Critical Description of problem:
When using the GCP Private Service Connect option in the Hive PrivateLink controller, an error is thrown if the hive cluster exists in an account other than the primary one configured by hiveconfig.awsPrivateLink.credentialsSecretRef. This is a valid configuration because that credential is where the dns zones and endpoint VPCs exist, whereas the hive cluster itself might exist in any of the associated zones (which can have their own credentials). However, the reality is that the code uses the first item in the associatedVPCs list when creating the zone, so any time that item has a different account the error occurs.
Version-Release number of selected component (if applicable):
How reproducible:
Always when the first item in the associatedVPCs list has a different account from the awsPrivateLink primary account.
Steps to Reproduce:
1. Add an awsPrivateLink.associatedVPC item to the top of the list that uses a credential/account different from awsPrivateLink.credentialsSecretRef
2. Create a GCP PSC Cluster
3.
Actual results:
error cleaning up Hosted Zone: error getting the Hosted Zone: AccessDenied: The VPC: vpc-xxxxx in region us-east-1 that you provided is not owned by you.
Expected results:
The vpc should be created with a VPC the account has access to
Additional info:
