From f9b3b69b670684d22c50ed0795928a8cca55f78d Mon Sep 17 00:00:00 2001
From: Daniel Sy <Daniel.Sy@telekom.de>
Date: Wed, 13 Aug 2025 14:39:14 +0200
Subject: [PATCH] =?UTF-8?q?fix(grafana):=20=F0=9F=94=92=20Remove=20unneces?=
 =?UTF-8?q?sary=20role=20scope=20from=20OAuth?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove the 'roles' scope from the Grafana OAuth configuration to streamline authentication requirements. This change enhances security by limiting access scopes to only what's necessary.
---
 .../observability/grafana-operator/manifests/grafana.yaml       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml b/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
index bf8484c..c266340 100644
--- a/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
+++ b/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
@@ -52,7 +52,7 @@ spec:
       use_refresh_token: "true"
       client_id: grafana
       client_secret: "thisisasecret" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
-      scopes: openid email profile offline_access roles
+      scopes: openid email profile offline_access
       auth_url: https://dex.observability.t09.de/auth
       token_url: https://dex.observability.t09.de/token
       api_url: https://dex.observability.t09.de/userinfo