domain-incoming/share/organisation/postconfig.tf

resource "kubectl_manifest" "post_install_job_taiga" {
  count  = var.conditions.have_taiga ? 1:0
  yaml_body  = <<-EOF
    apiVersion: batch/v1
    kind: Job
    metadata:
      name: "${var.component}-${trimprefix(var.instance,"org-")}-config-taiga"
      namespace: "${var.domain}-ci"
      labels: ${jsonencode(local.common_labels)}
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          initContainers:
          - name: wait-for-sonar
            image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
            imagePullPolicy: ${var.images.kubectl.pull_policy}
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop: ["ALL"]
              runAsGroup: 0
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
            command: ["/bin/bash", "-c"]
            args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/taiga-taiga/80) && exit 0; sleep 2;done; exit 1"]
          containers:
          - name: post-config
            image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
            imagePullPolicy: ${var.images.kubectl.pull_policy}
            command: ["/bin/bash", "-xc"]
            args:
            - >-
              API='http://taiga-taiga.${var.namespace}.svc/api/v1';
              TOKEN=$(curl -X POST -sH "Content-Type: application/json" -d '{ "type": "normal", "username": "admin", "password": "'"$DJANGO_SUPERUSER_PASSWORD"'" }' "$API/auth" | jq -r '.auth_token');
              if ! curl -sH  "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" "$API/projects"|jq -r '.[].name' |grep -E '^${trimprefix(var.instance,"org-")}$'; then
                curl -X POST -sH  "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" "http://taiga-taiga.${var.namespace}.svc/api/v1/projects" -d '{ "creation_template": 1, "description": "Organisation ${trimprefix(var.instance,"org-")} project", "is_backlog_activated": true, "is_issues_activated": true, "is_kanban_activated": true, "is_private": true, "is_wiki_activated": true, "name": "${trimprefix(var.instance,"org-")}", }';
              fi
            env:
            - name: garbage
              value: "${jsonencode(var.install_owner)}"
            envFrom:
            - secretRef:
                name: taiga-taiga
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop: ["ALL"]
              runAsGroup: 1000
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
  EOF
}