Remove deprecated resources from modules/looker-core (#3727)
This commit is contained in:
Julio Castillo
@@ -2,13 +2,7 @@
|
||||
|
||||
This module manages the creation of a [Looker Core instance](https://cloud.google.com/looker/docs/looker-core).
|
||||
|
||||
This module accepts Oauth client ID and secret in the input variable `oauth_config` in case you have
|
||||
already [set up an oauth client and credentials](https://cloud.google.com/looker/docs/looker-core-create-oauth).
|
||||
If that is not the case it is possible to specify support_email in the same variable `oauth_config` for a default oauth
|
||||
client id and secret setup within the terraform script, be aware that **such an oauth client id is not suitable for
|
||||
authenticating end users**, and it is only used to provision the looker core instance.
|
||||
You'll still be forced to create a new oauth and update the looker core instance from the console (or gcloud) as there
|
||||
is no terraform support for these resources.
|
||||
This module accepts Oauth client ID and secret in the input variable `oauth_config`. You must specify the `client_id` and `client_secret` strings for a pre-existing oauth client. You can [set up an oauth client and credentials](https://cloud.google.com/looker/docs/looker-core-create-oauth) manually.
|
||||
|
||||
> [!WARNING]
|
||||
> Please be aware that, at the time of this writing, deleting the looker core instance via terraform is not possible due
|
||||
@@ -41,10 +35,11 @@ module "looker" {
|
||||
public = true
|
||||
}
|
||||
oauth_config = {
|
||||
support_email = "support@google.com"
|
||||
client_id = "xxxxxxxxx"
|
||||
client_secret = "xxxxxxxx"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=simple.yaml
|
||||
# tftest modules=1 resources=1 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Looker Core private instance with PSA
|
||||
@@ -84,11 +79,12 @@ module "looker" {
|
||||
}
|
||||
}
|
||||
oauth_config = {
|
||||
support_email = "support@google.com"
|
||||
client_id = "xxxxxxxxx"
|
||||
client_secret = "xxxxxxxx"
|
||||
}
|
||||
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
|
||||
}
|
||||
# tftest modules=3 resources=17 inventory=psa.yaml
|
||||
# tftest modules=3 resources=15 inventory=psa.yaml
|
||||
```
|
||||
|
||||
|
||||
@@ -189,28 +185,35 @@ module "looker" {
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [name](variables.tf#L91) | Name of the looker core instance. | <code>string</code> | ✓ | |
|
||||
| [network_config](variables.tf#L96) | Network configuration for cluster and instance. Only one between psa_config, psc_config and public can be used. | <code title="object({ psa_config = optional(object({ network = string allocated_ip_range = optional(string) enable_public_ip = optional(bool, false) enable_private_ip = optional(bool, true) })) psc_config = optional(object({ allowed_vpcs = optional(list(string), []) })) public = optional(bool, false) })">object({…})</code> | ✓ | |
|
||||
| [oauth_config](variables.tf#L121) | Looker Core Oauth config. Either client ID and secret (existing oauth client) or support email (temporary internal oauth client setup) must be specified. | <code title="object({ client_id = optional(string, null) client_secret = optional(string, null) support_email = optional(string, null) })">object({…})</code> | ✓ | |
|
||||
| [project_id](variables.tf#L154) | The ID of the project where this instances will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L159) | Region for the Looker core instance. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L113) | Name of the looker core instance. | <code>string</code> | ✓ | |
|
||||
| [network_config](variables.tf#L118) | Network configuration for cluster and instance. Only one between psa_config, psc_config and public can be used. | <code title="object({ psa_config = optional(object({ network = string allocated_ip_range = optional(string) enable_public_ip = optional(bool, false) enable_private_ip = optional(bool, true) })) psc_config = optional(object({ allowed_vpcs = optional(list(string), []) service_attachments = optional(list(object({ local_fqdn = string target_service_attachment_uri = string })), []) })) public = optional(bool, false) })">object({…})</code> | ✓ | |
|
||||
| [oauth_config](variables.tf#L147) | Looker Core Oauth config. | <code title="object({ client_id = string client_secret = string })">object({…})</code> | ✓ | |
|
||||
| [project_id](variables.tf#L190) | The ID of the project where this instances will be created. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L195) | Region for the Looker core instance. | <code>string</code> | ✓ | |
|
||||
| [admin_settings](variables.tf#L17) | Looker Core admins settings. | <code title="object({ allowed_email_domains = list(string) })">object({…})</code> | | <code>null</code> |
|
||||
| [custom_domain](variables.tf#L26) | Looker core instance custom domain. | <code>string</code> | | <code>null</code> |
|
||||
| [encryption_config](variables.tf#L32) | Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. | <code title="object({ kms_key_name = string })">object({…})</code> | | <code>null</code> |
|
||||
| [maintenance_config](variables.tf#L41) | Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. | <code title="object({ maintenance_window = optional(object({ day = optional(string, "SUNDAY") start_time = optional(object({ hours = optional(number, 23) minutes = optional(number, 0) seconds = optional(number, 0) nanos = optional(number, 0) }), {}) }), null) deny_maintenance_period = optional(object({ start_date = object({ year = number month = number day = number }) end_date = object({ year = number month = number day = number }) start_time = optional(object({ hours = optional(number, 23) minutes = optional(number, 0) seconds = optional(number, 0) nanos = optional(number, 0) }), {}) }), null) })">object({…})</code> | | <code>{}</code> |
|
||||
| [platform_edition](variables.tf#L134) | Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. | <code>string</code> | | <code>"LOOKER_CORE_TRIAL"</code> |
|
||||
| [prefix](variables.tf#L144) | Optional prefix used to generate instance names. | <code>string</code> | | <code>null</code> |
|
||||
| [controlled_egress](variables.tf#L26) | Controlled egress configuration. | <code title="object({ enabled = optional(bool, true) marketplace_enabled = optional(bool) egress_fqdns = optional(list(string)) })">object({…})</code> | | <code>null</code> |
|
||||
| [custom_domain](variables.tf#L36) | Looker core instance custom domain. | <code>string</code> | | <code>null</code> |
|
||||
| [encryption_config](variables.tf#L42) | Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. | <code title="object({ kms_key_name = string })">object({…})</code> | | <code>null</code> |
|
||||
| [fips_enabled](variables.tf#L51) | FIPS 140-2 Encryption enablement for Looker (Google Cloud Core). | <code>bool</code> | | <code>null</code> |
|
||||
| [gemini_enabled](variables.tf#L57) | Gemini enablement for Looker (Google Cloud Core). | <code>bool</code> | | <code>null</code> |
|
||||
| [maintenance_config](variables.tf#L63) | Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. | <code title="object({ maintenance_window = optional(object({ day = optional(string, "SUNDAY") start_time = optional(object({ hours = optional(number, 23) minutes = optional(number, 0) seconds = optional(number, 0) nanos = optional(number, 0) }), {}) }), null) deny_maintenance_period = optional(object({ start_date = object({ year = number month = number day = number }) end_date = object({ year = number month = number day = number }) start_time = optional(object({ hours = optional(number, 23) minutes = optional(number, 0) seconds = optional(number, 0) nanos = optional(number, 0) }), {}) }), null) })">object({…})</code> | | <code>{}</code> |
|
||||
| [periodic_export_config](variables.tf#L155) | Configuration for periodic export. | <code title="object({ kms_key = string gcs_uri = string start_time = object({ hours = optional(number, 23) minutes = optional(number, 0) seconds = optional(number, 0) nanos = optional(number, 0) }) })">object({…})</code> | | <code>null</code> |
|
||||
| [platform_edition](variables.tf#L170) | Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. | <code>string</code> | | <code>"LOOKER_CORE_TRIAL"</code> |
|
||||
| [prefix](variables.tf#L180) | Optional prefix used to generate instance names. | <code>string</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive |
|
||||
|---|---|:---:|
|
||||
| [egress_public_ip](outputs.tf#L17) | Public IP address of Looker instance for egress. | |
|
||||
| [id](outputs.tf#L22) | Fully qualified primary instance id. | |
|
||||
| [ingress_private_ip](outputs.tf#L27) | Private IP address of Looker instance for ingress. | |
|
||||
| [ingress_public_ip](outputs.tf#L32) | Public IP address of Looker instance for ingress. | |
|
||||
| [instance](outputs.tf#L37) | Looker Core instance resource. | ✓ |
|
||||
| [instance_name](outputs.tf#L43) | Name of the looker instance. | |
|
||||
| [looker_uri](outputs.tf#L48) | Looker core URI. | |
|
||||
| [looker_version](outputs.tf#L53) | Looker core version. | |
|
||||
| [egress_service_attachments](outputs.tf#L22) | Egress service attachment connection statuses and configurations. | |
|
||||
| [id](outputs.tf#L27) | Fully qualified primary instance id. | |
|
||||
| [ingress_private_ip](outputs.tf#L32) | Private IP address of Looker instance for ingress. | |
|
||||
| [ingress_public_ip](outputs.tf#L37) | Public IP address of Looker instance for ingress. | |
|
||||
| [instance](outputs.tf#L42) | Looker Core instance resource. | ✓ |
|
||||
| [instance_id](outputs.tf#L48) | Looker Core instance id. | ✓ |
|
||||
| [instance_name](outputs.tf#L54) | Name of the looker instance. | |
|
||||
| [looker_service_attachment](outputs.tf#L59) | Service attachment URI for the Looker instance. | |
|
||||
| [looker_uri](outputs.tf#L64) | Looker core URI. | |
|
||||
| [looker_version](outputs.tf#L69) | Looker core version. | |
|
||||
<!-- END TFDOC -->
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
* Copyright 2026 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -15,11 +15,8 @@
|
||||
*/
|
||||
|
||||
locals {
|
||||
bootstrap_oauth_client = var.oauth_config.client_secret == null || var.oauth_config.client_id == null
|
||||
looker_instance_name = "${local.prefix}${var.name}"
|
||||
oauth_client_id = local.bootstrap_oauth_client ? google_iap_client.looker_client[0].client_id : var.oauth_config.client_id
|
||||
oauth_client_secret = local.bootstrap_oauth_client ? google_iap_client.looker_client[0].secret : var.oauth_config.client_secret
|
||||
prefix = var.prefix == null ? "" : "${var.prefix}-"
|
||||
looker_instance_name = "${local.prefix}${var.name}"
|
||||
prefix = var.prefix == null ? "" : "${var.prefix}-"
|
||||
}
|
||||
|
||||
resource "google_looker_instance" "looker" {
|
||||
@@ -32,16 +29,25 @@ resource "google_looker_instance" "looker" {
|
||||
psc_enabled = var.network_config.psc_config != null
|
||||
region = var.region
|
||||
reserved_range = try(var.network_config.psa_config.allocated_ip_range, null)
|
||||
fips_enabled = var.fips_enabled
|
||||
gemini_enabled = var.gemini_enabled
|
||||
|
||||
oauth_config {
|
||||
client_id = local.oauth_client_id
|
||||
client_secret = local.oauth_client_secret
|
||||
client_id = var.oauth_config.client_id
|
||||
client_secret = var.oauth_config.client_secret
|
||||
}
|
||||
|
||||
dynamic "psc_config" {
|
||||
for_each = var.network_config.psc_config != null ? [""] : []
|
||||
content {
|
||||
allowed_vpcs = var.network_config.psc_config.allowed_vpcs
|
||||
dynamic "service_attachments" {
|
||||
for_each = var.network_config.psc_config.service_attachments
|
||||
content {
|
||||
local_fqdn = service_attachments.value.local_fqdn
|
||||
target_service_attachment_uri = service_attachments.value.target_service_attachment_uri
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -57,6 +63,30 @@ resource "google_looker_instance" "looker" {
|
||||
domain = var.custom_domain
|
||||
}
|
||||
}
|
||||
|
||||
controlled_egress_enabled = var.controlled_egress != null ? var.controlled_egress.enabled : null
|
||||
|
||||
dynamic "controlled_egress_config" {
|
||||
for_each = var.controlled_egress != null ? [""] : []
|
||||
content {
|
||||
marketplace_enabled = var.controlled_egress.marketplace_enabled
|
||||
egress_fqdns = var.controlled_egress.egress_fqdns
|
||||
}
|
||||
}
|
||||
|
||||
dynamic "periodic_export_config" {
|
||||
for_each = var.periodic_export_config != null ? [""] : []
|
||||
content {
|
||||
kms_key = var.periodic_export_config.kms_key
|
||||
gcs_uri = var.periodic_export_config.gcs_uri
|
||||
start_time {
|
||||
hours = var.periodic_export_config.start_time.hours
|
||||
minutes = var.periodic_export_config.start_time.minutes
|
||||
seconds = var.periodic_export_config.start_time.seconds
|
||||
nanos = var.periodic_export_config.start_time.nanos
|
||||
}
|
||||
}
|
||||
}
|
||||
dynamic "deny_maintenance_period" {
|
||||
for_each = var.maintenance_config.deny_maintenance_period != null ? [1] : []
|
||||
content {
|
||||
@@ -102,21 +132,3 @@ resource "google_looker_instance" "looker" {
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Only "Organization Internal" brands can be created programmatically via API. To convert it into an external brands please use the GCP Console.
|
||||
resource "google_iap_brand" "looker_brand" {
|
||||
count = local.bootstrap_oauth_client ? 1 : 0
|
||||
support_email = var.oauth_config.support_email
|
||||
# application_title = "Looker Core Application"
|
||||
application_title = "Cloud IAP protected Application"
|
||||
project = var.project_id
|
||||
}
|
||||
|
||||
# Only internal org clients can be created via declarative tools. External clients must be manually created via the GCP console.
|
||||
# This is a temporary IAP oauth client to be replaced after Looker Core is provisioned.
|
||||
resource "google_iap_client" "looker_client" {
|
||||
count = local.bootstrap_oauth_client ? 1 : 0
|
||||
display_name = "Looker Core default oauth client."
|
||||
brand = google_iap_brand.looker_brand[0].name
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
* Copyright 2026 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -19,6 +19,11 @@ output "egress_public_ip" {
|
||||
value = google_looker_instance.looker.egress_public_ip
|
||||
}
|
||||
|
||||
output "egress_service_attachments" {
|
||||
description = "Egress service attachment connection statuses and configurations."
|
||||
value = try(google_looker_instance.looker.psc_config[0].service_attachments, [])
|
||||
}
|
||||
|
||||
output "id" {
|
||||
description = "Fully qualified primary instance id."
|
||||
value = google_looker_instance.looker.id
|
||||
@@ -36,6 +41,12 @@ output "ingress_public_ip" {
|
||||
|
||||
output "instance" {
|
||||
description = "Looker Core instance resource."
|
||||
value = google_looker_instance.looker
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "instance_id" {
|
||||
description = "Looker Core instance id."
|
||||
value = google_looker_instance.looker.id
|
||||
sensitive = true
|
||||
}
|
||||
@@ -45,6 +56,11 @@ output "instance_name" {
|
||||
value = google_looker_instance.looker.name
|
||||
}
|
||||
|
||||
output "looker_service_attachment" {
|
||||
description = "Service attachment URI for the Looker instance."
|
||||
value = try(google_looker_instance.looker.psc_config[0].looker_service_attachment_uri, null)
|
||||
}
|
||||
|
||||
output "looker_uri" {
|
||||
description = "Looker core URI."
|
||||
value = google_looker_instance.looker.looker_uri
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
* Copyright 2026 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -23,6 +23,16 @@ variable "admin_settings" {
|
||||
nullable = true
|
||||
}
|
||||
|
||||
variable "controlled_egress" {
|
||||
description = "Controlled egress configuration."
|
||||
type = object({
|
||||
enabled = optional(bool, true)
|
||||
marketplace_enabled = optional(bool)
|
||||
egress_fqdns = optional(list(string))
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "custom_domain" {
|
||||
description = "Looker core instance custom domain."
|
||||
type = string
|
||||
@@ -38,6 +48,18 @@ variable "encryption_config" {
|
||||
nullable = true
|
||||
}
|
||||
|
||||
variable "fips_enabled" {
|
||||
description = "FIPS 140-2 Encryption enablement for Looker (Google Cloud Core)."
|
||||
type = bool
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "gemini_enabled" {
|
||||
description = "Gemini enablement for Looker (Google Cloud Core)."
|
||||
type = bool
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "maintenance_config" {
|
||||
description = "Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'."
|
||||
type = object({
|
||||
@@ -104,6 +126,10 @@ variable "network_config" {
|
||||
}))
|
||||
psc_config = optional(object({
|
||||
allowed_vpcs = optional(list(string), [])
|
||||
service_attachments = optional(list(object({
|
||||
local_fqdn = string
|
||||
target_service_attachment_uri = string
|
||||
})), [])
|
||||
}))
|
||||
public = optional(bool, false)
|
||||
})
|
||||
@@ -119,16 +145,26 @@ variable "network_config" {
|
||||
}
|
||||
|
||||
variable "oauth_config" {
|
||||
description = "Looker Core Oauth config. Either client ID and secret (existing oauth client) or support email (temporary internal oauth client setup) must be specified."
|
||||
description = "Looker Core Oauth config."
|
||||
type = object({
|
||||
client_id = optional(string, null)
|
||||
client_secret = optional(string, null)
|
||||
support_email = optional(string, null)
|
||||
client_id = string
|
||||
client_secret = string
|
||||
})
|
||||
validation {
|
||||
condition = (var.oauth_config.client_id == null && var.oauth_config.client_secret == null) != (var.oauth_config.support_email == null)
|
||||
error_message = "Please specify either client_id and client_secret or support email."
|
||||
}
|
||||
}
|
||||
|
||||
variable "periodic_export_config" {
|
||||
description = "Configuration for periodic export."
|
||||
type = object({
|
||||
kms_key = string
|
||||
gcs_uri = string
|
||||
start_time = object({
|
||||
hours = optional(number, 23)
|
||||
minutes = optional(number, 0)
|
||||
seconds = optional(number, 0)
|
||||
nanos = optional(number, 0)
|
||||
})
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "platform_edition" {
|
||||
|
||||
Reference in New Issue
Block a user