Function
A Cloud Function that contains user computation executed in response to an event. To get more information about function, see:
Example Usage
Cloudfunctions2 Basic Gcs
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetProjectServiceAccountArgs;
import com.pulumi.gcp.projects.IAMMember;
import com.pulumi.gcp.projects.IAMMemberArgs;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.cloudfunctionsv2.Function;
import com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;
import com.pulumi.resources.CustomResourceOptions;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var source_bucket = new Bucket("source-bucket", BucketArgs.builder()
.location("US")
.uniformBucketLevelAccess(true)
.build());
var object = new BucketObject("object", BucketObjectArgs.builder()
.bucket(source_bucket.name())
.source(new FileAsset("function-source.zip"))
.build());
var trigger_bucket = new Bucket("trigger-bucket", BucketArgs.builder()
.location("us-central1")
.uniformBucketLevelAccess(true)
.build());
final var gcsAccount = StorageFunctions.getProjectServiceAccount();
var gcs_pubsub_publishing = new IAMMember("gcs-pubsub-publishing", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/pubsub.publisher")
.member(String.format("serviceAccount:%s", gcsAccount.applyValue(getProjectServiceAccountResult -> getProjectServiceAccountResult.emailAddress())))
.build());
var account = new Account("account", AccountArgs.builder()
.accountId("gcf-sa")
.displayName("Test Service Account - used for both the cloud function and eventarc trigger in the test")
.build());
var invoking = new IAMMember("invoking", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/run.invoker")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(gcs_pubsub_publishing)
.build());
var event_receiving = new IAMMember("event-receiving", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/eventarc.eventReceiver")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(invoking)
.build());
var artifactregistry_reader = new IAMMember("artifactregistry-reader", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/artifactregistry.reader")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(event_receiving)
.build());
var function = new Function("function", FunctionArgs.builder()
.location("us-central1")
.description("a new function")
.buildConfig(FunctionBuildConfigArgs.builder()
.runtime("nodejs12")
.entryPoint("entryPoint")
.environmentVariables(Map.of("BUILD_CONFIG_TEST", "build_test"))
.source(FunctionBuildConfigSourceArgs.builder()
.storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()
.bucket(source_bucket.name())
.object(object.name())
.build())
.build())
.build())
.serviceConfig(FunctionServiceConfigArgs.builder()
.maxInstanceCount(3)
.minInstanceCount(1)
.availableMemory("256M")
.timeoutSeconds(60)
.environmentVariables(Map.of("SERVICE_CONFIG_TEST", "config_test"))
.ingressSettings("ALLOW_INTERNAL_ONLY")
.allTrafficOnLatestRevision(true)
.serviceAccountEmail(account.email())
.build())
.eventTrigger(FunctionEventTriggerArgs.builder()
.triggerRegion("us-central1")
.eventType("google.cloud.storage.object.v1.finalized")
.retryPolicy("RETRY_POLICY_RETRY")
.serviceAccountEmail(account.email())
.eventFilters(FunctionEventTriggerEventFilterArgs.builder()
.attribute("bucket")
.value(trigger_bucket.name())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
event_receiving,
artifactregistry_reader)
.build());
}
}Content copied to clipboard
Cloudfunctions2 Basic Auditlogs
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.serviceAccount.Account;
import com.pulumi.gcp.serviceAccount.AccountArgs;
import com.pulumi.gcp.projects.IAMMember;
import com.pulumi.gcp.projects.IAMMemberArgs;
import com.pulumi.gcp.cloudfunctionsv2.Function;
import com.pulumi.gcp.cloudfunctionsv2.FunctionArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionBuildConfigSourceStorageSourceArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionServiceConfigArgs;
import com.pulumi.gcp.cloudfunctionsv2.inputs.FunctionEventTriggerArgs;
import com.pulumi.resources.CustomResourceOptions;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var source_bucket = new Bucket("source-bucket", BucketArgs.builder()
.location("US")
.uniformBucketLevelAccess(true)
.build());
var object = new BucketObject("object", BucketObjectArgs.builder()
.bucket(source_bucket.name())
.source(new FileAsset("function-source.zip"))
.build());
var account = new Account("account", AccountArgs.builder()
.accountId("gcf-sa")
.displayName("Test Service Account - used for both the cloud function and eventarc trigger in the test")
.build());
var audit_log_bucket = new Bucket("audit-log-bucket", BucketArgs.builder()
.location("us-central1")
.uniformBucketLevelAccess(true)
.build());
var invoking = new IAMMember("invoking", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/run.invoker")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build());
var event_receiving = new IAMMember("event-receiving", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/eventarc.eventReceiver")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(invoking)
.build());
var artifactregistry_reader = new IAMMember("artifactregistry-reader", IAMMemberArgs.builder()
.project("my-project-name")
.role("roles/artifactregistry.reader")
.member(account.email().applyValue(email -> String.format("serviceAccount:%s", email)))
.build(), CustomResourceOptions.builder()
.dependsOn(event_receiving)
.build());
var function = new Function("function", FunctionArgs.builder()
.location("us-central1")
.description("a new function")
.buildConfig(FunctionBuildConfigArgs.builder()
.runtime("nodejs12")
.entryPoint("entryPoint")
.environmentVariables(Map.of("BUILD_CONFIG_TEST", "build_test"))
.source(FunctionBuildConfigSourceArgs.builder()
.storageSource(FunctionBuildConfigSourceStorageSourceArgs.builder()
.bucket(source_bucket.name())
.object(object.name())
.build())
.build())
.build())
.serviceConfig(FunctionServiceConfigArgs.builder()
.maxInstanceCount(3)
.minInstanceCount(1)
.availableMemory("256M")
.timeoutSeconds(60)
.environmentVariables(Map.of("SERVICE_CONFIG_TEST", "config_test"))
.ingressSettings("ALLOW_INTERNAL_ONLY")
.allTrafficOnLatestRevision(true)
.serviceAccountEmail(account.email())
.build())
.eventTrigger(FunctionEventTriggerArgs.builder()
.triggerRegion("us-central1")
.eventType("google.cloud.audit.log.v1.written")
.retryPolicy("RETRY_POLICY_RETRY")
.serviceAccountEmail(account.email())
.eventFilters(
FunctionEventTriggerEventFilterArgs.builder()
.attribute("serviceName")
.value("storage.googleapis.com")
.build(),
FunctionEventTriggerEventFilterArgs.builder()
.attribute("methodName")
.value("storage.objects.create")
.build(),
FunctionEventTriggerEventFilterArgs.builder()
.attribute("resourceName")
.value(audit_log_bucket.name().applyValue(name -> String.format("/projects/_/buckets/%s/objects/*.txt", name)))
.operator("match-path-pattern")
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
event_receiving,
artifactregistry_reader)
.build());
}
}Content copied to clipboard
Import
function can be imported using any of these accepted formats
$ pulumi import gcp:cloudfunctionsv2/function:Function default projects/{{project}}/locations/{{location}}/functions/{{name}}Content copied to clipboard
$ pulumi import gcp:cloudfunctionsv2/function:Function default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:cloudfunctionsv2/function:Function default {{location}}/{{name}}Content copied to clipboard
*/
Properties
Link copied to clipboard
Describes the Build step of the function that builds a container from the given source. Structure is documented below.
Link copied to clipboard
User-provided description of a function.
Link copied to clipboard
The environment the function is hosted on.
Link copied to clipboard
An Eventarc trigger managed by Google Cloud Functions that fires events in response to a condition in another service. Structure is documented below.
Link copied to clipboard
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Describes the Service being deployed. Structure is documented below.
Link copied to clipboard
The last update timestamp of a Cloud Function.