apiVersion: batch/v1
kind: Job
metadata:
  name: minio-oidc-bootstrap
  namespace: infra
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: mc
          image: quay.io/minio/mc
          command:
            - /bin/sh
            - -c
            - |
              set -e

              echo "🔐 Setting up mc alias..."
              mc alias set myminio http://minio.infra.svc.cluster.local:9000 minioadmin minioadmin

              echo "📜 Uploading policies..."
              mc admin policy add myminio admin-policy /config/admin-policy.json || true
              mc admin policy add myminio user-policy /config/user-policy.json || true

              echo "👥 Mapping groups..."
              mc admin group add myminio minio-admins --policy admin-policy || true
              mc admin group add myminio minio-users --policy user-policy || true

              echo "✅ MinIO OIDC bootstrap complete."
          volumeMounts:
            - name: policy-config
              mountPath: /config
      volumes:
        - name: policy-config
          configMap:
            name: minio-policies