feat: Add Frontend Observability provider

This commit adds the groundwork to support Frontend Observability as
code. More specificailly, the change contains

1. A Go HTTP client that consumes the Apps API (Create/Read/Update/Delete)
2. Data Source and Resource version of the Frontend Observability App
   entity.

.github/CODEOWNERS

@@ -4,6 +4,7 @@
 /internal/resources/cloud/*                 @grafana/platform-monitoring @grafana/grafana-com-maintainers
 /internal/resources/cloudprovider/*         @grafana/platform-monitoring @grafana/middleware-apps
 /internal/resources/connections/*           @grafana/platform-monitoring @grafana/middleware-apps
+/internal/resources/frontendo11y/*          @grafana/platform-monitoring @grafana/frontend-o11y
 /internal/resources/machinelearning/*       @grafana/platform-monitoring @grafana/machine-learning
 /internal/resources/oncall/*                @grafana/platform-monitoring @grafana/grafana-irm-backend
 /internal/resources/slo/*                   @grafana/platform-monitoring @grafana/slo-squad

docs/data-sources/frontend_o11y_app.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_frontend_o11y_app Data Source - terraform-provider-grafana"
+subcategory: "Frontend Observability"
+description: |-
+  
+---
+
+# grafana_frontend_o11y_app (Data Source)
+
+
+
+## Example Usage
+
+```terraform
+data "grafana_frontend_o11y_app" "test-app" {
+  stack_id = 1
+  name     = "test-app"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the Frontend Observability App. Part of the Terraform Resource ID.
+- `stack_id` (Number) The Stack ID of the Grafana Cloud instance. Part of the Terraform Resource ID.
+
+### Read-Only
+
+- `allowed_origins` (List of String) A list of allowed origins for CORS.
+- `extra_log_attributes` (Map of String) The extra attributes to append in each signal.
+- `id` (Number) The Terraform Resource ID. This auto-generated from Frontend Observability API.
+- `settings` (Map of String) The settings of the Frontend Observability App.

docs/index.md

@@ -242,6 +242,49 @@ resource "grafana_oncall_escalation" "example_notify_step" {
 }
 ```
 
+### Managing Frontend Observability
+
+#### Obtaining Frontend Observability Access Token
+
+Before using the Terraform Provider to manage Grafana Frontend Observability resources, such as your apps, you need to create an access policy token on the Grafana Cloud Portal. This token is used to authenticate the provider to the Grafana Frontend Observability API.
+[These docs](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/authorize-services/#create-an-access-policy-for-a-stack) will guide you on how to create
+an access policy. The required permissions, or scopes, are `frontendo11y:write`, `frontendo11y:read` and `stacks:read`.
+
+Also, by default the Access Policies UI will not show those scopes, instead, search for it using the `Add Scope` textbox, as shown in the following image:
+
+#### Obtaining Frontend Observability API URL
+
+Having created the token, we can find the correct Frontend Observability API hostname by running the following script, that requires `curl` and [`jq`](https://jqlang.github.io/jq/) installed:
+
+```bash
+curl -sH "Authorization: Bearer <Access Token from previous step>" "https://grafana.com/api/instances" | \
+  jq '[.items[]|{stackName: .slug, clusterName:.clusterSlug, frontendAPIUrl: "https://faro-api-\(.clusterSlug).grafana.net"}]'
+```
+
+This script will return a list of all the Grafana Cloud stacks you own, with the Frontend Observability API hostname for each one. Choose the correct hostname for the stack you want to manage.
+For example, in the following response, the correct hostname for the `examplestackname` stack is `https://connections-api-prod-eu-west-0.grafana.net`.
+
+```json
+[
+  {
+    "stackName": "examplestackname",
+    "clusterName": "prod-eu-west-0",
+    "frontendAPIUrl": "https://faro-api-prod-eu-west-0.grafana.net"
+  }
+]
+```
+
+#### Configuring the Provider to use the Frontend Observability API
+
+Once you have the token and Frontend Observability API hostname, you can configure the provider as follows:
+
+```hcl
+provider "grafana" {
+  frontend_o11y_api_url          = "<Frontend Observability API URL from previous step>"
+  frontend_o11y_api_access_token = "<Access Token from previous step>"
+}
+```
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
@@ -255,6 +298,8 @@ resource "grafana_oncall_escalation" "example_notify_step" {
 - `cloud_provider_url` (String) A Grafana Cloud Provider backend address. May alternatively be set via the `GRAFANA_CLOUD_PROVIDER_URL` environment variable.
 - `connections_api_access_token` (String, Sensitive) A Grafana Connections API access token. May alternatively be set via the `GRAFANA_CONNECTIONS_API_ACCESS_TOKEN` environment variable.
 - `connections_api_url` (String) A Grafana Connections API address. May alternatively be set via the `GRAFANA_CONNECTIONS_API_URL` environment variable.
+- `frontend_o11y_api_access_token` (String, Sensitive) A Grafana Frontend Observability API access token. May alternatively be set via the `GRAFANA_FRONTEND_O11Y_API_ACCESS_TOKEN` environment variable.
+- `frontend_o11y_api_url` (String) A Grafana Frontend Observability API address. May alternatively be set via the `GRAFANA_FRONTEND_O11Y_API_URL` environment variable.
 - `http_headers` (Map of String, Sensitive) Optional. HTTP headers mapping keys to values used for accessing the Grafana and Grafana Cloud APIs. May alternatively be set via the `GRAFANA_HTTP_HEADERS` environment variable in JSON format.
 - `insecure_skip_verify` (Boolean) Skip TLS certificate verification. May alternatively be set via the `GRAFANA_INSECURE_SKIP_VERIFY` environment variable.
 - `oncall_access_token` (String, Sensitive) A Grafana OnCall access token. May alternatively be set via the `GRAFANA_ONCALL_ACCESS_TOKEN` environment variable.
@@ -478,3 +523,8 @@ To create one, follow the instructions in the [obtaining cloud provider access t
 An access policy token created on the [Grafana Cloud Portal](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/authorize-services/) to manage
 connections resources, such as Metrics Endpoint jobs.
 For guidance on creating one, see section [obtaining connections access token](#obtaining-connections-access-token).
+
+### `frontend_o11y_access_token`
+
+An access policy token created on the [Grafana Cloud Portal](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/authorize-services/) to manage Frontend Observability apps.
+For guidance on creating one, see section [obtaining Frontend Observability access token](#obtaining-frontend-observability-access-token).

docs/resources/frontend_o11y_app.md

@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_frontend_o11y_app Resource - terraform-provider-grafana"
+subcategory: "Connections"
+description: |-
+  
+---
+
+# grafana_frontend_o11y_app (Resource)
+
+
+
+## Example Usage
+
+```terraform
+resource "grafana_frontend_o11y_app" "test-app" {
+  stack_id        = 1
+  name            = "test-app"
+  allowed_origins = ["https://grafana.com"]
+
+  extra_log_attributes = {
+    "terraform" : "true"
+  }
+
+  settings = {
+    "geolocation.enabled" : "1"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `allowed_origins` (List of String) A list of allowed origins for CORS.
+- `extra_log_attributes` (Map of String) The extra attributes to append in each signal.
+- `name` (String) The name of Frontend Observability App. Part of the Terraform Resource ID.
+- `settings` (Map of String) The settings of the Frontend Observability app.
+- `stack_id` (Number) The Stack ID of the Grafana Cloud instance. Part of the Terraform Resource ID.
+
+### Read-Only
+
+- `id` (Number) The Terraform Resource ID. This is auto-generated from Frontend Observability API.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import grafana_frontend_o11y_app.name "{{ stack_id }}:{{ name }}"
+```

examples/data-sources/grafana_frontend_o11y_app/data-source.tf

@@ -0,0 +1,4 @@
+data "grafana_frontend_o11y_app" "test-app" {
+  stack_id = 1
+  name     = "test-app"
+}

examples/data-sources/grafana_frontend_o11y_app/import.sh

@@ -0,0 +1 @@
+terraform import grafana_frontend_o11y_app.name "{{ stack_id }}:{{ name }}"

examples/resources/grafana_frontend_o11y_app/import.sh

@@ -0,0 +1 @@
+terraform import grafana_frontend_o11y_app.name "{{ stack_id }}:{{ name }}"

examples/resources/grafana_frontend_o11y_app/resource.tf

@@ -0,0 +1,13 @@
+resource "grafana_frontend_o11y_app" "test-app" {
+  stack_id        = 1
+  name            = "test-app"
+  allowed_origins = ["https://grafana.com"]
+
+  extra_log_attributes = {
+    "terraform" : "true"
+  }
+
+  settings = {
+    "geolocation.enabled" : "1"
+  }
+}

internal/common/client.go

@@ -13,6 +13,7 @@ import (
 	"github.com/grafana/slo-openapi-client/go/slo"
 	SMAPI "github.com/grafana/synthetic-monitoring-api-go-client"
 	"github.com/grafana/terraform-provider-grafana/v3/internal/common/cloudproviderapi"
+	"github.com/grafana/terraform-provider-grafana/v3/internal/common/frontendo11yapi"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
@@ -25,13 +26,14 @@ type Client struct {
 	GrafanaAPI          *goapi.GrafanaHTTPAPI
 	GrafanaAPIConfig    *goapi.TransportConfig
 
-	GrafanaCloudAPI      *gcom.APIClient
-	SMAPI                *SMAPI.Client
-	MLAPI                *mlapi.Client
-	OnCallClient         *onCallAPI.Client
-	SLOClient            *slo.APIClient
-	CloudProviderAPI     *cloudproviderapi.Client
-	ConnectionsAPIClient *connectionsapi.Client
+	GrafanaCloudAPI       *gcom.APIClient
+	SMAPI                 *SMAPI.Client
+	MLAPI                 *mlapi.Client
+	OnCallClient          *onCallAPI.Client
+	SLOClient             *slo.APIClient
+	CloudProviderAPI      *cloudproviderapi.Client
+	ConnectionsAPIClient  *connectionsapi.Client
+	FrontendO11yAPIClient *frontendo11yapi.Client
 
 	alertingMutex sync.Mutex
 }