Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

403 error on grafana_folder_permission resource : [GET /folders/{folder_uid}][403] getFolderByUidForbidden {"message":"You'll need additional permissions to perform this action. Permissions needed: folders:read"} #1941

Open
sbordeyne opened this issue Dec 5, 2024 · 0 comments
Open

403 error on grafana_folder_permission resource : [GET /folders/{folder_uid}][403] getFolderByUidForbidden {"message":"You'll need additional permissions to perform this action. Permissions needed: folders:read"} #1941

sbordeyne opened this issue Dec 5, 2024 · 0 comments

Comments

@sbordeyne
Copy link

Terraform Version

1.9.8

Terraform Grafana Provider Version

3.14.0

Grafana Version

11.4.0

Affected Resource(s)

  • grafana_folder_permission

Terraform Configuration Files

locals {
  folders = {
    library-panels = {
      name         = "Library Panels"
      organization = "company"
      permissions = [
        {
          team       = "ops"
          permission = "Admin"
        }
      ]
    }
  }
}

terraform {
  required_version = "~> 1.9.0"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 6.12.0"
    }
    grafana = {
      source  = "grafana/grafana"
      version = "3.14.0"
    }
  }
}

variable "grafana_admin_username" {
  type = string
}
variable "grafana_admin_password" {
  type = string
  sensitive = true
}
variable "grafana_url" {
  type = string
}

provider "grafana" {
  url = var.grafana_url
  # Using Basic Auth
  auth = "${var.grafana_admin_username}:${var.grafana_admin_password}"
}

resource "grafana_organization" "organizations" {
  for_each     = { company = { display_name = "Company" } }
  name         = each.value.display_name
  admin_user   = "terraform"
  create_users = false
}


resource "grafana_team" "teams" {
  for_each = {
    ops = {
      name         = "Ops"
      email        = "[email protected]"
      organization = "company"
    }
  }
  name    = each.value.name
  email   = each.value.email
  org_id  = grafana_organization.organizations[each.value.organization].org_id
  members = []

  preferences {
    theme    = "dark"
    timezone = "utc"
  }
}

resource "grafana_folder" "folders" {
  for_each                     = local.folders
  title                        = each.value.name
  org_id                       = grafana_organization.organizations[each.value.organization].org_id
  prevent_destroy_if_not_empty = true
}

resource "grafana_folder_permission" "folder_permissions" {
  for_each = local.folders

  folder_uid = grafana_folder.folders[each.key].uid

  permissions {
    user_id    = data.grafana_user.terraform.user_id
    permission = "Admin"
  }

  dynamic "permissions" {
    for_each = each.value.permissions
    content {
      team_id    = grafana_team.teams[permissions.value.team].team_id
      permission = permissions.value.permission
    }
  }
}

Expected Behavior

The folders should be created with the provided permissions.

Actual Behavior


Error: [GET /folders/{folder_uid}][403] getFolderByUidForbidden {"message":"You'll need additional permissions to perform this action. Permissions needed: folders:read"}
with grafana_folder_permission.folder_permissions["ops"]
on main.tf line 65, in resource "grafana_folder_permission" "folder_permissions":

resource "grafana_folder_permission" "folder_permissions" {

Steps to Reproduce

  1. terraform init -upgrade
  2. terraform plan
  3. terraform apply

Important Factoids

  • Grafana is running in GKE
  • Grafana is exposed through a Cloudflare Tunnel
  • Grafana is running behind istio
  • All other resources create just fine. The user used is the grafana admin user. The folder UIDs are fine, they exist in the state, and a simple curl -X GET "$GF_URL/api/folders/$FOLDER_UID" -u"$GF_USER:GF_PASSWORD returns the correct JSON response

References

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sbordeyne