resource "kubectl_manifest" "post_install_job" {
  force_new = true
  yaml_body  = <<-EOF
    apiVersion: batch/v1
    kind: Job
    metadata:
      name: "${var.instance}-${var.component}-post-config"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.postcfg_all_labels)}
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          initContainers:
          - name: wait-for-svc
            image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
            imagePullPolicy: ${var.images.sonar.pull_policy}
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop: ["ALL"]
              runAsGroup: 0
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
            command: ["/bin/bash", "-c"]
            args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
          containers:
          - name: post-config
            image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
            imagePullPolicy: ${var.images.sonar.pull_policy}
            command: ["/bin/bash", "-c"]
            args:
            - >-
              curl -o /dev/null -s -w "%%{http_code}\n" -u admin:admin -X POST "http://${module.service.name}.${var.namespace}.svc/api/users/change_password?login=admin&previousPassword=admin&password=$ADMIN_PASSWORD"
            envFrom:
            - secretRef:
                name: ${kubectl_manifest.secret.name}
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop: ["ALL"]
              runAsGroup: 1000
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
  EOF
}