fix: Update vpc_access description and add display metadata for vpc_access fields (#335)

Author: q2w

Makefile

@@ -37,7 +37,7 @@ docker_test_lint:
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	docker run --rm -it \
-		-e ENABLE_BPMETADATA \
+		-e ENABLE_BPMETADATA=1 \
 		-v $(CURDIR):/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'

modules/v2/README.md

@@ -68,7 +68,7 @@ Functional examples are included in the
 | timeout | Max allowed time for an instance to respond to a request. A duration in seconds with up to nine fractional digits, ending with 's' | `string` | `null` | no |
 | traffic | Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. | <pre>list(object({<br>    type     = optional(string, "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST")<br>    percent  = optional(number, 100)<br>    revision = optional(string, null)<br>    tag      = optional(string, null)<br>  }))</pre> | `[]` | no |
 | volumes | Volumes needed for environment variables (when using secret) | <pre>list(object({<br>    name = string<br>    secret = optional(object({<br>      secret       = string<br>      default_mode = optional(string)<br>      items = optional(object({<br>        path    = string<br>        version = optional(string)<br>        mode    = optional(string)<br>      }))<br>    }))<br>    cloud_sql_instance = optional(object({<br>      instances = optional(list(string))<br>    }))<br>    empty_dir = optional(object({<br>      medium     = optional(string)<br>      size_limit = optional(string)<br>    }))<br>    gcs = optional(object({<br>      bucket    = string<br>      read_only = optional(string)<br>    }))<br>    nfs = optional(object({<br>      server    = string<br>      path      = string<br>      read_only = optional(string)<br>    }))<br>  }))</pre> | `[]` | no |
-| vpc\_access | VPC Access configuration to use for this Task, egress value should be either ALL\_TRAFFIC or PRIVATE\_RANGES\_ONLY. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc | <pre>object({<br>    connector = optional(string)<br>    egress    = optional(string)<br>    network_interfaces = optional(object({<br>      network    = optional(string)<br>      subnetwork = optional(string)<br>      tags       = optional(list(string))<br>    }))<br>  })</pre> | `null` | no |
+| vpc\_access | Configure this to enable your service to send traffic to a Virtual Private Cloud. Set egress to ALL\_TRAFFIC or PRIVATE\_RANGES\_ONLY. Choose a connector or network\_interfaces (for direct VPC egress). For details: https://cloud.google.com/run/docs/configuring/connecting-vpc | <pre>object({<br>    connector = optional(string)<br>    egress    = optional(string)<br>    network_interfaces = optional(object({<br>      network    = optional(string)<br>      subnetwork = optional(string)<br>      tags       = optional(list(string))<br>    }))<br>  })</pre> | `null` | no |
 
 ## Outputs
 

modules/v2/metadata.display.yaml

@@ -171,6 +171,37 @@ spec:
           name: vpc_access
           title: Vpc Access
           level: 1
+          properties:
+            egress:
+              name: egress
+              title: Egress
+              subtext: Traffic VPC egress settings.
+              enumValueLabels:
+                - label: ALL_TRAFFIC
+                  value: ALL_TRAFFIC
+                - label: PRIVATE_RANGES_ONLY
+                  value: PRIVATE_RANGES_ONLY
+            connector:
+              name: connector
+              title: Connector
+              subtext: VPC Access connector name.
+              regexValidation: ^projects/(?:[a-z][a-z0-9-]*[a-z0-9]|[0-9]+)/locations/([a-z0-9-]+)/connectors/([a-z][a-z0-9-]*[a-z0-9])$
+              validation: Invalid connector name. It must be in the format projects/{project}/locations/{location}/connectors/{connector}
+            network_interfaces:
+              name: network_interfaces
+              title: Network Interfaces
+              subtext: Direct VPC egress settings. Currently only single network interface is supported.
+              toggleUsingVariables:
+                - variableName: vpc_access.connector
+              properties:
+                network:
+                  name: network
+                  title: Network
+                  subtext: The VPC network that the Cloud Run resource will be able to send traffic to.
+                subnetwork:
+                  name: subnetwork
+                  title: Subnetwork
+                  subtext: The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used.
           altDefaults:
             - type: ALTERNATE_TYPE_DC
               value:

modules/v2/metadata.yaml

@@ -266,12 +266,16 @@ spec:
               version: ">= 0.1.0"
             spec:
               outputExpr: "[\"roles/bigtable.admin\"]"
+      - name: ingress
+        description: Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active.
+        varType: string
+        defaultValue: INGRESS_TRAFFIC_ALL
       - name: members
         description: "Users/SAs to be given invoker access to the service. Grant invoker access by specifying the users or service accounts (SAs). Use allUsers for public access, allAuthenticatedUsers for access by logged-in Google users, or provide a list of specific users/SAs. See the complete list of available options: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service_iam#member\\/members-1"
         varType: list(string)
         defaultValue: []
       - name: vpc_access
-        description: VPC Access configuration to use for this Task, egress value should be either ALL_TRAFFIC or PRIVATE_RANGES_ONLY. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc
+        description: "Configure this to enable your service to send traffic to a Virtual Private Cloud. Set egress to ALL_TRAFFIC or PRIVATE_RANGES_ONLY. Choose a connector or network_interfaces (for direct VPC egress). For details: https://cloud.google.com/run/docs/configuring/connecting-vpc"
         varType: |-
           object({
               connector = optional(string)
@@ -386,10 +390,6 @@ spec:
               version = optional(string, null)
             })
         defaultValue: {}
-      - name: ingress
-        description: Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active.
-        varType: string
-        defaultValue: INGRESS_TRAFFIC_ALL
       - name: launch_stage
         description: The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed.
         varType: string

modules/v2/variables.tf

@@ -124,6 +124,17 @@ variable "service_account_project_roles" {
   default     = []
 }
 
+variable "ingress" {
+  type        = string
+  description = "Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active."
+  default     = "INGRESS_TRAFFIC_ALL"
+
+  validation {
+    condition     = contains(["INGRESS_TRAFFIC_ALL", "INGRESS_TRAFFIC_INTERNAL_ONLY", "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"], var.ingress)
+    error_message = "Allowed values for ingress are \"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", or \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"."
+  }
+}
+
 variable "members" {
   type        = list(string)
   description = "Users/SAs to be given invoker access to the service. Grant invoker access by specifying the users or service accounts (SAs). Use allUsers for public access, allAuthenticatedUsers for access by logged-in Google users, or provide a list of specific users/SAs. See the complete list of available options: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service_iam#member\\/members-1"
@@ -140,7 +151,7 @@ variable "vpc_access" {
       tags       = optional(list(string))
     }))
   })
-  description = "VPC Access configuration to use for this Task, egress value should be either ALL_TRAFFIC or PRIVATE_RANGES_ONLY. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc"
+  description = "Configure this to enable your service to send traffic to a Virtual Private Cloud. Set egress to ALL_TRAFFIC or PRIVATE_RANGES_ONLY. Choose a connector or network_interfaces (for direct VPC egress). For details: https://cloud.google.com/run/docs/configuring/connecting-vpc"
   default     = null
 }
 
@@ -230,17 +241,6 @@ variable "client" {
   default     = {}
 }
 
-variable "ingress" {
-  type        = string
-  description = "Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active."
-  default     = "INGRESS_TRAFFIC_ALL"
-
-  validation {
-    condition     = contains(["INGRESS_TRAFFIC_ALL", "INGRESS_TRAFFIC_INTERNAL_ONLY", "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"], var.ingress)
-    error_message = "Allowed values for ingress are \"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", or \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"."
-  }
-}
-
 variable "launch_stage" {
   type        = string
   description = "The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed."