terradart_google

Curated GCP factory wrappers for terradart. 70 curated resource factories + 1 data source, each shipping with typed Dart enums for fixed-value-set fields, typed helper classes for every nested block, and golden-tested deterministic codegen.

Resources

BigQuery (4)

GoogleBigqueryDataset (8-variant sealed Access hierarchy), GoogleBigqueryTable, GoogleBigqueryDatasetIamMember, GoogleBigqueryTableIamMember.

Cloud Functions (2)

GoogleCloudfunctions2Function (Gen 2; typed BuildConfig, ServiceConfig, EventTrigger), GoogleCloudfunctions2FunctionIamMember.

Cloud Run v2 (4)

GoogleCloudRunV2Service (sealed EnvVarSource, sealed VolumeSource; typed Ingress, LaunchStage, Template, ServiceContainer, etc.), GoogleCloudRunV2Job, GoogleCloudRunV2ServiceIamMember, GoogleCloudRunV2JobIamMember.

Cloud Scheduler (1)

GoogleCloudSchedulerJob (Pub/Sub / HTTP / AppEngine targets).

Cloud SQL (3)

GoogleSqlDatabaseInstance (typed DatabaseVersion, SqlActivationPolicy, IpConfiguration, BackupConfiguration, InsightsConfig), GoogleSqlDatabase, GoogleSqlUser.

Cloud Tasks (2)

GoogleCloudTasksQueue (typed RateLimits, RetryConfig, QueueHttpTarget), GoogleCloudTasksQueueIamMember.

Compute (9)

GoogleComputeNetwork, GoogleComputeAddress, GoogleComputeSubnetwork, GoogleComputeFirewall, GoogleComputeInstance (typed BootDisk, NetworkInterface, Scheduling, etc.), GoogleComputeGlobalAddress, GoogleComputeInstanceIamMember, GoogleComputeDiskIamMember, GoogleComputeSubnetworkIamMember.

DNS (2)

GoogleDnsManagedZone (typed DnsZoneVisibility, DnssecState; helpers for private visibility / DNSSEC / peering / forwarding), GoogleDnsManagedZoneIamMember.

Firebase App Check (7)

GoogleFirebaseAppCheckRecaptchaEnterpriseConfig, GoogleFirebaseAppCheckPlayIntegrityConfig, GoogleFirebaseAppCheckAppAttestConfig, GoogleFirebaseAppCheckDeviceCheckConfig, GoogleFirebaseAppCheckServiceConfig (shared AppCheckEnforcementMode enum), GoogleFirebaseAppCheckDebugToken, GoogleFirebaseAppCheckResourcePolicy.

Firebase App Hosting (5)

GoogleFirebaseAppHostingBackend, GoogleFirebaseAppHostingBuild, GoogleFirebaseAppHostingDefaultDomain, GoogleFirebaseAppHostingDomain, GoogleFirebaseAppHostingTraffic.

Firebase Data Connect (1)

GoogleFirebaseDataConnectService.

Firebase Remote Config (1)

GoogleFirebaseRemoteConfigRemoteConfig.

Firestore (5)

GoogleFirestoreDatabase, GoogleFirestoreField, GoogleFirestoreIndex, GoogleFirestoreBackupSchedule, GoogleFirestoreUserCreds.

IAM (6)

GoogleServiceAccount (pre-formatted member ref), GoogleProjectIamMember, GoogleProjectIamCustomRole (typed CustomRoleStage), GoogleServiceAccountIamMember, GoogleServiceAccountKey (typed KeyAlgorithm, PrivateKeyType; private_key masked at synth time), GoogleIamWorkloadIdentityPool (typed WorkloadIdentityPoolMode).

KMS (4)

GoogleKmsKeyRing, GoogleKmsCryptoKey (typed KmsKeyPurpose, KmsProtectionLevel, VersionTemplate), GoogleKmsCryptoKeyIamMember, GoogleKmsKeyRingIamMember.

Logging (1)

GoogleLoggingProjectSink (typed BigqueryOptions, LogSinkExclusion).

Monitoring (1)

GoogleMonitoringAlertPolicy (typed Comparison, Aligner 19 variants, Reducer 14 variants; AlertCondition covering 6 mutually-exclusive condition variants).

Project enablement (1)

GoogleProjectService.

Pub/Sub (4)

GooglePubsubTopic, GooglePubsubSubscription (typed PushConfig, BigQueryConfig, CloudStorageConfig, DeadLetterPolicy, RetryPolicy), GooglePubsubTopicIamMember, GooglePubsubSubscriptionIamMember.

Secret Manager (3)

GoogleSecretManagerSecret (sealed Replication for auto / userManaged variants), GoogleSecretManagerSecretVersion (write-only secret_data_wo), GoogleSecretManagerSecretIamMember.

Service Networking (1)

GoogleServiceNetworkingConnection.

Cloud Storage (3)

GoogleStorageBucket (typed BucketStorageClass, LifecycleRule, Versioning, RetentionPolicy, etc.), GoogleStorageBucketObject (sealed BucketObjectContent for source / content exactly-one-of), GoogleStorageBucketIamMember.

Data sources (1)

GoogleProject (project number lookup).

How resources are built

The factory wrappers under lib/src/<service>/ are emitted by terradart wrap from curated overrides under terradart_codegen. They are committed to the package so consumers can depend on terradart_google directly without running any codegen themselves.

CI verifies determinism via terradart wrap --check: all 71 emitted files (70 resource wrappers + 1 data source) must stay byte-identical across PRs.

For any other google_* / google-beta_* resource that isn't in the catalog above, run terradart codegen against your provider schema dump and emit bindings into your own lib/generated/ rather than depending on this package.

For the runtime side (Stack, Resource, StackSynth.synth), see terradart_core. For project-level documentation, see the terradart repo README.

Installation

dependencies:
  terradart_core: ^0.1.0-dev
  terradart_google: ^0.1.0-dev

terradart is a SemVer pre-release; explicit ^0.1.0-dev constraints are required because dart pub get skips pre-releases by default.

Usage example

import 'package:terradart_core/terradart_core.dart';
import 'package:terradart_google/provider.dart';
import 'package:terradart_google/storage.dart';

class AssetsStack extends Stack {
  AssetsStack({required String projectId})
      : super(providers: [
          GoogleProvider(project: projectId, region: 'asia-northeast1'),
        ]) {
    add(
      GoogleStorageBucket(
        localName: 'assets',
        name: TfArg.literal('my-app-assets-prod'),
        location: TfArg.literal('ASIA-NORTHEAST1'),
        storageClass: TfArg.literal(BucketStorageClass.standard), // typed enum
        versioning: const Versioning(enabled: true),              // typed helper
        lifecycleRule: const [
          LifecycleRule(
            action: LifecycleAction(
              type: LifecycleActionType.setStorageClass,
              storageClass: BucketStorageClass.archive,
            ),
            condition: LifecycleCondition(age: 365),
          ),
        ],
      ),
    );
  }
}

See the 20 runnable quickstart projects under examples/ for end-to-end usage of every service.

Libraries

artifact_registry: Artifact Registry: container / package repository, per-repository IAM.
bigquery: BigQuery datasets, tables, jobs, routines, transfers, reservations, capacity commitments, external connections, and per-resource IAM bindings.
cloud_build: Cloud Build CI/CD: trigger, private worker pool, v2 SCM connection + repository.
cloud_functions: Cloud Functions Gen 2 — serverless function execution with build + deploy from source.
cloud_run: Cloud Run v2 services + jobs.
cloud_scheduler: Cloud Scheduler cron jobs.
cloud_sql: Cloud SQL — managed relational databases (MySQL / PostgreSQL / SQL Server).
cloud_tasks: Cloud Tasks queues + per-queue IAM bindings.
compute: Compute Engine resources: instances, addresses, firewalls, networks, subnetworks.
data: Read-only data sources (no terraform apply side effects).
dns: Cloud DNS managed zones (public, private, peering, forwarding).
eventarc: Eventarc triggers — fan out Google Cloud events (Storage object writes, Pub/Sub publishes, Audit Log entries, etc.) to Cloud Run services, Cloud Run functions, Workflows, GKE pods, or arbitrary HTTP endpoints.
firebase_app_check: Firebase App Check — request attestation for Firebase services (reCAPTCHA Enterprise / Play Integrity / App Attest / Device Check providers + service-level enforcement + debug tokens + resource policies).
firebase_app_hosting: Firebase App Hosting — Cloud Run-backed successor to classic Firebase Hosting. Backends, build artifacts, custom domains, traffic split.
firebase_data_connect: Firebase Data Connect — serverless GraphQL backend backed by Cloud SQL.
firebase_remote_config: Firebase Remote Config — project-level dynamic configuration templates (parameters + parameter groups + conditions).
firestore: Cloud Firestore — Native and Datastore mode databases + composite index management.
iam: IAM service accounts + Workload Identity Federation pools. Per-resource IAM members live alongside their owning service barrel (e.g. pubsub.dart exports GooglePubsubTopicIamMember).
kms: Cloud KMS key rings and crypto keys.
logging: Cloud Logging: log-based metrics and sinks routed to BigQuery / Pub/Sub / Storage / Logging-bucket destinations.
monitoring: Cloud Monitoring: alert policies, notification channels, uptime probes, dashboards, custom metric descriptors, and SLO service objects.
project: Project services (enabling individual GCP APIs on a project).
provider: Provider block factory and version constants for hashicorp/google.
pubsub: Pub/Sub topics, subscriptions, schemas, and per-resource IAM bindings.
secret_manager: Secret Manager secrets, versions, and per-secret IAM bindings.
service_networking: Service Networking — VPC peering between user networks and Google service VPCs. Required for Cloud SQL private-IP and similar private-services integrations.
storage: Cloud Storage buckets, bucket objects, and Pub/Sub object-change notifications.
terradart_google: terradart_google — curated GCP factory wrappers for terradart.