From 71dc4ee53be0be23d73a0bb58e545b51953c0801 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20Forc=C3=A9n=20Mu=C3=B1oz?= <manuforcen@gmail.com>
Date: Mon, 21 Oct 2024 11:09:58 +0200
Subject: [PATCH 1/2] Changed command for shell to delete all files

---
 teardown.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/teardown.yml b/teardown.yml
index bd76513..0def38d 100644
--- a/teardown.yml
+++ b/teardown.yml
@@ -12,4 +12,4 @@
       remove_volumes: true
 
   - name: Deleting infra folder contents
-    ansible.builtin.command: rm -r /opt/infra/*
+    ansible.builtin.shell: rm -r /opt/infra/*

From e2e7f4c51183868f4cb6c1d87d9c2b4c355a7346 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20Forc=C3=A9n=20Mu=C3=B1oz?= <manuforcen@gmail.com>
Date: Mon, 21 Oct 2024 11:10:50 +0200
Subject: [PATCH 2/2] Fixed SSO grafana authentication

---
 bootstrap.yml         | 12 ++++++++++++
 templates/compose.yml |  3 ++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/bootstrap.yml b/bootstrap.yml
index 5ad3eec..9dd3433 100644
--- a/bootstrap.yml
+++ b/bootstrap.yml
@@ -110,3 +110,15 @@
       client_authenticator_type: client-secret
       id: a6960246-4aa9-495f-8843-69d664dba0ea
       secret: "{{ grafana_kc_client_secret }}"
+
+  - name: Updating ca certificates of Grafana container
+    community.docker.docker_container_exec:
+      user: 0
+      command: update-ca-certificates
+      container: infra-grafana
+
+  - name: Restarting grafana container
+    community.docker.docker_container:
+      name: infra-grafana
+      state: started
+      restart: true
diff --git a/templates/compose.yml b/templates/compose.yml
index d953c43..066c07c 100644
--- a/templates/compose.yml
+++ b/templates/compose.yml
@@ -59,7 +59,7 @@ services:
       - grafana-storage:/var/lib/grafana
       - type: bind
         source: ./grafana/mforcen.crt
-        target: /etc/ssl/mforcen.crt
+        target: /usr/local/share/ca-certificates/mforcen.crt
       - type: bind
         source: ./grafana/ssl
         target: /ssl
@@ -86,6 +86,7 @@ services:
       GF_AUTH_GENERIC_OAUTH_ENABLED: true
       GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
       GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ grafana_kc_client_secret }}
+      GF_AUTH_GENERIC_OAUTH_SCOPES: openid email profile offline_access roles
       GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email
       GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username
       GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name