cloud_run library

Cloud Run v2 services + jobs.

Classes

BinaryAuthorization
binary_authorization block. Enforces Binary Authorization on the service. Set useDefault OR policy (the two conflict at the provider level). breakglassJustification only takes effect when a policy denies admission and the deployer wants to override it.
CloudSqlVolume
Cloud SQL backed volume. Mount path conventionally /cloudsql (or empty — the provider auto-mounts at /cloudsql/<instance>).
ContainerPort
Container port (ports). Cloud Run v2 supports exactly one port per container.
ContainerResources
Container resource block (resources). The provider accepts CPU values in '1', '2', '4', '6', '8'; memory in '512Mi', '1Gi', etc.; GPU in '1' (only one nvidia.com/gpu supported).
EmptyDirVolume
Ephemeral shared volume (empty_dir). Lives only as long as the revision instance.
EnvVar
One env var. Set source to inject a value (literal or secret-ref). When source is null the variable is emitted with an empty literal (the schema's documented default — provider suppresses the diff).
EnvVarFromLiteral
Literal env var value (env.value).
EnvVarFromSecret
Secret-Manager backed env var (env.value_source.secret_key_ref). Pass the secret name (short form {secret} when in the same project, or full projects/{p}/secrets/{s} path otherwise) and the version.
EnvVarSource
Sealed dispatch for one EnvVar.source. Models the value / value_source.secret_key_ref exactly_one_of constraint at the type level.
GcsVolume
GCSFuse-backed volume (gcs). Only supported in gen2 execution environment.
GoogleCloudRunV2Job
Factory wrapper for google_cloud_run_v2_job (provider hashicorp/google ~> 7.0).
GoogleCloudRunV2JobIamMember
Factory wrapper for google_cloud_run_v2_job_iam_member.
GoogleCloudRunV2Service
Factory wrapper for google_cloud_run_v2_service (provider hashicorp/google ~> 7.0).
GoogleCloudRunV2ServiceIamMember
Factory wrapper for google_cloud_run_v2_service_iam_member.
HttpGetAction
http_get probe action.
HttpHeader
One http_headers entry under HttpGetAction.httpHeaders.
JobBinaryAuthorization
binary_authorization block. Enforces Binary Authorization on the Job. Set useDefault OR policy (the two conflict at the provider level). breakglassJustification only takes effect when a policy denies admission and the deployer wants to override it.
JobCloudSqlVolume
Cloud SQL-backed volume.
JobContainer
One entry in template.template.containers. At minimum supply image.
JobContainerPort
Container port (ports). Cloud Run v2 supports exactly one port per container.
JobContainerResources
Container resource block (resources). Same shape as the Service-side ContainerResources but excludes Service-only cold-start knobs (cpu_idle, startup_cpu_boost) — Jobs run to completion so neither applies.
JobEmptyDirVolume
Ephemeral shared volume (empty_dir).
JobEnvVar
One env var. Set source to inject a value (literal or secret-ref).
JobEnvVarFromLiteral
Literal env var value (env.value).
JobEnvVarFromSecret
Secret-Manager backed env var (env.value_source.secret_key_ref). Both secret and version are required by the Cloud Run v2 Job schema.
JobEnvVarSource
Sealed dispatch for one JobEnvVar.source. Models the value / value_source.secret_key_ref exactly_one_of constraint at the type level.
JobGcsVolume
GCSFuse-backed volume.
JobHttpGetAction
http_get probe action.
JobHttpHeader
One http_headers entry.
JobNfsVolume
NFS-mounted volume.
JobNodeSelector
GPU accelerator selector (template.template.node_selector).
JobSecretVolumeItem
One entry under JobVolumeSecret.items. Both path and version are required by the Cloud Run v2 Job schema.
JobStartupProbe
startup_probe block. Gates the Task Ready signal during cold start. Pick exactly one of httpGet / tcpSocket / grpc.
JobTcpSocketAction
tcp_socket probe action.
JobTemplate
Outer template block. Holds Job-level scheduling knobs (parallelism, taskCount) and wraps the inner per-Task template (template, a TaskTemplate).
JobVolume
One entry in template.template.volumes. Pick exactly one source (sealed JobVolumeSource).
JobVolumeMount
Volume mount entry.
JobVolumeSecret
Secret Manager-backed volume.
JobVolumeSource
Sealed dispatch for JobVolume.source.
JobVpcAccess
template.template.vpc_access block. Either pin a Serverless VPC Access connector (connector) OR use direct VPC egress (networkInterfaces) — the two conflict at the provider level.
JobVpcNetworkInterface
One direct-VPC-egress interface under JobVpcAccess.networkInterfaces.
LivenessProbe
liveness_probe block. Restarts the container on failure. Same shape as StartupProbe but uses liveness semantics (probe is gated AFTER startup).
NfsVolume
NFS-mounted volume (nfs). Both server and path are required.
NodeSelector
GPU accelerator selector (template.node_selector). Required for GPU-tier revisions.
SecretVolumeItem
One entry under VolumeSecret.items.
ServiceContainer
One entry in template.containers. At minimum supply image. Use name to disambiguate when running multiple containers (sidecars).
ServiceScaling
Service-level scaling block (top-level on the service, not the template). Use this to pin manual instance count for the whole service. The revision-level TemplateScaling block lives under Template.scaling.
ServiceVolume
One entry in template.volumes. The volume's name is referenced from VolumeMount.name inside any ServiceContainer.volumeMounts. Pick exactly one source (sealed VolumeSource).
StartupProbe
startup_probe block. Gates the container Ready signal during cold start. Pick exactly one of httpGet / tcpSocket / grpc.
TaskTemplate
Inner template.template block — the per-Task template. Holds at least one JobContainer plus optional VPC access, volumes, retries, timeout.
TcpSocketAction
tcp_socket probe action.
Template
template block — the revision template. Required on every Cloud Run v2 service. Holds at least one ServiceContainer plus optional scaling, VPC access, volumes, etc.
TemplateScaling
Revision-level scaling block (template.scaling). Sets the floor and ceiling on serving instances for THIS revision. Service-level ServiceScaling applies across revisions.
Traffic
One traffic entry. Splits traffic across revisions. Default (when the list is omitted) is 100% to the latest Ready revision.
VolumeMount
Volume mount entry. name must match a ServiceVolume.name under Template.volumes.
VolumeSecret
Secret Manager-backed volume. Files appear under <mountPath>/<items[].path>, or under <mountPath>/<secretName> when items is empty.
VolumeSource
Sealed dispatch for ServiceVolume.source. Each subclass encodes its own Terraform key (secret, cloud_sql_instance, empty_dir, gcs, nfs).
VpcAccess
template.vpc_access block. Either pin a Serverless VPC Access connector (connector) OR use direct VPC egress (networkInterfaces) — the two conflict at the provider level.
VpcNetworkInterface
One direct-VPC-egress interface under VpcAccess.networkInterfaces. At least one of network or subnetwork must be specified.

Enums

EmptyDirMedium
Storage medium for EmptyDirVolume.medium. The schema only documents MEMORY for v2 services; encoded as an enum for type-safety and to keep the door open for DISK (MM lists it but the provider rejects it today).
ExecutionEnvironment
Container sandbox environment for Template.executionEnvironment. gen2 enables GCSFuse volumes + larger CPU/memory tiers; gen1 keeps the legacy gVisor sandbox.
Ingress
Ingress restriction for google_cloud_run_v2_service.ingress. Controls which clients can reach the service URL. all is the default; the two internal* modes require Direct VPC egress or a load balancer in front.
JobEmptyDirMedium
Storage medium for JobEmptyDirVolume.medium. The Cloud Run v2 Job schema documents MEMORY; DISK is reserved per the Magic-Modules mirror but rejected by the provider today.
JobExecutionEnvironment
Container sandbox environment for TaskTemplate.executionEnvironment. gen2 enables larger CPU tiers + GCSFuse volumes; gen1 keeps the legacy gVisor sandbox.
JobLaunchStage
Launch stage for google_cloud_run_v2_job.launch_stage. Setting a pre-GA stage on input allows preview features in that stage; on read the field reflects the highest preview level actually used.
JobVpcAccessEgress
Egress policy for JobVpcAccess.egress (template.template.vpc_access.egress).
LaunchStage
Launch stage for google_cloud_run_v2_service.launch_stage. Setting a pre-GA stage on input allows preview features in that stage; on read the field reflects the highest preview level actually used.
ScalingMode
Scaling mode shared by service-level ServiceScaling and (when applicable) other Cloud Run v2 scaling blocks. automatic lets the runtime pick instance count from min/max bounds; manual pins to a fixed ServiceScaling.manualInstanceCount.
TrafficTargetAllocationType
Allocation type for one Traffic split. latest always points at the newest Ready revision (so revision MUST be omitted); revision pins to the Traffic.revision name.
VpcAccessEgress
Egress policy for VpcAccess.egress (template.vpc_access.egress). allTraffic routes every outbound request through the connector or network interface; privateRangesOnly keeps RFC1918 + Google APIs inside the VPC and bypasses it for the public internet.