d8d66583f8
* Bump provider version * Fix inventories * Ignore certificates in inventories * Add header to cloud run recipe * Optimize file copy for example-based tests * Remove local references
Looker Core module
This module manages the creation of a Looker Core instance.
This module accepts Oauth client ID and secret in the input variable oauth_config. You must specify the client_id and client_secret strings for a pre-existing oauth client. You can set up an oauth client and credentials manually.
Warning
Please be aware that, at the time of this writing, deleting the looker core instance via terraform is not possible due to https://github.com/hashicorp/terraform-provider-google/issues/19467. The work-around is to delete the instance from the console (or gcloud with force option) and remove the corresponding resource from the terraform state.
Examples
Simple example
This example shows how to set up a public Looker Core instance.
module "looker" {
source = "./fabric/modules/looker-core"
project_id = var.project_id
region = var.region
name = "looker"
network_config = {
public = true
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
}
# tftest modules=1 resources=1 inventory=simple.yaml
Looker Core private instance with PSA
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.folder_id
name = "looker"
prefix = var.prefix
services = [
"servicenetworking.googleapis.com",
"looker.googleapis.com",
]
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
psa_configs = [
{
ranges = { looker = "10.60.0.0/16" }
}
]
}
module "looker" {
source = "./fabric/modules/looker-core"
project_id = module.project.project_id
region = var.region
name = "looker"
network_config = {
psa_config = {
network = module.vpc.id
}
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest modules=3 resources=15 inventory=psa.yaml
Looker Core with PSC
module "looker" {
source = "./fabric/modules/looker-core"
project_id = var.project_id
region = var.region
name = "looker-psc"
network_config = {
psc_config = {
allowed_vpcs = ["projects/test-project/global/networks/test"]
}
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest inventory=psc.yaml
Looker Core full example
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.folder_id
name = "looker"
prefix = var.prefix
services = [
"cloudkms.googleapis.com",
"iap.googleapis.com",
"looker.googleapis.com",
"servicenetworking.googleapis.com"
]
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
psa_configs = [
{
ranges = { looker = "10.60.0.0/16" }
}
]
}
module "kms" {
source = "./fabric/modules/kms"
project_id = module.project.project_id
keyring = {
location = var.region
name = "keyring"
}
keys = {
"key-regional" = {
}
}
iam = {
"roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
module.project.service_agents.looker.iam_email
]
}
}
module "looker" {
source = "./fabric/modules/looker-core"
project_id = module.project.project_id
region = var.region
name = "looker"
admin_settings = {
allowed_email_domains = ["google.com"]
}
encryption_config = {
kms_key_name = module.kms.keys.key-regional.id
}
network_config = {
psa_config = {
network = module.vpc.id
}
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest modules=4 resources=23 inventory=full.yaml
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| name | Name of the looker core instance. | string |
✓ | |
| network_config | Network configuration for cluster and instance. Only one between psa_config, psc_config and public can be used. | object({…}) |
✓ | |
| oauth_config | Looker Core Oauth config. | object({…}) |
✓ | |
| project_id | The ID of the project where this instances will be created. | string |
✓ | |
| region | Region for the Looker core instance. | string |
✓ | |
| admin_settings | Looker Core admins settings. | object({…}) |
null |
|
| controlled_egress | Controlled egress configuration. | object({…}) |
null |
|
| custom_domain | Looker core instance custom domain. | string |
null |
|
| encryption_config | Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. | object({…}) |
null |
|
| fips_enabled | FIPS 140-2 Encryption enablement for Looker (Google Cloud Core). | bool |
null |
|
| gemini_enabled | Gemini enablement for Looker (Google Cloud Core). | bool |
null |
|
| maintenance_config | Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. | object({…}) |
{} |
|
| periodic_export_config | Configuration for periodic export. | object({…}) |
null |
|
| platform_edition | Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. | string |
"LOOKER_CORE_TRIAL" |
|
| prefix | Optional prefix used to generate instance names. | string |
null |
Outputs
| name | description | sensitive |
|---|---|---|
| egress_public_ip | Public IP address of Looker instance for egress. | |
| egress_service_attachments | Egress service attachment connection statuses and configurations. | |
| id | Fully qualified primary instance id. | |
| ingress_private_ip | Private IP address of Looker instance for ingress. | |
| ingress_public_ip | Public IP address of Looker instance for ingress. | |
| instance | Looker Core instance resource. | ✓ |
| instance_id | Looker Core instance id. | ✓ |
| instance_name | Name of the looker instance. | |
| looker_service_attachment | Service attachment URI for the Looker instance. | |
| looker_uri | Looker core URI. | |
| looker_version | Looker core version. |