From 654085d42f7fb32edc03333e15bde54652a8a58c Mon Sep 17 00:00:00 2001
From: David Lohle <Proplex@users.noreply.github.com>
Date: Wed, 8 Aug 2018 13:39:03 -0400
Subject: [PATCH] Add UAA client for Prometheus `bosh_exporter`

Rather than give the bosh_exporter a full BOSH admin account, this
commit adds an UAA account named `prometheus` with only the `bosh.read`
scope and authority. This will be used by the Prometheus Genesis Kit to
automatically extract the necessary information.
---
 kit.yml                | 2 ++
 manifests/bosh/uaa.yml | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/kit.yml b/kit.yml
index 927c6ccb..343566bc 100644
--- a/kit.yml
+++ b/kit.yml
@@ -92,6 +92,8 @@ credentials:
       secret: random 32
     uaa/clients/uaa_admin:
       secret: random 32
+    uaa/clients/prometheus:
+      secret: random 32
 
     uaa/users/credhub-cli:
       password: random 32
diff --git a/manifests/bosh/uaa.yml b/manifests/bosh/uaa.yml
index 26f5a104..7deadd15 100644
--- a/manifests/bosh/uaa.yml
+++ b/manifests/bosh/uaa.yml
@@ -61,6 +61,13 @@ instance_groups:
             scope: ""
             authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write
             secret: (( vault meta.vault "/uaa/clients/uaa_admin:secret" ))
+          
+          prometheus:
+            override: true
+            authorized-grant-types: client_credentials, refresh_token
+            scope: bosh.read
+            authorities: bosh.read
+            secret: (( vault meta.vault "/uaa/clients/prometheus:secret" ))
 
           concourse:
             override: true