import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages the Asserts Stack configuration. * * This resource configures the Asserts stack with the required API tokens for integration * with Grafana Cloud services. It performs the full onboarding flow: * 1. Provisions API tokens * 2. Configures datasets (auto-detected or manually specified) * 3. Enables the stack * * By default, datasets are auto-configured based on detected metrics. To manually configure * datasets (e.g., when using non-standard label names), use the `dataset` block. * * The `cloudAccessPolicyToken` is used internally for GCom API access, Mimir metrics * authentication, and assertion detector webhook authentication. Create a Cloud Access Policy * with the following scopes: `stacks:read`, `metrics:read`, `metrics:write`. * * The `grafanaToken` is a Grafana Service Account token used for installing dashboards * and Grafana Managed Alerts. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as grafana from "@pulumiverse/grafana"; * * const config = new pulumi.Config(); * // The Grafana Cloud stack ID * const stackId = config.require("stackId"); * // Example: Asserts Stack with Cloud Access Policy Token * // * // This example shows how to configure the Asserts stack using existing * // Terraform resources to create the required tokens. * // * // The resource performs the full onboarding flow: * // 1. Provisions API tokens * // 2. Auto-configures datasets based on available metrics * // 3. Enables the stack with the configured datasets * // Step 1: Create a Cloud Access Policy with required scopes * const asserts = new grafana.cloud.AccessPolicy("asserts", { * name: "asserts-stack-policy", * displayName: "Asserts Stack Policy", * scopes: [ * "stacks:read", * "metrics:read", * "metrics:write", * ], * realms: [{ * type: "stack", * identifier: stackId, * }], * }); * // Step 2: Create a token from the Cloud Access Policy * const assertsAccessPolicyToken = new grafana.cloud.AccessPolicyToken("asserts", { * name: "asserts-stack-token", * accessPolicyId: asserts.policyId, * }); * // The Grafana Cloud stack slug * const stackSlug = config.require("stackSlug"); * // Step 3: Create a Grafana Service Account for dashboards and Grafana Managed Alerts * // Required permissions: dashboards:create/write/read, folders:create/write/read/delete, * // datasources:read/query, alert.provisioning:write, alert.notifications.provisioning:write, * // alert.notifications:write, alert.rules:read/create/delete * const assertsStackServiceAccount = new grafana.cloud.StackServiceAccount("asserts", { * stackSlug: stackSlug, * name: "asserts-managed-alerts-sa", * role: "Admin", * isDisabled: false, * }); * const assertsStackServiceAccountToken = new grafana.cloud.StackServiceAccountToken("asserts", { * stackSlug: stackSlug, * serviceAccountId: assertsStackServiceAccount.id, * name: "asserts-managed-alerts-token", * }); * // Step 4: Configure the Asserts Stack (auto-detect datasets) * const main = new grafana.assert.Stack("main", { * cloudAccessPolicyToken: assertsAccessPolicyToken.token, * grafanaToken: assertsStackServiceAccountToken.key, * }); * // Alternative: Configure the Asserts Stack with manual dataset configuration. * // Use this when your metrics use non-standard labels (e.g., a custom environment label). * const custom = new grafana.assert.Stack("custom", { * cloudAccessPolicyToken: assertsAccessPolicyToken.token, * grafanaToken: assertsStackServiceAccountToken.key, * datasets: [ * { * type: "kubernetes", * filterGroups: [{ * envLabel: "deployment_environment", * siteLabel: "cluster", * envLabelValues: [ * "production", * "staging", * ], * siteLabelValues: [ * "us-east-1", * "eu-west-1", * ], * }], * }, * { * type: "prometheus", * filterGroups: [{ * envLabel: "environment", * envName: "prod", * filters: [{ * name: "region", * operator: "=~", * values: [ * "us-.*", * "eu-.*", * ], * }], * }], * }, * ], * }); * export const stackEnabled = main.enabled; * export const stackStatus = main.status; * export const stackVersion = main.version; * ``` * * ## Import * * ```sh * terraform import grafana_asserts_stack.name "{{ id }}" * ``` */ export declare class Stack extends pulumi.CustomResource { /** * Get an existing Stack resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: StackState, opts?: pulumi.CustomResourceOptions): Stack; /** * Returns true if the given object is an instance of Stack. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Stack; /** * A Grafana Cloud Access Policy token with the following scopes: `stacks:read`, `metrics:read`, `metrics:write`. This token is used for GCom API access, Mimir authentication, and assertion detector webhook authentication. */ readonly cloudAccessPolicyToken: pulumi.Output; /** * Manual dataset configuration. When specified, datasets are configured manually instead of using auto-detection. Use this when your metrics use non-standard label names (e.g., a custom environment label). */ readonly datasets: pulumi.Output; /** * Whether the stack is currently enabled. */ readonly enabled: pulumi.Output; /** * A Grafana Service Account token for installing dashboards and Grafana Managed Alerts. Required permissions: `dashboards:create`, `dashboards:write`, `dashboards:read`, `folders:create`, `folders:write`, `folders:read`, `folders:delete`, `datasources:read`, `datasources:query`, `alert.provisioning:write`, `alert.notifications.provisioning:write`, `alert.notifications:write`, `alert.rules:read`, `alert.rules:create`, `alert.rules:delete`. Create using `grafana.cloud.StackServiceAccountToken` resource. */ readonly grafanaToken: pulumi.Output; /** * Current onboarding status of the stack. */ readonly status: pulumi.Output; /** * Configuration version number. */ readonly version: pulumi.Output; /** * Create a Stack resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: StackArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Stack resources. */ export interface StackState { /** * A Grafana Cloud Access Policy token with the following scopes: `stacks:read`, `metrics:read`, `metrics:write`. This token is used for GCom API access, Mimir authentication, and assertion detector webhook authentication. */ cloudAccessPolicyToken?: pulumi.Input; /** * Manual dataset configuration. When specified, datasets are configured manually instead of using auto-detection. Use this when your metrics use non-standard label names (e.g., a custom environment label). */ datasets?: pulumi.Input[]>; /** * Whether the stack is currently enabled. */ enabled?: pulumi.Input; /** * A Grafana Service Account token for installing dashboards and Grafana Managed Alerts. Required permissions: `dashboards:create`, `dashboards:write`, `dashboards:read`, `folders:create`, `folders:write`, `folders:read`, `folders:delete`, `datasources:read`, `datasources:query`, `alert.provisioning:write`, `alert.notifications.provisioning:write`, `alert.notifications:write`, `alert.rules:read`, `alert.rules:create`, `alert.rules:delete`. Create using `grafana.cloud.StackServiceAccountToken` resource. */ grafanaToken?: pulumi.Input; /** * Current onboarding status of the stack. */ status?: pulumi.Input; /** * Configuration version number. */ version?: pulumi.Input; } /** * The set of arguments for constructing a Stack resource. */ export interface StackArgs { /** * A Grafana Cloud Access Policy token with the following scopes: `stacks:read`, `metrics:read`, `metrics:write`. This token is used for GCom API access, Mimir authentication, and assertion detector webhook authentication. */ cloudAccessPolicyToken: pulumi.Input; /** * Manual dataset configuration. When specified, datasets are configured manually instead of using auto-detection. Use this when your metrics use non-standard label names (e.g., a custom environment label). */ datasets?: pulumi.Input[]>; /** * A Grafana Service Account token for installing dashboards and Grafana Managed Alerts. Required permissions: `dashboards:create`, `dashboards:write`, `dashboards:read`, `folders:create`, `folders:write`, `folders:read`, `folders:delete`, `datasources:read`, `datasources:query`, `alert.provisioning:write`, `alert.notifications.provisioning:write`, `alert.notifications:write`, `alert.rules:read`, `alert.rules:create`, `alert.rules:delete`. Create using `grafana.cloud.StackServiceAccountToken` resource. */ grafanaToken?: pulumi.Input; }