revert app_enable_public_access var and add missing cloudflare dependency on domain mapping

Author: Adam-D-Lewis

README.md

@@ -231,7 +231,6 @@ No modules.
 | <a name="input_app_command"></a> [app\_command](#input\_app\_command) | Command to run the container | `list(string)` | <pre>[<br/>  "hrafnar",<br/>  "serve"<br/>]</pre> | no |
 | <a name="input_app_config_files"></a> [app\_config\_files](#input\_app\_config\_files) | Configuration files to mount as volumes from Secret Manager. Key is the config name, value contains file content and mount path. | <pre>map(object({<br/>    content    = string # File content to store in Secret Manager<br/>    mount_path = string # Path where file will be mounted in container (e.g., "/etc/config/app.yaml")<br/>  }))</pre> | `{}` | no |
 | <a name="input_app_cpu"></a> [app\_cpu](#input\_app\_cpu) | CPU allocation for the hrafnar application | `string` | `"1000m"` | no |
-| <a name="input_app_enable_public_access"></a> [app\_enable\_public\_access](#input\_app\_enable\_public\_access) | Enable public access to the hrafnar application | `bool` | `true` | no |
 | <a name="input_app_env_vars"></a> [app\_env\_vars](#input\_app\_env\_vars) | Environment variables for the hrafnar application | `map(string)` | `{}` | no |
 | <a name="input_app_image"></a> [app\_image](#input\_app\_image) | Container image for the hrafnar application (without tag) | `string` | n/a | yes |
 | <a name="input_app_image_sha"></a> [app\_image\_sha](#input\_app\_image\_sha) | Container image SHA (takes precedence over tag if provided) | `string` | `""` | no |

cloud-run.tf

@@ -13,8 +13,6 @@ resource "google_cloud_run_service" "main_app" {
         "run.googleapis.com/execution-environment" = "gen2"
         # CPU allocation
         "run.googleapis.com/cpu-throttling" = "false",
-        # Ingress control - internal only when public access is disabled
-        "run.googleapis.com/ingress" = var.app_enable_public_access ? "all" : "internal"
         # Direct VPC Egress
         "run.googleapis.com/network-interfaces" = jsonencode([{
           "network"    = google_compute_network.main.id
@@ -243,7 +241,6 @@ resource "google_cloud_run_service" "main_app" {
 
 # IAM policy to allow public access to the hrafnar application
 resource "google_cloud_run_service_iam_member" "main_app_public" {
-  count    = var.app_enable_public_access ? 1 : 0
   location = google_cloud_run_service.main_app.location
   project  = google_cloud_run_service.main_app.project
   service  = google_cloud_run_service.main_app.name
@@ -270,5 +267,5 @@ resource "google_cloud_run_domain_mapping" "main_app" {
     route_name = google_cloud_run_service.main_app.name
   }
 
-  depends_on = [google_cloud_run_service.main_app]
+  depends_on = [google_cloud_run_service.main_app, cloudflare_dns_record.app]
 }

dns.tf

@@ -17,6 +17,4 @@ resource "cloudflare_dns_record" "app" {
   proxied = false # Must be DNS-only initially for domain mapping to work
 
   comment = "Managed by Terraform - Application endpoint for ${local.resource_prefix} hrafnar application"
-
-  depends_on = [google_cloud_run_domain_mapping.main_app]
 }

variables.tf

@@ -208,12 +208,6 @@ variable "app_port" {
   default     = 8080
 }
 
-variable "app_enable_public_access" {
-  description = "Enable public access to the hrafnar application"
-  type        = bool
-  default     = true
-}
-
 variable "app_command" {
   description = "Command to run the container"
   type        = list(string)