import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A Cloud Function that contains user computation executed in response to an event. * * To get more information about function, see: * * * [API documentation](https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions) * * ## Example Usage * * ### Cloudfunctions2 Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "function-v2", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloHttp", * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * maxInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * }, * }); * ``` * ### Cloudfunctions2 Full * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const account = new gcp.serviceaccount.Account("account", { * accountId: "gcf-sa", * displayName: "Test Service Account", * }); * const topic = new gcp.pubsub.Topic("topic", {name: "functions2-topic"}); * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "gcf-function", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloPubSub", * environmentVariables: { * BUILD_CONFIG_TEST: "build_test", * }, * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * maxInstanceCount: 3, * minInstanceCount: 1, * availableMemory: "4Gi", * timeoutSeconds: 60, * maxInstanceRequestConcurrency: 80, * availableCpu: "4", * environmentVariables: { * SERVICE_CONFIG_TEST: "config_test", * SERVICE_CONFIG_DIFF_TEST: account.email, * }, * ingressSettings: "ALLOW_INTERNAL_ONLY", * allTrafficOnLatestRevision: true, * serviceAccountEmail: account.email, * }, * eventTrigger: { * triggerRegion: "us-central1", * eventType: "google.cloud.pubsub.topic.v1.messagePublished", * pubsubTopic: topic.id, * retryPolicy: "RETRY_POLICY_RETRY", * }, * }); * ``` * ### Cloudfunctions2 Scheduler Auth * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const account = new gcp.serviceaccount.Account("account", { * accountId: "gcf-sa", * displayName: "Test Service Account", * }); * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "gcf-function", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloHttp", * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * minInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * serviceAccountEmail: account.email, * }, * }); * const invoker = new gcp.cloudfunctionsv2.FunctionIamMember("invoker", { * project: _function.project, * location: _function.location, * cloudFunction: _function.name, * role: "roles/cloudfunctions.invoker", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }); * const cloudRunInvoker = new gcp.cloudrun.IamMember("cloud_run_invoker", { * project: _function.project, * location: _function.location, * service: _function.name, * role: "roles/run.invoker", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }); * const invokeCloudFunction = new gcp.cloudscheduler.Job("invoke_cloud_function", { * name: "invoke-gcf-function", * description: "Schedule the HTTPS trigger for cloud function", * schedule: "0 0 * * *", * project: _function.project, * region: _function.location, * httpTarget: { * uri: _function.serviceConfig.apply(serviceConfig => serviceConfig?.uri), * httpMethod: "POST", * oidcToken: { * audience: _function.serviceConfig.apply(serviceConfig => `${serviceConfig?.uri}/`), * serviceAccountEmail: account.email, * }, * }, * }); * ``` * ### Cloudfunctions2 Basic Gcs * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const source_bucket = new gcp.storage.Bucket("source-bucket", { * name: "gcf-source-bucket", * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: source_bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const trigger_bucket = new gcp.storage.Bucket("trigger-bucket", { * name: "gcf-trigger-bucket", * location: "us-central1", * uniformBucketLevelAccess: true, * }); * const gcsAccount = gcp.storage.getProjectServiceAccount({}); * // To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project. * // (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin) * const gcs_pubsub_publishing = new gcp.projects.IAMMember("gcs-pubsub-publishing", { * project: "my-project-name", * role: "roles/pubsub.publisher", * member: gcsAccount.then(gcsAccount => `serviceAccount:${gcsAccount.emailAddress}`), * }); * const account = new gcp.serviceaccount.Account("account", { * accountId: "gcf-sa", * displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test", * }); * // Permissions on the service account used by the function and Eventarc trigger * const invoking = new gcp.projects.IAMMember("invoking", { * project: "my-project-name", * role: "roles/run.invoker", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }, { * dependsOn: [gcs_pubsub_publishing], * }); * const event_receiving = new gcp.projects.IAMMember("event-receiving", { * project: "my-project-name", * role: "roles/eventarc.eventReceiver", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }, { * dependsOn: [invoking], * }); * const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", { * project: "my-project-name", * role: "roles/artifactregistry.reader", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }, { * dependsOn: [event_receiving], * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "gcf-function", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "entryPoint", * environmentVariables: { * BUILD_CONFIG_TEST: "build_test", * }, * source: { * storageSource: { * bucket: source_bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * maxInstanceCount: 3, * minInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * environmentVariables: { * SERVICE_CONFIG_TEST: "config_test", * }, * ingressSettings: "ALLOW_INTERNAL_ONLY", * allTrafficOnLatestRevision: true, * serviceAccountEmail: account.email, * }, * eventTrigger: { * eventType: "google.cloud.storage.object.v1.finalized", * retryPolicy: "RETRY_POLICY_RETRY", * serviceAccountEmail: account.email, * eventFilters: [{ * attribute: "bucket", * value: trigger_bucket.name, * }], * }, * }, { * dependsOn: [ * event_receiving, * artifactregistry_reader, * ], * }); * ``` * ### Cloudfunctions2 Basic Auditlogs * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * // This example follows the examples shown in this Google Cloud Community blog post * // https://medium.com/google-cloud/applying-a-path-pattern-when-filtering-in-eventarc-f06b937b4c34 * // and the docs: * // https://cloud.google.com/eventarc/docs/path-patterns * const source_bucket = new gcp.storage.Bucket("source-bucket", { * name: "gcf-source-bucket", * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: source_bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const account = new gcp.serviceaccount.Account("account", { * accountId: "gcf-sa", * displayName: "Test Service Account - used for both the cloud function and eventarc trigger in the test", * }); * // Note: The right way of listening for Cloud Storage events is to use a Cloud Storage trigger. * // Here we use Audit Logs to monitor the bucket so path patterns can be used in the example of * // google_cloudfunctions2_function below (Audit Log events have path pattern support) * const audit_log_bucket = new gcp.storage.Bucket("audit-log-bucket", { * name: "gcf-auditlog-bucket", * location: "us-central1", * uniformBucketLevelAccess: true, * }); * // Permissions on the service account used by the function and Eventarc trigger * const invoking = new gcp.projects.IAMMember("invoking", { * project: "my-project-name", * role: "roles/run.invoker", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }); * const event_receiving = new gcp.projects.IAMMember("event-receiving", { * project: "my-project-name", * role: "roles/eventarc.eventReceiver", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }, { * dependsOn: [invoking], * }); * const artifactregistry_reader = new gcp.projects.IAMMember("artifactregistry-reader", { * project: "my-project-name", * role: "roles/artifactregistry.reader", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }, { * dependsOn: [event_receiving], * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "gcf-function", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "entryPoint", * environmentVariables: { * BUILD_CONFIG_TEST: "build_test", * }, * source: { * storageSource: { * bucket: source_bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * maxInstanceCount: 3, * minInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * environmentVariables: { * SERVICE_CONFIG_TEST: "config_test", * }, * ingressSettings: "ALLOW_INTERNAL_ONLY", * allTrafficOnLatestRevision: true, * serviceAccountEmail: account.email, * }, * eventTrigger: { * triggerRegion: "us-central1", * eventType: "google.cloud.audit.log.v1.written", * retryPolicy: "RETRY_POLICY_RETRY", * serviceAccountEmail: account.email, * eventFilters: [ * { * attribute: "serviceName", * value: "storage.googleapis.com", * }, * { * attribute: "methodName", * value: "storage.objects.create", * }, * { * attribute: "resourceName", * value: pulumi.interpolate`/projects/_/buckets/${audit_log_bucket.name}/objects/*.txt`, * operator: "match-path-pattern", * }, * ], * }, * }, { * dependsOn: [ * event_receiving, * artifactregistry_reader, * ], * }); * ``` * ### Cloudfunctions2 Basic Builder * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as time from "@pulumiverse/time"; * * const project = "my-project-name"; * const account = new gcp.serviceaccount.Account("account", { * accountId: "gcf-sa", * displayName: "Test Service Account", * }); * const logWriter = new gcp.projects.IAMMember("log_writer", { * project: account.project, * role: "roles/logging.logWriter", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }); * const artifactRegistryWriter = new gcp.projects.IAMMember("artifact_registry_writer", { * project: account.project, * role: "roles/artifactregistry.writer", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }); * const storageObjectAdmin = new gcp.projects.IAMMember("storage_object_admin", { * project: account.project, * role: "roles/storage.objectAdmin", * member: pulumi.interpolate`serviceAccount:${account.email}`, * }); * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * // builder permissions need to stablize before it can pull the source zip * const wait60s = new time.Sleep("wait_60s", {createDuration: "60s"}, { * dependsOn: [ * logWriter, * artifactRegistryWriter, * storageObjectAdmin, * ], * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "function-v2", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloHttp", * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * serviceAccount: account.id, * }, * serviceConfig: { * maxInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * }, * }, { * dependsOn: [wait60s], * }); * ``` * ### Cloudfunctions2 Secret Env * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const secret = new gcp.secretmanager.Secret("secret", { * secretId: "secret", * replication: { * userManaged: { * replicas: [{ * location: "us-central1", * }], * }, * }, * }); * const secretSecretVersion = new gcp.secretmanager.SecretVersion("secret", { * secret: secret.name, * secretData: "secret", * enabled: true, * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "function-secret", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloHttp", * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * maxInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * secretEnvironmentVariables: [{ * key: "TEST", * projectId: project, * secret: secret.secretId, * version: "latest", * }], * }, * }, { * dependsOn: [secretSecretVersion], * }); * ``` * ### Cloudfunctions2 Secret Volume * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const secret = new gcp.secretmanager.Secret("secret", { * secretId: "secret", * replication: { * userManaged: { * replicas: [{ * location: "us-central1", * }], * }, * }, * }); * const secretSecretVersion = new gcp.secretmanager.SecretVersion("secret", { * secret: secret.name, * secretData: "secret", * enabled: true, * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "function-secret", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloHttp", * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * maxInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * secretVolumes: [{ * mountPath: "/etc/secrets", * projectId: project, * secret: secret.secretId, * }], * }, * }, { * dependsOn: [secretSecretVersion], * }); * ``` * ### Cloudfunctions2 Private Workerpool * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const pool = new gcp.cloudbuild.WorkerPool("pool", { * name: "workerpool", * location: "us-central1", * workerConfig: { * diskSizeGb: 100, * machineType: "e2-standard-8", * noExternalIp: false, * }, * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "function-workerpool", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloHttp", * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * workerPool: pool.id, * }, * serviceConfig: { * maxInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * }, * }); * ``` * ### Cloudfunctions2 Cmek Docs * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const projectGetProject = gcp.organizations.getProject({}); * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const eaSa = new gcp.projects.ServiceIdentity("ea_sa", { * project: projectGetProject.then(projectGetProject => projectGetProject.projectId), * service: "eventarc.googleapis.com", * }); * const unencoded_ar_repo = new gcp.artifactregistry.Repository("unencoded-ar-repo", { * repositoryId: "ar-repo", * location: "us-central1", * format: "DOCKER", * }); * const gcfCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding("gcf_cmek_keyuser", { * cryptoKeyId: "cmek-key", * role: "roles/cloudkms.cryptoKeyEncrypterDecrypter", * members: [ * projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com`), * projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`), * projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@gs-project-accounts.iam.gserviceaccount.com`), * projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@serverless-robot-prod.iam.gserviceaccount.com`), * eaSa.member, * ], * }, { * dependsOn: [eaSa], * }); * const encoded_ar_repo = new gcp.artifactregistry.Repository("encoded-ar-repo", { * location: "us-central1", * repositoryId: "cmek-repo", * format: "DOCKER", * kmsKeyName: "cmek-key", * }, { * dependsOn: [gcfCmekKeyuser], * }); * const binding = new gcp.artifactregistry.RepositoryIamBinding("binding", { * location: encoded_ar_repo.location, * repository: encoded_ar_repo.name, * role: "roles/artifactregistry.admin", * members: [projectGetProject.then(projectGetProject => `serviceAccount:service-${projectGetProject.number}@gcf-admin-robot.iam.gserviceaccount.com`)], * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "function-cmek", * location: "us-central1", * description: "CMEK function", * kmsKeyName: "cmek-key", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloHttp", * dockerRepository: encoded_ar_repo.id, * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * maxInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * }, * }, { * dependsOn: [gcfCmekKeyuser], * }); * ``` * ### Cloudfunctions2 Automatic Base Image Update * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const account = new gcp.serviceaccount.Account("account", { * accountId: "gcf-sa", * displayName: "Test Service Account", * }); * const topic = new gcp.pubsub.Topic("topic", {name: "functions2-topic"}); * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "gcf-function", * location: "europe-west6", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloPubSub", * environmentVariables: { * BUILD_CONFIG_TEST: "build_test", * }, * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * automaticUpdatePolicy: {}, * }, * serviceConfig: { * maxInstanceCount: 3, * minInstanceCount: 1, * availableMemory: "4Gi", * timeoutSeconds: 60, * maxInstanceRequestConcurrency: 80, * availableCpu: "4", * environmentVariables: { * SERVICE_CONFIG_TEST: "config_test", * }, * ingressSettings: "ALLOW_INTERNAL_ONLY", * allTrafficOnLatestRevision: true, * serviceAccountEmail: account.email, * }, * eventTrigger: { * triggerRegion: "us-central1", * eventType: "google.cloud.pubsub.topic.v1.messagePublished", * pubsubTopic: topic.id, * retryPolicy: "RETRY_POLICY_RETRY", * }, * }); * ``` * ### Cloudfunctions2 On Deploy Base Image Update * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const account = new gcp.serviceaccount.Account("account", { * accountId: "gcf-sa", * displayName: "Test Service Account", * }); * const topic = new gcp.pubsub.Topic("topic", {name: "functions2-topic"}); * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "gcf-function", * location: "europe-west6", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloPubSub", * environmentVariables: { * BUILD_CONFIG_TEST: "build_test", * }, * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * onDeployUpdatePolicy: {}, * }, * serviceConfig: { * maxInstanceCount: 3, * minInstanceCount: 1, * availableMemory: "4Gi", * timeoutSeconds: 60, * maxInstanceRequestConcurrency: 80, * availableCpu: "4", * environmentVariables: { * SERVICE_CONFIG_TEST: "config_test", * }, * ingressSettings: "ALLOW_INTERNAL_ONLY", * allTrafficOnLatestRevision: true, * serviceAccountEmail: account.email, * }, * eventTrigger: { * triggerRegion: "us-central1", * eventType: "google.cloud.pubsub.topic.v1.messagePublished", * pubsubTopic: topic.id, * retryPolicy: "RETRY_POLICY_RETRY", * }, * }); * ``` * ### Cloudfunctions2 Directvpc * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const project = "my-project-name"; * const bucket = new gcp.storage.Bucket("bucket", { * name: `${project}-gcf-source`, * location: "US", * uniformBucketLevelAccess: true, * }); * const object = new gcp.storage.BucketObject("object", { * name: "function-source.zip", * bucket: bucket.name, * source: new pulumi.asset.FileAsset("function-source.zip"), * }); * const _function = new gcp.cloudfunctionsv2.Function("function", { * name: "function-v2", * location: "us-central1", * description: "a new function", * buildConfig: { * runtime: "nodejs20", * entryPoint: "helloHttp", * source: { * storageSource: { * bucket: bucket.name, * object: object.name, * }, * }, * }, * serviceConfig: { * maxInstanceCount: 1, * availableMemory: "256M", * timeoutSeconds: 60, * directVpcNetworkInterfaces: [{ * network: "default", * subnetwork: "default", * tags: [ * "tag1", * "tag2", * ], * }], * directVpcEgress: "VPC_EGRESS_ALL_TRAFFIC", * }, * }); * ``` * * ## Import * * function can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/functions/{{name}}` * * `{{project}}/{{location}}/{{name}}` * * `{{location}}/{{name}}` * * When using the `pulumi import` command, function can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:cloudfunctionsv2/function:Function default projects/{{project}}/locations/{{location}}/functions/{{name}} * $ pulumi import gcp:cloudfunctionsv2/function:Function default {{project}}/{{location}}/{{name}} * $ pulumi import gcp:cloudfunctionsv2/function:Function default {{location}}/{{name}} * ``` */ export declare class Function extends pulumi.CustomResource { /** * Get an existing Function resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: FunctionState, opts?: pulumi.CustomResourceOptions): Function; /** * Returns true if the given object is an instance of Function. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Function; /** * Describes the Build step of the function that builds a container * from the given source. * Structure is documented below. */ readonly buildConfig: pulumi.Output; /** * User-provided description of a function. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * The environment the function is hosted on. */ readonly environment: pulumi.Output; /** * An Eventarc trigger managed by Google Cloud Functions that fires events in * response to a condition in another service. * Structure is documented below. */ readonly eventTrigger: pulumi.Output; /** * Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. * It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. */ readonly kmsKeyName: pulumi.Output; /** * A set of key/value label pairs associated with this Cloud Function. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The location of this cloud function. */ readonly location: pulumi.Output; /** * A user-defined name of the function. Function names must * be unique globally and match pattern `projects/*/locations/*/functions/*`. */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * Describes the Service being deployed. * Structure is documented below. */ readonly serviceConfig: pulumi.Output; /** * Describes the current state of the function. */ readonly state: pulumi.Output; /** * The last update timestamp of a Cloud Function. */ readonly updateTime: pulumi.Output; /** * Output only. The deployed url for the function. */ readonly url: pulumi.Output; /** * Create a Function resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FunctionArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Function resources. */ export interface FunctionState { /** * Describes the Build step of the function that builds a container * from the given source. * Structure is documented below. */ buildConfig?: pulumi.Input; /** * User-provided description of a function. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The environment the function is hosted on. */ environment?: pulumi.Input; /** * An Eventarc trigger managed by Google Cloud Functions that fires events in * response to a condition in another service. * Structure is documented below. */ eventTrigger?: pulumi.Input; /** * Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. * It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. */ kmsKeyName?: pulumi.Input; /** * A set of key/value label pairs associated with this Cloud Function. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of this cloud function. */ location?: pulumi.Input; /** * A user-defined name of the function. Function names must * be unique globally and match pattern `projects/*/locations/*/functions/*`. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Describes the Service being deployed. * Structure is documented below. */ serviceConfig?: pulumi.Input; /** * Describes the current state of the function. */ state?: pulumi.Input; /** * The last update timestamp of a Cloud Function. */ updateTime?: pulumi.Input; /** * Output only. The deployed url for the function. */ url?: pulumi.Input; } /** * The set of arguments for constructing a Function resource. */ export interface FunctionArgs { /** * Describes the Build step of the function that builds a container * from the given source. * Structure is documented below. */ buildConfig?: pulumi.Input; /** * User-provided description of a function. */ description?: pulumi.Input; /** * An Eventarc trigger managed by Google Cloud Functions that fires events in * response to a condition in another service. * Structure is documented below. */ eventTrigger?: pulumi.Input; /** * Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. * It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. */ kmsKeyName?: pulumi.Input; /** * A set of key/value label pairs associated with this Cloud Function. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The location of this cloud function. */ location: pulumi.Input; /** * A user-defined name of the function. Function names must * be unique globally and match pattern `projects/*/locations/*/functions/*`. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Describes the Service being deployed. * Structure is documented below. */ serviceConfig?: pulumi.Input; }