The gcp:cloudtasks/queue:Queue resource, part of the Pulumi GCP provider, defines a Cloud Tasks queue: its name, location, dispatch behavior, and optional HTTP routing. This guide focuses on three capabilities: basic queue creation, rate limiting and retry configuration, and HTTP target routing with authentication.
Cloud Tasks queues require a GCP project with the API enabled. HTTP target examples reference service accounts that must exist separately. The examples are intentionally small. Combine them with your own task creation logic and worker infrastructure.
Create a queue with name and location
Most deployments start by creating a named queue in a specific region to hold tasks for asynchronous processing.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.cloudtasks.Queue("default", {
name: "cloud-tasks-queue-test",
location: "us-central1",
});
import pulumi
import pulumi_gcp as gcp
default = gcp.cloudtasks.Queue("default",
name="cloud-tasks-queue-test",
location="us-central1")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/cloudtasks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudtasks.NewQueue(ctx, "default", &cloudtasks.QueueArgs{
Name: pulumi.String("cloud-tasks-queue-test"),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.CloudTasks.Queue("default", new()
{
Name = "cloud-tasks-queue-test",
Location = "us-central1",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.cloudtasks.Queue;
import com.pulumi.gcp.cloudtasks.QueueArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Queue("default", QueueArgs.builder()
.name("cloud-tasks-queue-test")
.location("us-central1")
.build());
}
}
resources:
default:
type: gcp:cloudtasks:Queue
properties:
name: cloud-tasks-queue-test
location: us-central1
The name property sets a unique identifier within the project and location. The location property determines which regional endpoint handles the queue. Without additional configuration, the queue uses default rate limits and retry behavior.
Configure rate limits and retry behavior
Production queues need throttling to prevent overwhelming downstream services and retry policies to handle transient failures.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const advancedConfiguration = new gcp.cloudtasks.Queue("advanced_configuration", {
name: "instance-name",
location: "us-central1",
appEngineRoutingOverride: {
service: "worker",
version: "1.0",
instance: "test",
},
rateLimits: {
maxConcurrentDispatches: 3,
maxDispatchesPerSecond: 2,
},
retryConfig: {
maxAttempts: 5,
maxRetryDuration: "4s",
maxBackoff: "3s",
minBackoff: "2s",
maxDoublings: 1,
},
stackdriverLoggingConfig: {
samplingRatio: 0.9,
},
});
import pulumi
import pulumi_gcp as gcp
advanced_configuration = gcp.cloudtasks.Queue("advanced_configuration",
name="instance-name",
location="us-central1",
app_engine_routing_override={
"service": "worker",
"version": "1.0",
"instance": "test",
},
rate_limits={
"max_concurrent_dispatches": 3,
"max_dispatches_per_second": 2,
},
retry_config={
"max_attempts": 5,
"max_retry_duration": "4s",
"max_backoff": "3s",
"min_backoff": "2s",
"max_doublings": 1,
},
stackdriver_logging_config={
"sampling_ratio": 0.9,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/cloudtasks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudtasks.NewQueue(ctx, "advanced_configuration", &cloudtasks.QueueArgs{
Name: pulumi.String("instance-name"),
Location: pulumi.String("us-central1"),
AppEngineRoutingOverride: &cloudtasks.QueueAppEngineRoutingOverrideArgs{
Service: pulumi.String("worker"),
Version: pulumi.String("1.0"),
Instance: pulumi.String("test"),
},
RateLimits: &cloudtasks.QueueRateLimitsArgs{
MaxConcurrentDispatches: pulumi.Int(3),
MaxDispatchesPerSecond: pulumi.Float64(2),
},
RetryConfig: &cloudtasks.QueueRetryConfigArgs{
MaxAttempts: pulumi.Int(5),
MaxRetryDuration: pulumi.String("4s"),
MaxBackoff: pulumi.String("3s"),
MinBackoff: pulumi.String("2s"),
MaxDoublings: pulumi.Int(1),
},
StackdriverLoggingConfig: &cloudtasks.QueueStackdriverLoggingConfigArgs{
SamplingRatio: pulumi.Float64(0.9),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var advancedConfiguration = new Gcp.CloudTasks.Queue("advanced_configuration", new()
{
Name = "instance-name",
Location = "us-central1",
AppEngineRoutingOverride = new Gcp.CloudTasks.Inputs.QueueAppEngineRoutingOverrideArgs
{
Service = "worker",
Version = "1.0",
Instance = "test",
},
RateLimits = new Gcp.CloudTasks.Inputs.QueueRateLimitsArgs
{
MaxConcurrentDispatches = 3,
MaxDispatchesPerSecond = 2,
},
RetryConfig = new Gcp.CloudTasks.Inputs.QueueRetryConfigArgs
{
MaxAttempts = 5,
MaxRetryDuration = "4s",
MaxBackoff = "3s",
MinBackoff = "2s",
MaxDoublings = 1,
},
StackdriverLoggingConfig = new Gcp.CloudTasks.Inputs.QueueStackdriverLoggingConfigArgs
{
SamplingRatio = 0.9,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.cloudtasks.Queue;
import com.pulumi.gcp.cloudtasks.QueueArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueAppEngineRoutingOverrideArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueRateLimitsArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueRetryConfigArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueStackdriverLoggingConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var advancedConfiguration = new Queue("advancedConfiguration", QueueArgs.builder()
.name("instance-name")
.location("us-central1")
.appEngineRoutingOverride(QueueAppEngineRoutingOverrideArgs.builder()
.service("worker")
.version("1.0")
.instance("test")
.build())
.rateLimits(QueueRateLimitsArgs.builder()
.maxConcurrentDispatches(3)
.maxDispatchesPerSecond(2.0)
.build())
.retryConfig(QueueRetryConfigArgs.builder()
.maxAttempts(5)
.maxRetryDuration("4s")
.maxBackoff("3s")
.minBackoff("2s")
.maxDoublings(1)
.build())
.stackdriverLoggingConfig(QueueStackdriverLoggingConfigArgs.builder()
.samplingRatio(0.9)
.build())
.build());
}
}
resources:
advancedConfiguration:
type: gcp:cloudtasks:Queue
name: advanced_configuration
properties:
name: instance-name
location: us-central1
appEngineRoutingOverride:
service: worker
version: '1.0'
instance: test
rateLimits:
maxConcurrentDispatches: 3
maxDispatchesPerSecond: 2
retryConfig:
maxAttempts: 5
maxRetryDuration: 4s
maxBackoff: 3s
minBackoff: 2s
maxDoublings: 1
stackdriverLoggingConfig:
samplingRatio: 0.9
The rateLimits block controls dispatch velocity: maxConcurrentDispatches caps parallel executions, while maxDispatchesPerSecond limits throughput. The retryConfig block defines failure recovery: maxAttempts sets the retry ceiling, and minBackoff/maxBackoff control exponential backoff timing. The appEngineRoutingOverride directs tasks to specific App Engine services, versions, or instances.
Route tasks to HTTP endpoints with OIDC authentication
When tasks invoke external HTTP services, the queue can include authentication tokens and customize request properties.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const oidcServiceAccount = new gcp.serviceaccount.Account("oidc_service_account", {
accountId: "example-oidc",
displayName: "Tasks Queue OIDC Service Account",
});
const httpTargetOidc = new gcp.cloudtasks.Queue("http_target_oidc", {
name: "cloud-tasks-queue-http-target-oidc",
location: "us-central1",
httpTarget: {
httpMethod: "POST",
uriOverride: {
scheme: "HTTPS",
host: "oidc.example.com",
port: "8443",
pathOverride: {
path: "/users/1234",
},
queryOverride: {
queryParams: "qparam1=123&qparam2=456",
},
uriOverrideEnforceMode: "IF_NOT_EXISTS",
},
headerOverrides: [
{
header: {
key: "AddSomethingElse",
value: "MyOtherValue",
},
},
{
header: {
key: "AddMe",
value: "MyValue",
},
},
],
oidcToken: {
serviceAccountEmail: oidcServiceAccount.email,
audience: "https://oidc.example.com",
},
},
});
import pulumi
import pulumi_gcp as gcp
oidc_service_account = gcp.serviceaccount.Account("oidc_service_account",
account_id="example-oidc",
display_name="Tasks Queue OIDC Service Account")
http_target_oidc = gcp.cloudtasks.Queue("http_target_oidc",
name="cloud-tasks-queue-http-target-oidc",
location="us-central1",
http_target={
"http_method": "POST",
"uri_override": {
"scheme": "HTTPS",
"host": "oidc.example.com",
"port": "8443",
"path_override": {
"path": "/users/1234",
},
"query_override": {
"query_params": "qparam1=123&qparam2=456",
},
"uri_override_enforce_mode": "IF_NOT_EXISTS",
},
"header_overrides": [
{
"header": {
"key": "AddSomethingElse",
"value": "MyOtherValue",
},
},
{
"header": {
"key": "AddMe",
"value": "MyValue",
},
},
],
"oidc_token": {
"service_account_email": oidc_service_account.email,
"audience": "https://oidc.example.com",
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/cloudtasks"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/serviceaccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
oidcServiceAccount, err := serviceaccount.NewAccount(ctx, "oidc_service_account", &serviceaccount.AccountArgs{
AccountId: pulumi.String("example-oidc"),
DisplayName: pulumi.String("Tasks Queue OIDC Service Account"),
})
if err != nil {
return err
}
_, err = cloudtasks.NewQueue(ctx, "http_target_oidc", &cloudtasks.QueueArgs{
Name: pulumi.String("cloud-tasks-queue-http-target-oidc"),
Location: pulumi.String("us-central1"),
HttpTarget: &cloudtasks.QueueHttpTargetArgs{
HttpMethod: pulumi.String("POST"),
UriOverride: &cloudtasks.QueueHttpTargetUriOverrideArgs{
Scheme: pulumi.String("HTTPS"),
Host: pulumi.String("oidc.example.com"),
Port: pulumi.String("8443"),
PathOverride: &cloudtasks.QueueHttpTargetUriOverridePathOverrideArgs{
Path: pulumi.String("/users/1234"),
},
QueryOverride: &cloudtasks.QueueHttpTargetUriOverrideQueryOverrideArgs{
QueryParams: pulumi.String("qparam1=123&qparam2=456"),
},
UriOverrideEnforceMode: pulumi.String("IF_NOT_EXISTS"),
},
HeaderOverrides: cloudtasks.QueueHttpTargetHeaderOverrideArray{
&cloudtasks.QueueHttpTargetHeaderOverrideArgs{
Header: &cloudtasks.QueueHttpTargetHeaderOverrideHeaderArgs{
Key: pulumi.String("AddSomethingElse"),
Value: pulumi.String("MyOtherValue"),
},
},
&cloudtasks.QueueHttpTargetHeaderOverrideArgs{
Header: &cloudtasks.QueueHttpTargetHeaderOverrideHeaderArgs{
Key: pulumi.String("AddMe"),
Value: pulumi.String("MyValue"),
},
},
},
OidcToken: &cloudtasks.QueueHttpTargetOidcTokenArgs{
ServiceAccountEmail: oidcServiceAccount.Email,
Audience: pulumi.String("https://oidc.example.com"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var oidcServiceAccount = new Gcp.ServiceAccount.Account("oidc_service_account", new()
{
AccountId = "example-oidc",
DisplayName = "Tasks Queue OIDC Service Account",
});
var httpTargetOidc = new Gcp.CloudTasks.Queue("http_target_oidc", new()
{
Name = "cloud-tasks-queue-http-target-oidc",
Location = "us-central1",
HttpTarget = new Gcp.CloudTasks.Inputs.QueueHttpTargetArgs
{
HttpMethod = "POST",
UriOverride = new Gcp.CloudTasks.Inputs.QueueHttpTargetUriOverrideArgs
{
Scheme = "HTTPS",
Host = "oidc.example.com",
Port = "8443",
PathOverride = new Gcp.CloudTasks.Inputs.QueueHttpTargetUriOverridePathOverrideArgs
{
Path = "/users/1234",
},
QueryOverride = new Gcp.CloudTasks.Inputs.QueueHttpTargetUriOverrideQueryOverrideArgs
{
QueryParams = "qparam1=123&qparam2=456",
},
UriOverrideEnforceMode = "IF_NOT_EXISTS",
},
HeaderOverrides = new[]
{
new Gcp.CloudTasks.Inputs.QueueHttpTargetHeaderOverrideArgs
{
Header = new Gcp.CloudTasks.Inputs.QueueHttpTargetHeaderOverrideHeaderArgs
{
Key = "AddSomethingElse",
Value = "MyOtherValue",
},
},
new Gcp.CloudTasks.Inputs.QueueHttpTargetHeaderOverrideArgs
{
Header = new Gcp.CloudTasks.Inputs.QueueHttpTargetHeaderOverrideHeaderArgs
{
Key = "AddMe",
Value = "MyValue",
},
},
},
OidcToken = new Gcp.CloudTasks.Inputs.QueueHttpTargetOidcTokenArgs
{
ServiceAccountEmail = oidcServiceAccount.Email,
Audience = "https://oidc.example.com",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.cloudtasks.Queue;
import com.pulumi.gcp.cloudtasks.QueueArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetUriOverrideArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetUriOverridePathOverrideArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetUriOverrideQueryOverrideArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetOidcTokenArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oidcServiceAccount = new Account("oidcServiceAccount", AccountArgs.builder()
.accountId("example-oidc")
.displayName("Tasks Queue OIDC Service Account")
.build());
var httpTargetOidc = new Queue("httpTargetOidc", QueueArgs.builder()
.name("cloud-tasks-queue-http-target-oidc")
.location("us-central1")
.httpTarget(QueueHttpTargetArgs.builder()
.httpMethod("POST")
.uriOverride(QueueHttpTargetUriOverrideArgs.builder()
.scheme("HTTPS")
.host("oidc.example.com")
.port("8443")
.pathOverride(QueueHttpTargetUriOverridePathOverrideArgs.builder()
.path("/users/1234")
.build())
.queryOverride(QueueHttpTargetUriOverrideQueryOverrideArgs.builder()
.queryParams("qparam1=123&qparam2=456")
.build())
.uriOverrideEnforceMode("IF_NOT_EXISTS")
.build())
.headerOverrides(
QueueHttpTargetHeaderOverrideArgs.builder()
.header(QueueHttpTargetHeaderOverrideHeaderArgs.builder()
.key("AddSomethingElse")
.value("MyOtherValue")
.build())
.build(),
QueueHttpTargetHeaderOverrideArgs.builder()
.header(QueueHttpTargetHeaderOverrideHeaderArgs.builder()
.key("AddMe")
.value("MyValue")
.build())
.build())
.oidcToken(QueueHttpTargetOidcTokenArgs.builder()
.serviceAccountEmail(oidcServiceAccount.email())
.audience("https://oidc.example.com")
.build())
.build())
.build());
}
}
resources:
httpTargetOidc:
type: gcp:cloudtasks:Queue
name: http_target_oidc
properties:
name: cloud-tasks-queue-http-target-oidc
location: us-central1
httpTarget:
httpMethod: POST
uriOverride:
scheme: HTTPS
host: oidc.example.com
port: 8443
pathOverride:
path: /users/1234
queryOverride:
queryParams: qparam1=123&qparam2=456
uriOverrideEnforceMode: IF_NOT_EXISTS
headerOverrides:
- header:
key: AddSomethingElse
value: MyOtherValue
- header:
key: AddMe
value: MyValue
oidcToken:
serviceAccountEmail: ${oidcServiceAccount.email}
audience: https://oidc.example.com
oidcServiceAccount:
type: gcp:serviceaccount:Account
name: oidc_service_account
properties:
accountId: example-oidc
displayName: Tasks Queue OIDC Service Account
The httpTarget block defines how tasks reach external endpoints. The uriOverride property constructs the target URL from scheme, host, port, and path components. The uriOverrideEnforceMode controls whether these settings replace or supplement task-level URLs. The oidcToken block attaches OpenID Connect credentials using a service account, and headerOverrides adds custom HTTP headers to every request.
Route tasks to HTTP endpoints with OAuth authentication
OAuth tokens provide an alternative authentication mechanism when the target service requires OAuth 2.0 credentials.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const oauthServiceAccount = new gcp.serviceaccount.Account("oauth_service_account", {
accountId: "example-oauth",
displayName: "Tasks Queue OAuth Service Account",
});
const httpTargetOauth = new gcp.cloudtasks.Queue("http_target_oauth", {
name: "cloud-tasks-queue-http-target-oauth",
location: "us-central1",
httpTarget: {
httpMethod: "POST",
uriOverride: {
scheme: "HTTPS",
host: "oauth.example.com",
port: "8443",
pathOverride: {
path: "/users/1234",
},
queryOverride: {
queryParams: "qparam1=123&qparam2=456",
},
uriOverrideEnforceMode: "IF_NOT_EXISTS",
},
headerOverrides: [
{
header: {
key: "AddSomethingElse",
value: "MyOtherValue",
},
},
{
header: {
key: "AddMe",
value: "MyValue",
},
},
],
oauthToken: {
serviceAccountEmail: oauthServiceAccount.email,
scope: "openid https://www.googleapis.com/auth/userinfo.email",
},
},
});
import pulumi
import pulumi_gcp as gcp
oauth_service_account = gcp.serviceaccount.Account("oauth_service_account",
account_id="example-oauth",
display_name="Tasks Queue OAuth Service Account")
http_target_oauth = gcp.cloudtasks.Queue("http_target_oauth",
name="cloud-tasks-queue-http-target-oauth",
location="us-central1",
http_target={
"http_method": "POST",
"uri_override": {
"scheme": "HTTPS",
"host": "oauth.example.com",
"port": "8443",
"path_override": {
"path": "/users/1234",
},
"query_override": {
"query_params": "qparam1=123&qparam2=456",
},
"uri_override_enforce_mode": "IF_NOT_EXISTS",
},
"header_overrides": [
{
"header": {
"key": "AddSomethingElse",
"value": "MyOtherValue",
},
},
{
"header": {
"key": "AddMe",
"value": "MyValue",
},
},
],
"oauth_token": {
"service_account_email": oauth_service_account.email,
"scope": "openid https://www.googleapis.com/auth/userinfo.email",
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/cloudtasks"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/serviceaccount"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
oauthServiceAccount, err := serviceaccount.NewAccount(ctx, "oauth_service_account", &serviceaccount.AccountArgs{
AccountId: pulumi.String("example-oauth"),
DisplayName: pulumi.String("Tasks Queue OAuth Service Account"),
})
if err != nil {
return err
}
_, err = cloudtasks.NewQueue(ctx, "http_target_oauth", &cloudtasks.QueueArgs{
Name: pulumi.String("cloud-tasks-queue-http-target-oauth"),
Location: pulumi.String("us-central1"),
HttpTarget: &cloudtasks.QueueHttpTargetArgs{
HttpMethod: pulumi.String("POST"),
UriOverride: &cloudtasks.QueueHttpTargetUriOverrideArgs{
Scheme: pulumi.String("HTTPS"),
Host: pulumi.String("oauth.example.com"),
Port: pulumi.String("8443"),
PathOverride: &cloudtasks.QueueHttpTargetUriOverridePathOverrideArgs{
Path: pulumi.String("/users/1234"),
},
QueryOverride: &cloudtasks.QueueHttpTargetUriOverrideQueryOverrideArgs{
QueryParams: pulumi.String("qparam1=123&qparam2=456"),
},
UriOverrideEnforceMode: pulumi.String("IF_NOT_EXISTS"),
},
HeaderOverrides: cloudtasks.QueueHttpTargetHeaderOverrideArray{
&cloudtasks.QueueHttpTargetHeaderOverrideArgs{
Header: &cloudtasks.QueueHttpTargetHeaderOverrideHeaderArgs{
Key: pulumi.String("AddSomethingElse"),
Value: pulumi.String("MyOtherValue"),
},
},
&cloudtasks.QueueHttpTargetHeaderOverrideArgs{
Header: &cloudtasks.QueueHttpTargetHeaderOverrideHeaderArgs{
Key: pulumi.String("AddMe"),
Value: pulumi.String("MyValue"),
},
},
},
OauthToken: &cloudtasks.QueueHttpTargetOauthTokenArgs{
ServiceAccountEmail: oauthServiceAccount.Email,
Scope: pulumi.String("openid https://www.googleapis.com/auth/userinfo.email"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var oauthServiceAccount = new Gcp.ServiceAccount.Account("oauth_service_account", new()
{
AccountId = "example-oauth",
DisplayName = "Tasks Queue OAuth Service Account",
});
var httpTargetOauth = new Gcp.CloudTasks.Queue("http_target_oauth", new()
{
Name = "cloud-tasks-queue-http-target-oauth",
Location = "us-central1",
HttpTarget = new Gcp.CloudTasks.Inputs.QueueHttpTargetArgs
{
HttpMethod = "POST",
UriOverride = new Gcp.CloudTasks.Inputs.QueueHttpTargetUriOverrideArgs
{
Scheme = "HTTPS",
Host = "oauth.example.com",
Port = "8443",
PathOverride = new Gcp.CloudTasks.Inputs.QueueHttpTargetUriOverridePathOverrideArgs
{
Path = "/users/1234",
},
QueryOverride = new Gcp.CloudTasks.Inputs.QueueHttpTargetUriOverrideQueryOverrideArgs
{
QueryParams = "qparam1=123&qparam2=456",
},
UriOverrideEnforceMode = "IF_NOT_EXISTS",
},
HeaderOverrides = new[]
{
new Gcp.CloudTasks.Inputs.QueueHttpTargetHeaderOverrideArgs
{
Header = new Gcp.CloudTasks.Inputs.QueueHttpTargetHeaderOverrideHeaderArgs
{
Key = "AddSomethingElse",
Value = "MyOtherValue",
},
},
new Gcp.CloudTasks.Inputs.QueueHttpTargetHeaderOverrideArgs
{
Header = new Gcp.CloudTasks.Inputs.QueueHttpTargetHeaderOverrideHeaderArgs
{
Key = "AddMe",
Value = "MyValue",
},
},
},
OauthToken = new Gcp.CloudTasks.Inputs.QueueHttpTargetOauthTokenArgs
{
ServiceAccountEmail = oauthServiceAccount.Email,
Scope = "openid https://www.googleapis.com/auth/userinfo.email",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.serviceaccount.Account;
import com.pulumi.gcp.serviceaccount.AccountArgs;
import com.pulumi.gcp.cloudtasks.Queue;
import com.pulumi.gcp.cloudtasks.QueueArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetUriOverrideArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetUriOverridePathOverrideArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetUriOverrideQueryOverrideArgs;
import com.pulumi.gcp.cloudtasks.inputs.QueueHttpTargetOauthTokenArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oauthServiceAccount = new Account("oauthServiceAccount", AccountArgs.builder()
.accountId("example-oauth")
.displayName("Tasks Queue OAuth Service Account")
.build());
var httpTargetOauth = new Queue("httpTargetOauth", QueueArgs.builder()
.name("cloud-tasks-queue-http-target-oauth")
.location("us-central1")
.httpTarget(QueueHttpTargetArgs.builder()
.httpMethod("POST")
.uriOverride(QueueHttpTargetUriOverrideArgs.builder()
.scheme("HTTPS")
.host("oauth.example.com")
.port("8443")
.pathOverride(QueueHttpTargetUriOverridePathOverrideArgs.builder()
.path("/users/1234")
.build())
.queryOverride(QueueHttpTargetUriOverrideQueryOverrideArgs.builder()
.queryParams("qparam1=123&qparam2=456")
.build())
.uriOverrideEnforceMode("IF_NOT_EXISTS")
.build())
.headerOverrides(
QueueHttpTargetHeaderOverrideArgs.builder()
.header(QueueHttpTargetHeaderOverrideHeaderArgs.builder()
.key("AddSomethingElse")
.value("MyOtherValue")
.build())
.build(),
QueueHttpTargetHeaderOverrideArgs.builder()
.header(QueueHttpTargetHeaderOverrideHeaderArgs.builder()
.key("AddMe")
.value("MyValue")
.build())
.build())
.oauthToken(QueueHttpTargetOauthTokenArgs.builder()
.serviceAccountEmail(oauthServiceAccount.email())
.scope("openid https://www.googleapis.com/auth/userinfo.email")
.build())
.build())
.build());
}
}
resources:
httpTargetOauth:
type: gcp:cloudtasks:Queue
name: http_target_oauth
properties:
name: cloud-tasks-queue-http-target-oauth
location: us-central1
httpTarget:
httpMethod: POST
uriOverride:
scheme: HTTPS
host: oauth.example.com
port: 8443
pathOverride:
path: /users/1234
queryOverride:
queryParams: qparam1=123&qparam2=456
uriOverrideEnforceMode: IF_NOT_EXISTS
headerOverrides:
- header:
key: AddSomethingElse
value: MyOtherValue
- header:
key: AddMe
value: MyValue
oauthToken:
serviceAccountEmail: ${oauthServiceAccount.email}
scope: openid https://www.googleapis.com/auth/userinfo.email
oauthServiceAccount:
type: gcp:serviceaccount:Account
name: oauth_service_account
properties:
accountId: example-oauth
displayName: Tasks Queue OAuth Service Account
This configuration mirrors the OIDC example but uses oauthToken instead. The scope property defines the OAuth permissions requested, and the service account generates access tokens automatically. The rest of the HTTP target configuration (URI override, headers) works identically to OIDC.
Beyond these examples
These snippets focus on specific queue-level features: queue creation and naming, rate limiting and retry policies, and HTTP target routing with authentication. They’re intentionally minimal rather than full task processing systems.
The examples may reference pre-existing infrastructure such as GCP projects with Cloud Tasks API enabled, service accounts for OIDC/OAuth authentication, and target HTTP endpoints that accept authenticated requests. They focus on configuring the queue rather than creating tasks or worker infrastructure.
To keep things focused, common queue patterns are omitted, including:
- App Engine routing (appEngineRoutingOverride for non-HTTP targets)
- Queue state management (desiredState for pausing/resuming)
- Stackdriver logging configuration (stackdriverLoggingConfig)
- Task creation and enqueueing (separate from queue configuration)
These omissions are intentional: the goal is to illustrate how each queue feature is wired, not provide drop-in task processing systems. See the Cloud Tasks Queue resource reference for all available configuration options.
Let's create GCP Cloud Tasks Queues
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Queue Configuration & Immutability
What properties can't I change after creating a queue?
The
name, location, and project properties are immutable. Changing any of these requires replacing the queue.Are rateLimits and retryConfig required?
Yes, both
rateLimits and retryConfig are required properties when creating a Cloud Tasks queue.How do I import an existing queue?
Use one of three formats:
projects/{{project}}/locations/{{location}}/queues/{{name}}, {{project}}/{{location}}/{{name}}, or {{location}}/{{name}}.Rate Limiting & Retries
How do I control task dispatch rate?
Configure
rateLimits with maxConcurrentDispatches (concurrent tasks) and maxDispatchesPerSecond (rate limit). The actual dispatch rate depends on queue size, throttling settings, and system responses.How do I configure retry behavior?
Use
retryConfig to set maxAttempts, maxRetryDuration, maxBackoff, minBackoff, and maxDoublings. The advanced example shows a configuration with 5 max attempts and exponential backoff.What factors affect the actual dispatch rate?
The queue’s dispatch rate is determined by the number of tasks, user-specified throttling (
rateLimits, retryConfig, queue state), and system throttling from 429/503 responses, high error rates, or traffic spikes.HTTP Targets & Authentication
What's the difference between OIDC and OAuth authentication for HTTP targets?
Both authenticate HTTP tasks using a service account. OIDC uses
oidcToken with serviceAccountEmail and audience. OAuth uses oauthToken with serviceAccountEmail and scope.How do I override HTTP request properties for tasks?
Configure
httpTarget with uriOverride (scheme, host, port, path, query params), headerOverrides, and httpMethod. Use uriOverrideEnforceMode to control when overrides apply.Queue State & Routing
How do I pause and resume a queue?
Set
desiredState to PAUSED to stop dispatching tasks (tasks can still be added), or RUNNING to resume dispatching.Can I route tasks to specific App Engine versions?
Yes, use
appEngineRoutingOverride to specify service, version, and instance for App Engine tasks in the queue.Using a different cloud?
Explore messaging guides for other cloud providers: