Merge pull request #85242 from mletalie/OSDOCS-11894

[OSDOCS-11894] Explain why and in what context are the required GCP APIs used by OSD

Author: jeana-redhat

modules/ccs-gcp-customer-procedure.adoc

@@ -29,61 +29,71 @@ To use {product-title} in your GCP project, the following GCP organizational pol
 . link:https://cloud.google.com/service-usage/docs/enable-disable#enabling[Enable] the following required APIs in the project that hosts your {product-title} cluster:
 +
 .Required API services
-[cols="2a,3a",options="header"]
+[cols="2a,3a,3a",options="header"]
 
 |===
 
-|API service |Console service name
+|API service |Console service name |Purpose
 
-|link:https://console.cloud.google.com/apis/library/deploymentmanager.googleapis.com?pli=1&project=openshift-gce-devel&folder=&organizationId=[Cloud Deployment Manager V2 API]
+|link:https://cloud.google.com/deployment-manager/docs/apis#google-cloud-deployment-manager-v2-api[Cloud Deployment Manager V2 API]
 |`deploymentmanager.googleapis.com`
+|Used for automated deployment and management of infrastructure resources.
 
-|link:https://console.cloud.google.com/apis/library/compute.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Compute Engine API]
+|link:https://cloud.google.com/compute/docs/reference/rest/v1[Compute Engine API]
 |`compute.googleapis.com`
+|Used for creating and managing virtual machines, firewalls, networks, persistent disk volumes, and load balancers.
 
-|link:https://console.cloud.google.com/apis/library/cloudapis.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Google Cloud APIs]
-|`cloudapis.googleapis.com`
+// |link:https://cloud.google.com/apis/docs/overview[Google Cloud APIs]
+// |`cloudapis.googleapis.com`
+// |
 
-|link:https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Cloud Resource Manager API]
+|link:https://cloud.google.com/resource-manager/reference/rest[Cloud Resource Manager API]
 |`cloudresourcemanager.googleapis.com`
+|Used for getting projects, getting or setting an IAM policy for projects, validating required permissions, and tagging.
 
-|link:https://console.cloud.google.com/apis/library/dns.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Google DNS API]
+|link:https://cloud.google.com/dns/docs/reference/rest/v1[Cloud DNS API]
 |`dns.googleapis.com`
+|Used for creating DNS zones and managing DNS records for the cluster domains.
 
-|link:https://console.cloud.google.com/apis/library/networksecurity.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Network Security API]
-|`networksecurity.googleapis.com`
+// |link:https://cloud.google.com/firewall/docs/reference/network-security/rest[Network Security API]
+// |`networksecurity.googleapis.com`
+// |Purpose
 
-|link:https://console.cloud.google.com/apis/library/iamcredentials.googleapis.com[IAM Service Account Credentials API]
+|link:https://cloud.google.com/iam/docs/reference/credentials/rest[IAM Service Account Credentials API]
 |`iamcredentials.googleapis.com`
+|Used for creating short-lived credentials for impersonating IAM service accounts.
 
-|link:https://console.cloud.google.com/apis/library/iam.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Identity and Access Management (IAM) API]
+|link:https://cloud.google.com/iam/docs/reference/rest[Identity and Access Management (IAM) API]
 |`iam.googleapis.com`
+|Used for managing the IAM configuration for the cluster.
 
-|link:https://console.cloud.google.com/apis/library/servicemanagement.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Service Management API]
+|link:https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest[Service Management API]
 |`servicemanagement.googleapis.com`
+|Used indirectly to fetch quota information for GCP resources.
 
-|link:https://console.cloud.google.com/apis/library/serviceusage.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Service Usage API]
+|link:https://cloud.google.com/service-usage/docs/reference/rest[Service Usage API]
 |`serviceusage.googleapis.com`
+|Used for determining what services are available in the customer’s Google Cloud account.
 
-|link:https://console.cloud.google.com/apis/library/storage-api.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Google Cloud Storage JSON API]
+|link:https://cloud.google.com/storage/docs/json_api[Cloud Storage JSON API]
 |`storage-api.googleapis.com`
+|Used for accessing Cloud Storage for the image registry, ignition, and cluster backups (if applicable).
 
-|link:https://console.cloud.google.com/apis/library/storage-component.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Cloud Storage]
+|link:https://cloud.google.com/storage/docs/apis[Cloud Storage]
 |`storage-component.googleapis.com`
+|Used for managing Cloud Storage for the image registry, ignition, and cluster backups (if applicable).
 
-|link:https://console.cloud.google.com/apis/library/orgpolicy.googleapis.com?project=openshift-gce-devel&folder=&organizationId=[Organization Policy API]
+|link:https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest[Organization Policy API]
 |`orgpolicy.googleapis.com`
+|Used to identify governance rules applied to customer’s Google Cloud that might impact cluster creation or management.
 
-|link:https://console.cloud.google.com/marketplace/product/google/iap.googleapis.com?q=search&referrer=search&hl=en&project=openshift-gce-devel[Cloud Identity-Aware Proxy API]
+|link:https://cloud.google.com/iap/docs/reference/rest[Cloud Identity-Aware Proxy API]
 |`iap.googleapis.com` ^[*]^
+|Used in emergency situations to troubleshoot cluster nodes that are otherwise inaccessible.
 
-|===
+This API is required for clusters deployed with Private Service Connect.
 
-+
-[.small]
---
-*Required for clusters deployed with Private Service Connect.
---
+|===
 
 
 . To ensure that Red Hat can perform necessary actions, you must create an `osd-ccs-admin` IAM link:https://cloud.google.com/iam/docs/creating-managing-service-accounts#creating_a_service_account[service account] user within the GCP project.