S3 Amazonaws allow to create a user to bind to the bucket

[sp90]

Only if the hostname ends with .amazonaws.com:
After the Test method is called on the backend, the FE should check via the IAM webmodule if the user has permissions to create a new user. If so, the FE should suggest creating a new user that only has access to the given bucket and replace the credentials with the newly generated credentials. Methods for this are in the webmodule.

[sp90]

@kenkendk could you add some words on specifically where in the flow we want this to happen?

1. Test connection
2. Test con error (or when does it happen and if on error which error??)
3. if has create user feature in webmodule
4. dialog if they want that
5. if yes do it and replace credentials on auth-password and auth-username

[kenkendk]

The "test connection" should call the regular "test" method.

If successfull, and the hostname ends with .amazonaws.com it should check if the user can create a new user (operation is CanCreateUser)

If the result is a success, then offer to create a non-privileged used.
If the result is a failure, ignore it.

To create the non-privileged user, call with operation CreateIAMUser.
After the operation succeeds, the result will contain accessid and secretkey.
After changing the credentials, call the "test" method again.

There is another operation in the webmodule called GetPolicyDoc.
If we decide to add this, it should only be possible if the hostname ends with .amazonaws.com.
The result of the operation is a JSON document that can be uploaded manually to AWS S3 with the correct permissions.