Skip to content

Commit ccf8770

Browse files
barbacbdbarbacbd
committed
CORS-4221: Remove the OAUTH and STS endpoints
** The GCP endpoints for oauth and sts should not be overridden using the Private Service Connect. While these appear to be services just like the others (ex compute) they are not to be overridden as per google. Remove the option to override these endpoints.
1 parent bc748ef commit ccf8770

17 files changed

+18
-52
lines changed

config/v1/tests/infrastructures.config.openshift.io/GCPCustomAPIEndpoints.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -213,7 +213,7 @@ tests:
213213
dnsType: PlatformDefault
214214
serviceEndpoints:
215215
- {name: "UnknownService", url: "https://compute-myendpoint1.p.googleapis.com"}
216-
expectedStatusError: "[status.platformStatus.gcp.serviceEndpoints[0].name: Unsupported value: \"UnknownService\": supported values: \"Compute\", \"Container\", \"CloudResourceManager\", \"DNS\", \"File\", \"IAM\", \"IAMCredentials\", \"OAuth\", \"ServiceUsage\", \"Storage\", \"STS\", <nil>: Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]"
216+
expectedStatusError: "[status.platformStatus.gcp.serviceEndpoints[0].name: Unsupported value: \"UnknownService\": supported values: \"Compute\", \"Container\", \"CloudResourceManager\", \"DNS\", \"File\", \"IAM\", \"IAMCredentials\", \"ServiceUsage\", \"Storage\", <nil>: Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]"
217217
- name: Service Endpoint End Slash
218218
initial: |
219219
apiVersion: config.openshift.io/v1

config/v1/tests/infrastructures.config.openshift.io/GCPCustomAPIEndpointsInstall.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -213,7 +213,7 @@ tests:
213213
dnsType: PlatformDefault
214214
serviceEndpoints:
215215
- {name: "UnknownService", url: "https://compute-myendpoint1.p.googleapis.com"}
216-
expectedStatusError: "[status.platformStatus.gcp.serviceEndpoints[0].name: Unsupported value: \"UnknownService\": supported values: \"Compute\", \"Container\", \"CloudResourceManager\", \"DNS\", \"File\", \"IAM\", \"IAMCredentials\", \"OAuth\", \"ServiceUsage\", \"Storage\", \"STS\", <nil>: Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]"
216+
expectedStatusError: "[status.platformStatus.gcp.serviceEndpoints[0].name: Unsupported value: \"UnknownService\": supported values: \"Compute\", \"Container\", \"CloudResourceManager\", \"DNS\", \"File\", \"IAM\", \"IAMCredentials\", \"ServiceUsage\", \"Storage\", <nil>: Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]"
217217
- name: Service Endpoint End Slash
218218
initial: |
219219
apiVersion: config.openshift.io/v1

config/v1/types_infrastructure.go

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -650,7 +650,7 @@ const (
650650
)
651651

652652
// GCPServiceEndpointName is the name of the GCP Service Endpoint.
653-
// +kubebuilder:validation:Enum=Compute;Container;CloudResourceManager;DNS;File;IAM;IAMCredentials;OAuth;ServiceUsage;Storage;STS
653+
// +kubebuilder:validation:Enum=Compute;Container;CloudResourceManager;DNS;File;IAM;IAMCredentials;ServiceUsage;Storage
654654
type GCPServiceEndpointName string
655655

656656
const (
@@ -675,17 +675,11 @@ const (
675675
// GCPServiceEndpointNameIAMCredentials is the name used for the GCP IAM Credentials Service endpoint.
676676
GCPServiceEndpointNameIAMCredentials GCPServiceEndpointName = "IAMCredentials"
677677

678-
// GCPServiceEndpointNameOAuth is the name used for the GCP OAuth2 Service endpoint.
679-
GCPServiceEndpointNameOAuth GCPServiceEndpointName = "OAuth"
680-
681678
// GCPServiceEndpointNameServiceUsage is the name used for the GCP Service Usage Service endpoint.
682679
GCPServiceEndpointNameServiceUsage GCPServiceEndpointName = "ServiceUsage"
683680

684681
// GCPServiceEndpointNameStorage is the name used for the GCP Storage Service endpoint.
685682
GCPServiceEndpointNameStorage GCPServiceEndpointName = "Storage"
686-
687-
// GCPServiceEndpointNameSTS is the name used for the GCP STS Service endpoint.
688-
GCPServiceEndpointNameSTS GCPServiceEndpointName = "STS"
689683
)
690684

691685
// GCPServiceEndpoint store the configuration of a custom url to
@@ -779,7 +773,7 @@ type GCPPlatformStatus struct {
779773
// The maximum number of endpoint overrides allowed is 11.
780774
// +listType=map
781775
// +listMapKey=name
782-
// +kubebuilder:validation:MaxItems=11
776+
// +kubebuilder:validation:MaxItems=9
783777
// +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="only 1 endpoint override is permitted per GCP service name"
784778
// +optional
785779
// +openshift:enable:FeatureGate=GCPCustomAPIEndpointsInstall

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2019,10 +2019,8 @@ spec:
20192019
- File
20202020
- IAM
20212021
- IAMCredentials
2022-
- OAuth
20232022
- ServiceUsage
20242023
- Storage
2025-
- STS
20262024
type: string
20272025
url:
20282026
description: |-
@@ -2048,7 +2046,7 @@ spec:
20482046
- name
20492047
- url
20502048
type: object
2051-
maxItems: 11
2049+
maxItems: 9
20522050
type: array
20532051
x-kubernetes-list-map-keys:
20542052
- name

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2019,10 +2019,8 @@ spec:
20192019
- File
20202020
- IAM
20212021
- IAMCredentials
2022-
- OAuth
20232022
- ServiceUsage
20242023
- Storage
2025-
- STS
20262024
type: string
20272025
url:
20282026
description: |-
@@ -2048,7 +2046,7 @@ spec:
20482046
- name
20492047
- url
20502048
type: object
2051-
maxItems: 11
2049+
maxItems: 9
20522050
type: array
20532051
x-kubernetes-list-map-keys:
20542052
- name

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2019,10 +2019,8 @@ spec:
20192019
- File
20202020
- IAM
20212021
- IAMCredentials
2022-
- OAuth
20232022
- ServiceUsage
20242023
- Storage
2025-
- STS
20262024
type: string
20272025
url:
20282026
description: |-
@@ -2048,7 +2046,7 @@ spec:
20482046
- name
20492047
- url
20502048
type: object
2051-
maxItems: 11
2049+
maxItems: 9
20522050
type: array
20532051
x-kubernetes-list-map-keys:
20542052
- name

config/v1/zz_generated.featuregated-crd-manifests/infrastructures.config.openshift.io/GCPCustomAPIEndpointsInstall.yaml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1611,10 +1611,8 @@ spec:
16111611
- File
16121612
- IAM
16131613
- IAMCredentials
1614-
- OAuth
16151614
- ServiceUsage
16161615
- Storage
1617-
- STS
16181616
type: string
16191617
url:
16201618
description: |-
@@ -1640,7 +1638,7 @@ spec:
16401638
- name
16411639
- url
16421640
type: object
1643-
maxItems: 11
1641+
maxItems: 9
16441642
type: array
16451643
x-kubernetes-list-map-keys:
16461644
- name

machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-CustomNoUpgrade.crd.yaml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2299,10 +2299,8 @@ spec:
22992299
- File
23002300
- IAM
23012301
- IAMCredentials
2302-
- OAuth
23032302
- ServiceUsage
23042303
- Storage
2305-
- STS
23062304
type: string
23072305
url:
23082306
description: |-
@@ -2328,7 +2326,7 @@ spec:
23282326
- name
23292327
- url
23302328
type: object
2331-
maxItems: 11
2329+
maxItems: 9
23322330
type: array
23332331
x-kubernetes-list-map-keys:
23342332
- name

machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2299,10 +2299,8 @@ spec:
22992299
- File
23002300
- IAM
23012301
- IAMCredentials
2302-
- OAuth
23032302
- ServiceUsage
23042303
- Storage
2305-
- STS
23062304
type: string
23072305
url:
23082306
description: |-
@@ -2328,7 +2326,7 @@ spec:
23282326
- name
23292327
- url
23302328
type: object
2331-
maxItems: 11
2329+
maxItems: 9
23322330
type: array
23332331
x-kubernetes-list-map-keys:
23342332
- name

machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2299,10 +2299,8 @@ spec:
22992299
- File
23002300
- IAM
23012301
- IAMCredentials
2302-
- OAuth
23032302
- ServiceUsage
23042303
- Storage
2305-
- STS
23062304
type: string
23072305
url:
23082306
description: |-
@@ -2328,7 +2326,7 @@ spec:
23282326
- name
23292327
- url
23302328
type: object
2331-
maxItems: 11
2329+
maxItems: 9
23322330
type: array
23332331
x-kubernetes-list-map-keys:
23342332
- name

0 commit comments

Comments
 (0)