{{- /* Support bucket creation for both standalone filer.s3 and allInOne modes */}}
{{- $createBuckets := list }}
{{- $s3Enabled := false }}
{{- $enableAuth := false }}
{{- $existingConfigSecret := "" }}

{{- /* Check allInOne mode first */}}
{{- if .Values.allInOne.enabled }}
  {{- if .Values.allInOne.s3.enabled }}
    {{- $s3Enabled = true }}
    {{- if .Values.allInOne.s3.createBuckets }}
      {{- $createBuckets = .Values.allInOne.s3.createBuckets }}
    {{- end }}
    {{- $enableAuth = or .Values.allInOne.s3.enableAuth .Values.s3.enableAuth .Values.filer.s3.enableAuth }}
    {{- $existingConfigSecret = or .Values.allInOne.s3.existingConfigSecret .Values.s3.existingConfigSecret .Values.filer.s3.existingConfigSecret }}
  {{- end }}
{{- else if .Values.master.enabled }}
  {{- /* Check standalone filer.s3 mode */}}
  {{- if .Values.filer.s3.enabled }}
    {{- $s3Enabled = true }}
    {{- if .Values.filer.s3.createBuckets }}
      {{- $createBuckets = .Values.filer.s3.createBuckets }}
    {{- end }}
    {{- $enableAuth = .Values.filer.s3.enableAuth }}
    {{- $existingConfigSecret = .Values.filer.s3.existingConfigSecret }}
  {{- end }}
{{- end }}

{{- if and $s3Enabled $createBuckets }}
---
apiVersion: batch/v1
kind: Job
metadata:
  name: "{{ $.Release.Name }}-bucket-hook"
  labels:
    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
    app.kubernetes.io/instance: {{ .Release.Name | quote }}
  annotations:
    "helm.sh/hook": post-install
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": hook-succeeded
spec:
  template:
    metadata:
      name: "{{ .Release.Name }}"
      labels:
        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
        app.kubernetes.io/instance: {{ .Release.Name | quote }}
    spec:
      restartPolicy: Never
      {{- if .Values.filer.podSecurityContext.enabled }}
      securityContext: {{- omit .Values.filer.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      containers:
      - name: post-install-job
        image: {{ template "master.image" . }}
        env:
          - name: WEED_CLUSTER_DEFAULT
            value: "sw"
          - name: WEED_CLUSTER_SW_MASTER
            value: {{ include "seaweedfs.cluster.masterAddress" . | quote }}
          - name: WEED_CLUSTER_SW_FILER
            value: {{ include "seaweedfs.cluster.filerAddress" . | quote }}
          - name: POD_IP
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: SEAWEEDFS_FULLNAME
            value: "{{ include "seaweedfs.fullname" . }}"
        command:
          - "/bin/sh"
          - "-ec"
          - |
            wait_for_service() {
              local url=$1
              local max_attempts=60  # 5 minutes total (5s * 60)
              local attempt=1
              
              echo "Waiting for service at $url..."
              while [ $attempt -le $max_attempts ]; do
                if wget -q --spider "$url" >/dev/null 2>&1; then
                  echo "Service at $url is up!"
                  return 0
                fi
                echo "Attempt $attempt: Service not ready yet, retrying in 5s..."
                sleep 5
                attempt=$((attempt + 1))
              done
              echo "Service at $url failed to become ready within 5 minutes"
              exit 1
            }
            {{- if .Values.allInOne.enabled }}
            wait_for_service "http://$WEED_CLUSTER_SW_MASTER{{ .Values.allInOne.readinessProbe.httpGet.path }}"
            wait_for_service "http://$WEED_CLUSTER_SW_FILER{{ .Values.filer.readinessProbe.httpGet.path }}"
            {{- else }}
            wait_for_service "http://$WEED_CLUSTER_SW_MASTER{{ .Values.master.readinessProbe.httpGet.path }}"
            wait_for_service "http://$WEED_CLUSTER_SW_FILER{{ .Values.filer.readinessProbe.httpGet.path }}"
            {{- end }}
          {{- range $createBuckets }}
            /bin/echo \
            "s3.bucket.create --name {{ .name }}" |\
            /usr/bin/weed shell
          {{- end }}
          {{- range $createBuckets }}
          {{- if .anonymousRead }}
            /bin/echo \
            "s3.configure --user anonymous \
                --buckets {{ .name }} \
                --actions Read \
                --apply true" |\
                /usr/bin/weed shell
          {{- end }}  
          {{- end }}
        {{- if $enableAuth }}
        volumeMounts:
          - name: config-users
            mountPath: /etc/sw
            readOnly: true
        {{- end }}
        ports:
          - containerPort: {{ .Values.master.port }}
            name: swfs-master
          {{- if and .Values.global.monitoring.enabled .Values.master.metricsPort }}
          - containerPort: {{ .Values.master.metricsPort }}
            name: metrics
          {{- end }}
          - containerPort: {{ .Values.master.grpcPort }}
            #name: swfs-master-grpc
        {{- if .Values.filer.containerSecurityContext.enabled }}
        securityContext: {{- omit .Values.filer.containerSecurityContext "enabled" | toYaml | nindent 12 }}
        {{- end }}
    {{- if $enableAuth }}
      volumes:
        - name: config-users
          secret:
            defaultMode: 420
            {{- if $existingConfigSecret }}
            secretName: {{ $existingConfigSecret }}
            {{- else }}
            secretName: {{ include "seaweedfs.fullname" . }}-s3-secret
            {{- end }}
    {{- end }}
{{- end }}