feat: Add TF samples for creating a Looker (Google Cloud core) Enterprise instance that uses PSC

[ronnieplooker]

Description

Fixes b/429215192

Note: If you are not associated with Google, open an issue for discussion before submitting a pull request.

Checklist

Readiness

• Yes, merge this PR after it is approved
• No, don't merge this PR after it is approved

Style

• My sample follows the rules described for Terraform in the Effective Samples style guide
• My sample follows the other requirements and best practices in the Contributing
  guide

Testing

• I have performed tests described in the Contributing guide:

  • Tests pass: terraform apply
  • Lint pass: terraform fmt check

Intended location

• Yes, this sample will be (or already is) included on cloud.google.com
  Location(s):

• No, this sample won't be included on cloud.google.com
  Reason:

API enablement

• If the sample needs an API enabled to pass testing, I have added the service to the Test setup file

Review

• If this sample adds a new directory, I have added codeowners to the CODEOWNERS file

[snippet-bot]

Here is the summary of changes.

You are about to add 1 region tag.

• looker/looker-core-psc/main.tf:16, tag looker_google_looker_instance_psc

---

This comment is generated by snippet-bot.
If you find problems with this result, please file an issue at:
https://github.com/googleapis/repo-automation-bots/issues.
To update this comment, add snippet-bot:force-run label or use the checkbox below:

• Refresh this comment

[ronnieplooker]

Intending to use this snippet on the following page:
https://cloud.google.com/looker/docs/looker-core-create-psc

[glasnt]

Generally this sample looks okay, but other samples in the looker folder have configurations to skip tests. It will probably be needed for this one.

Example: https://github.com/terraform-google-modules/terraform-docs-samples/blob/main/looker/looker_instance_basic/test.yaml, where metadata.name is the folder name and will need to be changed.

[glasnt]

This value won't work, as test-project is not a valid project ID.

[ronnieplooker]

I updated the comments in the sample. The test-project and test parts of the VPC URL are unique to the user's project, so the value here is just an example.

[glasnt]

Are these comments needed?

[ronnieplooker]

I updated the comments to hopefully be more useful!

[glasnt]

/gcbrun

[ronnieplooker]

@glasnt thanks for taking a look! I have hopefully addressed your comments. If it helps, I took the sample directly from what the SME engineer uploaded to https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/looker_instance#example-usage---looker-instance-psc.

[glasnt]

/gcbrun

[glasnt]

If I'm reading the docs correctly, you don't set these values, they are updated for you. Trying to validate this part of the Terraform is failing with An argument named "service_attachments" is not expected here.. Are you able to confirm this is intended as an argument?

[ronnieplooker]

Ah, I get it! So the service attachment argument is relevant only when updating an instance config, not when creating it. I think that to match the other blocks in https://cloud.google.com/looker/docs/looker-core-create-psc#create_instance we should remove that argument entirely.

As for the allowed_vpcs, you would only specify that if you are creating an instance that uses only private IP (that is:

private_ip_enabled = true
public_ip_enabled  = false
psc_enabled  = true

This example doesn't follow that pattern, so I have commented out the allowed_vpcs and added some context.

[glasnt]

/gcbrun

[glasnt]

/gcbrun

[glasnt]

/gcbrun