Implement grafana_data_source_permission_item

Part of #1000
Built on top of #1465

Lots of common code between these two PRs but I'll make a lot of it common in a future PR. There is still the dashboards and service account permissions to implement

Author: julienduchesne

docs/resources/data_source_permission_item.md

@@ -0,0 +1,102 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "grafana_data_source_permission_item Resource - terraform-provider-grafana"
+subcategory: "Grafana Enterprise"
+description: |-
+  Manages a single permission item for a datasource. Conflicts with the "grafanadatasourcepermission" resource which manages the entire set of permissions for a datasource.
+          * Official documentation https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/
+          * [HTTP API](https://grafana.com/docs/grafana/latest/developers/httpapi/datasource_permissions/)
+---
+
+# grafana_data_source_permission_item (Resource)
+
+Manages a single permission item for a datasource. Conflicts with the "grafana_data_source_permission" resource which manages the entire set of permissions for a datasource.
+		* [Official documentation](https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/)
+		* [HTTP API](https://grafana.com/docs/grafana/latest/developers/http_api/datasource_permissions/)
+
+## Example Usage
+
+```terraform
+resource "grafana_team" "team" {
+  name = "Team Name"
+}
+
+resource "grafana_data_source" "foo" {
+  type = "cloudwatch"
+  name = "cw-example"
+
+  json_data_encoded = jsonencode({
+    defaultRegion = "us-east-1"
+    authType      = "keys"
+  })
+
+  secure_json_data_encoded = jsonencode({
+    accessKey = "123"
+    secretKey = "456"
+  })
+}
+
+resource "grafana_user" "user" {
+  name     = "test-ds-permissions"
+  email    = "[email protected]"
+  login    = "test-ds-permissions"
+  password = "hunter2"
+}
+
+resource "grafana_service_account" "sa" {
+  name = "test-ds-permissions"
+  role = "Viewer"
+}
+
+resource "grafana_data_source_permission_item" "team" {
+  datasource_uid = grafana_data_source.foo.uid
+  team           = grafana_team.team.id
+  permission     = "Edit"
+}
+
+resource "grafana_data_source_permission_item" "user" {
+  datasource_uid = grafana_data_source.foo.uid
+  user           = grafana_user.user.id
+  permission     = "Edit"
+}
+
+resource "grafana_data_source_permission_item" "role" {
+  datasource_uid = grafana_data_source.foo.uid
+  built_in_role  = "Viewer"
+  permission     = "Query"
+}
+
+resource "grafana_data_source_permission_item" "service_account" {
+  datasource_uid  = grafana_data_source.foo.uid
+  service_account = grafana_service_account.sa.id
+  permission      = "Query"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `datasource_uid` (String) The UID of the datasource.
+- `permission` (String) the permission to be assigned
+
+### Optional
+
+- `org_id` (String) The Organization ID. If not set, the Org ID defined in the provider block will be used.
+- `role` (String) the role onto which the permission is to be assigned
+- `team` (String) the team onto which the permission is to be assigned
+- `user` (String) the user or service account onto which the permission is to be assigned
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import grafana_data_source_permission_item.name "{{ datasourceUID }}:{{ type (role, team, or user) }}:{{ identifier }}"
+terraform import grafana_data_source_permission_item.name "{{ orgID }}:{{ datasourceUID }}:{{ type (role, team, or user) }}:{{ identifier }}"
+```

examples/resources/grafana_data_source_permission_item/import.sh

@@ -0,0 +1,2 @@
+terraform import grafana_data_source_permission_item.name "{{ datasourceUID }}:{{ type (role, team, or user) }}:{{ identifier }}"
+terraform import grafana_data_source_permission_item.name "{{ orgID }}:{{ datasourceUID }}:{{ type (role, team, or user) }}:{{ identifier }}"

examples/resources/grafana_data_source_permission_item/resource.tf

@@ -0,0 +1,55 @@
+resource "grafana_team" "team" {
+  name = "Team Name"
+}
+
+resource "grafana_data_source" "foo" {
+  type = "cloudwatch"
+  name = "cw-example"
+
+  json_data_encoded = jsonencode({
+    defaultRegion = "us-east-1"
+    authType      = "keys"
+  })
+
+  secure_json_data_encoded = jsonencode({
+    accessKey = "123"
+    secretKey = "456"
+  })
+}
+
+resource "grafana_user" "user" {
+  name     = "test-ds-permissions"
+  email    = "[email protected]"
+  login    = "test-ds-permissions"
+  password = "hunter2"
+}
+
+resource "grafana_service_account" "sa" {
+  name = "test-ds-permissions"
+  role = "Viewer"
+}
+
+resource "grafana_data_source_permission_item" "team" {
+  datasource_uid = grafana_data_source.foo.uid
+  team           = grafana_team.team.id
+  permission     = "Edit"
+}
+
+resource "grafana_data_source_permission_item" "user" {
+  datasource_uid = grafana_data_source.foo.uid
+  user           = grafana_user.user.id
+  permission     = "Edit"
+}
+
+resource "grafana_data_source_permission_item" "role" {
+  datasource_uid = grafana_data_source.foo.uid
+  built_in_role  = "Viewer"
+  permission     = "Query"
+}
+
+resource "grafana_data_source_permission_item" "service_account" {
+  datasource_uid  = grafana_data_source.foo.uid
+  service_account = grafana_service_account.sa.id
+  permission      = "Query"
+}
+