Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support grafana_user for cloud stack #1984

Open
jaisharma639 opened this issue Jan 17, 2025 · 1 comment
Open

Support grafana_user for cloud stack #1984

jaisharma639 opened this issue Jan 17, 2025 · 1 comment
Assignees
@colin-stuart @volcanonoodle

Comments

@jaisharma639
Copy link

Feature Request

The resource (and data source) grafana_user is currently only supported for self hosted Grafana installation and doesn't work with cloud stack. The challenge being that calling the underlying api requires basic auth which isn't supported for cloud enterprise stack. With service account api token having Admin privileges, I get:
You'll need additional permissions to perform this action. Permissions needed: users:read

Use Case:

  • Trying to provide RBAC at datasource level using grafana_data_source_permission requires referencing the user.id attribute. In our case, we need to lookup the user id in Grafana using users' email id
data "grafana_user" "user" {
  email    = "[email protected]"
}

data "grafana_data_source" "foo" {
  name     = "my-datasource"
}

resource "grafana_data_source_permission" "fooPermissions" {
  datasource_uid = grafana_data_source.foo.uid
  permissions {
    user_id    = grafana_user.user.id
    permission = "Edit"
  }
}
  • Doing similar RBAC for dashboard folders requires looking up user id

Solution/Feature request
The api that grafana_user uses the api /api/users/[email protected] which restricts access to basic auth.

Proposal is to create another terraform resource (and data source) which uses the api /api/org/[email protected]. The resource can be named grafana_user_org or grafana_user_cloud.

Workaround:
We have used terraform http as a workaround that calls the api mentioned in proposal section. The api looks up user accepting email id and yields user id as response to be further consumed for providing RBAC to datasource.

Please let me know if this feature request is an acceptable addition to enhancing Grafana terraform. If yes, I'd like to contribute to the repository.
@vtorosyan
Copy link
Contributor

Thank you for contribution and creating the issue. While we would like to prevent provisioning of Cloud users through terraform, using already provisioned users totally makes sense.

We are looking into adding an enhancement which will allow to import/use users provisioned in Grafana Cloud so that they can be used in other resource provisioning, like shared in the example.

@colin-stuart colin-stuart self-assigned this Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@colin-stuart colin-stuart

@volcanonoodle volcanonoodle

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vtorosyan @jaisharma639 @colin-stuart @volcanonoodle