CloudFunctionsFunction

Stay organized with collections Save and categorize content based on your preferences.
Property Value
Google Cloud Service Name Cloud Functions
Google Cloud Service Documentation /functions/docs/
Google Cloud REST Resource Name v1.projects.locations.functions
Google Cloud REST Resource Documentation /functions/docs/reference/rest/v1/projects.locations.functions
Config Connector Resource Short Names CloudFunctionsFunction
gcpcloudfunctionsfunction
gcpcloudfunctionsfunctions
cloudfunctionsfunction
Config Connector Service Name cloudfunctions.googleapis.com
Config Connector Resource Fully Qualified Name cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember Yes
IAMPolicy/IAMPartialPolicy Supports Conditions Yes
IAMPolicyMember Supports Conditions No
Supports IAM Audit Configs No
IAM External Reference Format

projects/{{project}}/locations/{{region}}/functions/{{name}}

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/state-into-spec

Spec

Schema

availableMemoryMb: integer
description: string
entryPoint: string
environmentVariables:
  string: string
eventTrigger:
  eventType: string
  failurePolicy: boolean
  resourceRef:
    external: string
    kind: string
    name: string
    namespace: string
  service: string
httpsTrigger:
  securityLevel: string
ingressSettings: string
maxInstances: integer
projectRef:
  external: string
  name: string
  namespace: string
region: string
resourceID: string
runtime: string
serviceAccountRef:
  external: string
  name: string
  namespace: string
sourceArchiveUrl: string
sourceRepository:
  url: string
timeout: string
vpcConnectorEgressSettings: string
vpcConnectorRef:
  external: string
  name: string
  namespace: string
Fields

availableMemoryMb

Optional

integer

Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.

description

Optional

string

User-provided description of a function.

entryPoint

Optional

string

Immutable. The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in `source_location`.

environmentVariables

Optional

map (key: string, value: string)

Environment variables that shall be available during function execution.

eventTrigger

Optional

object

Immutable. A source that fires events in response to a condition in another service.

eventTrigger.eventType

Required*

string

Immutable. Required. The type of event to observe. For example: `providers/cloud.storage/eventTypes/object.change` and `providers/cloud.pubsub/eventTypes/topic.publish`. Event types match pattern `providers/*/eventTypes/*.*`. The pattern contains: 1. namespace: For example, `cloud.storage` and `google.firebase.analytics`. 2. resource type: The type of resource on which event occurs. For example, the Google Cloud Storage API includes the type `object`. 3. action: The action that generates the event. For example, action for a Google Cloud Storage Object is 'change'. These parts are lower case.

eventTrigger.failurePolicy

Optional

boolean

Immutable. Specifies policy for failed executions.

eventTrigger.resourceRef

Required*

object

Immutable.

eventTrigger.resourceRef.external

Optional

string

Required. The resource(s) from which to observe events, for example, `projects/_/buckets/myBucket`. Not all syntactically correct values are accepted by all services. For example: 1. The authorization model must support it. Google Cloud Functions only allows EventTriggers to be deployed that observe resources in the same project as the `Function`. 2. The resource type must match the pattern expected for an `event_type`. For example, an `EventTrigger` that has an `event_type` of "google.pubsub.topic.publish" should have a resource that matches Google Cloud Pub/Sub topics. Additionally, some services may support short names when creating an `EventTrigger`. These will always be returned in the normalized "long" format. See each *service's* documentation for supported formats. Allowed values: * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`).

eventTrigger.resourceRef.kind

Optional

string

Kind of the referent. Allowed values: StorageBucket,PubSubTopic

eventTrigger.resourceRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

eventTrigger.resourceRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

eventTrigger.service

Optional

string

Immutable. The hostname of the service that should be observed. If no string is provided, the default service implementing the API will be used. For example, `storage.googleapis.com` is the default for all event types in the `google.storage` namespace.

httpsTrigger

Optional

object

Immutable. An HTTPS endpoint type of source that can be triggered via URL.

httpsTrigger.securityLevel

Optional

string

Immutable. Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, SECURE_ALWAYS, SECURE_OPTIONAL

ingressSettings

Optional

string

The ingress settings for the function, controlling what traffic can reach it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB

maxInstances

Optional

integer

The limit on the maximum number of function instances that may coexist at a given time.

projectRef

Required

object

Immutable. The Project that this resource belongs to.

projectRef.external

Optional

string

The project id of the function. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).

projectRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

projectRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

region

Required

string

Immutable. The name of the Cloud Functions region of the function.

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

runtime

Required

string

The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. For a complete list of possible choices, see the [`gcloud` command reference](/sdk/gcloud/reference/functions/deploy#--runtime).

serviceAccountRef

Optional

object

Immutable.

serviceAccountRef.external

Optional

string

The email of the function's service account. If empty, defaults to `{project_id}@appspot.gserviceaccount.com`. Allowed value: The `email` field of an `IAMServiceAccount` resource.

serviceAccountRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

serviceAccountRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

sourceArchiveUrl

Optional

string

Immutable. The Google Cloud Storage URL, starting with gs://, pointing to the zip archive which contains the function.

sourceRepository

Optional

object

Immutable. Represents parameters related to source repository where a function is hosted.

sourceRepository.url

Required*

string

Immutable. The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats: To refer to a specific commit: `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` To refer to a moveable alias (branch): `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` In particular, to refer to HEAD use `master` moveable alias. To refer to a specific fixed alias (tag): `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` You may omit `paths/*` if you want to use the main directory.

timeout

Optional

string

The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds.

vpcConnectorEgressSettings

Optional

string

The egress settings for the connector, controlling what traffic is diverted through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC

vpcConnectorRef

Optional

object

vpcConnectorRef.external

Optional

string

The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is `projects/*/locations/*/connectors/*` Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`).

vpcConnectorRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

vpcConnectorRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

* Field is required when parent field is specified

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
httpsTrigger:
  url: string
observedGeneration: integer
sourceRepository:
  deployedUrl: string
status: string
updateTime: string
versionId: integer
Fields
conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions[]

object

conditions[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions[].message

string

Human-readable message indicating details about last transition.

conditions[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions[].type

string

Type is the type of the condition.

httpsTrigger

object

httpsTrigger.url

string

Output only. The deployed url for the function.

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

sourceRepository

object

sourceRepository.deployedUrl

string

Output only. The URL pointing to the hosted repository where the function were defined at the time of deployment. It always points to a specific commit in the format described above.

status

string

Output only. Status of the function deployment. Possible values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, DELETE_IN_PROGRESS, UNKNOWN

updateTime

string

Output only. The last update timestamp of a Cloud Function in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.

versionId

integer

Output only. The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.

Sample YAML(s)

Eventtrigger With Pubsubtopic

# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: cloudfunctions.cnrm.cloud.google.com/v1beta1
kind: CloudFunctionsFunction
metadata:
  name: cloudfunctionsfunction-sample-pubsubtopic
spec:
  projectRef:
    # Replace ${PROJECT_ID?} with your project ID
    external: "projects/${PROJECT_ID?}"
  description: "A sample cloud function with an event trigger from PubSubTopic and a VPCAccessConnector"
  region: "us-west2"
  runtime: "nodejs8"
  availableMemoryMb: 128
  # Replace ${PROJECT_ID?} with your project ID
  serviceAccountEmail: "${PROJECT_ID?}@appspot.gserviceaccount.com"
  # Replace ${REPO_URL?} with your cloud source repository url
  # Example: https://source.developers.google.com/projects/config-connector-samples/repos/config-connnector-samples/moveable-aliases/main/paths/cloudfunctionsfunction
  sourceRepository:
    url: "${REPO_URL?}"
  timeout: "60s"
  entryPoint: "helloGET"
  ingressSettings: "ALLOW_INTERNAL_ONLY"
  environmentVariables:
    TEST_ENV_VARIABLE: "test-env-variable-value"
  maxInstances: 10
  vpcConnectorRef:
    name: "function-dep-trigger"
  vpcConnectorEgressSettings: "PRIVATE_RANGES_ONLY"
  eventTrigger:
    eventType: "providers/cloud.pubsub/eventTypes/topic.publish"
    resourceRef:
      name: "cloudfunctionsfunction-dep-pubsubtopic"
      kind: "PubSubTopic"
    failurePolicy: true
    service: "pubsub.googleapis.com"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
  name: cloudfunctionsfunction-dep-pubsubtopic
spec:
  autoCreateSubnetworks: false
---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubTopic
metadata:
  name: cloudfunctionsfunction-dep-pubsubtopic
---
apiVersion: vpcaccess.cnrm.cloud.google.com/v1beta1
kind: VPCAccessConnector
metadata:
  name: function-dep-trigger
spec:
  location: "us-west2"
  networkRef:
    name: cloudfunctionsfunction-dep-pubsubtopic
  ipCidrRange: "10.5.0.0/28"
  minThroughput: 300
  maxThroughput: 400
  projectRef:
    # Replace ${PROJECT_ID?} with your project ID
    external: "projects/${PROJECT_ID?}"

Eventtrigger With Storagebucket

# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: cloudfunctions.cnrm.cloud.google.com/v1beta1
kind: CloudFunctionsFunction
metadata:
  name: cloudfunctionsfunction-sample-bucket
spec:
  projectRef:
    # Replace ${PROJECT_ID?} with your project ID
    external: "projects/${PROJECT_ID?}"
  description: "A sample cloud function with an event trigger from StorageBucket"
  region: "us-west2"
  runtime: "nodejs8"
  sourceArchiveUrl: "gs://config-connector-samples/cloudfunctionsfunction/http_trigger.zip"
  entryPoint: "helloGET"
  eventTrigger:
    eventType: "providers/cloud.storage/eventTypes/object.change"
    resourceRef:
      name: ${PROJECT_ID?}-cloudfunctionsfunction-dep-bucket
      kind: StorageBucket
    failurePolicy: true
    service: "storage.googleapis.com"
---
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
  # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
  name: ${PROJECT_ID?}-cloudfunctionsfunction-dep-bucket
spec:
  lifecycleRule:
    - action:
        type: Delete
      condition:
        age: 7
  versioning:
    enabled: true

Httpstrigger

# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: cloudfunctions.cnrm.cloud.google.com/v1beta1
kind: CloudFunctionsFunction
metadata:
  name: cloudfunctionsfunction-sample-httpstrigger
spec:
  projectRef:
    # Replace ${PROJECT_ID?} with your project ID
    external: "projects/${PROJECT_ID?}"
  region: "us-west2"
  runtime: "nodejs8"
  sourceArchiveUrl: "gs://config-connector-samples/cloudfunctionsfunction/http_trigger.zip"
  entryPoint: "helloGET"
  httpsTrigger:
    securityLevel: "SECURE_OPTIONAL"