Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/helmless/google-cloudrun-service-terraform-module

A Terraform wrapper module that provides a shell around a Google Cloud Run Service or Job which is deployed using Helmless.
https://github.com/helmless/google-cloudrun-service-terraform-module

cloudrun google terraform-module

Last synced: 11 months ago
JSON representation

A Terraform wrapper module that provides a shell around a Google Cloud Run Service or Job which is deployed using Helmless.

Awesome Lists containing this project

README 

          
# helmless/google-cloudrun-terraform-module



A [Terraform][terraform] module to create a wrapper around a Google Cloud Run Service or Job. The Cloud Run workload will be deployed using [Helmless](https://helmless.io) instead of Terraform. The module purely exists to have a reference to the cloud resource in order to apply IAM policies to it.



[goolge-cloud]: https://cloud.google.com

[terraform]: https://www.terraform.io



# asdf tools



This repository has a _.tools-versions_ file used by [asdf](https://asdf-vm.com/) to install the necessary tools. For this you need the following additional plugins:



```

asdf plugin add terraform-docs https://github.com/looztra/asdf-terraform-docs

asdf plugin add tflint https://github.com/skyzyx/asdf-tflint

asdf install

```



## Usage



```hcl

module "github_federation" {

  source              = "github.com/helmless/google-workload-identity-federation-terraform-module?ref=v0.1.0"

  id                  = "github"

  github_organization = "helmless"

}



module "cloudrun_service" {

  # source = "github.com/helmless/google-cloudrun-service-terraform-module?ref=v0.1.2" # x-release-please-version

  source = "../"

  name   = "example-service"



  create_service_account = true

  deployment_accounts    = ["${module.github_federation.repository_principal_set_id_prefix}/example-repository"]

}

```



## Required Inputs



The following input variables are required:



###  [name](#input\_name)



Description: The name of the Cloud Run service. Must be unique within the project and region.



Type: `string`



## Optional Inputs



The following input variables are optional (have default values):



###  [create\_service\_account](#input\_create\_service\_account)



Description: Whether to create a service account for the Cloud Run service with the same name as the service. If not provided, the default service account will be used.



Type: `bool`



Default: `true`



###  [deletion\_protection](#input\_deletion\_protection)



Description: Whether to enable deletion protection for the Cloud Run service.



Type: `bool`



Default: `true`



###  [deployment\_accounts](#input\_deployment\_accounts)



Description: A list of accounts that are allowed to deploy the Cloud Run service. Must be in the format of 'serviceAccount:ACCOUNT\_EMAIL' or principalSet:PRINCIPAL\_SET\_ID. The accounts will get the roles/run.admin role on the Cloud Run service and the roles/iam.workloadIdentityUser role on the service account.



Type: `list(string)`



Default: `[]`



###  [description](#input\_description)



Description: An optional description of the Cloud Run service.



Type: `string`



Default: `""`



###  [iam](#input\_iam)



Description: A list of IAM bindings to apply to the Cloud Run service.



Type:



```hcl

list(object({

    role    = string

    members = list(string)

  }))

```



Default: `[]`



###  [labels](#input\_labels)



Description: Labels to apply to the Cloud Run service.



Type: `map(string)`



Default: `{}`



###  [project](#input\_project)



Description: The project to deploy the Cloud Run service to.



Type: `string`



Default: `null`



###  [region](#input\_region)



Description: The region to deploy the Cloud Run service to.



Type: `string`



Default: `"us-central1"`



###  [service\_account\_email](#input\_service\_account\_email)



Description: The service account email to use for the Cloud Run service. If not provided, the default service account will be used.



Type: `string`



Default: `null`



## Outputs



The following outputs are exported:



###  [cloud\_run\_service](#output\_cloud\_run\_service)



Description: The full Cloud Run service object and all attributes.



###  [service\_account](#output\_service\_account)



Description: The service account used by the Cloud Run service. Uses the provided service account if create\_service\_account is false, otherwise creates a new service account.



## Requirements



The following requirements are needed by this module:



-  [terraform](#requirement\_terraform) (>= 1.9.6, < 2)



-  [google](#requirement\_google) (>= 5.0)



## Providers



The following providers are used by this module:



-  [google](#provider\_google) (6.27.0)



## Modules



No modules.



## Resources



The following resources are used by this module:



- [google_cloud_run_v2_service.cloud_run_service](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service) (resource)

- [google_cloud_run_v2_service_iam_binding.custom_iam](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service_iam_binding) (resource)

- [google_cloud_run_v2_service_iam_member.run_admin](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service_iam_member) (resource)

- [google_service_account.cloud_run_service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) (resource)

- [google_service_account_iam_member.service_account_user](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_iam_member) (resource)

- [google_project.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) (data source)

- [google_service_account.cloud_run_service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/service_account) (data source)