Document required OAuth scopes for resources and data sources #1078
Description
Hello, we're using a scoped OAuth token for the PagerDuty provider authentication. We would like to minimally scope these tokens to only the scopes required for our use case, however determining the required scopes for each resource/data source is a matter of trial & error and reading through the provider code.
It would be much more convenient if each resource & data source were documented with the required OAuth scopes. For instance, to use the provider at all the abilities.read scope is required, which is not documented anywhere or obvious. Similarly, to use the pagerduty_service data source we need both services.read and teams.read, the latter of which was only determined by reading the provider source code.
Furthermore, the logs only say that the token is missing required scopes, but do not say which ones are missing:
{
"@level": "error",
"@message": "Error: Error searching Service \"**redacted**\"",
"@module": "terraform.ui",
"@timestamp": "2025-12-03T20:49:19.425382Z",
"diagnostic":
{
"severity": "error",
"summary": "Error searching Service \"**redacted**\"",
"detail": "HTTP response failed with status code 403, message: Token missing required scopes (code: 0)",
"address": "module.**redacted**.module.pagerduty_integration.data.pagerduty_service.this",
"range":
{
"filename": "**redacted**",
"start":
{
"line": 1,
"column": 33,
"byte": 32
},
"end":
{
"line": 1,
"column": 34,
"byte": 33
}
},
"snippet":
{
"context": "data \"pagerduty_service\" \"this\"",
"code": "data \"pagerduty_service\" \"this\" {",
"start_line": 1,
"highlight_start_offset": 32,
"highlight_end_offset": 33,
"values":
[]
}
},
"type": "diagnostic"
}