fix searching for users with namespace in name (zalando#1569)

* fix searching for users with namespace in name and improve e2e test
* remove reformatting username to query

Author: FxKu

e2e/tests/test_e2e.py

@@ -588,47 +588,40 @@ def verify_role():
             raise
 
     @timeout_decorator.timeout(TEST_TIMEOUT_SEC)
-    def test_zz_cross_namespace_secrets(self):
+    def test_cross_namespace_secrets(self):
         '''
             Test secrets in different namespace
         '''
-        app_namespace = "appspace"
-
-        v1_appnamespace = client.V1Namespace(metadata=client.V1ObjectMeta(name=app_namespace))
-        self.k8s.api.core_v1.create_namespace(v1_appnamespace)
-        self.k8s.wait_for_namespace_creation(app_namespace)
+        k8s = self.k8s
 
+        # enable secret creation in separate namespace
         patch_cross_namespace_secret = {
             "data": {
                 "enable_cross_namespace_secret": "true"
             }
         }
         self.k8s.update_config(patch_cross_namespace_secret,
                           step="cross namespace secrets enabled")
+        self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"},
+                             "Operator does not get in sync")
 
+        # create secret in test namespace
         self.k8s.api.custom_objects_api.patch_namespaced_custom_object(
             'acid.zalan.do', 'v1', 'default',
             'postgresqls', 'acid-minimal-cluster',
             {
                 'spec': {
                     'users':{
-                        'appspace.db_user': [],
+                        'test.db_user': [],
                     }
                 }
             })
-
-        self.eventuallyEqual(lambda: self.k8s.count_secrets_with_label("cluster-name=acid-minimal-cluster,application=spilo", app_namespace),
+        
+        self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"},
+                             "Operator does not get in sync")
+        self.eventuallyEqual(lambda: self.k8s.count_secrets_with_label("cluster-name=acid-minimal-cluster,application=spilo", self.test_namespace),
                              1, "Secret not created for user in namespace")
 
-        #reset the flag
-        unpatch_cross_namespace_secret = {
-                "data": {
-                    "enable_cross_namespace_secret": "false",
-                }
-            }
-        self.k8s.update_config(unpatch_cross_namespace_secret, step="disable cross namespace secrets")
-
-
     @timeout_decorator.timeout(TEST_TIMEOUT_SEC)
     def test_lazy_spilo_upgrade(self):
         '''

pkg/cluster/sync.go

@@ -386,7 +386,6 @@ func (c *Cluster) syncStatefulSet() error {
 		return fmt.Errorf("could not set cluster-wide PostgreSQL configuration options: %v", err)
 	}
 
-
 	if instancesRestartRequired {
 		c.logger.Debugln("restarting Postgres server within pods")
 		c.eventRecorder.Event(c.GetReference(), v1.EventTypeNormal, "Update", "restarting Postgres server within pods")
@@ -623,11 +622,6 @@ func (c *Cluster) syncRoles() (err error) {
 	// create list of database roles to query
 	for _, u := range c.pgUsers {
 		pgRole := u.Name
-		if u.Namespace != c.Namespace && u.Namespace != "" {
-			// to avoid the conflict of having multiple users of same name
-			// but each in different namespace.
-			pgRole = fmt.Sprintf("%s.%s", u.Name, u.Namespace)
-		}
 		userNames = append(userNames, pgRole)
 		// add team member role name with rename suffix in case we need to rename it back
 		if u.Origin == spec.RoleOriginTeamsAPI && c.OpConfig.EnableTeamMemberDeprecation {