about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-12-27T13·40+0300
committertazjin <mail@tazj.in>2021-12-27T15·53+0000
commit4f030f085d34f07eba19003ad4b951b327b075a9 (patch)
tree29aa116a6619f49cf0ffba6a63ad75d23cbcb61c
parent906d6553c65f5eac1f6f77f3984bfd04963cb13f (diff)
feat(ops/keycloak): Add OIDC client for Grafana r/3469
Completely forgot about Grafana, so it's currently broken. Oops!

Change-Id: Ia4e6405428ad8e514d6e61635f9692c57f61defe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4705
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: tazjin <mail@tazj.in>
-rw-r--r--ops/keycloak/main.tf14
1 files changed, 14 insertions, 0 deletions
diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index 05398a866cee..ec44507ec64b 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -60,3 +60,17 @@ resource "keycloak_openid_audience_protocol_mapper" "oauth2_proxy_audience" {
   name                     = "oauth2-proxy-audience"
   included_custom_audience = keycloak_openid_client.oauth2_proxy.client_id
 }
+
+resource "keycloak_openid_client" "grafana" {
+  realm_id              = keycloak_realm.tvl.id
+  client_id             = "grafana"
+  name                  = "Grafana"
+  enabled               = true
+  access_type           = "CONFIDENTIAL"
+  standard_flow_enabled = true
+  base_url              = "https://status.tvl.su"
+
+  valid_redirect_uris = [
+    "https://status.tvl.su/*",
+  ]
+}