From 4f030f085d34f07eba19003ad4b951b327b075a9 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Mon, 27 Dec 2021 16:40:39 +0300
Subject: feat(ops/keycloak): Add OIDC client for Grafana

Completely forgot about Grafana, so it's currently broken. Oops!

Change-Id: Ia4e6405428ad8e514d6e61635f9692c57f61defe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4705
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: tazjin <mail@tazj.in>
---
 ops/keycloak/main.tf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'ops')

diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index 05398a866c..ec44507ec6 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -60,3 +60,17 @@ resource "keycloak_openid_audience_protocol_mapper" "oauth2_proxy_audience" {
   name                     = "oauth2-proxy-audience"
   included_custom_audience = keycloak_openid_client.oauth2_proxy.client_id
 }
+
+resource "keycloak_openid_client" "grafana" {
+  realm_id              = keycloak_realm.tvl.id
+  client_id             = "grafana"
+  name                  = "Grafana"
+  enabled               = true
+  access_type           = "CONFIDENTIAL"
+  standard_flow_enabled = true
+  base_url              = "https://status.tvl.su"
+
+  valid_redirect_uris = [
+    "https://status.tvl.su/*",
+  ]
+}
-- 
cgit 1.4.1