes

* Update release notes

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <tejas.rajopadhye@yahooinc.com>

* Data 466 ga stagingdeploy 20240126 (data-dot-all#263)

* trajoadhye | DATA-456 - Removing Lake Formation SLR (data-dot-all#260)

* Data-405-Adding max 30 sec delay

* Synching Release notes from Staging to y-branch-2-0 (data-dot-all#262)

* [Data 484] stagingdeploy 20240206 (data-dot-all#275)

* fix: adding cdk synth for checkov scans (data-dot-all#264)

* [DATA-452] - Adding Dataset description in shares view (data-dot-all#273)

* Added Release note for DATA-481, DATA-452, DATA-480

* Syncing Release notes (data-dot-all#274)

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@oath.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>

* [Data 607] staging deploy email notification fix (data-dot-all#302)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#299)

* DATA-600 - Fix for share link not present in email notifications

* Merging changes needed for DATA-509 - Updating custom confidentiality values

* DATA - 586 - Adding confidentiality values for custom confidentiality

* Lower casing as suggested here- DATA-375

---------

Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* Updating release notes for staging deploy (data-dot-all#301)

---------

Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* [Data 611] Disable topics dropdown (data-dot-all#304)

* Disabling topics dropdown (data-dot-all#303)

* [Data 619] Stagingdeploy env permission fix  (data-dot-all#307)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#299)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#300)

* Email notification fix + confidentiality levels config  (data-dot-all#298)

* DATA-600 - Fix for share link not present in email notifications

* Merging changes needed for DATA-509 - Updating custom confidentiality values

* Adding confidentiality values for custom confidentiality

* Adding confidentiality configs to config.json.PROD

* Lower casing as suggested here- DATA-375

---------

Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* Updating release notes for staging deploy (data-dot-all#301)

* Disabling topics dropdown (data-dot-all#303)

* DATA-619 - Fix permission for GET_ORGANIZATION when users are in _data teams (data-dot-all#306)

* Cherry pick for issue with GET_ORG permission after 2.3 release

---------

Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>

---------

Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>

* [Data 631] Staging deploy  (data-dot-all#310)

* [Data 629] worksheet fix for GET_ENVIRONMENT permission (data-dot-all#309)

* Data690 stagingdeploy 20240425 (data-dot-all#319)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Update release notes

* Update release notes

* Update release notes

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Update makefile (data-dot-all#320)

* Data690 stagingdeploy 20240425 2 (data-dot-all#321)

* Update makefile

* Reverting nodejs 16 upgrade

* Reverting nodejs 16 upgrade

* Data690 stagingdeploy 20240425 3 (data-dot-all#323)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Reverting nodejs 16 upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Data690 stagingdeploy 20240425 4 (data-dot-all#325)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Blocking autoApproval edit on backend (data-dot-all#324)

* Blocking autoApproval edit on backend

* Lint fix

* Reverting nodejs 18 upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Data690 stagingdeploy 20240425 5 (data-dot-all#329)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Blocking autoApproval edit on backend (data-dot-all#324)

* Blocking autoApproval edit on backend

* Lint fix

* DATA-680 - Switch node to version 17 in the Screwdriver makefile (data-dot-all#326)

* bugfix (data-dot-all#328)

* Remove nodejs upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* bugfix (data-dot-all#331)

* Data743 stagingdeploy (data-dot-all#351)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Data743: Update verifier task schedule to run nightly (data-dot-all#350)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Data743 stagingdeploy (data-dot-all#353)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* [Data 767] staging deploy (data-dot-all#358)

* Bugfix: timeout error when listing Consumption Roles (data-dot-all#1303)

- Bugfix

- as GraphQL resolvers are 'lazy', for ShareRequest Modal window we
simply don't fetch the managedPolicy property -- no timeout
- managed policies are fetched, when consumption role is selected from
dropdown

- data-dot-all#1288

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

* Updated Release notes

---------

Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

---------

Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

* data712

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Restore yarn file

* Restore yarn file

* Update config

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>
Co-authored-by: Mohit Arora <marora@yahooinc.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Raj Chopde <rchopde@yahooinc.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@oath.com>
Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>
anushka-singh pushed a commit to anushka-singh/aws-dataall that referenced this issue Jun 20, 2024
@noah-paige @dlpzx
@dependabot @jaidisido @mourya-33 @nikpodsh @manjulaK @kasturmp @zsaltys @lorchda @TejasRGitHub @SofiaSazonova @anushka-singh
Data712 y branch 2 5 (data-dot-all#377)
382a924 
* Bigdata867 3 (data-dot-all#24)

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy BIGDATA 867: Implement revoke share in data_sharing_service

* Bucket Policy BIGDATA 867: Implement revoke share in data_sharing_service

* trajopadhye- BIGDATA-756 -> Added Tests for Task D and E

* trajopadhye - BIGDATA-756 Corrected file data_sharing_service.py to address revokedStateSM for revoked items

* trajopadhye- BIGDATA-756 - Slight correction in comments

* trajopadhye- BIGDATA-756 Correction on Share Status for revoke share tests

* Addresed changes from the review of PR

* [BIGDATA-625] Implement bucket share processor (data-dot-all#21)

* Implement bucket share processor

* Fix Revoke UI sharetype

* BIGDATA-612 - push source from SD container to CodeCommit.  Initial Makefile and SD yaml configuration.

* Remove synth

* Add force push

* Add default cdk.context.json

* Add param for branchname

* Comments.

* Fix email address

* Add instance specific cdk.context.json

* BIGDATA-612 - truncate the cfn encryption policy prefix so that together with branch name, it will fit within 32 char limit.

* Update screwdriver.yaml

* Change nodejs version in screwdriver Makefile to supported version 16 (data-dot-all#89) (data-dot-all#90)

* Change screwdriver node version to 16

* Remove all non-environment setup steps for testing

* Skip getting AWS credentials for testing

* Fixing npm install version

* Remove extra npm install

* Restore all prior functions.

* Remove AmplifyContext customizations, no longer needed. (data-dot-all#92)

* Change nodejs version in screwdriver Makefile to supported version 16 (data-dot-all#89)

* Change screwdriver node version to 16

* Remove all non-environment setup steps for testing

* Skip getting AWS credentials for testing

* Fixing npm install version

* Remove extra npm install

* Restore all prior functions.

* Remove AmplifyContext customizations, no longer needed. (data-dot-all#91)

* Fix screwdriver yaml for new EMR template step. (data-dot-all#116)

* Bigdata 1397 mvp 3 stagingdeploy 20231129 (data-dot-all#178)

* BIGDATA-1211 - Release notes initial commit

* Mvp3 deploy 20231129 - S3 Bucket share + KMS explosion fix - MERGE FROM OPENSOURCE (data-dot-all#176)

* Enabling S3 bucket share  (data-dot-all#848)

- Feature

- We want to enable bucket sharing along with access point share which
already exists in data all right now.
- A user will be able to request shares at bucket level and at the
folder level with access points.
- Please NOTE: There is some common code between Access point share
managers and processors and S3 Bucket managers and processors. We will
send out a separate PR for that refactoring work at a later time.

- data-dot-all#284
- data-dot-all#823
-
https://github.com/awslabs/aws-dataall/pull/846/files#diff-c1f522a1f50d8bcf7b6e5b2e586e40a8de784caa80345f4e05a6329ae2a372d0

- Contents of this PR have been contributed by @anushka-singh,
@blitzmohit, @rbernotas, @TejasRGitHub

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Kms explosion fix (data-dot-all#882)

- Bugfix

- DataAll currently creates one SID per role in the KMS policy attached
to a bucket with RoleID as the SID name.
- We want to collapse these SIDs into one SID.
- Access point and Bucket share will have different SIDs in KMS policy.
- Use role ARN instead of role ID.
- NOTE: if KMS policy was previously created, it will remain the same.
SID will be the user ID and not the KMS decrypt SID created in this PR.
It will not impact any future shares though.
- NOTE: This is to be merged after bucket share PR is merged.

- Tested this on local dev environment and KMS policy now has 1
statement with kms decrypt and using SID of KMS decrypt.

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Updated Release Notes 20231201

* Format changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* [BIGDATA-1391] - Fix for cannot see all cognito groups when inviting teams (data-dot-all#177)

* trajopadhye | BIGDATA-1391 - Fix for incomplete groups list fetched for invite org and env

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Bigdata 1397 mvp 3 stagingdeploy 20231129 1 (data-dot-all#180)

* BIGDATA-1211 - Release notes initial commit

* Mvp3 deploy 20231129 - S3 Bucket share + KMS explosion fix - MERGE FROM OPENSOURCE (data-dot-all#176)

* Enabling S3 bucket share  (data-dot-all#848)

- Feature

- We want to enable bucket sharing along with access point share which
already exists in data all right now.
- A user will be able to request shares at bucket level and at the
folder level with access points.
- Please NOTE: There is some common code between Access point share
managers and processors and S3 Bucket managers and processors. We will
send out a separate PR for that refactoring work at a later time.

- data-dot-all#284
- data-dot-all#823
-
https://github.com/awslabs/aws-dataall/pull/846/files#diff-c1f522a1f50d8bcf7b6e5b2e586e40a8de784caa80345f4e05a6329ae2a372d0

- Contents of this PR have been contributed by @anushka-singh,
@blitzmohit, @rbernotas, @TejasRGitHub

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Kms explosion fix (data-dot-all#882)

- Bugfix

- DataAll currently creates one SID per role in the KMS policy attached
to a bucket with RoleID as the SID name.
- We want to collapse these SIDs into one SID.
- Access point and Bucket share will have different SIDs in KMS policy.
- Use role ARN instead of role ID.
- NOTE: if KMS policy was previously created, it will remain the same.
SID will be the user ID and not the KMS decrypt SID created in this PR.
It will not impact any future shares though.
- NOTE: This is to be merged after bucket share PR is merged.

- Tested this on local dev environment and KMS policy now has 1
statement with kms decrypt and using SID of KMS decrypt.

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Updated Release Notes 20231201

* Format changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* [BIGDATA-1391] - Fix for cannot see all cognito groups when inviting teams (data-dot-all#177)

* trajopadhye | BIGDATA-1391 - Fix for incomplete groups list fetched for invite org and env

* Bugfix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Bugfix (data-dot-all#181)

* Bugfix

* Bugfix

* [Data 409] Athenz Certs Domain and User Pool Domain Changes (data-dot-all#221) (data-dot-all#222)

* trajopadhye | DATA-409- Code changes for Athenz certs domain and user pool domain

* [Data-413] GA stagingdeploy 20231228 - Fix for email notifications with Athenz.  Auto-create Pivot Role (data-dot-all#224)

* trajopadhye | DATA-412 - Added Athenz configs and Ports in AWS Worker lambda and enabling Auto Create Pivot Role

* DATA-416 - Fix while migrating from manual pivot role to auto created  (data-dot-all#230) (data-dot-all#233)

* trajopadhye | DATA-416 - Fix for environment updates when using auto pivot role. Changing the way KMS keys are specified in env role

* [Data 447] ga stagingdeploy 20240116 (data-dot-all#244)

* [Data-446] Fix for consumption role not showing up

* [Data 415] Dataset import fix for circular dependency error + local dev setup fixes  (data-dot-all#243)

* DATA-428 - Local env fixes

* Data 448 ga stagingdeploy 20240117 (data-dot-all#246)

* trajopadhye | DATA-440 - Adding else if to sync glue tabls in RDS

* Data 461 ga deploy 20240125 (data-dot-all#258)

* DATA-404 - Add git fetch --all to the CodeCommit repo sync

* DATA-420 - Switch from Cognito to Okta on Prod (data-dot-all#254)

DATA-420 - Switch from Cognito to Okta on Prod

* DATA-455: Shares stuck in progress when AWS does not have root access on KMS key (data-dot-all#256)

* Update release notes

* Update release notes

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <tejas.rajopadhye@yahooinc.com>

* Data 466 ga stagingdeploy 20240126 (data-dot-all#263)

* trajoadhye | DATA-456 - Removing Lake Formation SLR (data-dot-all#260)

* Data-405-Adding max 30 sec delay

* Synching Release notes from Staging to y-branch-2-0 (data-dot-all#262)

* [Data 484] stagingdeploy 20240206 (data-dot-all#275)

* fix: adding cdk synth for checkov scans (data-dot-all#264)

* [DATA-452] - Adding Dataset description in shares view (data-dot-all#273)

* Added Release note for DATA-481, DATA-452, DATA-480

* Syncing Release notes (data-dot-all#274)

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@oath.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>

* [Data 607] staging deploy email notification fix (data-dot-all#302)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#299)

* DATA-600 - Fix for share link not present in email notifications

* Merging changes needed for DATA-509 - Updating custom confidentiality values

* DATA - 586 - Adding confidentiality values for custom confidentiality

* Lower casing as suggested here- DATA-375

---------

Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* Updating release notes for staging deploy (data-dot-all#301)

---------

Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* [Data 611] Disable topics dropdown (data-dot-all#304)

* Disabling topics dropdown (data-dot-all#303)

* [Data 619] Stagingdeploy env permission fix  (data-dot-all#307)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#299)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#300)

* Email notification fix + confidentiality levels config  (data-dot-all#298)

* DATA-600 - Fix for share link not present in email notifications

* Merging changes needed for DATA-509 - Updating custom confidentiality values

* Adding confidentiality values for custom confidentiality

* Adding confidentiality configs to config.json.PROD

* Lower casing as suggested here- DATA-375

---------

Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* Updating release notes for staging deploy (data-dot-all#301)

* Disabling topics dropdown (data-dot-all#303)

* DATA-619 - Fix permission for GET_ORGANIZATION when users are in _data teams (data-dot-all#306)

* Cherry pick for issue with GET_ORG permission after 2.3 release

---------

Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>

---------

Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>

* [Data 631] Staging deploy  (data-dot-all#310)

* [Data 629] worksheet fix for GET_ENVIRONMENT permission (data-dot-all#309)

* Data690 stagingdeploy 20240425 (data-dot-all#319)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Update release notes

* Update release notes

* Update release notes

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Update makefile (data-dot-all#320)

* Data690 stagingdeploy 20240425 2 (data-dot-all#321)

* Update makefile

* Reverting nodejs 16 upgrade

* Reverting nodejs 16 upgrade

* Data690 stagingdeploy 20240425 3 (data-dot-all#323)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Reverting nodejs 16 upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Data690 stagingdeploy 20240425 4 (data-dot-all#325)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Blocking autoApproval edit on backend (data-dot-all#324)

* Blocking autoApproval edit on backend

* Lint fix

* Reverting nodejs 18 upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Data690 stagingdeploy 20240425 5 (data-dot-all#329)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Blocking autoApproval edit on backend (data-dot-all#324)

* Blocking autoApproval edit on backend

* Lint fix

* DATA-680 - Switch node to version 17 in the Screwdriver makefile (data-dot-all#326)

* bugfix (data-dot-all#328)

* Remove nodejs upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* bugfix (data-dot-all#331)

* Data743 stagingdeploy (data-dot-all#351)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Data743: Update verifier task schedule to run nightly (data-dot-all#350)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Data743 stagingdeploy (data-dot-all#353)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* [Data 767] staging deploy (data-dot-all#358)

* Bugfix: timeout error when listing Consumption Roles (data-dot-all#1303)

- Bugfix

- as GraphQL resolvers are 'lazy', for ShareRequest Modal window we
simply don't fetch the managedPolicy property -- no timeout
- managed policies are fetched, when consumption role is selected from
dropdown

- data-dot-all#1288

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

* Updated Release notes

---------

Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

---------

Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

* data712

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Restore yarn file

* Restore yarn file

* Update config

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>
Co-authored-by: Mohit Arora <marora@yahooinc.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Raj Chopde <rchopde@yahooinc.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@oath.com>
Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>
anushka-singh pushed a commit to anushka-singh/aws-dataall that referenced this issue Jun 20, 2024
@noah-paige @dlpzx
@dependabot @jaidisido @mourya-33 @nikpodsh @manjulaK @kasturmp @zsaltys @lorchda @TejasRGitHub @SofiaSazonova @anushka-singh
Data712 y branch 2 5 (data-dot-all#381)
653a480 
* Bigdata867 3 (data-dot-all#24)

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy E.1: Modify sharing task routing to trigger a s3 bucket sharing

* Bucket Policy BIGDATA 867: Implement revoke share in data_sharing_service

* Bucket Policy BIGDATA 867: Implement revoke share in data_sharing_service

* trajopadhye- BIGDATA-756 -> Added Tests for Task D and E

* trajopadhye - BIGDATA-756 Corrected file data_sharing_service.py to address revokedStateSM for revoked items

* trajopadhye- BIGDATA-756 - Slight correction in comments

* trajopadhye- BIGDATA-756 Correction on Share Status for revoke share tests

* Addresed changes from the review of PR

* [BIGDATA-625] Implement bucket share processor (data-dot-all#21)

* Implement bucket share processor

* Fix Revoke UI sharetype

* BIGDATA-612 - push source from SD container to CodeCommit.  Initial Makefile and SD yaml configuration.

* Remove synth

* Add force push

* Add default cdk.context.json

* Add param for branchname

* Comments.

* Fix email address

* Add instance specific cdk.context.json

* BIGDATA-612 - truncate the cfn encryption policy prefix so that together with branch name, it will fit within 32 char limit.

* Update screwdriver.yaml

* Change nodejs version in screwdriver Makefile to supported version 16 (data-dot-all#89) (data-dot-all#90)

* Change screwdriver node version to 16

* Remove all non-environment setup steps for testing

* Skip getting AWS credentials for testing

* Fixing npm install version

* Remove extra npm install

* Restore all prior functions.

* Remove AmplifyContext customizations, no longer needed. (data-dot-all#92)

* Change nodejs version in screwdriver Makefile to supported version 16 (data-dot-all#89)

* Change screwdriver node version to 16

* Remove all non-environment setup steps for testing

* Skip getting AWS credentials for testing

* Fixing npm install version

* Remove extra npm install

* Restore all prior functions.

* Remove AmplifyContext customizations, no longer needed. (data-dot-all#91)

* Fix screwdriver yaml for new EMR template step. (data-dot-all#116)

* Bigdata 1397 mvp 3 stagingdeploy 20231129 (data-dot-all#178)

* BIGDATA-1211 - Release notes initial commit

* Mvp3 deploy 20231129 - S3 Bucket share + KMS explosion fix - MERGE FROM OPENSOURCE (data-dot-all#176)

* Enabling S3 bucket share  (data-dot-all#848)

- Feature

- We want to enable bucket sharing along with access point share which
already exists in data all right now.
- A user will be able to request shares at bucket level and at the
folder level with access points.
- Please NOTE: There is some common code between Access point share
managers and processors and S3 Bucket managers and processors. We will
send out a separate PR for that refactoring work at a later time.

- data-dot-all#284
- data-dot-all#823
-
https://github.com/awslabs/aws-dataall/pull/846/files#diff-c1f522a1f50d8bcf7b6e5b2e586e40a8de784caa80345f4e05a6329ae2a372d0

- Contents of this PR have been contributed by @anushka-singh,
@blitzmohit, @rbernotas, @TejasRGitHub

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Kms explosion fix (data-dot-all#882)

- Bugfix

- DataAll currently creates one SID per role in the KMS policy attached
to a bucket with RoleID as the SID name.
- We want to collapse these SIDs into one SID.
- Access point and Bucket share will have different SIDs in KMS policy.
- Use role ARN instead of role ID.
- NOTE: if KMS policy was previously created, it will remain the same.
SID will be the user ID and not the KMS decrypt SID created in this PR.
It will not impact any future shares though.
- NOTE: This is to be merged after bucket share PR is merged.

- Tested this on local dev environment and KMS policy now has 1
statement with kms decrypt and using SID of KMS decrypt.

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Updated Release Notes 20231201

* Format changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* [BIGDATA-1391] - Fix for cannot see all cognito groups when inviting teams (data-dot-all#177)

* trajopadhye | BIGDATA-1391 - Fix for incomplete groups list fetched for invite org and env

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Bigdata 1397 mvp 3 stagingdeploy 20231129 1 (data-dot-all#180)

* BIGDATA-1211 - Release notes initial commit

* Mvp3 deploy 20231129 - S3 Bucket share + KMS explosion fix - MERGE FROM OPENSOURCE (data-dot-all#176)

* Enabling S3 bucket share  (data-dot-all#848)

- Feature

- We want to enable bucket sharing along with access point share which
already exists in data all right now.
- A user will be able to request shares at bucket level and at the
folder level with access points.
- Please NOTE: There is some common code between Access point share
managers and processors and S3 Bucket managers and processors. We will
send out a separate PR for that refactoring work at a later time.

- data-dot-all#284
- data-dot-all#823
-
https://github.com/awslabs/aws-dataall/pull/846/files#diff-c1f522a1f50d8bcf7b6e5b2e586e40a8de784caa80345f4e05a6329ae2a372d0

- Contents of this PR have been contributed by @anushka-singh,
@blitzmohit, @rbernotas, @TejasRGitHub

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Kms explosion fix (data-dot-all#882)

- Bugfix

- DataAll currently creates one SID per role in the KMS policy attached
to a bucket with RoleID as the SID name.
- We want to collapse these SIDs into one SID.
- Access point and Bucket share will have different SIDs in KMS policy.
- Use role ARN instead of role ID.
- NOTE: if KMS policy was previously created, it will remain the same.
SID will be the user ID and not the KMS decrypt SID created in this PR.
It will not impact any future shares though.
- NOTE: This is to be merged after bucket share PR is merged.

- Tested this on local dev environment and KMS policy now has 1
statement with kms decrypt and using SID of KMS decrypt.

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Updated Release Notes 20231201

* Format changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* [BIGDATA-1391] - Fix for cannot see all cognito groups when inviting teams (data-dot-all#177)

* trajopadhye | BIGDATA-1391 - Fix for incomplete groups list fetched for invite org and env

* Bugfix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>

* Bugfix (data-dot-all#181)

* Bugfix

* Bugfix

* [Data 409] Athenz Certs Domain and User Pool Domain Changes (data-dot-all#221) (data-dot-all#222)

* trajopadhye | DATA-409- Code changes for Athenz certs domain and user pool domain

* [Data-413] GA stagingdeploy 20231228 - Fix for email notifications with Athenz.  Auto-create Pivot Role (data-dot-all#224)

* trajopadhye | DATA-412 - Added Athenz configs and Ports in AWS Worker lambda and enabling Auto Create Pivot Role

* DATA-416 - Fix while migrating from manual pivot role to auto created  (data-dot-all#230) (data-dot-all#233)

* trajopadhye | DATA-416 - Fix for environment updates when using auto pivot role. Changing the way KMS keys are specified in env role

* [Data 447] ga stagingdeploy 20240116 (data-dot-all#244)

* [Data-446] Fix for consumption role not showing up

* [Data 415] Dataset import fix for circular dependency error + local dev setup fixes  (data-dot-all#243)

* DATA-428 - Local env fixes

* Data 448 ga stagingdeploy 20240117 (data-dot-all#246)

* trajopadhye | DATA-440 - Adding else if to sync glue tabls in RDS

* Data 461 ga deploy 20240125 (data-dot-all#258)

* DATA-404 - Add git fetch --all to the CodeCommit repo sync

* DATA-420 - Switch from Cognito to Okta on Prod (data-dot-all#254)

DATA-420 - Switch from Cognito to Okta on Prod

* DATA-455: Shares stuck in progress when AWS does not have root access on KMS key (data-dot-all#256)

* Update release notes

* Update release notes

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <tejas.rajopadhye@yahooinc.com>

* Data 466 ga stagingdeploy 20240126 (data-dot-all#263)

* trajoadhye | DATA-456 - Removing Lake Formation SLR (data-dot-all#260)

* Data-405-Adding max 30 sec delay

* Synching Release notes from Staging to y-branch-2-0 (data-dot-all#262)

* [Data 484] stagingdeploy 20240206 (data-dot-all#275)

* fix: adding cdk synth for checkov scans (data-dot-all#264)

* [DATA-452] - Adding Dataset description in shares view (data-dot-all#273)

* Added Release note for DATA-481, DATA-452, DATA-480

* Syncing Release notes (data-dot-all#274)

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@oath.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>

* [Data 607] staging deploy email notification fix (data-dot-all#302)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#299)

* DATA-600 - Fix for share link not present in email notifications

* Merging changes needed for DATA-509 - Updating custom confidentiality values

* DATA - 586 - Adding confidentiality values for custom confidentiality

* Lower casing as suggested here- DATA-375

---------

Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* Updating release notes for staging deploy (data-dot-all#301)

---------

Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* [Data 611] Disable topics dropdown (data-dot-all#304)

* Disabling topics dropdown (data-dot-all#303)

* [Data 619] Stagingdeploy env permission fix  (data-dot-all#307)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#299)

* Data:604: Add local level false positive management for PSECBUG - 73521 (data-dot-all#300)

* Email notification fix + confidentiality levels config  (data-dot-all#298)

* DATA-600 - Fix for share link not present in email notifications

* Merging changes needed for DATA-509 - Updating custom confidentiality values

* Adding confidentiality values for custom confidentiality

* Adding confidentiality configs to config.json.PROD

* Lower casing as suggested here- DATA-375

---------

Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>

* Updating release notes for staging deploy (data-dot-all#301)

* Disabling topics dropdown (data-dot-all#303)

* DATA-619 - Fix permission for GET_ORGANIZATION when users are in _data teams (data-dot-all#306)

* Cherry pick for issue with GET_ORG permission after 2.3 release

---------

Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>

---------

Co-authored-by: Anushka Singh <anushka.singh@verizonmedia.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>

* [Data 631] Staging deploy  (data-dot-all#310)

* [Data 629] worksheet fix for GET_ENVIRONMENT permission (data-dot-all#309)

* Data690 stagingdeploy 20240425 (data-dot-all#319)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Update release notes

* Update release notes

* Update release notes

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Update makefile (data-dot-all#320)

* Data690 stagingdeploy 20240425 2 (data-dot-all#321)

* Update makefile

* Reverting nodejs 16 upgrade

* Reverting nodejs 16 upgrade

* Data690 stagingdeploy 20240425 3 (data-dot-all#323)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Reverting nodejs 16 upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Data690 stagingdeploy 20240425 4 (data-dot-all#325)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Blocking autoApproval edit on backend (data-dot-all#324)

* Blocking autoApproval edit on backend

* Lint fix

* Reverting nodejs 18 upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* Data690 stagingdeploy 20240425 5 (data-dot-all#329)

* DATA-680 - Update node repo to 18.x in Makefile.sd

* Data674: Adding auto approval for confidentiality levels (data-dot-all#317)

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Data674: Adding auto approval for confidentiality levels

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Lint fixes

* Ensuring Secret Confidentiality Type (Yahoo Confidential and Yahoo Highly Confidential) are never auto-approved

* Use boolean true instead of string

* Update config

* Bugfix (data-dot-all#322)

* Blocking autoApproval edit on backend (data-dot-all#324)

* Blocking autoApproval edit on backend

* Lint fix

* DATA-680 - Switch node to version 17 in the Screwdriver makefile (data-dot-all#326)

* bugfix (data-dot-all#328)

* Remove nodejs upgrade

---------

Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>

* bugfix (data-dot-all#331)

* Data743 stagingdeploy (data-dot-all#351)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Data743: Update verifier task schedule to run nightly (data-dot-all#350)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Data743 stagingdeploy (data-dot-all#353)

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* Update verifier task schedule to run nightly

* [Data 767] staging deploy (data-dot-all#358)

* Bugfix: timeout error when listing Consumption Roles (data-dot-all#1303)

- Bugfix

- as GraphQL resolvers are 'lazy', for ShareRequest Modal window we
simply don't fetch the managedPolicy property -- no timeout
- managed policies are fetched, when consumption role is selected from
dropdown

- data-dot-all#1288

Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

* Updated Release notes

---------

Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

---------

Co-authored-by: Anushka Singh <anushka.singh@yahooinc.com>
Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>

* data712

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Restore yarn file

* Restore yarn file

* Update config

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: Persistent emails

* Data712: update import

* Data712: update import

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: trajopadhye <tejas.rajopadhye@yahooinc.com>
Co-authored-by: Mohit Arora <marora@yahooinc.com>
Co-authored-by: rbernota <rbernota@yahooinc.com>
Co-authored-by: Rick Bernotas <rbernota@verizonmedia.com>
Co-authored-by: Raj Chopde <rchopde@yahooinc.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: dlpzx <71252798+dlpzx@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jaidisido <jaidisido@gmail.com>
Co-authored-by: dlpzx <dlpzx@amazon.com>
Co-authored-by: mourya-33 <134511711+mourya-33@users.noreply.github.com>
Co-authored-by: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Co-authored-by: MK <manjula_kasturi@hotmail.com>
Co-authored-by: Manjula <manjula.kasturi@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@gmail.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@yahooinc.com>
Co-authored-by: Daniel Lorch <98748454+lorchda@users.noreply.github.com>
Co-authored-by: Tejas Rajopadhye <71188245+TejasRGitHub@users.noreply.github.com>
Co-authored-by: Zilvinas Saltys <zilvinas.saltys@oath.com>
Co-authored-by: Sofia Sazonova <sofia-s@304.ru>
Co-authored-by: Sofia Sazonova <sazonova@amazon.co.uk>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@noah-paige noah-paige

Labels
type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@noah-paige @degoldner