Cloud Functions API Connector Overview

The Workflows connector defines the built-in functions that can be used to access other Google Cloud products within a workflow.

This page provides an overview of the individual connector. There is no need to import or load connector libraries in a workflow—connectors work out of the box when used in a call step.

Cloud Functions API

Manages lightweight user-provided functions executed in response to events. To learn more, see the Cloud Functions API documentation.

Cloud Functions connector sample

YAML

# This workflow demonstrates how to use the Cloud Functions connector:
# Create a function using source code stored as a zip archive in a
# Cloud Storage bucket (gs://BUCKET_NAME/cloud-function-source.zip)
# Source code must be a properly structured Cloud Function
# Expected output: "SUCCESS"
main:
  params: []
  steps:
    - init:
        assign:
          - project: ${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
          - location: "us-central1"
          - name: "example-function"
          - bucket: "BUCKET_NAME"  # replace BUCKET_NAME placeholder
          - sourceArchiveUrl: ${"gs://" + bucket + "/cloud-function-source.zip"}
          - service_account: ${project + "@appspot.gserviceaccount.com"}  # App Engine default service account
    - create_function:
        call: googleapis.cloudfunctions.v1.projects.locations.functions.create
        args:
          location: ${"projects/" + project + "/locations/" + location}
          body:
            name: ${"projects/" + project + "/locations/" + location + "/functions/" + name}
            description: "Cloud Function for Workflows connector testing"
            entryPoint: "helloWorld"
            runtime: "nodejs10"
            serviceAccountEmail: ${service_account}
            sourceArchiveUrl: ${sourceArchiveUrl}
            httpsTrigger:
              securityLevel: "SECURE_OPTIONAL"
    - get_function:
        call: googleapis.cloudfunctions.v1.projects.locations.functions.get
        args:
          name: ${"projects/" + project + "/locations/" + location + "/functions/" + name}
        result: function
    - grant_permission_to_all:
        call: googleapis.cloudfunctions.v1.projects.locations.functions.setIamPolicy
        args:
          resource: ${"projects/" + project + "/locations/" + location + "/functions/" + name}
          body:
            policy:
              bindings:
                - members: ["allUsers"]
                  role: "roles/cloudfunctions.invoker"
    - call_function:
        call: http.get
        args:
          url: ${function.httpsTrigger.url}
        result: resp
    - verify_response:
        call: assert_response
        args:
          expected_response: "success"  # function must return "success" when triggered
          actual_response: ${resp.body}
    - delete_function:
        call: googleapis.cloudfunctions.v1.projects.locations.functions.delete
        args:
          name: ${"projects/" + project + "/locations/" + location + "/functions/" + name}
    - the_end:
        return: "SUCCESS"

assert_response:
  params: [expected_response, actual_response]
  steps:
    - compare:
        switch:
          - condition: ${expected_response == actual_response}
            next: end
    - fail:
        raise: ${"Expected response is " + expected_response + ". Received " + actual_response + " instead."}

JSON

{
  "main": {
    "params": [],
    "steps": [
      {
        "init": {
          "assign": [
            {
              "project": "${sys.get_env(\"GOOGLE_CLOUD_PROJECT_ID\")}"
            },
            {
              "location": "us-central1"
            },
            {
              "name": "example-function"
            },
            {
              "bucket": "BUCKET_NAME"
            },
            {
              "sourceArchiveUrl": "${\"gs://\" + bucket + \"/cloud-function-source.zip\"}"
            },
            {
              "service_account": "${project + \"@appspot.gserviceaccount.com\"}"
            }
          ]
        }
      },
      {
        "create_function": {
          "call": "googleapis.cloudfunctions.v1.projects.locations.functions.create",
          "args": {
            "location": "${\"projects/\" + project + \"/locations/\" + location}",
            "body": {
              "name": "${\"projects/\" + project + \"/locations/\" + location + \"/functions/\" + name}",
              "description": "Cloud Function for Workflows connector testing",
              "entryPoint": "helloWorld",
              "runtime": "nodejs10",
              "serviceAccountEmail": "${service_account}",
              "sourceArchiveUrl": "${sourceArchiveUrl}",
              "httpsTrigger": {
                "securityLevel": "SECURE_OPTIONAL"
              }
            }
          }
        }
      },
      {
        "get_function": {
          "call": "googleapis.cloudfunctions.v1.projects.locations.functions.get",
          "args": {
            "name": "${\"projects/\" + project + \"/locations/\" + location + \"/functions/\" + name}"
          },
          "result": "function"
        }
      },
      {
        "grant_permission_to_all": {
          "call": "googleapis.cloudfunctions.v1.projects.locations.functions.setIamPolicy",
          "args": {
            "resource": "${\"projects/\" + project + \"/locations/\" + location + \"/functions/\" + name}",
            "body": {
              "policy": {
                "bindings": [
                  {
                    "members": [
                      "allUsers"
                    ],
                    "role": "roles/cloudfunctions.invoker"
                  }
                ]
              }
            }
          }
        }
      },
      {
        "call_function": {
          "call": "http.get",
          "args": {
            "url": "${function.httpsTrigger.url}"
          },
          "result": "resp"
        }
      },
      {
        "verify_response": {
          "call": "assert_response",
          "args": {
            "expected_response": "success",
            "actual_response": "${resp.body}"
          }
        }
      },
      {
        "delete_function": {
          "call": "googleapis.cloudfunctions.v1.projects.locations.functions.delete",
          "args": {
            "name": "${\"projects/\" + project + \"/locations/\" + location + \"/functions/\" + name}"
          }
        }
      },
      {
        "the_end": {
          "return": "SUCCESS"
        }
      }
    ]
  },
  "assert_response": {
    "params": [
      "expected_response",
      "actual_response"
    ],
    "steps": [
      {
        "compare": {
          "switch": [
            {
              "condition": "${expected_response == actual_response}",
              "next": "end"
            }
          ]
        }
      },
      {
        "fail": {
          "raise": "${\"Expected response is \" + expected_response + \". Received \" + actual_response + \" instead.\"}"
        }
      }
    ]
  }
}

Module: googleapis.cloudfunctions.v1.operations

Functions
get Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
list Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED. NOTE: the name binding allows API services to override the binding to use different resource name schemes, such as users/*/operations. To override the binding, API services can add a binding such as "/v1/{name=users/*}/operations" to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.

Module: googleapis.cloudfunctions.v1.projects.locations

Functions
list Lists information about the supported locations for this service.

Module: googleapis.cloudfunctions.v1.projects.locations.functions

Functions
call Synchronously invokes a deployed Cloud Function. To be used for testing purposes as very limited traffic is allowed. For more information on the actual limits, refer to Rate Limits.
create Creates a new function. If a function with the given name already exists in the specified project, the long running operation will return ALREADY_EXISTS error.
delete Deletes a function with the given name from the specified project. If the given function is used by some trigger, the trigger will be updated to remove this function.
generateDownloadUrl Returns a signed URL for downloading deployed function source code. The URL is only valid for a limited period and should be used within minutes after generation. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls
generateUploadUrl Returns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in CreateFunction or UpdateFunction request as a reference to the function source code. When uploading source code to the generated signed URL, please follow these restrictions: * Source file type should be a zip file. * Source file size should not exceed 100MB limit. * No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL. When making a HTTP PUT request, these two headers need to be specified: * content-type: application/zip * x-goog-content-length-range: 0,104857600 And this header SHOULD NOT be specified: * Authorization: Bearer YOUR_TOKEN
get Returns a function with the given name from the requested project.
getIamPolicy Gets the IAM access control policy for a function. Returns an empty policy if the function exists and does not have a policy set.
list Returns a list of functions that belong to the requested project.
patch Updates existing function.
setIamPolicy Sets the IAM access control policy on the specified function. Replaces any existing policy.
testIamPermissions Tests the specified permissions against the IAM access control policy for a function. If the function does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Module: googleapis.cloudfunctions.v2.projects.locations

Functions
list Lists information about the supported locations for this service.

Module: googleapis.cloudfunctions.v2.projects.locations.functions

Functions
create Creates a new function. If a function with the given name already exists in the specified project, the long running operation will return ALREADY_EXISTS error.
delete Deletes a function with the given name from the specified project. If the given function is used by some trigger, the trigger will be updated to remove this function.
generateDownloadUrl Returns a signed URL for downloading deployed function source code. The URL is only valid for a limited period and should be used within 30 minutes of generation. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls
generateUploadUrl Returns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in CreateFunction or UpdateFunction request as a reference to the function source code. When uploading source code to the generated signed URL, please follow these restrictions: * Source file type should be a zip file. * No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL. When making a HTTP PUT request, these two headers need to be specified: * content-type: application/zip And this header SHOULD NOT be specified: * Authorization: Bearer YOUR_TOKEN
get Returns a function with the given name from the requested project.
getIamPolicy Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
list Returns a list of functions that belong to the requested project.
patch Updates existing function.
setIamPolicy Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
testIamPermissions Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Module: googleapis.cloudfunctions.v2.projects.locations.operations

Functions
get Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
list Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED. NOTE: the name binding allows API services to override the binding to use different resource name schemes, such as users/*/operations. To override the binding, API services can add a binding such as "/v1/{name=users/*}/operations" to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.

Module: googleapis.cloudfunctions.v2.projects.locations.runtimes

Functions
list Returns a list of runtimes that are supported for the requested project.