feat(ops/keycloak): Add OIDC client for Grafana r/3469

Completely forgot about Grafana, so it's currently broken. Oops! Change-Id: Ia4e6405428ad8e514d6e61635f9692c57f61defe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4705 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: tazjin <mail@tazj.in>
author: Vincent Ambo <mail@tazj.in> 2021-12-27T13·40+0300
committer: tazjin <mail@tazj.in> 2021-12-27T15·53+0000
commit: 4f030f085d34f07eba19003ad4b951b327b075a9 (patch)
tree: 29aa116a6619f49cf0ffba6a63ad75d23cbcb61c /ops/keycloak
parent: 906d6553c65f5eac1f6f77f3984bfd04963cb13f (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index 05398a866cee..ec44507ec64b 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -60,3 +60,17 @@ resource "keycloak_openid_audience_protocol_mapper" "oauth2_proxy_audience" {
   name                     = "oauth2-proxy-audience"
   included_custom_audience = keycloak_openid_client.oauth2_proxy.client_id
 }
+
+resource "keycloak_openid_client" "grafana" {
+  realm_id              = keycloak_realm.tvl.id
+  client_id             = "grafana"
+  name                  = "Grafana"
+  enabled               = true
+  access_type           = "CONFIDENTIAL"
+  standard_flow_enabled = true
+  base_url              = "https://status.tvl.su"
+
+  valid_redirect_uris = [
+    "https://status.tvl.su/*",
+  ]
+}
author	Vincent Ambo <mail@tazj.in>	2021-12-27T13·40+0300
committer	tazjin <mail@tazj.in>	2021-12-27T15·53+0000
commit	4f030f085d34f07eba19003ad4b951b327b075a9 (patch)
tree	29aa116a6619f49cf0ffba6a63ad75d23cbcb61c /ops/keycloak
parent	906d6553c65f5eac1f6f77f3984bfd04963cb13f (diff)