add GetPartition(s) actions (#2495)

Author: timburke-hackit

terraform/modules/department/02-inputs-optional.tf

@@ -73,12 +73,11 @@ variable "additional_glue_database_access" {
     Additional Glue database access to grant to the department.
     Allows specifying specific databases and the actions that can be performed on them.
     
-    Note: The actions 'glue:GetDatabase' and 'glue:GetDatabases' are automatically 
+    Note: The actions 'glue:GetDatabase', 'glue:GetDatabases', 'glue:GetPartition' and 'glue:GetPartitions' are automatically 
     appended to the actions list to ensure databases appear in SQL editors and can be 
     accessed. You only need to specify additional actions like table operations:
     - glue:GetTable, glue:GetTables
     - glue:CreateTable, glue:UpdateTable, glue:DeleteTable (for write access)
-    - glue:GetPartition, glue:GetPartitions
     - glue:CreatePartition, glue:UpdatePartition, glue:DeletePartition (for write access)
   EOF
   type = list(object({

terraform/modules/department/50-aws-iam-policies.tf

@@ -240,6 +240,8 @@ data "aws_iam_policy_document" "read_only_glue_access" {
         [
           "glue:GetDatabase",  # Required for specific database access
           "glue:GetDatabases", # Required for SQL editor database listing
+          "glue:GetPartition",
+          "glue:GetPartitions",
         ]
       ))
       resources = [
@@ -641,6 +643,8 @@ data "aws_iam_policy_document" "glue_access" {
         [
           "glue:GetDatabase",  # Required for specific database access
           "glue:GetDatabases", # Required for SQL editor database listing
+          "glue:GetPartition",
+          "glue:GetPartitions",
         ]
       ))
       resources = [