From 9f7505d0616313a77b3d28d940ec861e89fb0d4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Mon, 18 Nov 2024 08:57:44 +0000 Subject: [PATCH] Allow providing network for Direct VPC access --- modules/cloud-run-v2/README.md | 10 +++++----- modules/cloud-run-v2/job.tf | 3 ++- modules/cloud-run-v2/service.tf | 3 ++- modules/cloud-run-v2/variables.tf | 9 ++++++++- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/modules/cloud-run-v2/README.md b/modules/cloud-run-v2/README.md index 07e405b107..45423e443d 100644 --- a/modules/cloud-run-v2/README.md +++ b/modules/cloud-run-v2/README.md @@ -556,11 +556,11 @@ module "cloud_run" { | [labels](variables.tf#L142) | Resource labels. | map(string) | | {} | | [launch_stage](variables.tf#L148) | The launch stage as defined by Google Cloud Platform Launch Stages. | string | | null | | [prefix](variables.tf#L170) | Optional prefix used for resource names. | string | | null | -| [revision](variables.tf#L190) | Revision template configurations. | object({…}) | | {} | -| [service_account](variables.tf#L221) | Service account email. Unused if service account is auto-created. | string | | null | -| [service_account_create](variables.tf#L227) | Auto-create service account. | bool | | false | -| [tag_bindings](variables.tf#L233) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} | -| [volumes](variables.tf#L240) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} | +| [revision](variables.tf#L190) | Revision template configurations. | object({…}) | | {} | +| [service_account](variables.tf#L228) | Service account email. Unused if service account is auto-created. | string | | null | +| [service_account_create](variables.tf#L234) | Auto-create service account. | bool | | false | +| [tag_bindings](variables.tf#L240) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} | +| [volumes](variables.tf#L247) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} | | [vpc_connector_create](variables-vpcconnector.tf#L17) | Populate this to create a Serverless VPC Access connector. | object({…}) | | null | ## Outputs diff --git a/modules/cloud-run-v2/job.tf b/modules/cloud-run-v2/job.tf index 74b170408b..bd2584f157 100644 --- a/modules/cloud-run-v2/job.tf +++ b/modules/cloud-run-v2/job.tf @@ -35,11 +35,12 @@ resource "google_cloud_run_v2_job" "job" { } } dynamic "vpc_access" { - for_each = try(var.revision.vpc_access.subnet, null) == null ? [] : [""] + for_each = var.revision.vpc_access.subnet == null && var.revision.vpc_access.network == null ? [] : [""] content { egress = var.revision.vpc_access.egress network_interfaces { subnetwork = var.revision.vpc_access.subnet + network = var.revision.vpc_access.network tags = var.revision.vpc_access.tags } } diff --git a/modules/cloud-run-v2/service.tf b/modules/cloud-run-v2/service.tf index 0e35be1707..8df793740f 100644 --- a/modules/cloud-run-v2/service.tf +++ b/modules/cloud-run-v2/service.tf @@ -48,11 +48,12 @@ resource "google_cloud_run_v2_service" "service" { } } dynamic "vpc_access" { - for_each = try(var.revision.vpc_access.subnet, null) == null ? [] : [""] + for_each = var.revision.vpc_access.subnet == null && var.revision.vpc_access.network == null ? [] : [""] content { egress = var.revision.vpc_access.egress network_interfaces { subnetwork = var.revision.vpc_access.subnet + network = var.revision.vpc_access.network tags = var.revision.vpc_access.tags } } diff --git a/modules/cloud-run-v2/variables.tf b/modules/cloud-run-v2/variables.tf index 472b2f8e04..951ad84c18 100644 --- a/modules/cloud-run-v2/variables.tf +++ b/modules/cloud-run-v2/variables.tf @@ -202,9 +202,10 @@ variable "revision" { vpc_access = optional(object({ connector = optional(string) egress = optional(string) + network = optional(string) subnet = optional(string) tags = optional(list(string)) - })) + }), {}) timeout = optional(string) }) default = {} @@ -216,6 +217,12 @@ variable "revision" { ) error_message = "Egress should be one of ALL_TRAFFIC, PRIVATE_RANGES_ONLY." } + validation { + condition = ( + var.revision.vpc_access.network == null || (var.revision.vpc_access.network != null && var.revision.vpc_access.subnet != null) + ) + error_message = "When providing vpc_access.network provide also vpc_access.subnet." + } } variable "service_account" {