Looker Terraform Provider

Requirements

Compiling

As most terraform providers, this is built using Go, so you'll need it in your system. We also provide a Dockerfile that allows us to compile the provider in a containerized environment.

To compile the provider run the following:

docker build -t terraform-provider-looker -f Dockerfile .
docker run -it -v $(pwd):/go/src/github.com/billtrust/terraform-provider-looker terraform-provider-looker bash -c "go get && rm -rf bin && mkdir bin && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/terraform-provider-looker_v1.X.Y"

Please not that the above provided values will create a provider compiled for linux using the amd64 architecture. For more architectures and OS options, please read this

Installation

Like all other Terraform providers, the executable binary needs to be available for the main TF executable to run. Please follow this intructions to get it set up.

Resources

  • looker_user

  • looker_user_roles

  • looker_user_email

  • looker_user_api_key

  • looker_role

  • looker_role_groups

  • looker_permission_set

  • looker_model_set

  • looker_group

  • looker_content_metadata_access - gives access for a group to a space with a specific permission type (view, edit) ** NOTE - I think spaces still have some edge cases when modifying resources because of SpaceID in the swagger being defined as a string, but the service returning an int64

  • looker_main_space - space configuration for a space whose parent we have not created (Example: "Embed Groups", "Users", "Shared", and "Embed Users")

  • looker_child_space - space configuration for a space whose parent we have created

  • looker_connection - This is mostly implemented to support the snowflake database. More work can be done to suport other database backends.

  • looker_project - sets up a base project with just the name

  • looker_git_deploy_key - TODO: rename to project_git_deploy_key - This creates a private/public key within Looker. The public key can than be added to the git repository to allow looker to deploy models to it (todo: not sure if this is the correct wording)

  • looker_project_git_details - updates an existing project with details on the git repository. This is currently a separate resource because Looker requires the git deploy key be added to the git repository before any of the git details can be updated on the project.

    The order of events should be:

    1. Create a Looker project with minimal properties set (currently only name)
    2. Create a ssh private/public key pair
    3. Add the public ssh key to the git repository
    4. Update the Looker project with the details of the git repository

Development

Build

Linux

docker run -it --rm  -w /go/src/github.com/billtrust/terraform-provider-looker -v `pwd`:/go/src/github.com/billtrust/terraform-provider-looker golang:1.12 bash -c "go get && rm -rf bin && mkdir bin && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/terraform-provider-looker"

Windows

docker run -it --rm  -w /go/src/github.com/billtrust/terraform-provider-looker -v `pwd`:/go/src/github.com/billtrust/terraform-provider-looker golang:1.12 bash -c "go get && rm -rf bin && mkdir bin && CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o bin/terraform-provider-looker.exe"

Mac

docker run -it --rm  -w /go/src/github.com/billtrust/terraform-provider-looker -v `pwd`:/go/src/github.com/billtrust/terraform-provider-looker golang:1.12 bash -c "go get && rm -rf bin && mkdir bin && CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/terraform-provider-looker"

Usage

Setup

variable "looker_client_id" {}
variable "looker_client_secret" {}
variable "looker_base_url" {}
variable "looker_api_port" {}

provider "looker" {
  client_id     = "${var.looker_client_id}"
  client_secret = "${var.looker_client_secret}"
  base_url      = "${var.looker_base_url}:${var.looker_api_port}"
}
resource "looker_user" "user" {
  first_name = "Reporting"
  last_name  = "API User"
}
resource "looker_user_attribute" "my_user_attribute" {
  name   = "my_name"
  label  = "Display Label"
  type   = "advanced_filter_string"
}
resource "looker_user_roles" "user_roles" {
  user_id    = "${looker_user.user.id}"
  role_names = ["Admin"]
}
resource "looker_user_api_key" "user_api_key" {
  user_id = "${looker_user.user.id}"

  provisioner "local-exec" {
    command    = "google-chrome ${var.looker_base_url}/admin/users/api3_key/${self.user_id}"
    on_failure = "continue"
  }
}
resource "looker_permission_set" "embed_permission_set" {
  name        = "Embed Permission Set"
  permissions = ["access_data", "download_with_limit", "schedule_look_emails", "schedule_external_look_emails", "see_user_dashboards"]
}
resource "looker_model_set" "model_set" {
  name   = "MyModelSet"
  models = ["accounts", "documents"]
}
resource "looker_role" "embed_role" {
  name              = "Embed User Role"
  permission_set_id = "${looker_permission_set.embed_permission_set.id}"
  model_set_id      = "${looker_model_set.model_set.id}"
}
resource "looker_group" "embed_group" {
  name = "My Embed Group"
}
resource "looker_role_groups" "embed_role_groups" {
  role_id   = "${looker_role.embed_role.id}"
  group_ids = ["${looker_group.embed_group.id}"]
}
resource "looker_main_space" "my_shared_space" {
  name                      = "My Shared Space"
  parent_space_name         = "Embed Groups"
  content_metadata_inherits = false
}
resource "looker_content_metadata_access" "embed_groups_space_access" {
  group_id            = "${looker_group.embed_group.id}"
  content_metadata_id = "${looker_main_space.my_shared_space.content_metadata_id}"
  permission_type     = "view"
}
resource "looker_connection" "snowflake_connection" {
  name                   = "snowflake"
  dialect_name           = "snowflake"
  host                   = "${var.snowflake_host}"
  port                   = "443"
  database               = "MY_DATABASE"
  username               = "${var.snowflake_username}"
  password               = "${var.snowflake_password}"
  schema                 = "PUBLIC"
  jdbc_additional_params = "account=${var.snowflake_account}&warehouse=LOAD_WH"
  ssl                    = true
  db_timezone            = "UTC"
  query_timezone         = "UTC"
}
resource "looker_project" "my_project" {
  name = "My_Project_Name"
}
resource "looker_git_deploy_key" "project_git_deploy_key" {
  project_id = "${looker_project.my_project.id}"
}
resource "github_repository_deploy_key" "looker_git_deploy_key" {
  title      = "${looker_git_deploy_key.project_git_deploy_key.id}"
  repository = "my-looker-repository"
  key        = "${looker_git_deploy_key.project_git_deploy_key.ssh_deploy_key}"
  read_only  = "false"
}