Skip to content

grafana_cloud_stack_service_account.id not compatible with grafana_role_assignment_item #2192

New issue
New issue
Open
Bug
Open
grafana_cloud_stack_service_account.id not compatible with grafana_role_assignment_item#2192
Bug
@kdw174

Description

@kdw174
kdw174
opened on May 23, 2025

Terraform Version

1.12.1

Terraform Grafana Provider Version

3.24.1

Grafana Version

12.1

Affected Resource(s)

  • grafana_role_assignment_item
  • grafana_cloud_stack_service_account
  • grafana_role_assignment

Terraform Configuration Files

resource "grafana_cloud_stack_service_account" "test" {
  stack_slug = "test-slug"

  name        = "test"
  role        = "None"
  is_disabled = false
}

data "grafana_role" "irm_reader" {
  name = "plugins:grafana-irm-app:reader"
}

resource "grafana_role_assignment_item" "test" {
  role_uid           = data.grafana_role.irm_reader.uid
  service_account_id = grafana_cloud_stack_service_account.test.id
}

resource "grafana_role_assignment_item" "test" {
  role_uid           = data.grafana_role.irm_reader.uid
  service_account_id = grafana_cloud_stack_service_account.test.id
}

Expected Behavior

I would expect to be able to pass the cloud stack service account id directly to the grafana_role_assignment_item resource. I assume this also impacts grafana_role_assignment but haven't tested.

Actual Behavior

grafana_role_assignment_item.test: Creating...
╷
│ Error: Failed to parse service account ID
│ 
│   with grafana_role_assignment_item.test,
│   on service_accounts.tf line 146, in resource "grafana_role_assignment_item" "test":
│  146: resource "grafana_role_assignment_item" "test" {
│ 
│ strconv.ParseInt: parsing "test-slug:2899": invalid syntax

Steps to Reproduce

  1. Create a grafana cloud stack
  2. define a grafana_cloud_stack_service_account resource in terraform
  3. Reference the id of the grafana_cloud_stack_service_account resource in a grafana_role_assignment_item resource.
  4. It will produce an invalid syntax error

Important Factoids

This is for Grafana Cloud. The id stored in state for the grafana_cloud_stack_service_account has the stack name prepended to it. For example, "id": "stackname:9". The grafana_role_assignment_item expects the id to just be the numeric id and not have the stack prepended to it. So you can't refernce a grafana_cloud_stack_service_account id directly when creating the grafana_role_assignment_item resource.

As a temporary workaround you can trim the stack prefix from the grafana_cloud_stack_service_account.test.id.

resource "grafana_role_assignment_item" "test" {
  role_uid           = data.grafana_role.irm_reader.uid
  service_account_id = trimprefix(grafana_cloud_stack_service_account.test.id, "test-slug:")
}

References

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions