From be810f130443497b4e3b22e6fb868bbeb31262e9 Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Thu, 8 Jan 2026 16:19:13 +0000
Subject: [PATCH 1/9] feat(charts): grafana enable admin

---
 charts/monitoring/values.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/charts/monitoring/values.yaml b/charts/monitoring/values.yaml
index aae83b2eb..cad514226 100644
--- a/charts/monitoring/values.yaml
+++ b/charts/monitoring/values.yaml
@@ -46,6 +46,20 @@ grafana:
       use_pkce: true
       use_refresh_token: true
       email_attribute_path: id
+      allow_assign_grafana_admin: true
+      role_attribute_path: >
+        (
+          email=='benedikt.daurer@diamond.ac.uk' ||
+          email=='thomas.thomas@diamond.ac.uk' ||
+          email=='vigneshwar.shanmugasundar@diamond.ac.uk' ||
+          email=='david.hadley@diamond.ac.uk' ||
+          email=='jacob.williamson.daurer@diamond.ac.uk' ||
+          email=='n.leung@diamond.ac.uk' ||
+          email=='james.gilbert@diamond.ac.uk' ||
+          email=='victoria.beilsten-edmands@diamond.ac.uk' ||
+          email=='teo.ching@diamond.ac.uk' ||
+        )
+        && 'GrafanaAdmin' || 'Viewer'
   dashboardProviders:
     dashboardproviders.yaml:
       apiVersion: 1

From 541431fefee31289c776177daf9f31b128468e0c Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Thu, 8 Jan 2026 16:28:25 +0000
Subject: [PATCH 2/9] chore(charts): bump version

---
 charts/monitoring/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/monitoring/Chart.yaml b/charts/monitoring/Chart.yaml
index fee29c290..8bf5e70a8 100644
--- a/charts/monitoring/Chart.yaml
+++ b/charts/monitoring/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: monitoring
 description: A monitoring stack for the workflows deployment
 type: application
-version: 0.1.9
+version: 0.1.10
 dependencies:
   - name: grafana
     repository: https://grafana.github.io/helm-charts

From 729f59b63d9cdc5a09cdfaa495233b2874194b39 Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Mon, 12 Jan 2026 11:20:10 +0000
Subject: [PATCH 3/9] feat(charts): enable grafana admin in staging

---
 charts/monitoring/staging-values.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/charts/monitoring/staging-values.yaml b/charts/monitoring/staging-values.yaml
index 0f2dc364f..d1ff6a6f6 100644
--- a/charts/monitoring/staging-values.yaml
+++ b/charts/monitoring/staging-values.yaml
@@ -16,9 +16,18 @@ grafana:
       root_url: https://grafana.staging.workflows.diamond.ac.uk
       serve_from_sub_path: false
     auth.generic_oauth:
+      enabled: true
+      client_id: $__file{/etc/secrets/oauth_provider/client-id}
+      client_secret: $__file{/etc/secrets/oauth_provider/client-secret}
+      scopes: openid profile email offline_access
       auth_url: https://identity-dev.diamond.ac.uk/realms/dls/protocol/openid-connect/auth
       token_url: https://identity-dev.diamond.ac.uk/realms/dls/protocol/openid-connect/token
       api_url: https://identity-dev.diamond.ac.uk/realms/dls/protocol/openid-connect/userinfo
+      use_pkce: true
+      use_refresh_token: true
+      email_attribute_path: id
+      allow_assign_grafana_admin: true
+      role_attribute_path: (email=='teo.ching@diamond.ac.uk' || email=='benedikt.daurer@diamond.ac.uk' || email=='thomas.thomas@diamond.ac.uk' || email=='vigneshwar.shanmugasundar@diamond.ac.uk' || email=='david.hadley@diamond.ac.uk' || email=='jacob.williamson@diamond.ac.uk' || email=='n.leung@diamond.ac.uk' || email=='james.gilbert@diamond.ac.uk' || email=='victoria.beilsten-edmands@diamond.ac.uk') && 'GrafanaAdmin' || 'Viewer'
 
 thanos:
   existingObjstoreSecret: ""

From fdb3202b03013ca63a3391aa33c79e54e278edaf Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Mon, 12 Jan 2026 11:20:37 +0000
Subject: [PATCH 4/9] fix(charts): syntax fix

---
 charts/monitoring/values.yaml | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/charts/monitoring/values.yaml b/charts/monitoring/values.yaml
index cad514226..73287b24f 100644
--- a/charts/monitoring/values.yaml
+++ b/charts/monitoring/values.yaml
@@ -47,19 +47,7 @@ grafana:
       use_refresh_token: true
       email_attribute_path: id
       allow_assign_grafana_admin: true
-      role_attribute_path: >
-        (
-          email=='benedikt.daurer@diamond.ac.uk' ||
-          email=='thomas.thomas@diamond.ac.uk' ||
-          email=='vigneshwar.shanmugasundar@diamond.ac.uk' ||
-          email=='david.hadley@diamond.ac.uk' ||
-          email=='jacob.williamson.daurer@diamond.ac.uk' ||
-          email=='n.leung@diamond.ac.uk' ||
-          email=='james.gilbert@diamond.ac.uk' ||
-          email=='victoria.beilsten-edmands@diamond.ac.uk' ||
-          email=='teo.ching@diamond.ac.uk' ||
-        )
-        && 'GrafanaAdmin' || 'Viewer'
+      role_attribute_path: (email=='teo.ching@diamond.ac.uk' || email=='benedikt.daurer@diamond.ac.uk' || email=='thomas.thomas@diamond.ac.uk' || email=='vigneshwar.shanmugasundar@diamond.ac.uk' || email=='david.hadley@diamond.ac.uk' || email=='jacob.williamson@diamond.ac.uk' || email=='n.leung@diamond.ac.uk' || email=='james.gilbert@diamond.ac.uk' || email=='victoria.beilsten-edmands@diamond.ac.uk') && 'GrafanaAdmin' || 'Viewer'
   dashboardProviders:
     dashboardproviders.yaml:
       apiVersion: 1

From 33d5d3b19ce3588fd78d9f6d99a44c53112e41b1 Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Tue, 13 Jan 2026 15:26:22 +0000
Subject: [PATCH 5/9] chore(charts): remove duplication in staging yaml

---
 charts/monitoring/staging-values.yaml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/charts/monitoring/staging-values.yaml b/charts/monitoring/staging-values.yaml
index d1ff6a6f6..0f2dc364f 100644
--- a/charts/monitoring/staging-values.yaml
+++ b/charts/monitoring/staging-values.yaml
@@ -16,18 +16,9 @@ grafana:
       root_url: https://grafana.staging.workflows.diamond.ac.uk
       serve_from_sub_path: false
     auth.generic_oauth:
-      enabled: true
-      client_id: $__file{/etc/secrets/oauth_provider/client-id}
-      client_secret: $__file{/etc/secrets/oauth_provider/client-secret}
-      scopes: openid profile email offline_access
       auth_url: https://identity-dev.diamond.ac.uk/realms/dls/protocol/openid-connect/auth
       token_url: https://identity-dev.diamond.ac.uk/realms/dls/protocol/openid-connect/token
       api_url: https://identity-dev.diamond.ac.uk/realms/dls/protocol/openid-connect/userinfo
-      use_pkce: true
-      use_refresh_token: true
-      email_attribute_path: id
-      allow_assign_grafana_admin: true
-      role_attribute_path: (email=='teo.ching@diamond.ac.uk' || email=='benedikt.daurer@diamond.ac.uk' || email=='thomas.thomas@diamond.ac.uk' || email=='vigneshwar.shanmugasundar@diamond.ac.uk' || email=='david.hadley@diamond.ac.uk' || email=='jacob.williamson@diamond.ac.uk' || email=='n.leung@diamond.ac.uk' || email=='james.gilbert@diamond.ac.uk' || email=='victoria.beilsten-edmands@diamond.ac.uk') && 'GrafanaAdmin' || 'Viewer'
 
 thanos:
   existingObjstoreSecret: ""

From 83e8a680ee8cbf500d19b63a3ec817536dddf018 Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Tue, 13 Jan 2026 15:27:04 +0000
Subject: [PATCH 6/9] chore(charts): remove admin rights

---
 charts/monitoring/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/monitoring/values.yaml b/charts/monitoring/values.yaml
index 73287b24f..0e7d0d51d 100644
--- a/charts/monitoring/values.yaml
+++ b/charts/monitoring/values.yaml
@@ -47,7 +47,7 @@ grafana:
       use_refresh_token: true
       email_attribute_path: id
       allow_assign_grafana_admin: true
-      role_attribute_path: (email=='teo.ching@diamond.ac.uk' || email=='benedikt.daurer@diamond.ac.uk' || email=='thomas.thomas@diamond.ac.uk' || email=='vigneshwar.shanmugasundar@diamond.ac.uk' || email=='david.hadley@diamond.ac.uk' || email=='jacob.williamson@diamond.ac.uk' || email=='n.leung@diamond.ac.uk' || email=='james.gilbert@diamond.ac.uk' || email=='victoria.beilsten-edmands@diamond.ac.uk') && 'GrafanaAdmin' || 'Viewer'
+      role_attribute_path: (email=='teo.ching@diamond.ac.uk' || email=='benedikt.daurer@diamond.ac.uk' || email=='thomas.thomas@diamond.ac.uk' || email=='vigneshwar.shanmugasundar@diamond.ac.uk' || email=='david.hadley@diamond.ac.uk' || email=='james.gilbert@diamond.ac.uk' || email=='victoria.beilsten-edmands@diamond.ac.uk') && 'GrafanaAdmin' || 'Viewer'
   dashboardProviders:
     dashboardproviders.yaml:
       apiVersion: 1

From f151281581da0b03986d89a8656e3fc7209bbdef Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Wed, 14 Jan 2026 11:49:37 +0000
Subject: [PATCH 7/9] feat(charts): update admin rights in argocd

---
 charts/argocd/values.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/charts/argocd/values.yaml b/charts/argocd/values.yaml
index a599a709d..54bcd6780 100644
--- a/charts/argocd/values.yaml
+++ b/charts/argocd/values.yaml
@@ -30,10 +30,9 @@ argo-cd:
         g, thomas.thomas@diamond.ac.uk, role:admin
         g, vigneshwar.shanmugasundar@diamond.ac.uk, role:admin
         g, david.hadley@diamond.ac.uk, role:admin
-        g, jacob.williamson@diamond.ac.uk, role:admin
-        g, n.leung@diamond.ac.uk, role:admin
         g, james.gilbert@diamond.ac.uk, role:admin
         g, victoria.beilsten-edmands@diamond.ac.uk, role:admin
+        g, teo.ching@diamond.ac.uk, role:admin
 
   repoServer:
     podAnnotations:

From 515fb9619e0cffb535d3622b665f77b494f970bf Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Wed, 14 Jan 2026 11:53:55 +0000
Subject: [PATCH 8/9] Revert "feat(charts): update admin rights in argocd"

This reverts commit f151281581da0b03986d89a8656e3fc7209bbdef.
---
 charts/argocd/values.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/charts/argocd/values.yaml b/charts/argocd/values.yaml
index 54bcd6780..a599a709d 100644
--- a/charts/argocd/values.yaml
+++ b/charts/argocd/values.yaml
@@ -30,9 +30,10 @@ argo-cd:
         g, thomas.thomas@diamond.ac.uk, role:admin
         g, vigneshwar.shanmugasundar@diamond.ac.uk, role:admin
         g, david.hadley@diamond.ac.uk, role:admin
+        g, jacob.williamson@diamond.ac.uk, role:admin
+        g, n.leung@diamond.ac.uk, role:admin
         g, james.gilbert@diamond.ac.uk, role:admin
         g, victoria.beilsten-edmands@diamond.ac.uk, role:admin
-        g, teo.ching@diamond.ac.uk, role:admin
 
   repoServer:
     podAnnotations:

From 91e6c9847c4b1d4a17b7c080eb8aa5122416ae8b Mon Sep 17 00:00:00 2001
From: Sze Ching <teo.ching@diamond.ac.uk>
Date: Wed, 14 Jan 2026 15:36:45 +0000
Subject: [PATCH 9/9] chore(charts): bump version

---
 charts/monitoring/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/monitoring/Chart.yaml b/charts/monitoring/Chart.yaml
index 8bf5e70a8..e5997d895 100644
--- a/charts/monitoring/Chart.yaml
+++ b/charts/monitoring/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: monitoring
 description: A monitoring stack for the workflows deployment
 type: application
-version: 0.1.10
+version: 0.1.11
 dependencies:
   - name: grafana
     repository: https://grafana.github.io/helm-charts