commerce-platform-public/terraform-modules
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
terraform-modules/grafana/datasource/datasource.tf
Stanislav Kopp d5a0c28c11 format
2025-08-27 09:44:37 +02:00

114 lines
No EOL
3.9 KiB
HCL
Raw Blame History

# Create the basic "shell" of each datasource.
resource "grafana_data_source" "this" {
for_each = var.datasources
name = each.key
type = each.value.type
url = var.datasource_urls[each.value.url_key]
is_default = coalesce(each.value.is_default, false)
# For HTTP Basic Auth (Loki, Prometheus, etc.)
basic_auth_enabled = each.value.basic_auth_user_key != null
basic_auth_username = each.value.basic_auth_user_key != null ? var.datasource_users[each.value.basic_auth_user_key] : null
# For database usernames (like Postgres)
# This sets the username initially.
username = each.value.db_user_key != null ? var.datasource_users[each.value.db_user_key] : null
# This resource must ignore attributes that are
# managed by the other 'config' resources below.
lifecycle {
ignore_changes = [
json_data_encoded,
secure_json_data_encoded,
# Also ignore username, as it can be managed/reported back differently by the API.
username,
]
}
}
# Apply the main json_data for datasources like PostgreSQL.
resource "grafana_data_source_config" "json_data_main" {
for_each = {
for k, v in var.datasources : k => v
if v.json_data != null && v.derived_fields == null && v.traces_to_logs == null
}
uid = grafana_data_source.this[each.key].uid
json_data_encoded = jsonencode(each.value.json_data)
# This config must ignore the password, which is managed by the 'passwords' resource.
lifecycle {
ignore_changes = [secure_json_data_encoded]
}
}
# Apply passwords to all datasources that require one.
resource "grafana_data_source_config" "passwords" {
for_each = {
for k, v in var.datasources : k => v if v.pass_key != null
}
uid = grafana_data_source.this[each.key].uid
secure_json_data_encoded = jsonencode(
each.value.type == "grafana-postgresql-datasource" ? {
password = var.datasource_passwords[each.value.pass_key]
} : {
basicAuthPassword = var.datasource_passwords[each.value.pass_key]
}
)
# This config must ignore the main json_data, which is managed elsewhere.
lifecycle {
ignore_changes = [json_data_encoded]
}
}
# Apply Loki-specific 'derivedFields' configuration.
resource "grafana_data_source_config" "loki_derived_fields" {
for_each = {
for k, v in var.datasources : k => v if v.type == "loki" && v.derived_fields != null
}
uid = grafana_data_source.this[each.key].uid
json_data_encoded = jsonencode({
derivedFields = [
for field in each.value.derived_fields : {
datasourceUid = grafana_data_source.this[field.target_datasource_name].uid
matcherRegex = field.matcher_regex
name = field.name
url = field.url
}
]
})
# This config must ignore the password, which is managed elsewhere.
lifecycle {
ignore_changes = [secure_json_data_encoded]
}
}
# Apply Tempo-specific 'tracesToLogsV2' configuration.
resource "grafana_data_source_config" "tempo_traces_to_logs" {
for_each = {
for k, v in var.datasources : k => v if v.type == "tempo" && v.traces_to_logs != null
}
uid = grafana_data_source.this[each.key].uid
json_data_encoded = jsonencode({
tracesToLogsV2 = {
datasourceUid = grafana_data_source.this[each.value.traces_to_logs.target_datasource_name].uid
query = each.value.traces_to_logs.query
customQuery = coalesce(each.value.traces_to_logs.custom_query, true)
filterBySpanID = coalesce(each.value.traces_to_logs.filter_by_span_id, false)
filterByTraceID = coalesce(each.value.traces_to_logs.filter_by_trace_id, false)
spanStartTimeShift = each.value.traces_to_logs.span_start_time_shift
spanEndTimeShift = each.value.traces_to_logs.span_end_time_shift
}
})
# This config must ignore the password, which is managed elsewhere.
lifecycle {
ignore_changes = [secure_json_data_encoded]
}
}
Reference in a new issue View git blame Copy permalink