2025-03-06 09:24:13 +00:00
1 changed files with 2 additions and 1 deletions
--- a/template/stacks/monitoring/kube-prometheus/values.yaml
+++ b/template/stacks/monitoring/kube-prometheus/values.yaml
@ -40,6 +40,7 @@ grafana:
      enabled: true
      name: Keycloak-OAuth
      allow_sign_up: true
+      use_refresh_token: true
      client_id: $__file{/etc/secrets/auth_generic_oauth/client_id}
      client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret}
      scopes: openid email profile offline_access roles
@ -50,7 +51,7 @@ grafana:
      token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token
      api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo
      redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth
-      role_attribute_path: "contains(resource_access.\"grafana-oauth\".roles[*], 'admin') && 'Admin' || contains(resource_access.\"grafana-oauth\".roles[*], 'editor') && 'Editor' || 'Viewer'"
+      role_attribute_path: "contains(resource_access.\"grafana\".roles[*], 'admin') && 'Admin' || contains(resource_access.\"grafana\".roles[*], 'editor') && 'Editor' || 'Viewer'"
      
  extraSecretMounts:
    - name: auth-generic-oauth-secret-mount