gcp.cloudfunctionsv2.Function
A Cloud Function that contains user computation executed in response to an event.
To get more information about function, see:
Example Usage
Cloudfunctions2 Basic Gcs
using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
// [START functions_v2_basic_gcs]
var source_bucket = new Gcp.Storage.Bucket("source-bucket", new()
{
Location = "US",
UniformBucketLevelAccess = true,
});
var @object = new Gcp.Storage.BucketObject("object", new()
{
Bucket = source_bucket.Name,
Source = new FileAsset("function-source.zip"),
});
// Add path to the zipped function source code
var trigger_bucket = new Gcp.Storage.Bucket("trigger-bucket", new()
{
Location = "us-central1",
UniformBucketLevelAccess = true,
});
var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();
// To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
// (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
var gcs_pubsub_publishing = new Gcp.Projects.IAMMember("gcs-pubsub-publishing", new()
{
Project = "my-project-name",
Role = "roles/pubsub.publisher",
Member = $"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult => getProjectServiceAccountResult.EmailAddress)}",
});
var account = new Gcp.ServiceAccount.Account("account", new()
{
AccountId = "gcf-sa",
DisplayName = "Test Service Account - used for both the cloud function and eventarc trigger in the test",
});
// Permissions on the service account used by the function and Eventarc trigger
var invoking = new Gcp.Projects.IAMMember("invoking", new()
{
Project = "my-project-name",
Role = "roles/run.invoker",
Member = account.Email.Apply(email => $"serviceAccount:{email}"),
}, new CustomResourceOptions
{
DependsOn = new[]
{
gcs_pubsub_publishing,
},
});
var event_receiving = new Gcp.Projects.IAMMember("event-receiving", new()
{
Project = "my-project-name",
Role = "roles/eventarc.eventReceiver",
Member = account.Email.Apply(email => $"serviceAccount:{email}"),
}, new CustomResourceOptions
{
DependsOn = new[]
{
invoking,
},
});
var artifactregistry_reader = new Gcp.Projects.IAMMember("artifactregistry-reader", new()
{
Project = "my-project-name",
Role = "roles/artifactregistry.reader",
Member = account.Email.Apply(email => $"serviceAccount:{email}"),
}, new CustomResourceOptions
{
DependsOn = new[]
{
event_receiving,
},
});
var function = new Gcp.CloudFunctionsV2.Function("function", new()
{
Location = "us-central1",
Description = "a new function",
BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs
{
Runtime = "nodejs12",
EntryPoint = "entryPoint",
EnvironmentVariables =
{
{ "BUILD_CONFIG_TEST", "build_test" },
},
Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs
{
StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs
{
Bucket = source_bucket.Name,
Object = @object.Name,
},
},
},
ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs
{
MaxInstanceCount = 3,
MinInstanceCount = 1,
AvailableMemory = "256M",
TimeoutSeconds = 60,
EnvironmentVariables =
{
{ "SERVICE_CONFIG_TEST", "config_test" },
},
IngressSettings = "ALLOW_INTERNAL_ONLY",
AllTrafficOnLatestRevision = true,
ServiceAccountEmail = account.Email,
},
EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs
{
TriggerRegion = "us-central1",
EventType = "google.cloud.storage.object.v1.finalized",
RetryPolicy = "RETRY_POLICY_RETRY",
ServiceAccountEmail = account.Email,
EventFilters = new[]
{
new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
{
Attribute = "bucket",
Value = trigger_bucket.Name,
},
},
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
event_receiving,
artifactregistry_reader,
},
});
});
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/cloudfunctionsv2"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewBucket(ctx, "source-bucket", &storage.BucketArgs{
Location: pulumi.String("US"),
UniformBucketLevelAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
object, err := storage.NewBucketObject(ctx, "object", &storage.BucketObjectArgs{
Bucket: source_bucket.Name,
Source: pulumi.NewFileAsset("function-source.zip"),
})
if err != nil {
return err
}
_, err = storage.NewBucket(ctx, "trigger-bucket", &storage.BucketArgs{
Location: pulumi.String("us-central1"),
UniformBucketLevelAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
gcsAccount, err := storage.GetProjectServiceAccount(ctx, nil, nil)
if err != nil {
return err
}
_, err = projects.NewIAMMember(ctx, "gcs-pubsub-publishing", &projects.IAMMemberArgs{
Project: pulumi.String("my-project-name"),
Role: pulumi.String("roles/pubsub.publisher"),
Member: pulumi.String(fmt.Sprintf("serviceAccount:%v", gcsAccount.EmailAddress)),
})
if err != nil {
return err
}
account, err := serviceAccount.NewAccount(ctx, "account", &serviceAccount.AccountArgs{
AccountId: pulumi.String("gcf-sa"),
DisplayName: pulumi.String("Test Service Account - used for both the cloud function and eventarc trigger in the test"),
})
if err != nil {
return err
}
invoking, err := projects.NewIAMMember(ctx, "invoking", &projects.IAMMemberArgs{
Project: pulumi.String("my-project-name"),
Role: pulumi.String("roles/run.invoker"),
Member: account.Email.ApplyT(func(email string) (string, error) {
return fmt.Sprintf("serviceAccount:%v", email), nil
}).(pulumi.StringOutput),
}, pulumi.DependsOn([]pulumi.Resource{
gcs_pubsub_publishing,
}))
if err != nil {
return err
}
_, err = projects.NewIAMMember(ctx, "event-receiving", &projects.IAMMemberArgs{
Project: pulumi.String("my-project-name"),
Role: pulumi.String("roles/eventarc.eventReceiver"),
Member: account.Email.ApplyT(func(email string) (string, error) {
return fmt.Sprintf("serviceAccount:%v", email), nil
}).(pulumi.StringOutput),
}, pulumi.DependsOn([]pulumi.Resource{
invoking,
}))
if err != nil {
return err
}
_, err = projects.NewIAMMember(ctx, "artifactregistry-reader", &projects.IAMMemberArgs{
Project: pulumi.String("my-project-name"),
Role: pulumi.String("roles/artifactregistry.reader"),
Member: account.Email.ApplyT(func(email string) (string, error) {
return fmt.Sprintf("serviceAccount:%v", email), nil
}).(pulumi.StringOutput),
}, pulumi.DependsOn([]pulumi.Resource{
event_receiving,
}))
if err != nil {
return err
}
_, err = cloudfunctionsv2.NewFunction(ctx, "function", &cloudfunctionsv2.FunctionArgs{
Location: pulumi.String("us-central1"),
Description: pulumi.String("a new function"),
BuildConfig: &cloudfunctionsv2.FunctionBuildConfigArgs{
Runtime: pulumi.String("nodejs12"),
EntryPoint: pulumi.String("entryPoint"),
EnvironmentVariables: pulumi.StringMap{
"BUILD_CONFIG_TEST": pulumi.String("build_test"),
},
Source: &cloudfunctionsv2.FunctionBuildConfigSourceArgs{
StorageSource: &cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{
Bucket: source_bucket.Name,
Object: object.Name,
},
},
},
ServiceConfig: &cloudfunctionsv2.FunctionServiceConfigArgs{
MaxInstanceCount: pulumi.Int(3),
MinInstanceCount: pulumi.Int(1),
AvailableMemory: pulumi.String("256M"),
TimeoutSeconds: pulumi.Int(60),
EnvironmentVariables: pulumi.StringMap{
"SERVICE_CONFIG_TEST": pulumi.String("config_test"),
},
IngressSettings: pulumi.String("ALLOW_INTERNAL_ONLY"),
AllTrafficOnLatestRevision: pulumi.Bool(true),
ServiceAccountEmail: account.Email,
},
EventTrigger: &cloudfunctionsv2.FunctionEventTriggerArgs{
TriggerRegion: pulumi.String("us-central1"),
EventType: pulumi.String("google.cloud.storage.object.v1.finalized"),
RetryPolicy: pulumi.String("RETRY_POLICY_RETRY"),
ServiceAccountEmail: account.Email,
EventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{
&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
Attribute: pulumi.String("bucket"),
Value: trigger_bucket.Name,
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
event_receiving,
artifactregistry_reader,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;
import com.pulumi.gcp.projects.IAMMember;
import com.pulumi.gcp.projects.IAMMemberArgs;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.cloudfunctionsv2.Function;
import com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;
import com.pulumi.resources.CustomResourceOptions;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var source_bucket = new Bucket("source-bucket", BucketArgs.builder()
.location("US")
.uniformBucketLevelAccess(true)
.build());
var object = new BucketObject("object", BucketObjectArgs.builder()
.bucket(source_bucket.name())
.source(new FileAsset("function-source.zip"))
.build());
var trigger_bucket = new Bucket("trigger-bucket", BucketArgs.builder()
.location("us-central1")
.uniformBucketLevelAccess(true)
.build());
final var gcsAccount = StorageFunctions.getProjectServiceAccount();
var gcs_pubsub_publishing = new IAMMember("gcs-pubsub-publishing", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/pubsub.publisher")
.member(String.format("serviceAccount:%s", gcsAccount.applyValue(getProjectServiceAccountResult -> getProjectServiceAccountResult.emailAddress())))
.build());
var account = new Account("account", AccountArgs.builder()
.accountId("gcf-sa")
.displayName("Test Service Account - used for both the cloud function and eventarc trigger in the test")
.build());
var invoking = new IAMMember("invoking", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/run.invoker")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(gcs_pubsub_publishing)
.build());
var event_receiving = new IAMMember("event-receiving", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/eventarc.eventReceiver")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(invoking)
.build());
var artifactregistry_reader = new IAMMember("artifactregistry-reader", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/artifactregistry.reader")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(event_receiving)
.build());
var function = new Function("function", FunctionArgs.builder()
.location("us-central1")
.description("a new function")
.buildConfig(FunctionBuildConfigArgs.builder()
.runtime("nodejs12")
.entryPoint("entryPoint")
.environmentVariables(Map.of("BUILD_CONFIG_TEST", "build_test"))
.source(FunctionBuildConfigSourceArgs.builder()
.storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()
.bucket(source_bucket.name())
.object(object.name())
.build())
.build())
.build())
.serviceConfig(FunctionServiceConfigArgs.builder()
.maxInstanceCount(3)
.minInstanceCount(1)
.availableMemory("256M")
.timeoutSeconds(60)
.environmentVariables(Map.of("SERVICE_CONFIG_TEST", "config_test"))
.ingressSettings("ALLOW_INTERNAL_ONLY")
.allTrafficOnLatestRevision(true)
.serviceAccountEmail(account.email())
.build())
.eventTrigger(FunctionEventTriggerArgs.builder()
.triggerRegion("us-central1")
.eventType("google.cloud.storage.object.v1.finalized")
.retryPolicy("RETRY_POLICY_RETRY")
.serviceAccountEmail(account.email())
.eventFilters(FunctionEventTriggerEventFilterArgs.builder()
.attribute("bucket")
.value(trigger_bucket.name())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
event_receiving,
artifactregistry_reader)
.build());
}
}
import pulumi
import pulumi_gcp as gcp
# [START functions_v2_basic_gcs]
source_bucket = gcp.storage.Bucket("source-bucket",
location="US",
uniform_bucket_level_access=True)
object = gcp.storage.BucketObject("object",
bucket=source_bucket.name,
source=pulumi.FileAsset("function-source.zip"))
# Add path to the zipped function source code
trigger_bucket = gcp.storage.Bucket("trigger-bucket",
location="us-central1",
uniform_bucket_level_access=True)
gcs_account = gcp.storage.get_project_service_account()
# To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
# (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
gcs_pubsub_publishing = gcp.projects.IAMMember("gcs-pubsub-publishing",
project="my-project-name",
role="roles/pubsub.publisher",
member=f"serviceAccount:{gcs_account.email_address}")
account = gcp.service_account.Account("account",
account_id="gcf-sa",
display_name="Test Service Account - used for both the cloud function and eventarc trigger in the test")
# Permissions on the service account used by the function and Eventarc trigger
invoking = gcp.projects.IAMMember("invoking",
project="my-project-name",
role="roles/run.invoker",
member=account.email.apply(lambda email: f"serviceAccount:{email}"),
opts=pulumi.ResourceOptions(depends_on=[gcs_pubsub_publishing]))
event_receiving = gcp.projects.IAMMember("event-receiving",
project="my-project-name",
role="roles/eventarc.eventReceiver",
member=account.email.apply(lambda email: f"serviceAccount:{email}"),
opts=pulumi.ResourceOptions(depends_on=[invoking]))
artifactregistry_reader = gcp.projects.IAMMember("artifactregistry-reader",
project="my-project-name",
role="roles/artifactregistry.reader",
member=account.email.apply(lambda email: f"serviceAccount:{email}"),
opts=pulumi.ResourceOptions(depends_on=[event_receiving]))
function = gcp.cloudfunctionsv2.Function("function",
location="us-central1",
description="a new function",
build_config=gcp.cloudfunctionsv2.FunctionBuildConfigArgs(
runtime="nodejs12",
entry_point="entryPoint",
environment_variables={
"BUILD_CONFIG_TEST": "build_test",
},
source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceArgs(
storage_source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs(
bucket=source_bucket.name,
object=object.name,
),
),
),
service_config=gcp.cloudfunctionsv2.FunctionServiceConfigArgs(
max_instance_count=3,
min_instance_count=1,
available_memory="256M",
timeout_seconds=60,
environment_variables={
"SERVICE_CONFIG_TEST": "config_test",
},
ingress_settings="ALLOW_INTERNAL_ONLY",
all_traffic_on_latest_revision=True,
service_account_email=account.email,
),
event_trigger=gcp.cloudfunctionsv2.FunctionEventTriggerArgs(
trigger_region="us-central1",
event_type="google.cloud.storage.object.v1.finalized",
retry_policy="RETRY_POLICY_RETRY",
service_account_email=account.email,
event_filters=[gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
attribute="bucket",
value=trigger_bucket.name,
)],
),
opts=pulumi.ResourceOptions(depends_on=[
event_receiving,
artifactregistry_reader,
]))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// [START functions_v2_basic_gcs]
const source_bucket = new gcp.storage.Bucket("source-bucket", {
location: "US",
uniformBucketLevelAccess: true,
});
const object = new gcp.storage.BucketObject("object", {
bucket: source_bucket.name,
source: new pulumi.asset.FileAsset("function-source.zip"),
});
// Add path to the zipped function source code
const trigger_bucket = new gcp.storage.Bucket("trigger-bucket", {
location: "us-central1",
uniformBucketLevelAccess: true,
});
const gcsAccount = gcp.storage.getProjectServiceAccount({});
// To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
// (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
const gcs_pubsub_publishing = new gcp.projects.IAMMember("gcs-pubsub-publishing", {
project: "my-project-name",
role: "roles/pubsub.publisher",
member: gcsAccount.then(gcsAccount => `serviceAccount:${gcsAccount.emailAddress}`),
});
const account = new gcp.serviceaccount.Account("account", {
accountId: "gcf-sa",
displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test",
});
// Permissions on the service account used by the function and Eventarc trigger
const invoking = new gcp.projects.IAMMember("invoking", {
project: "my-project-name",
role: "roles/run.invoker",
member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
dependsOn: [gcs_pubsub_publishing],
});
const event_receiving = new gcp.projects.IAMMember("event-receiving", {
project: "my-project-name",
role: "roles/eventarc.eventReceiver",
member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
dependsOn: [invoking],
});
const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", {
project: "my-project-name",
role: "roles/artifactregistry.reader",
member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
dependsOn: [event_receiving],
});
const _function = new gcp.cloudfunctionsv2.Function("function", {
location: "us-central1",
description: "a new function",
buildConfig: {
runtime: "nodejs12",
entryPoint: "entryPoint",
environmentVariables: {
BUILD_CONFIG_TEST: "build_test",
},
source: {
storageSource: {
bucket: source_bucket.name,
object: object.name,
},
},
},
serviceConfig: {
maxInstanceCount: 3,
minInstanceCount: 1,
availableMemory: "256M",
timeoutSeconds: 60,
environmentVariables: {
SERVICE_CONFIG_TEST: "config_test",
},
ingressSettings: "ALLOW_INTERNAL_ONLY",
allTrafficOnLatestRevision: true,
serviceAccountEmail: account.email,
},
eventTrigger: {
triggerRegion: "us-central1",
eventType: "google.cloud.storage.object.v1.finalized",
retryPolicy: "RETRY_POLICY_RETRY",
serviceAccountEmail: account.email,
eventFilters: [{
attribute: "bucket",
value: trigger_bucket.name,
}],
},
}, {
dependsOn: [
event_receiving,
artifactregistry_reader,
],
});
resources:
# [START functions_v2_basic_gcs]
source-bucket:
type: gcp:storage:Bucket
properties:
location: US
uniformBucketLevelAccess: true
object:
type: gcp:storage:BucketObject
properties:
bucket: ${["source-bucket"].name}
source:
fn::FileAsset: function-source.zip
trigger-bucket:
type: gcp:storage:Bucket
properties:
location: us-central1
# The trigger must be in the same location as the bucket
uniformBucketLevelAccess: true
# To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
# (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
gcs-pubsub-publishing:
type: gcp:projects:IAMMember
properties:
project: my-project-name
role: roles/pubsub.publisher
member: serviceAccount:${gcsAccount.emailAddress}
account:
type: gcp:serviceAccount:Account
properties:
accountId: gcf-sa
displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test
# Permissions on the service account used by the function and Eventarc trigger
invoking:
type: gcp:projects:IAMMember
properties:
project: my-project-name
role: roles/run.invoker
member: serviceAccount:${account.email}
options:
dependson:
- ${["gcs-pubsub-publishing"]}
event-receiving:
type: gcp:projects:IAMMember
properties:
project: my-project-name
role: roles/eventarc.eventReceiver
member: serviceAccount:${account.email}
options:
dependson:
- ${invoking}
artifactregistry-reader:
type: gcp:projects:IAMMember
properties:
project: my-project-name
role: roles/artifactregistry.reader
member: serviceAccount:${account.email}
options:
dependson:
- ${["event-receiving"]}
function:
type: gcp:cloudfunctionsv2:Function
properties:
location: us-central1
description: a new function
buildConfig:
runtime: nodejs12
entryPoint: entryPoint
environmentVariables:
BUILD_CONFIG_TEST: build_test
source:
storageSource:
bucket: ${["source-bucket"].name}
object: ${object.name}
serviceConfig:
maxInstanceCount: 3
minInstanceCount: 1
availableMemory: 256M
timeoutSeconds: 60
environmentVariables:
SERVICE_CONFIG_TEST: config_test
ingressSettings: ALLOW_INTERNAL_ONLY
allTrafficOnLatestRevision: true
serviceAccountEmail: ${account.email}
eventTrigger:
triggerRegion: us-central1
eventType: google.cloud.storage.object.v1.finalized
retryPolicy: RETRY_POLICY_RETRY
serviceAccountEmail: ${account.email}
eventFilters:
- attribute: bucket
value: ${["trigger-bucket"].name}
options:
dependson:
- ${["event-receiving"]}
- ${["artifactregistry-reader"]}
variables:
gcsAccount:
fn::invoke:
Function: gcp:storage:getProjectServiceAccount
Arguments: {}
Cloudfunctions2 Basic Auditlogs
using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
// [START functions_v2_basic_auditlogs]
// This example follows the examples shown in this Google Cloud Community blog post
// https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
// and the docs:
// https://cloud.google.com/eventarc/docs/path-patterns
var source_bucket = new Gcp.Storage.Bucket("source-bucket", new()
{
Location = "US",
UniformBucketLevelAccess = true,
});
var @object = new Gcp.Storage.BucketObject("object", new()
{
Bucket = source_bucket.Name,
Source = new FileAsset("function-source.zip"),
});
// Add path to the zipped function source code
var account = new Gcp.ServiceAccount.Account("account", new()
{
AccountId = "gcf-sa",
DisplayName = "Test Service Account - used for both the cloud function and eventarc trigger in the test",
});
// Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
// Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
// google_cloudfunctions2_function below (Audit Log events have path pattern support)
var audit_log_bucket = new Gcp.Storage.Bucket("audit-log-bucket", new()
{
Location = "us-central1",
UniformBucketLevelAccess = true,
});
// Permissions on the service account used by the function and Eventarc trigger
var invoking = new Gcp.Projects.IAMMember("invoking", new()
{
Project = "my-project-name",
Role = "roles/run.invoker",
Member = account.Email.Apply(email => $"serviceAccount:{email}"),
});
var event_receiving = new Gcp.Projects.IAMMember("event-receiving", new()
{
Project = "my-project-name",
Role = "roles/eventarc.eventReceiver",
Member = account.Email.Apply(email => $"serviceAccount:{email}"),
}, new CustomResourceOptions
{
DependsOn = new[]
{
invoking,
},
});
var artifactregistry_reader = new Gcp.Projects.IAMMember("artifactregistry-reader", new()
{
Project = "my-project-name",
Role = "roles/artifactregistry.reader",
Member = account.Email.Apply(email => $"serviceAccount:{email}"),
}, new CustomResourceOptions
{
DependsOn = new[]
{
event_receiving,
},
});
var function = new Gcp.CloudFunctionsV2.Function("function", new()
{
Location = "us-central1",
Description = "a new function",
BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs
{
Runtime = "nodejs12",
EntryPoint = "entryPoint",
EnvironmentVariables =
{
{ "BUILD_CONFIG_TEST", "build_test" },
},
Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs
{
StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs
{
Bucket = source_bucket.Name,
Object = @object.Name,
},
},
},
ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs
{
MaxInstanceCount = 3,
MinInstanceCount = 1,
AvailableMemory = "256M",
TimeoutSeconds = 60,
EnvironmentVariables =
{
{ "SERVICE_CONFIG_TEST", "config_test" },
},
IngressSettings = "ALLOW_INTERNAL_ONLY",
AllTrafficOnLatestRevision = true,
ServiceAccountEmail = account.Email,
},
EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs
{
TriggerRegion = "us-central1",
EventType = "google.cloud.audit.log.v1.written",
RetryPolicy = "RETRY_POLICY_RETRY",
ServiceAccountEmail = account.Email,
EventFilters = new[]
{
new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
{
Attribute = "serviceName",
Value = "storage.googleapis.com",
},
new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
{
Attribute = "methodName",
Value = "storage.objects.create",
},
new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
{
Attribute = "resourceName",
Value = audit_log_bucket.Name.Apply(name => $"/projects/_/buckets/{name}/objects/*.txt"),
Operator = "match-path-pattern",
},
},
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
event_receiving,
artifactregistry_reader,
},
});
});
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/cloudfunctionsv2"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewBucket(ctx, "source-bucket", &storage.BucketArgs{
Location: pulumi.String("US"),
UniformBucketLevelAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
object, err := storage.NewBucketObject(ctx, "object", &storage.BucketObjectArgs{
Bucket: source_bucket.Name,
Source: pulumi.NewFileAsset("function-source.zip"),
})
if err != nil {
return err
}
account, err := serviceAccount.NewAccount(ctx, "account", &serviceAccount.AccountArgs{
AccountId: pulumi.String("gcf-sa"),
DisplayName: pulumi.String("Test Service Account - used for both the cloud function and eventarc trigger in the test"),
})
if err != nil {
return err
}
_, err = storage.NewBucket(ctx, "audit-log-bucket", &storage.BucketArgs{
Location: pulumi.String("us-central1"),
UniformBucketLevelAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
invoking, err := projects.NewIAMMember(ctx, "invoking", &projects.IAMMemberArgs{
Project: pulumi.String("my-project-name"),
Role: pulumi.String("roles/run.invoker"),
Member: account.Email.ApplyT(func(email string) (string, error) {
return fmt.Sprintf("serviceAccount:%v", email), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
_, err = projects.NewIAMMember(ctx, "event-receiving", &projects.IAMMemberArgs{
Project: pulumi.String("my-project-name"),
Role: pulumi.String("roles/eventarc.eventReceiver"),
Member: account.Email.ApplyT(func(email string) (string, error) {
return fmt.Sprintf("serviceAccount:%v", email), nil
}).(pulumi.StringOutput),
}, pulumi.DependsOn([]pulumi.Resource{
invoking,
}))
if err != nil {
return err
}
_, err = projects.NewIAMMember(ctx, "artifactregistry-reader", &projects.IAMMemberArgs{
Project: pulumi.String("my-project-name"),
Role: pulumi.String("roles/artifactregistry.reader"),
Member: account.Email.ApplyT(func(email string) (string, error) {
return fmt.Sprintf("serviceAccount:%v", email), nil
}).(pulumi.StringOutput),
}, pulumi.DependsOn([]pulumi.Resource{
event_receiving,
}))
if err != nil {
return err
}
_, err = cloudfunctionsv2.NewFunction(ctx, "function", &cloudfunctionsv2.FunctionArgs{
Location: pulumi.String("us-central1"),
Description: pulumi.String("a new function"),
BuildConfig: &cloudfunctionsv2.FunctionBuildConfigArgs{
Runtime: pulumi.String("nodejs12"),
EntryPoint: pulumi.String("entryPoint"),
EnvironmentVariables: pulumi.StringMap{
"BUILD_CONFIG_TEST": pulumi.String("build_test"),
},
Source: &cloudfunctionsv2.FunctionBuildConfigSourceArgs{
StorageSource: &cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{
Bucket: source_bucket.Name,
Object: object.Name,
},
},
},
ServiceConfig: &cloudfunctionsv2.FunctionServiceConfigArgs{
MaxInstanceCount: pulumi.Int(3),
MinInstanceCount: pulumi.Int(1),
AvailableMemory: pulumi.String("256M"),
TimeoutSeconds: pulumi.Int(60),
EnvironmentVariables: pulumi.StringMap{
"SERVICE_CONFIG_TEST": pulumi.String("config_test"),
},
IngressSettings: pulumi.String("ALLOW_INTERNAL_ONLY"),
AllTrafficOnLatestRevision: pulumi.Bool(true),
ServiceAccountEmail: account.Email,
},
EventTrigger: &cloudfunctionsv2.FunctionEventTriggerArgs{
TriggerRegion: pulumi.String("us-central1"),
EventType: pulumi.String("google.cloud.audit.log.v1.written"),
RetryPolicy: pulumi.String("RETRY_POLICY_RETRY"),
ServiceAccountEmail: account.Email,
EventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{
&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
Attribute: pulumi.String("serviceName"),
Value: pulumi.String("storage.googleapis.com"),
},
&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
Attribute: pulumi.String("methodName"),
Value: pulumi.String("storage.objects.create"),
},
&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
Attribute: pulumi.String("resourceName"),
Value: audit_log_bucket.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("/projects/_/buckets/%v/objects/*.txt", name), nil
}).(pulumi.StringOutput),
Operator: pulumi.String("match-path-pattern"),
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
event_receiving,
artifactregistry_reader,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.projects.IAMMember;
import com.pulumi.gcp.projects.IAMMemberArgs;
import com.pulumi.gcp.cloudfunctionsv2.Function;
import com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;
import com.pulumi.resources.CustomResourceOptions;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var source_bucket = new Bucket("source-bucket", BucketArgs.builder()
.location("US")
.uniformBucketLevelAccess(true)
.build());
var object = new BucketObject("object", BucketObjectArgs.builder()
.bucket(source_bucket.name())
.source(new FileAsset("function-source.zip"))
.build());
var account = new Account("account", AccountArgs.builder()
.accountId("gcf-sa")
.displayName("Test Service Account - used for both the cloud function and eventarc trigger in the test")
.build());
var audit_log_bucket = new Bucket("audit-log-bucket", BucketArgs.builder()
.location("us-central1")
.uniformBucketLevelAccess(true)
.build());
var invoking = new IAMMember("invoking", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/run.invoker")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build());
var event_receiving = new IAMMember("event-receiving", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/eventarc.eventReceiver")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(invoking)
.build());
var artifactregistry_reader = new IAMMember("artifactregistry-reader", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/artifactregistry.reader")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(event_receiving)
.build());
var function = new Function("function", FunctionArgs.builder()
.location("us-central1")
.description("a new function")
.buildConfig(FunctionBuildConfigArgs.builder()
.runtime("nodejs12")
.entryPoint("entryPoint")
.environmentVariables(Map.of("BUILD_CONFIG_TEST", "build_test"))
.source(FunctionBuildConfigSourceArgs.builder()
.storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()
.bucket(source_bucket.name())
.object(object.name())
.build())
.build())
.build())
.serviceConfig(FunctionServiceConfigArgs.builder()
.maxInstanceCount(3)
.minInstanceCount(1)
.availableMemory("256M")
.timeoutSeconds(60)
.environmentVariables(Map.of("SERVICE_CONFIG_TEST", "config_test"))
.ingressSettings("ALLOW_INTERNAL_ONLY")
.allTrafficOnLatestRevision(true)
.serviceAccountEmail(account.email())
.build())
.eventTrigger(FunctionEventTriggerArgs.builder()
.triggerRegion("us-central1")
.eventType("google.cloud.audit.log.v1.written")
.retryPolicy("RETRY_POLICY_RETRY")
.serviceAccountEmail(account.email())
.eventFilters(
FunctionEventTriggerEventFilterArgs.builder()
.attribute("serviceName")
.value("storage.googleapis.com")
.build(),
FunctionEventTriggerEventFilterArgs.builder()
.attribute("methodName")
.value("storage.objects.create")
.build(),
FunctionEventTriggerEventFilterArgs.builder()
.attribute("resourceName")
.value(audit_log_bucket.name().applyValue(name -> String.format("/projects/_/buckets/%s/objects/*.txt", name)))
.operator("match-path-pattern")
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
event_receiving,
artifactregistry_reader)
.build());
}
}
import pulumi
import pulumi_gcp as gcp
# [START functions_v2_basic_auditlogs]
# This example follows the examples shown in this Google Cloud Community blog post
# https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
# and the docs:
# https://cloud.google.com/eventarc/docs/path-patterns
source_bucket = gcp.storage.Bucket("source-bucket",
location="US",
uniform_bucket_level_access=True)
object = gcp.storage.BucketObject("object",
bucket=source_bucket.name,
source=pulumi.FileAsset("function-source.zip"))
# Add path to the zipped function source code
account = gcp.service_account.Account("account",
account_id="gcf-sa",
display_name="Test Service Account - used for both the cloud function and eventarc trigger in the test")
# Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
# Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
# google_cloudfunctions2_function below (Audit Log events have path pattern support)
audit_log_bucket = gcp.storage.Bucket("audit-log-bucket",
location="us-central1",
uniform_bucket_level_access=True)
# Permissions on the service account used by the function and Eventarc trigger
invoking = gcp.projects.IAMMember("invoking",
project="my-project-name",
role="roles/run.invoker",
member=account.email.apply(lambda email: f"serviceAccount:{email}"))
event_receiving = gcp.projects.IAMMember("event-receiving",
project="my-project-name",
role="roles/eventarc.eventReceiver",
member=account.email.apply(lambda email: f"serviceAccount:{email}"),
opts=pulumi.ResourceOptions(depends_on=[invoking]))
artifactregistry_reader = gcp.projects.IAMMember("artifactregistry-reader",
project="my-project-name",
role="roles/artifactregistry.reader",
member=account.email.apply(lambda email: f"serviceAccount:{email}"),
opts=pulumi.ResourceOptions(depends_on=[event_receiving]))
function = gcp.cloudfunctionsv2.Function("function",
location="us-central1",
description="a new function",
build_config=gcp.cloudfunctionsv2.FunctionBuildConfigArgs(
runtime="nodejs12",
entry_point="entryPoint",
environment_variables={
"BUILD_CONFIG_TEST": "build_test",
},
source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceArgs(
storage_source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs(
bucket=source_bucket.name,
object=object.name,
),
),
),
service_config=gcp.cloudfunctionsv2.FunctionServiceConfigArgs(
max_instance_count=3,
min_instance_count=1,
available_memory="256M",
timeout_seconds=60,
environment_variables={
"SERVICE_CONFIG_TEST": "config_test",
},
ingress_settings="ALLOW_INTERNAL_ONLY",
all_traffic_on_latest_revision=True,
service_account_email=account.email,
),
event_trigger=gcp.cloudfunctionsv2.FunctionEventTriggerArgs(
trigger_region="us-central1",
event_type="google.cloud.audit.log.v1.written",
retry_policy="RETRY_POLICY_RETRY",
service_account_email=account.email,
event_filters=[
gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
attribute="serviceName",
value="storage.googleapis.com",
),
gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
attribute="methodName",
value="storage.objects.create",
),
gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
attribute="resourceName",
value=audit_log_bucket.name.apply(lambda name: f"/projects/_/buckets/{name}/objects/*.txt"),
operator="match-path-pattern",
),
],
),
opts=pulumi.ResourceOptions(depends_on=[
event_receiving,
artifactregistry_reader,
]))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// [START functions_v2_basic_auditlogs]
// This example follows the examples shown in this Google Cloud Community blog post
// https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
// and the docs:
// https://cloud.google.com/eventarc/docs/path-patterns
const source_bucket = new gcp.storage.Bucket("source-bucket", {
location: "US",
uniformBucketLevelAccess: true,
});
const object = new gcp.storage.BucketObject("object", {
bucket: source_bucket.name,
source: new pulumi.asset.FileAsset("function-source.zip"),
});
// Add path to the zipped function source code
const account = new gcp.serviceaccount.Account("account", {
accountId: "gcf-sa",
displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test",
});
// Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
// Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
// google_cloudfunctions2_function below (Audit Log events have path pattern support)
const audit_log_bucket = new gcp.storage.Bucket("audit-log-bucket", {
location: "us-central1",
uniformBucketLevelAccess: true,
});
// Permissions on the service account used by the function and Eventarc trigger
const invoking = new gcp.projects.IAMMember("invoking", {
project: "my-project-name",
role: "roles/run.invoker",
member: pulumi.interpolate`serviceAccount:${account.email}`,
});
const event_receiving = new gcp.projects.IAMMember("event-receiving", {
project: "my-project-name",
role: "roles/eventarc.eventReceiver",
member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
dependsOn: [invoking],
});
const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", {
project: "my-project-name",
role: "roles/artifactregistry.reader",
member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
dependsOn: [event_receiving],
});
const _function = new gcp.cloudfunctionsv2.Function("function", {
location: "us-central1",
description: "a new function",
buildConfig: {
runtime: "nodejs12",
entryPoint: "entryPoint",
environmentVariables: {
BUILD_CONFIG_TEST: "build_test",
},
source: {
storageSource: {
bucket: source_bucket.name,
object: object.name,
},
},
},
serviceConfig: {
maxInstanceCount: 3,
minInstanceCount: 1,
availableMemory: "256M",
timeoutSeconds: 60,
environmentVariables: {
SERVICE_CONFIG_TEST: "config_test",
},
ingressSettings: "ALLOW_INTERNAL_ONLY",
allTrafficOnLatestRevision: true,
serviceAccountEmail: account.email,
},
eventTrigger: {
triggerRegion: "us-central1",
eventType: "google.cloud.audit.log.v1.written",
retryPolicy: "RETRY_POLICY_RETRY",
serviceAccountEmail: account.email,
eventFilters: [
{
attribute: "serviceName",
value: "storage.googleapis.com",
},
{
attribute: "methodName",
value: "storage.objects.create",
},
{
attribute: "resourceName",
value: pulumi.interpolate`/projects/_/buckets/${audit_log_bucket.name}/objects/*.txt`,
operator: "match-path-pattern",
},
],
},
}, {
dependsOn: [
event_receiving,
artifactregistry_reader,
],
});
resources:
# [START functions_v2_basic_auditlogs]
# This example follows the examples shown in this Google Cloud Community blog post
# https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
# and the docs:
# https://cloud.google.com/eventarc/docs/path-patterns
source-bucket:
type: gcp:storage:Bucket
properties:
location: US
uniformBucketLevelAccess: true
object:
type: gcp:storage:BucketObject
properties:
bucket: ${["source-bucket"].name}
source:
fn::FileAsset: function-source.zip
account:
type: gcp:serviceAccount:Account
properties:
accountId: gcf-sa
displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test
# Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
# Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
# google_cloudfunctions2_function below (Audit Log events have path pattern support)
audit-log-bucket:
type: gcp:storage:Bucket
properties:
location: us-central1
# The trigger must be in the same location as the bucket
uniformBucketLevelAccess: true
# Permissions on the service account used by the function and Eventarc trigger
invoking:
type: gcp:projects:IAMMember
properties:
project: my-project-name
role: roles/run.invoker
member: serviceAccount:${account.email}
event-receiving:
type: gcp:projects:IAMMember
properties:
project: my-project-name
role: roles/eventarc.eventReceiver
member: serviceAccount:${account.email}
options:
dependson:
- ${invoking}
artifactregistry-reader:
type: gcp:projects:IAMMember
properties:
project: my-project-name
role: roles/artifactregistry.reader
member: serviceAccount:${account.email}
options:
dependson:
- ${["event-receiving"]}
function:
type: gcp:cloudfunctionsv2:Function
properties:
location: us-central1
description: a new function
buildConfig:
runtime: nodejs12
entryPoint: entryPoint
environmentVariables:
BUILD_CONFIG_TEST: build_test
source:
storageSource:
bucket: ${["source-bucket"].name}
object: ${object.name}
serviceConfig:
maxInstanceCount: 3
minInstanceCount: 1
availableMemory: 256M
timeoutSeconds: 60
environmentVariables:
SERVICE_CONFIG_TEST: config_test
ingressSettings: ALLOW_INTERNAL_ONLY
allTrafficOnLatestRevision: true
serviceAccountEmail: ${account.email}
eventTrigger:
triggerRegion: us-central1
eventType: google.cloud.audit.log.v1.written
retryPolicy: RETRY_POLICY_RETRY
serviceAccountEmail: ${account.email}
eventFilters:
- attribute: serviceName
value: storage.googleapis.com
- attribute: methodName
value: storage.objects.create
- attribute: resourceName
value: /projects/_/buckets/${["audit-log-bucket"].name}/objects/*.txt
operator: match-path-pattern
options:
dependson:
- ${["event-receiving"]}
- ${["artifactregistry-reader"]}
Create Function Resource
new Function(name: string, args?: FunctionArgs, opts?: CustomResourceOptions);@overload
def Function(resource_name: str,
opts: Optional[ResourceOptions] = None,
build_config: Optional[FunctionBuildConfigArgs] = None,
description: Optional[str] = None,
event_trigger: Optional[FunctionEventTriggerArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
service_config: Optional[FunctionServiceConfigArgs] = None)
@overload
def Function(resource_name: str,
args: Optional[FunctionArgs] = None,
opts: Optional[ResourceOptions] = None)func NewFunction(ctx *Context, name string, args *FunctionArgs, opts ...ResourceOption) (*Function, error)public Function(string name, FunctionArgs? args = null, CustomResourceOptions? opts = null)
public Function(String name, FunctionArgs args)
public Function(String name, FunctionArgs args, CustomResourceOptions options)
type: gcp:cloudfunctionsv2:Function
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FunctionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Function Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Function resource accepts the following input properties:
- Build
Config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- Description string
User-provided description of a function.
- Event
Trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- Labels Dictionary<string, string>
A set of key/value label pairs associated with this Cloud Function.
- Location string
The location of this cloud function.
- Name string
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- Build
Config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- Description string
User-provided description of a function.
- Event
Trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- Labels map[string]string
A set of key/value label pairs associated with this Cloud Function.
- Location string
The location of this cloud function.
- Name string
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- build
Config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- description String
User-provided description of a function.
- event
Trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- labels Map<String,String>
A set of key/value label pairs associated with this Cloud Function.
- location String
The location of this cloud function.
- name String
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- build
Config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- description string
User-provided description of a function.
- event
Trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- labels {[key: string]: string}
A set of key/value label pairs associated with this Cloud Function.
- location string
The location of this cloud function.
- name string
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- build_
config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- description str
User-provided description of a function.
- event_
trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- labels Mapping[str, str]
A set of key/value label pairs associated with this Cloud Function.
- location str
The location of this cloud function.
- name str
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service_
config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- build
Config Property Map Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- description String
User-provided description of a function.
- event
Trigger Property Map An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- labels Map<String>
A set of key/value label pairs associated with this Cloud Function.
- location String
The location of this cloud function.
- name String
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Config Property Map Describes the Service being deployed. Structure is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:
- Environment string
The environment the function is hosted on.
- Id string
The provider-assigned unique ID for this managed resource.
- State string
Describes the current state of the function.
- Update
Time string The last update timestamp of a Cloud Function.
- Environment string
The environment the function is hosted on.
- Id string
The provider-assigned unique ID for this managed resource.
- State string
Describes the current state of the function.
- Update
Time string The last update timestamp of a Cloud Function.
- environment String
The environment the function is hosted on.
- id String
The provider-assigned unique ID for this managed resource.
- state String
Describes the current state of the function.
- update
Time String The last update timestamp of a Cloud Function.
- environment string
The environment the function is hosted on.
- id string
The provider-assigned unique ID for this managed resource.
- state string
Describes the current state of the function.
- update
Time string The last update timestamp of a Cloud Function.
- environment str
The environment the function is hosted on.
- id str
The provider-assigned unique ID for this managed resource.
- state str
Describes the current state of the function.
- update_
time str The last update timestamp of a Cloud Function.
- environment String
The environment the function is hosted on.
- id String
The provider-assigned unique ID for this managed resource.
- state String
Describes the current state of the function.
- update
Time String The last update timestamp of a Cloud Function.
Look up Existing Function Resource
Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
build_config: Optional[FunctionBuildConfigArgs] = None,
description: Optional[str] = None,
environment: Optional[str] = None,
event_trigger: Optional[FunctionEventTriggerArgs] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
service_config: Optional[FunctionServiceConfigArgs] = None,
state: Optional[str] = None,
update_time: Optional[str] = None) -> Functionfunc GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Build
Config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- Description string
User-provided description of a function.
- Environment string
The environment the function is hosted on.
- Event
Trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- Labels Dictionary<string, string>
A set of key/value label pairs associated with this Cloud Function.
- Location string
The location of this cloud function.
- Name string
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- State string
Describes the current state of the function.
- Update
Time string The last update timestamp of a Cloud Function.
- Build
Config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- Description string
User-provided description of a function.
- Environment string
The environment the function is hosted on.
- Event
Trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- Labels map[string]string
A set of key/value label pairs associated with this Cloud Function.
- Location string
The location of this cloud function.
- Name string
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- State string
Describes the current state of the function.
- Update
Time string The last update timestamp of a Cloud Function.
- build
Config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- description String
User-provided description of a function.
- environment String
The environment the function is hosted on.
- event
Trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- labels Map<String,String>
A set of key/value label pairs associated with this Cloud Function.
- location String
The location of this cloud function.
- name String
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- state String
Describes the current state of the function.
- update
Time String The last update timestamp of a Cloud Function.
- build
Config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- description string
User-provided description of a function.
- environment string
The environment the function is hosted on.
- event
Trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- labels {[key: string]: string}
A set of key/value label pairs associated with this Cloud Function.
- location string
The location of this cloud function.
- name string
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- state string
Describes the current state of the function.
- update
Time string The last update timestamp of a Cloud Function.
- build_
config FunctionBuild Config Args Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- description str
User-provided description of a function.
- environment str
The environment the function is hosted on.
- event_
trigger FunctionEvent Trigger Args An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- labels Mapping[str, str]
A set of key/value label pairs associated with this Cloud Function.
- location str
The location of this cloud function.
- name str
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service_
config FunctionService Config Args Describes the Service being deployed. Structure is documented below.
- state str
Describes the current state of the function.
- update_
time str The last update timestamp of a Cloud Function.
- build
Config Property Map Describes the Build step of the function that builds a container from the given source. Structure is documented below.
- description String
User-provided description of a function.
- environment String
The environment the function is hosted on.
- event
Trigger Property Map An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
- labels Map<String>
A set of key/value label pairs associated with this Cloud Function.
- location String
The location of this cloud function.
- name String
A user-defined name of the function. Function names must be unique globally and match pattern
projects/*/locations/*/functions/*.- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Config Property Map Describes the Service being deployed. Structure is documented below.
- state String
Describes the current state of the function.
- update
Time String The last update timestamp of a Cloud Function.
Supporting Types
FunctionBuildConfig
- Build string
(Output) The Cloud Build name of the latest successful deployment of the function.
- Docker
Repository string User managed repository created in Artifact Registry optionally with a customer managed encryption key.
- Entry
Point string The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.
- Environment
Variables Dictionary<string, string> User-provided build-time environment variables for the function.
- Runtime string
The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.
- Source
Function
Build Config Source The location of the function source code. Structure is documented below.
- Worker
Pool string Name of the Cloud Build Custom Worker Pool that should be used to build the function.
- Build string
(Output) The Cloud Build name of the latest successful deployment of the function.
- Docker
Repository string User managed repository created in Artifact Registry optionally with a customer managed encryption key.
- Entry
Point string The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.
- Environment
Variables map[string]string User-provided build-time environment variables for the function.
- Runtime string
The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.
- Source
Function
Build Config Source The location of the function source code. Structure is documented below.
- Worker
Pool string Name of the Cloud Build Custom Worker Pool that should be used to build the function.
- build String
(Output) The Cloud Build name of the latest successful deployment of the function.
- docker
Repository String User managed repository created in Artifact Registry optionally with a customer managed encryption key.
- entry
Point String The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.
- environment
Variables Map<String,String> User-provided build-time environment variables for the function.
- runtime String
The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.
- source
Function
Build Config Source The location of the function source code. Structure is documented below.
- worker
Pool String Name of the Cloud Build Custom Worker Pool that should be used to build the function.
- build string
(Output) The Cloud Build name of the latest successful deployment of the function.
- docker
Repository string User managed repository created in Artifact Registry optionally with a customer managed encryption key.
- entry
Point string The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.
- environment
Variables {[key: string]: string} User-provided build-time environment variables for the function.
- runtime string
The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.
- source
Function
Build Config Source The location of the function source code. Structure is documented below.
- worker
Pool string Name of the Cloud Build Custom Worker Pool that should be used to build the function.
- build str
(Output) The Cloud Build name of the latest successful deployment of the function.
- docker_
repository str User managed repository created in Artifact Registry optionally with a customer managed encryption key.
- entry_
point str The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.
- environment_
variables Mapping[str, str] User-provided build-time environment variables for the function.
- runtime str
The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.
- source
Function
Build Config Source The location of the function source code. Structure is documented below.
- worker_
pool str Name of the Cloud Build Custom Worker Pool that should be used to build the function.
- build String
(Output) The Cloud Build name of the latest successful deployment of the function.
- docker
Repository String User managed repository created in Artifact Registry optionally with a customer managed encryption key.
- entry
Point String The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.
- environment
Variables Map<String> User-provided build-time environment variables for the function.
- runtime String
The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.
- source Property Map
The location of the function source code. Structure is documented below.
- worker
Pool String Name of the Cloud Build Custom Worker Pool that should be used to build the function.
FunctionBuildConfigSource
- Repo
Source FunctionBuild Config Source Repo Source If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.
- Storage
Source FunctionBuild Config Source Storage Source If provided, get the source from this location in Google Cloud Storage. Structure is documented below.
- Repo
Source FunctionBuild Config Source Repo Source If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.
- Storage
Source FunctionBuild Config Source Storage Source If provided, get the source from this location in Google Cloud Storage. Structure is documented below.
- repo
Source FunctionBuild Config Source Repo Source If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.
- storage
Source FunctionBuild Config Source Storage Source If provided, get the source from this location in Google Cloud Storage. Structure is documented below.
- repo
Source FunctionBuild Config Source Repo Source If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.
- storage
Source FunctionBuild Config Source Storage Source If provided, get the source from this location in Google Cloud Storage. Structure is documented below.
- repo_
source FunctionBuild Config Source Repo Source If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.
- storage_
source FunctionBuild Config Source Storage Source If provided, get the source from this location in Google Cloud Storage. Structure is documented below.
- repo
Source Property Map If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.
- storage
Source Property Map If provided, get the source from this location in Google Cloud Storage. Structure is documented below.
FunctionBuildConfigSourceRepoSource
- Branch
Name string Regex matching branches to build.
- Commit
Sha string Regex matching tags to build.
- Dir string
Directory, relative to the source root, in which to run the build.
- Invert
Regex bool Only trigger a build if the revision regex does NOT match the revision regex.
- Project
Id string ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.
- Repo
Name string Name of the Cloud Source Repository.
- Tag
Name string Regex matching tags to build.
- Branch
Name string Regex matching branches to build.
- Commit
Sha string Regex matching tags to build.
- Dir string
Directory, relative to the source root, in which to run the build.
- Invert
Regex bool Only trigger a build if the revision regex does NOT match the revision regex.
- Project
Id string ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.
- Repo
Name string Name of the Cloud Source Repository.
- Tag
Name string Regex matching tags to build.
- branch
Name String Regex matching branches to build.
- commit
Sha String Regex matching tags to build.
- dir String
Directory, relative to the source root, in which to run the build.
- invert
Regex Boolean Only trigger a build if the revision regex does NOT match the revision regex.
- project
Id String ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.
- repo
Name String Name of the Cloud Source Repository.
- tag
Name String Regex matching tags to build.
- branch
Name string Regex matching branches to build.
- commit
Sha string Regex matching tags to build.
- dir string
Directory, relative to the source root, in which to run the build.
- invert
Regex boolean Only trigger a build if the revision regex does NOT match the revision regex.
- project
Id string ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.
- repo
Name string Name of the Cloud Source Repository.
- tag
Name string Regex matching tags to build.
- branch_
name str Regex matching branches to build.
- commit_
sha str Regex matching tags to build.
- dir str
Directory, relative to the source root, in which to run the build.
- invert_
regex bool Only trigger a build if the revision regex does NOT match the revision regex.
- project_
id str ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.
- repo_
name str Name of the Cloud Source Repository.
- tag_
name str Regex matching tags to build.
- branch
Name String Regex matching branches to build.
- commit
Sha String Regex matching tags to build.
- dir String
Directory, relative to the source root, in which to run the build.
- invert
Regex Boolean Only trigger a build if the revision regex does NOT match the revision regex.
- project
Id String ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.
- repo
Name String Name of the Cloud Source Repository.
- tag
Name String Regex matching tags to build.
FunctionBuildConfigSourceStorageSource
- Bucket string
Google Cloud Storage bucket containing the source
- Generation int
Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.
- Object string
Google Cloud Storage object containing the source.
- Bucket string
Google Cloud Storage bucket containing the source
- Generation int
Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.
- Object string
Google Cloud Storage object containing the source.
- bucket String
Google Cloud Storage bucket containing the source
- generation Integer
Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.
- object String
Google Cloud Storage object containing the source.
- bucket string
Google Cloud Storage bucket containing the source
- generation number
Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.
- object string
Google Cloud Storage object containing the source.
- bucket str
Google Cloud Storage bucket containing the source
- generation int
Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.
- object str
Google Cloud Storage object containing the source.
- bucket String
Google Cloud Storage bucket containing the source
- generation Number
Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.
- object String
Google Cloud Storage object containing the source.
FunctionEventTrigger
- Event
Filters List<FunctionEvent Trigger Event Filter> Criteria used to filter events. Structure is documented below.
- Event
Type string Required. The type of event to observe.
- Pubsub
Topic string The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.
- Retry
Policy string Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are
RETRY_POLICY_UNSPECIFIED,RETRY_POLICY_DO_NOT_RETRY, andRETRY_POLICY_RETRY.- Service
Account stringEmail The email of the service account for this function.
- Trigger string
(Output) Output only. The resource name of the Eventarc trigger.
- Trigger
Region string The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.
- Event
Filters []FunctionEvent Trigger Event Filter Criteria used to filter events. Structure is documented below.
- Event
Type string Required. The type of event to observe.
- Pubsub
Topic string The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.
- Retry
Policy string Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are
RETRY_POLICY_UNSPECIFIED,RETRY_POLICY_DO_NOT_RETRY, andRETRY_POLICY_RETRY.- Service
Account stringEmail The email of the service account for this function.
- Trigger string
(Output) Output only. The resource name of the Eventarc trigger.
- Trigger
Region string The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.
- event
Filters List<FunctionEvent Trigger Event Filter> Criteria used to filter events. Structure is documented below.
- event
Type String Required. The type of event to observe.
- pubsub
Topic String The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.
- retry
Policy String Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are
RETRY_POLICY_UNSPECIFIED,RETRY_POLICY_DO_NOT_RETRY, andRETRY_POLICY_RETRY.- service
Account StringEmail The email of the service account for this function.
- trigger String
(Output) Output only. The resource name of the Eventarc trigger.
- trigger
Region String The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.
- event
Filters FunctionEvent Trigger Event Filter[] Criteria used to filter events. Structure is documented below.
- event
Type string Required. The type of event to observe.
- pubsub
Topic string The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.
- retry
Policy string Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are
RETRY_POLICY_UNSPECIFIED,RETRY_POLICY_DO_NOT_RETRY, andRETRY_POLICY_RETRY.- service
Account stringEmail The email of the service account for this function.
- trigger string
(Output) Output only. The resource name of the Eventarc trigger.
- trigger
Region string The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.
- event_
filters Sequence[FunctionEvent Trigger Event Filter] Criteria used to filter events. Structure is documented below.
- event_
type str Required. The type of event to observe.
- pubsub_
topic str The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.
- retry_
policy str Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are
RETRY_POLICY_UNSPECIFIED,RETRY_POLICY_DO_NOT_RETRY, andRETRY_POLICY_RETRY.- service_
account_ stremail The email of the service account for this function.
- trigger str
(Output) Output only. The resource name of the Eventarc trigger.
- trigger_
region str The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.
- event
Filters List<Property Map> Criteria used to filter events. Structure is documented below.
- event
Type String Required. The type of event to observe.
- pubsub
Topic String The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.
- retry
Policy String Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are
RETRY_POLICY_UNSPECIFIED,RETRY_POLICY_DO_NOT_RETRY, andRETRY_POLICY_RETRY.- service
Account StringEmail The email of the service account for this function.
- trigger String
(Output) Output only. The resource name of the Eventarc trigger.
- trigger
Region String The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.
FunctionEventTriggerEventFilter
- Attribute string
'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the
gcloud eventarc providers describecommand to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource'sevent_typeattribute.- Value string
Required. The value for the attribute. If the operator field is set as
match-path-pattern, this value can be a path pattern instead of an exact value.- Operator string
Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is
match-path-pattern. See documentation on path patterns here'
- Attribute string
'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the
gcloud eventarc providers describecommand to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource'sevent_typeattribute.- Value string
Required. The value for the attribute. If the operator field is set as
match-path-pattern, this value can be a path pattern instead of an exact value.- Operator string
Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is
match-path-pattern. See documentation on path patterns here'
- attribute String
'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the
gcloud eventarc providers describecommand to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource'sevent_typeattribute.- value String
Required. The value for the attribute. If the operator field is set as
match-path-pattern, this value can be a path pattern instead of an exact value.- operator String
Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is
match-path-pattern. See documentation on path patterns here'
- attribute string
'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the
gcloud eventarc providers describecommand to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource'sevent_typeattribute.- value string
Required. The value for the attribute. If the operator field is set as
match-path-pattern, this value can be a path pattern instead of an exact value.- operator string
Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is
match-path-pattern. See documentation on path patterns here'
- attribute str
'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the
gcloud eventarc providers describecommand to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource'sevent_typeattribute.- value str
Required. The value for the attribute. If the operator field is set as
match-path-pattern, this value can be a path pattern instead of an exact value.- operator str
Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is
match-path-pattern. See documentation on path patterns here'
- attribute String
'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the
gcloud eventarc providers describecommand to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource'sevent_typeattribute.- value String
Required. The value for the attribute. If the operator field is set as
match-path-pattern, this value can be a path pattern instead of an exact value.- operator String
Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is
match-path-pattern. See documentation on path patterns here'
FunctionServiceConfig
- All
Traffic boolOn Latest Revision Whether 100% of traffic is routed to the latest revision. Defaults to true.
- Available
Cpu string The number of CPUs used in a single container instance. Default value is calculated from available memory.
- Available
Memory string The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.
- Environment
Variables Dictionary<string, string> Environment variables that shall be available during function execution.
- Gcf
Uri string (Output) URIs of the Service deployed
- Ingress
Settings string Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is
ALLOW_ALL. Possible values areALLOW_ALL,ALLOW_INTERNAL_ONLY, andALLOW_INTERNAL_AND_GCLB.- Max
Instance intCount The limit on the maximum number of function instances that may coexist at a given time.
- Max
Instance intRequest Concurrency Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.
- Min
Instance intCount The limit on the minimum number of function instances that may coexist at a given time.
- Secret
Environment List<FunctionVariables Service Config Secret Environment Variable> Secret environment variables configuration. Structure is documented below.
- Secret
Volumes List<FunctionService Config Secret Volume> Secret volumes configuration. Structure is documented below.
- Service string
Name of the service associated with a Function.
- Service
Account stringEmail The email of the service account for this function.
- Timeout
Seconds int The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.
- Uri string
(Output) URI of the Service deployed.
- Vpc
Connector string The Serverless VPC Access connector that this cloud function can connect to.
- Vpc
Connector stringEgress Settings Available egress settings. Possible values are
VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED,PRIVATE_RANGES_ONLY, andALL_TRAFFIC.
- All
Traffic boolOn Latest Revision Whether 100% of traffic is routed to the latest revision. Defaults to true.
- Available
Cpu string The number of CPUs used in a single container instance. Default value is calculated from available memory.
- Available
Memory string The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.
- Environment
Variables map[string]string Environment variables that shall be available during function execution.
- Gcf
Uri string (Output) URIs of the Service deployed
- Ingress
Settings string Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is
ALLOW_ALL. Possible values areALLOW_ALL,ALLOW_INTERNAL_ONLY, andALLOW_INTERNAL_AND_GCLB.- Max
Instance intCount The limit on the maximum number of function instances that may coexist at a given time.
- Max
Instance intRequest Concurrency Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.
- Min
Instance intCount The limit on the minimum number of function instances that may coexist at a given time.
- Secret
Environment []FunctionVariables Service Config Secret Environment Variable Secret environment variables configuration. Structure is documented below.
- Secret
Volumes []FunctionService Config Secret Volume Secret volumes configuration. Structure is documented below.
- Service string
Name of the service associated with a Function.
- Service
Account stringEmail The email of the service account for this function.
- Timeout
Seconds int The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.
- Uri string
(Output) URI of the Service deployed.
- Vpc
Connector string The Serverless VPC Access connector that this cloud function can connect to.
- Vpc
Connector stringEgress Settings Available egress settings. Possible values are
VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED,PRIVATE_RANGES_ONLY, andALL_TRAFFIC.
- all
Traffic BooleanOn Latest Revision Whether 100% of traffic is routed to the latest revision. Defaults to true.
- available
Cpu String The number of CPUs used in a single container instance. Default value is calculated from available memory.
- available
Memory String The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.
- environment
Variables Map<String,String> Environment variables that shall be available during function execution.
- gcf
Uri String (Output) URIs of the Service deployed
- ingress
Settings String Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is
ALLOW_ALL. Possible values areALLOW_ALL,ALLOW_INTERNAL_ONLY, andALLOW_INTERNAL_AND_GCLB.- max
Instance IntegerCount The limit on the maximum number of function instances that may coexist at a given time.
- max
Instance IntegerRequest Concurrency Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.
- min
Instance IntegerCount The limit on the minimum number of function instances that may coexist at a given time.
- secret
Environment List<FunctionVariables Service Config Secret Environment Variable> Secret environment variables configuration. Structure is documented below.
- secret
Volumes List<FunctionService Config Secret Volume> Secret volumes configuration. Structure is documented below.
- service String
Name of the service associated with a Function.
- service
Account StringEmail The email of the service account for this function.
- timeout
Seconds Integer The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.
- uri String
(Output) URI of the Service deployed.
- vpc
Connector String The Serverless VPC Access connector that this cloud function can connect to.
- vpc
Connector StringEgress Settings Available egress settings. Possible values are
VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED,PRIVATE_RANGES_ONLY, andALL_TRAFFIC.
- all
Traffic booleanOn Latest Revision Whether 100% of traffic is routed to the latest revision. Defaults to true.
- available
Cpu string The number of CPUs used in a single container instance. Default value is calculated from available memory.
- available
Memory string The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.
- environment
Variables {[key: string]: string} Environment variables that shall be available during function execution.
- gcf
Uri string (Output) URIs of the Service deployed
- ingress
Settings string Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is
ALLOW_ALL. Possible values areALLOW_ALL,ALLOW_INTERNAL_ONLY, andALLOW_INTERNAL_AND_GCLB.- max
Instance numberCount The limit on the maximum number of function instances that may coexist at a given time.
- max
Instance numberRequest Concurrency Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.
- min
Instance numberCount The limit on the minimum number of function instances that may coexist at a given time.
- secret
Environment FunctionVariables Service Config Secret Environment Variable[] Secret environment variables configuration. Structure is documented below.
- secret
Volumes FunctionService Config Secret Volume[] Secret volumes configuration. Structure is documented below.
- service string
Name of the service associated with a Function.
- service
Account stringEmail The email of the service account for this function.
- timeout
Seconds number The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.
- uri string
(Output) URI of the Service deployed.
- vpc
Connector string The Serverless VPC Access connector that this cloud function can connect to.
- vpc
Connector stringEgress Settings Available egress settings. Possible values are
VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED,PRIVATE_RANGES_ONLY, andALL_TRAFFIC.
- all_
traffic_ boolon_ latest_ revision Whether 100% of traffic is routed to the latest revision. Defaults to true.
- available_
cpu str The number of CPUs used in a single container instance. Default value is calculated from available memory.
- available_
memory str The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.
- environment_
variables Mapping[str, str] Environment variables that shall be available during function execution.
- gcf_
uri str (Output) URIs of the Service deployed
- ingress_
settings str Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is
ALLOW_ALL. Possible values areALLOW_ALL,ALLOW_INTERNAL_ONLY, andALLOW_INTERNAL_AND_GCLB.- max_
instance_ intcount The limit on the maximum number of function instances that may coexist at a given time.
- max_
instance_ intrequest_ concurrency Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.
- min_
instance_ intcount The limit on the minimum number of function instances that may coexist at a given time.
- secret_
environment_ Sequence[Functionvariables Service Config Secret Environment Variable] Secret environment variables configuration. Structure is documented below.
- secret_
volumes Sequence[FunctionService Config Secret Volume] Secret volumes configuration. Structure is documented below.
- service str
Name of the service associated with a Function.
- service_
account_ stremail The email of the service account for this function.
- timeout_
seconds int The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.
- uri str
(Output) URI of the Service deployed.
- vpc_
connector str The Serverless VPC Access connector that this cloud function can connect to.
- vpc_
connector_ stregress_ settings Available egress settings. Possible values are
VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED,PRIVATE_RANGES_ONLY, andALL_TRAFFIC.
- all
Traffic BooleanOn Latest Revision Whether 100% of traffic is routed to the latest revision. Defaults to true.
- available
Cpu String The number of CPUs used in a single container instance. Default value is calculated from available memory.
- available
Memory String The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.
- environment
Variables Map<String> Environment variables that shall be available during function execution.
- gcf
Uri String (Output) URIs of the Service deployed
- ingress
Settings String Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is
ALLOW_ALL. Possible values areALLOW_ALL,ALLOW_INTERNAL_ONLY, andALLOW_INTERNAL_AND_GCLB.- max
Instance NumberCount The limit on the maximum number of function instances that may coexist at a given time.
- max
Instance NumberRequest Concurrency Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.
- min
Instance NumberCount The limit on the minimum number of function instances that may coexist at a given time.
- secret
Environment List<Property Map>Variables Secret environment variables configuration. Structure is documented below.
- secret
Volumes List<Property Map> Secret volumes configuration. Structure is documented below.
- service String
Name of the service associated with a Function.
- service
Account StringEmail The email of the service account for this function.
- timeout
Seconds Number The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.
- uri String
(Output) URI of the Service deployed.
- vpc
Connector String The Serverless VPC Access connector that this cloud function can connect to.
- vpc
Connector StringEgress Settings Available egress settings. Possible values are
VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED,PRIVATE_RANGES_ONLY, andALL_TRAFFIC.
FunctionServiceConfigSecretEnvironmentVariable
- Key string
Name of the environment variable.
- Project
Id string Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- Secret string
Name of the secret in secret manager (not the full resource name).
- Version string
Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.
- Key string
Name of the environment variable.
- Project
Id string Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- Secret string
Name of the secret in secret manager (not the full resource name).
- Version string
Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.
- key String
Name of the environment variable.
- project
Id String Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- secret String
Name of the secret in secret manager (not the full resource name).
- version String
Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.
- key string
Name of the environment variable.
- project
Id string Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- secret string
Name of the secret in secret manager (not the full resource name).
- version string
Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.
- key str
Name of the environment variable.
- project_
id str Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- secret str
Name of the secret in secret manager (not the full resource name).
- version str
Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.
- key String
Name of the environment variable.
- project
Id String Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- secret String
Name of the secret in secret manager (not the full resource name).
- version String
Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.
FunctionServiceConfigSecretVolume
- Mount
Path string The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets
- Project
Id string Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- Secret string
Name of the secret in secret manager (not the full resource name).
- Versions
List<Function
Service Config Secret Volume Version> List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.
- Mount
Path string The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets
- Project
Id string Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- Secret string
Name of the secret in secret manager (not the full resource name).
- Versions
[]Function
Service Config Secret Volume Version List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.
- mount
Path String The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets
- project
Id String Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- secret String
Name of the secret in secret manager (not the full resource name).
- versions
List<Function
Service Config Secret Volume Version> List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.
- mount
Path string The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets
- project
Id string Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- secret string
Name of the secret in secret manager (not the full resource name).
- versions
Function
Service Config Secret Volume Version[] List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.
- mount_
path str The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets
- project_
id str Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- secret str
Name of the secret in secret manager (not the full resource name).
- versions
Sequence[Function
Service Config Secret Volume Version] List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.
- mount
Path String The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets
- project
Id String Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.
- secret String
Name of the secret in secret manager (not the full resource name).
- versions List<Property Map>
List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.
FunctionServiceConfigSecretVolumeVersion
- Path string
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.
- Version string
Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.
- Path string
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.
- Version string
Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.
- path String
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.
- version String
Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.
- path string
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.
- version string
Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.
- path str
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.
- version str
Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.
- path String
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.
- version String
Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.
Import
function can be imported using any of these accepted formats
$ pulumi import gcp:cloudfunctionsv2/function:Function default projects/{{project}}/locations/{{location}}/functions/{{name}}
$ pulumi import gcp:cloudfunctionsv2/function:Function default {{project}}/{{location}}/{{name}}
$ pulumi import gcp:cloudfunctionsv2/function:Function default {{location}}/{{name}}
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-betaTerraform Provider.