redaction (#1)

Add the redacted source file for demo purposes

Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1
Co-authored-by: Michael DiLeo <michael_dileo@proton.me>
Co-committed-by: Michael DiLeo <michael_dileo@proton.me>

manifests/infrastructure/elasticsearch/security-setup.yaml

@@ -0,0 +1,88 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: elasticsearch-security-setup
+  namespace: elasticsearch-system
+  annotations:
+    # Run this job after Elasticsearch is ready
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "10"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  template:
+    metadata:
+      labels:
+        app: elasticsearch-security-setup
+    spec:
+      restartPolicy: Never
+      initContainers:
+      # Wait for Elasticsearch to be ready
+      - name: wait-for-elasticsearch
+        image: curlimages/curl:8.10.1
+        command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Waiting for Elasticsearch to be ready..."
+          until curl -u "elastic:${ELASTIC_PASSWORD}" "http://elasticsearch-es-http:9200/_cluster/health?wait_for_status=yellow&timeout=300s"; do
+            echo "Elasticsearch not ready yet, sleeping..."
+            sleep 10
+          done
+          echo "Elasticsearch is ready!"
+        env:
+        - name: ELASTIC_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: elasticsearch-es-elastic-user
+              key: elastic
+      containers:
+      - name: setup-security
+        image: curlimages/curl:8.10.1
+        command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Setting up Elasticsearch security for Mastodon..."
+          
+          # Create mastodon_full_access role
+          echo "Creating mastodon_full_access role..."
+          curl -X POST -u "elastic:${ELASTIC_PASSWORD}" \
+            "http://elasticsearch-es-http:9200/_security/role/mastodon_full_access" \
+            -H 'Content-Type: application/json' \
+            -d '{
+              "cluster": ["monitor"],
+              "indices": [{
+                "names": ["*"],
+                "privileges": ["read", "monitor", "write", "manage"]
+              }]
+            }'
+          
+          echo "Role creation response: $?"
+          
+          # Create mastodon user
+          echo "Creating mastodon user..."
+          curl -X POST -u "elastic:${ELASTIC_PASSWORD}" \
+            "http://elasticsearch-es-http:9200/_security/user/mastodon" \
+            -H 'Content-Type: application/json' \
+            -d '{
+              "password": "'"${MASTODON_PASSWORD}"'",
+              "roles": ["mastodon_full_access"]
+            }'
+          
+          echo "User creation response: $?"
+          echo "Security setup completed!"
+        env:
+        - name: ELASTIC_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: elasticsearch-es-elastic-user
+              key: elastic
+        - name: MASTODON_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: elasticsearch-credentials
+              key: password
+        securityContext: {}
+      nodeSelector: {}
+      tolerations: []