-
Story
-
Resolution: Done
-
Critical
-
None
-
None
-
5
-
False
-
True
-
XCMSTRAT-46 - ROSA: Additional Security Group(s) during Cluster Creation (Day-1)
-
-
-
OCM UI Sprint 245
User story:
So that I can get the AWS security group for the initial machine pool(s) in my BYOVPC (non-HCP) AWS-based (OSD CCS & RH Managed, ROSA-classic) cluster, as a user, I want the ability to add AWS security group(s) when creating a cluster that is version 4.14 or higher.
Acceptance Criteria
- If the chosen version is less than 4.14, the option to add security groups is not available
- If the cluster is HCP or OSD GCP, the option to add security groups is not available
- If the cluster is not BYOVPC, the option to add security groups is not available.
- The user can enter/select 0 - 15 security groups. The entry of security groups is optional
- Any error returned by the backend (including validation that the chosen security group(s) exist to the same VPC used by the cluster) is displayed to the user.
- After successful cluster creation, the chosen security groups are available on the machine pool list page (see
HAC-4975)
Â
Mockups:
TBD - see PD-1624
Current parts of the application:
Select single vs multi-zone
Â
Select BYOVPC
Enter Subnets (single zone)
Enter Subnets (multi-zone)
----------------------------------------------------------------------------------------------------------------
Implementation and technical notes
1. The ability to add security groups will be added to the create cluster endpoint:
POST /api/clusters_mgmt/v1/clusters
2. There is an option question what happens when a user selects "multi-zone" is there 3 machine pools being created? If so, do we want to give the user the ability to add different security groups for the different machine pools If a user selects multi-zone, even though the user enters 3 sets of subnets, only a single machine pool is created - so only 1 set of 0 to 15? security groups are entered.
3. From a UX perspective, the add subnets step is highly problematic. For example, the actual VPC is not shown to the end user (it is implied by what the user selected for the subnets). Is there additional work needed here before we add the security groups
4. As part of the VPC list
GET /api/clusters_mgmt/v1/aws_inquiries/vpcs
The back end will add any security groups for each VPC, so the UI can validate an entered VPC or only allow a user to select from a list before creating a machine pool
5. The minimum version is 4.14 when creating a cluster. This is a different version that is required when adding security groups when creating a machine pool to an existing cluster (4.11)
6. The exact number of AWS security groups a user can enter is currently TBD, but it would be 15 or less.
- is cloned by
-
-
- Closed
-
- links to
1.
|
DOD: Training materials supplied to Support/SRE |
|
Closed | 
|
Unassigned |
2.
|
DOD: Docs verified by QE |
|
Closed |
|
Unassigned |
3.
|
DOD: Docs completed and merged |
|
Closed |
|
Unassigned |
4.
|
DOD: All known issues captured and blockers resolved |
|
Closed |
|
Unassigned |
5.
|
DOD: All work items belonging to this Epic are complete |
|
Closed |
|
Unassigned |
6.
|
DOD: Code merged for regular build/release testing in the HAC Common CI/CD framework |
|
Closed |
|
Unassigned |
7.
|
DOD: CI runs successfully with test automation |
|
Closed |
|
Unassigned |
8.
|
DOD: Automated/Integrated tests complete |
|
Closed |
|
Unassigned |
9.
|
DOD: Architectural artifacts completed, reviewed and stored |
|
Closed |
|
Unassigned |
10.
|
DOD: Product Manager and UX signed off on solution |
|
Closed |
|
Unassigned |
11.
|
DOD: Acceptance criteria related to this Epic has been identified and met |
|
Closed |
|
Unassigned |