DT-1202: Allow creating datasnapshot as a child resource of dataset (#1640)

- users with `snapshot_creator` or greater role on `dataset` can `add_child` to `dataset`
- users with `custodian` or greater role on `dataset` can `list_children`
- users with `steward` role can `create_with_parent` to `datasnapshot`, and `get_parent`
- `dataset` `custodian` or greater role are `steward` on child `datasnapshot`s.

Author: pshapiro4broad

src/main/resources/reference.conf

@@ -1335,6 +1335,12 @@ resourceTypes = {
       "unlock_resource" = {
         description = "Can unlock a resource"
       }
+      add_child = {
+        description = "add a child resource"
+      }
+      list_children = {
+        description = "list child resources"
+      }
     }
     ownerRoleName = "steward"
     roles = {
@@ -1343,14 +1349,17 @@ resourceTypes = {
         includedRoles = ["custodian"]
       }
       custodian = {
-        roleActions = ["manage_schema", "create_datasnapshot", "ingest_data", "soft_delete", "hard_delete", "unlink_snapshot", "list_snapshots", "lock_resource", "unlock_resource", "share_policy::custodian", "share_policy::ingester", "share_policy::snapshot_creator"]
+        roleActions = ["manage_schema", "create_datasnapshot", "ingest_data", "soft_delete", "hard_delete", "unlink_snapshot", "list_snapshots", "lock_resource", "unlock_resource", "share_policy::custodian", "share_policy::ingester", "share_policy::snapshot_creator", "list_children"]
         includedRoles = ["snapshot_creator"]
+        descendantRoles = {
+          datasnapshot = ["steward"]
+        }
       }
       ingester = {
         roleActions = ["read_dataset", "read_data", "ingest_data"]
       }
       snapshot_creator = {
-        roleActions = ["read_dataset", "read_data", "read_policies", "link_snapshot"]
+        roleActions = ["read_dataset", "read_data", "read_policies", "link_snapshot", "add_child"]
       }
       admin = {
         roleActions = ["share_policy::steward", "read_policies", "alter_policies", "unlock_resource"]
@@ -1437,18 +1446,24 @@ resourceTypes = {
       add_child = {
         description = "add a child resource"
       }
+      create_with_parent = {
+        description = "Enables creating a snapshot with a parent dataset"
+      }
+      get_parent = {
+        description = "get parent of snapshot"
+      }
     }
     ownerRoleName = "steward"
     roles = {
       steward = {
-        roleActions = ["share_policy::steward", "share_policy::custodian", "update_passport_identifier", "view_journal"]
+        roleActions = ["share_policy::steward", "share_policy::custodian", "update_passport_identifier", "view_journal", "create_with_parent"]
         includedRoles = ["custodian"]
         descendantRoles = {
           snapshot-builder-request = ["approver"]
         }
       }
       custodian = {
-        roleActions = ["delete", "edit_datasnapshot", "update_snapshot", "share_policy::reader", "share_policy::aggregate_data_reader", "share_policy::discoverer", "read_policies", "set_public", "update_auth_domain", "lock_resource", "unlock_resource"]
+        roleActions = ["delete", "edit_datasnapshot", "update_snapshot", "share_policy::reader", "share_policy::aggregate_data_reader", "share_policy::discoverer", "read_policies", "set_public", "update_auth_domain", "lock_resource", "unlock_resource", "get_parent"]
         includedRoles = ["reader"]
       }
       reader = {