1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. cloudfunctionsv2
  5. Function
Google Cloud Classic v6.66.0 published on Monday, Sep 18, 2023 by Pulumi

gcp.cloudfunctionsv2.Function

Explore with Pulumi AI

gcp logo
Google Cloud Classic v6.66.0 published on Monday, Sep 18, 2023 by Pulumi

    A Cloud Function that contains user computation executed in response to an event.

    To get more information about function, see:

    Example Usage

    Cloudfunctions2 Basic Gcs

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var source_bucket = new Gcp.Storage.Bucket("source-bucket", new()
        {
            Location = "US",
            UniformBucketLevelAccess = true,
        });
    
        var @object = new Gcp.Storage.BucketObject("object", new()
        {
            Bucket = source_bucket.Name,
            Source = new FileAsset("function-source.zip"),
        });
    
        // Add path to the zipped function source code
        var trigger_bucket = new Gcp.Storage.Bucket("trigger-bucket", new()
        {
            Location = "us-central1",
            UniformBucketLevelAccess = true,
        });
    
        var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();
    
        // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
        // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
        var gcs_pubsub_publishing = new Gcp.Projects.IAMMember("gcs-pubsub-publishing", new()
        {
            Project = "my-project-name",
            Role = "roles/pubsub.publisher",
            Member = $"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult => getProjectServiceAccountResult.EmailAddress)}",
        });
    
        var account = new Gcp.ServiceAccount.Account("account", new()
        {
            AccountId = "gcf-sa",
            DisplayName = "Test Service Account - used for both the cloud function and eventarc trigger in the test",
        });
    
        // Permissions on the service account used by the function and Eventarc trigger
        var invoking = new Gcp.Projects.IAMMember("invoking", new()
        {
            Project = "my-project-name",
            Role = "roles/run.invoker",
            Member = account.Email.Apply(email => $"serviceAccount:{email}"),
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                gcs_pubsub_publishing,
            },
        });
    
        var event_receiving = new Gcp.Projects.IAMMember("event-receiving", new()
        {
            Project = "my-project-name",
            Role = "roles/eventarc.eventReceiver",
            Member = account.Email.Apply(email => $"serviceAccount:{email}"),
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                invoking,
            },
        });
    
        var artifactregistry_reader = new Gcp.Projects.IAMMember("artifactregistry-reader", new()
        {
            Project = "my-project-name",
            Role = "roles/artifactregistry.reader",
            Member = account.Email.Apply(email => $"serviceAccount:{email}"),
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                event_receiving,
            },
        });
    
        var function = new Gcp.CloudFunctionsV2.Function("function", new()
        {
            Location = "us-central1",
            Description = "a new function",
            BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs
            {
                Runtime = "nodejs12",
                EntryPoint = "entryPoint",
                EnvironmentVariables = 
                {
                    { "BUILD_CONFIG_TEST", "build_test" },
                },
                Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs
                {
                    StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs
                    {
                        Bucket = source_bucket.Name,
                        Object = @object.Name,
                    },
                },
            },
            ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs
            {
                MaxInstanceCount = 3,
                MinInstanceCount = 1,
                AvailableMemory = "256M",
                TimeoutSeconds = 60,
                EnvironmentVariables = 
                {
                    { "SERVICE_CONFIG_TEST", "config_test" },
                },
                IngressSettings = "ALLOW_INTERNAL_ONLY",
                AllTrafficOnLatestRevision = true,
                ServiceAccountEmail = account.Email,
            },
            EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs
            {
                TriggerRegion = "us-central1",
                EventType = "google.cloud.storage.object.v1.finalized",
                RetryPolicy = "RETRY_POLICY_RETRY",
                ServiceAccountEmail = account.Email,
                EventFilters = new[]
                {
                    new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
                    {
                        Attribute = "bucket",
                        Value = trigger_bucket.Name,
                    },
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                event_receiving,
                artifactregistry_reader,
            },
        });
    
    });
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/cloudfunctionsv2"
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := storage.NewBucket(ctx, "source-bucket", &storage.BucketArgs{
    			Location:                 pulumi.String("US"),
    			UniformBucketLevelAccess: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		object, err := storage.NewBucketObject(ctx, "object", &storage.BucketObjectArgs{
    			Bucket: source_bucket.Name,
    			Source: pulumi.NewFileAsset("function-source.zip"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = storage.NewBucket(ctx, "trigger-bucket", &storage.BucketArgs{
    			Location:                 pulumi.String("us-central1"),
    			UniformBucketLevelAccess: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		gcsAccount, err := storage.GetProjectServiceAccount(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		_, err = projects.NewIAMMember(ctx, "gcs-pubsub-publishing", &projects.IAMMemberArgs{
    			Project: pulumi.String("my-project-name"),
    			Role:    pulumi.String("roles/pubsub.publisher"),
    			Member:  pulumi.String(fmt.Sprintf("serviceAccount:%v", gcsAccount.EmailAddress)),
    		})
    		if err != nil {
    			return err
    		}
    		account, err := serviceAccount.NewAccount(ctx, "account", &serviceAccount.AccountArgs{
    			AccountId:   pulumi.String("gcf-sa"),
    			DisplayName: pulumi.String("Test Service Account - used for both the cloud function and eventarc trigger in the test"),
    		})
    		if err != nil {
    			return err
    		}
    		invoking, err := projects.NewIAMMember(ctx, "invoking", &projects.IAMMemberArgs{
    			Project: pulumi.String("my-project-name"),
    			Role:    pulumi.String("roles/run.invoker"),
    			Member: account.Email.ApplyT(func(email string) (string, error) {
    				return fmt.Sprintf("serviceAccount:%v", email), nil
    			}).(pulumi.StringOutput),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			gcs_pubsub_publishing,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = projects.NewIAMMember(ctx, "event-receiving", &projects.IAMMemberArgs{
    			Project: pulumi.String("my-project-name"),
    			Role:    pulumi.String("roles/eventarc.eventReceiver"),
    			Member: account.Email.ApplyT(func(email string) (string, error) {
    				return fmt.Sprintf("serviceAccount:%v", email), nil
    			}).(pulumi.StringOutput),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			invoking,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = projects.NewIAMMember(ctx, "artifactregistry-reader", &projects.IAMMemberArgs{
    			Project: pulumi.String("my-project-name"),
    			Role:    pulumi.String("roles/artifactregistry.reader"),
    			Member: account.Email.ApplyT(func(email string) (string, error) {
    				return fmt.Sprintf("serviceAccount:%v", email), nil
    			}).(pulumi.StringOutput),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			event_receiving,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = cloudfunctionsv2.NewFunction(ctx, "function", &cloudfunctionsv2.FunctionArgs{
    			Location:    pulumi.String("us-central1"),
    			Description: pulumi.String("a new function"),
    			BuildConfig: &cloudfunctionsv2.FunctionBuildConfigArgs{
    				Runtime:    pulumi.String("nodejs12"),
    				EntryPoint: pulumi.String("entryPoint"),
    				EnvironmentVariables: pulumi.StringMap{
    					"BUILD_CONFIG_TEST": pulumi.String("build_test"),
    				},
    				Source: &cloudfunctionsv2.FunctionBuildConfigSourceArgs{
    					StorageSource: &cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{
    						Bucket: source_bucket.Name,
    						Object: object.Name,
    					},
    				},
    			},
    			ServiceConfig: &cloudfunctionsv2.FunctionServiceConfigArgs{
    				MaxInstanceCount: pulumi.Int(3),
    				MinInstanceCount: pulumi.Int(1),
    				AvailableMemory:  pulumi.String("256M"),
    				TimeoutSeconds:   pulumi.Int(60),
    				EnvironmentVariables: pulumi.StringMap{
    					"SERVICE_CONFIG_TEST": pulumi.String("config_test"),
    				},
    				IngressSettings:            pulumi.String("ALLOW_INTERNAL_ONLY"),
    				AllTrafficOnLatestRevision: pulumi.Bool(true),
    				ServiceAccountEmail:        account.Email,
    			},
    			EventTrigger: &cloudfunctionsv2.FunctionEventTriggerArgs{
    				TriggerRegion:       pulumi.String("us-central1"),
    				EventType:           pulumi.String("google.cloud.storage.object.v1.finalized"),
    				RetryPolicy:         pulumi.String("RETRY_POLICY_RETRY"),
    				ServiceAccountEmail: account.Email,
    				EventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{
    					&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
    						Attribute: pulumi.String("bucket"),
    						Value:     trigger_bucket.Name,
    					},
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			event_receiving,
    			artifactregistry_reader,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.storage.Bucket;
    import com.pulumi.gcp.storage.BucketArgs;
    import com.pulumi.gcp.storage.BucketObject;
    import com.pulumi.gcp.storage.BucketObjectArgs;
    import com.pulumi.gcp.storage.StorageFunctions;
    import com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;
    import com.pulumi.gcp.projects.IAMMember;
    import com.pulumi.gcp.projects.IAMMemberArgs;
    import com.pulumi.gcp.serviceAccount.Account;
    import com.pulumi.gcp.serviceAccount.AccountArgs;
    import com.pulumi.gcp.cloudfunctionsv2.Function;
    import com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import com.pulumi.asset.FileAsset;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var source_bucket = new Bucket("source-bucket", BucketArgs.builder()        
                .location("US")
                .uniformBucketLevelAccess(true)
                .build());
    
            var object = new BucketObject("object", BucketObjectArgs.builder()        
                .bucket(source_bucket.name())
                .source(new FileAsset("function-source.zip"))
                .build());
    
            var trigger_bucket = new Bucket("trigger-bucket", BucketArgs.builder()        
                .location("us-central1")
                .uniformBucketLevelAccess(true)
                .build());
    
            final var gcsAccount = StorageFunctions.getProjectServiceAccount();
    
            var gcs_pubsub_publishing = new IAMMember("gcs-pubsub-publishing", IAMMemberArgs.builder()        
                .project("my-project-name")
                .role("roles/pubsub.publisher")
                .member(String.format("serviceAccount:%s", gcsAccount.applyValue(getProjectServiceAccountResult -> getProjectServiceAccountResult.emailAddress())))
                .build());
    
            var account = new Account("account", AccountArgs.builder()        
                .accountId("gcf-sa")
                .displayName("Test Service Account - used for both the cloud function and eventarc trigger in the test")
                .build());
    
            var invoking = new IAMMember("invoking", IAMMemberArgs.builder()        
                .project("my-project-name")
                .role("roles/run.invoker")
                .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
                .build(), CustomResourceOptions.builder()
                    .dependsOn(gcs_pubsub_publishing)
                    .build());
    
            var event_receiving = new IAMMember("event-receiving", IAMMemberArgs.builder()        
                .project("my-project-name")
                .role("roles/eventarc.eventReceiver")
                .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
                .build(), CustomResourceOptions.builder()
                    .dependsOn(invoking)
                    .build());
    
            var artifactregistry_reader = new IAMMember("artifactregistry-reader", IAMMemberArgs.builder()        
                .project("my-project-name")
                .role("roles/artifactregistry.reader")
                .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
                .build(), CustomResourceOptions.builder()
                    .dependsOn(event_receiving)
                    .build());
    
            var function = new Function("function", FunctionArgs.builder()        
                .location("us-central1")
                .description("a new function")
                .buildConfig(FunctionBuildConfigArgs.builder()
                    .runtime("nodejs12")
                    .entryPoint("entryPoint")
                    .environmentVariables(Map.of("BUILD_CONFIG_TEST", "build_test"))
                    .source(FunctionBuildConfigSourceArgs.builder()
                        .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()
                            .bucket(source_bucket.name())
                            .object(object.name())
                            .build())
                        .build())
                    .build())
                .serviceConfig(FunctionServiceConfigArgs.builder()
                    .maxInstanceCount(3)
                    .minInstanceCount(1)
                    .availableMemory("256M")
                    .timeoutSeconds(60)
                    .environmentVariables(Map.of("SERVICE_CONFIG_TEST", "config_test"))
                    .ingressSettings("ALLOW_INTERNAL_ONLY")
                    .allTrafficOnLatestRevision(true)
                    .serviceAccountEmail(account.email())
                    .build())
                .eventTrigger(FunctionEventTriggerArgs.builder()
                    .triggerRegion("us-central1")
                    .eventType("google.cloud.storage.object.v1.finalized")
                    .retryPolicy("RETRY_POLICY_RETRY")
                    .serviceAccountEmail(account.email())
                    .eventFilters(FunctionEventTriggerEventFilterArgs.builder()
                        .attribute("bucket")
                        .value(trigger_bucket.name())
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(                
                        event_receiving,
                        artifactregistry_reader)
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    source_bucket = gcp.storage.Bucket("source-bucket",
        location="US",
        uniform_bucket_level_access=True)
    object = gcp.storage.BucketObject("object",
        bucket=source_bucket.name,
        source=pulumi.FileAsset("function-source.zip"))
    # Add path to the zipped function source code
    trigger_bucket = gcp.storage.Bucket("trigger-bucket",
        location="us-central1",
        uniform_bucket_level_access=True)
    gcs_account = gcp.storage.get_project_service_account()
    # To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
    # (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
    gcs_pubsub_publishing = gcp.projects.IAMMember("gcs-pubsub-publishing",
        project="my-project-name",
        role="roles/pubsub.publisher",
        member=f"serviceAccount:{gcs_account.email_address}")
    account = gcp.service_account.Account("account",
        account_id="gcf-sa",
        display_name="Test Service Account - used for both the cloud function and eventarc trigger in the test")
    # Permissions on the service account used by the function and Eventarc trigger
    invoking = gcp.projects.IAMMember("invoking",
        project="my-project-name",
        role="roles/run.invoker",
        member=account.email.apply(lambda email: f"serviceAccount:{email}"),
        opts=pulumi.ResourceOptions(depends_on=[gcs_pubsub_publishing]))
    event_receiving = gcp.projects.IAMMember("event-receiving",
        project="my-project-name",
        role="roles/eventarc.eventReceiver",
        member=account.email.apply(lambda email: f"serviceAccount:{email}"),
        opts=pulumi.ResourceOptions(depends_on=[invoking]))
    artifactregistry_reader = gcp.projects.IAMMember("artifactregistry-reader",
        project="my-project-name",
        role="roles/artifactregistry.reader",
        member=account.email.apply(lambda email: f"serviceAccount:{email}"),
        opts=pulumi.ResourceOptions(depends_on=[event_receiving]))
    function = gcp.cloudfunctionsv2.Function("function",
        location="us-central1",
        description="a new function",
        build_config=gcp.cloudfunctionsv2.FunctionBuildConfigArgs(
            runtime="nodejs12",
            entry_point="entryPoint",
            environment_variables={
                "BUILD_CONFIG_TEST": "build_test",
            },
            source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceArgs(
                storage_source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs(
                    bucket=source_bucket.name,
                    object=object.name,
                ),
            ),
        ),
        service_config=gcp.cloudfunctionsv2.FunctionServiceConfigArgs(
            max_instance_count=3,
            min_instance_count=1,
            available_memory="256M",
            timeout_seconds=60,
            environment_variables={
                "SERVICE_CONFIG_TEST": "config_test",
            },
            ingress_settings="ALLOW_INTERNAL_ONLY",
            all_traffic_on_latest_revision=True,
            service_account_email=account.email,
        ),
        event_trigger=gcp.cloudfunctionsv2.FunctionEventTriggerArgs(
            trigger_region="us-central1",
            event_type="google.cloud.storage.object.v1.finalized",
            retry_policy="RETRY_POLICY_RETRY",
            service_account_email=account.email,
            event_filters=[gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
                attribute="bucket",
                value=trigger_bucket.name,
            )],
        ),
        opts=pulumi.ResourceOptions(depends_on=[
                event_receiving,
                artifactregistry_reader,
            ]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const source_bucket = new gcp.storage.Bucket("source-bucket", {
        location: "US",
        uniformBucketLevelAccess: true,
    });
    const object = new gcp.storage.BucketObject("object", {
        bucket: source_bucket.name,
        source: new pulumi.asset.FileAsset("function-source.zip"),
    });
    // Add path to the zipped function source code
    const trigger_bucket = new gcp.storage.Bucket("trigger-bucket", {
        location: "us-central1",
        uniformBucketLevelAccess: true,
    });
    const gcsAccount = gcp.storage.getProjectServiceAccount({});
    // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
    // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
    const gcs_pubsub_publishing = new gcp.projects.IAMMember("gcs-pubsub-publishing", {
        project: "my-project-name",
        role: "roles/pubsub.publisher",
        member: gcsAccount.then(gcsAccount => `serviceAccount:${gcsAccount.emailAddress}`),
    });
    const account = new gcp.serviceaccount.Account("account", {
        accountId: "gcf-sa",
        displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test",
    });
    // Permissions on the service account used by the function and Eventarc trigger
    const invoking = new gcp.projects.IAMMember("invoking", {
        project: "my-project-name",
        role: "roles/run.invoker",
        member: pulumi.interpolate`serviceAccount:${account.email}`,
    }, {
        dependsOn: [gcs_pubsub_publishing],
    });
    const event_receiving = new gcp.projects.IAMMember("event-receiving", {
        project: "my-project-name",
        role: "roles/eventarc.eventReceiver",
        member: pulumi.interpolate`serviceAccount:${account.email}`,
    }, {
        dependsOn: [invoking],
    });
    const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", {
        project: "my-project-name",
        role: "roles/artifactregistry.reader",
        member: pulumi.interpolate`serviceAccount:${account.email}`,
    }, {
        dependsOn: [event_receiving],
    });
    const _function = new gcp.cloudfunctionsv2.Function("function", {
        location: "us-central1",
        description: "a new function",
        buildConfig: {
            runtime: "nodejs12",
            entryPoint: "entryPoint",
            environmentVariables: {
                BUILD_CONFIG_TEST: "build_test",
            },
            source: {
                storageSource: {
                    bucket: source_bucket.name,
                    object: object.name,
                },
            },
        },
        serviceConfig: {
            maxInstanceCount: 3,
            minInstanceCount: 1,
            availableMemory: "256M",
            timeoutSeconds: 60,
            environmentVariables: {
                SERVICE_CONFIG_TEST: "config_test",
            },
            ingressSettings: "ALLOW_INTERNAL_ONLY",
            allTrafficOnLatestRevision: true,
            serviceAccountEmail: account.email,
        },
        eventTrigger: {
            triggerRegion: "us-central1",
            eventType: "google.cloud.storage.object.v1.finalized",
            retryPolicy: "RETRY_POLICY_RETRY",
            serviceAccountEmail: account.email,
            eventFilters: [{
                attribute: "bucket",
                value: trigger_bucket.name,
            }],
        },
    }, {
        dependsOn: [
            event_receiving,
            artifactregistry_reader,
        ],
    });
    
    resources:
      source-bucket:
        type: gcp:storage:Bucket
        properties:
          location: US
          uniformBucketLevelAccess: true
      object:
        type: gcp:storage:BucketObject
        properties:
          bucket: ${["source-bucket"].name}
          source:
            fn::FileAsset: function-source.zip
      trigger-bucket:
        type: gcp:storage:Bucket
        properties:
          location: us-central1
          # The trigger must be in the same location as the bucket
          uniformBucketLevelAccess: true
      # To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
      # (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
      gcs-pubsub-publishing:
        type: gcp:projects:IAMMember
        properties:
          project: my-project-name
          role: roles/pubsub.publisher
          member: serviceAccount:${gcsAccount.emailAddress}
      account:
        type: gcp:serviceAccount:Account
        properties:
          accountId: gcf-sa
          displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test
      # Permissions on the service account used by the function and Eventarc trigger
      invoking:
        type: gcp:projects:IAMMember
        properties:
          project: my-project-name
          role: roles/run.invoker
          member: serviceAccount:${account.email}
        options:
          dependson:
            - ${["gcs-pubsub-publishing"]}
      event-receiving:
        type: gcp:projects:IAMMember
        properties:
          project: my-project-name
          role: roles/eventarc.eventReceiver
          member: serviceAccount:${account.email}
        options:
          dependson:
            - ${invoking}
      artifactregistry-reader:
        type: gcp:projects:IAMMember
        properties:
          project: my-project-name
          role: roles/artifactregistry.reader
          member: serviceAccount:${account.email}
        options:
          dependson:
            - ${["event-receiving"]}
      function:
        type: gcp:cloudfunctionsv2:Function
        properties:
          location: us-central1
          description: a new function
          buildConfig:
            runtime: nodejs12
            entryPoint: entryPoint
            environmentVariables:
              BUILD_CONFIG_TEST: build_test
            source:
              storageSource:
                bucket: ${["source-bucket"].name}
                object: ${object.name}
          serviceConfig:
            maxInstanceCount: 3
            minInstanceCount: 1
            availableMemory: 256M
            timeoutSeconds: 60
            environmentVariables:
              SERVICE_CONFIG_TEST: config_test
            ingressSettings: ALLOW_INTERNAL_ONLY
            allTrafficOnLatestRevision: true
            serviceAccountEmail: ${account.email}
          eventTrigger:
            triggerRegion: us-central1
            eventType: google.cloud.storage.object.v1.finalized
            retryPolicy: RETRY_POLICY_RETRY
            serviceAccountEmail: ${account.email}
            eventFilters:
              - attribute: bucket
                value: ${["trigger-bucket"].name}
        options:
          dependson:
            - ${["event-receiving"]}
            - ${["artifactregistry-reader"]}
    variables:
      gcsAccount:
        fn::invoke:
          Function: gcp:storage:getProjectServiceAccount
          Arguments: {}
    

    Cloudfunctions2 Basic Auditlogs

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        // This example follows the examples shown in this Google Cloud Community blog post
        // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
        // and the docs:
        // https://cloud.google.com/eventarc/docs/path-patterns
        var source_bucket = new Gcp.Storage.Bucket("source-bucket", new()
        {
            Location = "US",
            UniformBucketLevelAccess = true,
        });
    
        var @object = new Gcp.Storage.BucketObject("object", new()
        {
            Bucket = source_bucket.Name,
            Source = new FileAsset("function-source.zip"),
        });
    
        // Add path to the zipped function source code
        var account = new Gcp.ServiceAccount.Account("account", new()
        {
            AccountId = "gcf-sa",
            DisplayName = "Test Service Account - used for both the cloud function and eventarc trigger in the test",
        });
    
        // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
        // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
        // google_cloudfunctions2_function below (Audit Log events have path pattern support)
        var audit_log_bucket = new Gcp.Storage.Bucket("audit-log-bucket", new()
        {
            Location = "us-central1",
            UniformBucketLevelAccess = true,
        });
    
        // Permissions on the service account used by the function and Eventarc trigger
        var invoking = new Gcp.Projects.IAMMember("invoking", new()
        {
            Project = "my-project-name",
            Role = "roles/run.invoker",
            Member = account.Email.Apply(email => $"serviceAccount:{email}"),
        });
    
        var event_receiving = new Gcp.Projects.IAMMember("event-receiving", new()
        {
            Project = "my-project-name",
            Role = "roles/eventarc.eventReceiver",
            Member = account.Email.Apply(email => $"serviceAccount:{email}"),
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                invoking,
            },
        });
    
        var artifactregistry_reader = new Gcp.Projects.IAMMember("artifactregistry-reader", new()
        {
            Project = "my-project-name",
            Role = "roles/artifactregistry.reader",
            Member = account.Email.Apply(email => $"serviceAccount:{email}"),
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                event_receiving,
            },
        });
    
        var function = new Gcp.CloudFunctionsV2.Function("function", new()
        {
            Location = "us-central1",
            Description = "a new function",
            BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs
            {
                Runtime = "nodejs12",
                EntryPoint = "entryPoint",
                EnvironmentVariables = 
                {
                    { "BUILD_CONFIG_TEST", "build_test" },
                },
                Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs
                {
                    StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs
                    {
                        Bucket = source_bucket.Name,
                        Object = @object.Name,
                    },
                },
            },
            ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs
            {
                MaxInstanceCount = 3,
                MinInstanceCount = 1,
                AvailableMemory = "256M",
                TimeoutSeconds = 60,
                EnvironmentVariables = 
                {
                    { "SERVICE_CONFIG_TEST", "config_test" },
                },
                IngressSettings = "ALLOW_INTERNAL_ONLY",
                AllTrafficOnLatestRevision = true,
                ServiceAccountEmail = account.Email,
            },
            EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs
            {
                TriggerRegion = "us-central1",
                EventType = "google.cloud.audit.log.v1.written",
                RetryPolicy = "RETRY_POLICY_RETRY",
                ServiceAccountEmail = account.Email,
                EventFilters = new[]
                {
                    new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
                    {
                        Attribute = "serviceName",
                        Value = "storage.googleapis.com",
                    },
                    new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
                    {
                        Attribute = "methodName",
                        Value = "storage.objects.create",
                    },
                    new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
                    {
                        Attribute = "resourceName",
                        Value = audit_log_bucket.Name.Apply(name => $"/projects/_/buckets/{name}/objects/*.txt"),
                        Operator = "match-path-pattern",
                    },
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                event_receiving,
                artifactregistry_reader,
            },
        });
    
    });
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/cloudfunctionsv2"
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := storage.NewBucket(ctx, "source-bucket", &storage.BucketArgs{
    			Location:                 pulumi.String("US"),
    			UniformBucketLevelAccess: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		object, err := storage.NewBucketObject(ctx, "object", &storage.BucketObjectArgs{
    			Bucket: source_bucket.Name,
    			Source: pulumi.NewFileAsset("function-source.zip"),
    		})
    		if err != nil {
    			return err
    		}
    		account, err := serviceAccount.NewAccount(ctx, "account", &serviceAccount.AccountArgs{
    			AccountId:   pulumi.String("gcf-sa"),
    			DisplayName: pulumi.String("Test Service Account - used for both the cloud function and eventarc trigger in the test"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = storage.NewBucket(ctx, "audit-log-bucket", &storage.BucketArgs{
    			Location:                 pulumi.String("us-central1"),
    			UniformBucketLevelAccess: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		invoking, err := projects.NewIAMMember(ctx, "invoking", &projects.IAMMemberArgs{
    			Project: pulumi.String("my-project-name"),
    			Role:    pulumi.String("roles/run.invoker"),
    			Member: account.Email.ApplyT(func(email string) (string, error) {
    				return fmt.Sprintf("serviceAccount:%v", email), nil
    			}).(pulumi.StringOutput),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = projects.NewIAMMember(ctx, "event-receiving", &projects.IAMMemberArgs{
    			Project: pulumi.String("my-project-name"),
    			Role:    pulumi.String("roles/eventarc.eventReceiver"),
    			Member: account.Email.ApplyT(func(email string) (string, error) {
    				return fmt.Sprintf("serviceAccount:%v", email), nil
    			}).(pulumi.StringOutput),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			invoking,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = projects.NewIAMMember(ctx, "artifactregistry-reader", &projects.IAMMemberArgs{
    			Project: pulumi.String("my-project-name"),
    			Role:    pulumi.String("roles/artifactregistry.reader"),
    			Member: account.Email.ApplyT(func(email string) (string, error) {
    				return fmt.Sprintf("serviceAccount:%v", email), nil
    			}).(pulumi.StringOutput),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			event_receiving,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = cloudfunctionsv2.NewFunction(ctx, "function", &cloudfunctionsv2.FunctionArgs{
    			Location:    pulumi.String("us-central1"),
    			Description: pulumi.String("a new function"),
    			BuildConfig: &cloudfunctionsv2.FunctionBuildConfigArgs{
    				Runtime:    pulumi.String("nodejs12"),
    				EntryPoint: pulumi.String("entryPoint"),
    				EnvironmentVariables: pulumi.StringMap{
    					"BUILD_CONFIG_TEST": pulumi.String("build_test"),
    				},
    				Source: &cloudfunctionsv2.FunctionBuildConfigSourceArgs{
    					StorageSource: &cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{
    						Bucket: source_bucket.Name,
    						Object: object.Name,
    					},
    				},
    			},
    			ServiceConfig: &cloudfunctionsv2.FunctionServiceConfigArgs{
    				MaxInstanceCount: pulumi.Int(3),
    				MinInstanceCount: pulumi.Int(1),
    				AvailableMemory:  pulumi.String("256M"),
    				TimeoutSeconds:   pulumi.Int(60),
    				EnvironmentVariables: pulumi.StringMap{
    					"SERVICE_CONFIG_TEST": pulumi.String("config_test"),
    				},
    				IngressSettings:            pulumi.String("ALLOW_INTERNAL_ONLY"),
    				AllTrafficOnLatestRevision: pulumi.Bool(true),
    				ServiceAccountEmail:        account.Email,
    			},
    			EventTrigger: &cloudfunctionsv2.FunctionEventTriggerArgs{
    				TriggerRegion:       pulumi.String("us-central1"),
    				EventType:           pulumi.String("google.cloud.audit.log.v1.written"),
    				RetryPolicy:         pulumi.String("RETRY_POLICY_RETRY"),
    				ServiceAccountEmail: account.Email,
    				EventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{
    					&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
    						Attribute: pulumi.String("serviceName"),
    						Value:     pulumi.String("storage.googleapis.com"),
    					},
    					&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
    						Attribute: pulumi.String("methodName"),
    						Value:     pulumi.String("storage.objects.create"),
    					},
    					&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
    						Attribute: pulumi.String("resourceName"),
    						Value: audit_log_bucket.Name.ApplyT(func(name string) (string, error) {
    							return fmt.Sprintf("/projects/_/buckets/%v/objects/*.txt", name), nil
    						}).(pulumi.StringOutput),
    						Operator: pulumi.String("match-path-pattern"),
    					},
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			event_receiving,
    			artifactregistry_reader,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.storage.Bucket;
    import com.pulumi.gcp.storage.BucketArgs;
    import com.pulumi.gcp.storage.BucketObject;
    import com.pulumi.gcp.storage.BucketObjectArgs;
    import com.pulumi.gcp.serviceAccount.Account;
    import com.pulumi.gcp.serviceAccount.AccountArgs;
    import com.pulumi.gcp.projects.IAMMember;
    import com.pulumi.gcp.projects.IAMMemberArgs;
    import com.pulumi.gcp.cloudfunctionsv2.Function;
    import com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;
    import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import com.pulumi.asset.FileAsset;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var source_bucket = new Bucket("source-bucket", BucketArgs.builder()        
                .location("US")
                .uniformBucketLevelAccess(true)
                .build());
    
            var object = new BucketObject("object", BucketObjectArgs.builder()        
                .bucket(source_bucket.name())
                .source(new FileAsset("function-source.zip"))
                .build());
    
            var account = new Account("account", AccountArgs.builder()        
                .accountId("gcf-sa")
                .displayName("Test Service Account - used for both the cloud function and eventarc trigger in the test")
                .build());
    
            var audit_log_bucket = new Bucket("audit-log-bucket", BucketArgs.builder()        
                .location("us-central1")
                .uniformBucketLevelAccess(true)
                .build());
    
            var invoking = new IAMMember("invoking", IAMMemberArgs.builder()        
                .project("my-project-name")
                .role("roles/run.invoker")
                .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
                .build());
    
            var event_receiving = new IAMMember("event-receiving", IAMMemberArgs.builder()        
                .project("my-project-name")
                .role("roles/eventarc.eventReceiver")
                .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
                .build(), CustomResourceOptions.builder()
                    .dependsOn(invoking)
                    .build());
    
            var artifactregistry_reader = new IAMMember("artifactregistry-reader", IAMMemberArgs.builder()        
                .project("my-project-name")
                .role("roles/artifactregistry.reader")
                .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
                .build(), CustomResourceOptions.builder()
                    .dependsOn(event_receiving)
                    .build());
    
            var function = new Function("function", FunctionArgs.builder()        
                .location("us-central1")
                .description("a new function")
                .buildConfig(FunctionBuildConfigArgs.builder()
                    .runtime("nodejs12")
                    .entryPoint("entryPoint")
                    .environmentVariables(Map.of("BUILD_CONFIG_TEST", "build_test"))
                    .source(FunctionBuildConfigSourceArgs.builder()
                        .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()
                            .bucket(source_bucket.name())
                            .object(object.name())
                            .build())
                        .build())
                    .build())
                .serviceConfig(FunctionServiceConfigArgs.builder()
                    .maxInstanceCount(3)
                    .minInstanceCount(1)
                    .availableMemory("256M")
                    .timeoutSeconds(60)
                    .environmentVariables(Map.of("SERVICE_CONFIG_TEST", "config_test"))
                    .ingressSettings("ALLOW_INTERNAL_ONLY")
                    .allTrafficOnLatestRevision(true)
                    .serviceAccountEmail(account.email())
                    .build())
                .eventTrigger(FunctionEventTriggerArgs.builder()
                    .triggerRegion("us-central1")
                    .eventType("google.cloud.audit.log.v1.written")
                    .retryPolicy("RETRY_POLICY_RETRY")
                    .serviceAccountEmail(account.email())
                    .eventFilters(                
                        FunctionEventTriggerEventFilterArgs.builder()
                            .attribute("serviceName")
                            .value("storage.googleapis.com")
                            .build(),
                        FunctionEventTriggerEventFilterArgs.builder()
                            .attribute("methodName")
                            .value("storage.objects.create")
                            .build(),
                        FunctionEventTriggerEventFilterArgs.builder()
                            .attribute("resourceName")
                            .value(audit_log_bucket.name().applyValue(name -> String.format("/projects/_/buckets/%s/objects/*.txt", name)))
                            .operator("match-path-pattern")
                            .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(                
                        event_receiving,
                        artifactregistry_reader)
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    # This example follows the examples shown in this Google Cloud Community blog post
    # https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
    # and the docs:
    # https://cloud.google.com/eventarc/docs/path-patterns
    source_bucket = gcp.storage.Bucket("source-bucket",
        location="US",
        uniform_bucket_level_access=True)
    object = gcp.storage.BucketObject("object",
        bucket=source_bucket.name,
        source=pulumi.FileAsset("function-source.zip"))
    # Add path to the zipped function source code
    account = gcp.service_account.Account("account",
        account_id="gcf-sa",
        display_name="Test Service Account - used for both the cloud function and eventarc trigger in the test")
    # Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
    # Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
    # google_cloudfunctions2_function below (Audit Log events have path pattern support)
    audit_log_bucket = gcp.storage.Bucket("audit-log-bucket",
        location="us-central1",
        uniform_bucket_level_access=True)
    # Permissions on the service account used by the function and Eventarc trigger
    invoking = gcp.projects.IAMMember("invoking",
        project="my-project-name",
        role="roles/run.invoker",
        member=account.email.apply(lambda email: f"serviceAccount:{email}"))
    event_receiving = gcp.projects.IAMMember("event-receiving",
        project="my-project-name",
        role="roles/eventarc.eventReceiver",
        member=account.email.apply(lambda email: f"serviceAccount:{email}"),
        opts=pulumi.ResourceOptions(depends_on=[invoking]))
    artifactregistry_reader = gcp.projects.IAMMember("artifactregistry-reader",
        project="my-project-name",
        role="roles/artifactregistry.reader",
        member=account.email.apply(lambda email: f"serviceAccount:{email}"),
        opts=pulumi.ResourceOptions(depends_on=[event_receiving]))
    function = gcp.cloudfunctionsv2.Function("function",
        location="us-central1",
        description="a new function",
        build_config=gcp.cloudfunctionsv2.FunctionBuildConfigArgs(
            runtime="nodejs12",
            entry_point="entryPoint",
            environment_variables={
                "BUILD_CONFIG_TEST": "build_test",
            },
            source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceArgs(
                storage_source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs(
                    bucket=source_bucket.name,
                    object=object.name,
                ),
            ),
        ),
        service_config=gcp.cloudfunctionsv2.FunctionServiceConfigArgs(
            max_instance_count=3,
            min_instance_count=1,
            available_memory="256M",
            timeout_seconds=60,
            environment_variables={
                "SERVICE_CONFIG_TEST": "config_test",
            },
            ingress_settings="ALLOW_INTERNAL_ONLY",
            all_traffic_on_latest_revision=True,
            service_account_email=account.email,
        ),
        event_trigger=gcp.cloudfunctionsv2.FunctionEventTriggerArgs(
            trigger_region="us-central1",
            event_type="google.cloud.audit.log.v1.written",
            retry_policy="RETRY_POLICY_RETRY",
            service_account_email=account.email,
            event_filters=[
                gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
                    attribute="serviceName",
                    value="storage.googleapis.com",
                ),
                gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
                    attribute="methodName",
                    value="storage.objects.create",
                ),
                gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
                    attribute="resourceName",
                    value=audit_log_bucket.name.apply(lambda name: f"/projects/_/buckets/{name}/objects/*.txt"),
                    operator="match-path-pattern",
                ),
            ],
        ),
        opts=pulumi.ResourceOptions(depends_on=[
                event_receiving,
                artifactregistry_reader,
            ]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    // This example follows the examples shown in this Google Cloud Community blog post
    // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
    // and the docs:
    // https://cloud.google.com/eventarc/docs/path-patterns
    const source_bucket = new gcp.storage.Bucket("source-bucket", {
        location: "US",
        uniformBucketLevelAccess: true,
    });
    const object = new gcp.storage.BucketObject("object", {
        bucket: source_bucket.name,
        source: new pulumi.asset.FileAsset("function-source.zip"),
    });
    // Add path to the zipped function source code
    const account = new gcp.serviceaccount.Account("account", {
        accountId: "gcf-sa",
        displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test",
    });
    // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
    // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
    // google_cloudfunctions2_function below (Audit Log events have path pattern support)
    const audit_log_bucket = new gcp.storage.Bucket("audit-log-bucket", {
        location: "us-central1",
        uniformBucketLevelAccess: true,
    });
    // Permissions on the service account used by the function and Eventarc trigger
    const invoking = new gcp.projects.IAMMember("invoking", {
        project: "my-project-name",
        role: "roles/run.invoker",
        member: pulumi.interpolate`serviceAccount:${account.email}`,
    });
    const event_receiving = new gcp.projects.IAMMember("event-receiving", {
        project: "my-project-name",
        role: "roles/eventarc.eventReceiver",
        member: pulumi.interpolate`serviceAccount:${account.email}`,
    }, {
        dependsOn: [invoking],
    });
    const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", {
        project: "my-project-name",
        role: "roles/artifactregistry.reader",
        member: pulumi.interpolate`serviceAccount:${account.email}`,
    }, {
        dependsOn: [event_receiving],
    });
    const _function = new gcp.cloudfunctionsv2.Function("function", {
        location: "us-central1",
        description: "a new function",
        buildConfig: {
            runtime: "nodejs12",
            entryPoint: "entryPoint",
            environmentVariables: {
                BUILD_CONFIG_TEST: "build_test",
            },
            source: {
                storageSource: {
                    bucket: source_bucket.name,
                    object: object.name,
                },
            },
        },
        serviceConfig: {
            maxInstanceCount: 3,
            minInstanceCount: 1,
            availableMemory: "256M",
            timeoutSeconds: 60,
            environmentVariables: {
                SERVICE_CONFIG_TEST: "config_test",
            },
            ingressSettings: "ALLOW_INTERNAL_ONLY",
            allTrafficOnLatestRevision: true,
            serviceAccountEmail: account.email,
        },
        eventTrigger: {
            triggerRegion: "us-central1",
            eventType: "google.cloud.audit.log.v1.written",
            retryPolicy: "RETRY_POLICY_RETRY",
            serviceAccountEmail: account.email,
            eventFilters: [
                {
                    attribute: "serviceName",
                    value: "storage.googleapis.com",
                },
                {
                    attribute: "methodName",
                    value: "storage.objects.create",
                },
                {
                    attribute: "resourceName",
                    value: pulumi.interpolate`/projects/_/buckets/${audit_log_bucket.name}/objects/*.txt`,
                    operator: "match-path-pattern",
                },
            ],
        },
    }, {
        dependsOn: [
            event_receiving,
            artifactregistry_reader,
        ],
    });
    
    resources:
      # This example follows the examples shown in this Google Cloud Community blog post
      # https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
      # and the docs:
      # https://cloud.google.com/eventarc/docs/path-patterns
      source-bucket:
        type: gcp:storage:Bucket
        properties:
          location: US
          uniformBucketLevelAccess: true
      object:
        type: gcp:storage:BucketObject
        properties:
          bucket: ${["source-bucket"].name}
          source:
            fn::FileAsset: function-source.zip
      account:
        type: gcp:serviceAccount:Account
        properties:
          accountId: gcf-sa
          displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test
      # Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
      # Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
      # google_cloudfunctions2_function below (Audit Log events have path pattern support)
      audit-log-bucket:
        type: gcp:storage:Bucket
        properties:
          location: us-central1
          # The trigger must be in the same location as the bucket
          uniformBucketLevelAccess: true
      # Permissions on the service account used by the function and Eventarc trigger
      invoking:
        type: gcp:projects:IAMMember
        properties:
          project: my-project-name
          role: roles/run.invoker
          member: serviceAccount:${account.email}
      event-receiving:
        type: gcp:projects:IAMMember
        properties:
          project: my-project-name
          role: roles/eventarc.eventReceiver
          member: serviceAccount:${account.email}
        options:
          dependson:
            - ${invoking}
      artifactregistry-reader:
        type: gcp:projects:IAMMember
        properties:
          project: my-project-name
          role: roles/artifactregistry.reader
          member: serviceAccount:${account.email}
        options:
          dependson:
            - ${["event-receiving"]}
      function:
        type: gcp:cloudfunctionsv2:Function
        properties:
          location: us-central1
          description: a new function
          buildConfig:
            runtime: nodejs12
            entryPoint: entryPoint
            environmentVariables:
              BUILD_CONFIG_TEST: build_test
            source:
              storageSource:
                bucket: ${["source-bucket"].name}
                object: ${object.name}
          serviceConfig:
            maxInstanceCount: 3
            minInstanceCount: 1
            availableMemory: 256M
            timeoutSeconds: 60
            environmentVariables:
              SERVICE_CONFIG_TEST: config_test
            ingressSettings: ALLOW_INTERNAL_ONLY
            allTrafficOnLatestRevision: true
            serviceAccountEmail: ${account.email}
          eventTrigger:
            triggerRegion: us-central1
            eventType: google.cloud.audit.log.v1.written
            retryPolicy: RETRY_POLICY_RETRY
            serviceAccountEmail: ${account.email}
            eventFilters:
              - attribute: serviceName
                value: storage.googleapis.com
              - attribute: methodName
                value: storage.objects.create
              - attribute: resourceName
                value: /projects/_/buckets/${["audit-log-bucket"].name}/objects/*.txt
                operator: match-path-pattern
        options:
          dependson:
            - ${["event-receiving"]}
            - ${["artifactregistry-reader"]}
    

    Create Function Resource

    new Function(name: string, args?: FunctionArgs, opts?: CustomResourceOptions);
    @overload
    def Function(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 build_config: Optional[FunctionBuildConfigArgs] = None,
                 description: Optional[str] = None,
                 event_trigger: Optional[FunctionEventTriggerArgs] = None,
                 kms_key_name: Optional[str] = None,
                 labels: Optional[Mapping[str, str]] = None,
                 location: Optional[str] = None,
                 name: Optional[str] = None,
                 project: Optional[str] = None,
                 service_config: Optional[FunctionServiceConfigArgs] = None)
    @overload
    def Function(resource_name: str,
                 args: Optional[FunctionArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    func NewFunction(ctx *Context, name string, args *FunctionArgs, opts ...ResourceOption) (*Function, error)
    public Function(string name, FunctionArgs? args = null, CustomResourceOptions? opts = null)
    public Function(String name, FunctionArgs args)
    public Function(String name, FunctionArgs args, CustomResourceOptions options)
    
    type: gcp:cloudfunctionsv2:Function
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args FunctionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FunctionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FunctionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FunctionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FunctionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Function Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Function resource accepts the following input properties:

    BuildConfig FunctionBuildConfig

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    Description string

    User-provided description of a function.

    EventTrigger FunctionEventTrigger

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    KmsKeyName string

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    Labels Dictionary<string, string>

    A set of key/value label pairs associated with this Cloud Function.

    Location string

    The location of this cloud function.

    Name string

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    ServiceConfig FunctionServiceConfig

    Describes the Service being deployed. Structure is documented below.

    BuildConfig FunctionBuildConfigArgs

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    Description string

    User-provided description of a function.

    EventTrigger FunctionEventTriggerArgs

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    KmsKeyName string

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    Labels map[string]string

    A set of key/value label pairs associated with this Cloud Function.

    Location string

    The location of this cloud function.

    Name string

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    ServiceConfig FunctionServiceConfigArgs

    Describes the Service being deployed. Structure is documented below.

    buildConfig FunctionBuildConfig

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    description String

    User-provided description of a function.

    eventTrigger FunctionEventTrigger

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    kmsKeyName String

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    labels Map<String,String>

    A set of key/value label pairs associated with this Cloud Function.

    location String

    The location of this cloud function.

    name String

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    serviceConfig FunctionServiceConfig

    Describes the Service being deployed. Structure is documented below.

    buildConfig FunctionBuildConfig

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    description string

    User-provided description of a function.

    eventTrigger FunctionEventTrigger

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    kmsKeyName string

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    labels {[key: string]: string}

    A set of key/value label pairs associated with this Cloud Function.

    location string

    The location of this cloud function.

    name string

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    serviceConfig FunctionServiceConfig

    Describes the Service being deployed. Structure is documented below.

    build_config FunctionBuildConfigArgs

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    description str

    User-provided description of a function.

    event_trigger FunctionEventTriggerArgs

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    kms_key_name str

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    labels Mapping[str, str]

    A set of key/value label pairs associated with this Cloud Function.

    location str

    The location of this cloud function.

    name str

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    project str

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    service_config FunctionServiceConfigArgs

    Describes the Service being deployed. Structure is documented below.

    buildConfig Property Map

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    description String

    User-provided description of a function.

    eventTrigger Property Map

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    kmsKeyName String

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    labels Map<String>

    A set of key/value label pairs associated with this Cloud Function.

    location String

    The location of this cloud function.

    name String

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    serviceConfig Property Map

    Describes the Service being deployed. Structure is documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:

    Environment string

    The environment the function is hosted on.

    Id string

    The provider-assigned unique ID for this managed resource.

    State string

    Describes the current state of the function.

    UpdateTime string

    The last update timestamp of a Cloud Function.

    Url string

    Output only. The deployed url for the function.

    Environment string

    The environment the function is hosted on.

    Id string

    The provider-assigned unique ID for this managed resource.

    State string

    Describes the current state of the function.

    UpdateTime string

    The last update timestamp of a Cloud Function.

    Url string

    Output only. The deployed url for the function.

    environment String

    The environment the function is hosted on.

    id String

    The provider-assigned unique ID for this managed resource.

    state String

    Describes the current state of the function.

    updateTime String

    The last update timestamp of a Cloud Function.

    url String

    Output only. The deployed url for the function.

    environment string

    The environment the function is hosted on.

    id string

    The provider-assigned unique ID for this managed resource.

    state string

    Describes the current state of the function.

    updateTime string

    The last update timestamp of a Cloud Function.

    url string

    Output only. The deployed url for the function.

    environment str

    The environment the function is hosted on.

    id str

    The provider-assigned unique ID for this managed resource.

    state str

    Describes the current state of the function.

    update_time str

    The last update timestamp of a Cloud Function.

    url str

    Output only. The deployed url for the function.

    environment String

    The environment the function is hosted on.

    id String

    The provider-assigned unique ID for this managed resource.

    state String

    Describes the current state of the function.

    updateTime String

    The last update timestamp of a Cloud Function.

    url String

    Output only. The deployed url for the function.

    Look up Existing Function Resource

    Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            build_config: Optional[FunctionBuildConfigArgs] = None,
            description: Optional[str] = None,
            environment: Optional[str] = None,
            event_trigger: Optional[FunctionEventTriggerArgs] = None,
            kms_key_name: Optional[str] = None,
            labels: Optional[Mapping[str, str]] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            project: Optional[str] = None,
            service_config: Optional[FunctionServiceConfigArgs] = None,
            state: Optional[str] = None,
            update_time: Optional[str] = None,
            url: Optional[str] = None) -> Function
    func GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)
    public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)
    public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    BuildConfig FunctionBuildConfig

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    Description string

    User-provided description of a function.

    Environment string

    The environment the function is hosted on.

    EventTrigger FunctionEventTrigger

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    KmsKeyName string

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    Labels Dictionary<string, string>

    A set of key/value label pairs associated with this Cloud Function.

    Location string

    The location of this cloud function.

    Name string

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    ServiceConfig FunctionServiceConfig

    Describes the Service being deployed. Structure is documented below.

    State string

    Describes the current state of the function.

    UpdateTime string

    The last update timestamp of a Cloud Function.

    Url string

    Output only. The deployed url for the function.

    BuildConfig FunctionBuildConfigArgs

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    Description string

    User-provided description of a function.

    Environment string

    The environment the function is hosted on.

    EventTrigger FunctionEventTriggerArgs

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    KmsKeyName string

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    Labels map[string]string

    A set of key/value label pairs associated with this Cloud Function.

    Location string

    The location of this cloud function.

    Name string

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    ServiceConfig FunctionServiceConfigArgs

    Describes the Service being deployed. Structure is documented below.

    State string

    Describes the current state of the function.

    UpdateTime string

    The last update timestamp of a Cloud Function.

    Url string

    Output only. The deployed url for the function.

    buildConfig FunctionBuildConfig

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    description String

    User-provided description of a function.

    environment String

    The environment the function is hosted on.

    eventTrigger FunctionEventTrigger

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    kmsKeyName String

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    labels Map<String,String>

    A set of key/value label pairs associated with this Cloud Function.

    location String

    The location of this cloud function.

    name String

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    serviceConfig FunctionServiceConfig

    Describes the Service being deployed. Structure is documented below.

    state String

    Describes the current state of the function.

    updateTime String

    The last update timestamp of a Cloud Function.

    url String

    Output only. The deployed url for the function.

    buildConfig FunctionBuildConfig

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    description string

    User-provided description of a function.

    environment string

    The environment the function is hosted on.

    eventTrigger FunctionEventTrigger

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    kmsKeyName string

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    labels {[key: string]: string}

    A set of key/value label pairs associated with this Cloud Function.

    location string

    The location of this cloud function.

    name string

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    serviceConfig FunctionServiceConfig

    Describes the Service being deployed. Structure is documented below.

    state string

    Describes the current state of the function.

    updateTime string

    The last update timestamp of a Cloud Function.

    url string

    Output only. The deployed url for the function.

    build_config FunctionBuildConfigArgs

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    description str

    User-provided description of a function.

    environment str

    The environment the function is hosted on.

    event_trigger FunctionEventTriggerArgs

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    kms_key_name str

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    labels Mapping[str, str]

    A set of key/value label pairs associated with this Cloud Function.

    location str

    The location of this cloud function.

    name str

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    project str

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    service_config FunctionServiceConfigArgs

    Describes the Service being deployed. Structure is documented below.

    state str

    Describes the current state of the function.

    update_time str

    The last update timestamp of a Cloud Function.

    url str

    Output only. The deployed url for the function.

    buildConfig Property Map

    Describes the Build step of the function that builds a container from the given source. Structure is documented below.

    description String

    User-provided description of a function.

    environment String

    The environment the function is hosted on.

    eventTrigger Property Map

    An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

    kmsKeyName String

    Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.

    labels Map<String>

    A set of key/value label pairs associated with this Cloud Function.

    location String

    The location of this cloud function.

    name String

    A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.


    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    serviceConfig Property Map

    Describes the Service being deployed. Structure is documented below.

    state String

    Describes the current state of the function.

    updateTime String

    The last update timestamp of a Cloud Function.

    url String

    Output only. The deployed url for the function.

    Supporting Types

    FunctionBuildConfig, FunctionBuildConfigArgs

    Build string

    (Output) The Cloud Build name of the latest successful deployment of the function.

    DockerRepository string

    User managed repository created in Artifact Registry optionally with a customer managed encryption key.

    EntryPoint string

    The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

    EnvironmentVariables Dictionary<string, string>

    User-provided build-time environment variables for the function.

    Runtime string

    The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

    Source FunctionBuildConfigSource

    The location of the function source code. Structure is documented below.

    WorkerPool string

    Name of the Cloud Build Custom Worker Pool that should be used to build the function.

    Build string

    (Output) The Cloud Build name of the latest successful deployment of the function.

    DockerRepository string

    User managed repository created in Artifact Registry optionally with a customer managed encryption key.

    EntryPoint string

    The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

    EnvironmentVariables map[string]string

    User-provided build-time environment variables for the function.

    Runtime string

    The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

    Source FunctionBuildConfigSource

    The location of the function source code. Structure is documented below.

    WorkerPool string

    Name of the Cloud Build Custom Worker Pool that should be used to build the function.

    build String

    (Output) The Cloud Build name of the latest successful deployment of the function.

    dockerRepository String

    User managed repository created in Artifact Registry optionally with a customer managed encryption key.

    entryPoint String

    The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

    environmentVariables Map<String,String>

    User-provided build-time environment variables for the function.

    runtime String

    The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

    source FunctionBuildConfigSource

    The location of the function source code. Structure is documented below.

    workerPool String

    Name of the Cloud Build Custom Worker Pool that should be used to build the function.

    build string

    (Output) The Cloud Build name of the latest successful deployment of the function.

    dockerRepository string

    User managed repository created in Artifact Registry optionally with a customer managed encryption key.

    entryPoint string

    The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

    environmentVariables {[key: string]: string}

    User-provided build-time environment variables for the function.

    runtime string

    The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

    source FunctionBuildConfigSource

    The location of the function source code. Structure is documented below.

    workerPool string

    Name of the Cloud Build Custom Worker Pool that should be used to build the function.

    build str

    (Output) The Cloud Build name of the latest successful deployment of the function.

    docker_repository str

    User managed repository created in Artifact Registry optionally with a customer managed encryption key.

    entry_point str

    The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

    environment_variables Mapping[str, str]

    User-provided build-time environment variables for the function.

    runtime str

    The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

    source FunctionBuildConfigSource

    The location of the function source code. Structure is documented below.

    worker_pool str

    Name of the Cloud Build Custom Worker Pool that should be used to build the function.

    build String

    (Output) The Cloud Build name of the latest successful deployment of the function.

    dockerRepository String

    User managed repository created in Artifact Registry optionally with a customer managed encryption key.

    entryPoint String

    The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

    environmentVariables Map<String>

    User-provided build-time environment variables for the function.

    runtime String

    The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

    source Property Map

    The location of the function source code. Structure is documented below.

    workerPool String

    Name of the Cloud Build Custom Worker Pool that should be used to build the function.

    FunctionBuildConfigSource, FunctionBuildConfigSourceArgs

    RepoSource FunctionBuildConfigSourceRepoSource

    If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

    StorageSource FunctionBuildConfigSourceStorageSource

    If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

    RepoSource FunctionBuildConfigSourceRepoSource

    If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

    StorageSource FunctionBuildConfigSourceStorageSource

    If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

    repoSource FunctionBuildConfigSourceRepoSource

    If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

    storageSource FunctionBuildConfigSourceStorageSource

    If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

    repoSource FunctionBuildConfigSourceRepoSource

    If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

    storageSource FunctionBuildConfigSourceStorageSource

    If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

    repo_source FunctionBuildConfigSourceRepoSource

    If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

    storage_source FunctionBuildConfigSourceStorageSource

    If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

    repoSource Property Map

    If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

    storageSource Property Map

    If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

    FunctionBuildConfigSourceRepoSource, FunctionBuildConfigSourceRepoSourceArgs

    BranchName string

    Regex matching branches to build.

    CommitSha string

    Regex matching tags to build.

    Dir string

    Directory, relative to the source root, in which to run the build.

    InvertRegex bool

    Only trigger a build if the revision regex does NOT match the revision regex.

    ProjectId string

    ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.

    RepoName string

    Name of the Cloud Source Repository.

    TagName string

    Regex matching tags to build.

    BranchName string

    Regex matching branches to build.

    CommitSha string

    Regex matching tags to build.

    Dir string

    Directory, relative to the source root, in which to run the build.

    InvertRegex bool

    Only trigger a build if the revision regex does NOT match the revision regex.

    ProjectId string

    ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.

    RepoName string

    Name of the Cloud Source Repository.

    TagName string

    Regex matching tags to build.

    branchName String

    Regex matching branches to build.

    commitSha String

    Regex matching tags to build.

    dir String

    Directory, relative to the source root, in which to run the build.

    invertRegex Boolean

    Only trigger a build if the revision regex does NOT match the revision regex.

    projectId String

    ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.

    repoName String

    Name of the Cloud Source Repository.

    tagName String

    Regex matching tags to build.

    branchName string

    Regex matching branches to build.

    commitSha string

    Regex matching tags to build.

    dir string

    Directory, relative to the source root, in which to run the build.

    invertRegex boolean

    Only trigger a build if the revision regex does NOT match the revision regex.

    projectId string

    ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.

    repoName string

    Name of the Cloud Source Repository.

    tagName string

    Regex matching tags to build.

    branch_name str

    Regex matching branches to build.

    commit_sha str

    Regex matching tags to build.

    dir str

    Directory, relative to the source root, in which to run the build.

    invert_regex bool

    Only trigger a build if the revision regex does NOT match the revision regex.

    project_id str

    ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.

    repo_name str

    Name of the Cloud Source Repository.

    tag_name str

    Regex matching tags to build.

    branchName String

    Regex matching branches to build.

    commitSha String

    Regex matching tags to build.

    dir String

    Directory, relative to the source root, in which to run the build.

    invertRegex Boolean

    Only trigger a build if the revision regex does NOT match the revision regex.

    projectId String

    ID of the project that owns the Cloud Source Repository. If omitted, the project ID requesting the build is assumed.

    repoName String

    Name of the Cloud Source Repository.

    tagName String

    Regex matching tags to build.

    FunctionBuildConfigSourceStorageSource, FunctionBuildConfigSourceStorageSourceArgs

    Bucket string

    Google Cloud Storage bucket containing the source

    Generation int

    Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

    Object string

    Google Cloud Storage object containing the source.

    Bucket string

    Google Cloud Storage bucket containing the source

    Generation int

    Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

    Object string

    Google Cloud Storage object containing the source.

    bucket String

    Google Cloud Storage bucket containing the source

    generation Integer

    Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

    object String

    Google Cloud Storage object containing the source.

    bucket string

    Google Cloud Storage bucket containing the source

    generation number

    Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

    object string

    Google Cloud Storage object containing the source.

    bucket str

    Google Cloud Storage bucket containing the source

    generation int

    Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

    object str

    Google Cloud Storage object containing the source.

    bucket String

    Google Cloud Storage bucket containing the source

    generation Number

    Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

    object String

    Google Cloud Storage object containing the source.

    FunctionEventTrigger, FunctionEventTriggerArgs

    EventFilters List<FunctionEventTriggerEventFilter>

    Criteria used to filter events. Structure is documented below.

    EventType string

    Required. The type of event to observe.

    PubsubTopic string

    The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

    RetryPolicy string

    Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY.

    ServiceAccountEmail string

    The email of the service account for this function.

    Trigger string

    (Output) Output only. The resource name of the Eventarc trigger.

    TriggerRegion string

    The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

    EventFilters []FunctionEventTriggerEventFilter

    Criteria used to filter events. Structure is documented below.

    EventType string

    Required. The type of event to observe.

    PubsubTopic string

    The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

    RetryPolicy string

    Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY.

    ServiceAccountEmail string

    The email of the service account for this function.

    Trigger string

    (Output) Output only. The resource name of the Eventarc trigger.

    TriggerRegion string

    The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

    eventFilters List<FunctionEventTriggerEventFilter>

    Criteria used to filter events. Structure is documented below.

    eventType String

    Required. The type of event to observe.

    pubsubTopic String

    The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

    retryPolicy String

    Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY.

    serviceAccountEmail String

    The email of the service account for this function.

    trigger String

    (Output) Output only. The resource name of the Eventarc trigger.

    triggerRegion String

    The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

    eventFilters FunctionEventTriggerEventFilter[]

    Criteria used to filter events. Structure is documented below.

    eventType string

    Required. The type of event to observe.

    pubsubTopic string

    The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

    retryPolicy string

    Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY.

    serviceAccountEmail string

    The email of the service account for this function.

    trigger string

    (Output) Output only. The resource name of the Eventarc trigger.

    triggerRegion string

    The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

    event_filters Sequence[FunctionEventTriggerEventFilter]

    Criteria used to filter events. Structure is documented below.

    event_type str

    Required. The type of event to observe.

    pubsub_topic str

    The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

    retry_policy str

    Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY.

    service_account_email str

    The email of the service account for this function.

    trigger str

    (Output) Output only. The resource name of the Eventarc trigger.

    trigger_region str

    The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

    eventFilters List<Property Map>

    Criteria used to filter events. Structure is documented below.

    eventType String

    Required. The type of event to observe.

    pubsubTopic String

    The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

    retryPolicy String

    Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are: RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, RETRY_POLICY_RETRY.

    serviceAccountEmail String

    The email of the service account for this function.

    trigger String

    (Output) Output only. The resource name of the Eventarc trigger.

    triggerRegion String

    The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

    FunctionEventTriggerEventFilter, FunctionEventTriggerEventFilterArgs

    Attribute string

    'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

    Value string

    Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

    Operator string

    Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

    Attribute string

    'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

    Value string

    Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

    Operator string

    Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

    attribute String

    'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

    value String

    Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

    operator String

    Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

    attribute string

    'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

    value string

    Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

    operator string

    Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

    attribute str

    'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

    value str

    Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

    operator str

    Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

    attribute String

    'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

    value String

    Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

    operator String

    Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

    FunctionServiceConfig, FunctionServiceConfigArgs

    AllTrafficOnLatestRevision bool

    Whether 100% of traffic is routed to the latest revision. Defaults to true.

    AvailableCpu string

    The number of CPUs used in a single container instance. Default value is calculated from available memory.

    AvailableMemory string

    The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

    EnvironmentVariables Dictionary<string, string>

    Environment variables that shall be available during function execution.

    GcfUri string

    (Output) URIs of the Service deployed

    IngressSettings string

    Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are: ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB.

    MaxInstanceCount int

    The limit on the maximum number of function instances that may coexist at a given time.

    MaxInstanceRequestConcurrency int

    Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.

    MinInstanceCount int

    The limit on the minimum number of function instances that may coexist at a given time.

    SecretEnvironmentVariables List<FunctionServiceConfigSecretEnvironmentVariable>

    Secret environment variables configuration. Structure is documented below.

    SecretVolumes List<FunctionServiceConfigSecretVolume>

    Secret volumes configuration. Structure is documented below.

    Service string

    Name of the service associated with a Function.

    ServiceAccountEmail string

    The email of the service account for this function.

    TimeoutSeconds int

    The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

    Uri string

    (Output) URI of the Service deployed.

    VpcConnector string

    The Serverless VPC Access connector that this cloud function can connect to.

    VpcConnectorEgressSettings string

    Available egress settings. Possible values are: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC.

    AllTrafficOnLatestRevision bool

    Whether 100% of traffic is routed to the latest revision. Defaults to true.

    AvailableCpu string

    The number of CPUs used in a single container instance. Default value is calculated from available memory.

    AvailableMemory string

    The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

    EnvironmentVariables map[string]string

    Environment variables that shall be available during function execution.

    GcfUri string

    (Output) URIs of the Service deployed

    IngressSettings string

    Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are: ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB.

    MaxInstanceCount int

    The limit on the maximum number of function instances that may coexist at a given time.

    MaxInstanceRequestConcurrency int

    Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.

    MinInstanceCount int

    The limit on the minimum number of function instances that may coexist at a given time.

    SecretEnvironmentVariables []FunctionServiceConfigSecretEnvironmentVariable

    Secret environment variables configuration. Structure is documented below.

    SecretVolumes []FunctionServiceConfigSecretVolume

    Secret volumes configuration. Structure is documented below.

    Service string

    Name of the service associated with a Function.

    ServiceAccountEmail string

    The email of the service account for this function.

    TimeoutSeconds int

    The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

    Uri string

    (Output) URI of the Service deployed.

    VpcConnector string

    The Serverless VPC Access connector that this cloud function can connect to.

    VpcConnectorEgressSettings string

    Available egress settings. Possible values are: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC.

    allTrafficOnLatestRevision Boolean

    Whether 100% of traffic is routed to the latest revision. Defaults to true.

    availableCpu String

    The number of CPUs used in a single container instance. Default value is calculated from available memory.

    availableMemory String

    The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

    environmentVariables Map<String,String>

    Environment variables that shall be available during function execution.

    gcfUri String

    (Output) URIs of the Service deployed

    ingressSettings String

    Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are: ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB.

    maxInstanceCount Integer

    The limit on the maximum number of function instances that may coexist at a given time.

    maxInstanceRequestConcurrency Integer

    Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.

    minInstanceCount Integer

    The limit on the minimum number of function instances that may coexist at a given time.

    secretEnvironmentVariables List<FunctionServiceConfigSecretEnvironmentVariable>

    Secret environment variables configuration. Structure is documented below.

    secretVolumes List<FunctionServiceConfigSecretVolume>

    Secret volumes configuration. Structure is documented below.

    service String

    Name of the service associated with a Function.

    serviceAccountEmail String

    The email of the service account for this function.

    timeoutSeconds Integer

    The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

    uri String

    (Output) URI of the Service deployed.

    vpcConnector String

    The Serverless VPC Access connector that this cloud function can connect to.

    vpcConnectorEgressSettings String

    Available egress settings. Possible values are: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC.

    allTrafficOnLatestRevision boolean

    Whether 100% of traffic is routed to the latest revision. Defaults to true.

    availableCpu string

    The number of CPUs used in a single container instance. Default value is calculated from available memory.

    availableMemory string

    The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

    environmentVariables {[key: string]: string}

    Environment variables that shall be available during function execution.

    gcfUri string

    (Output) URIs of the Service deployed

    ingressSettings string

    Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are: ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB.

    maxInstanceCount number

    The limit on the maximum number of function instances that may coexist at a given time.

    maxInstanceRequestConcurrency number

    Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.

    minInstanceCount number

    The limit on the minimum number of function instances that may coexist at a given time.

    secretEnvironmentVariables FunctionServiceConfigSecretEnvironmentVariable[]

    Secret environment variables configuration. Structure is documented below.

    secretVolumes FunctionServiceConfigSecretVolume[]

    Secret volumes configuration. Structure is documented below.

    service string

    Name of the service associated with a Function.

    serviceAccountEmail string

    The email of the service account for this function.

    timeoutSeconds number

    The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

    uri string

    (Output) URI of the Service deployed.

    vpcConnector string

    The Serverless VPC Access connector that this cloud function can connect to.

    vpcConnectorEgressSettings string

    Available egress settings. Possible values are: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC.

    all_traffic_on_latest_revision bool

    Whether 100% of traffic is routed to the latest revision. Defaults to true.

    available_cpu str

    The number of CPUs used in a single container instance. Default value is calculated from available memory.

    available_memory str

    The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

    environment_variables Mapping[str, str]

    Environment variables that shall be available during function execution.

    gcf_uri str

    (Output) URIs of the Service deployed

    ingress_settings str

    Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are: ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB.

    max_instance_count int

    The limit on the maximum number of function instances that may coexist at a given time.

    max_instance_request_concurrency int

    Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.

    min_instance_count int

    The limit on the minimum number of function instances that may coexist at a given time.

    secret_environment_variables Sequence[FunctionServiceConfigSecretEnvironmentVariable]

    Secret environment variables configuration. Structure is documented below.

    secret_volumes Sequence[FunctionServiceConfigSecretVolume]

    Secret volumes configuration. Structure is documented below.

    service str

    Name of the service associated with a Function.

    service_account_email str

    The email of the service account for this function.

    timeout_seconds int

    The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

    uri str

    (Output) URI of the Service deployed.

    vpc_connector str

    The Serverless VPC Access connector that this cloud function can connect to.

    vpc_connector_egress_settings str

    Available egress settings. Possible values are: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC.

    allTrafficOnLatestRevision Boolean

    Whether 100% of traffic is routed to the latest revision. Defaults to true.

    availableCpu String

    The number of CPUs used in a single container instance. Default value is calculated from available memory.

    availableMemory String

    The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

    environmentVariables Map<String>

    Environment variables that shall be available during function execution.

    gcfUri String

    (Output) URIs of the Service deployed

    ingressSettings String

    Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are: ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB.

    maxInstanceCount Number

    The limit on the maximum number of function instances that may coexist at a given time.

    maxInstanceRequestConcurrency Number

    Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.

    minInstanceCount Number

    The limit on the minimum number of function instances that may coexist at a given time.

    secretEnvironmentVariables List<Property Map>

    Secret environment variables configuration. Structure is documented below.

    secretVolumes List<Property Map>

    Secret volumes configuration. Structure is documented below.

    service String

    Name of the service associated with a Function.

    serviceAccountEmail String

    The email of the service account for this function.

    timeoutSeconds Number

    The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

    uri String

    (Output) URI of the Service deployed.

    vpcConnector String

    The Serverless VPC Access connector that this cloud function can connect to.

    vpcConnectorEgressSettings String

    Available egress settings. Possible values are: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC.

    FunctionServiceConfigSecretEnvironmentVariable, FunctionServiceConfigSecretEnvironmentVariableArgs

    Key string

    Name of the environment variable.

    ProjectId string

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    Secret string

    Name of the secret in secret manager (not the full resource name).

    Version string

    Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.

    Key string

    Name of the environment variable.

    ProjectId string

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    Secret string

    Name of the secret in secret manager (not the full resource name).

    Version string

    Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.

    key String

    Name of the environment variable.

    projectId String

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    secret String

    Name of the secret in secret manager (not the full resource name).

    version String

    Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.

    key string

    Name of the environment variable.

    projectId string

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    secret string

    Name of the secret in secret manager (not the full resource name).

    version string

    Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.

    key str

    Name of the environment variable.

    project_id str

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    secret str

    Name of the secret in secret manager (not the full resource name).

    version str

    Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.

    key String

    Name of the environment variable.

    projectId String

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    secret String

    Name of the secret in secret manager (not the full resource name).

    version String

    Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.

    FunctionServiceConfigSecretVolume, FunctionServiceConfigSecretVolumeArgs

    MountPath string

    The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

    ProjectId string

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    Secret string

    Name of the secret in secret manager (not the full resource name).

    Versions List<FunctionServiceConfigSecretVolumeVersion>

    List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

    MountPath string

    The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

    ProjectId string

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    Secret string

    Name of the secret in secret manager (not the full resource name).

    Versions []FunctionServiceConfigSecretVolumeVersion

    List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

    mountPath String

    The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

    projectId String

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    secret String

    Name of the secret in secret manager (not the full resource name).

    versions List<FunctionServiceConfigSecretVolumeVersion>

    List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

    mountPath string

    The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

    projectId string

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    secret string

    Name of the secret in secret manager (not the full resource name).

    versions FunctionServiceConfigSecretVolumeVersion[]

    List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

    mount_path str

    The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

    project_id str

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    secret str

    Name of the secret in secret manager (not the full resource name).

    versions Sequence[FunctionServiceConfigSecretVolumeVersion]

    List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

    mountPath String

    The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

    projectId String

    Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

    secret String

    Name of the secret in secret manager (not the full resource name).

    versions List<Property Map>

    List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

    FunctionServiceConfigSecretVolumeVersion, FunctionServiceConfigSecretVolumeVersionArgs

    Path string

    Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

    Version string

    Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

    Path string

    Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

    Version string

    Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

    path String

    Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

    version String

    Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

    path string

    Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

    version string

    Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

    path str

    Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

    version str

    Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

    path String

    Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

    version String

    Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

    Import

    function can be imported using any of these accepted formats

     $ pulumi import gcp:cloudfunctionsv2/function:Function default projects/{{project}}/locations/{{location}}/functions/{{name}}
    
     $ pulumi import gcp:cloudfunctionsv2/function:Function default {{project}}/{{location}}/{{name}}
    
     $ pulumi import gcp:cloudfunctionsv2/function:Function default {{location}}/{{name}}
    

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the google-beta Terraform Provider.

    gcp logo
    Google Cloud Classic v6.66.0 published on Monday, Sep 18, 2023 by Pulumi