feat: add dashboards grafana as syncroot

[arealmaas]

Description

Related Issue(s)

• #N/A

Summary by CodeRabbit

• Chores
  • Infrastructure configuration updated to add a new dashboard source repository ("altinn-dashboards-grafana") for synchronization; configured to track the main branch with no environments specified.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1db88804-29c5-4261-be46-25d467b88aa3

📥 Commits

Reviewing files that changed from the base of the PR and between b8400ff and 4752d79.

📒 Files selected for processing (1)

• infrastructure/syncroots/terraform.tfvars.json

🚧 Files skipped from review as they are similar to previous changes (1)

• infrastructure/syncroots/terraform.tfvars.json

---

📝 Walkthrough

Walkthrough

Adds a new syncroot source repository entry named dashboardsgrafana to infrastructure/syncroots/terraform.tfvars.json, setting repo_name to altinn-dashboards-grafana, environments to [], and branches to ["main"].

Changes

Dashboards-Grafana Syncroot Configuration

Layer / File(s)	Summary
Add dashboards-grafana syncroot repository entry infrastructure/syncroots/terraform.tfvars.json	A new repository configuration block for dashboardsgrafana is added under product_syncroot_source_repos, specifying altinn-dashboards-grafana as repo_name, an empty environments array, and branches: ["main"].

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Altinn/altinn-platform#3662: Adds a similar syncroot source repository entry for altinn-studio to the same configuration file.

Suggested reviewers

• bengtfredh

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add dashboards grafana as syncroot' directly and accurately describes the main change in the pull request: adding a new Grafana dashboards entry to the syncroot configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/add-grafana-dashbaords-syncroot

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@infrastructure/syncroots/terraform.tfvars.json`:
- Around line 44-50: The map key "dashboards-grafana" violates the
alphanumeric-only validation (see variables.tf regex("^[a-zA-Z0-9]+$")); rename
the map key to an alphanumeric-only identifier (e.g., "dashboardsgrafana" or
"dashboardsgrafana") while leaving the repo_name "altinn-dashboards-grafana"
unchanged, and update any references to the old key in code that reads this map
(search for "dashboards-grafana" and replace with the new key) to ensure
consistency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d53b61ba-952f-4685-a39b-a90d9e041632

📥 Commits

Reviewing files that changed from the base of the PR and between 6e9efb2 and b8400ff.

📒 Files selected for processing (1)

• infrastructure/syncroots/terraform.tfvars.json

[github-actions]

Terraform environment prod

Initialization ⚙️success

Format and Style 🖌success

Validation 🤖success

Validation Output

Success! The configuration is valid.

Plan 📖success

Show Plan

[Lines containing Refreshing state removed]
[Truncated to 120000 bytes! See logoutput for complete plan]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.syncroot_github_repo["dashboardsgrafana"].azurerm_federated_identity_credential.syncroot_pusher_branches["main"] will be created
  + resource "azurerm_federated_identity_credential" "syncroot_pusher_branches" {
      + audience                  = [
          + "api://AzureADTokenExchange",
        ]
      + id                        = (known after apply)
      + issuer                    = "https://token.actions.githubusercontent.com"
      + name                      = "Altinn-altinn-dashboards-grafana-ref-main"
      + parent_id                 = (known after apply)
      + resource_group_name       = "DIS_github_altinn_uami-rg"
      + subject                   = "repo:Altinn/altinn-dashboards-grafana:ref:refs/heads/main"
      + user_assigned_identity_id = (known after apply)
    }

  # module.syncroot_github_repo["dashboardsgrafana"].azurerm_role_assignment.altinncr_pusher will be created
  + resource "azurerm_role_assignment" "altinncr_pusher" {
      + condition_version                = (known after apply)
      + id                               = (known after apply)
      + name                             = "26efaafd-269a-5b93-a90a-d0eb1555a798"
      + principal_id                     = (known after apply)
      + principal_type                   = "ServicePrincipal"
      + role_definition_id               = (known after apply)
      + role_definition_name             = "AcrPush"
      + scope                            = "/subscriptions/a6e9ee7d-2b65-41e1-adfb-0c8c23515cf9/resourceGroups/acr/providers/Microsoft.ContainerRegistry/registries/altinncr"
      + skip_service_principal_aad_check = true
    }

  # module.syncroot_github_repo["dashboardsgrafana"].azurerm_role_assignment.altinncr_repo_writer will be created
  + resource "azurerm_role_assignment" "altinncr_repo_writer" {
      + condition                        = "((!(ActionMatches{'Microsoft.ContainerRegistry/registries/repositories/content/write'}) AND !(ActionMatches{'Microsoft.ContainerRegistry/registries/repositories/metadata/write'})) OR (@Request[Microsoft.ContainerRegistry/registries/repositories:name] StringStartsWith 'dashboardsgrafana/'))"
      + condition_version                = "2.0"
      + id                               = (known after apply)
      + name                             = "c1f43025-e896-5254-9480-bc35f352fcf4"
      + principal_id                     = (known after apply)
      + principal_type                   = "ServicePrincipal"
      + role_definition_id               = (known after apply)
      + role_definition_name             = "Container Registry Repository Writer"
      + scope                            = "/subscriptions/a6e9ee7d-2b65-41e1-adfb-0c8c23515cf9/resourceGroups/acr/providers/Microsoft.ContainerRegistry/registries/altinncr"
      + skip_service_principal_aad_check = true
    }

  # module.syncroot_github_repo["dashboardsgrafana"].azurerm_user_assigned_identity.syncroot_pusher will be created
  + resource "azurerm_user_assigned_identity" "syncroot_pusher" {
      + client_id           = (known after apply)
      + id                  = (known after apply)
      + location            = "norwayeast"
      + name                = "Altinn-altinn-dashboards-grafana-dashboardsgrafana-syncroot"
      + principal_id        = (known after apply)
      + resource_group_name = "DIS_github_altinn_uami-rg"
      + tags                = {
          + "env"                      = "prod"
          + "finops_environment"       = "prod"
          + "finops_product"           = "dis"
          + "finops_serviceownercode"  = null
          + "finops_serviceownerorgnr" = null
          + "org"                      = null
          + "product"                  = "dashboardsgrafana"
          + "repository"               = "https://github.com/Altinn/altinn-platform"
          + "submodule"                = "oidc-syncroot-pusher"
        }
      + tenant_id           = (known after apply)
    }

  # module.syncroot_github_repo["dashboardsgrafana"].github_actions_secret.azure_client_id will be created
  + resource "github_actions_secret" "azure_client_id" {
      + created_at        = (known after apply)
      + id                = (known after apply)
      + key_id            = (known after apply)
      + plaintext_value   = (sensitive value)
      + remote_updated_at = (known after apply)
      + repository        = "altinn-dashboards-grafana"
      + repository_id     = (known after apply)
      + secret_name       = "DIS_SYNCROOT_AZURE_CLIENT_ID"
      + updated_at        = (known after apply)
    }

  # module.syncroot_github_repo["dashboardsgrafana"].github_actions_secret.azure_subscription_id will be created
  + resource "github_actions_secret" "azure_subscription_id" {
      + created_at        = (known after apply)
      + id                = (known after apply)
      + key_id            = (known after apply)
      + plaintext_value   = (sensitive value)
      + remote_updated_at = (known after apply)
      + repository        = "altinn-dashboards-grafana"
      + repository_id     = (known after apply)
      + secret_name       = "DIS_SYNCROOT_AZURE_SUBSCRIPTION_ID"
      + updated_at        = (known after apply)
    }

  # module.syncroot_github_repo["dashboardsgrafana"].github_actions_secret.azure_tenant_id will be created
  + resource "github_actions_secret" "azure_tenant_id" {
      + created_at        = (known after apply)
      + id                = (known after apply)
      + key_id            = (known after apply)
      + plaintext_value   = (sensitive value)
      + remote_updated_at = (known after apply)
      + repository        = "altinn-dashboards-grafana"
      + repository_id     = (known after apply)
      + secret_name       = "DIS_SYNCROOT_AZURE_TENANT_ID"
      + updated_at        = (known after apply)
    }

Plan: 7 to add, 0 to change, 0 to destroy.

Warning: Argument is deprecated

  with module.syncroot_github_repo["infoportal"].azurerm_federated_identity_credential.syncroot_pusher_envs["at22"],
  on ../modules/syncroot-github-repo/azure-identity.tf line 14, in resource "azurerm_federated_identity_credential" "syncroot_pusher_envs":
  14:   resource_group_name = var.resource_group_name

This field is no longer used and will be removed in the next major version of
the Azure Provider

(and 6 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan.out

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan.out"

Context	Values
Pusher	@arealmaas
Action	pull_request
Working Directory	./infrastructure/syncroots
State File	github.com/altinn/altinn-platform/environments/prod/syncroots.tfstate
Plan File	github.com_altinn_altinn-platform_environments_prod_syncroots.tfstate.tfplan

[github-actions]

Terraform environment prod

Initialization ⚙️success

Format and Style 🖌success

Validation 🤖success

Validation Output

Success! The configuration is valid.

Plan 📖success

Show Plan

[Lines containing Refreshing state removed]
[Truncated to 120000 bytes! See logoutput for complete plan]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.syncroot_github_repo["dashboardsgrafana"].azurerm_federated_identity_credential.syncroot_pusher_branches["main"] will be created
  + resource "azurerm_federated_identity_credential" "syncroot_pusher_branches" {
      + audience                  = [
          + "api://AzureADTokenExchange",
        ]
      + id                        = (known after apply)
      + issuer                    = "https://token.actions.githubusercontent.com"
      + name                      = "Altinn-altinn-dashboards-grafana-ref-main"
      + parent_id                 = (known after apply)
      + resource_group_name       = "DIS_github_altinn_uami-rg"
      + subject                   = "repo:Altinn/altinn-dashboards-grafana:ref:refs/heads/main"
      + user_assigned_identity_id = (known after apply)
    }

  # module.syncroot_github_repo["dashboardsgrafana"].azurerm_role_assignment.altinncr_pusher will be created
  + resource "azurerm_role_assignment" "altinncr_pusher" {
      + condition_version                = (known after apply)
      + id                               = (known after apply)
      + name                             = "26efaafd-269a-5b93-a90a-d0eb1555a798"
      + principal_id                     = (known after apply)
      + principal_type                   = "ServicePrincipal"
      + role_definition_id               = (known after apply)
      + role_definition_name             = "AcrPush"
      + scope                            = "/subscriptions/a6e9ee7d-2b65-41e1-adfb-0c8c23515cf9/resourceGroups/acr/providers/Microsoft.ContainerRegistry/registries/altinncr"
      + skip_service_principal_aad_check = true
    }

  # module.syncroot_github_repo["dashboardsgrafana"].azurerm_role_assignment.altinncr_repo_writer will be created
  + resource "azurerm_role_assignment" "altinncr_repo_writer" {
      + condition                        = "((!(ActionMatches{'Microsoft.ContainerRegistry/registries/repositories/content/write'}) AND !(ActionMatches{'Microsoft.ContainerRegistry/registries/repositories/metadata/write'})) OR (@Request[Microsoft.ContainerRegistry/registries/repositories:name] StringStartsWith 'dashboardsgrafana/'))"
      + condition_version                = "2.0"
      + id                               = (known after apply)
      + name                             = "c1f43025-e896-5254-9480-bc35f352fcf4"
      + principal_id                     = (known after apply)
      + principal_type                   = "ServicePrincipal"
      + role_definition_id               = (known after apply)
      + role_definition_name             = "Container Registry Repository Writer"
      + scope                            = "/subscriptions/a6e9ee7d-2b65-41e1-adfb-0c8c23515cf9/resourceGroups/acr/providers/Microsoft.ContainerRegistry/registries/altinncr"
      + skip_service_principal_aad_check = true
    }

  # module.syncroot_github_repo["dashboardsgrafana"].azurerm_user_assigned_identity.syncroot_pusher will be created
  + resource "azurerm_user_assigned_identity" "syncroot_pusher" {
      + client_id           = (known after apply)
      + id                  = (known after apply)
      + location            = "norwayeast"
      + name                = "Altinn-altinn-dashboards-grafana-dashboardsgrafana-syncroot"
      + principal_id        = (known after apply)
      + resource_group_name = "DIS_github_altinn_uami-rg"
      + tags                = {
          + "env"                      = "prod"
          + "finops_environment"       = "prod"
          + "finops_product"           = "dis"
          + "finops_serviceownercode"  = null
          + "finops_serviceownerorgnr" = null
          + "org"                      = null
          + "product"                  = "dashboardsgrafana"
          + "repository"               = "https://github.com/Altinn/altinn-platform"
          + "submodule"                = "oidc-syncroot-pusher"
        }
      + tenant_id           = (known after apply)
    }

  # module.syncroot_github_repo["dashboardsgrafana"].github_actions_secret.azure_client_id will be created
  + resource "github_actions_secret" "azure_client_id" {
      + created_at        = (known after apply)
      + id                = (known after apply)
      + key_id            = (known after apply)
      + plaintext_value   = (sensitive value)
      + remote_updated_at = (known after apply)
      + repository        = "altinn-dashboards-grafana"
      + repository_id     = (known after apply)
      + secret_name       = "DIS_SYNCROOT_AZURE_CLIENT_ID"
      + updated_at        = (known after apply)
    }

  # module.syncroot_github_repo["dashboardsgrafana"].github_actions_secret.azure_subscription_id will be created
  + resource "github_actions_secret" "azure_subscription_id" {
      + created_at        = (known after apply)
      + id                = (known after apply)
      + key_id            = (known after apply)
      + plaintext_value   = (sensitive value)
      + remote_updated_at = (known after apply)
      + repository        = "altinn-dashboards-grafana"
      + repository_id     = (known after apply)
      + secret_name       = "DIS_SYNCROOT_AZURE_SUBSCRIPTION_ID"
      + updated_at        = (known after apply)
    }

  # module.syncroot_github_repo["dashboardsgrafana"].github_actions_secret.azure_tenant_id will be created
  + resource "github_actions_secret" "azure_tenant_id" {
      + created_at        = (known after apply)
      + id                = (known after apply)
      + key_id            = (known after apply)
      + plaintext_value   = (sensitive value)
      + remote_updated_at = (known after apply)
      + repository        = "altinn-dashboards-grafana"
      + repository_id     = (known after apply)
      + secret_name       = "DIS_SYNCROOT_AZURE_TENANT_ID"
      + updated_at        = (known after apply)
    }

Plan: 7 to add, 0 to change, 0 to destroy.

Warning: Argument is deprecated

  with module.syncroot_github_repo["studio"].azurerm_federated_identity_credential.syncroot_pusher_envs["adminservices_prod"],
  on ../modules/syncroot-github-repo/azure-identity.tf line 14, in resource "azurerm_federated_identity_credential" "syncroot_pusher_envs":
  14:   resource_group_name = var.resource_group_name

This field is no longer used and will be removed in the next major version of
the Azure Provider

(and 6 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan.out

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan.out"

Context	Values
Pusher	@arealmaas
Action	push
Working Directory	./infrastructure/syncroots
State File	github.com/altinn/altinn-platform/environments/prod/syncroots.tfstate
Plan File	github.com_altinn_altinn-platform_environments_prod_syncroots.tfstate.tfplan