1/**
2 * Copyright 2022 Google LLC
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17```hcl
18resource "google_cloud_run_v2_service" "default" {
19 name = "cloudrun-service"
20 location = "us-central1"
21 ingress = "INGRESS_TRAFFIC_ALL"
22
23 template {
24 volumes {
25 name = "a-volume"
26 secret {
27 secret = google_secret_manager_secret.secret.secret_id
28 default_mode = 292 # 0444
29 items {
30 version = "1"
31 path = "my-secret"
32 mode = 256 # 0400
33 }
34 }
35 }
36 containers {
37 image = "us-docker.pkg.dev/cloudrun/container/hello"
38 volume_mounts {
39 name = "a-volume"
40 mount_path = "/secrets"
41 }
42 }
43 }
44 depends_on = [google_secret_manager_secret_version.secret-version-data]
45}
46
47data "google_project" "project" {
48}
49
50resource "google_secret_manager_secret" "secret" {
51 secret_id = "secret-1"
52 replication {
53 automatic = true
54 }
55}
56
57resource "google_secret_manager_secret_version" "secret-version-data" {
58 secret = google_secret_manager_secret.secret.name
59 secret_data = "secret-data"
60}
61
62resource "google_secret_manager_secret_iam_member" "secret-access" {
63 secret_id = google_secret_manager_secret.secret.id
64 role = "roles/secretmanager.secretAccessor"
65 member = "serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com"
66 depends_on = [google_secret_manager_secret.secret]
67}
68```
View as plain text