feat(v2): add support for build_config arguments

examples/v2/README.md

@@ -18,6 +18,7 @@ This example assumes that below mentioned prerequisites are in place before cons
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| build\_config | Optional Cloud Build configuration for Cloud Run. This block enables building a container image from source using Cloud Build instead of specifying a prebuilt container image. | <pre>object({<br>    source_location          = optional(string)<br>    function_target          = optional(string)<br>    image_uri                = optional(string)<br>    base_image               = optional(string)<br>    enable_automatic_updates = optional(bool)<br>    worker_pool              = optional(string)<br>    environment_variables    = optional(map(string))<br>    service_account          = optional(string)<br>  })</pre> | `null` | no |
 | cloud\_run\_deletion\_protection | This field prevents Terraform from destroying or recreating the Cloud Run v2 Jobs and Services | `bool` | `true` | no |
 | project\_id | The project ID to deploy to | `string` | n/a | yes |
 

examples/v2/main.tf

@@ -21,8 +21,8 @@ resource "google_service_account" "sa" {
 }
 
 module "cloud_run_v2" {
-  source  = "GoogleCloudPlatform/cloud-run/google//modules/v2"
-  version = "~> 0.16"
+  source = "../../modules/v2"
+  # version = "~> 0.16"
 
   service_name           = "ci-cloud-run-v2"
   project_id             = var.project_id
@@ -38,4 +38,34 @@ module "cloud_run_v2" {
       container_name  = "hello-world"
     }
   ]
+  build_config = {
+    source_location          = "gs://cloudrun-open-test"
+    function_target          = "helloHttp"
+    image_uri                = "us-docker.pkg.dev/cloudrun/container/hello"
+    base_image               = "us-central1-docker.pkg.dev/serverless-runtimes/google-22-full/runtimes/nodejs22"
+    enable_automatic_updates = true
+    environment_variables = {
+      FOO_KEY = "FOO_VALUE"
+      BAR_KEY = "BAR_VALUE"
+    }
+    service_account = google_service_account.cloudbuild_service_account.id
+  }
+}
+
+
+resource "google_service_account" "cloudbuild_service_account" {
+  project    = "coastal-mercury-471819-s6"
+  account_id = "build-sa"
+}
+
+resource "google_project_iam_member" "act_as" {
+  project = "coastal-mercury-471819-s6"
+  role    = "roles/iam.serviceAccountUser"
+  member  = "serviceAccount:${google_service_account.cloudbuild_service_account.email}"
+}
+
+resource "google_project_iam_member" "logs_writer" {
+  project = "coastal-mercury-471819-s6"
+  role    = "roles/logging.logWriter"
+  member  = "serviceAccount:${google_service_account.cloudbuild_service_account.email}"
 }

examples/v2/variables.tf

@@ -24,3 +24,18 @@ variable "cloud_run_deletion_protection" {
   description = "This field prevents Terraform from destroying or recreating the Cloud Run v2 Jobs and Services"
   default     = true
 }
+
+variable "build_config" {
+  description = "Optional Cloud Build configuration for Cloud Run. This block enables building a container image from source using Cloud Build instead of specifying a prebuilt container image."
+  type = object({
+    source_location          = optional(string)
+    function_target          = optional(string)
+    image_uri                = optional(string)
+    base_image               = optional(string)
+    enable_automatic_updates = optional(bool)
+    worker_pool              = optional(string)
+    environment_variables    = optional(map(string))
+    service_account          = optional(string)
+  })
+  default = null
+}

metadata.yaml

@@ -94,13 +94,7 @@ spec:
         defaultValue: true
       - name: traffic_split
         description: Managing traffic routing to the service
-        varType: |-
-          list(object({
-              latest_revision = bool
-              percent         = number
-              revision_name   = string
-              tag             = string
-            }))
+        varType: "list(object({\r\n    latest_revision = bool\r\n    percent         = number\r\n    revision_name   = string\r\n    tag             = string\r\n  }))"
         defaultValue:
           - latest_revision: true
             percent: 100
@@ -143,14 +137,7 @@ spec:
         defaultValue: ""
       - name: volumes
         description: "[Beta] Volumes needed for environment variables (when using secret)"
-        varType: |-
-          list(object({
-              name = string
-              secret = set(object({
-                secret_name = string
-                items       = map(string)
-              }))
-            }))
+        varType: "list(object({\r\n    name = string\r\n    secret = set(object({\r\n      secret_name = string\r\n      items       = map(string)\r\n    }))\r\n  }))"
         defaultValue: []
       - name: limits
         description: Resource limits to the container
@@ -161,11 +148,7 @@ spec:
         defaultValue: {}
       - name: ports
         description: Port which the container listens to (http1 or h2c)
-        varType: |-
-          object({
-              name = string
-              port = number
-            })
+        varType: "object({\r\n    name = string\r\n    port = number\r\n  })"
         defaultValue:
           name: http1
           port: 8080
@@ -178,79 +161,22 @@ spec:
         varType: list(string)
         defaultValue: []
       - name: startup_probe
-        description: |
-          Startup probe of application within the container.
-          All other probes are disabled if a startup probe is provided, until it succeeds.
-          Container will not be added to service endpoints if the probe fails.
-          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-        varType: |-
-          object({
-              failure_threshold     = optional(number, null)
-              initial_delay_seconds = optional(number, null)
-              timeout_seconds       = optional(number, null)
-              period_seconds        = optional(number, null)
-              http_get = optional(object({
-                path = optional(string)
-                http_headers = optional(list(object({
-                  name  = string
-                  value = string
-                })), null)
-              }), null)
-              tcp_socket = optional(object({
-                port = optional(number)
-              }), null)
-              grpc = optional(object({
-                port    = optional(number)
-                service = optional(string)
-              }), null)
-            })
+        description: "Startup probe of application within the container.\r\nAll other probes are disabled if a startup probe is provided, until it succeeds.\r\nContainer will not be added to service endpoints if the probe fails.\r\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes\r\n"
+        varType: "object({\r\n    failure_threshold     = optional(number, null)\r\n    initial_delay_seconds = optional(number, null)\r\n    timeout_seconds       = optional(number, null)\r\n    period_seconds        = optional(number, null)\r\n    http_get = optional(object({\r\n      path = optional(string)\r\n      http_headers = optional(list(object({\r\n        name  = string\r\n        value = string\r\n      })), null)\r\n    }), null)\r\n    tcp_socket = optional(object({\r\n      port = optional(number)\r\n    }), null)\r\n    grpc = optional(object({\r\n      port    = optional(number)\r\n      service = optional(string)\r\n    }), null)\r\n  })"
       - name: liveness_probe
-        description: |
-          Periodic probe of container liveness. Container will be restarted if the probe fails.
-          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-        varType: |-
-          object({
-              failure_threshold     = optional(number, null)
-              initial_delay_seconds = optional(number, null)
-              timeout_seconds       = optional(number, null)
-              period_seconds        = optional(number, null)
-              http_get = optional(object({
-                path = optional(string)
-                http_headers = optional(list(object({
-                  name  = string
-                  value = string
-                })), null)
-              }), null)
-              grpc = optional(object({
-                port    = optional(number)
-                service = optional(string)
-              }), null)
-            })
+        description: "Periodic probe of container liveness. Container will be restarted if the probe fails.\r\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes\r\n"
+        varType: "object({\r\n    failure_threshold     = optional(number, null)\r\n    initial_delay_seconds = optional(number, null)\r\n    timeout_seconds       = optional(number, null)\r\n    period_seconds        = optional(number, null)\r\n    http_get = optional(object({\r\n      path = optional(string)\r\n      http_headers = optional(list(object({\r\n        name  = string\r\n        value = string\r\n      })), null)\r\n    }), null)\r\n    grpc = optional(object({\r\n      port    = optional(number)\r\n      service = optional(string)\r\n    }), null)\r\n  })"
       - name: env_vars
         description: Environment variables (cleartext)
-        varType: |-
-          list(object({
-              value = string
-              name  = string
-            }))
+        varType: "list(object({\r\n    value = string\r\n    name  = string\r\n  }))"
         defaultValue: []
       - name: env_secret_vars
         description: "[Beta] Environment variables (Secret Manager)"
-        varType: |-
-          list(object({
-              name = string
-              value_from = set(object({
-                secret_key_ref = map(string)
-              }))
-            }))
+        varType: "list(object({\r\n    name = string\r\n    value_from = set(object({\r\n      secret_key_ref = map(string)\r\n    }))\r\n  }))"
         defaultValue: []
       - name: volume_mounts
         description: "[Beta] Volume Mounts to be attached to the container (when using secret)"
-        varType: |-
-          list(object({
-              mount_path = string
-              name       = string
-            }))
+        varType: "list(object({\r\n    mount_path = string\r\n    name       = string\r\n  }))"
         defaultValue: []
       - name: verified_domain_name
         description: List of Custom Domain Name
@@ -323,13 +249,13 @@ spec:
     roles:
       - level: Project
         roles:
-          - roles/cloudkms.admin
-          - roles/resourcemanager.projectIamAdmin
           - roles/run.admin
           - roles/iam.serviceAccountAdmin
           - roles/artifactregistry.admin
           - roles/iam.serviceAccountUser
           - roles/serviceusage.serviceUsageViewer
+          - roles/cloudkms.admin
+          - roles/resourcemanager.projectIamAdmin
     services:
       - accesscontextmanager.googleapis.com
       - cloudbilling.googleapis.com

modules/job-exec/metadata.yaml

@@ -120,11 +120,7 @@ spec:
         defaultValue: []
       - name: env_vars
         description: Environment variables (cleartext)
-        varType: |-
-          list(object({
-              value = string
-              name  = string
-            }))
+        varType: "list(object({\r\n    value = string\r\n    name  = string\r\n  }))"
         defaultValue: []
         connections:
           - source:
@@ -134,16 +130,7 @@ spec:
               outputExpr: "{ \"name\": service_name,\"value\": service_uri}"
       - name: env_secret_vars
         description: Environment variables (Secret Manager)
-        varType: |-
-          list(object({
-              name = string
-              value_source = set(object({
-                secret_key_ref = object({
-                  secret  = string
-                  version = optional(string, "latest")
-                })
-              }))
-            }))
+        varType: "list(object({\r\n    name = string\r\n    value_source = set(object({\r\n      secret_key_ref = object({\r\n        secret  = string\r\n        version = optional(string, \"latest\")\r\n      })\r\n    }))\r\n  }))"
         defaultValue: []
       - name: launch_stage
         description: The launch stage. (see https://cloud.google.com/products#product-launch-stages). Defaults to GA.
@@ -164,18 +151,7 @@ spec:
         varType: number
       - name: volumes
         description: A list of Volumes to make available to containers.
-        varType: |-
-          list(object({
-              name = string
-              cloud_sql_instance = optional(object({
-                instances = list(string)
-              }))
-              gcs = optional(object({
-                bucket        = string
-                read_only     = optional(bool)
-                mount_options = optional(list(string))
-              }))
-            }))
+        varType: "list(object({\r\n    name = string\r\n    cloud_sql_instance = optional(object({\r\n      instances = list(string)\r\n    }))\r\n    gcs = optional(object({\r\n      bucket        = string\r\n      read_only     = optional(bool)\r\n      mount_options = optional(list(string))\r\n    }))\r\n  }))"
         defaultValue: []
         connections:
           - source:
@@ -197,11 +173,7 @@ spec:
               outputExpr: "{\"name\": \"gcs-bucket-vol\", \"gcs\": { \"bucket\": name}}"
       - name: volume_mounts
         description: Volume to mount into the container's filesystem.
-        varType: |-
-          list(object({
-              name       = string
-              mount_path = string
-            }))
+        varType: "list(object({\r\n    name       = string\r\n    mount_path = string\r\n  }))"
         defaultValue: []
         connections:
           - source:
@@ -221,19 +193,11 @@ spec:
               outputExpr: "{\"name\": \"cloudsql\", \"mount_path\": \"/cloudsql\"}"
       - name: vpc_access
         description: VPC Access configuration to use for this Task.
-        varType: |-
-          list(object({
-              connector = string
-              egress    = string
-            }))
+        varType: "list(object({\r\n    connector = string\r\n    egress    = string\r\n  }))"
         defaultValue: []
       - name: limits
         description: Resource limits to the container
-        varType: |-
-          object({
-              cpu    = optional(string)
-              memory = optional(string)
-            })
+        varType: "object({\r\n    cpu    = optional(string)\r\n    memory = optional(string)\r\n  })"
       - name: timeout
         description: Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers.
         varType: string
@@ -257,13 +221,13 @@ spec:
     roles:
       - level: Project
         roles:
-          - roles/run.admin
           - roles/iam.serviceAccountAdmin
           - roles/artifactregistry.admin
           - roles/iam.serviceAccountUser
           - roles/serviceusage.serviceUsageViewer
           - roles/cloudkms.admin
           - roles/resourcemanager.projectIamAdmin
+          - roles/run.admin
     services:
       - accesscontextmanager.googleapis.com
       - cloudbilling.googleapis.com