@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
1,109 lines (1,108 loc) • 38.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* A Cloud Function that contains user computation executed in response to an event.
*
* To get more information about function, see:
*
* * [API documentation](https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions)
*
* ## Example Usage
*
* ### Cloudfunctions2 Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "function-v2",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloHttp",
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* },
* serviceConfig: {
* maxInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* },
* });
* ```
* ### Cloudfunctions2 Full
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const account = new gcp.serviceaccount.Account("account", {
* accountId: "gcf-sa",
* displayName: "Test Service Account",
* });
* const topic = new gcp.pubsub.Topic("topic", {name: "functions2-topic"});
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "gcf-function",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloPubSub",
* environmentVariables: {
* BUILD_CONFIG_TEST: "build_test",
* },
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* },
* serviceConfig: {
* maxInstanceCount: 3,
* minInstanceCount: 1,
* availableMemory: "4Gi",
* timeoutSeconds: 60,
* maxInstanceRequestConcurrency: 80,
* availableCpu: "4",
* environmentVariables: {
* SERVICE_CONFIG_TEST: "config_test",
* SERVICE_CONFIG_DIFF_TEST: account.email,
* },
* ingressSettings: "ALLOW_INTERNAL_ONLY",
* allTrafficOnLatestRevision: true,
* serviceAccountEmail: account.email,
* },
* eventTrigger: {
* triggerRegion: "us-central1",
* eventType: "google.cloud.pubsub.topic.v1.messagePublished",
* pubsubTopic: topic.id,
* retryPolicy: "RETRY_POLICY_RETRY",
* },
* });
* ```
* ### Cloudfunctions2 Scheduler Auth
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const account = new gcp.serviceaccount.Account("account", {
* accountId: "gcf-sa",
* displayName: "Test Service Account",
* });
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "gcf-function",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloHttp",
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* },
* serviceConfig: {
* minInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* serviceAccountEmail: account.email,
* },
* });
* const invoker = new gcp.cloudfunctionsv2.FunctionIamMember("invoker", {
* project: _function.project,
* location: _function.location,
* cloudFunction: _function.name,
* role: "roles/cloudfunctions.invoker",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* });
* const cloudRunInvoker = new gcp.cloudrun.IamMember("cloud_run_invoker", {
* project: _function.project,
* location: _function.location,
* service: _function.name,
* role: "roles/run.invoker",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* });
* const invokeCloudFunction = new gcp.cloudscheduler.Job("invoke_cloud_function", {
* name: "invoke-gcf-function",
* description: "Schedule the HTTPS trigger for cloud function",
* schedule: "0 0 * * *",
* project: _function.project,
* region: _function.location,
* httpTarget: {
* uri: _function.serviceConfig.apply(serviceConfig => serviceConfig?.uri),
* httpMethod: "POST",
* oidcToken: {
* audience: _function.serviceConfig.apply(serviceConfig => `${serviceConfig?.uri}/`),
* serviceAccountEmail: account.email,
* },
* },
* });
* ```
* ### Cloudfunctions2 Basic Gcs
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const source_bucket = new gcp.storage.Bucket("source-bucket", {
* name: "gcf-source-bucket",
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: source_bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const trigger_bucket = new gcp.storage.Bucket("trigger-bucket", {
* name: "gcf-trigger-bucket",
* location: "us-central1",
* uniformBucketLevelAccess: true,
* });
* const gcsAccount = gcp.storage.getProjectServiceAccount({});
* // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
* // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
* const gcs_pubsub_publishing = new gcp.projects.IAMMember("gcs-pubsub-publishing", {
* project: "my-project-name",
* role: "roles/pubsub.publisher",
* member: gcsAccount.then(gcsAccount => `serviceAccount:${gcsAccount.emailAddress}`),
* });
* const account = new gcp.serviceaccount.Account("account", {
* accountId: "gcf-sa",
* displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test",
* });
* // Permissions on the service account used by the function and Eventarc trigger
* const invoking = new gcp.projects.IAMMember("invoking", {
* project: "my-project-name",
* role: "roles/run.invoker",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* }, {
* dependsOn: [gcs_pubsub_publishing],
* });
* const event_receiving = new gcp.projects.IAMMember("event-receiving", {
* project: "my-project-name",
* role: "roles/eventarc.eventReceiver",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* }, {
* dependsOn: [invoking],
* });
* const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", {
* project: "my-project-name",
* role: "roles/artifactregistry.reader",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* }, {
* dependsOn: [event_receiving],
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "gcf-function",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "entryPoint",
* environmentVariables: {
* BUILD_CONFIG_TEST: "build_test",
* },
* source: {
* storageSource: {
* bucket: source_bucket.name,
* object: object.name,
* },
* },
* },
* serviceConfig: {
* maxInstanceCount: 3,
* minInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* environmentVariables: {
* SERVICE_CONFIG_TEST: "config_test",
* },
* ingressSettings: "ALLOW_INTERNAL_ONLY",
* allTrafficOnLatestRevision: true,
* serviceAccountEmail: account.email,
* },
* eventTrigger: {
* eventType: "google.cloud.storage.object.v1.finalized",
* retryPolicy: "RETRY_POLICY_RETRY",
* serviceAccountEmail: account.email,
* eventFilters: [{
* attribute: "bucket",
* value: trigger_bucket.name,
* }],
* },
* }, {
* dependsOn: [
* event_receiving,
* artifactregistry_reader,
* ],
* });
* ```
* ### Cloudfunctions2 Basic Auditlogs
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* // This example follows the examples shown in this Google Cloud Community blog post
* // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34
* // and the docs:
* // https://cloud.google.com/eventarc/docs/path-patterns
* const source_bucket = new gcp.storage.Bucket("source-bucket", {
* name: "gcf-source-bucket",
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: source_bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const account = new gcp.serviceaccount.Account("account", {
* accountId: "gcf-sa",
* displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test",
* });
* // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger.
* // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of
* // google_cloudfunctions2_function below (Audit Log events have path pattern support)
* const audit_log_bucket = new gcp.storage.Bucket("audit-log-bucket", {
* name: "gcf-auditlog-bucket",
* location: "us-central1",
* uniformBucketLevelAccess: true,
* });
* // Permissions on the service account used by the function and Eventarc trigger
* const invoking = new gcp.projects.IAMMember("invoking", {
* project: "my-project-name",
* role: "roles/run.invoker",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* });
* const event_receiving = new gcp.projects.IAMMember("event-receiving", {
* project: "my-project-name",
* role: "roles/eventarc.eventReceiver",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* }, {
* dependsOn: [invoking],
* });
* const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", {
* project: "my-project-name",
* role: "roles/artifactregistry.reader",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* }, {
* dependsOn: [event_receiving],
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "gcf-function",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "entryPoint",
* environmentVariables: {
* BUILD_CONFIG_TEST: "build_test",
* },
* source: {
* storageSource: {
* bucket: source_bucket.name,
* object: object.name,
* },
* },
* },
* serviceConfig: {
* maxInstanceCount: 3,
* minInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* environmentVariables: {
* SERVICE_CONFIG_TEST: "config_test",
* },
* ingressSettings: "ALLOW_INTERNAL_ONLY",
* allTrafficOnLatestRevision: true,
* serviceAccountEmail: account.email,
* },
* eventTrigger: {
* triggerRegion: "us-central1",
* eventType: "google.cloud.audit.log.v1.written",
* retryPolicy: "RETRY_POLICY_RETRY",
* serviceAccountEmail: account.email,
* eventFilters: [
* {
* attribute: "serviceName",
* value: "storage.googleapis.com",
* },
* {
* attribute: "methodName",
* value: "storage.objects.create",
* },
* {
* attribute: "resourceName",
* value: pulumi.interpolate`/projects/_/buckets/${audit_log_bucket.name}/objects/*.txt`,
* operator: "match-path-pattern",
* },
* ],
* },
* }, {
* dependsOn: [
* event_receiving,
* artifactregistry_reader,
* ],
* });
* ```
* ### Cloudfunctions2 Basic Builder
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as time from "@pulumi/time";
*
* const project = "my-project-name";
* const account = new gcp.serviceaccount.Account("account", {
* accountId: "gcf-sa",
* displayName: "Test Service Account",
* });
* const logWriter = new gcp.projects.IAMMember("log_writer", {
* project: account.project,
* role: "roles/logging.logWriter",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* });
* const artifactRegistryWriter = new gcp.projects.IAMMember("artifact_registry_writer", {
* project: account.project,
* role: "roles/artifactregistry.writer",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* });
* const storageObjectAdmin = new gcp.projects.IAMMember("storage_object_admin", {
* project: account.project,
* role: "roles/storage.objectAdmin",
* member: pulumi.interpolate`serviceAccount:${account.email}`,
* });
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* // builder permissions need to stablize before it can pull the source zip
* const wait60s = new time.index.Sleep("wait_60s", {createDuration: "60s"}, {
* dependsOn: [
* logWriter,
* artifactRegistryWriter,
* storageObjectAdmin,
* ],
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "function-v2",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloHttp",
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* serviceAccount: account.id,
* },
* serviceConfig: {
* maxInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* },
* }, {
* dependsOn: [wait60s],
* });
* ```
* ### Cloudfunctions2 Secret Env
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const secret = new gcp.secretmanager.Secret("secret", {
* secretId: "secret",
* replication: {
* userManaged: {
* replicas: [{
* location: "us-central1",
* }],
* },
* },
* });
* const secretSecretVersion = new gcp.secretmanager.SecretVersion("secret", {
* secret: secret.name,
* secretData: "secret",
* enabled: true,
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "function-secret",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloHttp",
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* },
* serviceConfig: {
* maxInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* secretEnvironmentVariables: [{
* key: "TEST",
* projectId: project,
* secret: secret.secretId,
* version: "latest",
* }],
* },
* }, {
* dependsOn: [secretSecretVersion],
* });
* ```
* ### Cloudfunctions2 Secret Volume
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const secret = new gcp.secretmanager.Secret("secret", {
* secretId: "secret",
* replication: {
* userManaged: {
* replicas: [{
* location: "us-central1",
* }],
* },
* },
* });
* const secretSecretVersion = new gcp.secretmanager.SecretVersion("secret", {
* secret: secret.name,
* secretData: "secret",
* enabled: true,
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "function-secret",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloHttp",
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* },
* serviceConfig: {
* maxInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* secretVolumes: [{
* mountPath: "/etc/secrets",
* projectId: project,
* secret: secret.secretId,
* }],
* },
* }, {
* dependsOn: [secretSecretVersion],
* });
* ```
* ### Cloudfunctions2 Private Workerpool
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const pool = new gcp.cloudbuild.WorkerPool("pool", {
* name: "workerpool",
* location: "us-central1",
* workerConfig: {
* diskSizeGb: 100,
* machineType: "e2-standard-8",
* noExternalIp: false,
* },
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "function-workerpool",
* location: "us-central1",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloHttp",
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* workerPool: pool.id,
* },
* serviceConfig: {
* maxInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* },
* });
* ```
* ### Cloudfunctions2 Cmek Docs
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const projectGetProject = gcp.organizations.getProject({});
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const eaSa = new gcp.projects.ServiceIdentity("ea_sa", {
* project: projectGetProject.then(projectGetProject => projectGetProject.projectId),
* service: "eventarc.googleapis.com",
* });
* const unencoded_ar_repo = new gcp.artifactregistry.Repository("unencoded-ar-repo", {
* repositoryId: "ar-repo",
* location: "us-central1",
* format: "DOCKER",
* });
* const gcfCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding("gcf_cmek_keyuser", {
* cryptoKeyId: "cmek-key",
* role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
* members: [
* projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com`),
* projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),
* projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@gs-project-accounts.iam.gserviceaccount.com`),
* projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@serverless-robot-prod.iam.gserviceaccount.com`),
* eaSa.member,
* ],
* }, {
* dependsOn: [eaSa],
* });
* const encoded_ar_repo = new gcp.artifactregistry.Repository("encoded-ar-repo", {
* location: "us-central1",
* repositoryId: "cmek-repo",
* format: "DOCKER",
* kmsKeyName: "cmek-key",
* }, {
* dependsOn: [gcfCmekKeyuser],
* });
* const binding = new gcp.artifactregistry.RepositoryIamBinding("binding", {
* location: encoded_ar_repo.location,
* repository: encoded_ar_repo.name,
* role: "roles/artifactregistry.admin",
* members: [projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com`)],
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "function-cmek",
* location: "us-central1",
* description: "CMEK function",
* kmsKeyName: "cmek-key",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloHttp",
* dockerRepository: encoded_ar_repo.id,
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* },
* serviceConfig: {
* maxInstanceCount: 1,
* availableMemory: "256M",
* timeoutSeconds: 60,
* },
* }, {
* dependsOn: [gcfCmekKeyuser],
* });
* ```
* ### Cloudfunctions2 Abiu
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const account = new gcp.serviceaccount.Account("account", {
* accountId: "gcf-sa",
* displayName: "Test Service Account",
* });
* const topic = new gcp.pubsub.Topic("topic", {name: "functions2-topic"});
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "gcf-function",
* location: "europe-west6",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloPubSub",
* environmentVariables: {
* BUILD_CONFIG_TEST: "build_test",
* },
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* automaticUpdatePolicy: {},
* },
* serviceConfig: {
* maxInstanceCount: 3,
* minInstanceCount: 1,
* availableMemory: "4Gi",
* timeoutSeconds: 60,
* maxInstanceRequestConcurrency: 80,
* availableCpu: "4",
* environmentVariables: {
* SERVICE_CONFIG_TEST: "config_test",
* },
* ingressSettings: "ALLOW_INTERNAL_ONLY",
* allTrafficOnLatestRevision: true,
* serviceAccountEmail: account.email,
* },
* eventTrigger: {
* triggerRegion: "us-central1",
* eventType: "google.cloud.pubsub.topic.v1.messagePublished",
* pubsubTopic: topic.id,
* retryPolicy: "RETRY_POLICY_RETRY",
* },
* });
* ```
* ### Cloudfunctions2 Abiu On Deploy
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const project = "my-project-name";
* const account = new gcp.serviceaccount.Account("account", {
* accountId: "gcf-sa",
* displayName: "Test Service Account",
* });
* const topic = new gcp.pubsub.Topic("topic", {name: "functions2-topic"});
* const bucket = new gcp.storage.Bucket("bucket", {
* name: `${project}-gcf-source`,
* location: "US",
* uniformBucketLevelAccess: true,
* });
* const object = new gcp.storage.BucketObject("object", {
* name: "function-source.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("function-source.zip"),
* });
* const _function = new gcp.cloudfunctionsv2.Function("function", {
* name: "gcf-function",
* location: "europe-west6",
* description: "a new function",
* buildConfig: {
* runtime: "nodejs20",
* entryPoint: "helloPubSub",
* environmentVariables: {
* BUILD_CONFIG_TEST: "build_test",
* },
* source: {
* storageSource: {
* bucket: bucket.name,
* object: object.name,
* },
* },
* onDeployUpdatePolicy: {},
* },
* serviceConfig: {
* maxInstanceCount: 3,
* minInstanceCount: 1,
* availableMemory: "4Gi",
* timeoutSeconds: 60,
* maxInstanceRequestConcurrency: 80,
* availableCpu: "4",
* environmentVariables: {
* SERVICE_CONFIG_TEST: "config_test",
* },
* ingressSettings: "ALLOW_INTERNAL_ONLY",
* allTrafficOnLatestRevision: true,
* serviceAccountEmail: account.email,
* },
* eventTrigger: {
* triggerRegion: "us-central1",
* eventType: "google.cloud.pubsub.topic.v1.messagePublished",
* pubsubTopic: topic.id,
* retryPolicy: "RETRY_POLICY_RETRY",
* },
* });
* ```
*
* ## Import
*
* function can be imported using any of these accepted formats:
*
* * `projects/{{project}}/locations/{{location}}/functions/{{name}}`
*
* * `{{project}}/{{location}}/{{name}}`
*
* * `{{location}}/{{name}}`
*
* When using the `pulumi import` command, function can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:cloudfunctionsv2/function:Function default projects/{{project}}/locations/{{location}}/functions/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:cloudfunctionsv2/function:Function default {{project}}/{{location}}/{{name}}
* ```
*
* ```sh
* $ pulumi import gcp:cloudfunctionsv2/function:Function default {{location}}/{{name}}
* ```
*/
export declare class Function extends pulumi.CustomResource {
/**
* Get an existing Function resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FunctionState, opts?: pulumi.CustomResourceOptions): Function;
/**
* Returns true if the given object is an instance of Function. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Function;
/**
* Describes the Build step of the function that builds a container
* from the given source.
* Structure is documented below.
*/
readonly buildConfig: pulumi.Output<outputs.cloudfunctionsv2.FunctionBuildConfig | undefined>;
/**
* User-provided description of a function.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
readonly effectiveLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* The environment the function is hosted on.
*/
readonly environment: pulumi.Output<string>;
/**
* An Eventarc trigger managed by Google Cloud Functions that fires events in
* response to a condition in another service.
* Structure is documented below.
*/
readonly eventTrigger: pulumi.Output<outputs.cloudfunctionsv2.FunctionEventTrigger | undefined>;
/**
* Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.
* It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.
*/
readonly kmsKeyName: pulumi.Output<string | undefined>;
/**
* A set of key/value label pairs associated with this Cloud Function.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
readonly labels: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The location of this cloud function.
*
*
* - - -
*/
readonly location: pulumi.Output<string>;
/**
* A user-defined name of the function. Function names must
* be unique globally and match pattern `projects/*/locations/*/functions/*`.
*/
readonly name: pulumi.Output<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
readonly pulumiLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Describes the Service being deployed.
* Structure is documented below.
*/
readonly serviceConfig: pulumi.Output<outputs.cloudfunctionsv2.FunctionServiceConfig | undefined>;
/**
* Describes the current state of the function.
*/
readonly state: pulumi.Output<string>;
/**
* The last update timestamp of a Cloud Function.
*/
readonly updateTime: pulumi.Output<string>;
/**
* Output only. The deployed url for the function.
*/
readonly url: pulumi.Output<string>;
/**
* Create a Function resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: FunctionArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Function resources.
*/
export interface FunctionState {
/**
* Describes the Build step of the function that builds a container
* from the given source.
* Structure is documented below.
*/
buildConfig?: pulumi.Input<inputs.cloudfunctionsv2.FunctionBuildConfig>;
/**
* User-provided description of a function.
*/
description?: pulumi.Input<string>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
effectiveLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The environment the function is hosted on.
*/
environment?: pulumi.Input<string>;
/**
* An Eventarc trigger managed by Google Cloud Functions that fires events in
* response to a condition in another service.
* Structure is documented below.
*/
eventTrigger?: pulumi.Input<inputs.cloudfunctionsv2.FunctionEventTrigger>;
/**
* Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.
* It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.
*/
kmsKeyName?: pulumi.Input<string>;
/**
* A set of key/value label pairs associated with this Cloud Function.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The location of this cloud function.
*
*
* - - -
*/
location?: pulumi.Input<string>;
/**
* A user-defined name of the function. Function names must
* be unique globally and match pattern `projects/*/locations/*/functions/*`.
*/
name?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* The combination of labels configured directly on the resource
* and default labels configured on the provider.
*/
pulumiLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Describes the Service being deployed.
* Structure is documented below.
*/
serviceConfig?: pulumi.Input<inputs.cloudfunctionsv2.FunctionServiceConfig>;
/**
* Describes the current state of the function.
*/
state?: pulumi.Input<string>;
/**
* The last update timestamp of a Cloud Function.
*/
updateTime?: pulumi.Input<string>;
/**
* Output only. The deployed url for the function.
*/
url?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Function resource.
*/
export interface FunctionArgs {
/**
* Describes the Build step of the function that builds a container
* from the given source.
* Structure is documented below.
*/
buildConfig?: pulumi.Input<inputs.cloudfunctionsv2.FunctionBuildConfig>;
/**
* User-provided description of a function.
*/
description?: pulumi.Input<string>;
/**
* An Eventarc trigger managed by Google Cloud Functions that fires events in
* response to a condition in another service.
* Structure is documented below.
*/
eventTrigger?: pulumi.Input<inputs.cloudfunctionsv2.FunctionEventTrigger>;
/**
* Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.
* It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.
*/
kmsKeyName?: pulumi.Input<string>;
/**
* A set of key/value label pairs associated with this Cloud Function.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effectiveLabels` for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The location of this cloud function.
*
*
* - - -
*/
location: pulumi.Input<string>;
/**
* A user-defined name of the function. Function names must
* be unique globally and match pattern `projects/*/locations/*/functions/*`.
*/
name?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* Describes the Service being deployed.
* Structure is documented below.
*/
serviceConfig?: pulumi.Input<inputs.cloudfunctionsv2.FunctionServiceConfig>;
}