diff --git a/metadata.yaml b/metadata.yaml
index b1a2bc4a..f4cdb6e7 100644
--- a/metadata.yaml
+++ b/metadata.yaml
@@ -1,4 +1,4 @@
-# Copyright 2025 Google LLC
+# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -323,13 +323,13 @@ spec:
roles:
- level: Project
roles:
- - roles/cloudkms.admin
- - roles/resourcemanager.projectIamAdmin
- roles/run.admin
- roles/iam.serviceAccountAdmin
- roles/artifactregistry.admin
- roles/iam.serviceAccountUser
- roles/serviceusage.serviceUsageViewer
+ - roles/cloudkms.admin
+ - roles/resourcemanager.projectIamAdmin
services:
- accesscontextmanager.googleapis.com
- cloudbilling.googleapis.com
@@ -344,6 +344,6 @@ spec:
- storage-api.googleapis.com
providerVersions:
- source: hashicorp/google
- version: ">= 6, < 7"
+ version: ">= 6, < 8"
- source: hashicorp/google-beta
- version: ">= 6, < 7"
+ version: ">= 6, < 8"
diff --git a/modules/v2/README.md b/modules/v2/README.md
index 151457c0..ad6e21aa 100644
--- a/modules/v2/README.md
+++ b/modules/v2/README.md
@@ -53,7 +53,7 @@ Functional examples are included in the
| binary\_authorization | Settings for the Binary Authorization feature. | object({
breakglass_justification = optional(bool) # If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, [see](https://cloud.google.com/binary-authorization/docs/using-breakglass)
use_default = optional(bool) #If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.
}) | `null` | no |
| client | Arbitrary identifier for the API client and version identifier | object({
name = optional(string, null)
version = optional(string, null)
}) | `{}` | no |
| cloud\_run\_deletion\_protection | This field prevents Terraform from destroying or recreating the Cloud Run jobs and services | `bool` | `true` | no |
-| containers | Container images for the service | list(object({
container_name = optional(string, null)
container_image = string
working_dir = optional(string, null)
depends_on_container = optional(list(string), null)
container_args = optional(list(string), null)
container_command = optional(list(string), null)
env_vars = optional(map(string), {})
env_secret_vars = optional(map(object({
secret = string
version = string
})), {})
volume_mounts = optional(list(object({
name = string
mount_path = string
})), [])
ports = optional(object({
name = optional(string, "http1")
container_port = optional(number, 8080)
}), {})
resources = optional(object({
limits = optional(object({
cpu = optional(string)
memory = optional(string)
nvidia_gpu = optional(string)
}))
cpu_idle = optional(bool, true)
startup_cpu_boost = optional(bool, false)
}), {})
startup_probe = optional(object({
failure_threshold = optional(number, null)
initial_delay_seconds = optional(number, null)
timeout_seconds = optional(number, null)
period_seconds = optional(number, null)
http_get = optional(object({
path = optional(string)
port = optional(string)
http_headers = optional(list(object({
name = string
value = string
})), [])
}), null)
tcp_socket = optional(object({
port = optional(number)
}), null)
grpc = optional(object({
port = optional(number)
service = optional(string)
}), null)
}), null)
liveness_probe = optional(object({
failure_threshold = optional(number, null)
initial_delay_seconds = optional(number, null)
timeout_seconds = optional(number, null)
period_seconds = optional(number, null)
http_get = optional(object({
path = optional(string)
port = optional(string)
http_headers = optional(list(object({
name = string
value = string
})), [])
}), null)
tcp_socket = optional(object({
port = optional(number)
}), null)
grpc = optional(object({
port = optional(number)
service = optional(string)
}), null)
}), null)
})) | n/a | yes |
+| containers | Container images for the service | list(object({
container_name = optional(string, null)
container_image = string
working_dir = optional(string, null)
depends_on_container = optional(list(string), null)
container_args = optional(list(string), null)
container_command = optional(list(string), null)
env_vars = optional(map(string), {})
env_secret_vars = optional(map(object({
secret = string
version = string
})), {})
volume_mounts = optional(list(object({
name = string
mount_path = string
})), [])
ports = optional(object({
name = optional(string)
container_port = optional(number)
}), {})
resources = optional(object({
limits = optional(object({
cpu = optional(string)
memory = optional(string)
nvidia_gpu = optional(string)
}))
cpu_idle = optional(bool, true)
startup_cpu_boost = optional(bool, false)
}), {})
startup_probe = optional(object({
failure_threshold = optional(number, null)
initial_delay_seconds = optional(number, null)
timeout_seconds = optional(number, null)
period_seconds = optional(number, null)
http_get = optional(object({
path = optional(string)
port = optional(string)
http_headers = optional(list(object({
name = string
value = string
})), [])
}), null)
tcp_socket = optional(object({
port = optional(number)
}), null)
grpc = optional(object({
port = optional(number)
service = optional(string)
}), null)
}), null)
liveness_probe = optional(object({
failure_threshold = optional(number, null)
initial_delay_seconds = optional(number, null)
timeout_seconds = optional(number, null)
period_seconds = optional(number, null)
http_get = optional(object({
path = optional(string)
port = optional(string)
http_headers = optional(list(object({
name = string
value = string
})), [])
}), null)
tcp_socket = optional(object({
port = optional(number)
}), null)
grpc = optional(object({
port = optional(number)
service = optional(string)
}), null)
}), null)
})) | n/a | yes |
| create\_service\_account | Create a new service account for cloud run service | `bool` | `true` | no |
| custom\_audiences | One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. [Refer](https://cloud.google.com/run/docs/configuring/custom-audiences) | `list(string)` | `null` | no |
| description | Cloud Run service description. This field currently has a 512-character limit. | `string` | `null` | no |
diff --git a/modules/v2/main.tf b/modules/v2/main.tf
index e94534e6..1a204f20 100644
--- a/modules/v2/main.tf
+++ b/modules/v2/main.tf
@@ -158,11 +158,20 @@ resource "google_cloud_run_v2_service" "main" {
args = containers.value.container_args
working_dir = containers.value.working_dir
depends_on = containers.value.depends_on_container
+
dynamic "ports" {
- for_each = lookup(containers.value, "ports", {}) != {} ? [containers.value.ports] : []
+ for_each = try(
+ (
+ containers.value.ports != null &&
+ containers.value.ports.container_port != null &&
+ containers.value.ports.container_port > 0 &&
+ containers.value.ports.container_port < 65536
+ ) ? [containers.value.ports] : [],
+ []
+ )
content {
- name = ports.value["name"]
- container_port = ports.value["container_port"]
+ name = try(ports.value.name, null)
+ container_port = ports.value.container_port
}
}
diff --git a/modules/v2/metadata.yaml b/modules/v2/metadata.yaml
index a7b85b54..255eea38 100644
--- a/modules/v2/metadata.yaml
+++ b/modules/v2/metadata.yaml
@@ -91,8 +91,8 @@ spec:
mount_path = string
})), [])
ports = optional(object({
- name = optional(string, "http1")
- container_port = optional(number, 8080)
+ name = optional(string)
+ container_port = optional(number)
}), {})
resources = optional(object({
limits = optional(object({
@@ -679,6 +679,6 @@ spec:
- storage-api.googleapis.com
providerVersions:
- source: hashicorp/google
- version: ">= 6, < 7"
+ version: ">= 6, < 8"
- source: hashicorp/google-beta
- version: ">= 6, < 7"
+ version: ">= 6, < 8"
diff --git a/modules/v2/variables.tf b/modules/v2/variables.tf
index c62537e7..e3a5fd27 100644
--- a/modules/v2/variables.tf
+++ b/modules/v2/variables.tf
@@ -55,8 +55,8 @@ variable "containers" {
mount_path = string
})), [])
ports = optional(object({
- name = optional(string, "http1")
- container_port = optional(number, 8080)
+ name = optional(string)
+ container_port = optional(number)
}), {})
resources = optional(object({
limits = optional(object({