Implement Bucket ACL operations in S3 provider

[bentsku]

No integration tests were really checking ACLs, so this one is not reducing tests failure as much.

• Implement Bucket ACL operations and validation in provider.
• ACL enforcement is not part of it, as it's not currently done in the current provider.

[github-actions]

LocalStack integration with Pro

       3 files  ±0         3 suites  ±0   1h 11m 38s ⏱️ - 9m 12s
1 309 tests +2  1 195 ✔️ ±0  114 💤 +2  0 ❌ ±0 
1 821 runs  +2  1 563 ✔️ ±0  258 💤 +2  0 ❌ ±0 

Results for commit 3a18121. ± Comparison against base commit cf8a254.

♻️ This comment has been updated with latest results.

[thrau]

LGTM! if you want we can modify ASF to make it easier to construct exception that have attributes, let me know.

[thrau]

would it help if we made it easier to set the exception attributes, so you can raise

raise InvalidArgument(message, ArgumentName=name, ArgumentValue=value)

?

there are two ways that we can do that. either we change the scaffold to create the constructors of exceptions accordingly, or we extend the ServiceException constructor to accept kwargs, to something like:

    def __init__(self, *args, **kwargs):
        super(ServiceException, self).__init__(*args)

        if len(args) >= 1:
            self.message = args[0]
        else:
            self.message = ""
         
        for k,v in kwargs.items():
            setattr(self, k) = v

the second option is simpler and also easier to implement, however it makes it harder to subclass or customize the constructor. the first approach would maybe be cleaner but also a bit more effort.

[bentsku]

Right! I think right now, it's not exactly needed, as it concerns only S3. I'm thinking about maybe creating a new file exceptions.py for s3, with the helpers to create the necessary exceptions.
I have some kind of a weird case here with presigned URLs: some exceptions have a lot of members (up to 7 I think), but some fields are not returned nor created, depending on the kind of exceptions. So attaching conditionally the members is quite practical.
If I document it better, maybe it can just be know for s3 that you need to create the exceptions with the helper methods. And I like being able to add some logic while creating the exceptions, like the Bytes version of the field.
Presigned URL exception example:

localstack/localstack/services/s3/presigned_url.py

Lines 158 to 181 in e828540

	def create_signature_does_not_match_sig_v2(
	request_signature: str, string_to_sign: str
	) -> SignatureDoesNotMatch:
	ex = SignatureDoesNotMatch(
	"The request signature we calculated does not match the signature you provided. Check your key and signing method."
	)
	ex.AWSAccessKeyId = TEST_AWS_ACCESS_KEY_ID
	ex.HostId = FAKE_HOST_ID
	ex.SignatureProvided = request_signature
	ex.StringToSign = string_to_sign
	ex.StringToSignBytes = to_bytes(string_to_sign).hex(sep=" ", bytes_per_sep=2).upper()
	return ex
	def create_signature_does_not_match_sig_v4(
	not_valid_sig_v4: NotValidSigV4Signature,
	) -> SignatureDoesNotMatch:
	ex = create_signature_does_not_match_sig_v2(
	request_signature=not_valid_sig_v4["signature_provided"],
	string_to_sign=not_valid_sig_v4["string_to_sign"],
	)
	ex.CanonicalRequest = not_valid_sig_v4["canonical_request"]
	ex.CanonicalRequestBytes = to_bytes(ex.CanonicalRequest).hex(sep=" ", bytes_per_sep=2).upper()
	return ex

But I still like your proposal, it's pretty clean. But not sure it's worth the trouble.