From 22ea392c5de15f46a439dfac5799656f28f8f03b Mon Sep 17 00:00:00 2001
From: hkepley <hkepley@redhat.com>
Date: Tue, 1 Oct 2024 15:10:59 -0400
Subject: [PATCH] OCM-6053 | feat: Day1 additional SG support for HCP

---
 cmd/create/cluster/cmd.go | 47 +++++++++++++++++++++++----------------
 1 file changed, 28 insertions(+), 19 deletions(-)

diff --git a/cmd/create/cluster/cmd.go b/cmd/create/cluster/cmd.go
index 9c40200db..562f44789 100644
--- a/cmd/create/cluster/cmd.go
+++ b/cmd/create/cluster/cmd.go
@@ -883,9 +883,21 @@ func run(cmd *cobra.Command, _ []string) {
 
 	// validate flags for cluster admin
 	isHostedCP := args.hostedClusterEnabled
-	if isHostedCP && fedramp.Enabled() {
-		r.Reporter.Errorf("Fedramp does not currently support Hosted Control Plane clusters. Please use classic")
-		os.Exit(1)
+	if isHostedCP {
+		if fedramp.Enabled() {
+			r.Reporter.Errorf("Fedramp does not currently support Hosted Control Plane clusters. Please use classic")
+			os.Exit(1)
+		}
+		if cmd.Flag(securitygroups.InfraSecurityGroupFlag).Changed {
+			r.Reporter.Errorf("Cannot use '%s' flag with Hosted Control Plane clusters, only '%s' is "+
+				"supported", securitygroups.InfraSecurityGroupFlag, securitygroups.ComputeSecurityGroupFlag)
+			os.Exit(1)
+		}
+		if cmd.Flag(securitygroups.ControlPlaneSecurityGroupFlag).Changed {
+			r.Reporter.Errorf("Cannot use '%s' flag with Hosted Control Plane clusters, only '%s' is "+
+				"supported", securitygroups.ControlPlaneSecurityGroupFlag, securitygroups.ComputeSecurityGroupFlag)
+			os.Exit(1)
+		}
 	}
 
 	supportedRegions, err := r.OCMClient.GetDatabaseRegionList()
@@ -2571,20 +2583,23 @@ func run(cmd *cobra.Command, _ []string) {
 		r.Reporter.Errorf("There was a problem checking version compatibility: %v", err)
 		os.Exit(1)
 	}
+
 	additionalComputeSecurityGroupIds := args.additionalComputeSecurityGroupIds
 	getSecurityGroups(r, cmd, isVersionCompatibleComputeSgIds,
-		securitygroups.ComputeKind, useExistingVPC, isHostedCP, subnets,
+		securitygroups.ComputeKind, useExistingVPC, subnets,
 		subnetIDs, &additionalComputeSecurityGroupIds)
 
 	additionalInfraSecurityGroupIds := args.additionalInfraSecurityGroupIds
-	getSecurityGroups(r, cmd, isVersionCompatibleComputeSgIds,
-		securitygroups.InfraKind, useExistingVPC, isHostedCP, subnets,
-		subnetIDs, &additionalInfraSecurityGroupIds)
-
 	additionalControlPlaneSecurityGroupIds := args.additionalControlPlaneSecurityGroupIds
-	getSecurityGroups(r, cmd, isVersionCompatibleComputeSgIds,
-		securitygroups.ControlPlaneKind, useExistingVPC, isHostedCP, subnets,
-		subnetIDs, &additionalControlPlaneSecurityGroupIds)
+	if !isHostedCP {
+		getSecurityGroups(r, cmd, isVersionCompatibleComputeSgIds,
+			securitygroups.InfraKind, useExistingVPC, subnets,
+			subnetIDs, &additionalInfraSecurityGroupIds)
+
+		getSecurityGroups(r, cmd, isVersionCompatibleComputeSgIds,
+			securitygroups.ControlPlaneKind, useExistingVPC, subnets,
+			subnetIDs, &additionalControlPlaneSecurityGroupIds)
+	}
 
 	// Validate all remaining flags:
 	expiration, err := validateExpiration()
@@ -4119,7 +4134,7 @@ func outputClusterAdminDetails(r *rosa.Runtime, isClusterAdmin bool, createAdmin
 }
 
 func getSecurityGroups(r *rosa.Runtime, cmd *cobra.Command, isVersionCompatibleComputeSgIds bool,
-	kind string, useExistingVpc bool, isHostedCp bool, currentSubnets []ec2types.Subnet, subnetIds []string,
+	kind string, useExistingVpc bool, currentSubnets []ec2types.Subnet, subnetIds []string,
 	additionalSgIds *[]string) {
 	hasChangedSgIdsFlag := cmd.Flags().Changed(securitygroups.SgKindFlagMap[kind])
 	if hasChangedSgIdsFlag {
@@ -4128,12 +4143,6 @@ func getSecurityGroups(r *rosa.Runtime, cmd *cobra.Command, isVersionCompatibleC
 				securitygroups.SgKindFlagMap[kind])
 			os.Exit(1)
 		}
-		// HCP is still unsupported
-		if isHostedCp {
-			r.Reporter.Errorf("Parameter '%s' is not supported for Hosted Control Plane clusters",
-				securitygroups.SgKindFlagMap[kind])
-			os.Exit(1)
-		}
 		if !isVersionCompatibleComputeSgIds {
 			formattedVersion, err := versions.FormatMajorMinorPatch(
 				ocm.MinVersionForAdditionalComputeSecurityGroupIdsDay1,
@@ -4146,7 +4155,7 @@ func getSecurityGroups(r *rosa.Runtime, cmd *cobra.Command, isVersionCompatibleC
 				securitygroups.SgKindFlagMap[kind], formattedVersion)
 			os.Exit(1)
 		}
-	} else if interactive.Enabled() && isVersionCompatibleComputeSgIds && useExistingVpc && !isHostedCp {
+	} else if interactive.Enabled() && isVersionCompatibleComputeSgIds && useExistingVpc {
 		vpcId := ""
 		for _, subnet := range currentSubnets {
 			if awssdk.ToString(subnet.SubnetId) == subnetIds[0] {