From 9d72082df208f6dfa821afcdc28bd92387eabaf7 Mon Sep 17 00:00:00 2001
From: yuwang-RH <yuwan@redhat.com>
Date: Fri, 3 Jan 2025 19:48:18 +0800
Subject: [PATCH] OCM-13258 | ci: Add new function to create shared roles to
 support hosted-cp shared-vpc job

---
 pkg/aws/aws_client/role.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/pkg/aws/aws_client/role.go b/pkg/aws/aws_client/role.go
index b81fd66..d93ede6 100644
--- a/pkg/aws/aws_client/role.go
+++ b/pkg/aws/aws_client/role.go
@@ -418,6 +418,28 @@ func (client *AWSClient) CreateRoleForSharedVPC(roleName, installerRoleArn strin
 	return client.CreateRole(roleName, string(assumeRolePolicyDocument), "", make(map[string]string), "/")
 }
 
+// A more common function to create roles for shared VPC. The old CreateRoleForSharedVPC function was used for classic
+// shared-vpc cluster only. This function can be used for both classic and hosted-cp shared-vpc cluster. Keep CreateRoleForSharedVPC
+// for the compatibility of the eale reference
+func (client *AWSClient) CreateRoleForSharedVPCHCP(roleName string, assumeRolesArns []string) (types.Role, error) {
+	statement := map[string]interface{}{
+		"Sid":    "Statement1",
+		"Effect": "Allow",
+		"Principal": map[string]interface{}{
+			"AWS": assumeRolesArns,
+		},
+		"Action": "sts:AssumeRole",
+	}
+
+	assumeRolePolicyDocument, err := completeRolePolicyDocument(statement)
+	if err != nil {
+		log.LogError("Failed to convert Role Policy Document into JSON: %s", err.Error())
+		return types.Role{}, err
+	}
+
+	return client.CreateRole(roleName, string(assumeRolePolicyDocument), "", make(map[string]string), "/")
+}
+
 func (client *AWSClient) CreatePolicyForSharedVPC(policyName string) (string, error) {
 	statement := map[string]interface{}{
 		"Sid":    "Statement1",