Google Cloud (GCP) Classic

v6.44.0 published on Tuesday, Nov 29, 2022 by Pulumi

Function

A Cloud Function that contains user computation executed in response to an event.

To get more information about function, see:

Example Usage

Cloudfunctions2 Basic Gcs

using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    // [START functions_v2_basic_gcs]
    var source_bucket = new Gcp.Storage.Bucket("source-bucket", new()
    {
        Location = "US",
        UniformBucketLevelAccess = true,
    });

    var @object = new Gcp.Storage.BucketObject("object", new()
    {
        Bucket = source_bucket.Name,
        Source = new FileAsset("function-source.zip"),
    });

    // Add path to the zipped function source code
    var trigger_bucket = new Gcp.Storage.Bucket("trigger-bucket", new()
    {
        Location = "us-central1",
        UniformBucketLevelAccess = true,
    });

    var gcsAccount = Gcp.Storage.GetProjectServiceAccount.Invoke();

    // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
    // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
    var gcs_pubsub_publishing = new Gcp.Projects.IAMMember("gcs-pubsub-publishing", new()
    {
        Project = "my-project-name",
        Role = "roles/pubsub.publisher",
        Member = $"serviceAccount:{gcsAccount.Apply(getProjectServiceAccountResult => getProjectServiceAccountResult.EmailAddress)}",
    });

    var account = new Gcp.ServiceAccount.Account("account", new()
    {
        AccountId = "sa",
        DisplayName = "Test Service Account - used for both the cloud function and eventarc trigger in the test",
    });

    // Permissions on the service account used by the function and Eventarc trigger
    var invoking = new Gcp.Projects.IAMMember("invoking", new()
    {
        Project = "my-project-name",
        Role = "roles/run.invoker",
        Member = account.Email.Apply(email => $"serviceAccount:{email}"),
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            gcs_pubsub_publishing,
        },
    });

    var event_receiving = new Gcp.Projects.IAMMember("event-receiving", new()
    {
        Project = "my-project-name",
        Role = "roles/eventarc.eventReceiver",
        Member = account.Email.Apply(email => $"serviceAccount:{email}"),
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            invoking,
        },
    });

    var artifactregistry_reader = new Gcp.Projects.IAMMember("artifactregistry-reader", new()
    {
        Project = "my-project-name",
        Role = "roles/artifactregistry.reader",
        Member = account.Email.Apply(email => $"serviceAccount:{email}"),
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            event_receiving,
        },
    });

    var function = new Gcp.CloudFunctionsV2.Function("function", new()
    {
        Location = "us-central1",
        Description = "a new function",
        BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs
        {
            Runtime = "nodejs12",
            EntryPoint = "entryPoint",
            EnvironmentVariables = 
            {
                { "BUILD_CONFIG_TEST", "build_test" },
            },
            Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs
            {
                StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs
                {
                    Bucket = source_bucket.Name,
                    Object = @object.Name,
                },
            },
        },
        ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs
        {
            MaxInstanceCount = 3,
            MinInstanceCount = 1,
            AvailableMemory = "256M",
            TimeoutSeconds = 60,
            EnvironmentVariables = 
            {
                { "SERVICE_CONFIG_TEST", "config_test" },
            },
            IngressSettings = "ALLOW_INTERNAL_ONLY",
            AllTrafficOnLatestRevision = true,
            ServiceAccountEmail = account.Email,
        },
        EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs
        {
            TriggerRegion = "us-central1",
            EventType = "google.cloud.storage.object.v1.finalized",
            RetryPolicy = "RETRY_POLICY_RETRY",
            ServiceAccountEmail = account.Email,
            EventFilters = new[]
            {
                new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
                {
                    Attribute = "bucket",
                    Value = trigger_bucket.Name,
                },
            },
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            event_receiving,
            artifactregistry_reader,
        },
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/cloudfunctionsv2"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.NewBucket(ctx, "source-bucket", &storage.BucketArgs{
			Location:                 pulumi.String("US"),
			UniformBucketLevelAccess: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		object, err := storage.NewBucketObject(ctx, "object", &storage.BucketObjectArgs{
			Bucket: source_bucket.Name,
			Source: pulumi.NewFileAsset("function-source.zip"),
		})
		if err != nil {
			return err
		}
		_, err = storage.NewBucket(ctx, "trigger-bucket", &storage.BucketArgs{
			Location:                 pulumi.String("us-central1"),
			UniformBucketLevelAccess: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		gcsAccount, err := storage.GetProjectServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = projects.NewIAMMember(ctx, "gcs-pubsub-publishing", &projects.IAMMemberArgs{
			Project: pulumi.String("my-project-name"),
			Role:    pulumi.String("roles/pubsub.publisher"),
			Member:  pulumi.String(fmt.Sprintf("serviceAccount:%v", gcsAccount.EmailAddress)),
		})
		if err != nil {
			return err
		}
		account, err := serviceAccount.NewAccount(ctx, "account", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("sa"),
			DisplayName: pulumi.String("Test Service Account - used for both the cloud function and eventarc trigger in the test"),
		})
		if err != nil {
			return err
		}
		invoking, err := projects.NewIAMMember(ctx, "invoking", &projects.IAMMemberArgs{
			Project: pulumi.String("my-project-name"),
			Role:    pulumi.String("roles/run.invoker"),
			Member: account.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("serviceAccount:%v", email), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			gcs_pubsub_publishing,
		}))
		if err != nil {
			return err
		}
		_, err = projects.NewIAMMember(ctx, "event-receiving", &projects.IAMMemberArgs{
			Project: pulumi.String("my-project-name"),
			Role:    pulumi.String("roles/eventarc.eventReceiver"),
			Member: account.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("serviceAccount:%v", email), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			invoking,
		}))
		if err != nil {
			return err
		}
		_, err = projects.NewIAMMember(ctx, "artifactregistry-reader", &projects.IAMMemberArgs{
			Project: pulumi.String("my-project-name"),
			Role:    pulumi.String("roles/artifactregistry.reader"),
			Member: account.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("serviceAccount:%v", email), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			event_receiving,
		}))
		if err != nil {
			return err
		}
		_, err = cloudfunctionsv2.NewFunction(ctx, "function", &cloudfunctionsv2.FunctionArgs{
			Location:    pulumi.String("us-central1"),
			Description: pulumi.String("a new function"),
			BuildConfig: &cloudfunctionsv2.FunctionBuildConfigArgs{
				Runtime:    pulumi.String("nodejs12"),
				EntryPoint: pulumi.String("entryPoint"),
				EnvironmentVariables: pulumi.StringMap{
					"BUILD_CONFIG_TEST": pulumi.String("build_test"),
				},
				Source: &cloudfunctionsv2.FunctionBuildConfigSourceArgs{
					StorageSource: &cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{
						Bucket: source_bucket.Name,
						Object: object.Name,
					},
				},
			},
			ServiceConfig: &cloudfunctionsv2.FunctionServiceConfigArgs{
				MaxInstanceCount: pulumi.Int(3),
				MinInstanceCount: pulumi.Int(1),
				AvailableMemory:  pulumi.String("256M"),
				TimeoutSeconds:   pulumi.Int(60),
				EnvironmentVariables: pulumi.StringMap{
					"SERVICE_CONFIG_TEST": pulumi.String("config_test"),
				},
				IngressSettings:            pulumi.String("ALLOW_INTERNAL_ONLY"),
				AllTrafficOnLatestRevision: pulumi.Bool(true),
				ServiceAccountEmail:        account.Email,
			},
			EventTrigger: &cloudfunctionsv2.FunctionEventTriggerArgs{
				TriggerRegion:       pulumi.String("us-central1"),
				EventType:           pulumi.String("google.cloud.storage.object.v1.finalized"),
				RetryPolicy:         pulumi.String("RETRY_POLICY_RETRY"),
				ServiceAccountEmail: account.Email,
				EventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{
					&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
						Attribute: pulumi.String("bucket"),
						Value:     trigger_bucket.Name,
					},
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			event_receiving,
			artifactregistry_reader,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.accessapproval.inputs.GetProjectServiceAccountArgs;
import com.pulumi.gcp.projects.IAMMember;
import com.pulumi.gcp.projects.IAMMemberArgs;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.cloudfunctionsv2.Function;
import com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;
import com.pulumi.resources.CustomResourceOptions;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var source_bucket = new Bucket("source-bucket", BucketArgs.builder()        
            .location("US")
            .uniformBucketLevelAccess(true)
            .build());

        var object = new BucketObject("object", BucketObjectArgs.builder()        
            .bucket(source_bucket.name())
            .source(new FileAsset("function-source.zip"))
            .build());

        var trigger_bucket = new Bucket("trigger-bucket", BucketArgs.builder()        
            .location("us-central1")
            .uniformBucketLevelAccess(true)
            .build());

        final var gcsAccount = StorageFunctions.getProjectServiceAccount();

        var gcs_pubsub_publishing = new IAMMember("gcs-pubsub-publishing", IAMMemberArgs.builder()        
            .project("my-project-name")
            .role("roles/pubsub.publisher")
            .member(String.format("serviceAccount:%s", gcsAccount.applyValue(getProjectServiceAccountResult -> getProjectServiceAccountResult.emailAddress())))
            .build());

        var account = new Account("account", AccountArgs.builder()        
            .accountId("sa")
            .displayName("Test Service Account - used for both the cloud function and eventarc trigger in the test")
            .build());

        var invoking = new IAMMember("invoking", IAMMemberArgs.builder()        
            .project("my-project-name")
            .role("roles/run.invoker")
            .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
            .build(), CustomResourceOptions.builder()
                .dependsOn(gcs_pubsub_publishing)
                .build());

        var event_receiving = new IAMMember("event-receiving", IAMMemberArgs.builder()        
            .project("my-project-name")
            .role("roles/eventarc.eventReceiver")
            .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
            .build(), CustomResourceOptions.builder()
                .dependsOn(invoking)
                .build());

        var artifactregistry_reader = new IAMMember("artifactregistry-reader", IAMMemberArgs.builder()        
            .project("my-project-name")
            .role("roles/artifactregistry.reader")
            .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
            .build(), CustomResourceOptions.builder()
                .dependsOn(event_receiving)
                .build());

        var function = new Function("function", FunctionArgs.builder()        
            .location("us-central1")
            .description("a new function")
            .buildConfig(FunctionBuildConfigArgs.builder()
                .runtime("nodejs12")
                .entryPoint("entryPoint")
                .environmentVariables(Map.of("BUILD_CONFIG_TEST", "build_test"))
                .source(FunctionBuildConfigSourceArgs.builder()
                    .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()
                        .bucket(source_bucket.name())
                        .object(object.name())
                        .build())
                    .build())
                .build())
            .serviceConfig(FunctionServiceConfigArgs.builder()
                .maxInstanceCount(3)
                .minInstanceCount(1)
                .availableMemory("256M")
                .timeoutSeconds(60)
                .environmentVariables(Map.of("SERVICE_CONFIG_TEST", "config_test"))
                .ingressSettings("ALLOW_INTERNAL_ONLY")
                .allTrafficOnLatestRevision(true)
                .serviceAccountEmail(account.email())
                .build())
            .eventTrigger(FunctionEventTriggerArgs.builder()
                .triggerRegion("us-central1")
                .eventType("google.cloud.storage.object.v1.finalized")
                .retryPolicy("RETRY_POLICY_RETRY")
                .serviceAccountEmail(account.email())
                .eventFilters(FunctionEventTriggerEventFilterArgs.builder()
                    .attribute("bucket")
                    .value(trigger_bucket.name())
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(                
                    event_receiving,
                    artifactregistry_reader)
                .build());

    }
}
import pulumi
import pulumi_gcp as gcp

# [START functions_v2_basic_gcs]
source_bucket = gcp.storage.Bucket("source-bucket",
    location="US",
    uniform_bucket_level_access=True)
object = gcp.storage.BucketObject("object",
    bucket=source_bucket.name,
    source=pulumi.FileAsset("function-source.zip"))
# Add path to the zipped function source code
trigger_bucket = gcp.storage.Bucket("trigger-bucket",
    location="us-central1",
    uniform_bucket_level_access=True)
gcs_account = gcp.storage.get_project_service_account()
# To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
# (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
gcs_pubsub_publishing = gcp.projects.IAMMember("gcs-pubsub-publishing",
    project="my-project-name",
    role="roles/pubsub.publisher",
    member=f"serviceAccount:{gcs_account.email_address}")
account = gcp.service_account.Account("account",
    account_id="sa",
    display_name="Test Service Account - used for both the cloud function and eventarc trigger in the test")
# Permissions on the service account used by the function and Eventarc trigger
invoking = gcp.projects.IAMMember("invoking",
    project="my-project-name",
    role="roles/run.invoker",
    member=account.email.apply(lambda email: f"serviceAccount:{email}"),
    opts=pulumi.ResourceOptions(depends_on=[gcs_pubsub_publishing]))
event_receiving = gcp.projects.IAMMember("event-receiving",
    project="my-project-name",
    role="roles/eventarc.eventReceiver",
    member=account.email.apply(lambda email: f"serviceAccount:{email}"),
    opts=pulumi.ResourceOptions(depends_on=[invoking]))
artifactregistry_reader = gcp.projects.IAMMember("artifactregistry-reader",
    project="my-project-name",
    role="roles/artifactregistry.reader",
    member=account.email.apply(lambda email: f"serviceAccount:{email}"),
    opts=pulumi.ResourceOptions(depends_on=[event_receiving]))
function = gcp.cloudfunctionsv2.Function("function",
    location="us-central1",
    description="a new function",
    build_config=gcp.cloudfunctionsv2.FunctionBuildConfigArgs(
        runtime="nodejs12",
        entry_point="entryPoint",
        environment_variables={
            "BUILD_CONFIG_TEST": "build_test",
        },
        source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceArgs(
            storage_source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs(
                bucket=source_bucket.name,
                object=object.name,
            ),
        ),
    ),
    service_config=gcp.cloudfunctionsv2.FunctionServiceConfigArgs(
        max_instance_count=3,
        min_instance_count=1,
        available_memory="256M",
        timeout_seconds=60,
        environment_variables={
            "SERVICE_CONFIG_TEST": "config_test",
        },
        ingress_settings="ALLOW_INTERNAL_ONLY",
        all_traffic_on_latest_revision=True,
        service_account_email=account.email,
    ),
    event_trigger=gcp.cloudfunctionsv2.FunctionEventTriggerArgs(
        trigger_region="us-central1",
        event_type="google.cloud.storage.object.v1.finalized",
        retry_policy="RETRY_POLICY_RETRY",
        service_account_email=account.email,
        event_filters=[gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
            attribute="bucket",
            value=trigger_bucket.name,
        )],
    ),
    opts=pulumi.ResourceOptions(depends_on=[
            event_receiving,
            artifactregistry_reader,
        ]))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// [START functions_v2_basic_gcs]
const source_bucket = new gcp.storage.Bucket("source-bucket", {
    location: "US",
    uniformBucketLevelAccess: true,
});
const object = new gcp.storage.BucketObject("object", {
    bucket: source_bucket.name,
    source: new pulumi.asset.FileAsset("function-source.zip"),
});
// Add path to the zipped function source code
const trigger_bucket = new gcp.storage.Bucket("trigger-bucket", {
    location: "us-central1",
    uniformBucketLevelAccess: true,
});
const gcsAccount = gcp.storage.getProjectServiceAccount({});
// To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
// (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
const gcs_pubsub_publishing = new gcp.projects.IAMMember("gcs-pubsub-publishing", {
    project: "my-project-name",
    role: "roles/pubsub.publisher",
    member: gcsAccount.then(gcsAccount => `serviceAccount:${gcsAccount.emailAddress}`),
});
const account = new gcp.serviceaccount.Account("account", {
    accountId: "sa",
    displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test",
});
// Permissions on the service account used by the function and Eventarc trigger
const invoking = new gcp.projects.IAMMember("invoking", {
    project: "my-project-name",
    role: "roles/run.invoker",
    member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
    dependsOn: [gcs_pubsub_publishing],
});
const event_receiving = new gcp.projects.IAMMember("event-receiving", {
    project: "my-project-name",
    role: "roles/eventarc.eventReceiver",
    member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
    dependsOn: [invoking],
});
const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", {
    project: "my-project-name",
    role: "roles/artifactregistry.reader",
    member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
    dependsOn: [event_receiving],
});
const _function = new gcp.cloudfunctionsv2.Function("function", {
    location: "us-central1",
    description: "a new function",
    buildConfig: {
        runtime: "nodejs12",
        entryPoint: "entryPoint",
        environmentVariables: {
            BUILD_CONFIG_TEST: "build_test",
        },
        source: {
            storageSource: {
                bucket: source_bucket.name,
                object: object.name,
            },
        },
    },
    serviceConfig: {
        maxInstanceCount: 3,
        minInstanceCount: 1,
        availableMemory: "256M",
        timeoutSeconds: 60,
        environmentVariables: {
            SERVICE_CONFIG_TEST: "config_test",
        },
        ingressSettings: "ALLOW_INTERNAL_ONLY",
        allTrafficOnLatestRevision: true,
        serviceAccountEmail: account.email,
    },
    eventTrigger: {
        triggerRegion: "us-central1",
        eventType: "google.cloud.storage.object.v1.finalized",
        retryPolicy: "RETRY_POLICY_RETRY",
        serviceAccountEmail: account.email,
        eventFilters: [{
            attribute: "bucket",
            value: trigger_bucket.name,
        }],
    },
}, {
    dependsOn: [
        event_receiving,
        artifactregistry_reader,
    ],
});
resources:
  # [START functions_v2_basic_gcs]
  source-bucket:
    type: gcp:storage:Bucket
    properties:
      location: US
      uniformBucketLevelAccess: true
  object:
    type: gcp:storage:BucketObject
    properties:
      bucket: ${["source-bucket"].name}
      source:
        fn::FileAsset: function-source.zip
  trigger-bucket:
    type: gcp:storage:Bucket
    properties:
      location: us-central1
      # The trigger must be in the same location as the bucket
      uniformBucketLevelAccess: true
  # To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
  # (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
  gcs-pubsub-publishing:
    type: gcp:projects:IAMMember
    properties:
      project: my-project-name
      role: roles/pubsub.publisher
      member: serviceAccount:${gcsAccount.emailAddress}
  account:
    type: gcp:serviceAccount:Account
    properties:
      accountId: sa
      displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test
  # Permissions on the service account used by the function and Eventarc trigger
  invoking:
    type: gcp:projects:IAMMember
    properties:
      project: my-project-name
      role: roles/run.invoker
      member: serviceAccount:${account.email}
    options:
      dependson:
        - ${["gcs-pubsub-publishing"]}
  event-receiving:
    type: gcp:projects:IAMMember
    properties:
      project: my-project-name
      role: roles/eventarc.eventReceiver
      member: serviceAccount:${account.email}
    options:
      dependson:
        - ${invoking}
  artifactregistry-reader:
    type: gcp:projects:IAMMember
    properties:
      project: my-project-name
      role: roles/artifactregistry.reader
      member: serviceAccount:${account.email}
    options:
      dependson:
        - ${["event-receiving"]}
  function:
    type: gcp:cloudfunctionsv2:Function
    properties:
      location: us-central1
      description: a new function
      buildConfig:
        runtime: nodejs12
        entryPoint: entryPoint
        environmentVariables:
          BUILD_CONFIG_TEST: build_test
        source:
          storageSource:
            bucket: ${["source-bucket"].name}
            object: ${object.name}
      serviceConfig:
        maxInstanceCount: 3
        minInstanceCount: 1
        availableMemory: 256M
        timeoutSeconds: 60
        environmentVariables:
          SERVICE_CONFIG_TEST: config_test
        ingressSettings: ALLOW_INTERNAL_ONLY
        allTrafficOnLatestRevision: true
        serviceAccountEmail: ${account.email}
      eventTrigger:
        triggerRegion: us-central1
        eventType: google.cloud.storage.object.v1.finalized
        retryPolicy: RETRY_POLICY_RETRY
        serviceAccountEmail: ${account.email}
        eventFilters:
          - attribute: bucket
            value: ${["trigger-bucket"].name}
    options:
      dependson:
        - ${["event-receiving"]}
        - ${["artifactregistry-reader"]}
variables:
  gcsAccount:
    fn::invoke:
      Function: gcp:storage:getProjectServiceAccount
      Arguments: {}

Cloudfunctions2 Basic Auditlogs

using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    // [START functions_v2_basic_auditlogs]
    // This example follows the examples shown in this Google Cloud Community blog post
    // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
    // and the docs:
    // https://cloud.google.com/eventarc/docs/path-patterns
    var source_bucket = new Gcp.Storage.Bucket("source-bucket", new()
    {
        Location = "US",
        UniformBucketLevelAccess = true,
    });

    var @object = new Gcp.Storage.BucketObject("object", new()
    {
        Bucket = source_bucket.Name,
        Source = new FileAsset("function-source.zip"),
    });

    // Add path to the zipped function source code
    var account = new Gcp.ServiceAccount.Account("account", new()
    {
        AccountId = "gcf-sa",
        DisplayName = "Test Service Account - used for both the cloud function and eventarc trigger in the test",
    });

    // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
    // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
    // google_cloudfunctions2_function below (Audit Log events have path pattern support)
    var audit_log_bucket = new Gcp.Storage.Bucket("audit-log-bucket", new()
    {
        Location = "us-central1",
        UniformBucketLevelAccess = true,
    });

    // Permissions on the service account used by the function and Eventarc trigger
    var invoking = new Gcp.Projects.IAMMember("invoking", new()
    {
        Project = "my-project-name",
        Role = "roles/run.invoker",
        Member = account.Email.Apply(email => $"serviceAccount:{email}"),
    });

    var event_receiving = new Gcp.Projects.IAMMember("event-receiving", new()
    {
        Project = "my-project-name",
        Role = "roles/eventarc.eventReceiver",
        Member = account.Email.Apply(email => $"serviceAccount:{email}"),
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            invoking,
        },
    });

    var artifactregistry_reader = new Gcp.Projects.IAMMember("artifactregistry-reader", new()
    {
        Project = "my-project-name",
        Role = "roles/artifactregistry.reader",
        Member = account.Email.Apply(email => $"serviceAccount:{email}"),
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            event_receiving,
        },
    });

    var function = new Gcp.CloudFunctionsV2.Function("function", new()
    {
        Location = "us-central1",
        Description = "a new function",
        BuildConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigArgs
        {
            Runtime = "nodejs12",
            EntryPoint = "entryPoint",
            EnvironmentVariables = 
            {
                { "BUILD_CONFIG_TEST", "build_test" },
            },
            Source = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceArgs
            {
                StorageSource = new Gcp.CloudFunctionsV2.Inputs.FunctionBuildConfigSourceStorageSourceArgs
                {
                    Bucket = source_bucket.Name,
                    Object = @object.Name,
                },
            },
        },
        ServiceConfig = new Gcp.CloudFunctionsV2.Inputs.FunctionServiceConfigArgs
        {
            MaxInstanceCount = 3,
            MinInstanceCount = 1,
            AvailableMemory = "256M",
            TimeoutSeconds = 60,
            EnvironmentVariables = 
            {
                { "SERVICE_CONFIG_TEST", "config_test" },
            },
            IngressSettings = "ALLOW_INTERNAL_ONLY",
            AllTrafficOnLatestRevision = true,
            ServiceAccountEmail = account.Email,
        },
        EventTrigger = new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerArgs
        {
            TriggerRegion = "us-central1",
            EventType = "google.cloud.audit.log.v1.written",
            RetryPolicy = "RETRY_POLICY_RETRY",
            ServiceAccountEmail = account.Email,
            EventFilters = new[]
            {
                new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
                {
                    Attribute = "serviceName",
                    Value = "storage.googleapis.com",
                },
                new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
                {
                    Attribute = "methodName",
                    Value = "storage.objects.create",
                },
                new Gcp.CloudFunctionsV2.Inputs.FunctionEventTriggerEventFilterArgs
                {
                    Attribute = "resourceName",
                    Value = audit_log_bucket.Name.Apply(name => $"/projects/_/buckets/{name}/objects/*.txt"),
                    Operator = "match-path-pattern",
                },
            },
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            event_receiving,
            artifactregistry_reader,
        },
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/cloudfunctionsv2"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/projects"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/serviceAccount"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.NewBucket(ctx, "source-bucket", &storage.BucketArgs{
			Location:                 pulumi.String("US"),
			UniformBucketLevelAccess: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		object, err := storage.NewBucketObject(ctx, "object", &storage.BucketObjectArgs{
			Bucket: source_bucket.Name,
			Source: pulumi.NewFileAsset("function-source.zip"),
		})
		if err != nil {
			return err
		}
		account, err := serviceAccount.NewAccount(ctx, "account", &serviceAccount.AccountArgs{
			AccountId:   pulumi.String("gcf-sa"),
			DisplayName: pulumi.String("Test Service Account - used for both the cloud function and eventarc trigger in the test"),
		})
		if err != nil {
			return err
		}
		_, err = storage.NewBucket(ctx, "audit-log-bucket", &storage.BucketArgs{
			Location:                 pulumi.String("us-central1"),
			UniformBucketLevelAccess: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		invoking, err := projects.NewIAMMember(ctx, "invoking", &projects.IAMMemberArgs{
			Project: pulumi.String("my-project-name"),
			Role:    pulumi.String("roles/run.invoker"),
			Member: account.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("serviceAccount:%v", email), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		_, err = projects.NewIAMMember(ctx, "event-receiving", &projects.IAMMemberArgs{
			Project: pulumi.String("my-project-name"),
			Role:    pulumi.String("roles/eventarc.eventReceiver"),
			Member: account.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("serviceAccount:%v", email), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			invoking,
		}))
		if err != nil {
			return err
		}
		_, err = projects.NewIAMMember(ctx, "artifactregistry-reader", &projects.IAMMemberArgs{
			Project: pulumi.String("my-project-name"),
			Role:    pulumi.String("roles/artifactregistry.reader"),
			Member: account.Email.ApplyT(func(email string) (string, error) {
				return fmt.Sprintf("serviceAccount:%v", email), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			event_receiving,
		}))
		if err != nil {
			return err
		}
		_, err = cloudfunctionsv2.NewFunction(ctx, "function", &cloudfunctionsv2.FunctionArgs{
			Location:    pulumi.String("us-central1"),
			Description: pulumi.String("a new function"),
			BuildConfig: &cloudfunctionsv2.FunctionBuildConfigArgs{
				Runtime:    pulumi.String("nodejs12"),
				EntryPoint: pulumi.String("entryPoint"),
				EnvironmentVariables: pulumi.StringMap{
					"BUILD_CONFIG_TEST": pulumi.String("build_test"),
				},
				Source: &cloudfunctionsv2.FunctionBuildConfigSourceArgs{
					StorageSource: &cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs{
						Bucket: source_bucket.Name,
						Object: object.Name,
					},
				},
			},
			ServiceConfig: &cloudfunctionsv2.FunctionServiceConfigArgs{
				MaxInstanceCount: pulumi.Int(3),
				MinInstanceCount: pulumi.Int(1),
				AvailableMemory:  pulumi.String("256M"),
				TimeoutSeconds:   pulumi.Int(60),
				EnvironmentVariables: pulumi.StringMap{
					"SERVICE_CONFIG_TEST": pulumi.String("config_test"),
				},
				IngressSettings:            pulumi.String("ALLOW_INTERNAL_ONLY"),
				AllTrafficOnLatestRevision: pulumi.Bool(true),
				ServiceAccountEmail:        account.Email,
			},
			EventTrigger: &cloudfunctionsv2.FunctionEventTriggerArgs{
				TriggerRegion:       pulumi.String("us-central1"),
				EventType:           pulumi.String("google.cloud.audit.log.v1.written"),
				RetryPolicy:         pulumi.String("RETRY_POLICY_RETRY"),
				ServiceAccountEmail: account.Email,
				EventFilters: cloudfunctionsv2.FunctionEventTriggerEventFilterArray{
					&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
						Attribute: pulumi.String("serviceName"),
						Value:     pulumi.String("storage.googleapis.com"),
					},
					&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
						Attribute: pulumi.String("methodName"),
						Value:     pulumi.String("storage.objects.create"),
					},
					&cloudfunctionsv2.FunctionEventTriggerEventFilterArgs{
						Attribute: pulumi.String("resourceName"),
						Value: audit_log_bucket.Name.ApplyT(func(name string) (string, error) {
							return fmt.Sprintf("/projects/_/buckets/%v/objects/*.txt", name), nil
						}).(pulumi.StringOutput),
						Operator: pulumi.String("match-path-pattern"),
					},
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			event_receiving,
			artifactregistry_reader,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.projects.IAMMember;
import com.pulumi.gcp.projects.IAMMemberArgs;
import com.pulumi.gcp.cloudfunctionsv2.Function;
import com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;
import com.pulumi.resources.CustomResourceOptions;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var source_bucket = new Bucket("source-bucket", BucketArgs.builder()        
            .location("US")
            .uniformBucketLevelAccess(true)
            .build());

        var object = new BucketObject("object", BucketObjectArgs.builder()        
            .bucket(source_bucket.name())
            .source(new FileAsset("function-source.zip"))
            .build());

        var account = new Account("account", AccountArgs.builder()        
            .accountId("gcf-sa")
            .displayName("Test Service Account - used for both the cloud function and eventarc trigger in the test")
            .build());

        var audit_log_bucket = new Bucket("audit-log-bucket", BucketArgs.builder()        
            .location("us-central1")
            .uniformBucketLevelAccess(true)
            .build());

        var invoking = new IAMMember("invoking", IAMMemberArgs.builder()        
            .project("my-project-name")
            .role("roles/run.invoker")
            .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
            .build());

        var event_receiving = new IAMMember("event-receiving", IAMMemberArgs.builder()        
            .project("my-project-name")
            .role("roles/eventarc.eventReceiver")
            .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
            .build(), CustomResourceOptions.builder()
                .dependsOn(invoking)
                .build());

        var artifactregistry_reader = new IAMMember("artifactregistry-reader", IAMMemberArgs.builder()        
            .project("my-project-name")
            .role("roles/artifactregistry.reader")
            .member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
            .build(), CustomResourceOptions.builder()
                .dependsOn(event_receiving)
                .build());

        var function = new Function("function", FunctionArgs.builder()        
            .location("us-central1")
            .description("a new function")
            .buildConfig(FunctionBuildConfigArgs.builder()
                .runtime("nodejs12")
                .entryPoint("entryPoint")
                .environmentVariables(Map.of("BUILD_CONFIG_TEST", "build_test"))
                .source(FunctionBuildConfigSourceArgs.builder()
                    .storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()
                        .bucket(source_bucket.name())
                        .object(object.name())
                        .build())
                    .build())
                .build())
            .serviceConfig(FunctionServiceConfigArgs.builder()
                .maxInstanceCount(3)
                .minInstanceCount(1)
                .availableMemory("256M")
                .timeoutSeconds(60)
                .environmentVariables(Map.of("SERVICE_CONFIG_TEST", "config_test"))
                .ingressSettings("ALLOW_INTERNAL_ONLY")
                .allTrafficOnLatestRevision(true)
                .serviceAccountEmail(account.email())
                .build())
            .eventTrigger(FunctionEventTriggerArgs.builder()
                .triggerRegion("us-central1")
                .eventType("google.cloud.audit.log.v1.written")
                .retryPolicy("RETRY_POLICY_RETRY")
                .serviceAccountEmail(account.email())
                .eventFilters(                
                    FunctionEventTriggerEventFilterArgs.builder()
                        .attribute("serviceName")
                        .value("storage.googleapis.com")
                        .build(),
                    FunctionEventTriggerEventFilterArgs.builder()
                        .attribute("methodName")
                        .value("storage.objects.create")
                        .build(),
                    FunctionEventTriggerEventFilterArgs.builder()
                        .attribute("resourceName")
                        .value(audit_log_bucket.name().applyValue(name -> String.format("/projects/_/buckets/%s/objects/*.txt", name)))
                        .operator("match-path-pattern")
                        .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(                
                    event_receiving,
                    artifactregistry_reader)
                .build());

    }
}
import pulumi
import pulumi_gcp as gcp

# [START functions_v2_basic_auditlogs]
# This example follows the examples shown in this Google Cloud Community blog post
# https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
# and the docs:
# https://cloud.google.com/eventarc/docs/path-patterns
source_bucket = gcp.storage.Bucket("source-bucket",
    location="US",
    uniform_bucket_level_access=True)
object = gcp.storage.BucketObject("object",
    bucket=source_bucket.name,
    source=pulumi.FileAsset("function-source.zip"))
# Add path to the zipped function source code
account = gcp.service_account.Account("account",
    account_id="gcf-sa",
    display_name="Test Service Account - used for both the cloud function and eventarc trigger in the test")
# Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
# Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
# google_cloudfunctions2_function below (Audit Log events have path pattern support)
audit_log_bucket = gcp.storage.Bucket("audit-log-bucket",
    location="us-central1",
    uniform_bucket_level_access=True)
# Permissions on the service account used by the function and Eventarc trigger
invoking = gcp.projects.IAMMember("invoking",
    project="my-project-name",
    role="roles/run.invoker",
    member=account.email.apply(lambda email: f"serviceAccount:{email}"))
event_receiving = gcp.projects.IAMMember("event-receiving",
    project="my-project-name",
    role="roles/eventarc.eventReceiver",
    member=account.email.apply(lambda email: f"serviceAccount:{email}"),
    opts=pulumi.ResourceOptions(depends_on=[invoking]))
artifactregistry_reader = gcp.projects.IAMMember("artifactregistry-reader",
    project="my-project-name",
    role="roles/artifactregistry.reader",
    member=account.email.apply(lambda email: f"serviceAccount:{email}"),
    opts=pulumi.ResourceOptions(depends_on=[event_receiving]))
function = gcp.cloudfunctionsv2.Function("function",
    location="us-central1",
    description="a new function",
    build_config=gcp.cloudfunctionsv2.FunctionBuildConfigArgs(
        runtime="nodejs12",
        entry_point="entryPoint",
        environment_variables={
            "BUILD_CONFIG_TEST": "build_test",
        },
        source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceArgs(
            storage_source=gcp.cloudfunctionsv2.FunctionBuildConfigSourceStorageSourceArgs(
                bucket=source_bucket.name,
                object=object.name,
            ),
        ),
    ),
    service_config=gcp.cloudfunctionsv2.FunctionServiceConfigArgs(
        max_instance_count=3,
        min_instance_count=1,
        available_memory="256M",
        timeout_seconds=60,
        environment_variables={
            "SERVICE_CONFIG_TEST": "config_test",
        },
        ingress_settings="ALLOW_INTERNAL_ONLY",
        all_traffic_on_latest_revision=True,
        service_account_email=account.email,
    ),
    event_trigger=gcp.cloudfunctionsv2.FunctionEventTriggerArgs(
        trigger_region="us-central1",
        event_type="google.cloud.audit.log.v1.written",
        retry_policy="RETRY_POLICY_RETRY",
        service_account_email=account.email,
        event_filters=[
            gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
                attribute="serviceName",
                value="storage.googleapis.com",
            ),
            gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
                attribute="methodName",
                value="storage.objects.create",
            ),
            gcp.cloudfunctionsv2.FunctionEventTriggerEventFilterArgs(
                attribute="resourceName",
                value=audit_log_bucket.name.apply(lambda name: f"/projects/_/buckets/{name}/objects/*.txt"),
                operator="match-path-pattern",
            ),
        ],
    ),
    opts=pulumi.ResourceOptions(depends_on=[
            event_receiving,
            artifactregistry_reader,
        ]))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// [START functions_v2_basic_auditlogs]
// This example follows the examples shown in this Google Cloud Community blog post
// https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
// and the docs:
// https://cloud.google.com/eventarc/docs/path-patterns
const source_bucket = new gcp.storage.Bucket("source-bucket", {
    location: "US",
    uniformBucketLevelAccess: true,
});
const object = new gcp.storage.BucketObject("object", {
    bucket: source_bucket.name,
    source: new pulumi.asset.FileAsset("function-source.zip"),
});
// Add path to the zipped function source code
const account = new gcp.serviceaccount.Account("account", {
    accountId: "gcf-sa",
    displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test",
});
// Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
// Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
// google_cloudfunctions2_function below (Audit Log events have path pattern support)
const audit_log_bucket = new gcp.storage.Bucket("audit-log-bucket", {
    location: "us-central1",
    uniformBucketLevelAccess: true,
});
// Permissions on the service account used by the function and Eventarc trigger
const invoking = new gcp.projects.IAMMember("invoking", {
    project: "my-project-name",
    role: "roles/run.invoker",
    member: pulumi.interpolate`serviceAccount:${account.email}`,
});
const event_receiving = new gcp.projects.IAMMember("event-receiving", {
    project: "my-project-name",
    role: "roles/eventarc.eventReceiver",
    member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
    dependsOn: [invoking],
});
const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", {
    project: "my-project-name",
    role: "roles/artifactregistry.reader",
    member: pulumi.interpolate`serviceAccount:${account.email}`,
}, {
    dependsOn: [event_receiving],
});
const _function = new gcp.cloudfunctionsv2.Function("function", {
    location: "us-central1",
    description: "a new function",
    buildConfig: {
        runtime: "nodejs12",
        entryPoint: "entryPoint",
        environmentVariables: {
            BUILD_CONFIG_TEST: "build_test",
        },
        source: {
            storageSource: {
                bucket: source_bucket.name,
                object: object.name,
            },
        },
    },
    serviceConfig: {
        maxInstanceCount: 3,
        minInstanceCount: 1,
        availableMemory: "256M",
        timeoutSeconds: 60,
        environmentVariables: {
            SERVICE_CONFIG_TEST: "config_test",
        },
        ingressSettings: "ALLOW_INTERNAL_ONLY",
        allTrafficOnLatestRevision: true,
        serviceAccountEmail: account.email,
    },
    eventTrigger: {
        triggerRegion: "us-central1",
        eventType: "google.cloud.audit.log.v1.written",
        retryPolicy: "RETRY_POLICY_RETRY",
        serviceAccountEmail: account.email,
        eventFilters: [
            {
                attribute: "serviceName",
                value: "storage.googleapis.com",
            },
            {
                attribute: "methodName",
                value: "storage.objects.create",
            },
            {
                attribute: "resourceName",
                value: pulumi.interpolate`/projects/_/buckets/${audit_log_bucket.name}/objects/*.txt`,
                operator: "match-path-pattern",
            },
        ],
    },
}, {
    dependsOn: [
        event_receiving,
        artifactregistry_reader,
    ],
});
resources:
  # [START functions_v2_basic_auditlogs]
  # This example follows the examples shown in this Google Cloud Community blog post
  # https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
  # and the docs:
  # https://cloud.google.com/eventarc/docs/path-patterns
  source-bucket:
    type: gcp:storage:Bucket
    properties:
      location: US
      uniformBucketLevelAccess: true
  object:
    type: gcp:storage:BucketObject
    properties:
      bucket: ${["source-bucket"].name}
      source:
        fn::FileAsset: function-source.zip
  account:
    type: gcp:serviceAccount:Account
    properties:
      accountId: gcf-sa
      displayName: Test Service Account - used for both the cloud function and eventarc trigger in the test
  # Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
  # Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
  # google_cloudfunctions2_function below (Audit Log events have path pattern support)
  audit-log-bucket:
    type: gcp:storage:Bucket
    properties:
      location: us-central1
      # The trigger must be in the same location as the bucket
      uniformBucketLevelAccess: true
  # Permissions on the service account used by the function and Eventarc trigger
  invoking:
    type: gcp:projects:IAMMember
    properties:
      project: my-project-name
      role: roles/run.invoker
      member: serviceAccount:${account.email}
  event-receiving:
    type: gcp:projects:IAMMember
    properties:
      project: my-project-name
      role: roles/eventarc.eventReceiver
      member: serviceAccount:${account.email}
    options:
      dependson:
        - ${invoking}
  artifactregistry-reader:
    type: gcp:projects:IAMMember
    properties:
      project: my-project-name
      role: roles/artifactregistry.reader
      member: serviceAccount:${account.email}
    options:
      dependson:
        - ${["event-receiving"]}
  function:
    type: gcp:cloudfunctionsv2:Function
    properties:
      location: us-central1
      description: a new function
      buildConfig:
        runtime: nodejs12
        entryPoint: entryPoint
        environmentVariables:
          BUILD_CONFIG_TEST: build_test
        source:
          storageSource:
            bucket: ${["source-bucket"].name}
            object: ${object.name}
      serviceConfig:
        maxInstanceCount: 3
        minInstanceCount: 1
        availableMemory: 256M
        timeoutSeconds: 60
        environmentVariables:
          SERVICE_CONFIG_TEST: config_test
        ingressSettings: ALLOW_INTERNAL_ONLY
        allTrafficOnLatestRevision: true
        serviceAccountEmail: ${account.email}
      eventTrigger:
        triggerRegion: us-central1
        eventType: google.cloud.audit.log.v1.written
        retryPolicy: RETRY_POLICY_RETRY
        serviceAccountEmail: ${account.email}
        eventFilters:
          - attribute: serviceName
            value: storage.googleapis.com
          - attribute: methodName
            value: storage.objects.create
          - attribute: resourceName
            value: /projects/_/buckets/${["audit-log-bucket"].name}/objects/*.txt
            operator: match-path-pattern
    options:
      dependson:
        - ${["event-receiving"]}
        - ${["artifactregistry-reader"]}

Create Function Resource

new Function(name: string, args?: FunctionArgs, opts?: CustomResourceOptions);
@overload
def Function(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             build_config: Optional[FunctionBuildConfigArgs] = None,
             description: Optional[str] = None,
             event_trigger: Optional[FunctionEventTriggerArgs] = None,
             labels: Optional[Mapping[str, str]] = None,
             location: Optional[str] = None,
             name: Optional[str] = None,
             project: Optional[str] = None,
             service_config: Optional[FunctionServiceConfigArgs] = None)
@overload
def Function(resource_name: str,
             args: Optional[FunctionArgs] = None,
             opts: Optional[ResourceOptions] = None)
func NewFunction(ctx *Context, name string, args *FunctionArgs, opts ...ResourceOption) (*Function, error)
public Function(string name, FunctionArgs? args = null, CustomResourceOptions? opts = null)
public Function(String name, FunctionArgs args)
public Function(String name, FunctionArgs args, CustomResourceOptions options)
type: gcp:cloudfunctionsv2:Function
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FunctionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Function Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Function resource accepts the following input properties:

BuildConfig FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

Description string

User-provided description of a function.

EventTrigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

Labels Dictionary<string, string>

A set of key/value label pairs associated with this Cloud Function.

Location string

The location of this cloud function.

Name string

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ServiceConfig FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

BuildConfig FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

Description string

User-provided description of a function.

EventTrigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

Labels map[string]string

A set of key/value label pairs associated with this Cloud Function.

Location string

The location of this cloud function.

Name string

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ServiceConfig FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

buildConfig FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

description String

User-provided description of a function.

eventTrigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

labels Map<String,String>

A set of key/value label pairs associated with this Cloud Function.

location String

The location of this cloud function.

name String

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

serviceConfig FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

buildConfig FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

description string

User-provided description of a function.

eventTrigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

labels {[key: string]: string}

A set of key/value label pairs associated with this Cloud Function.

location string

The location of this cloud function.

name string

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

serviceConfig FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

build_config FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

description str

User-provided description of a function.

event_trigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

labels Mapping[str, str]

A set of key/value label pairs associated with this Cloud Function.

location str

The location of this cloud function.

name str

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

service_config FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

buildConfig Property Map

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

description String

User-provided description of a function.

eventTrigger Property Map

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

labels Map<String>

A set of key/value label pairs associated with this Cloud Function.

location String

The location of this cloud function.

name String

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

serviceConfig Property Map

Describes the Service being deployed. Structure is documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:

Environment string

The environment the function is hosted on.

Id string

The provider-assigned unique ID for this managed resource.

State string

Describes the current state of the function.

UpdateTime string

The last update timestamp of a Cloud Function.

Environment string

The environment the function is hosted on.

Id string

The provider-assigned unique ID for this managed resource.

State string

Describes the current state of the function.

UpdateTime string

The last update timestamp of a Cloud Function.

environment String

The environment the function is hosted on.

id String

The provider-assigned unique ID for this managed resource.

state String

Describes the current state of the function.

updateTime String

The last update timestamp of a Cloud Function.

environment string

The environment the function is hosted on.

id string

The provider-assigned unique ID for this managed resource.

state string

Describes the current state of the function.

updateTime string

The last update timestamp of a Cloud Function.

environment str

The environment the function is hosted on.

id str

The provider-assigned unique ID for this managed resource.

state str

Describes the current state of the function.

update_time str

The last update timestamp of a Cloud Function.

environment String

The environment the function is hosted on.

id String

The provider-assigned unique ID for this managed resource.

state String

Describes the current state of the function.

updateTime String

The last update timestamp of a Cloud Function.

Look up Existing Function Resource

Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        build_config: Optional[FunctionBuildConfigArgs] = None,
        description: Optional[str] = None,
        environment: Optional[str] = None,
        event_trigger: Optional[FunctionEventTriggerArgs] = None,
        labels: Optional[Mapping[str, str]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        service_config: Optional[FunctionServiceConfigArgs] = None,
        state: Optional[str] = None,
        update_time: Optional[str] = None) -> Function
func GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)
public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)
public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
BuildConfig FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

Description string

User-provided description of a function.

Environment string

The environment the function is hosted on.

EventTrigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

Labels Dictionary<string, string>

A set of key/value label pairs associated with this Cloud Function.

Location string

The location of this cloud function.

Name string

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ServiceConfig FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

State string

Describes the current state of the function.

UpdateTime string

The last update timestamp of a Cloud Function.

BuildConfig FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

Description string

User-provided description of a function.

Environment string

The environment the function is hosted on.

EventTrigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

Labels map[string]string

A set of key/value label pairs associated with this Cloud Function.

Location string

The location of this cloud function.

Name string

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

ServiceConfig FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

State string

Describes the current state of the function.

UpdateTime string

The last update timestamp of a Cloud Function.

buildConfig FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

description String

User-provided description of a function.

environment String

The environment the function is hosted on.

eventTrigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

labels Map<String,String>

A set of key/value label pairs associated with this Cloud Function.

location String

The location of this cloud function.

name String

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

serviceConfig FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

state String

Describes the current state of the function.

updateTime String

The last update timestamp of a Cloud Function.

buildConfig FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

description string

User-provided description of a function.

environment string

The environment the function is hosted on.

eventTrigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

labels {[key: string]: string}

A set of key/value label pairs associated with this Cloud Function.

location string

The location of this cloud function.

name string

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

serviceConfig FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

state string

Describes the current state of the function.

updateTime string

The last update timestamp of a Cloud Function.

build_config FunctionBuildConfigArgs

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

description str

User-provided description of a function.

environment str

The environment the function is hosted on.

event_trigger FunctionEventTriggerArgs

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

labels Mapping[str, str]

A set of key/value label pairs associated with this Cloud Function.

location str

The location of this cloud function.

name str

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

service_config FunctionServiceConfigArgs

Describes the Service being deployed. Structure is documented below.

state str

Describes the current state of the function.

update_time str

The last update timestamp of a Cloud Function.

buildConfig Property Map

Describes the Build step of the function that builds a container from the given source. Structure is documented below.

description String

User-provided description of a function.

environment String

The environment the function is hosted on.

eventTrigger Property Map

An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.

labels Map<String>

A set of key/value label pairs associated with this Cloud Function.

location String

The location of this cloud function.

name String

A user-defined name of the function. Function names must be unique globally and match pattern projects/*/locations/*/functions/*.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

serviceConfig Property Map

Describes the Service being deployed. Structure is documented below.

state String

Describes the current state of the function.

updateTime String

The last update timestamp of a Cloud Function.

Supporting Types

FunctionBuildConfig

Build string

The Cloud Build name of the latest successful deployment of the function.

DockerRepository string

User managed repository created in Artifact Registry optionally with a customer managed encryption key.

EntryPoint string

The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

EnvironmentVariables Dictionary<string, string>

Environment variables that shall be available during function execution.

Runtime string

The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

Source FunctionBuildConfigSource

The location of the function source code. Structure is documented below.

WorkerPool string

Name of the Cloud Build Custom Worker Pool that should be used to build the function.

Build string

The Cloud Build name of the latest successful deployment of the function.

DockerRepository string

User managed repository created in Artifact Registry optionally with a customer managed encryption key.

EntryPoint string

The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

EnvironmentVariables map[string]string

Environment variables that shall be available during function execution.

Runtime string

The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

Source FunctionBuildConfigSource

The location of the function source code. Structure is documented below.

WorkerPool string

Name of the Cloud Build Custom Worker Pool that should be used to build the function.

build String

The Cloud Build name of the latest successful deployment of the function.

dockerRepository String

User managed repository created in Artifact Registry optionally with a customer managed encryption key.

entryPoint String

The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

environmentVariables Map<String,String>

Environment variables that shall be available during function execution.

runtime String

The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

source FunctionBuildConfigSource

The location of the function source code. Structure is documented below.

workerPool String

Name of the Cloud Build Custom Worker Pool that should be used to build the function.

build string

The Cloud Build name of the latest successful deployment of the function.

dockerRepository string

User managed repository created in Artifact Registry optionally with a customer managed encryption key.

entryPoint string

The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

environmentVariables {[key: string]: string}

Environment variables that shall be available during function execution.

runtime string

The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

source FunctionBuildConfigSource

The location of the function source code. Structure is documented below.

workerPool string

Name of the Cloud Build Custom Worker Pool that should be used to build the function.

build str

The Cloud Build name of the latest successful deployment of the function.

docker_repository str

User managed repository created in Artifact Registry optionally with a customer managed encryption key.

entry_point str

The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

environment_variables Mapping[str, str]

Environment variables that shall be available during function execution.

runtime str

The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

source FunctionBuildConfigSource

The location of the function source code. Structure is documented below.

worker_pool str

Name of the Cloud Build Custom Worker Pool that should be used to build the function.

build String

The Cloud Build name of the latest successful deployment of the function.

dockerRepository String

User managed repository created in Artifact Registry optionally with a customer managed encryption key.

entryPoint String

The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in source_location.

environmentVariables Map<String>

Environment variables that shall be available during function execution.

runtime String

The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function.

source Property Map

The location of the function source code. Structure is documented below.

workerPool String

Name of the Cloud Build Custom Worker Pool that should be used to build the function.

FunctionBuildConfigSource

RepoSource FunctionBuildConfigSourceRepoSource

If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

StorageSource FunctionBuildConfigSourceStorageSource

If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

RepoSource FunctionBuildConfigSourceRepoSource

If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

StorageSource FunctionBuildConfigSourceStorageSource

If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

repoSource FunctionBuildConfigSourceRepoSource

If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

storageSource FunctionBuildConfigSourceStorageSource

If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

repoSource FunctionBuildConfigSourceRepoSource

If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

storageSource FunctionBuildConfigSourceStorageSource

If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

repo_source FunctionBuildConfigSourceRepoSource

If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

storage_source FunctionBuildConfigSourceStorageSource

If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

repoSource Property Map

If provided, get the source from this location in a Cloud Source Repository. Structure is documented below.

storageSource Property Map

If provided, get the source from this location in Google Cloud Storage. Structure is documented below.

FunctionBuildConfigSourceRepoSource

BranchName string

Regex matching branches to build.

CommitSha string

Regex matching tags to build.

Dir string

Directory, relative to the source root, in which to run the build.

InvertRegex bool

Only trigger a build if the revision regex does NOT match the revision regex.

ProjectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

RepoName string

Name of the Cloud Source Repository.

TagName string

Regex matching tags to build.

BranchName string

Regex matching branches to build.

CommitSha string

Regex matching tags to build.

Dir string

Directory, relative to the source root, in which to run the build.

InvertRegex bool

Only trigger a build if the revision regex does NOT match the revision regex.

ProjectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

RepoName string

Name of the Cloud Source Repository.

TagName string

Regex matching tags to build.

branchName String

Regex matching branches to build.

commitSha String

Regex matching tags to build.

dir String

Directory, relative to the source root, in which to run the build.

invertRegex Boolean

Only trigger a build if the revision regex does NOT match the revision regex.

projectId String

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

repoName String

Name of the Cloud Source Repository.

tagName String

Regex matching tags to build.

branchName string

Regex matching branches to build.

commitSha string

Regex matching tags to build.

dir string

Directory, relative to the source root, in which to run the build.

invertRegex boolean

Only trigger a build if the revision regex does NOT match the revision regex.

projectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

repoName string

Name of the Cloud Source Repository.

tagName string

Regex matching tags to build.

branch_name str

Regex matching branches to build.

commit_sha str

Regex matching tags to build.

dir str

Directory, relative to the source root, in which to run the build.

invert_regex bool

Only trigger a build if the revision regex does NOT match the revision regex.

project_id str

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

repo_name str

Name of the Cloud Source Repository.

tag_name str

Regex matching tags to build.

branchName String

Regex matching branches to build.

commitSha String

Regex matching tags to build.

dir String

Directory, relative to the source root, in which to run the build.

invertRegex Boolean

Only trigger a build if the revision regex does NOT match the revision regex.

projectId String

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

repoName String

Name of the Cloud Source Repository.

tagName String

Regex matching tags to build.

FunctionBuildConfigSourceStorageSource

Bucket string

Google Cloud Storage bucket containing the source

Generation int

Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

Object string

Google Cloud Storage object containing the source.

Bucket string

Google Cloud Storage bucket containing the source

Generation int

Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

Object string

Google Cloud Storage object containing the source.

bucket String

Google Cloud Storage bucket containing the source

generation Integer

Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

object String

Google Cloud Storage object containing the source.

bucket string

Google Cloud Storage bucket containing the source

generation number

Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

object string

Google Cloud Storage object containing the source.

bucket str

Google Cloud Storage bucket containing the source

generation int

Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

object str

Google Cloud Storage object containing the source.

bucket String

Google Cloud Storage bucket containing the source

generation Number

Google Cloud Storage generation for the object. If the generation is omitted, the latest generation will be used.

object String

Google Cloud Storage object containing the source.

FunctionEventTrigger

EventFilters List<FunctionEventTriggerEventFilter>

Criteria used to filter events. Structure is documented below.

EventType string

Required. The type of event to observe.

PubsubTopic string

The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

RetryPolicy string

Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, and RETRY_POLICY_RETRY.

ServiceAccountEmail string

The email of the service account for this function.

Trigger string

Output only. The resource name of the Eventarc trigger.

TriggerRegion string

The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

EventFilters []FunctionEventTriggerEventFilter

Criteria used to filter events. Structure is documented below.

EventType string

Required. The type of event to observe.

PubsubTopic string

The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

RetryPolicy string

Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, and RETRY_POLICY_RETRY.

ServiceAccountEmail string

The email of the service account for this function.

Trigger string

Output only. The resource name of the Eventarc trigger.

TriggerRegion string

The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

eventFilters List<FunctionEventTriggerEventFilter>

Criteria used to filter events. Structure is documented below.

eventType String

Required. The type of event to observe.

pubsubTopic String

The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

retryPolicy String

Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, and RETRY_POLICY_RETRY.

serviceAccountEmail String

The email of the service account for this function.

trigger String

Output only. The resource name of the Eventarc trigger.

triggerRegion String

The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

eventFilters FunctionEventTriggerEventFilter[]

Criteria used to filter events. Structure is documented below.

eventType string

Required. The type of event to observe.

pubsubTopic string

The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

retryPolicy string

Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, and RETRY_POLICY_RETRY.

serviceAccountEmail string

The email of the service account for this function.

trigger string

Output only. The resource name of the Eventarc trigger.

triggerRegion string

The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

event_filters Sequence[FunctionEventTriggerEventFilter]

Criteria used to filter events. Structure is documented below.

event_type str

Required. The type of event to observe.

pubsub_topic str

The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

retry_policy str

Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, and RETRY_POLICY_RETRY.

service_account_email str

The email of the service account for this function.

trigger str

Output only. The resource name of the Eventarc trigger.

trigger_region str

The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

eventFilters List<Property Map>

Criteria used to filter events. Structure is documented below.

eventType String

Required. The type of event to observe.

pubsubTopic String

The name of a Pub/Sub topic in the same project that will be used as the transport topic for the event delivery.

retryPolicy String

Describes the retry policy in case of function's execution failure. Retried execution is charged as any other execution. Possible values are RETRY_POLICY_UNSPECIFIED, RETRY_POLICY_DO_NOT_RETRY, and RETRY_POLICY_RETRY.

serviceAccountEmail String

The email of the service account for this function.

trigger String

Output only. The resource name of the Eventarc trigger.

triggerRegion String

The region that the trigger will be in. The trigger will only receive events originating in this region. It can be the same region as the function, a different region or multi-region, or the global region. If not provided, defaults to the same region as the function.

FunctionEventTriggerEventFilter

Attribute string

'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

Value string

Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

Operator string

Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

Attribute string

'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

Value string

Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

Operator string

Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

attribute String

'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

value String

Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

operator String

Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

attribute string

'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

value string

Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

operator string

Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

attribute str

'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

value str

Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

operator str

Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

attribute String

'Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. Use the gcloud eventarc providers describe command to learn more about events and their attributes. Do not filter for the 'type' attribute here, as this is already achieved by the resource's event_type attribute.

value String

Required. The value for the attribute. If the operator field is set as match-path-pattern, this value can be a path pattern instead of an exact value.

operator String

Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is match-path-pattern. See documentation on path patterns here'

FunctionServiceConfig

AllTrafficOnLatestRevision bool

Whether 100% of traffic is routed to the latest revision. Defaults to true.

AvailableMemory string

The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

EnvironmentVariables Dictionary<string, string>

Environment variables that shall be available during function execution.

GcfUri string

URIs of the Service deployed

IngressSettings string

Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are ALLOW_ALL, ALLOW_INTERNAL_ONLY, and ALLOW_INTERNAL_AND_GCLB.

MaxInstanceCount int

The limit on the maximum number of function instances that may coexist at a given time.

MinInstanceCount int

The limit on the minimum number of function instances that may coexist at a given time.

SecretEnvironmentVariables List<FunctionServiceConfigSecretEnvironmentVariable>

Secret environment variables configuration. Structure is documented below.

SecretVolumes List<FunctionServiceConfigSecretVolume>

Secret volumes configuration. Structure is documented below.

Service string

Name of the service associated with a Function.

ServiceAccountEmail string

The email of the service account for this function.

TimeoutSeconds int

The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

Uri string

URI of the Service deployed.

VpcConnector string

The Serverless VPC Access connector that this cloud function can connect to.

VpcConnectorEgressSettings string

Available egress settings. Possible values are VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, and ALL_TRAFFIC.

AllTrafficOnLatestRevision bool

Whether 100% of traffic is routed to the latest revision. Defaults to true.

AvailableMemory string

The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

EnvironmentVariables map[string]string

Environment variables that shall be available during function execution.

GcfUri string

URIs of the Service deployed

IngressSettings string

Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are ALLOW_ALL, ALLOW_INTERNAL_ONLY, and ALLOW_INTERNAL_AND_GCLB.

MaxInstanceCount int

The limit on the maximum number of function instances that may coexist at a given time.

MinInstanceCount int

The limit on the minimum number of function instances that may coexist at a given time.

SecretEnvironmentVariables []FunctionServiceConfigSecretEnvironmentVariable

Secret environment variables configuration. Structure is documented below.

SecretVolumes []FunctionServiceConfigSecretVolume

Secret volumes configuration. Structure is documented below.

Service string

Name of the service associated with a Function.

ServiceAccountEmail string

The email of the service account for this function.

TimeoutSeconds int

The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

Uri string

URI of the Service deployed.

VpcConnector string

The Serverless VPC Access connector that this cloud function can connect to.

VpcConnectorEgressSettings string

Available egress settings. Possible values are VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, and ALL_TRAFFIC.

allTrafficOnLatestRevision Boolean

Whether 100% of traffic is routed to the latest revision. Defaults to true.

availableMemory String

The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

environmentVariables Map<String,String>

Environment variables that shall be available during function execution.

gcfUri String

URIs of the Service deployed

ingressSettings String

Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are ALLOW_ALL, ALLOW_INTERNAL_ONLY, and ALLOW_INTERNAL_AND_GCLB.

maxInstanceCount Integer

The limit on the maximum number of function instances that may coexist at a given time.

minInstanceCount Integer

The limit on the minimum number of function instances that may coexist at a given time.

secretEnvironmentVariables List<FunctionServiceConfigSecretEnvironmentVariable>

Secret environment variables configuration. Structure is documented below.

secretVolumes List<FunctionServiceConfigSecretVolume>

Secret volumes configuration. Structure is documented below.

service String

Name of the service associated with a Function.

serviceAccountEmail String

The email of the service account for this function.

timeoutSeconds Integer

The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

uri String

URI of the Service deployed.

vpcConnector String

The Serverless VPC Access connector that this cloud function can connect to.

vpcConnectorEgressSettings String

Available egress settings. Possible values are VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, and ALL_TRAFFIC.

allTrafficOnLatestRevision boolean

Whether 100% of traffic is routed to the latest revision. Defaults to true.

availableMemory string

The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

environmentVariables {[key: string]: string}

Environment variables that shall be available during function execution.

gcfUri string

URIs of the Service deployed

ingressSettings string

Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are ALLOW_ALL, ALLOW_INTERNAL_ONLY, and ALLOW_INTERNAL_AND_GCLB.

maxInstanceCount number

The limit on the maximum number of function instances that may coexist at a given time.

minInstanceCount number

The limit on the minimum number of function instances that may coexist at a given time.

secretEnvironmentVariables FunctionServiceConfigSecretEnvironmentVariable[]

Secret environment variables configuration. Structure is documented below.

secretVolumes FunctionServiceConfigSecretVolume[]

Secret volumes configuration. Structure is documented below.

service string

Name of the service associated with a Function.

serviceAccountEmail string

The email of the service account for this function.

timeoutSeconds number

The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

uri string

URI of the Service deployed.

vpcConnector string

The Serverless VPC Access connector that this cloud function can connect to.

vpcConnectorEgressSettings string

Available egress settings. Possible values are VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, and ALL_TRAFFIC.

all_traffic_on_latest_revision bool

Whether 100% of traffic is routed to the latest revision. Defaults to true.

available_memory str

The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

environment_variables Mapping[str, str]

Environment variables that shall be available during function execution.

gcf_uri str

URIs of the Service deployed

ingress_settings str

Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are ALLOW_ALL, ALLOW_INTERNAL_ONLY, and ALLOW_INTERNAL_AND_GCLB.

max_instance_count int

The limit on the maximum number of function instances that may coexist at a given time.

min_instance_count int

The limit on the minimum number of function instances that may coexist at a given time.

secret_environment_variables Sequence[FunctionServiceConfigSecretEnvironmentVariable]

Secret environment variables configuration. Structure is documented below.

secret_volumes Sequence[FunctionServiceConfigSecretVolume]

Secret volumes configuration. Structure is documented below.

service str

Name of the service associated with a Function.

service_account_email str

The email of the service account for this function.

timeout_seconds int

The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

uri str

URI of the Service deployed.

vpc_connector str

The Serverless VPC Access connector that this cloud function can connect to.

vpc_connector_egress_settings str

Available egress settings. Possible values are VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, and ALL_TRAFFIC.

allTrafficOnLatestRevision Boolean

Whether 100% of traffic is routed to the latest revision. Defaults to true.

availableMemory String

The amount of memory available for a function. Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is supplied the value is interpreted as bytes.

environmentVariables Map<String>

Environment variables that shall be available during function execution.

gcfUri String

URIs of the Service deployed

ingressSettings String

Available ingress settings. Defaults to "ALLOW_ALL" if unspecified. Default value is ALLOW_ALL. Possible values are ALLOW_ALL, ALLOW_INTERNAL_ONLY, and ALLOW_INTERNAL_AND_GCLB.

maxInstanceCount Number

The limit on the maximum number of function instances that may coexist at a given time.

minInstanceCount Number

The limit on the minimum number of function instances that may coexist at a given time.

secretEnvironmentVariables List<Property Map>

Secret environment variables configuration. Structure is documented below.

secretVolumes List<Property Map>

Secret volumes configuration. Structure is documented below.

service String

Name of the service associated with a Function.

serviceAccountEmail String

The email of the service account for this function.

timeoutSeconds Number

The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

uri String

URI of the Service deployed.

vpcConnector String

The Serverless VPC Access connector that this cloud function can connect to.

vpcConnectorEgressSettings String

Available egress settings. Possible values are VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, and ALL_TRAFFIC.

FunctionServiceConfigSecretEnvironmentVariable

Key string

Name of the environment variable.

ProjectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

Secret string

Name of the secret in secret manager (not the full resource name).

Version string

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

Key string

Name of the environment variable.

ProjectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

Secret string

Name of the secret in secret manager (not the full resource name).

Version string

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

key String

Name of the environment variable.

projectId String

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

secret String

Name of the secret in secret manager (not the full resource name).

version String

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

key string

Name of the environment variable.

projectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

secret string

Name of the secret in secret manager (not the full resource name).

version string

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

key str

Name of the environment variable.

project_id str

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

secret str

Name of the secret in secret manager (not the full resource name).

version str

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

key String

Name of the environment variable.

projectId String

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

secret String

Name of the secret in secret manager (not the full resource name).

version String

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

FunctionServiceConfigSecretVolume

MountPath string

The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

ProjectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

Secret string

Name of the secret in secret manager (not the full resource name).

Versions List<FunctionServiceConfigSecretVolumeVersion>

List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

MountPath string

The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

ProjectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

Secret string

Name of the secret in secret manager (not the full resource name).

Versions []FunctionServiceConfigSecretVolumeVersion

List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

mountPath String

The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

projectId String

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

secret String

Name of the secret in secret manager (not the full resource name).

versions List<FunctionServiceConfigSecretVolumeVersion>

List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

mountPath string

The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

projectId string

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

secret string

Name of the secret in secret manager (not the full resource name).

versions FunctionServiceConfigSecretVolumeVersion[]

List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

mount_path str

The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

project_id str

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

secret str

Name of the secret in secret manager (not the full resource name).

versions Sequence[FunctionServiceConfigSecretVolumeVersion]

List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

mountPath String

The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets

projectId String

Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.

secret String

Name of the secret in secret manager (not the full resource name).

versions List<Property Map>

List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' Structure is documented below.

FunctionServiceConfigSecretVolumeVersion

Path string

Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

Version string

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

Path string

Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

Version string

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

path String

Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

version String

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

path string

Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

version string

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

path str

Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

version str

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

path String

Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.

version String

Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.

Import

function can be imported using any of these accepted formats

 $ pulumi import gcp:cloudfunctionsv2/function:Function default projects/{{project}}/locations/{{location}}/functions/{{name}}
 $ pulumi import gcp:cloudfunctionsv2/function:Function default {{project}}/{{location}}/{{name}}
 $ pulumi import gcp:cloudfunctionsv2/function:Function default {{location}}/{{name}}

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.