[Bug]: wake up on stack URL with SAML SSO

[skwasjer]

Terraform Version

1.9.7

Terraform Grafana Provider Version

>= 3.7

Grafana Version

11.3.0-77046

Affected Resource(s)

• grafana_cloud_stack_service_account

Terraform Configuration Files

We did not change any TF files, only bumped the Grafana terraform provider from 3.6 to 3.7.

But specifically, the error reported below trips on line 41 which is:

resource "grafana_cloud_stack_service_account" "cloud_sa" {
  stack_slug  = grafana_cloud_stack.stack.slug
  name        = "${var.environment}_tf_provider"
  role        = "Admin"
  is_disabled = false
}

Expected Behavior

Planning succeeds and reports no stack difference/drift.

Actual Behavior

Works fine with 3.6 grafana terraform provider, but as soon as I upgrade to version => 3.7, planning takes a long time and eventually always fails.

grafana_cloud_stack.stack: Refreshing state... [id=xxx]
grafana_cloud_stack_service_account.cloud_sa: Refreshing state... [id=xxx:4]
grafana_cloud_access_policy.otlp: Refreshing state... [id=eu:xxx]
grafana_cloud_access_policy_token.otlp: Refreshing state... [id=eu:xxx]

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: error waiting for stack (URL: https://xxx.grafana.net/api/health) to be ready: Get "/login/saml": stopped after 10 redirects
│
│   with grafana_cloud_stack_service_account.cloud_sa,
│   on stack.tf line 41, in resource "grafana_cloud_stack_service_account" "cloud_sa":
│   41: resource "grafana_cloud_stack_service_account" "cloud_sa" {
│
╵

Note: redacted with xxx

Steps to Reproduce

1. change version to 3.7

   terraform {
     required_providers {
       grafana = {
         source  = "grafana/grafana"
         version = "3.7"
       }
     }
   }

2. terraform init -upgrade
3. terraform validate
4. terraform plan -out="./plan.zip" <- fails

Important Factoids

1. We have a SAML SSO configuration in Grafana where Auth0 is our IdP. Under normal circumstances, when hitting the stack URL, the client is redirect to our IdP to authenticate. This configuration is not new, we've been using this for over a year.
2. The stack is already warmed up and running, since we use it daily.
3. When I test the health endpoint (chrome incognito mode), it succeeds:

   {
     "database": "ok",
     "version": "11.3.0-77046",
     "commit": "27c7e33217024abcda54bbd33b9943bba87f17d7",
     "enterpriseCommit": "f4f09f59e3de7916711ab271b1275be27f9aaa5a"
   }

Basically, I believe this to be a regression of #1727 perhaps related to the status code 200 check and the fact that the stack URL causes a redirect.

References

No response

[Duologic]

Can you try 3.9? We often update URLs in the provider to avoid unnecessary redirects.

[skwasjer]

Can you try 3.9? We often update URLs in the provider to avoid unnecessary redirects.

I actually worked my way down from most recent version until the error finally went away in 3.6.
Just to be sure, I just retried the most recent versions 3.9 and 3.10. The issue remains the same, albeit with slight nuance in message.

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: error waiting for stack (URL: https://xxx.grafana.net/api/health) to be ready: Get "/login/saml?redirectTo=": stopped after 10 redirects
│
│   with grafana_cloud_stack_service_account.cloud_sa,
│   on stack.tf line 41, in resource "grafana_cloud_stack_service_account" "cloud_sa":
│   41: resource "grafana_cloud_stack_service_account" "cloud_sa" {
│
╵