diff --git a/modules/cloud-run-v2/README.md b/modules/cloud-run-v2/README.md
index 07e405b107..45423e443d 100644
--- a/modules/cloud-run-v2/README.md
+++ b/modules/cloud-run-v2/README.md
@@ -556,11 +556,11 @@ module "cloud_run" {
| [labels](variables.tf#L142) | Resource labels. | map(string)
| | {}
|
| [launch_stage](variables.tf#L148) | The launch stage as defined by Google Cloud Platform Launch Stages. | string
| | null
|
| [prefix](variables.tf#L170) | Optional prefix used for resource names. | string
| | null
|
-| [revision](variables.tf#L190) | Revision template configurations. | object({…})
| | {}
|
-| [service_account](variables.tf#L221) | Service account email. Unused if service account is auto-created. | string
| | null
|
-| [service_account_create](variables.tf#L227) | Auto-create service account. | bool
| | false
|
-| [tag_bindings](variables.tf#L233) | Tag bindings for this service, in key => tag value id format. | map(string)
| | {}
|
-| [volumes](variables.tf#L240) | Named volumes in containers in name => attributes format. | map(object({…}))
| | {}
|
+| [revision](variables.tf#L190) | Revision template configurations. | object({…})
| | {}
|
+| [service_account](variables.tf#L228) | Service account email. Unused if service account is auto-created. | string
| | null
|
+| [service_account_create](variables.tf#L234) | Auto-create service account. | bool
| | false
|
+| [tag_bindings](variables.tf#L240) | Tag bindings for this service, in key => tag value id format. | map(string)
| | {}
|
+| [volumes](variables.tf#L247) | Named volumes in containers in name => attributes format. | map(object({…}))
| | {}
|
| [vpc_connector_create](variables-vpcconnector.tf#L17) | Populate this to create a Serverless VPC Access connector. | object({…})
| | null
|
## Outputs
diff --git a/modules/cloud-run-v2/job.tf b/modules/cloud-run-v2/job.tf
index 74b170408b..bd2584f157 100644
--- a/modules/cloud-run-v2/job.tf
+++ b/modules/cloud-run-v2/job.tf
@@ -35,11 +35,12 @@ resource "google_cloud_run_v2_job" "job" {
}
}
dynamic "vpc_access" {
- for_each = try(var.revision.vpc_access.subnet, null) == null ? [] : [""]
+ for_each = var.revision.vpc_access.subnet == null && var.revision.vpc_access.network == null ? [] : [""]
content {
egress = var.revision.vpc_access.egress
network_interfaces {
subnetwork = var.revision.vpc_access.subnet
+ network = var.revision.vpc_access.network
tags = var.revision.vpc_access.tags
}
}
diff --git a/modules/cloud-run-v2/service.tf b/modules/cloud-run-v2/service.tf
index 0e35be1707..8df793740f 100644
--- a/modules/cloud-run-v2/service.tf
+++ b/modules/cloud-run-v2/service.tf
@@ -48,11 +48,12 @@ resource "google_cloud_run_v2_service" "service" {
}
}
dynamic "vpc_access" {
- for_each = try(var.revision.vpc_access.subnet, null) == null ? [] : [""]
+ for_each = var.revision.vpc_access.subnet == null && var.revision.vpc_access.network == null ? [] : [""]
content {
egress = var.revision.vpc_access.egress
network_interfaces {
subnetwork = var.revision.vpc_access.subnet
+ network = var.revision.vpc_access.network
tags = var.revision.vpc_access.tags
}
}
diff --git a/modules/cloud-run-v2/variables.tf b/modules/cloud-run-v2/variables.tf
index 472b2f8e04..951ad84c18 100644
--- a/modules/cloud-run-v2/variables.tf
+++ b/modules/cloud-run-v2/variables.tf
@@ -202,9 +202,10 @@ variable "revision" {
vpc_access = optional(object({
connector = optional(string)
egress = optional(string)
+ network = optional(string)
subnet = optional(string)
tags = optional(list(string))
- }))
+ }), {})
timeout = optional(string)
})
default = {}
@@ -216,6 +217,12 @@ variable "revision" {
)
error_message = "Egress should be one of ALL_TRAFFIC, PRIVATE_RANGES_ONLY."
}
+ validation {
+ condition = (
+ var.revision.vpc_access.network == null || (var.revision.vpc_access.network != null && var.revision.vpc_access.subnet != null)
+ )
+ error_message = "When providing vpc_access.network provide also vpc_access.subnet."
+ }
}
variable "service_account" {