# services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: portal-onboarding-e2e-test-23
  namespace: bstein-dev-home
spec:
  backoffLimit: 0
  template:
    metadata:
      annotations:
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/role: "bstein-dev-home"
        vault.hashicorp.com/agent-inject-secret-portal-env.sh: "kv/data/atlas/portal/atlas-portal-db"
        vault.hashicorp.com/agent-inject-template-portal-env.sh: |
          {{ with secret "kv/data/atlas/portal/atlas-portal-db" }}
          export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}"
          {{ end }}
          {{ with secret "kv/data/atlas/portal/bstein-dev-home-keycloak-admin" }}
          export KEYCLOAK_ADMIN_CLIENT_SECRET="{{ .Data.data.client_secret }}"
          {{ end }}
          {{ with secret "kv/data/atlas/shared/chat-ai-keys-runtime" }}
          export CHAT_KEY_MATRIX="{{ .Data.data.matrix }}"
          export CHAT_KEY_HOMEPAGE="{{ .Data.data.homepage }}"
          {{ end }}
          {{ with secret "kv/data/atlas/shared/portal-e2e-client" }}
          export PORTAL_E2E_CLIENT_ID="{{ .Data.data.client_id }}"
          export PORTAL_E2E_CLIENT_SECRET="{{ .Data.data.client_secret }}"
          {{ end }}
    spec:
      restartPolicy: Never
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/worker
                    operator: Exists
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              preference:
                matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values: ["arm64"]
      serviceAccountName: bstein-dev-home
      containers:
        - name: test
          image: python:3.11-slim
          env:
            - name: PORTAL_BASE_URL
              value: http://bstein-dev-home-backend.bstein-dev-home.svc.cluster.local
            - name: KEYCLOAK_ADMIN_URL
              value: https://sso.bstein.dev
            - name: KEYCLOAK_REALM
              value: atlas
            - name: KEYCLOAK_ADMIN_CLIENT_ID
              value: bstein-dev-home-admin
            - name: PORTAL_TARGET_CLIENT_ID
              value: bstein-dev-home
            - name: E2E_PORTAL_ADMIN_USERNAME
              value: bstein
            - name: E2E_USERNAME_PREFIX
              value: e2e-portal
            - name: E2E_CONTACT_EMAIL
              value: robotuser@bstein.dev
            - name: E2E_IMAP_KEYCLOAK_USERNAME
              value: robotuser
            - name: E2E_DEADLINE_SECONDS
              value: "600"
            - name: E2E_POLL_SECONDS
              value: "10"
          command: ["/bin/sh", "-c"]
          args:
            - |
              set -eu
              . /vault/secrets/portal-env.sh
              python /scripts/test_portal_onboarding_flow.py
          volumeMounts:
            - name: tests
              mountPath: /scripts
              readOnly: true
      volumes:
        - name: tests
          configMap:
            name: portal-onboarding-e2e-tests
            defaultMode: 0555