Provider v2.9.0 updated Folder API endpoint returns a 404

[zmully]

Terraform Version

• Terraform: 1.6.5
• CDKTF: 0.19.2
• Terraform Grafana Provider: 2.9.0
• Grafana: AWS managed Grafana 9.4.7

Affected Resource(s)

Please list the resources as a list, for example:

• grafana_folder_permission

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

  "grafana_folder_permission": {
      "folder-permission-amazon": {
        "//": {
          "metadata": {
            "path": "dashboards-workloads-staging-us-east-1/folder-permission-amazon",
            "uniqueId": "folder-permission-amazon"
          }
        },
        "folder_uid": "${grafana_folder.folder-amazon.uid}",
        "permissions": [
          {
            "permission": "View",
            "role": "Editor"
          },
          {
            "permission": "View",
            "role": "Viewer"
          }
        ]
      },
      "folder-permission-kubernetes": {
        "//": {
          "metadata": {
            "path": "dashboards-workloads-staging-us-east-1/folder-permission-kubernetes",
            "uniqueId": "folder-permission-kubernetes"
          }
        },
        "folder_uid": "${grafana_folder.folder-kubernetes.uid}",
        "permissions": [
          {
            "permission": "View",
            "role": "Editor"
          },
          {
            "permission": "View",
            "role": "Viewer"
          }
        ]
      },
      "folder-permission-system": {
        "//": {
          "metadata": {
            "path": "dashboards-workloads-staging-us-east-1/folder-permission-system",
            "uniqueId": "folder-permission-system"
          }
        },
        "folder_uid": "${grafana_folder.folder-system.uid}",
        "permissions": [
          {
            "permission": "View",
            "role": "Editor"
          },
          {
            "permission": "View",
            "role": "Viewer"
          }
        ]
      }
    }

Debug Output

Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

Panic Output

If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the crash.log.

Expected Behavior

What should have happened?

Folder permissions applied/updated/nooped.

Actual Behavior

What actually happened?

│ Error: [GET /access-control/{resource}/{resourceID}] getResourcePermissions (status 404): {}
│ 
│   with grafana_folder_permission.folder-permission-amazon,
│   on cdk.tf.json line 349, in resource.grafana_folder_permission.folder-permission-amazon:
│  349:       },
│ 

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

Occurs during terraform apply

Important Factoids

Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?

Works on provider versions < 2.9.0

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

#1293

[julienduchesne]

Indeed. Stay on v2.8.1 for now. The provider is only tested on the latest Grafana version (10) for enterprise features but I'd like to change that soon and test two versions back (down to 8)

That'll probably mean that I'll have to do a different implementation based on the Grafana version so it's not super trivial

[zmully]

Indeed. Stay on v2.8.1 for now. The provider is only tested on the latest Grafana version (10) for enterprise features but I'd like to change that soon and test two versions back (down to 8)

That'll probably mean that I'll have to do a different implementation based on the Grafana version so it's not super trivial

@julienduchesne If I understand you correctly, v2.9.0 only works on Grafana v10? If that's the case, I can you please revert this change, as we need other functionality released in v2.9.0 (sns contact points) and your folder permission update is a breaking change, not a minor change, for anyone not on v10. If you're not going to revert this change, then can you please update your changelog/release notes to make it clear that v2.9.0 only supports v10 to avoid others from making this update and having this problem?

[julienduchesne]

I will try to take a look today

[julienduchesne]

Interestingly, the latest Grafana 9 version (9.5.15) does support this. We don't test 9.4 because it's too old (thanks Amazon Managed Grafana). The API was removed in 9.5. I assume it was an experimental feature at that point

[julienduchesne]

Actually, it's weirder than that. On Grafana OSS, it works even on version 9.3. It looks like Amazon disables the new API

[mahsoud]

reproduced with grafana oss 8.4.4

[ktdharan]

@julienduchesne Looks like we have the same issue in azure managed grafana as well.

[julienduchesne]

Did the permissions applied by the old provider version even work? Amazon tells me that this is not working because RBAC is not enabled in Amazon Managed Grafana (and I assume Azure as well): aws/amazon-managed-grafana-roadmap#69

[julienduchesne]

We will not be fixing this, as it's an issue with the CSP (Amazon, Azure) versions of Grafana. You should ask your CSP to enable RBAC to use this.

Also, I am a bit doubtful that the rules being applied in old versions of the provider were even working, even though they applied correctly. RBAC was not enabled, so they may have just been ignored.