VPC Connector alignment to Cloud Run v2 + contexts

tests/modules/cloud_function_v2/context-subnet-project.tfvars

@@ -0,0 +1,58 @@
+name        = "test-cf-kms"
+bucket_name = "bucket"
+bundle_config = {
+  path = "gs://assets/sample-function.zip"
+}
+context = {
+  cidr_ranges = {
+    test = "10.10.20.0/28"
+  }
+  custom_roles = {
+    myrole_one = "organizations/366118655033/roles/myRoleOne"
+  }
+  iam_principals = {
+    mygroup = "group:test-group@example.com"
+  }
+  kms_keys = {
+    test = "projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute"
+  }
+  locations = {
+    ew8 = "europe-west8"
+  }
+  networks = {
+    test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
+  }
+  project_ids = {
+    test = "foo-test-0"
+  }
+  subnets = {
+    test = "projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce"
+  }
+}
+kms_key = "$kms_keys:test"
+iam = {
+  "$custom_roles:myrole_one" = [
+    "$iam_principals:mygroup"
+  ]
+}
+project_id = "$project_ids:test"
+region     = "$locations:ew8"
+service_account_config = {
+  roles = [
+    "$custom_roles:myrole_one"
+  ]
+}
+vpc_connector = {
+  create = true
+  name   = "connector_name"
+}
+vpc_connector_create = {
+  instances = {
+    max = 10
+    min = 3
+  }
+  subnet = {
+    name       = "$subnets:test"
+    project_id = "$project_ids:test"
+  }
+}

tests/modules/cloud_function_v2/context-subnet-project.yaml

@@ -0,0 +1,64 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_cloudfunctions2_function.function:
+    kms_key_name: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
+    location: europe-west8
+    name: test-cf-kms
+    project: foo-test-0
+    service_config:
+    - service_account_email: test-cf-kms@foo-test-0.iam.gserviceaccount.com
+  google_cloudfunctions2_function_iam_binding.binding["$custom_roles:myrole_one"]:
+    cloud_function: test-cf-kms
+    condition: []
+    members:
+    - group:test-group@example.com
+    project: foo-test-0
+    location: europe-west8
+    role: organizations/366118655033/roles/myRoleOne
+  google_project_iam_member.default["organizations/366118655033/roles/myRoleOne"]:
+    condition: []
+    member: serviceAccount:test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    project: foo-test-0
+    role: organizations/366118655033/roles/myRoleOne
+  google_service_account.service_account[0]:
+    account_id: test-cf-kms
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: test-cf-kms
+    email: test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    member: serviceAccount:test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    project: foo-test-0
+    timeouts: null
+  google_vpc_access_connector.connector[0]:
+    ip_cidr_range: null
+    machine_type: e2-micro
+    max_instances: 10
+    min_instances: 3
+    name: test-cf-kms
+    project: foo-test-0
+    region: europe-west8
+    subnet:
+    - name: gce
+      project_id: foo-test-0
+    timeouts: null
+
+counts:
+  google_cloudfunctions2_function: 1
+  google_cloudfunctions2_function_iam_binding: 1
+  google_project_iam_member: 1
+  google_service_account: 1
+  google_vpc_access_connector: 1

tests/modules/cloud_function_v2/context-subnet.tfvars

@@ -0,0 +1,57 @@
+name        = "test-cf-kms"
+bucket_name = "bucket"
+bundle_config = {
+  path = "gs://assets/sample-function.zip"
+}
+context = {
+  cidr_ranges = {
+    test = "10.10.20.0/28"
+  }
+  custom_roles = {
+    myrole_one = "organizations/366118655033/roles/myRoleOne"
+  }
+  iam_principals = {
+    mygroup = "group:test-group@example.com"
+  }
+  kms_keys = {
+    test = "projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute"
+  }
+  locations = {
+    ew8 = "europe-west8"
+  }
+  networks = {
+    test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
+  }
+  project_ids = {
+    test = "foo-test-0"
+  }
+  subnets = {
+    test = "projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce"
+  }
+}
+kms_key = "$kms_keys:test"
+iam = {
+  "$custom_roles:myrole_one" = [
+    "$iam_principals:mygroup"
+  ]
+}
+project_id = "$project_ids:test"
+region     = "$locations:ew8"
+service_account_config = {
+  roles = [
+    "$custom_roles:myrole_one"
+  ]
+}
+vpc_connector = {
+  create = true
+  name   = "connector_name"
+}
+vpc_connector_create = {
+  instances = {
+    max = 10
+    min = 3
+  }
+  subnet = {
+    name = "$subnets:test"
+  }
+}

tests/modules/cloud_function_v2/context-subnet.yaml

@@ -0,0 +1,62 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_cloudfunctions2_function.function:
+    kms_key_name: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
+    location: europe-west8
+    project: foo-test-0
+    service_config:
+    - service_account_email: test-cf-kms@foo-test-0.iam.gserviceaccount.com
+  google_cloudfunctions2_function_iam_binding.binding["$custom_roles:myrole_one"]:
+    cloud_function: test-cf-kms
+    condition: []
+    members:
+    - group:test-group@example.com
+    project: foo-test-0
+    location: europe-west8
+    role: organizations/366118655033/roles/myRoleOne
+  google_project_iam_member.default["organizations/366118655033/roles/myRoleOne"]:
+    condition: []
+    member: serviceAccount:test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    project: foo-test-0
+    role: organizations/366118655033/roles/myRoleOne
+  google_service_account.service_account[0]:
+    account_id: test-cf-kms
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: test-cf-kms
+    email: test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    member: serviceAccount:test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    project: foo-test-0
+    timeouts: null
+  google_vpc_access_connector.connector[0]:
+    ip_cidr_range: null
+    machine_type: e2-micro
+    max_instances: 10
+    min_instances: 3
+    name: test-cf-kms
+    project: foo-test-0
+    region: europe-west8
+    subnet:
+    - name: gce
+      project_id: foo-dev-net-spoke-0
+
+counts:
+  google_cloudfunctions2_function: 1
+  google_cloudfunctions2_function_iam_binding: 1
+  google_project_iam_member: 1
+  google_service_account: 1
+  google_vpc_access_connector: 1

tests/modules/cloud_function_v2/context.tfvars

@@ -0,0 +1,56 @@
+name        = "test-cf-kms"
+bucket_name = "bucket"
+bundle_config = {
+  path = "gs://assets/sample-function.zip"
+}
+context = {
+  cidr_ranges = {
+    test = "10.10.20.0/28"
+  }
+  custom_roles = {
+    myrole_one = "organizations/366118655033/roles/myRoleOne"
+  }
+  iam_principals = {
+    mygroup = "group:test-group@example.com"
+  }
+  kms_keys = {
+    test = "projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute"
+  }
+  locations = {
+    ew8 = "europe-west8"
+  }
+  networks = {
+    test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
+  }
+  project_ids = {
+    test = "foo-test-0"
+  }
+  subnets = {
+    test = "projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce"
+  }
+}
+kms_key = "$kms_keys:test"
+iam = {
+  "$custom_roles:myrole_one" = [
+    "$iam_principals:mygroup"
+  ]
+}
+project_id = "$project_ids:test"
+region     = "$locations:ew8"
+service_account_config = {
+  roles = [
+    "$custom_roles:myrole_one"
+  ]
+}
+vpc_connector = {
+  create = true
+  name   = "connector_name"
+}
+vpc_connector_create = {
+  ip_cidr_range = "$cidr_ranges:test"
+  network       = "$networks:test"
+  instances = {
+    max = 10
+    min = 3
+  }
+}

tests/modules/cloud_function_v2/context.yaml

@@ -0,0 +1,61 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_cloudfunctions2_function.function:
+    kms_key_name: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
+    location: europe-west8
+    project: foo-test-0
+    service_config:
+    - service_account_email: test-cf-kms@foo-test-0.iam.gserviceaccount.com
+  google_cloudfunctions2_function_iam_binding.binding["$custom_roles:myrole_one"]:
+    condition: []
+    members:
+    - group:test-group@example.com
+    project: foo-test-0
+    location: europe-west8
+    role: organizations/366118655033/roles/myRoleOne
+  google_project_iam_member.default["organizations/366118655033/roles/myRoleOne"]:
+    condition: []
+    member: serviceAccount:test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    project: foo-test-0
+    role: organizations/366118655033/roles/myRoleOne
+  google_service_account.service_account[0]:
+    account_id: test-cf-kms
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: test-cf-kms
+    email: test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    member: serviceAccount:test-cf-kms@foo-test-0.iam.gserviceaccount.com
+    project: foo-test-0
+    timeouts: null
+  google_vpc_access_connector.connector[0]:
+    ip_cidr_range: 10.10.20.0/28
+    machine_type: e2-micro
+    max_instances: 10
+    min_instances: 3
+    name: test-cf-kms
+    network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
+    project: foo-test-0
+    region: europe-west8
+    subnet: []
+    timeouts: null
+
+counts:
+  google_cloudfunctions2_function: 1
+  google_cloudfunctions2_function_iam_binding: 1
+  google_project_iam_member: 1
+  google_service_account: 1
+  google_vpc_access_connector: 1

tests/modules/cloud_function_v2/examples/service-vpc-access-connector-create-sharedvpc.yaml

@@ -0,0 +1,73 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cf_http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+          object: bundle-95c1b0e5b92dae8333539b1e0ad5173b.zip
+      worker_pool: null
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger: []
+    kms_key_name: null
+    labels: null
+    location: europe-west8
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+      timeout_seconds: 180
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.cf_http.google_vpc_access_connector.connector[0]:
+    ip_cidr_range: null
+    machine_type: e2-standard-4
+    max_throughput: 300
+    min_throughput: 200
+    name: test-cf-http
+    project: project-id
+    region: europe-west8
+    subnet:
+    - name: fixture-subnet-28
+      project_id: test-host
+    timeouts: null
+
+counts:
+  google_cloudfunctions2_function: 1
+  google_service_account: 1
+  google_storage_bucket_object: 1
+
+
+outputs: {}

tests/modules/cloud_function_v2/examples/service-vpc-access-connector-create.yaml

@@ -0,0 +1,62 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cf_http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+          object: bundle-95c1b0e5b92dae8333539b1e0ad5173b.zip
+      worker_pool: null
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger: []
+    kms_key_name: null
+    labels: null
+    location: europe-west8
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+      timeout_seconds: 180
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+
+counts:
+  google_cloudfunctions2_function: 1
+  google_project_iam_member: 2
+  google_service_account: 1
+  google_storage_bucket_object: 1
+
+
+outputs: {}

tests/modules/cloud_function_v2/examples/service-vpc-access-connector.yaml

@@ -0,0 +1,62 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cf_http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+          object: bundle-95c1b0e5b92dae8333539b1e0ad5173b.zip
+      worker_pool: null
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger: []
+    kms_key_name: null
+    labels: null
+    location: europe-west8
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+      timeout_seconds: 180
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+
+counts:
+  google_cloudfunctions2_function: 1
+  google_project_iam_member: 2
+  google_service_account: 1
+  google_storage_bucket_object: 1
+
+
+outputs: {}

tests/modules/cloud_function_v2/kms.tfvars

@@ -0,0 +1,9 @@
+project_id  = "project"
+region      = "region"
+name        = "test-cf-kms"
+bucket_name = "bucket"
+bundle_config = {
+  path = "gs://assets/sample-function.zip"
+}
+kms_key              = "kms_key_id"
+docker_repository_id = "artifact_registry_id"

tests/modules/cloud_function_v2/kms.yaml

@@ -0,0 +1,44 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_cloudfunctions2_function.function:
+    build_config:
+    - docker_repository: artifact_registry_id
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+          object: sample-function.zip
+    kms_key_name: kms_key_id
+    name: test-cf-kms
+    project: project
+    location: region
+    service_config:
+    - service_account_email: test-cf-kms@project.iam.gserviceaccount.com
+
+counts:
+  google_cloudfunctions2_function: 1
+
+outputs:
+  bucket: null
+  bucket_name: bucket
+  function: __missing__
+  function_name: test-cf-kms
+  id: __missing__
+  invoke_command: __missing__
+  service_account: __missing__
+  service_account_email: test-cf-kms@project.iam.gserviceaccount.com
+  service_account_iam_email: serviceAccount:test-cf-kms@project.iam.gserviceaccount.com
+  vpc_connector: null

tests/modules/cloud_function_v2/tftest.yaml

@@ -0,0 +1,21 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module: modules/cloud-function-v2
+tests:
+  context:
+  context-subnet:
+  context-subnet-project:
+  kms:
+  vpcconnector:

tests/modules/cloud_function_v2/vpcconnector.tfvars

@@ -0,0 +1,11 @@
+project_id  = "test-project"
+region      = "region"
+name        = "test-cf-vpc"
+bucket_name = "bucket"
+bundle_config = {
+  path = "gs://assets/sample-function.zip"
+}
+vpc_connector = {
+  name            = "projects/test-project/locations/region/connectors/vpc-connector"
+  egress_settings = "ALL_TRAFFIC"
+}

tests/modules/cloud_function_v2/vpcconnector.yaml

@@ -0,0 +1,44 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_cloudfunctions2_function.function:
+    build_config:
+    - source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+          object: sample-function.zip
+    name: test-cf-vpc
+    project: test-project
+    location: region
+    service_config:
+    - service_account_email: test-cf-vpc@test-project.iam.gserviceaccount.com
+      vpc_connector: projects/test-project/locations/region/connectors/vpc-connector
+      vpc_connector_egress_settings: ALL_TRAFFIC
+
+counts:
+  google_cloudfunctions2_function: 1
+
+outputs:
+  bucket: null
+  bucket_name: bucket
+  function: __missing__
+  function_name: test-cf-vpc
+  id: __missing__
+  invoke_command: __missing__
+  service_account: __missing__
+  service_account_email: test-cf-vpc@test-project.iam.gserviceaccount.com
+  service_account_iam_email: serviceAccount:test-cf-vpc@test-project.iam.gserviceaccount.com
+  vpc_connector: null