Fix: worksheet UI improvements - fix Team and list Environments of Team

[dlpzx]

Feature or Bugfix

• Feature
• Bugfix

Detail

• Make Team static when opening a Worksheet. It is the same Team that the one that owns the Worksheet
• Modify ListEnvironments to show only the environments for this user AND TEAM
• Fix one bug on shared databases being visible for all teams of an environment
• todo: open 2 issues for the issues found to be fixed on a separate PR

Testing

Testing scenario:

• Environment 1: TeamA and TeamB added to environment
• Environment 2: TeamA and TeamB added to environment. TeamA creates consumption role CRA
• Dataset created 1: Env1-TeamA
• Dataset imported 1: Env1-TeamA
• Dataset imported with central catalog: Env1-TeamA ---> shared with Env1-TeamB
• Dataset created2: Env2-TeamA ---> shared with Env1-TeamA and Env1-CRA

Worksheet owned by TeamA

• UI can Select Env1 or Env2
• When selecting env1: UI shows OWNED CREATED database without duplicates
• When selecting env1: UI shows OWNED IMPORTED database without duplicates
• When selecting env1: UI shows OWNED IMPORTED CENTRAL CATALOG database without duplicates --> 🔴 The listing of tables is correct, but the query fails Insufficient permissions to execute the query. Insufficient Lake Formation permission(s) on rl_imported_central_sse_c3
• When selecting env1: UI shows SHARED database without duplicates 🔴 it shows 1 single database for the 2 shares (TeamA and CR_A). Each share requested a different table. In the drop-down it shows both tables which is incorrect, but, querying the table shared with CR_A fails TABLE_NOT_FOUND: line 1:15: Table 'awsdatacatalog.dataall_lcreated_a2_l7pm61ii_shared.books_raw' does not exist ---> FIXED!
• When selecting env2: UI shows OWNED database in env2
• UI can change from environment, database... without glitches - databases and tables are cleaned up

Worksheet owned by TeamB

• When selecting env1: UI shows SHARED IMPORTED CENTRAL CATALOG database without duplicates 🔴 Error: it shows the SHARED database with TeamA!! --> FIXED!
• When selecting env2: UI shows no databases
• UI can change from environment, database... without glitches

Issues found:

• Insufficient Lake Formation permissions when running Query for OWNED IMPORTED CENTRAL CATALOG database
• When there are consumption roles the shared database shows all tables shared (the ones with team IAM roles and the ones with CR) when it should only show the ones for the team IAM roles. The issue is that now we have a single Glue shared database and we are getting the tables from Glue, which means we get all the shared tables. The issue is in getSharedDatasetTables --> Fixed
• Showing Shared databases with other teams --> Fixed

Relates

• Worksheet drilldown improvements #984

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10. N/A

• Does this PR introduce or modify any input fields or queries - this includes
  fetching data from storage outside the application (e.g. a database, an S3 bucket)?
  • Is the input sanitized?
  • What precautions are you taking before deserializing the data you consume?
  • Is injection prevented by parametrizing queries?
  • Have you ensured no eval or similar functions are used?
• Does this PR introduce any functionality or component that requires authorization?
  • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  • Are you logging failed auth attempts?
• Are you using or adding any cryptographic features?
  • Do you use a standard proven implementations?
  • Are the used keys controlled by the customer? Where are they stored?
• Are you introducing any new policies/roles/users?
  • Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[SofiaSazonova]

What does this new groups variable mean? Why we need to change the initial groups?

[dlpzx]

groups includes all the groups that the user belongs to, SamlGroupName includes a single group. We verify that the selected group is part of the groups of the user

[SofiaSazonova]

But why afterwards you want to reset groups as the array consisting only of filter.get('SamlGroupName')?
It seems to be not safe, since we eliminate all other groups. I know, it won't be saved to database, but still in further code we cant refer to groups as all the groups that the user belongs to

[dlpzx]

Let's keep the bar high :) I have changed the way of doing this in this commit: 44262c7

I still need to test, but that will wait until tomorrow

[dlpzx]

I want to do some investigation on the issue for consumption roles. Moving the PR to draft