Validate iam for liveramp S3

[nk1107]

JIRA - https://twilio-engineering.atlassian.net/browse/STRATCONN-6015?atlOrigin=eyJpIjoiMzg0OGZlYWY3MDhjNDE5YWJlNjc1NDA1MjBhMjQ3YjYiLCJwIjoiaiJ9

HeadBucket - https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html

This change adds a validation logic to validate the IAM role for the liveramp audienceEnteredS3 action. This is done using HEAD request to the S3 bucket with the IAM credentials in the mappings.

Number of batch events processed by liveramp in 1 day

Testing

Include any additional information about the testing you have completed to
ensure your changes behave as expected. For a speedy review, please check
any of the tasks you completed below during your testing.

• Added unit tests for new functionality
• Tested end-to-end using the local server
• [If destination is already live] Tested for backward compatibility of destination. Note: New required fields are a breaking change.
• [Segmenters] Tested in the staging environment

• [Segmenters] [If applicable for this change] Tested for regression with Hadron.

Rollout Strategy

Going with the flagon based rollout with following stages

1. First rollout uptill the business tier customers.
2. Second rollout till the strategic account tier customers.
3. Third rollout for all the customer tiers.

[codecov]

Codecov Report

❌ Patch coverage is 83.33333% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.88%. Comparing base (9306771) to head (cb2a3f7).
⚠️ Report is 25 commits behind head on main.

Files with missing lines	Patch %	Lines
...nations/liveramp-audiences/audienceEnteredS3/s3.ts	77.77%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3209   +/-   ##
=======================================
  Coverage   79.88%   79.88%           
=======================================
  Files        1190     1190           
  Lines       21874    21894   +20     
  Branches     4262     4270    +8     
=======================================
+ Hits        17474    17490   +16     
- Misses       3648     3650    +2     
- Partials      752      754    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sayan-das-in]

nit pick: in the test cases nock.cleanAll() ideally should be wrapped inside beforeEach.

[varadarajan-tw]

Looks good. Left a couple of questions

[varadarajan-tw]

Can't we mark all these as required? aren't these marked as required 🤔 ?

[nk1107]

Only the s3_aws_region is a required property as of now. We'll have to introduce another change to mark the other properties as required.

[varadarajan-tw]

Should we put this behind another feature flag for rollout?

[nk1107]

Right now i have avoided the validation for the legacy_flag due to snapshot issues, but yeah we can introduce a flag for rollout

[varadarajan-tw]

Could this work?

Suggested change

	if (!(input.features && input.features[LIVERAMP_LEGACY_FLOW_FLAG_NAME] === true)) {
	// only validate S3 permissions when the validation flag is enabled
	if (input.features && input.features[LIVERAMP_S3_IAM_VALIDATION_FLAG_NAME] === true) {
	await validateS3Permissions(input.payloads[0], input.request)
	}
	}
	if (input?.features[LIVERAMP_LEGACY_FLOW_FLAG_NAME)!==true && input?.features[LIVERAMP_S3_IAM_VALIDATION_FLAG_NAME] == true){
	await validateS3Permissions(input.payloads[0], input.request)
	}

[nk1107]

added the recommended change