Allow assuming chained roles for IAM-based authentication

[heroldus]

Description

The change introduces a new plugin called AssumeChainedRolesCredentialsProvider to allow to assume another AWS IAM role or a chain of roles to login into Redshift via IAM-based auth. This is important to enabled IAM-based auth in multi-account setups.

Motivation and Context

The change solves the problem that you currently can't use IAM-based authentication to login from e.g. an EC2 instance into a Redshift cluster in another AWS account.

Testing

Use an EC2 instance with instance profile and AWS IAM role assigned. This IAM role A can assume another IAM role B in another AWS account via STS and a trust policy. The IAM role B has the permission to login into a Redshift cluster in this account. With the new plugin the EC2 instance can connect to the Redshift cluster via IAM-based auth.

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Checklist

• Local run of mvn install succeeds
• My code follows the code style of this project
• My change requires a change to the Javadoc documentation
• I have updated the Javadoc documentation accordingly
• I have read the README document
• I have added tests to cover my changes
• All new and existing tests passed
• A short description of the change has been added to the CHANGELOG

License

• By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.