From 1e0521c98f516ba779d8c4bed8ce7aca161d1196 Mon Sep 17 00:00:00 2001 From: Alex Trull Date: Mon, 30 Jun 2025 12:53:20 +0200 Subject: [PATCH 1/2] fix[sidecars]: Permit optional ports for sidecars. --- modules/v2/main.tf | 15 ++++++++++++--- modules/v2/variables.tf | 4 ++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/modules/v2/main.tf b/modules/v2/main.tf index e94534e66..1a204f20e 100644 --- a/modules/v2/main.tf +++ b/modules/v2/main.tf @@ -158,11 +158,20 @@ resource "google_cloud_run_v2_service" "main" { args = containers.value.container_args working_dir = containers.value.working_dir depends_on = containers.value.depends_on_container + dynamic "ports" { - for_each = lookup(containers.value, "ports", {}) != {} ? [containers.value.ports] : [] + for_each = try( + ( + containers.value.ports != null && + containers.value.ports.container_port != null && + containers.value.ports.container_port > 0 && + containers.value.ports.container_port < 65536 + ) ? [containers.value.ports] : [], + [] + ) content { - name = ports.value["name"] - container_port = ports.value["container_port"] + name = try(ports.value.name, null) + container_port = ports.value.container_port } } diff --git a/modules/v2/variables.tf b/modules/v2/variables.tf index c62537e7f..e3a5fd27d 100644 --- a/modules/v2/variables.tf +++ b/modules/v2/variables.tf @@ -55,8 +55,8 @@ variable "containers" { mount_path = string })), []) ports = optional(object({ - name = optional(string, "http1") - container_port = optional(number, 8080) + name = optional(string) + container_port = optional(number) }), {}) resources = optional(object({ limits = optional(object({ From f1da4488489df883c667183d1aa818ab993d8a6f Mon Sep 17 00:00:00 2001 From: Brad Clark Date: Thu, 19 Mar 2026 17:50:26 -0400 Subject: [PATCH 2/2] run make generate_docs --- metadata.yaml | 10 +++++----- modules/v2/README.md | 2 +- modules/v2/metadata.yaml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/metadata.yaml b/metadata.yaml index afa0ebfb2..4d704b7cb 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2025 Google LLC +# Copyright 2026 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -323,13 +323,13 @@ spec: roles: - level: Project roles: - - roles/cloudkms.admin - - roles/resourcemanager.projectIamAdmin - roles/run.admin - roles/iam.serviceAccountAdmin - roles/artifactregistry.admin - roles/iam.serviceAccountUser - roles/serviceusage.serviceUsageViewer + - roles/cloudkms.admin + - roles/resourcemanager.projectIamAdmin services: - accesscontextmanager.googleapis.com - cloudbilling.googleapis.com @@ -344,6 +344,6 @@ spec: - storage-api.googleapis.com providerVersions: - source: hashicorp/google - version: ">= 6, < 7" + version: ">= 6, < 8" - source: hashicorp/google-beta - version: ">= 6, < 7" + version: ">= 6, < 8" diff --git a/modules/v2/README.md b/modules/v2/README.md index af8737fdb..0eecc43e2 100644 --- a/modules/v2/README.md +++ b/modules/v2/README.md @@ -53,7 +53,7 @@ Functional examples are included in the | binary\_authorization | Settings for the Binary Authorization feature. | 
object({
    breakglass_justification = optional(bool) # If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, [see](https://cloud.google.com/binary-authorization/docs/using-breakglass)
    use_default              = optional(bool) #If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.
  })
| `null` | no | | client | Arbitrary identifier for the API client and version identifier | 
object({
    name    = optional(string, null)
    version = optional(string, null)
  })
| `{}` | no | | cloud\_run\_deletion\_protection | This field prevents Terraform from destroying or recreating the Cloud Run jobs and services | `bool` | `true` | no | -| containers | Container images for the service | 
list(object({
    container_name       = optional(string, null)
    container_image      = string
    working_dir          = optional(string, null)
    depends_on_container = optional(list(string), null)
    container_args       = optional(list(string), null)
    container_command    = optional(list(string), null)
    env_vars             = optional(map(string), {})
    env_secret_vars = optional(map(object({
      secret  = string
      version = string
    })), {})
    volume_mounts = optional(list(object({
      name       = string
      mount_path = string
    })), [])
    ports = optional(object({
      name           = optional(string, "http1")
      container_port = optional(number, 8080)
    }), {})
    resources = optional(object({
      limits = optional(object({
        cpu        = optional(string)
        memory     = optional(string)
        nvidia_gpu = optional(string)
      }))
      cpu_idle          = optional(bool, true)
      startup_cpu_boost = optional(bool, false)
    }), {})
    startup_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), [])
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
    liveness_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), [])
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
  }))
| n/a | yes | +| containers | Container images for the service | 
list(object({
    container_name       = optional(string, null)
    container_image      = string
    working_dir          = optional(string, null)
    depends_on_container = optional(list(string), null)
    container_args       = optional(list(string), null)
    container_command    = optional(list(string), null)
    env_vars             = optional(map(string), {})
    env_secret_vars = optional(map(object({
      secret  = string
      version = string
    })), {})
    volume_mounts = optional(list(object({
      name       = string
      mount_path = string
    })), [])
    ports = optional(object({
      name           = optional(string)
      container_port = optional(number)
    }), {})
    resources = optional(object({
      limits = optional(object({
        cpu        = optional(string)
        memory     = optional(string)
        nvidia_gpu = optional(string)
      }))
      cpu_idle          = optional(bool, true)
      startup_cpu_boost = optional(bool, false)
    }), {})
    startup_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), [])
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
    liveness_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), [])
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
  }))
| n/a | yes | | create\_service\_account | Create a new service account for cloud run service | `bool` | `true` | no | | custom\_audiences | One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. [Refer](https://cloud.google.com/run/docs/configuring/custom-audiences) | `list(string)` | `null` | no | | description | Cloud Run service description. This field currently has a 512-character limit. | `string` | `null` | no | diff --git a/modules/v2/metadata.yaml b/modules/v2/metadata.yaml index 1128fbb16..39a7ac7a5 100644 --- a/modules/v2/metadata.yaml +++ b/modules/v2/metadata.yaml @@ -91,8 +91,8 @@ spec: mount_path = string })), []) ports = optional(object({ - name = optional(string, "http1") - container_port = optional(number, 8080) + name = optional(string) + container_port = optional(number) }), {}) resources = optional(object({ limits = optional(object({ @@ -662,6 +662,6 @@ spec: - storage-api.googleapis.com providerVersions: - source: hashicorp/google - version: ">= 6, < 7" + version: ">= 6, < 8" - source: hashicorp/google-beta - version: ">= 6, < 7" + version: ">= 6, < 8"