apiVersion: batch/v1
kind: Job
metadata:
  name: minio-oidc-bootstrap
  namespace: infra
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: mc
          image: quay.io/minio/mc
          command:
            - /bin/sh
            - -c
            - |
              set -e

              echo "🔐 Setting up mc alias..."
              mc alias set myminio http://minio-bitnami.infra.svc.cluster.local:9000 minioadmin minioadmin

              echo "📜 Creating policies..."
              mc admin policy create myminio admin-policy /config/admin-policy.json || true
              mc admin policy create myminio user-policy /config/user-policy.json || true

              echo "👥 Creating groups with dummy user..."
              mc admin group add myminio minio-admins tempuser || true
              mc admin group add myminio minio-users tempuser || true

              echo "🧹 Removing dummy user from groups..."
              mc admin group remove myminio minio-admins tempuser || true
              mc admin group remove myminio minio-users tempuser || true

              echo "🔗 Attaching policies to groups..."
              mc admin policy set myminio admin-policy group=minio-admins || true
              mc admin policy set myminio user-policy group=minio-users || true

              echo "✅ MinIO OIDC bootstrap complete."
          volumeMounts:
            - name: policy-config
              mountPath: /config
      volumes:
        - name: policy-config
          configMap:
            name: minio-policies