search

grafana / terraform-provider-grafana

Terraform Grafana provider
https://www.terraform.io/docs/providers/grafana/
Mozilla Public License 2.0
422 stars 225 forks source link

[Bug]: data source grafana_users global scope error #1734

Open N3X14 opened 1 month ago

N3X14 commented 1 month ago

Terraform Version

v1.9.3

Terraform Grafana Provider Version

3.6.0

Grafana Version

Grafana v11.2.0-73830 (8d98c9eba7)

Affected Resource(s)

data.grafana_users

Terraform Configuration Files


provider "grafana" {
  alias = "serviceaccount"

  url  = grafana_cloud_stack.main.url
  auth = grafana_cloud_stack_service_account_token.cloud_sa.key
}

data "grafana_users" "all_users" {
  provider = grafana.serviceaccount
}

Expected Behavior

No error should be returned and the requested data should be made available for consumption.

Actual Behavior

Error: global scope resources cannot be managed with an API key. Use basic auth instead

with data.grafana_users.all_users, on data.tf line 21, in data "grafana_users" "all_users": 21: data "grafana_users" "all_users" {

Steps to Reproduce

  1. Create a new project
  2. Create a service_account based provider configuration
  3. Add the data source
  4. terraform plan/apply to get the error

Important Factoids

Using Grafana Cloud. Creating a user in grafana.net and using basicAuth errors in 401 suggesting that's not working/available either. This is an all new project, there's no interfering state.

References

No response

julienduchesne commented 1 month ago

Can you describe your intended use of the provider? Users are not queryable in Grafana Cloud right now because they are provisioned externally

N3X14 commented 1 month ago

Sure thing. I'm trying to provision the whole stack (folders, folder_permissions, etc.) based on the users email addresses. We're using OAuth for login and basically all I need would be to provide an email and get the user_id in return. That was my intended use-case for this datasource.

Not sure if I missed what you're describing in the documentation, but I'm pretty certain that was not mentioned there?

Thanks!

N3X14 commented 1 month ago

In particular here: Grafana Cloud Docs It mentions that it would be available using basicAuth? Hella confusing with the various authentication options.

julienduchesne commented 1 month ago

It mentions that it would be available using basicAuth?

Yeah, basicAuth would be user:password which isn't available in Grafana Cloud. I will take a look if it's possible to search users with a service account token. Weird that it has never come up before 🤔

N3X14 commented 1 month ago

Yeap, tried that as well (user:password). Given it was referenced in the documentation I suspected they have some sync from grafana.net to the individual stacks to make that work. Kinda odd that basicAuth is mentioned quite a lot in Grafana Cloud docs if it's not even available in the first place x.x

cfarrugia commented 1 month ago

Hit the same exact problem today. I've tried using a cloud_access_policy_token in the provider (i use this successfully to create things like stacks themselves), and then the error changed to: "the Grafana client is required for this resource. Set the auth and url provider attributes"

julienduchesne commented 1 month ago

👍. Grafana Cloud has an API to get a stack's users. I am looking into integrating it in the provider. Probably as a new datasource: data.grafana_cloud_stack_users

N3X14 commented 1 month ago

Much appreciated!

julienduchesne commented 1 month ago

For info, this is the API call that can be used: https://github.com/grafana/grafana-com-public-clients/blob/ac10800522a38443066abcca234272895af2c569/go/gcom/api_instances.go#L2281-L2288