Add support for Grafana Cloud Fleet Management (#1989)

Author: johannaojeling

.github/CODEOWNERS

@@ -4,6 +4,7 @@
 /internal/resources/cloud/*                 @grafana/platform-monitoring @grafana/grafana-com-maintainers
 /internal/resources/cloudprovider/*         @grafana/platform-monitoring @grafana/middleware-apps
 /internal/resources/connections/*           @grafana/platform-monitoring @grafana/middleware-apps
+/internal/resources/fleetmanagement/*       @grafana/platform-monitoring @grafana/fleet-management-backend
 /internal/resources/machinelearning/*       @grafana/platform-monitoring @grafana/machine-learning
 /internal/resources/oncall/*                @grafana/platform-monitoring @grafana/grafana-irm-backend
 /internal/resources/slo/*                   @grafana/platform-monitoring @grafana/slo-squad

.github/workflows/acc-tests.yml

@@ -48,6 +48,8 @@ jobs:
             GRAFANA_CLOUD_PROVIDER_ACCESS_TOKEN=cloudprovider-tests:access-token
             GRAFANA_CLOUD_PROVIDER_AWS_ROLE_ARN=cloudprovider-tests:aws-role-arn
             GRAFANA_CLOUD_PROVIDER_TEST_STACK_ID=cloudprovider-tests:test-stack-id
+            GRAFANA_FLEET_MANAGEMENT_AUTH=cloud-instance-tests:fleet-management-auth
+            GRAFANA_FLEET_MANAGEMENT_URL=cloud-instance-tests:fleet-management-url
       - uses: iFaxity/wait-on-action@a7d13170ec542bdca4ef8ac4b15e9c6aa00a6866 # v1.2.1
         with:
           resource: ${{ env.GRAFANA_URL }}

docs/data-sources/cloud_stack.md

@@ -41,6 +41,10 @@ available at “https://<stack_slug>.grafana.net".
 - `alertmanager_user_id` (Number) User ID of the Alertmanager instance configured for this stack.
 - `cluster_slug` (String) Slug of the cluster where this stack resides.
 - `description` (String) Description of stack.
+- `fleet_management_name` (String) Name of the Fleet Management instance configured for this stack.
+- `fleet_management_status` (String) Status of the Fleet Management instance configured for this stack.
+- `fleet_management_url` (String) Base URL of the Fleet Management instance configured for this stack.
+- `fleet_management_user_id` (Number) User ID of the Fleet Management instance configured for this stack.
 - `graphite_name` (String)
 - `graphite_status` (String)
 - `graphite_url` (String)

docs/index.md

@@ -255,6 +255,8 @@ resource "grafana_oncall_escalation" "example_notify_step" {
 - `cloud_provider_url` (String) A Grafana Cloud Provider backend address. May alternatively be set via the `GRAFANA_CLOUD_PROVIDER_URL` environment variable.
 - `connections_api_access_token` (String, Sensitive) A Grafana Connections API access token. May alternatively be set via the `GRAFANA_CONNECTIONS_API_ACCESS_TOKEN` environment variable.
 - `connections_api_url` (String) A Grafana Connections API address. May alternatively be set via the `GRAFANA_CONNECTIONS_API_URL` environment variable.
+- `fleet_management_auth` (String, Sensitive) A Grafana Fleet Management basic auth in the `username:password` format. May alternatively be set via the `GRAFANA_FLEET_MANAGEMENT_AUTH` environment variable.
+- `fleet_management_url` (String) A Grafana Fleet Management API address. May alternatively be set via the `GRAFANA_FLEET_MANAGEMENT_URL` environment variable.
 - `http_headers` (Map of String, Sensitive) Optional. HTTP headers mapping keys to values used for accessing the Grafana and Grafana Cloud APIs. May alternatively be set via the `GRAFANA_HTTP_HEADERS` environment variable in JSON format.
 - `insecure_skip_verify` (Boolean) Skip TLS certificate verification. May alternatively be set via the `GRAFANA_INSECURE_SKIP_VERIFY` environment variable.
 - `oncall_access_token` (String, Sensitive) A Grafana OnCall access token. May alternatively be set via the `GRAFANA_ONCALL_ACCESS_TOKEN` environment variable.
@@ -450,6 +452,91 @@ provider "grafana" {
 }
 ```
 
+### Managing Grafana Fleet Management
+
+```terraform
+// Variables
+variable "cloud_access_policy_token" {
+  type        = string
+  description = "Cloud access policy token with scopes: accesspolicies:read|write|delete, stacks:read"
+}
+
+variable "stack_slug" {
+  type        = string
+  description = "Subdomain that the Grafana Cloud instance is available at: https://<stack_slug>.grafana.net"
+}
+
+// Step 1: Retrieve stack details
+provider "grafana" {
+  alias = "cloud"
+
+  cloud_access_policy_token = var.cloud_access_policy_token
+}
+
+data "grafana_cloud_stack" "stack" {
+  provider = grafana.cloud
+
+  slug = var.stack_slug
+}
+
+// Step 2: Create an access policy and token for Fleet Management
+resource "grafana_cloud_access_policy" "policy" {
+  provider = grafana.cloud
+
+  name   = "fleet-management-policy"
+  region = data.grafana_cloud_stack.stack.region_slug
+
+  scopes = [
+    "fleet-management:read",
+    "fleet-management:write"
+  ]
+
+  realm {
+    type       = "stack"
+    identifier = data.grafana_cloud_stack.stack.id
+  }
+}
+
+resource "grafana_cloud_access_policy_token" "token" {
+  provider = grafana.cloud
+
+  name             = "fleet-management-token"
+  region           = grafana_cloud_access_policy.policy.region
+  access_policy_id = grafana_cloud_access_policy.policy.policy_id
+}
+
+// Step 3: Interact with Fleet Management
+provider "grafana" {
+  alias = "fm"
+
+  fleet_management_auth = "${data.grafana_cloud_stack.stack.fleet_management_user_id}:${grafana_cloud_access_policy_token.token.token}"
+  fleet_management_url  = data.grafana_cloud_stack.stack.fleet_management_url
+}
+
+resource "grafana_fleet_management_collector" "collector" {
+  provider = grafana.fm
+
+  id = "my_collector"
+  remote_attributes = {
+    "env"   = "PROD",
+    "owner" = "TEAM-A"
+  }
+  enabled = true
+}
+
+resource "grafana_fleet_management_pipeline" "pipeline" {
+  provider = grafana.fm
+
+  name     = "my_pipeline"
+  contents = file("config.alloy")
+  matchers = [
+    "collector.os=\"linux\"",
+    "env=\"PROD\""
+  ]
+  enabled = true
+}
+```
+
 ## Authentication
 
 One, or many, of the following authentication settings must be set. Each authentication setting allows a subset of resources to be used
@@ -483,3 +570,10 @@ To create one, follow the instructions in the [obtaining cloud provider access t
 An access policy token created on the [Grafana Cloud Portal](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/using-an-access-policy-token/) to manage
 connections resources, such as Metrics Endpoint jobs.
 For guidance on creating one, see section [obtaining connections access token](#obtaining-connections-access-token).
+
+### `fleet_management_auth`
+
+[Grafana Fleet Management](https://grafana.com/docs/grafana-cloud/send-data/fleet-management/api-reference/)
+uses basic auth to allow access to the API, where the username is the Fleet Management instance ID and the
+password is the API token. You can access the instance ID and request a new Fleet Management API token on the
+Connections -> Collector -> Fleet Management page, in the API tab.

docs/resources/cloud_stack.md

@@ -53,6 +53,10 @@ resource "grafana_cloud_stack" "test" {
 - `alertmanager_url` (String) Base URL of the Alertmanager instance configured for this stack.
 - `alertmanager_user_id` (Number) User ID of the Alertmanager instance configured for this stack.
 - `cluster_slug` (String) Slug of the cluster where this stack resides.
+- `fleet_management_name` (String) Name of the Fleet Management instance configured for this stack.
+- `fleet_management_status` (String) Status of the Fleet Management instance configured for this stack.
+- `fleet_management_url` (String) Base URL of the Fleet Management instance configured for this stack.
+- `fleet_management_user_id` (Number) User ID of the Fleet Management instance configured for this stack.
 - `graphite_name` (String)
 - `graphite_status` (String)
 - `graphite_url` (String)

docs/resources/fleet_management_collector.md

@@ -0,0 +1,58 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_fleet_management_collector Resource - terraform-provider-grafana"
+subcategory: "Fleet Management"
+description: |-
+  Manages Grafana Fleet Management collectors.
+  Official documentation https://grafana.com/docs/grafana-cloud/send-data/fleet-management/API documentation https://grafana.com/docs/grafana-cloud/send-data/fleet-management/api-reference/collector-api/
+  Note: Fleet Management is in public preview https://grafana.com/docs/release-life-cycle/#public-preview and this resource is experimental. Grafana Labs offers limited support, and breaking changes might occur.
+  Required access policy scopes:
+  fleet-management:readfleet-management:write
+---
+
+# grafana_fleet_management_collector (Resource)
+
+Manages Grafana Fleet Management collectors.
+
+* [Official documentation](https://grafana.com/docs/grafana-cloud/send-data/fleet-management/)
+* [API documentation](https://grafana.com/docs/grafana-cloud/send-data/fleet-management/api-reference/collector-api/)
+
+**Note:** Fleet Management is in [public preview](https://grafana.com/docs/release-life-cycle/#public-preview) and this resource is experimental. Grafana Labs offers limited support, and breaking changes might occur.
+
+Required access policy scopes:
+
+* fleet-management:read
+* fleet-management:write
+
+## Example Usage
+
+```terraform
+resource "grafana_fleet_management_collector" "test" {
+  id = "my_collector"
+  remote_attributes = {
+    "env"   = "PROD",
+    "owner" = "TEAM-A"
+  }
+  enabled = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) ID of the collector
+
+### Optional
+
+- `enabled` (Boolean) Whether the collector is enabled or not
+- `remote_attributes` (Map of String) Remote attributes for the collector
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import grafana_fleet_management_collector.name "{{ id }}"
+```

docs/resources/fleet_management_pipeline.md

@@ -0,0 +1,64 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_fleet_management_pipeline Resource - terraform-provider-grafana"
+subcategory: "Fleet Management"
+description: |-
+  Manages Grafana Fleet Management pipelines.
+  Official documentation https://grafana.com/docs/grafana-cloud/send-data/fleet-management/API documentation https://grafana.com/docs/grafana-cloud/send-data/fleet-management/api-reference/pipeline-api/
+  Note: Fleet Management is in public preview https://grafana.com/docs/release-life-cycle/#public-preview and this resource is experimental. Grafana Labs offers limited support, and breaking changes might occur.
+  Required access policy scopes:
+  fleet-management:readfleet-management:write
+---
+
+# grafana_fleet_management_pipeline (Resource)
+
+Manages Grafana Fleet Management pipelines.
+
+* [Official documentation](https://grafana.com/docs/grafana-cloud/send-data/fleet-management/)
+* [API documentation](https://grafana.com/docs/grafana-cloud/send-data/fleet-management/api-reference/pipeline-api/)
+
+**Note:** Fleet Management is in [public preview](https://grafana.com/docs/release-life-cycle/#public-preview) and this resource is experimental. Grafana Labs offers limited support, and breaking changes might occur.
+
+Required access policy scopes:
+
+* fleet-management:read
+* fleet-management:write
+
+## Example Usage
+
+```terraform
+resource "grafana_fleet_management_pipeline" "test" {
+  name     = "my_pipeline"
+  contents = file("config.alloy")
+  matchers = [
+    "collector.os=~\".*\"",
+    "env=\"PROD\""
+  ]
+  enabled = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `contents` (String) Configuration contents of the pipeline to be used by collectors
+- `name` (String) Name of the pipeline which is the unique identifier for the pipeline
+
+### Optional
+
+- `enabled` (Boolean) Whether the pipeline is enabled for collectors
+- `matchers` (List of String) Used to match against collectors and assign pipelines to them; follows the syntax of Prometheus Alertmanager matchers
+
+### Read-Only
+
+- `id` (String) Server-assigned ID of the pipeline
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import grafana_fleet_management_pipeline.name "{{ name }}"
+```

examples/provider/provider-fleet-management.tf

@@ -0,0 +1,80 @@
+// Variables
+variable "cloud_access_policy_token" {
+  type        = string
+  description = "Cloud access policy token with scopes: accesspolicies:read|write|delete, stacks:read"
+}
+
+variable "stack_slug" {
+  type        = string
+  description = "Subdomain that the Grafana Cloud instance is available at: https://<stack_slug>.grafana.net"
+}
+
+// Step 1: Retrieve stack details
+provider "grafana" {
+  alias = "cloud"
+
+  cloud_access_policy_token = var.cloud_access_policy_token
+}
+
+data "grafana_cloud_stack" "stack" {
+  provider = grafana.cloud
+
+  slug = var.stack_slug
+}
+
+// Step 2: Create an access policy and token for Fleet Management
+resource "grafana_cloud_access_policy" "policy" {
+  provider = grafana.cloud
+
+  name   = "fleet-management-policy"
+  region = data.grafana_cloud_stack.stack.region_slug
+
+  scopes = [
+    "fleet-management:read",
+    "fleet-management:write"
+  ]
+
+  realm {
+    type       = "stack"
+    identifier = data.grafana_cloud_stack.stack.id
+  }
+}
+
+resource "grafana_cloud_access_policy_token" "token" {
+  provider = grafana.cloud
+
+  name             = "fleet-management-token"
+  region           = grafana_cloud_access_policy.policy.region
+  access_policy_id = grafana_cloud_access_policy.policy.policy_id
+}
+
+// Step 3: Interact with Fleet Management
+provider "grafana" {
+  alias = "fm"
+
+  fleet_management_auth = "${data.grafana_cloud_stack.stack.fleet_management_user_id}:${grafana_cloud_access_policy_token.token.token}"
+  fleet_management_url  = data.grafana_cloud_stack.stack.fleet_management_url
+}
+
+resource "grafana_fleet_management_collector" "collector" {
+  provider = grafana.fm
+
+  id = "my_collector"
+  remote_attributes = {
+    "env"   = "PROD",
+    "owner" = "TEAM-A"
+  }
+  enabled = true
+}
+
+resource "grafana_fleet_management_pipeline" "pipeline" {
+  provider = grafana.fm
+
+  name     = "my_pipeline"
+  contents = file("config.alloy")
+  matchers = [
+    "collector.os=\"linux\"",
+    "env=\"PROD\""
+  ]
+  enabled = true
+}

examples/resources/grafana_fleet_management_collector/import.sh

@@ -0,0 +1 @@
+terraform import grafana_fleet_management_collector.name "{{ id }}"

examples/resources/grafana_fleet_management_collector/resource.tf

@@ -0,0 +1,8 @@
+resource "grafana_fleet_management_collector" "test" {
+  id = "my_collector"
+  remote_attributes = {
+    "env"   = "PROD",
+    "owner" = "TEAM-A"
+  }
+  enabled = true
+}