This module manages the creation of a Looker Core instance.
This module accepts Oauth client ID and secret in the input variable oauth_config
in case you have
already set up an oauth client and credentials.
If that is not the case it is possible to specify support_email in the same variable oauth_config
for a default oauth
client id and secret setup within the terraform script, be aware that such an oauth client id is not suitable for
authenticating end users, and it is only used to provision the looker core instance.
You'll still be forced to create a new oauth and update the looker core instance from the console (or gcloud) as there
is no terraform support for these resources.
Warning
Please be aware that, at the time of this writing, deleting the looker core instance via terraform is not possible due to hashicorp/terraform-provider-google#19467. The work-around is to delete the instance from the console (or gcloud with force option) and remove the corresponding resource from the terraform state.
This example shows how to set up a public Looker Core instance.
module "looker" {
source = "./fabric/modules/looker-core"
project_id = var.project_id
region = var.region
name = "looker"
network_config = {
public = true
}
oauth_config = {
support_email = "support@google.com"
}
}
# tftest modules=1 resources=3 inventory=simple.yaml
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.folder_id
name = "looker"
prefix = var.prefix
services = [
"servicenetworking.googleapis.com",
"looker.googleapis.com",
]
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
psa_configs = [
{
ranges = { looker = "10.60.0.0/16" }
}
]
}
module "looker" {
source = "./fabric/modules/looker-core"
project_id = module.project.project_id
region = var.region
name = "looker"
network_config = {
psa_config = {
network = module.vpc.id
}
}
oauth_config = {
support_email = "support@google.com"
}
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest modules=3 resources=16 inventory=psa.yaml
module "project" {
source = "./fabric/modules/project"
billing_account = var.billing_account_id
parent = var.folder_id
name = "looker"
prefix = var.prefix
services = [
"cloudkms.googleapis.com",
"iap.googleapis.com",
"looker.googleapis.com",
"servicenetworking.googleapis.com"
]
}
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = module.project.project_id
name = "my-network"
psa_configs = [
{
ranges = { looker = "10.60.0.0/16" }
}
]
}
module "kms" {
source = "./fabric/modules/kms"
project_id = module.project.project_id
keyring = {
location = var.region
name = "keyring"
}
keys = {
"key-regional" = {
}
}
iam = {
"roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
module.project.service_agents.looker.iam_email
]
}
}
module "looker" {
source = "./fabric/modules/looker-core"
project_id = module.project.project_id
region = var.region
name = "looker"
admin_settings = {
allowed_email_domains = ["google.com"]
}
encryption_config = {
kms_key_name = module.kms.keys.key-regional.id
}
network_config = {
psa_config = {
network = module.vpc.id
}
}
oauth_config = {
client_id = "xxxxxxxxx"
client_secret = "xxxxxxxx"
}
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest modules=4 resources=22 inventory=full.yaml
name | description | type | required | default |
---|---|---|---|---|
name | Name of the looker core instance. | string |
✓ | |
network_config | Network configuration for cluster and instance. Only one between psa_config and psc_config can be used. | object({…}) |
✓ | |
oauth_config | Looker Core Oauth config. Either client ID and secret (existing oauth client) or support email (temporary internal oauth client setup) must be specified. | object({…}) |
✓ | |
project_id | The ID of the project where this instances will be created. | string |
✓ | |
region | Region for the Looker core instance. | string |
✓ | |
admin_settings | Looker Core admins settings. | object({…}) |
null |
|
custom_domain | Looker core instance custom domain. | string |
null |
|
encryption_config | Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. | object({…}) |
null |
|
maintenance_config | Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. | object({…}) |
{} |
|
platform_edition | Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. | string |
"LOOKER_CORE_TRIAL" |
|
prefix | Optional prefix used to generate instance names. | string |
null |
name | description | sensitive |
---|---|---|
egress_public_ip | Public IP address of Looker instance for egress. | |
id | Fully qualified primary instance id. | |
ingress_private_ip | Private IP address of Looker instance for ingress. | |
ingress_public_ip | Public IP address of Looker instance for ingress. | |
instance | Looker Core instance resource. | ✓ |
instance_name | Name of the looker instance. | |
looker_uri | Looker core URI. | |
looker_version | Looker core version. |