From 4abe0e91482c6dc839dc2d7e3a42054394d84983 Mon Sep 17 00:00:00 2001
From: David Martin <davmarti@redhat.com>
Date: Fri, 8 Dec 2023 11:28:11 +0000
Subject: [PATCH] Remove namespace on dnsProviderSecretRef to force same
 namespace as ManagedZone

---
 config/local-setup/controller/aws/managed_zone.yaml           | 2 --
 config/local-setup/controller/gcp/managed_zone.yaml           | 2 --
 .../policy-controller/crd/bases/kuadrant.io_managedzones.yaml | 3 ---
 .../dns-policy/resources/managedzone_jm.hcpapps.net.yaml      | 2 --
 docs/dnspolicy/dnspolicy.md                                   | 1 -
 docs/how-to/multicluster-loadbalanced-dnspolicy.md            | 1 -
 docs/installation/control-plane-installation.md               | 2 --
 docs/managed-zone.md                                          | 4 ++--
 hack/.deployUtils                                             | 2 --
 pkg/apis/v1alpha1/managedzone_types.go                        | 3 +--
 pkg/dns/dnsprovider/dnsProvider.go                            | 2 +-
 11 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/config/local-setup/controller/aws/managed_zone.yaml b/config/local-setup/controller/aws/managed_zone.yaml
index 831db208d..6e7e3be28 100644
--- a/config/local-setup/controller/aws/managed_zone.yaml
+++ b/config/local-setup/controller/aws/managed_zone.yaml
@@ -8,5 +8,3 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: mgc-aws-credentials
-    namespace: multi-cluster-gateways
-
diff --git a/config/local-setup/controller/gcp/managed_zone.yaml b/config/local-setup/controller/gcp/managed_zone.yaml
index fb6cd3b56..d67f57715 100644
--- a/config/local-setup/controller/gcp/managed_zone.yaml
+++ b/config/local-setup/controller/gcp/managed_zone.yaml
@@ -8,5 +8,3 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: mgc-gcp-credentials
-    namespace: multi-cluster-gateways
-
diff --git a/config/policy-controller/crd/bases/kuadrant.io_managedzones.yaml b/config/policy-controller/crd/bases/kuadrant.io_managedzones.yaml
index 501752f40..d96bbb44d 100644
--- a/config/policy-controller/crd/bases/kuadrant.io_managedzones.yaml
+++ b/config/policy-controller/crd/bases/kuadrant.io_managedzones.yaml
@@ -63,11 +63,8 @@ spec:
                 properties:
                   name:
                     type: string
-                  namespace:
-                    type: string
                 required:
                 - name
-                - namespace
                 type: object
               domainName:
                 description: Domain name of this ManagedZone
diff --git a/docs/demos/dns-policy/resources/managedzone_jm.hcpapps.net.yaml b/docs/demos/dns-policy/resources/managedzone_jm.hcpapps.net.yaml
index 92001dfb2..d7f63f0f8 100644
--- a/docs/demos/dns-policy/resources/managedzone_jm.hcpapps.net.yaml
+++ b/docs/demos/dns-policy/resources/managedzone_jm.hcpapps.net.yaml
@@ -9,5 +9,3 @@ spec:
   description: "jm.hcpapps.net managed domain"
   dnsProviderSecretRef:
     name: mgc-aws-credentials
-    namespace: multi-cluster-gateways
-    type: AWS
\ No newline at end of file
diff --git a/docs/dnspolicy/dnspolicy.md b/docs/dnspolicy/dnspolicy.md
index 5141dff1a..fbb2e29c0 100644
--- a/docs/dnspolicy/dnspolicy.md
+++ b/docs/dnspolicy/dnspolicy.md
@@ -117,7 +117,6 @@ spec:
   description: "apps.hcpapps.net managed domain"
   dnsProviderSecretRef:
     name: my-aws-credentials
-    namespace: <ManagedZone Namespace>
 ```
 
 The managed zone references a secret containing the external DNS provider services credentials.
diff --git a/docs/how-to/multicluster-loadbalanced-dnspolicy.md b/docs/how-to/multicluster-loadbalanced-dnspolicy.md
index 07b8f012e..25d52a465 100644
--- a/docs/how-to/multicluster-loadbalanced-dnspolicy.md
+++ b/docs/how-to/multicluster-loadbalanced-dnspolicy.md
@@ -62,7 +62,6 @@ spec:
   description: "apps.hcpapps.net managed domain"
   dnsProviderSecretRef:
     name: my-aws-credentials
-    namespace: multi-cluster-gateways
 ```
 
 ## DNSPolicy creation and attachment
diff --git a/docs/installation/control-plane-installation.md b/docs/installation/control-plane-installation.md
index f520b6cc4..9b92750f2 100644
--- a/docs/installation/control-plane-installation.md
+++ b/docs/installation/control-plane-installation.md
@@ -149,7 +149,6 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: mgc-aws-credentials
-    namespace: multi-cluster-gateways
 EOF
 ```
 #### GCP
@@ -167,7 +166,6 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: mgc-gcp-credentials
-    namespace: multi-cluster-gateways
 EOF
 ```
 
diff --git a/docs/managed-zone.md b/docs/managed-zone.md
index 2312d1080..012f3825f 100644
--- a/docs/managed-zone.md
+++ b/docs/managed-zone.md
@@ -45,7 +45,6 @@ spec:
   description: "My Managed Zone"
   dnsProviderSecretRef:
     name: my-aws-credentials
-    namespace: multicluster-gateway-controller-system
 EOF
 ```
 
@@ -66,7 +65,6 @@ spec:
   description: "My Managed Zone"
   dnsProviderSecretRef:
     name: my-aws-credentials
-    namespace: multicluster-gateway-controller-system
 EOF
 ```
 
@@ -75,6 +73,8 @@ EOF
 This is a reference to secret containing the credentials and other configuration for accessing your dns provider
 [dnsProvider](/docs/dnspolicy/dns-provider.md)
 
+**Note:** the Secret referenced in the `dnsProviderSecretRef` field must be in the same namespace as the ManagedZone.
+
 **Note:** as an `id` was specified, the Managed Gateway Controller will not re-create this zone, nor will it delete it if this `ManagedZone` is deleted.
 
 ### Current limitations
diff --git a/hack/.deployUtils b/hack/.deployUtils
index c250e3da8..eabcabc49 100644
--- a/hack/.deployUtils
+++ b/hack/.deployUtils
@@ -361,7 +361,6 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: ${KIND_CLUSTER_PREFIX}aws-credentials
-    namespace: multicluster-gateway-controller-system
 EOF
 }
 
@@ -398,7 +397,6 @@ spec:
   description: "Dev Managed Zone"
   dnsProviderSecretRef:
     name: ${KIND_CLUSTER_PREFIX}gcp-credentials
-    namespace: multicluster-gateway-controller-system
 EOF
 }
 
diff --git a/pkg/apis/v1alpha1/managedzone_types.go b/pkg/apis/v1alpha1/managedzone_types.go
index fc4c62a5d..8cbbede47 100644
--- a/pkg/apis/v1alpha1/managedzone_types.go
+++ b/pkg/apis/v1alpha1/managedzone_types.go
@@ -46,8 +46,7 @@ type ManagedZoneSpec struct {
 
 type SecretRef struct {
 	//+required
-	Namespace string `json:"namespace"`
-	Name      string `json:"name"`
+	Name string `json:"name"`
 }
 
 // ManagedZoneStatus defines the observed state of a Zone
diff --git a/pkg/dns/dnsprovider/dnsProvider.go b/pkg/dns/dnsprovider/dnsProvider.go
index 34628d16a..c2cf87b08 100644
--- a/pkg/dns/dnsprovider/dnsProvider.go
+++ b/pkg/dns/dnsprovider/dnsProvider.go
@@ -33,7 +33,7 @@ func (p *providerFactory) DNSProviderFactory(ctx context.Context, managedZone *v
 	providerSecret := &v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      managedZone.Spec.SecretRef.Name,
-			Namespace: managedZone.Spec.SecretRef.Namespace,
+			Namespace: managedZone.Namespace, // must be in same namespace as ManagedZone
 		}}
 
 	if err := p.Client.Get(ctx, client.ObjectKeyFromObject(providerSecret), providerSecret); err != nil {