---
apiVersion: v1
data:
  generate-secrets.sh: |
    set -e

    generate_secret() {
        openssl rand -hex 16 | tr 'a-f' 'A-F' | head -c 32
    }

    MINIO_KEYCLOAK_CLIENT_SECRET=$(generate_secret)
    MINIO_ROOT_PASSWORD=$(generate_secret)

    cat > /tmp/final-secret-store.yaml << EOF
    apiVersion: external-secrets.io/v1beta1
    kind: ClusterSecretStore
    metadata:
      name: minio-integrations-secret-store
    spec:
      provider:
        fake:
          data:
          - key: minio-keycloak-client-secret
            value: ${MINIO_KEYCLOAK_CLIENT_SECRET}
          - key: minio-keycloak-client-config
            value: |
              export MINIO_SERVER_URL="http://minio:80"
              export MINIO_API_ROOT_ACCESS="on"
              export MINIO_ROOT_USER="minioroot"
              export MINIO_ROOT_PASSWORD="${MINIO_ROOT_PASSWORD}"
              export MINIO_IDENTITY_OPENID_CLIENT_SECRET="${MINIO_KEYCLOAK_CLIENT_SECRET}"

    EOF

    kubectl apply -f /tmp/final-secret-store.yaml

    echo "ClusterSecretStore created successfully!"
    echo "Generated secrets with alphanumeric values only"
kind: ConfigMap
metadata:
  name: minio-secret-generator-script
  namespace: minio-tenant-default