I've created the datasource manually via the UI using JWT and the plugin works great, however I tried to mimic the setup in our prod grafana instance with the same plugin version (latest) as of today and got errors.
The datasource is created correctly, however we see this error when trying to utilise it in UI Explorer:
An error occurred within the plugin
We're already managing our Google Cloud Monitoring datasources via code w/o any issues like so:
resource "grafana_data_source" "metrics_cm" {
provider = grafana.prod
name = "Cloud Monitoring - Metrics"
type = "stackdriver" # taken from grafana docs
uid = "<UUID>"
json_data_encoded = jsonencode({
authenticationType = "jwt"
clientEmail = "<SA_NAME>@<GCP_ACCOUNT_ID>.iam.gserviceaccount.com"
defaultProject = "GCP_ACCOUNT_ID"
tokenUri = "https://oauth2.googleapis.com/token"
})
secure_json_data_encoded = jsonencode({
privateKey = data.google_secret_manager_secret_version.metrics-bq-datasource-private-key.secret_data
})
}
I tried a very similar approach for the cloud-logging & verified the format of the data_encoded fields is accurate by importing the "test" instance which was created by the UI:
resource "grafana_data_source" "cloudlogging_peng_renovate" {
provider = grafana.prod
name = "Cloud Logging - Renovate Logs"
type = "googlecloud-logging-datasource"
json_data_encoded = jsonencode({
authenticationType = "jwt"
clientEmail = "<SA_NAME>@<GCP_ACCOUNT_ID>.iam.gserviceaccount.com"
defaultProject = "GCP_ACCOUNT_ID"
tokenUri = "https://oauth2.googleapis.com/token"
pdcInjected = true
})
secure_json_data_encoded = jsonencode({
privateKey = data.google_secret_manager_secret_version.plat-eng-renovate-private-key.secret_data
})
}
These keys are in the same format for Cloud Monitoring & Cloud Logging secrets, and are extracted from the same JWT generated & uploaded manually in the UI for our test instance (which works):
-----BEGIN PRIVATE KEY-----\n<KEY_CONTENT>\n-----END PRIVATE KEY-----\n
This privateKey content works fine for Cloud Monitoring Datasource, but as mentioned above fails for Cloud Logging.
I also verified the UI HTTP request content is the same as the data we are providing in our terraform example:
{
...
"name": "Cloud Logging - Renovate",
"type": "googlecloud-logging-datasource",
...
"jsonData": {
"authenticationType": "jwt",
"pdcInjected": true,
"clientEmail": "<SA_NAME>@<GCP_ACCOUNT_ID>.iam.gserviceaccount.com",
"defaultProject": "GCP_ACCOUNT_ID",
"tokenUri": "https://oauth2.googleapis.com/token"
},
"secureJsonFields": { "privateKey": true },
...
"apiVersion": "",
"secureJsonData": {
"privateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvg...stripped...+CaQjPULhx\n-----END PRIVATE KEY-----\n"
}
}
I feel like the terraform datasource module might be stripping/malforming the privateKey content, and so it the datasource isn't created the same as when setting up via raw JWT and UI. Any help with this would be great!
I've created the datasource manually via the UI using JWT and the plugin works great, however I tried to mimic the setup in our prod grafana instance with the same plugin version (latest) as of today and got errors.
The datasource is created correctly, however we see this error when trying to utilise it in UI Explorer:
An error occurred within the pluginWe're already managing our Google Cloud Monitoring datasources via code w/o any issues like so:
I tried a very similar approach for the cloud-logging & verified the format of the data_encoded fields is accurate by importing the "test" instance which was created by the UI:
These keys are in the same format for Cloud Monitoring & Cloud Logging secrets, and are extracted from the same JWT generated & uploaded manually in the UI for our test instance (which works):
This
privateKeycontent works fine for Cloud Monitoring Datasource, but as mentioned above fails for Cloud Logging.I also verified the UI HTTP request content is the same as the data we are providing in our terraform example:
I feel like the terraform datasource module might be stripping/malforming the privateKey content, and so it the datasource isn't created the same as when setting up via raw JWT and UI. Any help with this would be great!