resource "kubectl_manifest" "post_install_job_taiga" {
  count  = var.conditions.have_taiga ? 1:0
  yaml_body  = <<-EOF
    apiVersion: batch/v1
    kind: Job
    metadata:
      name: "${var.component}-${trimprefix(var.instance,"org-")}-config-taiga"
      namespace: "${var.domain}-ci"
      labels: ${jsonencode(local.common_labels)}
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          initContainers:
          - name: wait-for-sonar
            image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
            imagePullPolicy: ${var.images.kubectl.pull_policy}
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop: ["ALL"]
              runAsGroup: 0
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
            command: ["/bin/bash", "-c"]
            args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/taiga-taiga/80) && exit 0; sleep 2;done; exit 1"]
          containers:
          - name: post-config
            image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
            imagePullPolicy: ${var.images.kubectl.pull_policy}
            command: ["/bin/bash", "-xc"]
            args:
            - >-
              API='http://taiga-taiga.${var.namespace}.svc/api/v1';
              JSON="-sH  'Content-Type: application/json'";
              TOKEN=$(curl -X POST $JSON -d '{ "type": "normal", "username": "admin", "password": "'"$DJANGO_SUPERUSER_PASSWORD"'" }' "$API/auth" | jq -r '.auth_token');
              BEAR="-H 'Authorization: Bearer $TOKEN'";
              if ! curl $JSON $BEAR "$API/projects"|jq -r '.[].name' |grep -E '^${trimprefix(var.instance,"org-")}$'; then
                curl -X POST $JSON $BEAR "http://taiga-taiga.${var.namespace}.svc/api/v1/projects" -d '{ "creation_template": 1, "description": "Organisation ${trimprefix(var.instance,"org-")} project", "is_backlog_activated": true, "is_issues_activated": true, "is_kanban_activated": true, "is_private": true, "is_wiki_activated": true, "name": "${trimprefix(var.instance,"org-")}", }';
              fi
            env:
            - name: garbage
              value: "xx"
            envFrom:
            - secretRef:
                name: taiga-taiga
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop: ["ALL"]
              runAsGroup: 1000
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
  EOF
}