terraform-provider-google: `google_cloud_run_v2_service`'s `volume_mounts` doesn't expose `read_only` boolean

Community Note

Terraform Version

Affected Resource(s)

• google_cloud_run_service
• google_cloud_run_v2_service

Terraform Configuration Files

resource "google_cloud_run_v2_service" "recorder-service" {
  project  = var.project_id
  name     = "${var.name}-recorder"
  location = var.region

  provider     = google-beta # For empty_dir
  launch_stage = "BETA"

  template {
    service_account = google_service_account.recorder.email
    containers {
      image = cosign_sign.recorder-image.signed_ref

      ports {
        container_port = 8080
      }

      env {
        name  = "LOG_PATH"
        value = "/logs"
      }
      volume_mounts {
        name = "logs"
        mount_path = "/logs"
        # read_only = false
      }
    }
    containers {
      image = cosign_sign.logrotate-image.signed_ref

      env {
        name  = "LOGROTATE_BUCKET"
        value = "gs://mattmoor-dev-recorder" # TODO: provision this.
      }
      volume_mounts {
        name = "logs"
        mount_path = "/logs"
        # read_only = false
      }
    }
    volumes {
      name = "logs"
      empty_dir {}
    }
  }
}

Debug Output

Panic Output

Expected Behavior

I can configure whether the volume mount is read-only.

Actual Behavior

The volume mount defaults to read-only, which makes it an unusable medium for inter-container message-passing.

Steps to Reproduce

Try to create a writeable empty_dir volume mount (multi-container or not, but it’s pretty critical for multi-container scenarios)

Important Factoids

Being able to share state through writeable volumes is pretty critical for multi-container scenarios.

The only documented fields on volume_mounts today are name and mount_path, but no read_only: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service#nested_volume_mounts

References

cc @steren

b/313620407