cloud_run library

Cloud Run v2 services + jobs.

Classes

CloudRunV2JobBinaryAuthorization
binary_authorization block. Enforces Binary Authorization on the Job. Set useDefault OR policy (the two conflict at the provider level). breakglassJustification only takes effect when a policy denies admission and the deployer wants to override it.
CloudRunV2JobCloudSqlVolume
Cloud SQL-backed volume.
CloudRunV2JobContainer
One entry in template.template.containers. At minimum supply image.
CloudRunV2JobContainerPort
Container port (ports). Cloud Run v2 supports exactly one port per container.
CloudRunV2JobContainerResources
Container resource block (resources). Same shape as the Service-side ContainerResources but excludes Service-only cold-start knobs (cpu_idle, startup_cpu_boost) — Jobs run to completion so neither applies.
CloudRunV2JobEmptyDirVolume
Ephemeral shared volume (empty_dir).
CloudRunV2JobEnvVar
One env var. Set source to inject a value (literal or secret-ref).
CloudRunV2JobEnvVarFromLiteral
Literal env var value (env.value).
CloudRunV2JobEnvVarFromSecret
Secret-Manager backed env var (env.value_source.secret_key_ref). Both secret and version are required by the Cloud Run v2 Job schema.
CloudRunV2JobEnvVarSource
Sealed dispatch for one CloudRunV2JobEnvVar.source. Models the value / value_source.secret_key_ref exactly_one_of constraint at the type level.
CloudRunV2JobGcsVolume
GCSFuse-backed volume.
CloudRunV2JobHttpGetAction
http_get probe action.
CloudRunV2JobHttpHeader
One http_headers entry.
CloudRunV2JobNfsVolume
NFS-mounted volume.
CloudRunV2JobNodeSelector
GPU accelerator selector (template.template.node_selector).
CloudRunV2JobSecretVolumeItem
One entry under CloudRunV2JobVolumeSecret.items. Both path and version are required by the Cloud Run v2 Job schema.
CloudRunV2JobStartupProbe
startup_probe block. Gates the Task Ready signal during cold start. Pick exactly one of httpGet / tcpSocket / grpc.
CloudRunV2JobTaskTemplate
Inner template.template block — the per-Task template. Holds at least one CloudRunV2JobContainer plus optional VPC access, volumes, retries, timeout.
CloudRunV2JobTcpSocketAction
tcp_socket probe action.
CloudRunV2JobTemplate
Outer template block. Holds Job-level scheduling knobs (parallelism, taskCount) and wraps the inner per-Task template (template, a CloudRunV2JobTaskTemplate).
CloudRunV2JobVolume
One entry in template.template.volumes. Pick exactly one source (sealed CloudRunV2JobVolumeSource).
CloudRunV2JobVolumeMount
Volume mount entry.
CloudRunV2JobVolumeSecret
Secret Manager-backed volume.
CloudRunV2JobVolumeSource
Sealed dispatch for CloudRunV2JobVolume.source.
CloudRunV2JobVpcAccess
template.template.vpc_access block. Either pin a Serverless VPC Access connector (connector) OR use direct VPC egress (networkInterfaces) — the two conflict at the provider level.
CloudRunV2JobVpcNetworkInterface
One direct-VPC-egress interface under CloudRunV2JobVpcAccess.networkInterfaces.
CloudRunV2ServiceBinaryAuthorization
binary_authorization block. Enforces Binary Authorization on the service. Set useDefault OR policy (the two conflict at the provider level). breakglassJustification only takes effect when a policy denies admission and the deployer wants to override it.
CloudRunV2ServiceCloudSqlVolume
Cloud SQL backed volume. Mount path conventionally /cloudsql (or empty — the provider auto-mounts at /cloudsql/<instance>).
CloudRunV2ServiceContainerPort
Container port (ports). Cloud Run v2 supports exactly one port per container.
CloudRunV2ServiceContainerResources
Container resource block (resources). The provider accepts CPU values in '1', '2', '4', '6', '8'; memory in '512Mi', '1Gi', etc.; GPU in '1' (only one nvidia.com/gpu supported).
CloudRunV2ServiceEmptyDirVolume
Ephemeral shared volume (empty_dir). Lives only as long as the revision instance.
CloudRunV2ServiceEnvVar
One env var. Set source to inject a value (literal or secret-ref). When source is null the variable is emitted with an empty literal (the schema's documented default — provider suppresses the diff).
CloudRunV2ServiceEnvVarFromLiteral
Literal env var value (env.value).
CloudRunV2ServiceEnvVarFromSecret
Secret-Manager backed env var (env.value_source.secret_key_ref). Pass the secret name (short form {secret} when in the same project, or full projects/{p}/secrets/{s} path otherwise) and the version.
CloudRunV2ServiceEnvVarSource
Sealed dispatch for one CloudRunV2ServiceEnvVar.source. Models the value / value_source.secret_key_ref exactly_one_of constraint at the type level.
CloudRunV2ServiceGcsVolume
GCSFuse-backed volume (gcs). Only supported in gen2 execution environment.
CloudRunV2ServiceHttpGetAction
http_get probe action.
CloudRunV2ServiceHttpHeader
One http_headers entry under CloudRunV2ServiceHttpGetAction.httpHeaders.
CloudRunV2ServiceLivenessProbe
liveness_probe block. Restarts the container on failure. Same shape as CloudRunV2ServiceStartupProbe but uses liveness semantics (probe is gated AFTER startup).
CloudRunV2ServiceNfsVolume
NFS-mounted volume (nfs). Both server and path are required.
CloudRunV2ServiceNodeSelector
GPU accelerator selector (template.node_selector). Required for GPU-tier revisions.
CloudRunV2ServiceSecretVolumeItem
One entry under CloudRunV2ServiceVolumeSecret.items.
CloudRunV2ServiceServiceContainer
One entry in template.containers. At minimum supply image. Use name to disambiguate when running multiple containers (sidecars).
CloudRunV2ServiceServiceScaling
Service-level scaling block (top-level on the service, not the template). Use this to pin manual instance count for the whole service. The revision-level CloudRunV2ServiceTemplateScaling block lives under CloudRunV2ServiceTemplate.scaling.
CloudRunV2ServiceServiceVolume
One entry in template.volumes. The volume's name is referenced from CloudRunV2ServiceVolumeMount.name inside any CloudRunV2ServiceServiceContainer.volumeMounts. Pick exactly one source (sealed CloudRunV2ServiceVolumeSource).
CloudRunV2ServiceStartupProbe
startup_probe block. Gates the container Ready signal during cold start. Pick exactly one of httpGet / tcpSocket / grpc.
CloudRunV2ServiceTcpSocketAction
tcp_socket probe action.
CloudRunV2ServiceTemplate
template block — the revision template. Required on every Cloud Run v2 service. Holds at least one CloudRunV2ServiceServiceContainer plus optional scaling, VPC access, volumes, etc.
CloudRunV2ServiceTemplateScaling
Revision-level scaling block (template.scaling). Sets the floor and ceiling on serving instances for THIS revision. Service-level CloudRunV2ServiceServiceScaling applies across revisions.
CloudRunV2ServiceTraffic
One traffic entry. Splits traffic across revisions. Default (when the list is omitted) is 100% to the latest Ready revision.
CloudRunV2ServiceVolumeMount
Volume mount entry. name must match a CloudRunV2ServiceServiceVolume.name under CloudRunV2ServiceTemplate.volumes.
CloudRunV2ServiceVolumeSecret
Secret Manager-backed volume. Files appear under <mountPath>/<items[].path>, or under <mountPath>/<secretName> when items is empty.
CloudRunV2ServiceVolumeSource
Sealed dispatch for CloudRunV2ServiceServiceVolume.source. Each subclass encodes its own Terraform key (secret, cloud_sql_instance, empty_dir, gcs, nfs).
CloudRunV2ServiceVpcAccess
template.vpc_access block. Either pin a Serverless VPC Access connector (connector) OR use direct VPC egress (networkInterfaces) — the two conflict at the provider level.
CloudRunV2ServiceVpcNetworkInterface
One direct-VPC-egress interface under CloudRunV2ServiceVpcAccess.networkInterfaces. At least one of network or subnetwork must be specified.
GoogleCloudRunV2Job
Factory wrapper for google_cloud_run_v2_job (provider hashicorp/google ~> 7.0).
GoogleCloudRunV2JobIamMember
Factory wrapper for google_cloud_run_v2_job_iam_member.
GoogleCloudRunV2Service
Factory wrapper for google_cloud_run_v2_service (provider hashicorp/google ~> 7.0).
GoogleCloudRunV2ServiceIamMember
Factory wrapper for google_cloud_run_v2_service_iam_member.

Enums

CloudRunV2JobEmptyDirMedium
Storage medium for CloudRunV2JobEmptyDirVolume.medium. The Cloud Run v2 Job schema documents MEMORY; DISK is reserved per the Magic-Modules mirror but rejected by the provider today.
CloudRunV2JobExecutionEnvironment
Container sandbox environment for CloudRunV2JobTaskTemplate.executionEnvironment. gen2 enables larger CPU tiers + GCSFuse volumes; gen1 keeps the legacy gVisor sandbox.
CloudRunV2JobLaunchStage
Launch stage for google_cloud_run_v2_job.launch_stage. Setting a pre-GA stage on input allows preview features in that stage; on read the field reflects the highest preview level actually used.
CloudRunV2JobVpcAccessEgress
Egress policy for CloudRunV2JobVpcAccess.egress (template.template.vpc_access.egress).
EmptyDirMedium
Storage medium for CloudRunV2ServiceEmptyDirVolume.medium. The schema only documents MEMORY for v2 services; encoded as an enum for type-safety and to keep the door open for DISK (MM lists it but the provider rejects it today).
ExecutionEnvironment
Container sandbox environment for CloudRunV2ServiceTemplate.executionEnvironment. gen2 enables GCSFuse volumes + larger CPU/memory tiers; gen1 keeps the legacy gVisor sandbox.
Ingress
Ingress restriction for google_cloud_run_v2_service.ingress. Controls which clients can reach the service URL. all is the default; the two internal* modes require Direct VPC egress or a load balancer in front.
LaunchStage
Launch stage for google_cloud_run_v2_service.launch_stage. Setting a pre-GA stage on input allows preview features in that stage; on read the field reflects the highest preview level actually used.
ScalingMode
Scaling mode shared by service-level CloudRunV2ServiceServiceScaling and (when applicable) other Cloud Run v2 scaling blocks. automatic lets the runtime pick instance count from min/max bounds; manual pins to a fixed CloudRunV2ServiceServiceScaling.manualInstanceCount.
TrafficTargetAllocationType
Allocation type for one CloudRunV2ServiceTraffic split. latest always points at the newest Ready revision (so revision MUST be omitted); revision pins to the CloudRunV2ServiceTraffic.revision name.
VpcAccessEgress
Egress policy for CloudRunV2ServiceVpcAccess.egress (template.vpc_access.egress). allTraffic routes every outbound request through the connector or network interface; privateRangesOnly keeps RFC1918 + Google APIs inside the VPC and bypasses it for the public internet.