{{- if .Values.mcJob.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
  name: yonote-minio-mc-job
  labels:
    app: yonote-minio
spec:
  template:
    metadata:
      labels:
        app: yonote-minio
    spec:
      containers:
        - name: mc-client
          image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0"
          command: ["/bin/sh", "-c"]
          args:
            - |
              until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do
                echo "Waiting for MinIO to be ready..."
                sleep 5
              done
              echo "MinIO is ready and alias is set."

              # Создание пользователя
              if ! mc admin user add myminio {{ .Values.minio.customUser }} {{ .Values.minio.customAccessKey }}; then
                echo "User {{ .Values.minio.customUser }} already exists or failed to create."
              else
                echo "User {{ .Values.minio.customUser }} created successfully."
              fi

              # Назначение политики для нового пользователя
              cat <<EOF > /tmp/minio-user-policy.json
              {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Sid": "VisualEditor",
                    "Effect": "Allow",
                    "Action": [
                      "s3:DeleteObject",
                      "s3:GetObject",
                      "s3:PutObject"
                    ],
                    "Resource": [
                      "arn:aws:s3:::yonote-bucket/*"
                    ]
                  }
                ]
              }
              EOF
              echo "User policy JSON file created."

              mc admin policy create myminio yonote-policy /tmp/minio-user-policy.json
              echo "User policy created and applied."

              # Создание бакета
              if ! mc ls myminio/yonote-bucket; then
                mc mb myminio/yonote-bucket
                echo "Bucket yonote-bucket created successfully."
              else
                echo "Bucket yonote-bucket already exists."
              fi

              # Установка политик для бакета
              cat <<EOF > /tmp/minio-bucket-policy.json
              {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Principal": {
                      "AWS": [
                        "*"
                      ]
                    },
                    "Action": [
                      "s3:GetBucketLocation"
                    ],
                    "Resource": [
                      "arn:aws:s3:::yonote-bucket"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Principal": {
                      "AWS": [
                        "*"
                      ]
                    },
                    "Action": [
                      "s3:GetObject"
                    ],
                    "Resource": [
                      "arn:aws:s3:::yonote-bucket/*"
                    ]
                  }
                ]
              }
              EOF
              echo "Bucket policy JSON file created."

              mc anonymous set-json /tmp/minio-bucket-policy.json myminio/yonote-bucket
              echo "Bucket policy applied."

              mc admin policy attach myminio yonote-policy --user={{ .Values.minio.customUser }}
              echo "Policy attached to user {{ .Values.minio.customUser }}."

          resources:
            requests:
              memory: "128Mi"
              cpu: "100m"
            limits:
              memory: "256Mi"
              cpu: "200m"
      restartPolicy: OnFailure
  backoffLimit: 5
  ttlSecondsAfterFinished: 180
{{- end }}