fix(configure) : updated files to remove secrets , fix check passing

Author: USHER-PB

docs/keycloak-sso-integration.md

@@ -56,7 +56,7 @@ Because Keycloak is the strict source of truth, any roles assigned manually with
 
 **To grant a user access to Grafana:**
 1. A System Administrator must log into the Keycloak Admin Console.
-2. Navigate to the target Realm (e.g., `argocd`).
+2. Navigate to the target Realm (e.g., `<realm>`).
 3. Create the user or locate an existing user.
 4. Navigate to the user's **Groups** tab.
 5. Join the user to either `grafana-admins`, `grafana-editors`, or `grafana-viewers`.
@@ -66,8 +66,8 @@ Upon their next login, Grafana will automatically sync the user and grant them t
 ## 5. Required CI/CD Secrets
 For this configuration to deploy successfully via GitHub Actions, the following secrets must be present in the repository:
 
-1. `KEYCLOAK_URL` (e.g., `https://accounts.ssegning.com`)
-2. `KEYCLOAK_REALM` (e.g., `argocd`)
+1. `KEYCLOAK_URL` (e.g., `https://<keycloak-domain>/<realm>.com`)
+2. `KEYCLOAK_REALM` (e.g., `<realm>`)
 3. `KEYCLOAK_ADMIN_USER` 
 4. `KEYCLOAK_ADMIN_PASSWORD` 
 5. `GRAFANA_KEYCLOAK_USER` (The dedicated Grafana admin username)

lgtm-stack/terraform/keycloak.tf

@@ -2,7 +2,7 @@
 # Keycloak Terraform Configuration — Grafana SSO
 # ============================================================
 # This file automates the full Keycloak-side setup inside the
-# existing "argocd" realm on accounts.ssegning.com (shared with ArgoCD).
+# existing realm on <keycloak-domain> (shared with Auth/SSO).
 #
 # What it creates:
 #   1. OpenID Connect client: grafana-oauth

lgtm-stack/terraform/main.tf

@@ -73,7 +73,7 @@ provider "keycloak" {
   client_id = "admin-cli"
   username  = var.keycloak_admin_user
   password  = var.keycloak_admin_password
-  url       = var.keycloak_url  # https://accounts.ssegning.com
+  url       = var.keycloak_url # https://<keycloak-domain>
   realm     = var.keycloak_realm
 
   # base_path is NOT set — correct for Keycloak 17+ (Quarkus distribution)
@@ -348,11 +348,11 @@ resource "helm_release" "grafana" {
       ingress_class_name        = var.ingress_class_name
       cert_issuer_name          = var.cert_issuer_name
       # Keycloak OAuth2 — URL and realm for grafana.ini endpoint construction
-      keycloak_url              = var.keycloak_url
-      keycloak_realm            = var.keycloak_realm
+      keycloak_url   = var.keycloak_url
+      keycloak_realm = var.keycloak_realm
       # Client secret is read directly from the Keycloak Terraform resource
       # (no manual copy-paste or separate secret management needed)
-      keycloak_client_secret    = keycloak_openid_client.grafana.client_secret
+      keycloak_client_secret = keycloak_openid_client.grafana.client_secret
     })
   ]
 

lgtm-stack/terraform/variables.tf

@@ -230,12 +230,12 @@ variable "force_destroy" {
 # No defaults are set here to enforce that secrets are always explicitly provided.
 
 variable "keycloak_url" {
-  description = "Base URL of the Keycloak server, no trailing slash, no /auth suffix (KC 17+ Quarkus). e.g. https://accounts.ssegning.com"
+  description = "Base URL of the Keycloak server, no trailing slash, no /auth suffix (KC 17+ Quarkus). e.g. https://<keycloak-domain>"
   type        = string
 }
 
 variable "keycloak_realm" {
-  description = "Keycloak realm where the Grafana OIDC client and roles will be created. Must already exist. e.g. argocd"
+  description = "Keycloak realm where the Grafana OIDC client and roles will be created. Must already exist. e.g. <realm>"
   type        = string
 }