apiVersion: batch/v1
kind: Job
metadata:
  name: harbor-oidc-setup
  namespace: dev-tools
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: setup
          image: curlimages/curl:latest
          command:
            - /bin/sh
            - -c
            - |
              echo "Waiting for Harbor..."
              until curl -k -s https://harbor.dvirlabs.com/api/v2.0/ping; do sleep 5; done

              echo "Applying OIDC settings..."
              curl -k -u admin:SuperSecurePassword123 \
                -X PUT https://harbor.dvirlabs.com/api/v2.0/configurations \
                -H "Content-Type: application/json" \
                -d '{
                  "auth_mode": "oidc_auth",
                  "oidc_name": "keycloak",
                  "oidc_endpoint": "https://keycloak.dvirlabs.com/realms/lab",
                  "oidc_client_id": "harbor",
                  "oidc_client_secret": "XWYmXRJufVHEXncdrVLPIeQWgyBnuq4v",
                  "oidc_scope": "openid,profile,email",
                  "oidc_verify_cert": false,
                  "oidc_auto_onboard": true,
                  "oidc_user_claim": "preferred_username",
                  "oidc_groups_claim": "groups"
                }'