adding the essential missing pieces

pkg/cluster/cluster.go

@@ -1148,16 +1148,6 @@ func (c *Cluster) initHumanUsers() error {
 		}
 	}
 
-	if clusterIsOwnedBySuperuserTeam {
-		c.logger.Infof("Team %q owning the cluster is also a team of superusers. Created superuser roles for its members instead of admin roles.", c.Spec.TeamID)
-		return nil
-	}
-
-	err := c.initTeamMembers(c.Spec.TeamID, false)
-	if err != nil {
-		return fmt.Errorf("Cannot create a team %q of admins owning the PG cluster: %v", c.Spec.TeamID, err)
-	}
-
 	additionalTeams := c.PgTeamMap.GetAdditionalTeams(c.Spec.TeamID, true)
 	for _, additionalTeam := range additionalTeams {
 		if !(util.SliceContains(superuserTeams, additionalTeam)) {
@@ -1168,6 +1158,16 @@ func (c *Cluster) initHumanUsers() error {
 		}
 	}
 
+	if clusterIsOwnedBySuperuserTeam {
+		c.logger.Infof("Team %q owning the cluster is also a team of superusers. Created superuser roles for its members instead of admin roles.", c.Spec.TeamID)
+		return nil
+	}
+
+	err := c.initTeamMembers(c.Spec.TeamID, false)
+	if err != nil {
+		return fmt.Errorf("Cannot create a team %q of admins owning the PG cluster: %v", c.Spec.TeamID, err)
+	}
+
 	return nil
 }
 

pkg/controller/controller.go

@@ -34,7 +34,7 @@ import (
 type Controller struct {
 	config    spec.ControllerConfig
 	opConfig  *config.Config
-	pgTeamMap *teams.PostgresTeamMap
+	pgTeamMap teams.PostgresTeamMap
 
 	logger     *logrus.Entry
 	KubeClient k8sutil.KubernetesClient
@@ -297,6 +297,7 @@ func (c *Controller) initController() {
 
 	c.initPodServiceAccount()
 	c.initSharedInformers()
+	c.loadPostgresTeams()
 
 	if c.opConfig.DebugLogging {
 		c.logger.Logger.Level = logrus.DebugLevel
@@ -348,8 +349,8 @@ func (c *Controller) initSharedInformers() {
 		cache.Indexers{})
 
 	c.postgresTeamInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
-		AddFunc:    c.loadPostgresTeams,
+		AddFunc:    c.postgresTeamAdd,
-		UpdateFunc: c.updatePostgresTeams,
+		UpdateFunc: c.postgresTeamUpdate,
 	})
 
 	// Pods

pkg/controller/util.go

@@ -31,6 +31,7 @@ func (c *Controller) makeClusterConfig() cluster.Config {
 	return cluster.Config{
 		RestConfig:          c.config.RestConfig,
 		OpConfig:            config.Copy(c.opConfig),
+		PgTeamMap:           c.pgTeamMap,
 		InfrastructureRoles: infrastructureRoles,
 		PodServiceAccount:   c.PodServiceAccount,
 	}
@@ -395,25 +396,34 @@ func (c *Controller) getInfrastructureRole(
 	return roles, nil
 }
 
-func (c *Controller) loadPostgresTeams(obj interface{}) {
+func (c *Controller) loadPostgresTeams() {
-	pgTeamMap := teams.PostgresTeamMap{}
+	// reset team map
+	c.pgTeamMap = teams.PostgresTeamMap{}
 
-	pgTeam, ok := obj.(*acidv1.PostgresTeam)
+	pgTeams, err := c.KubeClient.AcidV1ClientSet.AcidV1().PostgresTeams(c.opConfig.WatchedNamespace).List(context.TODO(), metav1.ListOptions{})
-	if !ok {
-		c.logger.Errorf("could not cast to PostgresTeam spec")
-	}
-
-	pgTeams, err := c.KubeClient.AcidV1ClientSet.AcidV1().PostgresTeams(pgTeam.Namespace).List(context.TODO(), metav1.ListOptions{})
 	if err != nil {
 		c.logger.Errorf("could not list postgres team objects: %v", err)
 	}
 
-	pgTeamMap.Load(pgTeams)
+	c.pgTeamMap.Load(pgTeams)
 }
 
-func (c *Controller) updatePostgresTeams(prev, obj interface{}) {
+func (c *Controller) postgresTeamAdd(obj interface{}) {
-	c.logger.Debugf("reloading postgres team CRDs and overwriting cached map")
+	pgTeam, ok := obj.(*acidv1.PostgresTeam)
-	c.loadPostgresTeams(obj)
+	if !ok {
+		c.logger.Errorf("could not cast to PostgresTeam spec")
+	}
+	c.logger.Debugf("PostgreTeam %q added. Reloading postgres team CRDs and overwriting cached map", pgTeam.Name)
+	c.loadPostgresTeams()
+}
+
+func (c *Controller) postgresTeamUpdate(prev, obj interface{}) {
+	pgTeam, ok := obj.(*acidv1.PostgresTeam)
+	if !ok {
+		c.logger.Errorf("could not cast to PostgresTeam spec")
+	}
+	c.logger.Debugf("PostgreTeam %q updated. Reloading postgres team CRDs and overwriting cached map", pgTeam.Name)
+	c.loadPostgresTeams()
 }
 
 func (c *Controller) podClusterName(pod *v1.Pod) spec.NamespacedName {