eaa420534b
* feat(agent-engine): add support for container and custom image specs - Add container_config to deployment_files. - Add image_spec with build_args to source_config. - Make agent_framework optional and document supported values. - Implement dynamic specs for container and source deployments. - Add examples and automated tests for new deployment types. * chore: update Google provider version to 7.28.0 across modules Mechanical update of versions.tf and versions.tofu files using tools/versions.py. * feat(agent-engine): refactor for container deployments and API alignment - Group deployment settings under 'deployment_config' (renamed from 'deployment_files'). - Support container-based deployments via 'container_config' and 'image_spec'. - Refactor 'source_files_config' (renamed from 'source_config') to include mutually exclusive 'python_spec' and 'image_spec'. - Support 'developer_connect_config' as a source code type. - Group engine settings (framework, env, secrets) under 'agent_engine_config'. - Add support for 'memory_bank_config' persistent memory. - Overhaul reasoning engine resources with dynamic blocks to match provider schema. - Update all documentation examples, add TOC, and refresh test inventories. * Update dynamic python_spec block and related example yamls * Ignore changes setting for developer_connect_source under lifecycle management * fixing review comments for `try` and default path for `source_path` --------- Co-authored-by: Hemanand <hemr@google.com> Co-authored-by: Julio Castillo <jccb@google.com>
Looker Core module
This module manages the creation of a Looker Core instance.
This module accepts Oauth client ID and secret in the input variable oauth_config. You must specify the client_id and client_secret strings for a pre-existing oauth client. You can set up an oauth client and credentials manually.
Warning
Please be aware that, at the time of this writing, deleting the looker core instance via terraform is not possible due to https://github.com/hashicorp/terraform-provider-google/issues/19467. The work-around is to delete the instance from the console (or gcloud with force option) and remove the corresponding resource from the terraform state.
Examples
Simple example
This example shows how to set up a public Looker Core instance.
module "looker" {
source = "./fabric/modules/looker-core"
project_id = var.project_id
region = var.region
name = "looker"
network_config = {
public = true
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
}
# tftest modules=1 resources=1 inventory=simple.yaml
Looker Core private instance with PSA
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.folder_id
name = "looker"
prefix = var.prefix
services = [
"servicenetworking.googleapis.com",
"looker.googleapis.com",
]
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
psa_configs = [
{
ranges = { looker = "10.60.0.0/16" }
}
]
}
module "looker" {
source = "./fabric/modules/looker-core"
project_id = module.project.project_id
region = var.region
name = "looker"
network_config = {
psa_config = {
network = module.vpc.id
}
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest modules=3 resources=15 inventory=psa.yaml
Looker Core with PSC
module "looker" {
source = "./fabric/modules/looker-core"
project_id = var.project_id
region = var.region
name = "looker-psc"
network_config = {
psc_config = {
allowed_vpcs = ["projects/test-project/global/networks/test"]
}
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest inventory=psc.yaml
Looker Core full example
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.folder_id
name = "looker"
prefix = var.prefix
services = [
"cloudkms.googleapis.com",
"iap.googleapis.com",
"looker.googleapis.com",
"servicenetworking.googleapis.com"
]
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
psa_configs = [
{
ranges = { looker = "10.60.0.0/16" }
}
]
}
module "kms" {
source = "./fabric/modules/kms"
project_id = module.project.project_id
keyring = {
location = var.region
name = "keyring"
}
keys = {
"key-regional" = {
}
}
iam = {
"roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
module.project.service_agents.looker.iam_email
]
}
}
module "looker" {
source = "./fabric/modules/looker-core"
project_id = module.project.project_id
region = var.region
name = "looker"
admin_settings = {
allowed_email_domains = ["google.com"]
}
encryption_config = {
kms_key_name = module.kms.keys.key-regional.id
}
network_config = {
psa_config = {
network = module.vpc.id
}
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest modules=4 resources=23 inventory=full.yaml
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| name | Name of the looker core instance. | string |
✓ | |
| network_config | Network configuration for cluster and instance. Only one between psa_config, psc_config and public can be used. | object({…}) |
✓ | |
| oauth_config | Looker Core Oauth config. | object({…}) |
✓ | |
| project_id | The ID of the project where this instances will be created. | string |
✓ | |
| region | Region for the Looker core instance. | string |
✓ | |
| admin_settings | Looker Core admins settings. | object({…}) |
null |
|
| controlled_egress | Controlled egress configuration. | object({…}) |
null |
|
| custom_domain | Looker core instance custom domain. | string |
null |
|
| encryption_config | Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. | object({…}) |
null |
|
| fips_enabled | FIPS 140-2 Encryption enablement for Looker (Google Cloud Core). | bool |
null |
|
| gemini_enabled | Gemini enablement for Looker (Google Cloud Core). | bool |
null |
|
| maintenance_config | Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. | object({…}) |
{} |
|
| periodic_export_config | Configuration for periodic export. | object({…}) |
null |
|
| platform_edition | Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. | string |
"LOOKER_CORE_TRIAL" |
|
| prefix | Optional prefix used to generate instance names. | string |
null |
Outputs
| name | description | sensitive |
|---|---|---|
| egress_public_ip | Public IP address of Looker instance for egress. | |
| egress_service_attachments | Egress service attachment connection statuses and configurations. | |
| id | Fully qualified primary instance id. | |
| ingress_private_ip | Private IP address of Looker instance for ingress. | |
| ingress_public_ip | Public IP address of Looker instance for ingress. | |
| instance | Looker Core instance resource. | ✓ |
| instance_id | Looker Core instance id. | ✓ |
| instance_name | Name of the looker instance. | |
| looker_service_attachment | Service attachment URI for the Looker instance. | |
| looker_uri | Looker core URI. | |
| looker_version | Looker core version. |