CORS-4282: Remove the installer gcp service endpoints.

barbacbd · barbacbd · commit 2b8f0c7b43a9 · 2025-11-13T06:40:30.000-05:00
Service endpoints are no longer needed in favor of the PSCEndpoint.
diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml
@@ -5885,64 +5885,6 @@ spec:
                     description: Region specifies the GCP region where the cluster
                       will be created.
                     type: string
-                  serviceEndpoints:
-                    description: |-
-                      ServiceEndpoints list contains custom endpoints which will override default
-                      service endpoint of GCP Services.
-                      There must be only one ServiceEndpoint for a service.
-                    items:
-                      description: |-
-                        GCPServiceEndpoint store the configuration of a custom url to
-                        override existing defaults of GCP Services.
-                      properties:
-                        name:
-                          description: |-
-                            name is the name of the GCP service whose endpoint is being overridden.
-                            This must be provided and cannot be empty.
-
-                            Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage,
-                            Storage, and TagManager.
-
-                            As an example, when setting the name to Compute all requests made by the caller to the GCP Compute
-                            Service will be directed to the endpoint specified in the url field.
-                          enum:
-                          - Compute
-                          - Container
-                          - CloudResourceManager
-                          - DNS
-                          - File
-                          - IAM
-                          - IAMCredentials
-                          - OAuth
-                          - ServiceUsage
-                          - Storage
-                          - STS
-                          type: string
-                        url:
-                          description: |-
-                            url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified
-                            in the name field.
-                            url is required, must use the scheme https, must not be more than 253 characters in length,
-                            and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL)
-
-                            An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com"
-                          maxLength: 253
-                          type: string
-                          x-kubernetes-validations:
-                          - message: must be a valid URL
-                            rule: isURL(self)
-                          - message: scheme must be https
-                            rule: 'isURL(self) ? (url(self).getScheme() == "https")
-                              : true'
-                          - message: url must consist only of a scheme and domain.
-                              The url path must be empty.
-                            rule: url(self).getEscapedPath() == "" || url(self).getEscapedPath()
-                              == "/"
-                      required:
-                      - name
-                      - url
-                      type: object
-                    type: array
                   userLabels:
                     description: |-
                       userLabels has additional keys and values that the installer will add as
diff --git a/pkg/asset/installconfig/gcp/validation.go b/pkg/asset/installconfig/gcp/validation.go
@@ -5,8 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"net"
-	"net/http"
-	"net/url"
 	"slices"
 	"strings"
 
@@ -64,7 +62,6 @@ func Validate(client API, ic *types.InstallConfig) error {
 	allErrs = append(allErrs, validateRegion(client, ic, field.NewPath("platform").Child("gcp"))...)
 	allErrs = append(allErrs, validateZones(client, ic)...)
 	allErrs = append(allErrs, validateNetworks(client, ic, field.NewPath("platform").Child("gcp"))...)
-	allErrs = append(allErrs, validateServiceEndpoints(client, ic, field.NewPath("platform").Child("gcp"))...)
 	allErrs = append(allErrs, validateInstanceTypes(client, ic)...)
 	allErrs = append(allErrs, ValidateCredentialMode(client, ic)...)
 	allErrs = append(allErrs, validatePreexistingServiceAccount(client, ic)...)
@@ -559,21 +556,6 @@ func validateNetworks(client API, ic *types.InstallConfig, fieldPath *field.Path
 	return allErrs
 }
 
-func validateServiceEndpoints(_ API, ic *types.InstallConfig, fieldPath *field.Path) field.ErrorList {
-	allErrs := field.ErrorList{}
-
-	// attempt to resolve all the custom (overridden) endpoints. If any are not reachable,
-	// then the installation should fail not skip the endpoint use.
-	for id, serviceEndpoint := range ic.GCP.ServiceEndpoints {
-		if _, err := url.Parse(serviceEndpoint.URL); err != nil {
-			allErrs = append(allErrs, field.Invalid(fieldPath.Child("serviceEndpoints").Index(id), serviceEndpoint.URL, fmt.Sprintf("failed to parse service endpoint url: %v", err)))
-		} else if _, err := http.Head(serviceEndpoint.URL); err != nil {
-			allErrs = append(allErrs, field.Invalid(fieldPath.Child("serviceEndpoints").Index(id), serviceEndpoint.URL, fmt.Sprintf("error connecting to endpoint: %v", err)))
-		}
-	}
-	return allErrs
-}
-
 func validateSubnet(client API, ic *types.InstallConfig, fieldPath *field.Path, subnets []*compute.Subnetwork, name string) field.ErrorList {
 	allErrs := field.ErrorList{}
 
diff --git a/pkg/asset/installconfig/gcp/validation_test.go b/pkg/asset/installconfig/gcp/validation_test.go
@@ -22,7 +22,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
-	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/installer/pkg/asset/installconfig/gcp/mock"
 	"github.com/openshift/installer/pkg/ipnet"
 	"github.com/openshift/installer/pkg/types"
@@ -119,26 +118,6 @@ var (
 	invalidateBaseDomain     = func(ic *types.InstallConfig) { ic.BaseDomain = invalidBaseDomain }
 	enableCustomDNS          = func(ic *types.InstallConfig) { ic.GCP.UserProvisionedDNS = customDNS.UserProvisionedDNSEnabled }
 
-	validServiceEndpoint = func(ic *types.InstallConfig) {
-		ic.Publish = types.InternalPublishingStrategy
-		ic.GCP.ServiceEndpoints = append(ic.GCP.ServiceEndpoints,
-			configv1.GCPServiceEndpoint{
-				Name: configv1.GCPServiceEndpointNameCompute,
-				URL:  validServiceEndpointURL,
-			},
-		)
-	}
-
-	invalidServiceEndpointBadFormat = func(ic *types.InstallConfig) {
-		ic.Publish = types.InternalPublishingStrategy
-		ic.GCP.ServiceEndpoints = append(ic.GCP.ServiceEndpoints,
-			configv1.GCPServiceEndpoint{
-				Name: configv1.GCPServiceEndpointNameStorage,
-				URL:  invalidServiceEndpointURL,
-			},
-		)
-	}
-
 	invalidKeyRing = gcp.KMSKeyReference{
 		Name:      "invalidKeyName",
 		KeyRing:   "invalidKeyRingName",
@@ -467,19 +446,6 @@ func TestGCPInstallConfigValidation(t *testing.T) {
 			expectedError:  true,
 			expectedErrMsg: "platform.gcp.compute.encryptionKey.kmsKey.keyRing: Invalid value: \"invalidKeyRingName\": failed to find key ring invalidKeyRingName: data, platform.gcp.defaultMachinePool.encryptionKey.kmsKey.keyRing: Invalid value: \"invalidKeyRingName\": failed to find key ring invalidKeyRingName: data",
 		},
-		{
-			name:          "Valid Service Endpoint Override",
-			edits:         editFunctions{validServiceEndpoint},
-			records:       []*dns.ResourceRecordSet{{Name: "api.another-cluster-name.example.installer.domain."}},
-			expectedError: false,
-		},
-		{
-			name:           "Invalid Service Endpoint Override Bad Format",
-			edits:          editFunctions{invalidServiceEndpointBadFormat},
-			records:        []*dns.ResourceRecordSet{{Name: "api.another-cluster-name.example.installer.domain."}},
-			expectedError:  true,
-			expectedErrMsg: `[platform.gcp.serviceEndpoint\[0\]: Invalid value: \"http://badstorage.googleapis\": Head \"http://badstorage.googleapis\": dial tcp: lookup badstorage.googleapis: no such host]`,
-		},
 		{
 			name:           "Invalid Base Domain",
 			edits:          editFunctions{invalidateBaseDomain},
diff --git a/pkg/types/gcp/platform.go b/pkg/types/gcp/platform.go
@@ -3,7 +3,6 @@ package gcp
 import (
 	"fmt"
 
-	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/installer/pkg/types/dns"
 )
 
@@ -100,12 +99,6 @@ type Platform struct {
 	// +kubebuilder:validation:Enum="Enabled";"Disabled"
 	UserProvisionedDNS dns.UserProvisionedDNS `json:"userProvisionedDNS,omitempty"`
 
-	// ServiceEndpoints list contains custom endpoints which will override default
-	// service endpoint of GCP Services.
-	// There must be only one ServiceEndpoint for a service.
-	// +optional
-	ServiceEndpoints []configv1.GCPServiceEndpoint `json:"serviceEndpoints,omitempty"`
-
 	// Endpoint is the private service connect endpoint.
 	// +optional
 	Endpoint *PSCEndpoint `json:"endpoint,omitempty"`
diff --git a/pkg/types/gcp/validation/featuregates.go b/pkg/types/gcp/validation/featuregates.go
@@ -15,8 +15,8 @@ func GatedFeatures(c *types.InstallConfig) []featuregates.GatedInstallConfigFeat
 	return []featuregates.GatedInstallConfigFeature{
 		{
 			FeatureGateName: features.FeatureGateGCPCustomAPIEndpointsInstall,
-			Condition:       len(g.ServiceEndpoints) > 0,
-			Field:           field.NewPath("platform", "gcp", "serviceEndpoints"),
+			Condition:       g.Endpoint != nil,
+			Field:           field.NewPath("platform", "gcp", "endpoint"),
 		},
 	}
 }
diff --git a/pkg/types/validation/featuregate_test.go b/pkg/types/validation/featuregate_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/openshift/installer/pkg/types"
 	"github.com/openshift/installer/pkg/types/azure"
 	"github.com/openshift/installer/pkg/types/dns"
+	gcptypes "github.com/openshift/installer/pkg/types/gcp"
 	"github.com/openshift/installer/pkg/types/vsphere"
 )
 
@@ -24,15 +25,12 @@ func TestFeatureGates(t *testing.T) {
 			installConfig: func() *types.InstallConfig {
 				c := validInstallConfig()
 				c.GCP = validGCPPlatform()
-				c.GCP.ServiceEndpoints = []v1.GCPServiceEndpoint{
-					{
-						Name: v1.GCPServiceEndpointNameCompute,
-						URL:  "https://compute.googleapis.com",
-					},
+				c.GCP.Endpoint = &gcptypes.PSCEndpoint{
+					Name: "test-endpoint",
 				}
 				return c
 			}(),
-			expected: `^platform.gcp.serviceEndpoints: Forbidden: this field is protected by the GCPCustomAPIEndpointsInstall feature gate which must be enabled through either the TechPreviewNoUpgrade or CustomNoUpgrade feature set$`,
+			expected: `^platform.gcp.endpoint: Forbidden: this field is protected by the GCPCustomAPIEndpointsInstall feature gate which must be enabled through either the TechPreviewNoUpgrade or CustomNoUpgrade feature set$`,
 		},
 		{
 			name: "AWS UserProvisionedDNS is not allowed without Feature Gates",

Original file line number	Diff line number	Diff line change
`@@ -15,8 +15,8 @@ func GatedFeatures(c *types.InstallConfig) []featuregates.GatedInstallConfigFeat`
`15`	`15`	`return []featuregates.GatedInstallConfigFeature{`
`16`	`16`	`{`
`17`	`17`	`FeatureGateName: features.FeatureGateGCPCustomAPIEndpointsInstall,`
`18`		`- Condition: len(g.ServiceEndpoints) > 0,`
`19`		`- Field: field.NewPath("platform", "gcp", "serviceEndpoints"),`
	`18`	`+ Condition: g.Endpoint != nil,`
	`19`	`+ Field: field.NewPath("platform", "gcp", "endpoint"),`
`20`	`20`	`},`
`21`	`21`	`}`
`22`	`22`	`}`