Skip to content

Commit f5860ff

Browse files
glasntglasnt
committed
update secure services with delete protection
1 parent 07b182f commit f5860ff

File tree

1 file changed

+3
-7
lines changed

1 file changed

+3
-7
lines changed

run/secure_services/main.tf

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,11 @@
1717
# [START cloudrun_secure_services_parent_tag]
1818
# [START cloudrun_secure_services_backend]
1919
resource "google_cloud_run_v2_service" "renderer" {
20-
provider = google-beta
2120
name = "renderer"
2221
location = "us-central1"
22+
23+
deletion_protection = false # set to "true" in production
24+
2325
template {
2426
containers {
2527
# Replace with the URL of your Secure Services > Renderer image.
@@ -33,7 +35,6 @@ resource "google_cloud_run_v2_service" "renderer" {
3335

3436
# [START cloudrun_secure_services_frontend]
3537
resource "google_cloud_run_v2_service" "editor" {
36-
provider = google-beta
3738
name = "editor"
3839
location = "us-central1"
3940
template {
@@ -54,23 +55,20 @@ resource "google_cloud_run_v2_service" "editor" {
5455

5556
# [START cloudrun_secure_services_backend_identity]
5657
resource "google_service_account" "renderer" {
57-
provider = google-beta
5858
account_id = "renderer-identity"
5959
display_name = "Service identity of the Renderer (Backend) service."
6060
}
6161
# [END cloudrun_secure_services_backend_identity]
6262

6363
# [START cloudrun_secure_services_frontend_identity]
6464
resource "google_service_account" "editor" {
65-
provider = google-beta
6665
account_id = "editor-identity"
6766
display_name = "Service identity of the Editor (Frontend) service."
6867
}
6968
# [END cloudrun_secure_services_frontend_identity]
7069

7170
# [START cloudrun_secure_services_backend_invoker_access]
7271
resource "google_cloud_run_service_iam_member" "editor_invokes_renderer" {
73-
provider = google-beta
7472
location = google_cloud_run_v2_service.renderer.location
7573
service = google_cloud_run_v2_service.renderer.name
7674
role = "roles/run.invoker"
@@ -80,7 +78,6 @@ resource "google_cloud_run_service_iam_member" "editor_invokes_renderer" {
8078

8179
# [START cloudrun_secure_services_frontend_access]
8280
data "google_iam_policy" "noauth" {
83-
provider = google-beta
8481
binding {
8582
role = "roles/run.invoker"
8683
members = [
@@ -90,7 +87,6 @@ data "google_iam_policy" "noauth" {
9087
}
9188

9289
resource "google_cloud_run_service_iam_policy" "noauth" {
93-
provider = google-beta
9490
location = google_cloud_run_v2_service.editor.location
9591
project = google_cloud_run_v2_service.editor.project
9692
service = google_cloud_run_v2_service.editor.name

0 commit comments

Comments
 (0)