feat: Add Frontend Observability provider (#2001)

This commit adds the groundwork to support Frontend Observability as
code. More specificailly, the change contains

1. A Go HTTP client that consumes the Apps API (Create/Read/Update/Delete)
2. Data Source and Resource version of the Frontend Observability App
   entity.

Author: kpelelis

.github/CODEOWNERS

@@ -5,6 +5,7 @@
 /internal/resources/cloudprovider/*         @grafana/platform-monitoring @grafana/middleware-apps
 /internal/resources/connections/*           @grafana/platform-monitoring @grafana/middleware-apps
 /internal/resources/fleetmanagement/*       @grafana/platform-monitoring @grafana/fleet-management-backend
+/internal/resources/frontendo11y/*          @grafana/platform-monitoring @grafana/frontend-o11y
 /internal/resources/machinelearning/*       @grafana/platform-monitoring @grafana/machine-learning
 /internal/resources/oncall/*                @grafana/platform-monitoring @grafana/grafana-irm-backend
 /internal/resources/slo/*                   @grafana/platform-monitoring @grafana/slo-squad

docs/data-sources/frontend_o11y_app.md

@@ -0,0 +1,41 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_frontend_o11y_app Data Source - terraform-provider-grafana"
+subcategory: "Frontend Observability"
+description: |-
+  
+---
+
+# grafana_frontend_o11y_app (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "grafana_cloud_stack" "teststack" {
+  provider = grafana.cloud
+  name     = "gcloudstacktest"
+}
+
+data "grafana_frontend_o11y_app" "test-app" {
+  provider = grafana.cloud
+  stack_id = data.grafana_cloud_stack.teststack.id
+  name     = "test-app"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the Frontend Observability App. Part of the Terraform Resource ID.
+- `stack_id` (Number) The Stack ID of the Grafana Cloud instance. Part of the Terraform Resource ID.
+
+### Read-Only
+
+- `allowed_origins` (List of String) A list of allowed origins for CORS.
+- `extra_log_attributes` (Map of String) The extra attributes to append in each signal.
+- `id` (Number) The Terraform Resource ID. This auto-generated from Frontend Observability API.
+- `settings` (Map of String) The settings of the Frontend Observability App.

docs/index.md

@@ -242,6 +242,26 @@ resource "grafana_oncall_escalation" "example_notify_step" {
 }
 ```
 
+### Managing Frontend Observability
+
+#### Obtaining Frontend Observability Access Token
+
+Before using the Terraform Provider to manage Grafana Frontend Observability resources, such as your apps, you need to create an access policy token on the Grafana Cloud Portal. This token is used to authenticate the provider to the Grafana Frontend Observability API.
+[These docs](https://grafana.com/docs/grafana-cloud/security-and-account-management/authentication-and-permissions/access-policies/using-an-access-policy-token/#create-an-access-policy-for-a-stack) will guide you on how to create
+an access policy. The required permissions, or scopes, are `frontend-observability:read`, `frontend-observability:write`, `frontend-observability:delete` and `stacks:read`.
+
+You can also use the `cloud_access_policy_token` provided it has the aforementioned scopes included.
+
+#### Configuring the Provider to use the Frontend Observability API
+
+Once you have the token you can configure the provider as follows:
+
+```hcl
+provider "grafana" {
+  frontend_o11y_api_access_token = "<Access Token from previous step>"
+}
+```
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
@@ -257,6 +277,7 @@ resource "grafana_oncall_escalation" "example_notify_step" {
 - `connections_api_url` (String) A Grafana Connections API address. May alternatively be set via the `GRAFANA_CONNECTIONS_API_URL` environment variable.
 - `fleet_management_auth` (String, Sensitive) A Grafana Fleet Management basic auth in the `username:password` format. May alternatively be set via the `GRAFANA_FLEET_MANAGEMENT_AUTH` environment variable.
 - `fleet_management_url` (String) A Grafana Fleet Management API address. May alternatively be set via the `GRAFANA_FLEET_MANAGEMENT_URL` environment variable.
+- `frontend_o11y_api_access_token` (String, Sensitive) A Grafana Frontend Observability API access token. May alternatively be set via the `GRAFANA_FRONTEND_O11Y_API_ACCESS_TOKEN` environment variable.
 - `http_headers` (Map of String, Sensitive) Optional. HTTP headers mapping keys to values used for accessing the Grafana and Grafana Cloud APIs. May alternatively be set via the `GRAFANA_HTTP_HEADERS` environment variable in JSON format.
 - `insecure_skip_verify` (Boolean) Skip TLS certificate verification. May alternatively be set via the `GRAFANA_INSECURE_SKIP_VERIFY` environment variable.
 - `oncall_access_token` (String, Sensitive) A Grafana OnCall access token. May alternatively be set via the `GRAFANA_ONCALL_ACCESS_TOKEN` environment variable.
@@ -577,3 +598,8 @@ For guidance on creating one, see section [obtaining connections access token](#
 uses basic auth to allow access to the API, where the username is the Fleet Management instance ID and the
 password is the API token. You can access the instance ID and request a new Fleet Management API token on the
 Connections -> Collector -> Fleet Management page, in the API tab.
+
+### `frontend_o11y_access_token`
+
+An access policy token created on the [Grafana Cloud Portal](https://grafana.com/docs/grafana-cloud/security-and-account-management/authentication-and-permissions/access-policies/) to manage Frontend Observability apps.
+For guidance on creating one, see section [obtaining Frontend Observability access token](#obtaining-frontend-observability-access-token).

docs/resources/frontend_o11y_app.md

@@ -0,0 +1,58 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_frontend_o11y_app Resource - terraform-provider-grafana"
+subcategory: "Frontend Observability"
+description: |-
+  
+---
+
+# grafana_frontend_o11y_app (Resource)
+
+
+
+## Example Usage
+
+```terraform
+data "grafana_cloud_stack" "teststack" {
+  provider = grafana.cloud
+  name     = "gcloudstacktest"
+}
+
+resource "grafana_frontend_o11y_app" "test-app" {
+  provider        = grafana.cloud
+  stack_id        = data.grafana_cloud_stack.teststack.id
+  name            = "test-app"
+  allowed_origins = ["https://grafana.com"]
+
+  extra_log_attributes = {
+    "terraform" : "true"
+  }
+
+  settings = {
+    "geolocation.enabled" : "1"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `allowed_origins` (List of String) A list of allowed origins for CORS.
+- `extra_log_attributes` (Map of String) The extra attributes to append in each signal.
+- `name` (String) The name of Frontend Observability App. Part of the Terraform Resource ID.
+- `settings` (Map of String) The key-value settings of the Frontend Observability app. Available Settings: `{combineLabData=(0|1)}`
+- `stack_id` (Number) The Stack ID of the Grafana Cloud instance. Part of the Terraform Resource ID.
+
+### Read-Only
+
+- `id` (Number) The Terraform Resource ID. This is auto-generated from Frontend Observability API.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import grafana_frontend_o11y_app.name "{{ stack_id }}:{{ name }}"
+```

examples/data-sources/grafana_frontend_o11y_app/data-source.tf

@@ -0,0 +1,10 @@
+data "grafana_cloud_stack" "teststack" {
+  provider = grafana.cloud
+  name     = "gcloudstacktest"
+}
+
+data "grafana_frontend_o11y_app" "test-app" {
+  provider = grafana.cloud
+  stack_id = data.grafana_cloud_stack.teststack.id
+  name     = "test-app"
+}

examples/data-sources/grafana_frontend_o11y_app/import.sh

@@ -0,0 +1 @@
+terraform import grafana_frontend_o11y_app.name "{{ stack_id }}:{{ name }}"

examples/resources/grafana_frontend_o11y_app/import.sh

@@ -0,0 +1 @@
+terraform import grafana_frontend_o11y_app.name "{{ stack_id }}:{{ name }}"

examples/resources/grafana_frontend_o11y_app/resource.tf

@@ -0,0 +1,19 @@
+data "grafana_cloud_stack" "teststack" {
+  provider = grafana.cloud
+  name     = "gcloudstacktest"
+}
+
+resource "grafana_frontend_o11y_app" "test-app" {
+  provider        = grafana.cloud
+  stack_id        = data.grafana_cloud_stack.teststack.id
+  name            = "test-app"
+  allowed_origins = ["https://grafana.com"]
+
+  extra_log_attributes = {
+    "terraform" : "true"
+  }
+
+  settings = {
+    "geolocation.enabled" : "1"
+  }
+}

internal/common/client.go

@@ -15,6 +15,7 @@ import (
 	"github.com/grafana/terraform-provider-grafana/v3/internal/common/cloudproviderapi"
 	"github.com/grafana/terraform-provider-grafana/v3/internal/common/fleetmanagementapi"
 
+	"github.com/grafana/terraform-provider-grafana/v3/internal/common/frontendo11yapi"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
@@ -35,6 +36,7 @@ type Client struct {
 	CloudProviderAPI      *cloudproviderapi.Client
 	ConnectionsAPIClient  *connectionsapi.Client
 	FleetManagementClient *fleetmanagementapi.Client
+	FrontendO11yAPIClient *frontendo11yapi.Client
 
 	alertingMutex sync.Mutex
 }