Update OnCall client setup to support service account auth (#1859)

Update OnCall client setup to support service account auth
grafana · Dec 9, 2024 · cedadb6 · cedadb6
1 parent ff6465f
commit cedadb6
Show file tree

Hide file tree

Showing 5 changed files with 112 additions and 2 deletions.
diff --git a/docs/index.md b/docs/index.md
@@ -201,6 +201,46 @@ resource "grafana_oncall_escalation" "example_notify_step" {
 }
 ```
 
+Alternatively, you can also configure the provider block by setting `url`
+to your Grafana URL and `auth` to a service account token:
+
+```terraform
+// Step 1: Configure provider block.
+provider "grafana" {
+  alias = "oncall"
+  url   = "http://grafana.example.com/"
+  auth  = var.grafana_auth
+}
+
+data "grafana_oncall_user" "alex" {
+  username = "alex"
+}
+
+// Step 2: Interact with Grafana OnCall
+resource "grafana_oncall_integration" "test-acc-integration" {
+  provider = grafana.oncall
+  name     = "my integration"
+  type     = "grafana"
+  default_route {
+    escalation_chain_id = grafana_oncall_escalation_chain.default.id
+  }
+}
+
+resource "grafana_oncall_escalation_chain" "default" {
+  provider = grafana.oncall
+  name     = "default"
+}
+
+resource "grafana_oncall_escalation" "example_notify_step" {
+  escalation_chain_id = grafana_oncall_escalation_chain.default.id
+  type                = "notify_persons"
+  persons_to_notify = [
+    data.grafana_oncall_user.alex.id
+  ]
+  position = 0
+}
+```
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 

diff --git a/examples/provider/provider-oncall-sa.tf b/examples/provider/provider-oncall-sa.tf
@@ -0,0 +1,34 @@
+// Step 1: Configure provider block.
+provider "grafana" {
+  alias = "oncall"
+  url   = "http://grafana.example.com/"
+  auth  = var.grafana_auth
+}
+
+data "grafana_oncall_user" "alex" {
+  username = "alex"
+}
+
+// Step 2: Interact with Grafana OnCall
+resource "grafana_oncall_integration" "test-acc-integration" {
+  provider = grafana.oncall
+  name     = "my integration"
+  type     = "grafana"
+  default_route {
+    escalation_chain_id = grafana_oncall_escalation_chain.default.id
+  }
+}
+
+resource "grafana_oncall_escalation_chain" "default" {
+  provider = grafana.oncall
+  name     = "default"
+}
+
+resource "grafana_oncall_escalation" "example_notify_step" {
+  escalation_chain_id = grafana_oncall_escalation_chain.default.id
+  type                = "notify_persons"
+  persons_to_notify = [
+    data.grafana_oncall_user.alex.id
+  ]
+  position = 0
+}
diff --git a/pkg/provider/configure_clients.go b/pkg/provider/configure_clients.go
@@ -52,7 +52,7 @@ func CreateClients(providerConfig ProviderConfig) (*common.Client, error) {
 	if !providerConfig.SMAccessToken.IsNull() {
 		c.SMAPI = SMAPI.NewClient(providerConfig.SMURL.ValueString(), providerConfig.SMAccessToken.ValueString(), getRetryClient(providerConfig))
 	}
-	if !providerConfig.OncallAccessToken.IsNull() {
+	if !providerConfig.OncallURL.IsNull() && (!providerConfig.OncallAccessToken.IsNull() || (!providerConfig.Auth.IsNull() && !providerConfig.URL.IsNull())) {
 		var onCallClient *onCallAPI.Client
 		onCallClient, err = createOnCallClient(providerConfig)
 		if err != nil {
@@ -182,7 +182,12 @@ func createCloudClient(client *common.Client, providerConfig ProviderConfig) err
 }
 
 func createOnCallClient(providerConfig ProviderConfig) (*onCallAPI.Client, error) {
-	return onCallAPI.New(providerConfig.OncallURL.ValueString(), providerConfig.OncallAccessToken.ValueString())
+	authToken := providerConfig.OncallAccessToken.ValueString()
+	if authToken == "" {
+		// prefer OncallAccessToken if it was set, otherwise use Grafana auth (service account) token
+		authToken = providerConfig.Auth.ValueString()
+	}
+	return onCallAPI.NewWithGrafanaURL(providerConfig.OncallURL.ValueString(), authToken, providerConfig.URL.ValueString())
 }
 
 func createCloudProviderClient(client *common.Client, providerConfig ProviderConfig) error {

diff --git a/pkg/provider/configure_clients_test.go b/pkg/provider/configure_clients_test.go
@@ -120,6 +120,7 @@ func TestCreateClients(t *testing.T) {
 				assert.NotNil(t, c.GrafanaAPI)
 				assert.NotNil(t, c.MLAPI)
 				assert.NotNil(t, c.SLOClient)
+				assert.Nil(t, c.OnCallClient)
 			},
 		},
 		{
@@ -133,6 +134,31 @@ func TestCreateClients(t *testing.T) {
 				assert.NotNil(t, c.GrafanaAPI)
 			},
 		},
+		{
+			name: "OnCall client using original config (not setting Grafana URL)",
+			config: ProviderConfig{
+				OncallAccessToken: types.StringValue("oncall-token"),
+				OncallURL:         types.StringValue("http://oncall.url"),
+			},
+			expected: func(c *common.Client, err error) {
+				assert.Nil(t, err)
+				assert.NotNil(t, c.OnCallClient)
+				assert.Nil(t, c.OnCallClient.GrafanaURL())
+			},
+		},
+		{
+			name: "OnCall client setting Grafana URL (using Grafana URL and auth)",
+			config: ProviderConfig{
+				URL:       types.StringValue("http://localhost:3000"),
+				Auth:      types.StringValue("service-account-token"),
+				OncallURL: types.StringValue("http://oncall.url"),
+			},
+			expected: func(c *common.Client, err error) {
+				assert.Nil(t, err)
+				assert.NotNil(t, c.OnCallClient)
+				assert.Equal(t, "http://localhost:3000", c.OnCallClient.GrafanaURL().String())
+			},
+		},
 	}
 
 	for _, tc := range testCases {

diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl
@@ -30,6 +30,11 @@ The changelog for this provider can be found here: <https://github.com/grafana/t
 
 {{ tffile "examples/provider/provider-oncall.tf" }}
 
+Alternatively, you can also configure the provider block by setting `url`
+to your Grafana URL and `auth` to a service account token:
+
+{{ tffile "examples/provider/provider-oncall-sa.tf" }}
+
 {{ .SchemaMarkdown | trimspace }}
 
 ### Managing Cloud Provider