@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
660 lines • 34.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Creates a new Cloud Function. For more information see:
*
* * [API documentation](https://cloud.google.com/functions/docs/reference/rest/v1/projects.locations.functions)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/functions/docs)
*
* > **Warning:** As of November 1, 2019, newly created Functions are
* private-by-default and will require [appropriate IAM permissions](https://cloud.google.com/functions/docs/reference/iam/roles)
* to be invoked. See below examples for how to set up the appropriate permissions,
* or view the [Cloud Functions IAM resources](https://www.terraform.io/docs/providers/google/r/cloudfunctions_cloud_function_iam.html)
* for Cloud Functions.
*
* ## Example Usage
*
* ### Public Function
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const bucket = new gcp.storage.Bucket("bucket", {
* name: "test-bucket",
* location: "US",
* });
* const archive = new gcp.storage.BucketObject("archive", {
* name: "index.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("./path/to/zip/file/which/contains/code"),
* });
* const _function = new gcp.cloudfunctions.Function("function", {
* name: "function-test",
* description: "My function",
* runtime: "nodejs20",
* availableMemoryMb: 128,
* sourceArchiveBucket: bucket.name,
* sourceArchiveObject: archive.name,
* triggerHttp: true,
* entryPoint: "helloGET",
* });
* // IAM entry for all users to invoke the function
* const invoker = new gcp.cloudfunctions.FunctionIamMember("invoker", {
* project: _function.project,
* region: _function.region,
* cloudFunction: _function.name,
* role: "roles/cloudfunctions.invoker",
* member: "allUsers",
* });
* ```
*
* ### Single User
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const bucket = new gcp.storage.Bucket("bucket", {
* name: "test-bucket",
* location: "US",
* });
* const archive = new gcp.storage.BucketObject("archive", {
* name: "index.zip",
* bucket: bucket.name,
* source: new pulumi.asset.FileAsset("./path/to/zip/file/which/contains/code"),
* });
* const _function = new gcp.cloudfunctions.Function("function", {
* name: "function-test",
* description: "My function",
* runtime: "nodejs20",
* availableMemoryMb: 128,
* sourceArchiveBucket: bucket.name,
* sourceArchiveObject: archive.name,
* triggerHttp: true,
* httpsTriggerSecurityLevel: "SECURE_ALWAYS",
* timeout: 60,
* entryPoint: "helloGET",
* labels: {
* "my-label": "my-label-value",
* },
* environmentVariables: {
* MY_ENV_VAR: "my-env-var-value",
* },
* });
* // IAM entry for a single user to invoke the function
* const invoker = new gcp.cloudfunctions.FunctionIamMember("invoker", {
* project: _function.project,
* region: _function.region,
* cloudFunction: _function.name,
* role: "roles/cloudfunctions.invoker",
* member: "user:myFunctionInvoker@example.com",
* });
* ```
*
* ## Import
*
* Functions can be imported using the `name` or `{{project}}/{{region}}/name`, e.g.
*
* * `{{project}}/{{region}}/{{name}}`
* * `{{name}}`
*
* When using the `pulumi import` command, Functions can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:cloudfunctions/function:Function default {{project}}/{{region}}/{{name}}
* $ pulumi import gcp:cloudfunctions/function:Function default {{name}}
* ```
*/
export declare class Function extends pulumi.CustomResource {
/**
* Get an existing Function resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FunctionState, opts?: pulumi.CustomResourceOptions): Function;
/**
* Returns true if the given object is an instance of Function. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Function;
/**
* Security patches are applied automatically to the runtime without requiring the function to be redeployed. This should be specified as an empty block and cannot be set alongside `onDeployUpdatePolicy`.
*/
readonly automaticUpdatePolicy: pulumi.Output<outputs.cloudfunctions.FunctionAutomaticUpdatePolicy>;
/**
* Memory (in MB), available to the function. Default value is `256`. Possible values include `128`, `256`, `512`, `1024`, etc.
*/
readonly availableMemoryMb: pulumi.Output<number | undefined>;
/**
* A set of key/value environment variable pairs available during build time.
*/
readonly buildEnvironmentVariables: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* If provided, the self-provided service account to use to build the function. The format of this field is `projects/{project}/serviceAccounts/{serviceAccountEmail}`
*/
readonly buildServiceAccount: pulumi.Output<string>;
/**
* Name of the Cloud Build Custom Worker Pool that should be used to build the function.
*/
readonly buildWorkerPool: pulumi.Output<string | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
readonly deletionPolicy: pulumi.Output<string>;
/**
* Description of the function.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
*/
readonly dockerRegistry: pulumi.Output<string>;
/**
* User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and `dockerRegistry` is not explicitly set to `CONTAINER_REGISTRY`, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
*/
readonly dockerRepository: pulumi.Output<string | undefined>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
readonly effectiveLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Name of the function that will be executed when the Google Cloud Function is triggered.
*/
readonly entryPoint: pulumi.Output<string | undefined>;
/**
* A set of key/value environment variable pairs to assign to the function.
*/
readonly environmentVariables: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with `triggerHttp`.
*/
readonly eventTrigger: pulumi.Output<outputs.cloudfunctions.FunctionEventTrigger>;
/**
* The security level for the function. The following options are available:
*
* * `SECURE_ALWAYS` Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
* * `SECURE_OPTIONAL` Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
*/
readonly httpsTriggerSecurityLevel: pulumi.Output<string>;
/**
* URL which triggers function execution. Returned only if `triggerHttp` is used.
*/
readonly httpsTriggerUrl: pulumi.Output<string>;
/**
* String value that controls what traffic can reach the function. Allowed values are `ALLOW_ALL`, `ALLOW_INTERNAL_AND_GCLB` and `ALLOW_INTERNAL_ONLY`. Check [ingress documentation](https://cloud.google.com/functions/docs/networking/network-settings#ingress_settings) to see the impact of each settings value. Changes to this field will recreate the cloud function.
*/
readonly ingressSettings: pulumi.Output<string | undefined>;
/**
* Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`.
* If specified, you must also provide an artifact registry repository using the `dockerRepository` field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
*/
readonly kmsKeyName: pulumi.Output<string | undefined>;
/**
* A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://docs.cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field 'effective_labels' for all of the labels present on the resource.
*/
readonly labels: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* The limit on the maximum number of function instances that may coexist at a given time.
*/
readonly maxInstances: pulumi.Output<number>;
/**
* The limit on the minimum number of function instances that may coexist at a given time.
*/
readonly minInstances: pulumi.Output<number | undefined>;
/**
* A user-defined name of the function. Function names must be unique globally.
*/
readonly name: pulumi.Output<string>;
/**
* Security patches are only applied when a function is redeployed. This should be specified as an empty block and cannot be set alongside `automaticUpdatePolicy`. Structure is documented below.
*/
readonly onDeployUpdatePolicy: pulumi.Output<outputs.cloudfunctions.FunctionOnDeployUpdatePolicy | undefined>;
/**
* Project of the function. If it is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* The combination of labels configured directly on the resource and default labels configured on the provider.
*/
readonly pulumiLabels: pulumi.Output<{
[key: string]: string;
}>;
/**
* Region of function. If it is not provided, the provider region is used.
*/
readonly region: pulumi.Output<string>;
/**
* The runtime in which the function is going to run.
* Eg. `"nodejs20"`, `"python39"`, `"dotnet3"`, `"go116"`, `"java11"`, `"ruby30"`, `"php74"`, etc. Check the [official doc](https://cloud.google.com/functions/docs/concepts/exec#runtimes) for the up-to-date list.
*
* - - -
*/
readonly runtime: pulumi.Output<string>;
/**
* Secret environment variables configuration. Structure is documented below.
*/
readonly secretEnvironmentVariables: pulumi.Output<outputs.cloudfunctions.FunctionSecretEnvironmentVariable[] | undefined>;
/**
* Secret volumes configuration. Structure is documented below.
*/
readonly secretVolumes: pulumi.Output<outputs.cloudfunctions.FunctionSecretVolume[] | undefined>;
/**
* If provided, the self-provided service account to run the function with.
*/
readonly serviceAccountEmail: pulumi.Output<string>;
/**
* The GCS bucket containing the zip archive which contains the function.
*/
readonly sourceArchiveBucket: pulumi.Output<string | undefined>;
/**
* The source archive object (file) in archive bucket.
*/
readonly sourceArchiveObject: pulumi.Output<string | undefined>;
/**
* Represents parameters related to source repository where a function is hosted.
* Cannot be set alongside `sourceArchiveBucket` or `sourceArchiveObject`. Structure is documented below. It must match the pattern `projects/{project}/locations/{location}/repositories/{repository}`.*
*/
readonly sourceRepository: pulumi.Output<outputs.cloudfunctions.FunctionSourceRepository | undefined>;
/**
* Describes the current stage of a deployment.
*/
readonly status: pulumi.Output<string>;
/**
* Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
*/
readonly timeout: pulumi.Output<number | undefined>;
/**
* Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as `httpsTriggerUrl`. Cannot be used with `eventTrigger`.
*/
readonly triggerHttp: pulumi.Output<boolean | undefined>;
/**
* The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
*/
readonly versionId: pulumi.Output<string>;
/**
* The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is `projects/*/locations/*/connectors/*`.
*/
readonly vpcConnector: pulumi.Output<string | undefined>;
/**
* The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are `ALL_TRAFFIC` and `PRIVATE_RANGES_ONLY`. Defaults to `PRIVATE_RANGES_ONLY`. If unset, this field preserves the previously set value.
*/
readonly vpcConnectorEgressSettings: pulumi.Output<string>;
/**
* Create a Function resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: FunctionArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Function resources.
*/
export interface FunctionState {
/**
* Security patches are applied automatically to the runtime without requiring the function to be redeployed. This should be specified as an empty block and cannot be set alongside `onDeployUpdatePolicy`.
*/
automaticUpdatePolicy?: pulumi.Input<inputs.cloudfunctions.FunctionAutomaticUpdatePolicy | undefined>;
/**
* Memory (in MB), available to the function. Default value is `256`. Possible values include `128`, `256`, `512`, `1024`, etc.
*/
availableMemoryMb?: pulumi.Input<number | undefined>;
/**
* A set of key/value environment variable pairs available during build time.
*/
buildEnvironmentVariables?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* If provided, the self-provided service account to use to build the function. The format of this field is `projects/{project}/serviceAccounts/{serviceAccountEmail}`
*/
buildServiceAccount?: pulumi.Input<string | undefined>;
/**
* Name of the Cloud Build Custom Worker Pool that should be used to build the function.
*/
buildWorkerPool?: pulumi.Input<string | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* Description of the function.
*/
description?: pulumi.Input<string | undefined>;
/**
* Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
*/
dockerRegistry?: pulumi.Input<string | undefined>;
/**
* User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and `dockerRegistry` is not explicitly set to `CONTAINER_REGISTRY`, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
*/
dockerRepository?: pulumi.Input<string | undefined>;
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
effectiveLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* Name of the function that will be executed when the Google Cloud Function is triggered.
*/
entryPoint?: pulumi.Input<string | undefined>;
/**
* A set of key/value environment variable pairs to assign to the function.
*/
environmentVariables?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with `triggerHttp`.
*/
eventTrigger?: pulumi.Input<inputs.cloudfunctions.FunctionEventTrigger | undefined>;
/**
* The security level for the function. The following options are available:
*
* * `SECURE_ALWAYS` Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
* * `SECURE_OPTIONAL` Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
*/
httpsTriggerSecurityLevel?: pulumi.Input<string | undefined>;
/**
* URL which triggers function execution. Returned only if `triggerHttp` is used.
*/
httpsTriggerUrl?: pulumi.Input<string | undefined>;
/**
* String value that controls what traffic can reach the function. Allowed values are `ALLOW_ALL`, `ALLOW_INTERNAL_AND_GCLB` and `ALLOW_INTERNAL_ONLY`. Check [ingress documentation](https://cloud.google.com/functions/docs/networking/network-settings#ingress_settings) to see the impact of each settings value. Changes to this field will recreate the cloud function.
*/
ingressSettings?: pulumi.Input<string | undefined>;
/**
* Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`.
* If specified, you must also provide an artifact registry repository using the `dockerRepository` field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
*/
kmsKeyName?: pulumi.Input<string | undefined>;
/**
* A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://docs.cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field 'effective_labels' for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* The limit on the maximum number of function instances that may coexist at a given time.
*/
maxInstances?: pulumi.Input<number | undefined>;
/**
* The limit on the minimum number of function instances that may coexist at a given time.
*/
minInstances?: pulumi.Input<number | undefined>;
/**
* A user-defined name of the function. Function names must be unique globally.
*/
name?: pulumi.Input<string | undefined>;
/**
* Security patches are only applied when a function is redeployed. This should be specified as an empty block and cannot be set alongside `automaticUpdatePolicy`. Structure is documented below.
*/
onDeployUpdatePolicy?: pulumi.Input<inputs.cloudfunctions.FunctionOnDeployUpdatePolicy | undefined>;
/**
* Project of the function. If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string | undefined>;
/**
* The combination of labels configured directly on the resource and default labels configured on the provider.
*/
pulumiLabels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* Region of function. If it is not provided, the provider region is used.
*/
region?: pulumi.Input<string | undefined>;
/**
* The runtime in which the function is going to run.
* Eg. `"nodejs20"`, `"python39"`, `"dotnet3"`, `"go116"`, `"java11"`, `"ruby30"`, `"php74"`, etc. Check the [official doc](https://cloud.google.com/functions/docs/concepts/exec#runtimes) for the up-to-date list.
*
* - - -
*/
runtime?: pulumi.Input<string | undefined>;
/**
* Secret environment variables configuration. Structure is documented below.
*/
secretEnvironmentVariables?: pulumi.Input<pulumi.Input<inputs.cloudfunctions.FunctionSecretEnvironmentVariable>[] | undefined>;
/**
* Secret volumes configuration. Structure is documented below.
*/
secretVolumes?: pulumi.Input<pulumi.Input<inputs.cloudfunctions.FunctionSecretVolume>[] | undefined>;
/**
* If provided, the self-provided service account to run the function with.
*/
serviceAccountEmail?: pulumi.Input<string | undefined>;
/**
* The GCS bucket containing the zip archive which contains the function.
*/
sourceArchiveBucket?: pulumi.Input<string | undefined>;
/**
* The source archive object (file) in archive bucket.
*/
sourceArchiveObject?: pulumi.Input<string | undefined>;
/**
* Represents parameters related to source repository where a function is hosted.
* Cannot be set alongside `sourceArchiveBucket` or `sourceArchiveObject`. Structure is documented below. It must match the pattern `projects/{project}/locations/{location}/repositories/{repository}`.*
*/
sourceRepository?: pulumi.Input<inputs.cloudfunctions.FunctionSourceRepository | undefined>;
/**
* Describes the current stage of a deployment.
*/
status?: pulumi.Input<string | undefined>;
/**
* Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
*/
timeout?: pulumi.Input<number | undefined>;
/**
* Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as `httpsTriggerUrl`. Cannot be used with `eventTrigger`.
*/
triggerHttp?: pulumi.Input<boolean | undefined>;
/**
* The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
*/
versionId?: pulumi.Input<string | undefined>;
/**
* The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is `projects/*/locations/*/connectors/*`.
*/
vpcConnector?: pulumi.Input<string | undefined>;
/**
* The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are `ALL_TRAFFIC` and `PRIVATE_RANGES_ONLY`. Defaults to `PRIVATE_RANGES_ONLY`. If unset, this field preserves the previously set value.
*/
vpcConnectorEgressSettings?: pulumi.Input<string | undefined>;
}
/**
* The set of arguments for constructing a Function resource.
*/
export interface FunctionArgs {
/**
* Security patches are applied automatically to the runtime without requiring the function to be redeployed. This should be specified as an empty block and cannot be set alongside `onDeployUpdatePolicy`.
*/
automaticUpdatePolicy?: pulumi.Input<inputs.cloudfunctions.FunctionAutomaticUpdatePolicy | undefined>;
/**
* Memory (in MB), available to the function. Default value is `256`. Possible values include `128`, `256`, `512`, `1024`, etc.
*/
availableMemoryMb?: pulumi.Input<number | undefined>;
/**
* A set of key/value environment variable pairs available during build time.
*/
buildEnvironmentVariables?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* If provided, the self-provided service account to use to build the function. The format of this field is `projects/{project}/serviceAccounts/{serviceAccountEmail}`
*/
buildServiceAccount?: pulumi.Input<string | undefined>;
/**
* Name of the Cloud Build Custom Worker Pool that should be used to build the function.
*/
buildWorkerPool?: pulumi.Input<string | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* Description of the function.
*/
description?: pulumi.Input<string | undefined>;
/**
* Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
*/
dockerRegistry?: pulumi.Input<string | undefined>;
/**
* User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and `dockerRegistry` is not explicitly set to `CONTAINER_REGISTRY`, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
*/
dockerRepository?: pulumi.Input<string | undefined>;
/**
* Name of the function that will be executed when the Google Cloud Function is triggered.
*/
entryPoint?: pulumi.Input<string | undefined>;
/**
* A set of key/value environment variable pairs to assign to the function.
*/
environmentVariables?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with `triggerHttp`.
*/
eventTrigger?: pulumi.Input<inputs.cloudfunctions.FunctionEventTrigger | undefined>;
/**
* The security level for the function. The following options are available:
*
* * `SECURE_ALWAYS` Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
* * `SECURE_OPTIONAL` Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
*/
httpsTriggerSecurityLevel?: pulumi.Input<string | undefined>;
/**
* URL which triggers function execution. Returned only if `triggerHttp` is used.
*/
httpsTriggerUrl?: pulumi.Input<string | undefined>;
/**
* String value that controls what traffic can reach the function. Allowed values are `ALLOW_ALL`, `ALLOW_INTERNAL_AND_GCLB` and `ALLOW_INTERNAL_ONLY`. Check [ingress documentation](https://cloud.google.com/functions/docs/networking/network-settings#ingress_settings) to see the impact of each settings value. Changes to this field will recreate the cloud function.
*/
ingressSettings?: pulumi.Input<string | undefined>;
/**
* Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`.
* If specified, you must also provide an artifact registry repository using the `dockerRepository` field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
*/
kmsKeyName?: pulumi.Input<string | undefined>;
/**
* A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://docs.cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.
*
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field 'effective_labels' for all of the labels present on the resource.
*/
labels?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
} | undefined>;
/**
* The limit on the maximum number of function instances that may coexist at a given time.
*/
maxInstances?: pulumi.Input<number | undefined>;
/**
* The limit on the minimum number of function instances that may coexist at a given time.
*/
minInstances?: pulumi.Input<number | undefined>;
/**
* A user-defined name of the function. Function names must be unique globally.
*/
name?: pulumi.Input<string | undefined>;
/**
* Security patches are only applied when a function is redeployed. This should be specified as an empty block and cannot be set alongside `automaticUpdatePolicy`. Structure is documented below.
*/
onDeployUpdatePolicy?: pulumi.Input<inputs.cloudfunctions.FunctionOnDeployUpdatePolicy | undefined>;
/**
* Project of the function. If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string | undefined>;
/**
* Region of function. If it is not provided, the provider region is used.
*/
region?: pulumi.Input<string | undefined>;
/**
* The runtime in which the function is going to run.
* Eg. `"nodejs20"`, `"python39"`, `"dotnet3"`, `"go116"`, `"java11"`, `"ruby30"`, `"php74"`, etc. Check the [official doc](https://cloud.google.com/functions/docs/concepts/exec#runtimes) for the up-to-date list.
*
* - - -
*/
runtime: pulumi.Input<string>;
/**
* Secret environment variables configuration. Structure is documented below.
*/
secretEnvironmentVariables?: pulumi.Input<pulumi.Input<inputs.cloudfunctions.FunctionSecretEnvironmentVariable>[] | undefined>;
/**
* Secret volumes configuration. Structure is documented below.
*/
secretVolumes?: pulumi.Input<pulumi.Input<inputs.cloudfunctions.FunctionSecretVolume>[] | undefined>;
/**
* If provided, the self-provided service account to run the function with.
*/
serviceAccountEmail?: pulumi.Input<string | undefined>;
/**
* The GCS bucket containing the zip archive which contains the function.
*/
sourceArchiveBucket?: pulumi.Input<string | undefined>;
/**
* The source archive object (file) in archive bucket.
*/
sourceArchiveObject?: pulumi.Input<string | undefined>;
/**
* Represents parameters related to source repository where a function is hosted.
* Cannot be set alongside `sourceArchiveBucket` or `sourceArchiveObject`. Structure is documented below. It must match the pattern `projects/{project}/locations/{location}/repositories/{repository}`.*
*/
sourceRepository?: pulumi.Input<inputs.cloudfunctions.FunctionSourceRepository | undefined>;
/**
* Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
*/
timeout?: pulumi.Input<number | undefined>;
/**
* Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as `httpsTriggerUrl`. Cannot be used with `eventTrigger`.
*/
triggerHttp?: pulumi.Input<boolean | undefined>;
/**
* The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is `projects/*/locations/*/connectors/*`.
*/
vpcConnector?: pulumi.Input<string | undefined>;
/**
* The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are `ALL_TRAFFIC` and `PRIVATE_RANGES_ONLY`. Defaults to `PRIVATE_RANGES_ONLY`. If unset, this field preserves the previously set value.
*/
vpcConnectorEgressSettings?: pulumi.Input<string | undefined>;
}
//# sourceMappingURL=function.d.ts.map