Function
Creates a new Cloud Function. For more information see:
How-to Guides
Warning: As of November 1, 2019, newly created Functions are private-by-default and will require appropriate IAM permissions to be invoked. See below examples for how to set up the appropriate permissions, or view the Cloud Functions IAM resources for Cloud Functions.
Example Usage
Public Function
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const bucket = new gcp.storage.Bucket("bucket", {
name: "test-bucket",
location: "US",
});
const archive = new gcp.storage.BucketObject("archive", {
name: "index.zip",
bucket: bucket.name,
source: new pulumi.asset.FileAsset("./path/to/zip/file/which/contains/code"),
});
const _function = new gcp.cloudfunctions.Function("function", {
name: "function-test",
description: "My function",
runtime: "nodejs20",
availableMemoryMb: 128,
sourceArchiveBucket: bucket.name,
sourceArchiveObject: archive.name,
triggerHttp: true,
entryPoint: "helloGET",
});
// IAM entry for all users to invoke the function
const invoker = new gcp.cloudfunctions.FunctionIamMember("invoker", {
project: _function.project,
region: _function.region,
cloudFunction: _function.name,
role: "roles/cloudfunctions.invoker",
member: "allUsers",
});import pulumi
import pulumi_gcp as gcp
bucket = gcp.storage.Bucket("bucket",
name="test-bucket",
location="US")
archive = gcp.storage.BucketObject("archive",
name="index.zip",
bucket=bucket.name,
source=pulumi.FileAsset("./path/to/zip/file/which/contains/code"))
function = gcp.cloudfunctions.Function("function",
name="function-test",
description="My function",
runtime="nodejs20",
available_memory_mb=128,
source_archive_bucket=bucket.name,
source_archive_object=archive.name,
trigger_http=True,
entry_point="helloGET")
# IAM entry for all users to invoke the function
invoker = gcp.cloudfunctions.FunctionIamMember("invoker",
project=function.project,
region=function.region,
cloud_function=function.name,
role="roles/cloudfunctions.invoker",
member="allUsers")using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var bucket = new Gcp.Storage.Bucket("bucket", new()
{
Name = "test-bucket",
Location = "US",
});
var archive = new Gcp.Storage.BucketObject("archive", new()
{
Name = "index.zip",
Bucket = bucket.Name,
Source = new FileAsset("./path/to/zip/file/which/contains/code"),
});
var function = new Gcp.CloudFunctions.Function("function", new()
{
Name = "function-test",
Description = "My function",
Runtime = "nodejs20",
AvailableMemoryMb = 128,
SourceArchiveBucket = bucket.Name,
SourceArchiveObject = archive.Name,
TriggerHttp = true,
EntryPoint = "helloGET",
});
// IAM entry for all users to invoke the function
var invoker = new Gcp.CloudFunctions.FunctionIamMember("invoker", new()
{
Project = function.Project,
Region = function.Region,
CloudFunction = function.Name,
Role = "roles/cloudfunctions.invoker",
Member = "allUsers",
});
});package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
bucket, err := storage.NewBucket(ctx, "bucket", &storage.BucketArgs{
Name: pulumi.String("test-bucket"),
Location: pulumi.String("US"),
})
if err != nil {
return err
}
archive, err := storage.NewBucketObject(ctx, "archive", &storage.BucketObjectArgs{
Name: pulumi.String("index.zip"),
Bucket: bucket.Name,
Source: pulumi.NewFileAsset("./path/to/zip/file/which/contains/code"),
})
if err != nil {
return err
}
function, err := cloudfunctions.NewFunction(ctx, "function", &cloudfunctions.FunctionArgs{
Name: pulumi.String("function-test"),
Description: pulumi.String("My function"),
Runtime: pulumi.String("nodejs20"),
AvailableMemoryMb: pulumi.Int(128),
SourceArchiveBucket: bucket.Name,
SourceArchiveObject: archive.Name,
TriggerHttp: pulumi.Bool(true),
EntryPoint: pulumi.String("helloGET"),
})
if err != nil {
return err
}
// IAM entry for all users to invoke the function
_, err = cloudfunctions.NewFunctionIamMember(ctx, "invoker", &cloudfunctions.FunctionIamMemberArgs{
Project: function.Project,
Region: function.Region,
CloudFunction: function.Name,
Role: pulumi.String("roles/cloudfunctions.invoker"),
Member: pulumi.String("allUsers"),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.cloudfunctions.Function;
import com.pulumi.gcp.cloudfunctions.FunctionArgs;
import com.pulumi.gcp.cloudfunctions.FunctionIamMember;
import com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.name("test-bucket")
.location("US")
.build());
var archive = new BucketObject("archive", BucketObjectArgs.builder()
.name("index.zip")
.bucket(bucket.name())
.source(new FileAsset("./path/to/zip/file/which/contains/code"))
.build());
var function = new Function("function", FunctionArgs.builder()
.name("function-test")
.description("My function")
.runtime("nodejs20")
.availableMemoryMb(128)
.sourceArchiveBucket(bucket.name())
.sourceArchiveObject(archive.name())
.triggerHttp(true)
.entryPoint("helloGET")
.build());
// IAM entry for all users to invoke the function
var invoker = new FunctionIamMember("invoker", FunctionIamMemberArgs.builder()
.project(function.project())
.region(function.region())
.cloudFunction(function.name())
.role("roles/cloudfunctions.invoker")
.member("allUsers")
.build());
}
}resources:
bucket:
type: gcp:storage:Bucket
properties:
name: test-bucket
location: US
archive:
type: gcp:storage:BucketObject
properties:
name: index.zip
bucket: ${bucket.name}
source:
fn::FileAsset: ./path/to/zip/file/which/contains/code
function:
type: gcp:cloudfunctions:Function
properties:
name: function-test
description: My function
runtime: nodejs20
availableMemoryMb: 128
sourceArchiveBucket: ${bucket.name}
sourceArchiveObject: ${archive.name}
triggerHttp: true
entryPoint: helloGET
# IAM entry for all users to invoke the function
invoker:
type: gcp:cloudfunctions:FunctionIamMember
properties:
project: ${function.project}
region: ${function.region}
cloudFunction: ${function.name}
role: roles/cloudfunctions.invoker
member: allUsersSingle User
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const bucket = new gcp.storage.Bucket("bucket", {
name: "test-bucket",
location: "US",
});
const archive = new gcp.storage.BucketObject("archive", {
name: "index.zip",
bucket: bucket.name,
source: new pulumi.asset.FileAsset("./path/to/zip/file/which/contains/code"),
});
const _function = new gcp.cloudfunctions.Function("function", {
name: "function-test",
description: "My function",
runtime: "nodejs20",
availableMemoryMb: 128,
sourceArchiveBucket: bucket.name,
sourceArchiveObject: archive.name,
triggerHttp: true,
httpsTriggerSecurityLevel: "SECURE_ALWAYS",
timeout: 60,
entryPoint: "helloGET",
labels: {
"my-label": "my-label-value",
},
environmentVariables: {
MY_ENV_VAR: "my-env-var-value",
},
});
// IAM entry for a single user to invoke the function
const invoker = new gcp.cloudfunctions.FunctionIamMember("invoker", {
project: _function.project,
region: _function.region,
cloudFunction: _function.name,
role: "roles/cloudfunctions.invoker",
member: "user:myFunctionInvoker@example.com",
});import pulumi
import pulumi_gcp as gcp
bucket = gcp.storage.Bucket("bucket",
name="test-bucket",
location="US")
archive = gcp.storage.BucketObject("archive",
name="index.zip",
bucket=bucket.name,
source=pulumi.FileAsset("./path/to/zip/file/which/contains/code"))
function = gcp.cloudfunctions.Function("function",
name="function-test",
description="My function",
runtime="nodejs20",
available_memory_mb=128,
source_archive_bucket=bucket.name,
source_archive_object=archive.name,
trigger_http=True,
https_trigger_security_level="SECURE_ALWAYS",
timeout=60,
entry_point="helloGET",
labels={
"my-label": "my-label-value",
},
environment_variables={
"MY_ENV_VAR": "my-env-var-value",
})
# IAM entry for a single user to invoke the function
invoker = gcp.cloudfunctions.FunctionIamMember("invoker",
project=function.project,
region=function.region,
cloud_function=function.name,
role="roles/cloudfunctions.invoker",
member="user:myFunctionInvoker@example.com")using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var bucket = new Gcp.Storage.Bucket("bucket", new()
{
Name = "test-bucket",
Location = "US",
});
var archive = new Gcp.Storage.BucketObject("archive", new()
{
Name = "index.zip",
Bucket = bucket.Name,
Source = new FileAsset("./path/to/zip/file/which/contains/code"),
});
var function = new Gcp.CloudFunctions.Function("function", new()
{
Name = "function-test",
Description = "My function",
Runtime = "nodejs20",
AvailableMemoryMb = 128,
SourceArchiveBucket = bucket.Name,
SourceArchiveObject = archive.Name,
TriggerHttp = true,
HttpsTriggerSecurityLevel = "SECURE_ALWAYS",
Timeout = 60,
EntryPoint = "helloGET",
Labels =
{
{ "my-label", "my-label-value" },
},
EnvironmentVariables =
{
{ "MY_ENV_VAR", "my-env-var-value" },
},
});
// IAM entry for a single user to invoke the function
var invoker = new Gcp.CloudFunctions.FunctionIamMember("invoker", new()
{
Project = function.Project,
Region = function.Region,
CloudFunction = function.Name,
Role = "roles/cloudfunctions.invoker",
Member = "user:myFunctionInvoker@example.com",
});
});package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
bucket, err := storage.NewBucket(ctx, "bucket", &storage.BucketArgs{
Name: pulumi.String("test-bucket"),
Location: pulumi.String("US"),
})
if err != nil {
return err
}
archive, err := storage.NewBucketObject(ctx, "archive", &storage.BucketObjectArgs{
Name: pulumi.String("index.zip"),
Bucket: bucket.Name,
Source: pulumi.NewFileAsset("./path/to/zip/file/which/contains/code"),
})
if err != nil {
return err
}
function, err := cloudfunctions.NewFunction(ctx, "function", &cloudfunctions.FunctionArgs{
Name: pulumi.String("function-test"),
Description: pulumi.String("My function"),
Runtime: pulumi.String("nodejs20"),
AvailableMemoryMb: pulumi.Int(128),
SourceArchiveBucket: bucket.Name,
SourceArchiveObject: archive.Name,
TriggerHttp: pulumi.Bool(true),
HttpsTriggerSecurityLevel: pulumi.String("SECURE_ALWAYS"),
Timeout: pulumi.Int(60),
EntryPoint: pulumi.String("helloGET"),
Labels: pulumi.StringMap{
"my-label": pulumi.String("my-label-value"),
},
EnvironmentVariables: pulumi.StringMap{
"MY_ENV_VAR": pulumi.String("my-env-var-value"),
},
})
if err != nil {
return err
}
// IAM entry for a single user to invoke the function
_, err = cloudfunctions.NewFunctionIamMember(ctx, "invoker", &cloudfunctions.FunctionIamMemberArgs{
Project: function.Project,
Region: function.Region,
CloudFunction: function.Name,
Role: pulumi.String("roles/cloudfunctions.invoker"),
Member: pulumi.String("user:myFunctionInvoker@example.com"),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.cloudfunctions.Function;
import com.pulumi.gcp.cloudfunctions.FunctionArgs;
import com.pulumi.gcp.cloudfunctions.FunctionIamMember;
import com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucket = new Bucket("bucket", BucketArgs.builder()
.name("test-bucket")
.location("US")
.build());
var archive = new BucketObject("archive", BucketObjectArgs.builder()
.name("index.zip")
.bucket(bucket.name())
.source(new FileAsset("./path/to/zip/file/which/contains/code"))
.build());
var function = new Function("function", FunctionArgs.builder()
.name("function-test")
.description("My function")
.runtime("nodejs20")
.availableMemoryMb(128)
.sourceArchiveBucket(bucket.name())
.sourceArchiveObject(archive.name())
.triggerHttp(true)
.httpsTriggerSecurityLevel("SECURE_ALWAYS")
.timeout(60)
.entryPoint("helloGET")
.labels(Map.of("my-label", "my-label-value"))
.environmentVariables(Map.of("MY_ENV_VAR", "my-env-var-value"))
.build());
// IAM entry for a single user to invoke the function
var invoker = new FunctionIamMember("invoker", FunctionIamMemberArgs.builder()
.project(function.project())
.region(function.region())
.cloudFunction(function.name())
.role("roles/cloudfunctions.invoker")
.member("user:myFunctionInvoker@example.com")
.build());
}
}resources:
bucket:
type: gcp:storage:Bucket
properties:
name: test-bucket
location: US
archive:
type: gcp:storage:BucketObject
properties:
name: index.zip
bucket: ${bucket.name}
source:
fn::FileAsset: ./path/to/zip/file/which/contains/code
function:
type: gcp:cloudfunctions:Function
properties:
name: function-test
description: My function
runtime: nodejs20
availableMemoryMb: 128
sourceArchiveBucket: ${bucket.name}
sourceArchiveObject: ${archive.name}
triggerHttp: true
httpsTriggerSecurityLevel: SECURE_ALWAYS
timeout: 60
entryPoint: helloGET
labels:
my-label: my-label-value
environmentVariables:
MY_ENV_VAR: my-env-var-value
# IAM entry for a single user to invoke the function
invoker:
type: gcp:cloudfunctions:FunctionIamMember
properties:
project: ${function.project}
region: ${function.region}
cloudFunction: ${function.name}
role: roles/cloudfunctions.invoker
member: user:myFunctionInvoker@example.comImport
Functions can be imported using the name or {{project}}/{{region}}/name, e.g.
{{project}}/{{region}}/{{name}}{{name}}When using thepulumi importcommand, Functions can be imported using one of the formats above. For example:
$ pulumi import gcp:cloudfunctions/function:Function default {{project}}/{{region}}/{{name}}$ pulumi import gcp:cloudfunctions/function:Function default {{name}}Properties
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
A set of key/value environment variable pairs available during build time.
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
Description of the function.
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Name of the function that will be executed when the Google Cloud Function is triggered.
A set of key/value environment variable pairs to assign to the function.
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
The security level for the function. The following options are available:
URL which triggers function execution. Returned only if trigger_http is used.
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
The limit on the maximum number of function instances that may coexist at a given time.
The limit on the minimum number of function instances that may coexist at a given time.
The combination of labels configured directly on the resource and default labels configured on the provider.
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.
Secret environment variables configuration. Structure is documented below.
Secret volumes configuration. Structure is documented below.
If provided, the self-provided service account to run the function with.
The GCS bucket containing the zip archive which contains the function.
The source archive object (file) in archive bucket.
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*. //*/
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.