Feature Overview (aka. Goal Summary)  

Support the creation and use of private storage buckets in GCP for clusters that use GCP Workload Identity.

Self-managed OpenShift on GCP customers want to use private storage buckets (as opposed to public storage buckets) for clusters created using GCP Workload Identity to comply with organization's security policies.

Goals (aka. expected user outcomes)

Create private storage bucket for self-managed OpenShift GCP that uses GCP Workload Identity using ccoctl.

Requirements (aka. Acceptance Criteria):

Enhance ccoctl to provide an option akin to "create-private-s3-bucket" flag in the "ccoctl gcp create" command to create private storage bucket. 

Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed.  Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.

Use Cases (Optional):

As an OpenShift Administrator, I want to create private storage bucket in conjunction with GCP Workload identity authentication to store the OIDC endpoint configuration (vs. creating public bucket which is against company security policy).

Questions to Answer (Optional):

Do we need integration with installer? 

Out of Scope

N/A

Background

Customer case: https://access.redhat.com/support/cases/#/case/03891242 

Customer Considerations

N/A

Documentation Considerations

Existing documentation would need to get updated to reflect optional ability to create private bucket

Interoperability Considerations

N/A