Add log messages for usernames (#1692)

* add log messages for usernames
* document behavior better in logs

Co-authored-by: Felix Kunde <felix-kunde@gmx.de>

docs/user.md

@@ -141,14 +141,18 @@ other roles.
 
 To define the secrets for the users in a different namespace than that of the
 cluster, one can set `enable_cross_namespace_secret` and declare the namespace
-for the secrets in the manifest in the following manner,
+for the secrets in the manifest in the following manner (note, that it has to
+be reflected in the `database` section, too),
 
 ```yaml
 spec:
   users:
-  #users with secret in dfferent namespace
+    # users with secret in different namespace
-   appspace.db_user:
+    appspace.db_user:
     - createdb
+  databases:
+    # namespace notation is part of user name
+    app_db: appspace.db_user
 ```
 
 Here, anything before the first dot is considered the namespace and the text after
@@ -554,7 +558,8 @@ schema creation. This means they are currently not set when `defaultUsers`
 For all LOGIN roles the operator will create K8s secrets in the namespace
 specified in `secretNamespace`, if `enable_cross_namespace_secret` is set to
 `true` in the config. Otherwise, they are created in the same namespace like
-the Postgres cluster.
+the Postgres cluster. Unlike roles specified with `namespace.username` under
+`users`, the namespace will not be part of the role name here.
 
 ```yaml
 spec:

pkg/cluster/cluster.go

@@ -1176,6 +1176,7 @@ func (c *Cluster) initRobotUsers() error {
 			if strings.Contains(username, ".") {
 				splits := strings.Split(username, ".")
 				namespace = splits[0]
+				c.logger.Warningf("enable_cross_namespace_secret is set. Database role name contains the respective namespace i.e. %s is the created user", username)
 			}
 		}