Describe the cloud access policy scopes needed for each resource (#1381)

Closes #1365

docs/resources/cloud_access_policy.md

@@ -4,13 +4,21 @@ page_title: "grafana_cloud_access_policy Resource - terraform-provider-grafana"
 subcategory: "Cloud"
 description: |-
   Official documentation https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/API documentation https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-an-access-policy
+  Required access policy scopes:
+  accesspolicies:readaccesspolicies:writeaccesspolicies:delete
 ---
 
 # grafana_cloud_access_policy (Resource)
 
 * [Official documentation](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/)
 * [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-an-access-policy)
 
+Required access policy scopes:
+
+* accesspolicies:read
+* accesspolicies:write
+* accesspolicies:delete
+
 ## Example Usage
 
 ```terraform

docs/resources/cloud_access_policy_token.md

@@ -4,13 +4,21 @@ page_title: "grafana_cloud_access_policy_token Resource - terraform-provider-gra
 subcategory: "Cloud"
 description: |-
   Official documentation https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/API documentation https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-a-token
+  Required access policy scopes:
+  accesspolicies:readaccesspolicies:writeaccesspolicies:delete
 ---
 
 # grafana_cloud_access_policy_token (Resource)
 
 * [Official documentation](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/)
 * [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-a-token)
 
+Required access policy scopes:
+
+* accesspolicies:read
+* accesspolicies:write
+* accesspolicies:delete
+
 ## Example Usage
 
 ```terraform

docs/resources/cloud_api_key.md

@@ -6,6 +6,8 @@ description: |-
   This resource is deprecated and will be removed in a future release. Please use grafanacloudaccess_policy instead.
   Manages a single API key on the Grafana Cloud portal (on the organization level)
   * API documentation https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#api-keys
+  Required access policy scopes:
+  api-keys:readapi-keys:writeapi-keys:delete
 ---
 
 # grafana_cloud_api_key (Resource)
@@ -15,6 +17,12 @@ This resource is deprecated and will be removed in a future release. Please use
 Manages a single API key on the Grafana Cloud portal (on the organization level)
 * [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#api-keys)
 
+Required access policy scopes:
+
+* api-keys:read
+* api-keys:write
+* api-keys:delete
+
 ## Example Usage
 
 ```terraform

docs/resources/cloud_plugin_installation.md

@@ -5,6 +5,8 @@ subcategory: "Cloud"
 description: |-
   Manages Grafana Cloud Plugin Installations.
   Plugin Catalog https://grafana.com/grafana/plugins/
+  Required access policy scopes:
+  stack-plugins:readstack-plugins:writestack-plugins:delete
 ---
 
 # grafana_cloud_plugin_installation (Resource)
@@ -13,6 +15,12 @@ Manages Grafana Cloud Plugin Installations.
 
 * [Plugin Catalog](https://grafana.com/grafana/plugins/)
 
+Required access policy scopes:
+
+* stack-plugins:read
+* stack-plugins:write
+* stack-plugins:delete
+
 ## Example Usage
 
 ```terraform

docs/resources/cloud_stack.md

@@ -4,12 +4,20 @@ page_title: "grafana_cloud_stack Resource - terraform-provider-grafana"
 subcategory: "Cloud"
 description: |-
   Official documentation https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#stacks/
+  Required access policy scopes:
+  stacks:readstacks:writestacks:delete
 ---
 
 # grafana_cloud_stack (Resource)
 
 * [Official documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#stacks/)
 
+Required access policy scopes:
+
+* stacks:read
+* stacks:write
+* stacks:delete
+
 ## Example Usage
 
 ```terraform

docs/resources/cloud_stack_api_key.md

@@ -6,6 +6,8 @@ description: |-
   Manages API keys of a Grafana Cloud stack using the Cloud API
   This can be used to bootstrap a management API key for a new stack
   HTTP API https://grafana.com/docs/grafana/latest/developers/http_api/auth/
+  Required access policy scopes:
+  stack-api-keys:write
   !> Deprecated: please use grafana_cloud_stack_service_account and grafana_cloud_stack_service_account_token instead, see https://grafana.com/docs/grafana/next/administration/api-keys/#migrate-api-keys-to-grafana-service-accounts-using-terraform.
 ---
 
@@ -16,6 +18,10 @@ This can be used to bootstrap a management API key for a new stack
 
 * [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/auth/)
 
+Required access policy scopes:
+
+* stack-api-keys:write
+
 !> Deprecated: please use `grafana_cloud_stack_service_account` and `grafana_cloud_stack_service_account_token` instead, see https://grafana.com/docs/grafana/next/administration/api-keys/#migrate-api-keys-to-grafana-service-accounts-using-terraform.
 
 

docs/resources/cloud_stack_service_account.md

@@ -3,22 +3,25 @@
 page_title: "grafana_cloud_stack_service_account Resource - terraform-provider-grafana"
 subcategory: "Cloud"
 description: |-
-  Note: This resource is available only with Grafana 9.1+.
   Manages service accounts of a Grafana Cloud stack using the Cloud API
   This can be used to bootstrap a management service account for a new stack
   Official documentation https://grafana.com/docs/grafana/latest/administration/service-accounts/HTTP API https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api
+  Required access policy scopes:
+  stack-service-accounts:write
 ---
 
 # grafana_cloud_stack_service_account (Resource)
 
-**Note:** This resource is available only with Grafana 9.1+.
-
 Manages service accounts of a Grafana Cloud stack using the Cloud API
 This can be used to bootstrap a management service account for a new stack
 
 * [Official documentation](https://grafana.com/docs/grafana/latest/administration/service-accounts/)
 * [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api)
 
+Required access policy scopes:
+
+* stack-service-accounts:write
+
 ## Example Usage
 
 ```terraform

docs/resources/cloud_stack_service_account_token.md

@@ -3,22 +3,25 @@
 page_title: "grafana_cloud_stack_service_account_token Resource - terraform-provider-grafana"
 subcategory: "Cloud"
 description: |-
-  Note: This resource is available only with Grafana 9.1+.
   Manages service account tokens of a Grafana Cloud stack using the Cloud API
   This can be used to bootstrap a management service account token for a new stack
   Official documentation https://grafana.com/docs/grafana/latest/administration/service-accounts/HTTP API https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api
+  Required access policy scopes:
+  stack-service-accounts:write
 ---
 
 # grafana_cloud_stack_service_account_token (Resource)
 
-**Note:** This resource is available only with Grafana 9.1+.
-
 Manages service account tokens of a Grafana Cloud stack using the Cloud API
 This can be used to bootstrap a management service account token for a new stack
 
 * [Official documentation](https://grafana.com/docs/grafana/latest/administration/service-accounts/)
 * [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api)
 
+Required access policy scopes:
+
+* stack-service-accounts:write
+
 ## Example Usage
 
 ```terraform

docs/resources/synthetic_monitoring_installation.md

@@ -8,6 +8,8 @@ description: |-
   This resource cannot be imported but it can be used on an existing Synthetic Monitoring installation without issues.
   Note that this resource must be used on a provider configured with Grafana Cloud credentials.
   Official documentation https://grafana.com/docs/grafana-cloud/monitor-public-endpoints/installation/API documentation https://github.com/grafana/synthetic-monitoring-api-go-client/blob/main/docs/API.md#apiv1registerinstall
+  Required access policy scopes:
+  stacks:read
 ---
 
 # grafana_synthetic_monitoring_installation (Resource)
@@ -21,6 +23,10 @@ This resource cannot be imported but it can be used on an existing Synthetic Mon
 * [Official documentation](https://grafana.com/docs/grafana-cloud/monitor-public-endpoints/installation/)
 * [API documentation](https://github.com/grafana/synthetic-monitoring-api-go-client/blob/main/docs/API.md#apiv1registerinstall)
 
+Required access policy scopes:
+
+* stacks:read
+
 ## Example Usage
 
 ```terraform

internal/resources/cloud/resource_cloud_access_policy.go

@@ -20,6 +20,12 @@ func ResourceAccessPolicy() *schema.Resource {
 		Description: `
 * [Official documentation](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/)
 * [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-an-access-policy)
+
+Required access policy scopes:
+
+* accesspolicies:read
+* accesspolicies:write
+* accesspolicies:delete
 `,
 
 		CreateContext: CreateCloudAccessPolicy,

internal/resources/cloud/resource_cloud_access_policy_token.go

@@ -19,6 +19,12 @@ func ResourceAccessPolicyToken() *schema.Resource {
 		Description: `
 * [Official documentation](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/)
 * [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-a-token)
+
+Required access policy scopes:
+
+* accesspolicies:read
+* accesspolicies:write
+* accesspolicies:delete
 `,
 
 		CreateContext: CreateCloudAccessPolicyToken,

internal/resources/cloud/resource_cloud_api_key.go

@@ -20,6 +20,12 @@ func ResourceAPIKey() *schema.Resource {
 
 Manages a single API key on the Grafana Cloud portal (on the organization level)
 * [API documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#api-keys)
+
+Required access policy scopes:
+
+* api-keys:read
+* api-keys:write
+* api-keys:delete
 `,
 		CreateContext: ResourceAPIKeyCreate,
 		ReadContext:   ResourceAPIKeyRead,

internal/resources/cloud/resource_cloud_plugin.go

@@ -16,6 +16,12 @@ func ResourcePluginInstallation() *schema.Resource {
 Manages Grafana Cloud Plugin Installations.
 
 * [Plugin Catalog](https://grafana.com/grafana/plugins/)
+
+Required access policy scopes:
+
+* stack-plugins:read
+* stack-plugins:write
+* stack-plugins:delete
 `,
 		Schema: map[string]*schema.Schema{
 			"stack_slug": {

internal/resources/cloud/resource_cloud_stack.go

@@ -33,6 +33,12 @@ func ResourceStack() *schema.Resource {
 
 		Description: `
 * [Official documentation](https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#stacks/)
+
+Required access policy scopes:
+
+* stacks:read
+* stacks:write
+* stacks:delete
 `,
 
 		CreateContext: CreateStack,

internal/resources/cloud/resource_cloud_stack_api_key.go

@@ -24,6 +24,10 @@ This can be used to bootstrap a management API key for a new stack
 
 * [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/auth/)
 
+Required access policy scopes:
+
+* stack-api-keys:write
+
 !> Deprecated: please use ` + "`grafana_cloud_stack_service_account`" + ` and ` + "`grafana_cloud_stack_service_account_token`" + ` instead, see https://grafana.com/docs/grafana/next/administration/api-keys/#migrate-api-keys-to-grafana-service-accounts-using-terraform.
 `,
 

internal/resources/cloud/resource_cloud_stack_service_account.go

@@ -21,13 +21,16 @@ func ResourceStackServiceAccount() *schema.Resource {
 	return &schema.Resource{
 
 		Description: `
-**Note:** This resource is available only with Grafana 9.1+.
-
 Manages service accounts of a Grafana Cloud stack using the Cloud API
 This can be used to bootstrap a management service account for a new stack
 
 * [Official documentation](https://grafana.com/docs/grafana/latest/administration/service-accounts/)
-* [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api)`,
+* [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api)
+
+Required access policy scopes:
+
+* stack-service-accounts:write
+`,
 
 		CreateContext: createStackServiceAccount,
 		ReadContext:   readStackServiceAccount,

internal/resources/cloud/resource_cloud_stack_service_account_token.go

@@ -16,13 +16,16 @@ import (
 func ResourceStackServiceAccountToken() *schema.Resource {
 	return &schema.Resource{
 		Description: `
-**Note:** This resource is available only with Grafana 9.1+.
-
 Manages service account tokens of a Grafana Cloud stack using the Cloud API
 This can be used to bootstrap a management service account token for a new stack
 
 * [Official documentation](https://grafana.com/docs/grafana/latest/administration/service-accounts/)
-* [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api)`,
+* [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/serviceaccount/#service-account-api)
+
+Required access policy scopes:
+
+* stack-service-accounts:write
+`,
 
 		CreateContext: stackServiceAccountTokenCreate,
 		ReadContext:   stackServiceAccountTokenRead,

internal/resources/cloud/resource_synthetic_monitoring_installation.go

@@ -32,6 +32,10 @@ This resource cannot be imported but it can be used on an existing Synthetic Mon
 
 * [Official documentation](https://grafana.com/docs/grafana-cloud/monitor-public-endpoints/installation/)
 * [API documentation](https://github.com/grafana/synthetic-monitoring-api-go-client/blob/main/docs/API.md#apiv1registerinstall)
+
+Required access policy scopes:
+
+* stacks:read
 `,
 		CreateContext: ResourceInstallationCreate,
 		ReadContext:   ResourceInstallationRead,