From f663e05a4045d3555aa9af713ddbe1a0e3c8a295 Mon Sep 17 00:00:00 2001
From: dvirlabs <dvirlabs@gmail.com>
Date: Sun, 1 Jun 2025 05:50:31 +0300
Subject: [PATCH] Add configuration jobs for harbor

---
 .../harbor/harbor-add-project-admins.yaml     | 41 +++++++++++++++++++
 .../harbor-oidc.yaml}                         |  0
 2 files changed, 41 insertions(+)
 create mode 100644 manifests/oidc-bootstrap/harbor/harbor-add-project-admins.yaml
 rename manifests/oidc-bootstrap/{harbor-oidc-job.yaml => harbor/harbor-oidc.yaml} (100%)

diff --git a/manifests/oidc-bootstrap/harbor/harbor-add-project-admins.yaml b/manifests/oidc-bootstrap/harbor/harbor-add-project-admins.yaml
new file mode 100644
index 0000000..95a8ecf
--- /dev/null
+++ b/manifests/oidc-bootstrap/harbor/harbor-add-project-admins.yaml
@@ -0,0 +1,41 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: harbor-add-project-admins
+  namespace: dev-tools
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: apply-group
+          image: curlimages/curl
+          command:
+            - /bin/sh
+            - -c
+            - |
+              apk add --no-cache jq
+
+              echo "📡 Fetching Harbor projects..."
+              projects=$(curl -sk -u admin:SuperSecurePassword123 https://harbor.dvirlabs.com/api/v2.0/projects | jq -r '.[].name')
+
+              for project in $projects; do
+                echo "🔍 Checking if 'project-admins' group is already in project: $project"
+                existing=$(curl -sk -u admin:SuperSecurePassword123 https://harbor.dvirlabs.com/api/v2.0/projects/$project/members | jq -r '.[] | select(.member_group.group_name=="project-admins") | .id')
+
+                if [ -z "$existing" ]; then
+                  echo "➕ Adding group 'project-admins' to project $project as Project Admin..."
+                  curl -sk -u admin:SuperSecurePassword123 \
+                    -X POST https://harbor.dvirlabs.com/api/v2.0/projects/$project/members \
+                    -H "Content-Type: application/json" \
+                    -d '{
+                      "role_id": 1,
+                      "member_group": {
+                        "group_name": "project-admins",
+                        "group_type": 1
+                      }
+                    }'
+                else
+                  echo "✅ Group already exists in project $project, skipping."
+                fi
+              done
diff --git a/manifests/oidc-bootstrap/harbor-oidc-job.yaml b/manifests/oidc-bootstrap/harbor/harbor-oidc.yaml
similarity index 100%
rename from manifests/oidc-bootstrap/harbor-oidc-job.yaml
rename to manifests/oidc-bootstrap/harbor/harbor-oidc.yaml