docs(cockpit): document IAM header for Grafana access (#3464)

Author: jremy42

docs/data-sources/cockpit_grafana.md

@@ -61,6 +61,33 @@ output "grafana_connection_info" {
 }
 ```
 
+### Using the Grafana Terraform provider
+
+When you need to configure Grafana resources programmatically, supply the IAM secret key as an `X-Auth-Token` header. The Grafana provider itself stays in `anonymous` mode.
+
+```terraform
+variable "scaleway_secret_key" {
+  description = "Scaleway IAM secret key reused by the Grafana provider"
+  type        = string
+  sensitive   = true
+}
+
+data "scaleway_cockpit_grafana" "main" {
+  project_id = scaleway_account_project.project.id
+}
+
+provider "grafana" {
+  url  = data.scaleway_cockpit_grafana.main.grafana_url
+  auth = "anonymous"
+
+  http_headers = {
+    "X-Auth-Token" = var.scaleway_secret_key
+  }
+}
+```
+
+Keep the secret key in a secure backend (environment variables, Vault, etc.) and never commit it to source control.
+
 ## Argument Reference
 
 - `project_id` - (Optional) The ID of the project the Grafana instance is associated with. If not provided, the default project configured in the provider is used.

docs/resources/cockpit_grafana_user.md

@@ -38,6 +38,33 @@ output "grafana_url" {
 }
 ```
 
+### Programmatic access with the Grafana provider
+
+To automate Grafana configuration (e.g., dashboards, alerting) with Terraform, reuse your Scaleway IAM secret as an `X-Auth-Token` header. The Grafana provider must run in `anonymous` mode because user/password authentication is deprecated.
+
+```terraform
+variable "scaleway_secret_key" {
+  description = "Scaleway IAM secret key used for both the Scaleway and Grafana providers"
+  type        = string
+  sensitive   = true
+}
+
+data "scaleway_cockpit_grafana" "main" {
+  project_id = scaleway_account_project.project.id
+}
+
+provider "grafana" {
+  url  = data.scaleway_cockpit_grafana.main.grafana_url
+  auth = "anonymous"
+
+  http_headers = {
+    "X-Auth-Token" = var.scaleway_secret_key
+  }
+}
+```
+
+The header `X-Auth-Token` is mandatory when Grafana users are disabled. Store the IAM secret key securely (environment variable, secrets manager, etc.) and avoid committing it to version control.
+
 ### Create a Grafana user (Deprecated)
 
 The following command allows you to create a Grafana user within a specific Scaleway Project.

templates/data-sources/cockpit_grafana.md.tmpl

@@ -61,6 +61,33 @@ output "grafana_connection_info" {
 }
 ```
 
+### Using the Grafana Terraform provider
+
+When you need to configure Grafana resources programmatically, supply the IAM secret key as an `X-Auth-Token` header. The Grafana provider itself stays in `anonymous` mode.
+
+```terraform
+variable "scaleway_secret_key" {
+  description = "Scaleway IAM secret key reused by the Grafana provider"
+  type        = string
+  sensitive   = true
+}
+
+data "scaleway_cockpit_grafana" "main" {
+  project_id = scaleway_account_project.project.id
+}
+
+provider "grafana" {
+  url  = data.scaleway_cockpit_grafana.main.grafana_url
+  auth = "anonymous"
+
+  http_headers = {
+    "X-Auth-Token" = var.scaleway_secret_key
+  }
+}
+```
+
+Keep the secret key in a secure backend (environment variables, Vault, etc.) and never commit it to source control.
+
 ## Argument Reference
 
 - `project_id` - (Optional) The ID of the project the Grafana instance is associated with. If not provided, the default project configured in the provider is used.

templates/resources/cockpit_grafana_user.md.tmpl

@@ -39,6 +39,33 @@ output "grafana_url" {
 }
 ```
 
+### Programmatic access with the Grafana provider
+
+To automate Grafana configuration (e.g., dashboards, alerting) with Terraform, reuse your Scaleway IAM secret as an `X-Auth-Token` header. The Grafana provider must run in `anonymous` mode because user/password authentication is deprecated.
+
+```terraform
+variable "scaleway_secret_key" {
+  description = "Scaleway IAM secret key used for both the Scaleway and Grafana providers"
+  type        = string
+  sensitive   = true
+}
+
+data "scaleway_cockpit_grafana" "main" {
+  project_id = scaleway_account_project.project.id
+}
+
+provider "grafana" {
+  url  = data.scaleway_cockpit_grafana.main.grafana_url
+  auth = "anonymous"
+
+  http_headers = {
+    "X-Auth-Token" = var.scaleway_secret_key
+  }
+}
+```
+
+The header `X-Auth-Token` is mandatory when Grafana users are disabled. Store the IAM secret key securely (environment variable, secrets manager, etc.) and avoid committing it to version control.
+
 ### Create a Grafana user (Deprecated)
 
 The following command allows you to create a Grafana user within a specific Scaleway Project.