app/gcp/cloudrun
This contract is shared by the Cloud Run Service and Cloud Run Job app modules. Outputs marked [service only] are populated by service modules; [job only] outputs are populated by job modules.
project_id - string
The GCP Project ID hosting this Cloud Run resource.
region - string
The GCP region where this Cloud Run resource is hosted.
service_id - string [service only]
The ID of the Cloud Run service.
Format: projects/[project-id]/locations/[region]/services/[service-name]
service_name - string [optional]
The name of the Cloud Run service.
This value is blank for job apps that do not provision a service. This is used to create an app in Nullstone as a task that can be executed on-demand.
service_uri - string [service only]
The auto-assigned URL of the Cloud Run service (e.g. https://[service-name]-[hash]-[region].run.app). Reachability depends on the service's ingress setting.
job_id - string [job only]
The ID of the Cloud Run job.
Format: projects/[project-id]/locations/[region]/jobs/[job-name]
job_name - string [job only]
The name of the Cloud Run job.
image_repo_url - string
The image repository URL where the service pulls its images.
Format: [region]-docker.pkg.dev/[project-id]/[repository-name]/[app-name]
image_pusher - object
A GCP service account that the Nullstone agent impersonates to push images to the image repository.
Format
value = {
project_id = var.project_id
email = google_service_account.image_pusher.email
id = google_service_account.image_pusher.id
impersonate = true
}Required IAM permissions
[artifact-registry-repo]
roles/artifactregistry.writer
roles/artifactregistry.reader
[image-pusher-sa]
roles/iam.serviceAccountTokenCreator # granted to the Nullstone agentmain_container_name - string
The name of the container definition for the primary container.
A Cloud Run service or job can contain one or many container definitions; main_container_name identifies the primary container. This is used by the Nullstone CLI to upgrade the image tag when deploying new versions.
deployer - object
A GCP service account that the Nullstone agent impersonates to deploy new revisions of the Cloud Run resource.
Format
value = {
project_id = var.project_id
email = google_service_account.deployer.email
id = google_service_account.deployer.id
impersonate = true
}Required IAM permissions
[project]
roles/run.developer
roles/run.invoker
roles/monitoring.viewer
[app-runtime-sa]
roles/iam.serviceAccountUser
[artifact-registry-repo]
roles/artifactregistry.reader
[deployer-sa]
roles/iam.serviceAccountTokenCreator # granted to the Nullstone agentlog_provider - string
The name of the log provider.
For Cloud Run, this is cloudlogging.
log_filter - string
A Cloud Logging filter used to scope log entries to this Cloud Run resource.
For services: resource.type="cloud_run_revision" AND resource.labels.service_name="[service-name]"
For jobs: resource.type="cloud_run_job" AND resource.labels.job_name="[job-name]"
log_reader - object
A GCP service account that the Nullstone agent impersonates to read application logs.
Format
value = {
project_id = var.project_id
email = google_service_account.log_reader.email
id = google_service_account.log_reader.id
impersonate = true
}Required IAM permissions
[project]
roles/logging.viewer
[log-reader-sa]
roles/iam.serviceAccountTokenCreator # granted to the Nullstone agentmetrics_provider - string
The name of the metrics provider.
For Cloud Run, this is cloudmonitoring.
metrics_reader - object
A GCP service account that the Nullstone agent impersonates to read application metrics. This is aliased to the deployer SA, which already holds roles/monitoring.viewer.
Format
value = {
project_id = var.project_id
email = google_service_account.deployer.email
impersonate = true
}metrics_mappings - string
A JSON-encoded mapping of metric definitions used to render app metrics in the Nullstone UI.
private_urls - list(string)
A list of URLs only accessible inside the network.
public_urls - list(string)
A list of URLs accessible to the public.