Add UAA client for Prometheus bosh_exporter

Rather than give the bosh_exporter a full BOSH admin account, this commit adds an UAA account named `prometheus` with only the `bosh.read` scope and authority. This will be used by the Prometheus Genesis Kit to automatically extract the necessary information.
genesis-community · Aug 8, 2018 · 654085d · 654085d
1 parent a3df06b
commit 654085d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/kit.yml b/kit.yml
@@ -92,6 +92,8 @@ credentials:
       secret: random 32
     uaa/clients/uaa_admin:
       secret: random 32
+    uaa/clients/prometheus:
+      secret: random 32
 
     uaa/users/credhub-cli:
       password: random 32

diff --git a/manifests/bosh/uaa.yml b/manifests/bosh/uaa.yml
@@ -61,6 +61,13 @@ instance_groups:
             scope: ""
             authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write
             secret: (( vault meta.vault "/uaa/clients/uaa_admin:secret" ))
+
+          prometheus:
+            override: true
+            authorized-grant-types: client_credentials, refresh_token
+            scope: bosh.read
+            authorities: bosh.read
+            secret: (( vault meta.vault "/uaa/clients/prometheus:secret" ))
 
           concourse:
             override: true