Skip to content

Commit

Permalink
Allow providing network for Direct VPC access
Browse files Browse the repository at this point in the history
  • Loading branch information
wiktorn committed Nov 18, 2024
1 parent f1accdd commit 9f7505d
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 8 deletions.
10 changes: 5 additions & 5 deletions modules/cloud-run-v2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -556,11 +556,11 @@ module "cloud_run" {
| [labels](variables.tf#L142) | Resource labels. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [launch_stage](variables.tf#L148) | The launch stage as defined by Google Cloud Platform Launch Stages. | <code>string</code> | | <code>null</code> |
| [prefix](variables.tf#L170) | Optional prefix used for resource names. | <code>string</code> | | <code>null</code> |
| [revision](variables.tf#L190) | Revision template configurations. | <code title="object&#40;&#123;&#10; name &#61; optional&#40;string&#41;&#10; gen2_execution_environment &#61; optional&#40;bool&#41;&#10; max_concurrency &#61; optional&#40;number&#41;&#10; max_instance_count &#61; optional&#40;number&#41;&#10; min_instance_count &#61; optional&#40;number&#41;&#10; job &#61; optional&#40;object&#40;&#123;&#10; max_retries &#61; optional&#40;number&#41;&#10; task_count &#61; optional&#40;number&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; vpc_access &#61; optional&#40;object&#40;&#123;&#10; connector &#61; optional&#40;string&#41;&#10; egress &#61; optional&#40;string&#41;&#10; subnet &#61; optional&#40;string&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;&#41;&#10; timeout &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_account](variables.tf#L221) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
| [service_account_create](variables.tf#L227) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
| [tag_bindings](variables.tf#L233) | Tag bindings for this service, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [volumes](variables.tf#L240) | Named volumes in containers in name => attributes format. | <code title="map&#40;object&#40;&#123;&#10; secret &#61; optional&#40;object&#40;&#123;&#10; name &#61; string&#10; default_mode &#61; optional&#40;string&#41;&#10; path &#61; optional&#40;string&#41;&#10; version &#61; optional&#40;string&#41;&#10; mode &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; cloud_sql_instances &#61; optional&#40;list&#40;string&#41;&#41;&#10; empty_dir_size &#61; optional&#40;string&#41;&#10; gcs &#61; optional&#40;object&#40;&#123;&#10; bucket &#61; string&#10; is_read_only &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; nfs &#61; optional&#40;object&#40;&#123;&#10; server &#61; string&#10; path &#61; optional&#40;string&#41;&#10; is_read_only &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [revision](variables.tf#L190) | Revision template configurations. | <code title="object&#40;&#123;&#10; name &#61; optional&#40;string&#41;&#10; gen2_execution_environment &#61; optional&#40;bool&#41;&#10; max_concurrency &#61; optional&#40;number&#41;&#10; max_instance_count &#61; optional&#40;number&#41;&#10; min_instance_count &#61; optional&#40;number&#41;&#10; job &#61; optional&#40;object&#40;&#123;&#10; max_retries &#61; optional&#40;number&#41;&#10; task_count &#61; optional&#40;number&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; vpc_access &#61; optional&#40;object&#40;&#123;&#10; connector &#61; optional&#40;string&#41;&#10; egress &#61; optional&#40;string&#41;&#10; network &#61; optional&#40;string&#41;&#10; subnet &#61; optional&#40;string&#41;&#10; tags &#61; optional&#40;list&#40;string&#41;&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10; timeout &#61; optional&#40;string&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [service_account](variables.tf#L228) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
| [service_account_create](variables.tf#L234) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
| [tag_bindings](variables.tf#L240) | Tag bindings for this service, in key => tag value id format. | <code>map&#40;string&#41;</code> | | <code>&#123;&#125;</code> |
| [volumes](variables.tf#L247) | Named volumes in containers in name => attributes format. | <code title="map&#40;object&#40;&#123;&#10; secret &#61; optional&#40;object&#40;&#123;&#10; name &#61; string&#10; default_mode &#61; optional&#40;string&#41;&#10; path &#61; optional&#40;string&#41;&#10; version &#61; optional&#40;string&#41;&#10; mode &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; cloud_sql_instances &#61; optional&#40;list&#40;string&#41;&#41;&#10; empty_dir_size &#61; optional&#40;string&#41;&#10; gcs &#61; optional&#40;object&#40;&#123;&#10; bucket &#61; string&#10; is_read_only &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; nfs &#61; optional&#40;object&#40;&#123;&#10; server &#61; string&#10; path &#61; optional&#40;string&#41;&#10; is_read_only &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [vpc_connector_create](variables-vpcconnector.tf#L17) | Populate this to create a Serverless VPC Access connector. | <code title="object&#40;&#123;&#10; ip_cidr_range &#61; optional&#40;string&#41;&#10; machine_type &#61; optional&#40;string&#41;&#10; name &#61; optional&#40;string&#41;&#10; network &#61; optional&#40;string&#41;&#10; instances &#61; optional&#40;object&#40;&#123;&#10; max &#61; optional&#40;number&#41;&#10; min &#61; optional&#40;number&#41;&#10; &#125;&#41;, &#123;&#125;&#10; &#41;&#10; throughput &#61; optional&#40;object&#40;&#123;&#10; max &#61; optional&#40;number&#41;&#10; min &#61; optional&#40;number&#41;&#10; &#125;&#41;, &#123;&#125;&#10; &#41;&#10; subnet &#61; optional&#40;object&#40;&#123;&#10; name &#61; optional&#40;string&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; &#125;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |

## Outputs
Expand Down
3 changes: 2 additions & 1 deletion modules/cloud-run-v2/job.tf
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,12 @@ resource "google_cloud_run_v2_job" "job" {
}
}
dynamic "vpc_access" {
for_each = try(var.revision.vpc_access.subnet, null) == null ? [] : [""]
for_each = var.revision.vpc_access.subnet == null && var.revision.vpc_access.network == null ? [] : [""]
content {
egress = var.revision.vpc_access.egress
network_interfaces {
subnetwork = var.revision.vpc_access.subnet
network = var.revision.vpc_access.network
tags = var.revision.vpc_access.tags
}
}
Expand Down
3 changes: 2 additions & 1 deletion modules/cloud-run-v2/service.tf
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,12 @@ resource "google_cloud_run_v2_service" "service" {
}
}
dynamic "vpc_access" {
for_each = try(var.revision.vpc_access.subnet, null) == null ? [] : [""]
for_each = var.revision.vpc_access.subnet == null && var.revision.vpc_access.network == null ? [] : [""]
content {
egress = var.revision.vpc_access.egress
network_interfaces {
subnetwork = var.revision.vpc_access.subnet
network = var.revision.vpc_access.network
tags = var.revision.vpc_access.tags
}
}
Expand Down
9 changes: 8 additions & 1 deletion modules/cloud-run-v2/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -202,9 +202,10 @@ variable "revision" {
vpc_access = optional(object({
connector = optional(string)
egress = optional(string)
network = optional(string)
subnet = optional(string)
tags = optional(list(string))
}))
}), {})
timeout = optional(string)
})
default = {}
Expand All @@ -216,6 +217,12 @@ variable "revision" {
)
error_message = "Egress should be one of ALL_TRAFFIC, PRIVATE_RANGES_ONLY."
}
validation {
condition = (
var.revision.vpc_access.network == null || (var.revision.vpc_access.network != null && var.revision.vpc_access.subnet != null)
)
error_message = "When providing vpc_access.network provide also vpc_access.subnet."
}
}

variable "service_account" {
Expand Down

0 comments on commit 9f7505d

Please sign in to comment.