Grafana v2.18.0 published on Wednesday, Dec 3, 2025 by pulumiverse
Grafana v2.18.0 published on Wednesday, Dec 3, 2025 by pulumiverse
Manages and rotates service account tokens of a Grafana Cloud stack using the Cloud API This can be used to bootstrap a management service account token for a new stack
Required access policy scopes:
- stack-service-accounts:write
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as grafana from "@pulumiverse/grafana";
const cloudSa = new grafana.cloud.StackServiceAccount("cloud_sa", {
stackSlug: "<your stack slug>",
name: "cloud service account",
role: "Admin",
isDisabled: false,
});
const foo = new grafana.cloud.StackServiceAccountRotatingToken("foo", {
stackSlug: "<your stack slug>",
namePrefix: "key_foo",
serviceAccountId: cloudSa.id,
secondsToLive: 7776000,
earlyRotationWindowSeconds: 604800,
});
export const serviceAccountTokenFooKey = fooGrafanaCloudStackServiceAccountToken.key;
import pulumi
import pulumiverse_grafana as grafana
cloud_sa = grafana.cloud.StackServiceAccount("cloud_sa",
stack_slug="<your stack slug>",
name="cloud service account",
role="Admin",
is_disabled=False)
foo = grafana.cloud.StackServiceAccountRotatingToken("foo",
stack_slug="<your stack slug>",
name_prefix="key_foo",
service_account_id=cloud_sa.id,
seconds_to_live=7776000,
early_rotation_window_seconds=604800)
pulumi.export("serviceAccountTokenFooKey", foo_grafana_cloud_stack_service_account_token["key"])
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-grafana/sdk/v2/go/grafana/cloud"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cloudSa, err := cloud.NewStackServiceAccount(ctx, "cloud_sa", &cloud.StackServiceAccountArgs{
StackSlug: pulumi.String("<your stack slug>"),
Name: pulumi.String("cloud service account"),
Role: pulumi.String("Admin"),
IsDisabled: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = cloud.NewStackServiceAccountRotatingToken(ctx, "foo", &cloud.StackServiceAccountRotatingTokenArgs{
StackSlug: pulumi.String("<your stack slug>"),
NamePrefix: pulumi.String("key_foo"),
ServiceAccountId: cloudSa.ID(),
SecondsToLive: pulumi.Int(7776000),
EarlyRotationWindowSeconds: pulumi.Int(604800),
})
if err != nil {
return err
}
ctx.Export("serviceAccountTokenFooKey", fooGrafanaCloudStackServiceAccountToken.Key)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Grafana = Pulumiverse.Grafana;
return await Deployment.RunAsync(() =>
{
var cloudSa = new Grafana.Cloud.StackServiceAccount("cloud_sa", new()
{
StackSlug = "<your stack slug>",
Name = "cloud service account",
Role = "Admin",
IsDisabled = false,
});
var foo = new Grafana.Cloud.StackServiceAccountRotatingToken("foo", new()
{
StackSlug = "<your stack slug>",
NamePrefix = "key_foo",
ServiceAccountId = cloudSa.Id,
SecondsToLive = 7776000,
EarlyRotationWindowSeconds = 604800,
});
return new Dictionary<string, object?>
{
["serviceAccountTokenFooKey"] = fooGrafanaCloudStackServiceAccountToken.Key,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.grafana.cloud.StackServiceAccount;
import com.pulumi.grafana.cloud.StackServiceAccountArgs;
import com.pulumi.grafana.cloud.StackServiceAccountRotatingToken;
import com.pulumi.grafana.cloud.StackServiceAccountRotatingTokenArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudSa = new StackServiceAccount("cloudSa", StackServiceAccountArgs.builder()
.stackSlug("<your stack slug>")
.name("cloud service account")
.role("Admin")
.isDisabled(false)
.build());
var foo = new StackServiceAccountRotatingToken("foo", StackServiceAccountRotatingTokenArgs.builder()
.stackSlug("<your stack slug>")
.namePrefix("key_foo")
.serviceAccountId(cloudSa.id())
.secondsToLive(7776000)
.earlyRotationWindowSeconds(604800)
.build());
ctx.export("serviceAccountTokenFooKey", fooGrafanaCloudStackServiceAccountToken.key());
}
}
resources:
cloudSa:
type: grafana:cloud:StackServiceAccount
name: cloud_sa
properties:
stackSlug: <your stack slug>
name: cloud service account
role: Admin
isDisabled: false
foo:
type: grafana:cloud:StackServiceAccountRotatingToken
properties:
stackSlug: <your stack slug>
namePrefix: key_foo
serviceAccountId: ${cloudSa.id}
secondsToLive: 7.776e+06 # 3 months
earlyRotationWindowSeconds: 604800 # 1 week
outputs:
serviceAccountTokenFooKey: ${fooGrafanaCloudStackServiceAccountToken.key}
Create StackServiceAccountRotatingToken Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new StackServiceAccountRotatingToken(name: string, args: StackServiceAccountRotatingTokenArgs, opts?: CustomResourceOptions);@overload
def StackServiceAccountRotatingToken(resource_name: str,
args: StackServiceAccountRotatingTokenArgs,
opts: Optional[ResourceOptions] = None)
@overload
def StackServiceAccountRotatingToken(resource_name: str,
opts: Optional[ResourceOptions] = None,
early_rotation_window_seconds: Optional[int] = None,
name_prefix: Optional[str] = None,
seconds_to_live: Optional[int] = None,
service_account_id: Optional[str] = None,
stack_slug: Optional[str] = None,
delete_on_destroy: Optional[bool] = None)func NewStackServiceAccountRotatingToken(ctx *Context, name string, args StackServiceAccountRotatingTokenArgs, opts ...ResourceOption) (*StackServiceAccountRotatingToken, error)public StackServiceAccountRotatingToken(string name, StackServiceAccountRotatingTokenArgs args, CustomResourceOptions? opts = null)
public StackServiceAccountRotatingToken(String name, StackServiceAccountRotatingTokenArgs args)
public StackServiceAccountRotatingToken(String name, StackServiceAccountRotatingTokenArgs args, CustomResourceOptions options)
type: grafana:cloud:StackServiceAccountRotatingToken
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args StackServiceAccountRotatingTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args StackServiceAccountRotatingTokenArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args StackServiceAccountRotatingTokenArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args StackServiceAccountRotatingTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args StackServiceAccountRotatingTokenArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var stackServiceAccountRotatingTokenResource = new Grafana.Cloud.StackServiceAccountRotatingToken("stackServiceAccountRotatingTokenResource", new()
{
EarlyRotationWindowSeconds = 0,
NamePrefix = "string",
SecondsToLive = 0,
ServiceAccountId = "string",
StackSlug = "string",
DeleteOnDestroy = false,
});
example, err := cloud.NewStackServiceAccountRotatingToken(ctx, "stackServiceAccountRotatingTokenResource", &cloud.StackServiceAccountRotatingTokenArgs{
EarlyRotationWindowSeconds: pulumi.Int(0),
NamePrefix: pulumi.String("string"),
SecondsToLive: pulumi.Int(0),
ServiceAccountId: pulumi.String("string"),
StackSlug: pulumi.String("string"),
DeleteOnDestroy: pulumi.Bool(false),
})
var stackServiceAccountRotatingTokenResource = new StackServiceAccountRotatingToken("stackServiceAccountRotatingTokenResource", StackServiceAccountRotatingTokenArgs.builder()
.earlyRotationWindowSeconds(0)
.namePrefix("string")
.secondsToLive(0)
.serviceAccountId("string")
.stackSlug("string")
.deleteOnDestroy(false)
.build());
stack_service_account_rotating_token_resource = grafana.cloud.StackServiceAccountRotatingToken("stackServiceAccountRotatingTokenResource",
early_rotation_window_seconds=0,
name_prefix="string",
seconds_to_live=0,
service_account_id="string",
stack_slug="string",
delete_on_destroy=False)
const stackServiceAccountRotatingTokenResource = new grafana.cloud.StackServiceAccountRotatingToken("stackServiceAccountRotatingTokenResource", {
earlyRotationWindowSeconds: 0,
namePrefix: "string",
secondsToLive: 0,
serviceAccountId: "string",
stackSlug: "string",
deleteOnDestroy: false,
});
type: grafana:cloud:StackServiceAccountRotatingToken
properties:
deleteOnDestroy: false
earlyRotationWindowSeconds: 0
namePrefix: string
secondsToLive: 0
serviceAccountId: string
stackSlug: string
StackServiceAccountRotatingToken Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The StackServiceAccountRotatingToken resource accepts the following input properties:
- Early
Rotation intWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- Name
Prefix string - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - Seconds
To intLive - The token expiration in seconds.
- Service
Account stringId - The ID of the service account to which the token belongs.
- Stack
Slug string - Delete
On boolDestroy
- Early
Rotation intWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- Name
Prefix string - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - Seconds
To intLive - The token expiration in seconds.
- Service
Account stringId - The ID of the service account to which the token belongs.
- Stack
Slug string - Delete
On boolDestroy
- early
Rotation IntegerWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- name
Prefix String - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - seconds
To IntegerLive - The token expiration in seconds.
- service
Account StringId - The ID of the service account to which the token belongs.
- stack
Slug String - delete
On BooleanDestroy
- early
Rotation numberWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- name
Prefix string - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - seconds
To numberLive - The token expiration in seconds.
- service
Account stringId - The ID of the service account to which the token belongs.
- stack
Slug string - delete
On booleanDestroy
- early_
rotation_ intwindow_ seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- name_
prefix str - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - seconds_
to_ intlive - The token expiration in seconds.
- service_
account_ strid - The ID of the service account to which the token belongs.
- stack_
slug str - delete_
on_ booldestroy
- early
Rotation NumberWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- name
Prefix String - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - seconds
To NumberLive - The token expiration in seconds.
- service
Account StringId - The ID of the service account to which the token belongs.
- stack
Slug String - delete
On BooleanDestroy
Outputs
All input properties are implicitly available as output properties. Additionally, the StackServiceAccountRotatingToken resource produces the following output properties:
- Expiration string
- The expiration date of the service account token.
- Has
Expired bool - The status of the service account token.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key string
- The key of the service account token.
- Name string
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - Ready
For boolRotation - Signals that the service account token is expired or within the period to be early rotated.
- Expiration string
- The expiration date of the service account token.
- Has
Expired bool - The status of the service account token.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key string
- The key of the service account token.
- Name string
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - Ready
For boolRotation - Signals that the service account token is expired or within the period to be early rotated.
- expiration String
- The expiration date of the service account token.
- has
Expired Boolean - The status of the service account token.
- id String
- The provider-assigned unique ID for this managed resource.
- key String
- The key of the service account token.
- name String
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - ready
For BooleanRotation - Signals that the service account token is expired or within the period to be early rotated.
- expiration string
- The expiration date of the service account token.
- has
Expired boolean - The status of the service account token.
- id string
- The provider-assigned unique ID for this managed resource.
- key string
- The key of the service account token.
- name string
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - ready
For booleanRotation - Signals that the service account token is expired or within the period to be early rotated.
- expiration str
- The expiration date of the service account token.
- has_
expired bool - The status of the service account token.
- id str
- The provider-assigned unique ID for this managed resource.
- key str
- The key of the service account token.
- name str
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - ready_
for_ boolrotation - Signals that the service account token is expired or within the period to be early rotated.
- expiration String
- The expiration date of the service account token.
- has
Expired Boolean - The status of the service account token.
- id String
- The provider-assigned unique ID for this managed resource.
- key String
- The key of the service account token.
- name String
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - ready
For BooleanRotation - Signals that the service account token is expired or within the period to be early rotated.
Look up Existing StackServiceAccountRotatingToken Resource
Get an existing StackServiceAccountRotatingToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: StackServiceAccountRotatingTokenState, opts?: CustomResourceOptions): StackServiceAccountRotatingToken@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
delete_on_destroy: Optional[bool] = None,
early_rotation_window_seconds: Optional[int] = None,
expiration: Optional[str] = None,
has_expired: Optional[bool] = None,
key: Optional[str] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
ready_for_rotation: Optional[bool] = None,
seconds_to_live: Optional[int] = None,
service_account_id: Optional[str] = None,
stack_slug: Optional[str] = None) -> StackServiceAccountRotatingTokenfunc GetStackServiceAccountRotatingToken(ctx *Context, name string, id IDInput, state *StackServiceAccountRotatingTokenState, opts ...ResourceOption) (*StackServiceAccountRotatingToken, error)public static StackServiceAccountRotatingToken Get(string name, Input<string> id, StackServiceAccountRotatingTokenState? state, CustomResourceOptions? opts = null)public static StackServiceAccountRotatingToken get(String name, Output<String> id, StackServiceAccountRotatingTokenState state, CustomResourceOptions options)resources: _: type: grafana:cloud:StackServiceAccountRotatingToken get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Delete
On boolDestroy - Early
Rotation intWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- Expiration string
- The expiration date of the service account token.
- Has
Expired bool - The status of the service account token.
- Key string
- The key of the service account token.
- Name string
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - Name
Prefix string - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - Ready
For boolRotation - Signals that the service account token is expired or within the period to be early rotated.
- Seconds
To intLive - The token expiration in seconds.
- Service
Account stringId - The ID of the service account to which the token belongs.
- Stack
Slug string
- Delete
On boolDestroy - Early
Rotation intWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- Expiration string
- The expiration date of the service account token.
- Has
Expired bool - The status of the service account token.
- Key string
- The key of the service account token.
- Name string
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - Name
Prefix string - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - Ready
For boolRotation - Signals that the service account token is expired or within the period to be early rotated.
- Seconds
To intLive - The token expiration in seconds.
- Service
Account stringId - The ID of the service account to which the token belongs.
- Stack
Slug string
- delete
On BooleanDestroy - early
Rotation IntegerWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- expiration String
- The expiration date of the service account token.
- has
Expired Boolean - The status of the service account token.
- key String
- The key of the service account token.
- name String
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - name
Prefix String - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - ready
For BooleanRotation - Signals that the service account token is expired or within the period to be early rotated.
- seconds
To IntegerLive - The token expiration in seconds.
- service
Account StringId - The ID of the service account to which the token belongs.
- stack
Slug String
- delete
On booleanDestroy - early
Rotation numberWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- expiration string
- The expiration date of the service account token.
- has
Expired boolean - The status of the service account token.
- key string
- The key of the service account token.
- name string
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - name
Prefix string - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - ready
For booleanRotation - Signals that the service account token is expired or within the period to be early rotated.
- seconds
To numberLive - The token expiration in seconds.
- service
Account stringId - The ID of the service account to which the token belongs.
- stack
Slug string
- delete_
on_ booldestroy - early_
rotation_ intwindow_ seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- expiration str
- The expiration date of the service account token.
- has_
expired bool - The status of the service account token.
- key str
- The key of the service account token.
- name str
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - name_
prefix str - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - ready_
for_ boolrotation - Signals that the service account token is expired or within the period to be early rotated.
- seconds_
to_ intlive - The token expiration in seconds.
- service_
account_ strid - The ID of the service account to which the token belongs.
- stack_
slug str
- delete
On BooleanDestroy - early
Rotation NumberWindow Seconds - Duration of the time window before expiring where the token can be rotated, in seconds.
- expiration String
- The expiration date of the service account token.
- has
Expired Boolean - The status of the service account token.
- key String
- The key of the service account token.
- name String
- The name of the service account token. It will start with
<name_prefix>-and will have characters appended to it to make the name unique. - name
Prefix String - Prefix for the name of the service account tokens created by this resource. The actual name will be stored in the computed field
name, which will be in the format<name_prefix>-<additional_characters>. - ready
For BooleanRotation - Signals that the service account token is expired or within the period to be early rotated.
- seconds
To NumberLive - The token expiration in seconds.
- service
Account StringId - The ID of the service account to which the token belongs.
- stack
Slug String
Package Details
- Repository
- grafana pulumiverse/pulumi-grafana
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
grafanaTerraform Provider.
Grafana v2.18.0 published on Wednesday, Dec 3, 2025 by pulumiverse
