{{- if .Values.account }}
{{- if or .Values.account.adminPassword .Values.account.adminPasswordSecretName}}
apiVersion: batch/v1
kind: Job
metadata:
  name: {{ template "sonarqube.fullname" . }}-change-admin-password-hook
  labels:
    app: {{ template "sonarqube.name" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
  {{- range $key, $value := .Values.service.labels }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
  annotations:
    "helm.sh/hook": post-install
    "helm.sh/hook-delete-policy": hook-succeeded
  {{- range $key, $value := .Values.adminJobAnnotations }}
    {{ $key }}: {{ $value | quote }}
  {{- end }}
spec:
  template:
    metadata:
      name: {{ template "sonarqube.fullname" . }}-change-admin-password-hook
      labels:
        app: {{ template "sonarqube.name" . }}
        heritage: {{ .Release.Service }}
        release: {{ .Release.Name }}
      {{- range $key, $value := .Values.service.labels }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
    spec:
      restartPolicy: OnFailure
      {{- if or .Values.image.pullSecrets .Values.image.pullSecret }}
      imagePullSecrets:
        {{- if .Values.image.pullSecret }}
        - name: {{ .Values.image.pullSecret }}
        {{- end }}
        {{- if .Values.image.pullSecrets }}
{{ toYaml .Values.image.pullSecrets | indent 8 }}
        {{- end }}
      {{- end }}
      serviceAccountName: {{ template "sonarqube.serviceAccountName" . }}
    {{- if .Values.tolerations }}
      tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
    {{- end }}
    {{- if .Values.affinity }}
      affinity:
{{ toYaml .Values.affinity | indent 8 }}
    {{- end }}
      containers:
      - name: {{ template "sonarqube.fullname" . }}-change-default-admin-password
        image: {{ default "curlimages/curl:8.2.0" .Values.curlContainerImage }}
        {{- if $securityContext := .Values.account.securityContext }}
        securityContext:
{{ toYaml $securityContext | indent 12 }}
        {{- end }}
        command: ["sh", "-c", 'until curl -v --connect-timeout 100 {{ template "sonarqube.fullname" . }}:{{ default 9000 .Values.service.internalPort }}{{ .Values.account.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status | grep -w UP; do sleep 10; done; curl -v --connect-timeout 100 -u admin:$CURRENT_ADMIN_PASSWORD -X POST "{{ template "sonarqube.fullname" . }}:{{ default 9000 .Values.service.internalPort }}{{ .Values.account.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/users/change_password?login=admin&previousPassword=$CURRENT_ADMIN_PASSWORD&password=$ADMIN_PASSWORD"']
        env:
        - name: ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              {{- if .Values.account.adminPassword }}
              name: {{ template "sonarqube.fullname" . }}-admin-password
              {{- else }}
              name: {{ .Values.account.adminPasswordSecretName }}
              {{- end }}
              key: password
        - name: CURRENT_ADMIN_PASSWORD
          valueFrom:
            secretKeyRef:
              {{- if .Values.account.adminPassword }}
              name: {{ template "sonarqube.fullname" . }}-admin-password
              {{- else }}
              name: {{ .Values.account.adminPasswordSecretName }}
              {{- end }}
              key: currentPassword
        resources:
{{ toYaml (default .Values.resources .Values.account.resources) | indent 10 }}
{{- end }}
{{- end }}