chore: updated display metadata (#374)

Co-authored-by: abhishek kumar tiwari <[email protected]>

Author: pawan1210

build/int.cloudbuild.yaml

@@ -36,23 +36,23 @@ steps:
   - 'TF_VAR_org_id=$_ORG_ID'
   - 'TF_VAR_folder_id=$_FOLDER_ID'
   - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
-- id: create standalone
-  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && source_test_env && init_credentials && cft test run TestSecureCloudRunStandalone --test-dir /workspace/test/integration --verbose']
-  env:
-  - 'TF_VAR_org_id=$_ORG_ID'
-  - 'TF_VAR_parent_folder_id=$_FOLDER_ID'
-  - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
-  - 'TF_VAR_domain=test.blueprints.joonix.net'
-  - 'TF_VAR_serverless_folder_suffix=$SHORT_SHA'
-  - 'TF_VAR_create_access_context_manager_access_policy=false'
-  waitFor:
-  - prepare
+# - id: create standalone
+#   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+#   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && source_test_env && init_credentials && cft test run TestSecureCloudRunStandalone --test-dir /workspace/test/integration --verbose']
+#   env:
+#   - 'TF_VAR_org_id=$_ORG_ID'
+#   - 'TF_VAR_parent_folder_id=$_FOLDER_ID'
+#   - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
+#   - 'TF_VAR_domain=test.blueprints.joonix.net'
+#   - 'TF_VAR_serverless_folder_suffix=$SHORT_SHA'
+#   - 'TF_VAR_create_access_context_manager_access_policy=false'
+#   waitFor:
+#   - prepare
 - id: create
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create']
   waitFor:
-  - create standalone
+  - prepare
 - id: converge
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge']

modules/secure-cloud-run-security/metadata.yaml

@@ -131,13 +131,13 @@ spec:
     roles:
       - level: Project
         roles:
+          - roles/artifactregistry.admin
           - roles/iam.serviceAccountUser
           - roles/serviceusage.serviceUsageViewer
           - roles/cloudkms.admin
           - roles/resourcemanager.projectIamAdmin
           - roles/run.admin
           - roles/iam.serviceAccountAdmin
-          - roles/artifactregistry.admin
     services:
       - accesscontextmanager.googleapis.com
       - cloudbilling.googleapis.com

modules/secure-cloud-run/metadata.yaml

@@ -248,13 +248,13 @@ spec:
     roles:
       - level: Project
         roles:
+          - roles/run.admin
           - roles/iam.serviceAccountAdmin
           - roles/artifactregistry.admin
           - roles/iam.serviceAccountUser
           - roles/serviceusage.serviceUsageViewer
           - roles/cloudkms.admin
           - roles/resourcemanager.projectIamAdmin
-          - roles/run.admin
     services:
       - accesscontextmanager.googleapis.com
       - cloudbilling.googleapis.com

modules/secure-serverless-harness/metadata.yaml

@@ -280,13 +280,13 @@ spec:
     roles:
       - level: Project
         roles:
-          - roles/run.admin
           - roles/iam.serviceAccountAdmin
           - roles/artifactregistry.admin
           - roles/iam.serviceAccountUser
           - roles/serviceusage.serviceUsageViewer
           - roles/cloudkms.admin
           - roles/resourcemanager.projectIamAdmin
+          - roles/run.admin
     services:
       - accesscontextmanager.googleapis.com
       - cloudbilling.googleapis.com

modules/secure-serverless-net/metadata.yaml

@@ -118,13 +118,13 @@ spec:
     roles:
       - level: Project
         roles:
+          - roles/serviceusage.serviceUsageViewer
+          - roles/cloudkms.admin
           - roles/resourcemanager.projectIamAdmin
           - roles/run.admin
           - roles/iam.serviceAccountAdmin
           - roles/artifactregistry.admin
           - roles/iam.serviceAccountUser
-          - roles/serviceusage.serviceUsageViewer
-          - roles/cloudkms.admin
     services:
       - accesscontextmanager.googleapis.com
       - cloudbilling.googleapis.com

modules/v2/metadata.display.yaml

@@ -69,7 +69,11 @@ spec:
                     memory:
                       name: memory
                       title: Memory
-                      subtext: Memory to allocate to each instance of this container
+                      subtext: Memory to allocate to each instance of this container (e.g., 256Mi, 4Gi).
+                    nvidia_gpu:
+                      name: nvidia_gpu
+                      title: Nvidia GPU
+                      subtext: Number of GPUs to allocate to each instance of this container. Requires a minimum of 4 vCPUs and 16Gi of memory Maximum instance count for this template is 3. A node selector must be provided for GPU allocation.
             startup_probe:
               name: startup_probe
               title: Startup Probe
@@ -316,7 +320,6 @@ spec:
             - type: ALTERNATE_TYPE_DC
               value:
                 min_instance_count: 0
-                max_instance_count: 100
         timeout:
           name: timeout
           title: Timeout
@@ -399,6 +402,16 @@ spec:
                 network_interfaces:
                   network: default
                   subnetwork: default
+        node_selector:
+          name: node_selector
+          title: Node Selector
+          level: 1
+        gpu_zonal_redundancy_disabled:
+          name: gpu_zonal_redundancy_disabled
+          title: GPU Zonal Redundancy disabled
+          altDefaults:
+            - type: ALTERNATE_TYPE_DC
+              value: false
     runtime:
       outputs:
         service_uri:

modules/v2/metadata.yaml

@@ -322,6 +322,10 @@ spec:
         description: Users/SAs to be given invoker access to the service. Grant invoker access by specifying the users or service accounts (SAs). Use allUsers for public access, allAuthenticatedUsers for access by logged-in Google users, or provide a list of specific users/SAs. [See the complete list of available options here](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service_iam#member\/members-1)
         varType: list(string)
         defaultValue: []
+      - name: iap_members
+        description: Valid only when launch stage is set to 'BETA'. IAP is enabled automatically when users or service accounts (SAs) are provided. Use allUsers for public access, allAuthenticatedUsers for any Google-authenticated user, or specify individual users/SAs. [More info](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iap_web_cloud_run_service_iam#member\/members-2)
+        varType: list(string)
+        defaultValue: []
       - name: vpc_access
         description: Configure this to enable your service to send traffic to a Virtual Private Cloud. Set egress to ALL_TRAFFIC or PRIVATE_RANGES_ONLY. Choose a connector or network_interfaces (for direct VPC egress). [More info](https://cloud.google.com/run/docs/configuring/connecting-vpc)
         varType: |-
@@ -495,10 +499,6 @@ spec:
         description: The sandbox environment to host this Revision.
         varType: string
         defaultValue: EXECUTION_ENVIRONMENT_GEN2
-      - name: iap_members
-        description: Valid only when launch stage is set to 'BETA'. IAP is enabled automatically when users or service accounts (SAs) are provided. Use allUsers for public access, allAuthenticatedUsers for any Google-authenticated user, or specify individual users/SAs. [More info](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iap_web_cloud_run_service_iam#member\/members-2)
-        varType: list(string)
-        defaultValue: []
     outputs:
       - name: apphub_service_uri
         description: Service URI in CAIS style to be used by Apphub.
@@ -563,13 +563,13 @@ spec:
     roles:
       - level: Project
         roles:
-          - roles/iam.serviceAccountUser
-          - roles/serviceusage.serviceUsageViewer
           - roles/resourcemanager.projectIamAdmin
           - roles/compute.viewer
           - roles/iap.admin
           - roles/run.admin
           - roles/iam.serviceAccountAdmin
+          - roles/iam.serviceAccountUser
+          - roles/serviceusage.serviceUsageViewer
     services:
       - cloudresourcemanager.googleapis.com
       - compute.googleapis.com

modules/v2/variables.tf

@@ -156,6 +156,12 @@ variable "members" {
   default     = []
 }
 
+variable "iap_members" {
+  type        = list(string)
+  description = "Valid only when launch stage is set to 'BETA'. IAP is enabled automatically when users or service accounts (SAs) are provided. Use allUsers for public access, allAuthenticatedUsers for any Google-authenticated user, or specify individual users/SAs. [More info](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iap_web_cloud_run_service_iam#member\\/members-2)"
+  default     = []
+}
+
 variable "vpc_access" {
   type = object({
     connector = optional(string)
@@ -351,8 +357,3 @@ variable "execution_environment" {
   }
 }
 
-variable "iap_members" {
-  type        = list(string)
-  description = "Valid only when launch stage is set to 'BETA'. IAP is enabled automatically when users or service accounts (SAs) are provided. Use allUsers for public access, allAuthenticatedUsers for any Google-authenticated user, or specify individual users/SAs. [More info](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iap_web_cloud_run_service_iam#member\\/members-2)"
-  default     = []
-}