Add PDC network and PDC network token resources (#1975)

* Add PDC network and PDC network token resources

- Add resource lister function that will return a slice of resources

* Support PDC in data sources

* Add examples and generate docs

* Regen

* Update data source property name

* Add PDC network data sources

* Rename resources for clarity

- Tidy up property names

* Some more naming updates

* Update docs

* Fix pdc network Id check

* Update docs and add test

* Docs update

* Add reference to access policies naming reqs

* Minor updates for type names and docs

* Fix replace

* Fix warning

* Suppress pdc diffs

* Remove resource lister

* Remove type

Author: aangelisc

docs/data-sources/cloud_private_data_source_connect_networks.md

@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_cloud_private_data_source_connect_networks Data Source - terraform-provider-grafana"
+subcategory: "Cloud"
+description: |-
+  Fetches Private Data source Connect networks from Grafana Cloud.
+  Official documentation https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/API documentation https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-access-policies
+  Required access policy scopes:
+  accesspolicies:read
+---
+
+# grafana_cloud_private_data_source_connect_networks (Data Source)
+
+Fetches Private Data source Connect networks from Grafana Cloud.
+
+* [Official documentation](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/)
+* [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-access-policies)
+
+Required access policy scopes:
+
+* accesspolicies:read
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `name_filter` (String) If set, only private data source connect networks with the specified name will be returned. This is faster than filtering in Terraform.
+- `region_filter` (String) If set, only private data source connect networks in the specified region will be returned. This is faster than filtering in Terraform.
+
+### Read-Only
+
+- `id` (String) The ID of this datasource. This is an internal identifier used by the provider to track this datasource.
+- `private_data_source_connect_networks` (Set of Object) (see [below for nested schema](#nestedatt--private_data_source_connect_networks))
+
+<a id="nestedatt--private_data_source_connect_networks"></a>
+### Nested Schema for `private_data_source_connect_networks`
+
+Read-Only:
+
+- `display_name` (String)
+- `id` (String)
+- `name` (String)
+- `region` (String)
+- `status` (String)

docs/data-sources/data_source.md

@@ -59,6 +59,7 @@ data "grafana_data_source" "from_uid" {
 - `id` (String) The ID of this resource.
 - `is_default` (Boolean) Whether to set the data source as default. This should only be `true` to a single data source.
 - `json_data_encoded` (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
+- `private_data_source_connect_network_id` (String) (Can only be used with data sources in Grafana Cloud) The ID of the Private Data source Connect network to use with this data source.
 - `type` (String) The data source type. Must be one of the supported data source keywords.
 - `url` (String) The URL for the data source. The type of URL required varies depending on the chosen data source type.
 - `username` (String) (Required by some data source types) The username to use to authenticate to the data source.

docs/resources/cloud_private_data_source_connect_network.md

@@ -0,0 +1,70 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_cloud_private_data_source_connect_network Resource - terraform-provider-grafana"
+subcategory: "Cloud"
+description: |-
+  Official documentation https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/API documentation https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-an-access-policy
+  Required access policy scopes:
+  accesspolicies:readaccesspolicies:writeaccesspolicies:delete
+---
+
+# grafana_cloud_private_data_source_connect_network (Resource)
+
+* [Official documentation](https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/)
+* [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-an-access-policy)
+
+Required access policy scopes:
+
+* accesspolicies:read
+* accesspolicies:write
+* accesspolicies:delete
+
+## Example Usage
+
+```terraform
+data "grafana_cloud_stack" "current" {
+  slug = "<your slug>"
+}
+
+resource "grafana_cloud_private_data_source_connect_network" "test" {
+  region           = "us"
+  name             = "my-pdc"
+  display_name     = "My PDC"
+  stack_identifier = data.grafana_cloud_stack.current.id
+}
+
+resource "grafana_cloud_private_data_source_connect_network_token" "test" {
+  pdc_network_id = grafana_cloud_private_data_source_connect_network.test.pdc_network_id
+  region         = grafana_cloud_private_data_source_connect_network.test.region
+  name           = "my-pdc-token"
+  display_name   = "My PDC Token"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the PDC network.**Note:** The name must be lowercase and can contain hyphens or underscores. See full requirements here: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#request-body
+- `region` (String) The region where your stack is deployed. Use the instances list API to get the region for your instance - use the regionSlug property: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-stacks
+- `stack_identifier` (String) The identifier of the stack.
+
+### Optional
+
+- `display_name` (String) Display name of the PDC network. Defaults to the name.
+
+### Read-Only
+
+- `created_at` (String) Creation date of the private data source connect network.
+- `id` (String) The ID of this resource.
+- `pdc_network_id` (String) ID of the private data source connect network.
+- `updated_at` (String) Last update date of the private data source connect network.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import grafana_cloud_private_data_source_connect_network.name "{{ region }}:{{ policyId }}"
+```

docs/resources/cloud_private_data_source_connect_network_token.md

@@ -0,0 +1,71 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_cloud_private_data_source_connect_network_token Resource - terraform-provider-grafana"
+subcategory: "Cloud"
+description: |-
+  Official documentation https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/API documentation https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-a-token
+  Required access policy scopes:
+  accesspolicies:readaccesspolicies:writeaccesspolicies:delete
+---
+
+# grafana_cloud_private_data_source_connect_network_token (Resource)
+
+* [Official documentation](https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/)
+* [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-a-token)
+
+Required access policy scopes:
+
+* accesspolicies:read
+* accesspolicies:write
+* accesspolicies:delete
+
+## Example Usage
+
+```terraform
+data "grafana_cloud_stack" "current" {
+  slug = "<your slug>"
+}
+
+resource "grafana_cloud_private_data_source_connect_network" "test" {
+  region           = "us"
+  name             = "my-pdc"
+  display_name     = "My PDC"
+  stack_identifier = data.grafana_cloud_stack.current.id
+}
+
+resource "grafana_cloud_private_data_source_connect_network_token" "test" {
+  pdc_network_id = grafana_cloud_private_data_source_connect_network.test.pdc_network_id
+  region         = grafana_cloud_private_data_source_connect_network.test.region
+  name           = "my-pdc-token"
+  display_name   = "My PDC Token"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the private data source network token.
+- `pdc_network_id` (String) ID of the private data source network for which to create a token.
+- `region` (String) Region of the private data source network. Should be set to the same region as the private data source network. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions.
+
+### Optional
+
+- `display_name` (String) Display name of the private data source network token. Defaults to the name.
+- `expires_at` (String) Expiration date of the private data source network token. Does not expire by default.
+
+### Read-Only
+
+- `created_at` (String) Creation date of the private data source network token.
+- `id` (String) The ID of this resource.
+- `token` (String, Sensitive)
+- `updated_at` (String) Last update date of the private data source network token.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import grafana_cloud_private_data_source_connect_network_token.name "{{ region }}:{{ tokenId }}"
+```

docs/resources/data_source.md

@@ -116,6 +116,7 @@ resource "grafana_data_source" "prometheus" {
 - `is_default` (Boolean) Whether to set the data source as default. This should only be `true` to a single data source. Defaults to `false`.
 - `json_data_encoded` (String) Serialized JSON string containing the json data. This attribute can be used to pass configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
 - `org_id` (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+- `private_data_source_connect_network_id` (String) (Can only be used with data sources in Grafana Cloud) The ID of the Private Data source Connect network to use with this data source. Defaults to ``.
 - `secure_json_data_encoded` (String, Sensitive) Serialized JSON string containing the secure json data. This attribute can be used to pass secure configuration options to the data source. To figure out what options a datasource has available, see its docs or inspect the network data when saving it from the Grafana UI. Note that keys in this map are usually camelCased.
 - `uid` (String) Unique identifier. If unset, this will be automatically generated.
 - `url` (String) The URL for the data source. The type of URL required varies depending on the chosen data source type.

examples/resources/grafana_cloud_private_data_source_connect_network/import.sh

@@ -0,0 +1 @@
+terraform import grafana_cloud_private_data_source_connect_network.name "{{ region }}:{{ policyId }}"

examples/resources/grafana_cloud_private_data_source_connect_network/resource.tf

@@ -0,0 +1,17 @@
+data "grafana_cloud_stack" "current" {
+  slug = "<your slug>"
+}
+
+resource "grafana_cloud_private_data_source_connect_network" "test" {
+  region           = "us"
+  name             = "my-pdc"
+  display_name     = "My PDC"
+  stack_identifier = data.grafana_cloud_stack.current.id
+}
+
+resource "grafana_cloud_private_data_source_connect_network_token" "test" {
+  pdc_network_id = grafana_cloud_private_data_source_connect_network.test.pdc_network_id
+  region         = grafana_cloud_private_data_source_connect_network.test.region
+  name           = "my-pdc-token"
+  display_name   = "My PDC Token"
+}

examples/resources/grafana_cloud_private_data_source_connect_network_token/import.sh

@@ -0,0 +1 @@
+terraform import grafana_cloud_private_data_source_connect_network_token.name "{{ region }}:{{ tokenId }}"

examples/resources/grafana_cloud_private_data_source_connect_network_token/resource.tf

@@ -0,0 +1,17 @@
+data "grafana_cloud_stack" "current" {
+  slug = "<your slug>"
+}
+
+resource "grafana_cloud_private_data_source_connect_network" "test" {
+  region           = "us"
+  name             = "my-pdc"
+  display_name     = "My PDC"
+  stack_identifier = data.grafana_cloud_stack.current.id
+}
+
+resource "grafana_cloud_private_data_source_connect_network_token" "test" {
+  pdc_network_id = grafana_cloud_private_data_source_connect_network.test.pdc_network_id
+  region         = grafana_cloud_private_data_source_connect_network.test.region
+  name           = "my-pdc-token"
+  display_name   = "My PDC Token"
+}

internal/resources/cloud/data_source_private_data_source_connect_network.go

@@ -0,0 +1,130 @@
+package cloud
+
+import (
+	"context"
+
+	"github.com/grafana/terraform-provider-grafana/v3/internal/common"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var dataSourcePrivateDataSourceConnectNetworksName = "grafana_cloud_private_data_source_connect_networks"
+
+func datasourcePrivateDataSourceConnectNetworks() *common.DataSource {
+	return common.NewDataSource(
+		common.CategoryCloud,
+		dataSourcePrivateDataSourceConnectNetworksName,
+		&PDCNetworksDataSource{},
+	)
+}
+
+type PDCNetworksDataSource struct {
+	basePluginFrameworkDataSource
+}
+
+func (r *PDCNetworksDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = dataSourcePrivateDataSourceConnectNetworksName
+}
+
+func (r *PDCNetworksDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		MarkdownDescription: `
+Fetches Private Data source Connect networks from Grafana Cloud.
+
+* [Official documentation](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/)
+* [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-access-policies)
+
+Required access policy scopes:
+
+* accesspolicies:read`,
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Computed:    true,
+				Description: "The ID of this datasource. This is an internal identifier used by the provider to track this datasource.",
+			},
+			"region_filter": schema.StringAttribute{
+				Optional:    true,
+				Description: "If set, only private data source connect networks in the specified region will be returned. This is faster than filtering in Terraform.",
+			},
+			"name_filter": schema.StringAttribute{
+				Optional:    true,
+				Description: "If set, only private data source connect networks with the specified name will be returned. This is faster than filtering in Terraform.",
+			},
+			"private_data_source_connect_networks": schema.SetAttribute{
+				Computed: true,
+				ElementType: types.ObjectType{
+					AttrTypes: map[string]attr.Type{
+						"id":           types.StringType,
+						"region":       types.StringType,
+						"name":         types.StringType,
+						"display_name": types.StringType,
+						"status":       types.StringType,
+					},
+				},
+			},
+		},
+	}
+}
+
+type PDCNetworksDataSourcePolicyModel struct {
+	ID          types.String `tfsdk:"id"`
+	Region      types.String `tfsdk:"region"`
+	Name        types.String `tfsdk:"name"`
+	DisplayName types.String `tfsdk:"display_name"`
+	Status      types.String `tfsdk:"status"`
+}
+
+type PDCNetworksDataSourceModel struct {
+	ID                        types.String                       `tfsdk:"id"`
+	NameFilter                types.String                       `tfsdk:"name_filter"`
+	RegionFilter              types.String                       `tfsdk:"region_filter"`
+	PrivateDataSourceNetworks []PDCNetworksDataSourcePolicyModel `tfsdk:"private_data_source_networks"`
+}
+
+func (r *PDCNetworksDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	// Read Terraform state data into the model
+	var data PDCNetworksDataSourceModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+
+	var regions []string
+	if data.RegionFilter.ValueString() != "" {
+		regions = append(regions, data.RegionFilter.ValueString())
+	} else {
+		apiResp, _, err := r.client.StackRegionsAPI.GetStackRegions(ctx).Execute()
+		if err != nil {
+			resp.Diagnostics = diag.Diagnostics{diag.NewErrorDiagnostic("Failed to get stack regions", err.Error())}
+			return
+		}
+		for _, region := range apiResp.Items {
+			regions = append(regions, region.FormattedApiStackRegionAnyOf.Slug)
+		}
+	}
+
+	data.PrivateDataSourceNetworks = []PDCNetworksDataSourcePolicyModel{}
+	for _, region := range regions {
+		apiResp, _, err := r.client.AccesspoliciesAPI.GetAccessPolicies(ctx).Region(region).Execute()
+		if err != nil {
+			resp.Diagnostics = diag.Diagnostics{diag.NewErrorDiagnostic("Failed to get access policies", err.Error())}
+			return
+		}
+		for _, policy := range apiResp.Items {
+			if data.NameFilter.ValueString() != "" && data.NameFilter.ValueString() != policy.Name {
+				continue
+			}
+			data.PrivateDataSourceNetworks = append(data.PrivateDataSourceNetworks, PDCNetworksDataSourcePolicyModel{
+				ID:          types.StringValue(*policy.Id),
+				Region:      types.StringValue(region),
+				Name:        types.StringValue(policy.Name),
+				DisplayName: types.StringValue(*policy.DisplayName),
+				Status:      types.StringValue(*policy.Status),
+			})
+		}
+	}
+	data.ID = types.StringValue(data.RegionFilter.ValueString() + "-" + data.NameFilter.ValueString()) // Unique ID
+
+	// Save data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, data)...)
+}