Skip to content

Commit 7b17e9c

Browse files
Adam-D-LewisAdam-D-Lewis
committed
fix
1 parent 6c466f4 commit 7b17e9c

2 files changed

Lines changed: 2 additions & 14 deletions

File tree

README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,6 @@ No modules.
169169
| [google_cloud_run_domain_mapping.main_app](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_domain_mapping) | resource |
170170
| [google_cloud_run_service.main_app](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_service) | resource |
171171
| [google_cloud_run_service_iam_member.main_app_public](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_service_iam_member) | resource |
172-
| [google_cloud_run_service_iam_member.main_app_subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_service_iam_member) | resource |
173172
| [google_compute_firewall.allow_health_checks](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource |
174173
| [google_compute_firewall.allow_internal](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource |
175174
| [google_compute_global_address.private_ip_address](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_global_address) | resource |

cloud-run.tf

Lines changed: 2 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ resource "google_cloud_run_service" "main_app" {
1313
"run.googleapis.com/execution-environment" = "gen2"
1414
# CPU allocation
1515
"run.googleapis.com/cpu-throttling" = "false",
16+
# Ingress control - internal only when public access is disabled
17+
"run.googleapis.com/ingress" = var.app_enable_public_access ? "all" : "internal"
1618
# Direct VPC Egress
1719
"run.googleapis.com/network-interfaces" = jsonencode([{
1820
"network" = google_compute_network.main.id
@@ -249,20 +251,7 @@ resource "google_cloud_run_service_iam_member" "main_app_public" {
249251
member = "allUsers"
250252
}
251253

252-
# IAM policy to allow subnet access
253-
resource "google_cloud_run_service_iam_member" "main_app_subnet" {
254-
location = google_cloud_run_service.main_app.location
255-
project = google_cloud_run_service.main_app.project
256-
service = google_cloud_run_service.main_app.name
257-
role = "roles/run.invoker"
258-
member = "allUsers"
259254

260-
condition {
261-
title = "Subnet access"
262-
description = "Allow access from the private subnet"
263-
expression = "inIpRange(origin.ip, \"${var.private_subnet_cidr}\")"
264-
}
265-
}
266255

267256
# Domain mapping for the hrafnar application (if Cloudflare DNS is enabled)
268257
# Domain mapping for the application

0 commit comments

Comments
 (0)