CORS-3842: Add API Updates for GCP Custom API Endpoints

** Add the Tech preview and No upgrade tags for the new feature GCP API Custom Endpoints.

** Add the ServiceEndpoint Structure that includes the api name and endpoint.
** Add the Service Endpoints to the GCP Spec and Status structs.

Author: barbacbd

config/v1/tests/infrastructures.config.openshift.io/GCPCustomAPIEndpoints.yaml

@@ -0,0 +1,290 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "Infrastructure"
+crdName: infrastructures.config.openshift.io
+featureGates:
+- GCPCustomAPIEndpoints
+tests:
+  onCreate:
+    - name: Should be able to create a minimal Infrastructure
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec: {} # No spec is required for a Infrastructure
+      expected: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec: {}
+  onUpdate:
+    - name: Basic Service Endpoint
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "https://compute-myendpoint1.p.googleapis.com"}
+      updated: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "https://compute-myendpoint1.p.googleapis.com"}
+      expected: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "https://compute-myendpoint1.p.googleapis.com"}
+    - name: Service Endpoint Same Name
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+      updated: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "https://compute-myendpoint1.p.googleapis.com"}
+                - {name: "Compute", url: "https://compute-myendpoint2.p.googleapis.com"}
+      expectedStatusError: "status.platformStatus.gcp.serviceEndpoints: Invalid value: \"array\": only 1 endpoint override is permitted per GCP service name"
+    - name: Service Endpoint Empty URL
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+      updated: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: ""}
+      expectedStatusError: "status.platformStatus.gcp.serviceEndpoints[0].url: Invalid value: \"string\": must be a valid URL"
+    - name: Service Endpoint HTTP URL
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+      updated: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "http://compute-myendpoint1.p.googleapis.com"}
+      expectedStatusError: "status.platformStatus.gcp.serviceEndpoints[0].url: Invalid value: \"string\": scheme must be https"
+    - name: Service Endpoint URL Too Long
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+      updated: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "https://compute-myendpoint1-where-the-url-name-length-is-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-way-wayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy-too-long.p.googleapis.com"}
+      expectedStatusError: "[status.platformStatus.gcp.serviceEndpoints[0].url: Too long: may not be more than 253 bytes, <nil>: Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]"
+    - name: Service Endpoint Bad Name
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+      updated: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "UnknownService", url: "https://compute-myendpoint1.p.googleapis.com"}
+      expectedStatusError: "[status.platformStatus.gcp.serviceEndpoints[0].name: Unsupported value: \"UnknownService\": supported values: \"Compute\", \"Container\", \"CloudResourceManager\", \"DNS\", \"File\", \"IAM\", \"ServiceUsage\", \"Storage\", \"TagManager\", <nil>: Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation"
+    - name: Service Endpoint End Slash
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+      updated: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "https://compute-myendpoint1.p.googleapis.com/"}
+      expected: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "https://compute-myendpoint1.p.googleapis.com/"}
+    - name: Service Endpoint Bad Path
+      initial: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+      updated: |
+        apiVersion: config.openshift.io/v1
+        kind: Infrastructure
+        spec:
+          platformSpec:
+            type: GCP
+            gcp: {}
+        status:
+          controlPlaneTopology: HighlyAvailable
+          cpuPartitioning: None
+          infrastructureTopology: HighlyAvailable
+          platform: GCP
+          platformStatus:
+            type: GCP
+            gcp:
+              cloudLoadBalancerConfig:
+                dnsType: PlatformDefault
+              serviceEndpoints:
+                - {name: "Compute", url: "https://compute-myendpoint1.p.googleapis.com/bad"}
+      expectedStatusError: "status.platformStatus.gcp.serviceEndpoints[0].url: Invalid value: \"string\": url must consist only of a scheme and domain. The url path must be empty."

config/v1/types_infrastructure.go

@@ -624,6 +624,69 @@ const (
 	AzureStackCloud AzureCloudEnvironment = "AzureStackCloud"
 )
 
+// GCPServiceEndpointName is the name of the GCP Service Endpoint.
+// +kubebuilder:validation:Enum=Compute;Container;CloudResourceManager;DNS;File;IAM;ServiceUsage;Storage;TagManager
+type GCPServiceEndpointName string
+
+const (
+	// GCPServiceEndpointNameCompute is the name used for the GCP Compute Service endpoint.
+	GCPServiceEndpointNameCompute GCPServiceEndpointName = "Compute"
+
+	// GCPServiceEndpointNameContainer is the name used for the GCP Container Service endpoint.
+	GCPServiceEndpointNameContainer GCPServiceEndpointName = "Container"
+
+	// GCPServiceEndpointNameCloudResource is the name used for the GCP Resource Manager Service endpoint.
+	GCPServiceEndpointNameCloudResource GCPServiceEndpointName = "CloudResourceManager"
+
+	// GCPServiceEndpointNameDNS is the name used for the GCP DNS Service endpoint.
+	GCPServiceEndpointNameDNS GCPServiceEndpointName = "DNS"
+
+	// GCPServiceEndpointNameFile is the name used for the GCP File Service endpoint.
+	GCPServiceEndpointNameFile GCPServiceEndpointName = "File"
+
+	// GCPServiceEndpointNameIAM is the name used for the GCP IAM Service endpoint.
+	GCPServiceEndpointNameIAM GCPServiceEndpointName = "IAM"
+
+	// GCPServiceEndpointNameServiceUsage is the name used for the GCP Service Usage Service endpoint.
+	GCPServiceEndpointNameServiceUsage GCPServiceEndpointName = "ServiceUsage"
+
+	// GCPServiceEndpointNameStorage is the name used for the GCP Storage Service endpoint.
+	GCPServiceEndpointNameStorage GCPServiceEndpointName = "Storage"
+
+	// GCPServiceEndpointNameTagManager is the name used for the GCP Tag Manager Service endpoint.
+	GCPServiceEndpointNameTagManager GCPServiceEndpointName = "TagManager"
+)
+
+// GCPServiceEndpoint store the configuration of a custom url to
+// override existing defaults of GCP Services.
+type GCPServiceEndpoint struct {
+	// name is the name of the GCP service whose endpoint is being overridden.
+	// This must be provided and cannot be empty.
+	//
+	// Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage,
+	// Storage, and TagManager.
+	//
+	// As an example, when setting the name to Compute all requests made by the caller to the GCP Compute
+	// Service will be directed to the endpoint specified in the url field.
+	//
+	// +required
+	Name GCPServiceEndpointName `json:"name"`
+
+	// url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified
+	// in the name field.
+	// url is required, must use the scheme https, must not be more than 253 characters in length,
+	// and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL)
+	//
+	// An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com"
+	//
+	// +required
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL"
+	// +kubebuilder:validation:XValidation:rule="isURL(self) ? (url(self).getScheme() == \"https\") : true",message="scheme must be https"
+	// +kubebuilder:validation:XValidation:rule="url(self).getEscapedPath() == \"\" || url(self).getEscapedPath() == \"/\"",message="url must consist only of a scheme and domain. The url path must be empty."
+	URL string `json:"url"`
+}
+
 // GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider.
 // This only includes fields that can be modified in the cluster.
 type GCPPlatformSpec struct{}
@@ -679,6 +742,19 @@ type GCPPlatformStatus struct {
 	// +optional
 	// +nullable
 	CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"`
+
+	// serviceEndpoints specifies endpoints that override the default endpoints
+	// used when creating clients to interact with GCP services.
+	// When not specified, the default endpoint for the GCP region will be used.
+	// Only 1 endpoint override is permitted for each GCP service.
+	// The maximum number of endpoint overrides allowed is 9.
+	// +listType=map
+	// +listMapKey=name
+	// +kubebuilder:validation:MaxItems=9
+	// +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="only 1 endpoint override is permitted per GCP service name"
+	// +optional
+	// +openshift:enable:FeatureGate=GCPCustomAPIEndpoints
+	ServiceEndpoints []GCPServiceEndpoint `json:"serviceEndpoints,omitempty"`
 }
 
 // GCPResourceLabel is a label to apply to GCP resources created for the cluster.