S3: Implement cross-account access

[viren-nadkarni]

This PR adds tests for cross-account support to S3 for following operations:

• GetObject
• PutObject
• ListObjects

The actual implementation was done in Moto in below linked PRs. This also introduces a shared namespace for buckets.

Depends on:

• S3: Cross-account access for buckets getmoto/moto#6333
• Bump moto-ext to 4.1.10.post2 #8410

cc: @dfangl

[coveralls]

Coverage: 82.685% (+0.002%) from 82.682% when pulling 72c9aad on s3-cross-accounts into 8ab1a66 on master.

[github-actions]

LocalStack Community integration with Pro

2 081 tests   1 799 ✔️  1h 18m 52s ⏱️
       2 suites     282 💤
       2 files           0 ❌

Results for commit 72c9aad.

[bentsku]

LGTM! I've read the change in moto, and it's not only GetObject, PutObject and ListObjects anymore, right, but it's effectively every single S3 operation that is now cross-account enabled?
This might actually fix #7084!

This is very cool, I'm not sure how ACL are enforced on the moto side, but it should be okay. Awesome, thanks a lot for tackling this!

[bentsku]

nit: I've tested against AWS and its missing a dot at the end of the exception message. Shouldn't be so bad, but we know some IaC/SDK are very picky about this message. I guess we should fix it in moto?

[viren-nadkarni]

Yes, this should be fixed in Moto. I'll try to remember to sneak a fix for this in my next moto PR

[viren-nadkarni]

I've read the change in moto, and it's not only GetObject, PutObject and ListObjects anymore, right, but it's effectively every single S3 operation that is now cross-account enabled?

It may, but this definitely needs further testing before we can claim so!