Viewing docs for Grafana v2.28.0
published on Wednesday, Apr 29, 2026 by pulumiverse
published on Wednesday, Apr 29, 2026 by pulumiverse
Viewing docs for Grafana v2.28.0
published on Wednesday, Apr 29, 2026 by pulumiverse
published on Wednesday, Apr 29, 2026 by pulumiverse
Manages arbitrary Grafana App Platform resources when a typed Terraform resource is not yet available. The resource is still experimental; diffing semantics are subject to change - feedback welcome in https://github.com/grafana/terraform-provider-grafana/issues.
This resource accepts a Kubernetes-style manifest as the single source of truth for the resource definition. Use HCL merge() if you need to inject Terraform variables into a static manifest file.
Only namespaced App Platform kinds are supported. The provider autodiscovers the namespace from /bootdata on every operation. If autodiscovery does not find a cloud stack namespace, the provider falls back to the explicit stackId and then orgId provider settings.
Top-level manifest fields are limited to apiVersion, kind, metadata, spec, and the ignored status field. If metadata.namespace is configured, it must match the provider-selected namespace.
Inside manifest.metadata, both Kubernetes name and uid are accepted as input aliases for the object identifier.
The top-level secure argument is write-only and requires Terraform 1.11 or later. Each configured key must set exactly one of create or name, and Terraform only re-sends those secure values when secureVersion changes.
Reads refresh managed drift from the API. Metadata drift is limited to the metadata keys you configured; spec is authoritative, so extra remote spec fields are refreshed into state and will drift until Terraform restores the configured object.
Import format:
terraform import grafana_apps_generic_resource.example <api_group>/<version>/<kind>/<object_name>
Import stores a normalized manifest without noisy server-managed metadata such as resourceVersion or managedFields. Because secure is write-only, imported configurations still need you to add secure and secureVersion manually afterward.
Example Usage
Repository with Secure Fields
import * as pulumi from "@pulumi/pulumi";
import * as grafana from "@pulumiverse/grafana";
// Repository with secure fields.
// Secure values are top-level because `secure` is write-only and cannot live in the manifest.
const repository = new grafana.apps.GenericResource("repository", {
manifest: {
apiVersion: "provisioning.grafana.app/v1beta1",
kind: "Repository",
metadata: {
name: "platform-repo",
},
spec: {
title: "Platform Repository",
description: "Repository managed through the generic resource",
type: "github",
workflows: ["write"],
sync: {
enabled: false,
target: "folder",
intervalSeconds: 300,
},
github: {
url: "https://github.com/example/grafana-dashboards",
branch: "main",
path: "grafana",
generateDashboardPreviews: false,
},
},
},
secure: {
token: {
create: githubToken,
},
webhookSecret: {
create: webhookSecret,
},
},
secureVersion: 1,
});
import pulumi
import pulumiverse_grafana as grafana
# Repository with secure fields.
# Secure values are top-level because `secure` is write-only and cannot live in the manifest.
repository = grafana.apps.GenericResource("repository",
manifest={
"apiVersion": "provisioning.grafana.app/v1beta1",
"kind": "Repository",
"metadata": {
"name": "platform-repo",
},
"spec": {
"title": "Platform Repository",
"description": "Repository managed through the generic resource",
"type": "github",
"workflows": ["write"],
"sync": {
"enabled": False,
"target": "folder",
"intervalSeconds": 300,
},
"github": {
"url": "https://github.com/example/grafana-dashboards",
"branch": "main",
"path": "grafana",
"generateDashboardPreviews": False,
},
},
},
secure={
"token": {
"create": github_token,
},
"webhookSecret": {
"create": webhook_secret,
},
},
secure_version=1)
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-grafana/sdk/v2/go/grafana/apps"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Repository with secure fields.
// Secure values are top-level because `secure` is write-only and cannot live in the manifest.
_, err := apps.NewGenericResource(ctx, "repository", &apps.GenericResourceArgs{
Manifest: pulumi.Any(map[string]interface{}{
"apiVersion": "provisioning.grafana.app/v1beta1",
"kind": "Repository",
"metadata": map[string]interface{}{
"name": "platform-repo",
},
"spec": map[string]interface{}{
"title": "Platform Repository",
"description": "Repository managed through the generic resource",
"type": "github",
"workflows": []string{
"write",
},
"sync": map[string]interface{}{
"enabled": false,
"target": "folder",
"intervalSeconds": 300,
},
"github": map[string]interface{}{
"url": "https://github.com/example/grafana-dashboards",
"branch": "main",
"path": "grafana",
"generateDashboardPreviews": false,
},
},
}),
Secure: pulumi.Any(map[string]interface{}{
"token": map[string]interface{}{
"create": githubToken,
},
"webhookSecret": map[string]interface{}{
"create": webhookSecret,
},
}),
SecureVersion: pulumi.Int(1),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Grafana = Pulumiverse.Grafana;
return await Deployment.RunAsync(() =>
{
// Repository with secure fields.
// Secure values are top-level because `secure` is write-only and cannot live in the manifest.
var repository = new Grafana.Apps.GenericResource("repository", new()
{
Manifest = new Dictionary<string, object?>
{
["apiVersion"] = "provisioning.grafana.app/v1beta1",
["kind"] = "Repository",
["metadata"] = new Dictionary<string, object?>
{
["name"] = "platform-repo",
},
["spec"] = new Dictionary<string, object?>
{
["title"] = "Platform Repository",
["description"] = "Repository managed through the generic resource",
["type"] = "github",
["workflows"] = new[]
{
"write",
},
["sync"] = new Dictionary<string, object?>
{
["enabled"] = false,
["target"] = "folder",
["intervalSeconds"] = 300,
},
["github"] = new Dictionary<string, object?>
{
["url"] = "https://github.com/example/grafana-dashboards",
["branch"] = "main",
["path"] = "grafana",
["generateDashboardPreviews"] = false,
},
},
},
Secure = new Dictionary<string, object?>
{
["token"] = new Dictionary<string, object?>
{
["create"] = githubToken,
},
["webhookSecret"] = new Dictionary<string, object?>
{
["create"] = webhookSecret,
},
},
SecureVersion = 1,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.grafana.apps.GenericResource;
import com.pulumi.grafana.apps.GenericResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Repository with secure fields.
// Secure values are top-level because `secure` is write-only and cannot live in the manifest.
var repository = new GenericResource("repository", GenericResourceArgs.builder()
.manifest(Map.ofEntries(
Map.entry("apiVersion", "provisioning.grafana.app/v1beta1"),
Map.entry("kind", "Repository"),
Map.entry("metadata", Map.of("name", "platform-repo")),
Map.entry("spec", Map.ofEntries(
Map.entry("title", "Platform Repository"),
Map.entry("description", "Repository managed through the generic resource"),
Map.entry("type", "github"),
Map.entry("workflows", "write"),
Map.entry("sync", Map.ofEntries(
Map.entry("enabled", false),
Map.entry("target", "folder"),
Map.entry("intervalSeconds", 300)
)),
Map.entry("github", Map.ofEntries(
Map.entry("url", "https://github.com/example/grafana-dashboards"),
Map.entry("branch", "main"),
Map.entry("path", "grafana"),
Map.entry("generateDashboardPreviews", false)
))
))
))
.secure(Map.ofEntries(
Map.entry("token", Map.of("create", githubToken)),
Map.entry("webhookSecret", Map.of("create", webhookSecret))
))
.secureVersion(1)
.build());
}
}
resources:
# Repository with secure fields.
# Secure values are top-level because `secure` is write-only and cannot live in the manifest.
repository:
type: grafana:apps:GenericResource
properties:
manifest:
apiVersion: provisioning.grafana.app/v1beta1
kind: Repository
metadata:
name: platform-repo
spec:
title: Platform Repository
description: Repository managed through the generic resource
type: github
workflows:
- write
sync:
enabled: false
target: folder
intervalSeconds: 300
github:
url: https://github.com/example/grafana-dashboards
branch: main
path: grafana
generateDashboardPreviews: false
secure:
token:
create: ${githubToken}
webhookSecret:
create: ${webhookSecret}
secureVersion: 1
Create GenericResource Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GenericResource(name: string, args?: GenericResourceArgs, opts?: CustomResourceOptions);@overload
def GenericResource(resource_name: str,
args: Optional[GenericResourceArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def GenericResource(resource_name: str,
opts: Optional[ResourceOptions] = None,
allow_ui_updates: Optional[bool] = None,
manager_identity: Optional[str] = None,
manifest: Optional[Any] = None,
secure: Optional[Any] = None,
secure_version: Optional[int] = None)func NewGenericResource(ctx *Context, name string, args *GenericResourceArgs, opts ...ResourceOption) (*GenericResource, error)public GenericResource(string name, GenericResourceArgs? args = null, CustomResourceOptions? opts = null)
public GenericResource(String name, GenericResourceArgs args)
public GenericResource(String name, GenericResourceArgs args, CustomResourceOptions options)
type: grafana:apps:GenericResource
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GenericResourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GenericResourceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GenericResourceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GenericResourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GenericResourceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
GenericResource Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GenericResource resource accepts the following input properties:
- Allow
Ui boolUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - Manager
Identity string - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- Manifest object
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - Secure object
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - Secure
Version int - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- Allow
Ui boolUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - Manager
Identity string - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- Manifest interface{}
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - Secure interface{}
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - Secure
Version int - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- allow
Ui BooleanUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - manager
Identity String - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- manifest Object
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - secure Object
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - secure
Version Integer - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- allow
Ui booleanUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - manager
Identity string - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- manifest any
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - secure any
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - secure
Version number - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- allow_
ui_ boolupdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - manager_
identity str - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- manifest Any
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - secure Any
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - secure_
version int - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- allow
Ui BooleanUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - manager
Identity String - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- manifest Any
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - secure Any
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - secure
Version Number - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
Outputs
All input properties are implicitly available as output properties. Additionally, the GenericResource resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing GenericResource Resource
Get an existing GenericResource resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GenericResourceState, opts?: CustomResourceOptions): GenericResource@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_ui_updates: Optional[bool] = None,
manager_identity: Optional[str] = None,
manifest: Optional[Any] = None,
secure: Optional[Any] = None,
secure_version: Optional[int] = None) -> GenericResourcefunc GetGenericResource(ctx *Context, name string, id IDInput, state *GenericResourceState, opts ...ResourceOption) (*GenericResource, error)public static GenericResource Get(string name, Input<string> id, GenericResourceState? state, CustomResourceOptions? opts = null)public static GenericResource get(String name, Output<String> id, GenericResourceState state, CustomResourceOptions options)resources: _: type: grafana:apps:GenericResource get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Ui boolUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - Manager
Identity string - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- Manifest object
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - Secure object
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - Secure
Version int - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- Allow
Ui boolUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - Manager
Identity string - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- Manifest interface{}
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - Secure interface{}
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - Secure
Version int - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- allow
Ui BooleanUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - manager
Identity String - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- manifest Object
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - secure Object
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - secure
Version Integer - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- allow
Ui booleanUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - manager
Identity string - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- manifest any
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - secure any
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - secure
Version number - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- allow_
ui_ boolupdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - manager_
identity str - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- manifest Any
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - secure Any
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - secure_
version int - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
- allow
Ui BooleanUpdates - Whether the resource can be edited from the Grafana UI. Defaults to
false— Terraform-managed resources are locked from UI edits unless you opt in. Set totrueto allow UI modifications; not supported by all resources. - manager
Identity String - Override the identity stamped on this resource's manager metadata. Defaults to "grafana-terraform-provider". Use this to distinguish resources managed by different Terraform workspaces targeting the same Grafana instance.
- manifest Any
- Kubernetes-style manifest, typically from
yamldecode(file(...))orjsondecode(file(...)). Must containapiVersion,kind,metadata(withnameoruid), andspec. Use HCLmerge()to inject Terraform variables. If you start from an exported manifest, remove noisy server-managed metadata such asresourceVersion,generation, andmanagedFields, or import the resource first and use the normalized state shape. Ifmetadata.namespaceis set, it must match the namespace selected from providerorgIdorstackId/ autodiscovery. Top-level manifest fields are limited toapiVersion,kind,metadata,spec, and the ignoredstatusfield. Thesecurefield must not be set here; use the top-levelsecureargument instead. - secure Any
- NOTE: This field is write-only and its value will not be updated in state as part of read operations.
Write-only secure values map. Each key must contain exactly one of
createorname; empty objects are invalid. - secure
Version Number - Set this to 1 when using
secure, then increment it whenever you want Terraform to re-apply secure values.
Import
Import uses the format <api_group>/<version>/<kind>/<object_name>:
$ pulumi import grafana:apps/genericResource:GenericResource example provisioning.grafana.app/v1beta1/Repository/platform-repo
After import, add secure and secureVersion back manually because write-only arguments are not stored in state.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- grafana pulumiverse/pulumi-grafana
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
grafanaTerraform Provider.
Viewing docs for Grafana v2.28.0
published on Wednesday, Apr 29, 2026 by pulumiverse
published on Wednesday, Apr 29, 2026 by pulumiverse
