Deploys Cloud Functions (Gen 2)
APACHE-2.0 License
The Terraform module handles the deployment of Cloud Functions (Gen 2) on GCP.
The resources/services/activations/deletions that this module will create/trigger are:
This module assumes that below mentioned prerequisites are in place before consuming the module.
build_service_account
. If build_service_account
is not specified, then the default compute service account is used, which has no default IAM roles in new organizations. At a minimum, the following IAM roles are required for the build service account:
roles/logging.logWriter
roles/storage.objectViewer
roles/artifactregistry.writer
Basic usage of this module is as follows:
module "cloud_functions2" {
source = "GoogleCloudPlatform/cloud-functions/google"
version = "~> 0.6"
# Required variables
function_name = "<FUNCTION_NAME>"
project_id = "<PROJECT_ID>"
function_location = "<LOCATION>"
runtime = "<RUNTIME>"
entrypoint = "<ENTRYPOINT>"
storage_source = {
bucket = "<BUCKET_NAME>"
object = "<ARCHIVE_PATH>"
generation = "<GCS_GENERATION>"
}
}
Functional examples are included in the examples directory.
Name | Description | Type | Default | Required |
---|---|---|---|---|
build_env_variables | User-provided build-time environment variables | map(string) |
null |
no |
build_service_account | Cloud Function Build Service Account Id. This is The fully-qualified name of the service account to be used for building the container. | string |
null |
no |
description | Short description of the function | string |
null |
no |
docker_repository | User managed repository created in Artifact Registry optionally with a customer managed encryption key. | string |
null |
no |
entrypoint | The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified | string |
n/a | yes |
event_trigger | Event triggers for the function | object({ trigger_region = optional(string) event_type = string service_account_email = string pubsub_topic = optional(string) retry_policy = string event_filters = optional(set(object({ attribute = string attribute_value = string operator = optional(string) }))) }) | null |
no |
function_location | The location of this cloud function | string |
n/a | yes |
function_name | A user-defined name of the function | string |
n/a | yes |
labels | A set of key/value label pairs associated with this Cloud Function | map(string) |
null |
no |
members | Cloud Function Invoker and Developer roles for Users/SAs. Key names must be developers and/or invokers | map(list(string)) |
{} |
no |
project_id | Project ID to create Cloud Function | string |
n/a | yes |
repo_source | Get the source from this location in a Cloud Source Repository | object({ project_id = optional(string) repo_name = string branch_name = string dir = optional(string) tag_name = optional(string) commit_sha = optional(string) invert_regex = optional(bool, false) }) | null |
no |
runtime | The runtime in which to run the function. | string |
n/a | yes |
service_config | Details of the service | object({ max_instance_count = optional(string, 100) min_instance_count = optional(string, 1) available_memory = optional(string, "256M") available_cpu = optional(string, 1) timeout_seconds = optional(string, 60) runtime_env_variables = optional(map(string), null) runtime_secret_env_variables = optional(set(object({ key_name = string project_id = optional(string) secret = string version = string })), null) secret_volumes = optional(set(object({ mount_path = string project_id = optional(string) secret = string versions = set(object({ version = string path = string })) })), null) vpc_connector = optional(string, null) vpc_connector_egress_settings = optional(string, null) ingress_settings = optional(string, null) service_account_email = optional(string, null) all_traffic_on_latest_revision = optional(bool, true) }) | {} |
no |
storage_source | Get the source from this location in Google Cloud Storage | object({ bucket = string object = string generation = optional(string, null) }) | null |
no |
worker_pool | Name of the Cloud Build Custom Worker Pool that should be used to build the function. | string |
null |
no |
Name | Description |
---|---|
function_name | Name of the Cloud Function (Gen 2) |
function_uri | URI of the Cloud Function (Gen 2) |
These sections describe requirements for using this module.
The following dependencies must be available:
A service account with the following roles must be used to provision the resources of this module:
roles/storage.admin
roles/cloudfunctions.admin
roles/run.admin
roles/pubsub.admin
roles/artifactregistry.admin
roles/cloudbuild.builds.editor
roles/secretmanager.admin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
A project with the following APIs enabled must be used to host the resources of this module:
storage-api.googleapis.com
cloudfunctions.googleapis.com
run.googleapis.com
cloudbuild.googleapis.com
artifactregistry.googleapis.com
pubsub.googleapis.com
secretmanager.googleapis.com
eventarc.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Refer to the contribution guidelines for information on contributing to this module.
Please see our security disclosure process.