Env Build error. Running test again.
/retest

Do you have a screenshot of the error message? :-)

After a conversation on Slack, we have decided to change this from a step in the stepper to a warning shown only in case of the error. Let me know what you think.
To reproduce this, you can for example use your sources on stage, as well as the image builder, but run the frontend with your local backend where you change the expectedStatement variable. Make sure to produce an error so that the warning is shown. Let me know what you think of this.

/retest

@amirfefer have another PR where he shows a warning message in a different format, please talk to each other and pick one style.

Nitpick: join the permissions with , (comma space)

did you think about checking the permissions reactively

Yes, for AWS it means parsing string error and trying to figure out what was wrong. Not too clean.

But good point - this must not break Azure/GCP and it should be implemented in a way that we can easily add the same support into Azure/GCP too.

because we run checkAWSPerms for all providers.

This is bad, needs to be fixed.

Thanks @avitova! My concern is it might confuse users. AFAIK, the error doesn't have to be related to the missing permission, the error message is hidden, but the warning is highlighted, advice from @MariSvirik would help :)

I take my comments on the warning UI back, @amirfefer explained why it is difficult to implement warnings as we would like to. Let’s focus that on later, for now this is a good enough solution.

Summary from our discussion:

• It would be nice to have the check as an extra step before or after Create reservation.
• This step would indicate a warning (perhaps a clickable pop over).
• Multiple warning steps should be supported ideally for the future.
• Significant code changes are required to support that - not subject for this PR.

If the permissions are missing launch will fail, correct?
Right now I see a yellow alert, and a red exclamation mark inside the step and a neutral large icon on the top...so I am not sure if this is still in progress or not.

@lzap what would be that extra step? Do you envision it living inside the wizard?

@MariSvirik No, they will not. Users could set their permissions according to our recommendations, and in that case, we'd be able to find out missing permissions accurately.
But there are ways in which they would not follow our instructions, and their setup would work anyways. For example, instead of all the needed permissions, they just insert something like "iam:" and "ec2:", which would grant them all currently needed permissions. There are many reasons why it is impossible to detect these rules 100 % accurately.
TLDR; this is just a heads-up for users to check their permissions. I would say this would be helpful when we change the list of expected permissions and need users to update their AWS policies.
So the question is, how should we let users know without confusing them?

Now that I think about it, I think the alternative (and maybe better) solution to this is to take this check few screens before when a source is selected. After source is selected, we can trigger an event of requesting source permission check and display a warning there. What you all think? @ezr-ondrej @amirfefer @avitova @MariSvirik

@lzap that would be great.
Let's tell the users as soon as possible that there is a problem with permissions.
How long would it take to check?

Tens of milliseconds.

So I tried to implement what Maria proposed. Let me know what you think about it now.
We need to now the region and source to find out properly what permissions are missing. This should call the permission validation for every change in one of those fields. I thought it might be 1) safer and 2) better for the future to make the helper function more generic for any provider, so that we only return an empty array for other providers. Let me know your thoughts. :)

/retest

@avitova How can users fix it? We should tell them.
To make it general we can still include an inline alert in this step with an expandable section that would include missing permissions, but that would be too prominent in my opinion.
Is there any other way to find which permissions are missing if we don't name them in the helper text?

I pinged the doc team to check the text.

Thank you both @MariSvirik and @amirfefer, for your comments. I have tried to do the permission check more general, even though it is implemented only for AWS for now.
I thought we could also have a ToolTip for missing permissions, but the list could get really long, so maybe it is not the best idea. The expandable section looks like a good idea. I am a bit worried about the scrollbar though. Let me know what you think.

@avitova
I talked to other designers and we decided on an inline expandable alert.
Patternfly doesn't use an expandable plain alert component - as displayed on your screenshot. When there is a problem in the field, use this or this for select. (An inline alert may or may not be used there)

my proposal:
the message is general. When expanded, users can see the list of permissions and where to check it. Would it be possible to add a link where they can check those permissions?

Nice! We are getting closer and closer. Thank you for your patience. ❤️
We do not have the recommended policies outside our GitHub though. I'm not sure how to refer to our recommended policies in a different way than this. ❤️

After conversations with Maria, I have incorporated her input into the changes made.

Idea: Implement some limit, if list of missing permission is longer than let’s say 5 you can generate: perm1, perm2, perm3 and 2 more.

What is the state here? :) it needs rebase now, but apart of that I guess we are almost ready?