hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.37k stars 1.75k forks source link

Add Example Usage for public Cloud Run service #13417

Open steren opened 1 year ago

steren commented 1 year ago

it is extremely common to make Cloud Run services public, i.e. to allow any identity to invoke the service (give allUsers the IAM invoker role)

I suggest adding to the docs this usage example just below Example Usage - Cloudrunv2 Service Basic

provider "google" {
    project = "my-project"
}

resource "google_cloud_run_v2_service" "default" {
  name     = "cloudrun-service"
  location = "us-central1"
  ingress = "INGRESS_TRAFFIC_ALL"

  template {
    containers {
      image = "us-docker.pkg.dev/cloudrun/container/hello"
    }
  }
}

 data "google_iam_policy" "noauth" {
   binding {
     role = "roles/run.invoker"
     members = ["allUsers"]
   }
 }

 resource "google_cloud_run_service_iam_policy" "noauth" {
   location    = google_cloud_run_v2_service.default.location
   project     = google_cloud_run_v2_service.default.project
   service     = google_cloud_run_v2_service.default.name

   policy_data = data.google_iam_policy.noauth.policy_data
 }
cstanger commented 1 week ago

@rileykarson I agree that this is important to add - and this issue is very old. How can i support moving foward? I'm not allowed to give reviews