Organizations & Teams with Terraform

  • What Grafana version and what operating system are you using?
    We run Grafana Enterprise version 9.3.2 on an AWS EKS cluster.

  • What are you trying to achieve?
    We have about 80 or so organizations. We want to creat the orgs with Terraform, which in prinzipal works fine. We also want to add a team to each organization because we synct the members of the team with Azure AD. This is where it gets difficult. In order to create a team within an organization, a grafana provider with the organizations id must be specified. But we do not want to create 80 providers in advance and we also do not know the organizations ids in advance. So it schould be a bit more dynamic.

  • How are you trying to achieve it?
    We did put the creation of the organization in a child module. We can read the organizations properties such as it’s name and so on from a file. We then use a Terraform count in the root module to loop over the orgs and create them.

module "org" {
    providers = {
        grafana.main = grafana.main
        grafana.org = grafana.org
    }
    source = "./modules/org"
    count = length(local.orgs)
    org_name = local.orgs[count.index]
}

However, we strugle at creating the provider. What we tried so far, is to use an output from the module within the providers definitin. Basically it looks like this:

provider "grafana" {
  alias  = "org"
  url    = "https://<grafana root url>"
  auth   = data.vault_generic_secret.manage-grafana-it.data["ADMIN"]
  org_id = reverse(module.org)[0].orgid
}

The idea behind this is, to take the last object in the module.org and get the org id from there. But this results in an error when executing the terraform:

Error: Cycle: module.org.grafana_team.new-team, module.org (close), provider["registry.terraform.io/grafana/grafana"].org

I think the main issue is, that the org cannot be specified in the teams resource itself. If this would be possible, it would be a great advantage and it would not deped on the providers definiton.