User story:

So that I can ensure a new machine pool has the correct security group, as a user, I want to attach AWS security group(s) when creating a machine pool, but won't be required to do it if no security group is needed/wanted.  This is especially important because the security groups cannot be modifed (or deleted) after the machine pool has been created.  The cluster version needs to be 4.11 or higher.

Acceptance criteria:

• If the cluster version is lower than 4.11, the option to add AWS security groups is not available.
• When creating a machine pool for an existing ROSA classic, OSD AWS BYOVPC cluster with a version of 4.11 or higher, I can enter from 0 - 15 AWS security groups. The entering of AWS security groups is optional
• Any error returned from the back-end is displayed on the create machine pool creation modal.
  For example, if an entered/chosen security group is not attached to the same VPC used by the cluster will return an error.
• There is some type of text or warning letting the user know that security groups cannot be changed once a machine pool has been created.
• If the machine pool creation is successful, I can see the security group(s) in the machine pool list (See HAC-4975)

Mockups:

TBD - see  PD-1623

Current part of the application:

--------------------------------------------------------------------------------------------------------------------------------------------

Implementation and technical notes

1. Initially this only applies to machine pools for ROSA BYOVPC classic, OSD AWS BYOVPC clusters. Note that ROSA HCP node pools are not included in this story. We know if a cluster is a BYOVPC cluster if AWS subnets are returned as part of the cluster information. See (/api/clusters_mgmt/v1/clusters/<cluster_id> => aws.subnet_ids)

GET /api/clusters_mgmt/v1/clusters/<cluster_id> => aws.subnet_ids

2. There may be up to 15 AWS security groups per machine pool. Each machine pool may have a unique set of security groups. The exact number of AWS security groups a user may add is not currently knowns, but it will be 15 or less.

3. The ability to add AWS security groups will need to be added to this api endpoint

POST /api/clusters_mgmt/v1/clusters/{cluster_id}/machine_pools

4. There won't be any validation on the entered security groups. The back end will validate the groups and return an error if necessary.

5. There is a story to add security groups at cluster creation time (See HAC-4962). The method for entering security groups should be similar. The may be code reuse between machine pool and cluster creation wizards.

6. The exact number of AWS security groups a user can enter is currently TBD, but it would be 15 or less.

7. As part of the VPC list

GET /api/clusters_mgmt/v1/aws_inquiries/vpcs

The back end will add any security groups for each VPC, so the UI can validate an entered VPC or only allow a user to select from a list before creating a machine pool

8. The minimum version is 4.11 for creating a machine pool. This is a different version that is required when adding security groups at creation time (4.14)