From 64215b0effd41c2d80a0d9f49b8bbd8fe461df40 Mon Sep 17 00:00:00 2001
From: Morten Lied Johansen <morten.lied.johansen@nav.no>
Date: Fri, 16 May 2025 11:21:14 +0200
Subject: [PATCH] Skip creation of OwnerReference if user is in a different
 namespace

Instead of doing a string compare on the username, check the actual namespace of the user to determine if an owner reference can be created.
---
 pkg/cluster/k8sres.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/cluster/k8sres.go b/pkg/cluster/k8sres.go
index fedd6a917..246db0d16 100644
--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@@ -1928,7 +1928,7 @@ func (c *Cluster) generateSingleUserSecret(pgUser spec.PgUser) *v1.Secret {
 
 	// if secret lives in another namespace we cannot set ownerReferences
 	var ownerReferences []metav1.OwnerReference
-	if c.Config.OpConfig.EnableCrossNamespaceSecret && strings.Contains(username, ".") {
+	if c.Config.OpConfig.EnableCrossNamespaceSecret && c.Postgresql.ObjectMeta.Namespace != pgUser.Namespace {
 		ownerReferences = nil
 	} else {
 		ownerReferences = c.ownerReferences()