Skip to content

Files

This branch is 133 commits behind GoogleCloudPlatform/cloud-foundation-fabric:master.

looker-core

Looker Core module

This module manages the creation of a Looker Core instance.

This module accepts Oauth client ID and secret in the input variable oauth_config in case you have already set up an oauth client and credentials. If that is not the case it is possible to specify support_email in the same variable oauth_config for a default oauth client id and secret setup within the terraform script, be aware that such an oauth client id is not suitable for authenticating end users, and it is only used to provision the looker core instance. You'll still be forced to create a new oauth and update the looker core instance from the console (or gcloud) as there is no terraform support for these resources.

Warning

Please be aware that, at the time of this writing, deleting the looker core instance via terraform is not possible due to hashicorp/terraform-provider-google#19467. The work-around is to delete the instance from the console (or gcloud with force option) and remove the corresponding resource from the terraform state.

Examples

Simple example

This example shows how to set up a public Looker Core instance.

module "looker" {
  source     = "./fabric/modules/looker-core"
  project_id = var.project_id
  region     = var.region
  name       = "looker"
  network_config = {
    public = true
  }
  oauth_config = {
    support_email = "support@google.com"
  }
}
# tftest modules=1 resources=3 inventory=simple.yaml

Looker Core private instance with PSA

module "project" {
  source          = "./fabric/modules/project"
  billing_account = var.billing_account_id
  parent          = var.folder_id
  name            = "looker"
  prefix          = var.prefix
  services = [
    "servicenetworking.googleapis.com",
    "looker.googleapis.com",
  ]
}

module "vpc" {
  source     = "./fabric/modules/net-vpc"
  project_id = module.project.project_id
  name       = "my-network"
  psa_configs = [
    {
      ranges = { looker = "10.60.0.0/16" }
    }
  ]
}

module "looker" {
  source     = "./fabric/modules/looker-core"
  project_id = module.project.project_id
  region     = var.region
  name       = "looker"
  network_config = {
    psa_config = {
      network = module.vpc.id
    }
  }
  oauth_config = {
    support_email = "support@google.com"
  }
  platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest modules=3 resources=16 inventory=psa.yaml

Looker Core full example

module "project" {
  source          = "./fabric/modules/project"
  billing_account = var.billing_account_id
  parent          = var.folder_id
  name            = "looker"
  prefix          = var.prefix
  services = [
    "cloudkms.googleapis.com",
    "iap.googleapis.com",
    "looker.googleapis.com",
    "servicenetworking.googleapis.com"
  ]
}

module "vpc" {
  source     = "./fabric/modules/net-vpc"
  project_id = module.project.project_id
  name       = "my-network"
  psa_configs = [
    {
      ranges = { looker = "10.60.0.0/16" }
    }
  ]
}

module "kms" {
  source     = "./fabric/modules/kms"
  project_id = module.project.project_id
  keyring = {
    location = var.region
    name     = "keyring"
  }
  keys = {
    "key-regional" = {
    }
  }
  iam = {
    "roles/cloudkms.cryptoKeyEncrypterDecrypter" = [
      module.project.service_agents.looker.iam_email
    ]
  }
}

module "looker" {
  source     = "./fabric/modules/looker-core"
  project_id = module.project.project_id
  region     = var.region
  name       = "looker"
  admin_settings = {
    allowed_email_domains = ["google.com"]
  }
  encryption_config = {
    kms_key_name = module.kms.keys.key-regional.id
  }
  network_config = {
    psa_config = {
      network = module.vpc.id
    }
  }
  oauth_config = {
    client_id     = "xxxxxxxxx"
    client_secret = "xxxxxxxx"
  }
  platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
}
# tftest modules=4 resources=22 inventory=full.yaml

Variables

name description type required default
name Name of the looker core instance. string
network_config Network configuration for cluster and instance. Only one between psa_config and psc_config can be used. object({…})
oauth_config Looker Core Oauth config. Either client ID and secret (existing oauth client) or support email (temporary internal oauth client setup) must be specified. object({…})
project_id The ID of the project where this instances will be created. string
region Region for the Looker core instance. string
admin_settings Looker Core admins settings. object({…}) null
custom_domain Looker core instance custom domain. string null
encryption_config Set encryption configuration. KMS name format: 'projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME]'. object({…}) null
maintenance_config Set maintenance window configuration and maintenance deny period (up to 90 days). Date format: 'yyyy-mm-dd'. object({…}) {}
platform_edition Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. string "LOOKER_CORE_TRIAL"
prefix Optional prefix used to generate instance names. string null

Outputs

name description sensitive
egress_public_ip Public IP address of Looker instance for egress.
id Fully qualified primary instance id.
ingress_private_ip Private IP address of Looker instance for ingress.
ingress_public_ip Public IP address of Looker instance for ingress.
instance Looker Core instance resource.
instance_name Name of the looker instance.
looker_uri Looker core URI.
looker_version Looker core version.