User story:

As a user, I only want to see managed policy based role ARNS when creating an HCP ROSA (aka Hypershift) cluster because in the near future only managed policy ARNs will be allowed.

NOTES:
Currently a user can use either a managed policy based ARN or a non managed policy based ARN to create a HCP ROSA cluster.  Sometime near GA, the user will only be allowed to use managed policy based ARN.  In order to make this change quickly in the UI, recommend the enforcement of only using managed policy based ARNs behind a feature flag.

Also there is an issue when the managed policy ARNs are created with an older version of the CLI, the managed policy based ARNs aren't nested correctly.  This will be addressed in another story.  When working on and testing this story, be sure that you are creating roles with the newest version of the ROSA CLI (1.2.26 or greater)

Acceptance criteria:

• When creating a ROSA classic cluster:
  • Managed policy based ARNs are not shown when selecting account roles
  • All non-managed policy based ARNS are shown when selecting account roles
• When creating a ROSA 
  • When feature flag restricting to only managed policy based ARNs is set to true: 
    • Managed policy based ARNS are shown when selecting account role
    • All non-managed policy based ARNs are not shown
  • When feature flag restricting to only managed policy based ARNs is set to false: 
    • Both managed and non-managed policy based ARNs are shown

Mockups:

None

---------------------------------------------------------------

Implementation details

The data for managed policy based ARNs can come in slightly differently depending how they are created.  Sometimes they are separated (see KimTest2 in the sample data) and other times they are mixed (see KimTest in the sample data).

In the case of the sample data, both KimTest and KimTest2 ARNs should show up when creating a ROSA HCP cluster.  Correspondingly, the following ARNs should only shown up when creating a ROSA Classic cluster: 
ep-10-03, KimTest, ManagedOpenShift

As a note: "KimTest" was created  by running this CLI command `rosa create account-roles --hosted-cp` and choosing the option to also create "Classic account roles".
STS_Account_Sample_Data.json

The recommended fix below in the "old description" isn't a full fix and additional work will be needed.

--------------------------------------------------------------

Old description - please ignore leaving for historical reason

This reverses https://gitlab.cee.redhat.com/service/uhc-portal/-/merge_requests/4174

• This should be behind a feature flag which we can just 'enable for all' once backend is ready to support it.

The above MR was put in as a temporary fix to allow work on the wizard to progress while unmanaged policies could be used to create an HCP cluster.

I beleive we should update:

 AccountRolesARNsSection.jsx#L216-216

to:

const accountRolesARNs = get(getAWSAccountRolesARNsResponse, 'data', []).filter((arn) =>
  // TODO: restore when managed policies are in place
  // isHypershiftSelected ? (arn.hcpManagedPolicies && arn.managedPolicies) : ... ,
  isHypershiftSelected ? (arn.hcpManagedPolicies && arn.managedPolicies) : ... ,  // '...' meaning whatever is there keep );

Note:

  // isHypershiftSelected ? (arn.hcpManagedPolicies && arn.managedPolicies) : (!arn.hcpManagedPolicies && arn.managedPolicies) ,

Is the complete, correct logic when managed-policies are supported in both rosa classic, and rosa hosted, based on past comments:

Per usage of backend `hcpManagedPolicies` and `managedPolicies` fields:

* For hypershift managed policies both fields are true
* For rosa classic unmanaged both are false
* (out of scope) For rosa classic managed policies (the epic is on hold right now) managedPolicies:true and hcpManagedPolicies:false