Understand path patterns

Eventarc supports applying a path pattern when filtering. The path pattern syntax lets you define an expression that matches events. This lets you control the granularity of the Eventarc trigger you are creating, and to capture and act on certain events. For example, you can create a trigger that applies to a single event, such as a change to a specific file, or you can extend the scope of the pattern and create a trigger that applies more broadly.

Apply a path pattern

You can apply a path pattern to filter events when you create a trigger using the Eventarc Google Cloud console page or by running a gcloud command.

For example, you can apply a path pattern when filtering on resource names or database instances (a single instance or a path).

• Specifying a resource name path pattern applies when creating a trigger for Cloud Audit Logs events and to resourceName values. A resource name indicates the resource being audited through an audit log. Resource names are organized hierarchically using identifiers made up of the ID of the resource itself and the IDs of any parent resources, all separated by forward slashes, like this: /projects/project-1/datasets/dataset-id. The filtering done by Eventarc matches patterns based on the values of these identifiers. For more information, in this document, see Resource name format.

• Specifying a database instance path pattern applies when creating a trigger for Firebase Realtime Database events and to instance or ref values. A database instance indicates a Firebase Realtime Database instance. You can apply a path pattern to the instance name of the database instance, or a document path for which you want to receive events when data is created, updated, or deleted in that path, or any of its children.

• Specifying a resource ID path pattern applies when creating a trigger for Cloud IoT events and to registry and device values. You can apply a path pattern to filter changes in registries, and devices in a registry, with wildcard matching.

For details, see the instructions to create a trigger for a specific provider, event type, and destination.

Identify if you can apply a path pattern

To confirm if you can apply a path pattern to an attribute of an event from a provider, describe the event provider. For example:

gcloud eventarc providers describe cloudaudit.googleapis.com --location=us-central1

The output is similar to the following and a pathPatternSupported value of true indicates that you can apply a path pattern:

displayName: Cloud Audit Logs
eventTypes:
- description: An audit log is created that matches the trigger's filter criteria.
  filteringAttributes:
  - attribute: methodName
    description: The identifier of the service's operation.
    required: true
  - attribute: resourceName
    description: The complete path to a resource. Used to filter events for a specific
      resource.
    pathPatternSupported: true
  - attribute: serviceName
    description: The identifier of the Google Cloud service.
    required: true
  - attribute: type
    required: true
  type: google.cloud.audit.log.v1.written
name: projects/project-name/locations/us-central1/providers/cloudaudit.googleapis.com

Or, for example:

gcloud eventarc providers describe firebasedatabase.googleapis.com --location=us-central1

Where the output is similar to the following:

displayName: Firebase Realtime Database
eventTypes:
- description: New data has been created in the database.
  filteringAttributes:
  - attribute: instance
    description: A single database instance.
    pathPatternSupported: true
    required: true
  - attribute: ref
    description: Pattern to match for the database instance.
    pathPatternSupported: true
    required: true
  - attribute: type
    required: true
  type: google.firebase.database.ref.v1.created
[...]

For more information, see gcloud eventarc providers describe.

Path pattern syntax

The path pattern syntax is defined as follows:

Legend:

Expressions

An expression can be one of the following segment types and cannot be empty:

• A single segment Wildcard defined as * matches zero or more characters in the pattern.
• A MultiSegmentWildcard defined as ** matches zero or more segments in the pattern.
• A NameSegmentconsists of zero or one * and other characters. This combination lets you filter by prefix, suffix, or file extension; for example, file-*.txt.

Note that a path can contain many single segment wildcards, but only one multiple segment wildcard. For example, the following path is invalid: /projects/**/buckets/**.

Resource regionality

Resource names can contain location identifiers. For example:

/projects/$PROJECT_ID/locations/$REGION/triggers/my-trigger

However, path pattern matching is constrained by resource regionality. For example, for Cloud Audit Logs triggers, location wildcards only match triggers from the Cloud Audit Logs region, or global triggers.

Capture groups

A CaptureGroup lets you capture the content of an expression. You do this by assigning the value to a variable name in braces; for example, buckets/{path=**}/files/{filename=file-*.txt}. A single segment wildcard can omit =* in a capture group; for example, /projects/_/buckets/{bucket}/objects/file.*

Resource name format

The following table provides examples of full resource names for commonly used Google Cloud services. It is not a complete list. To learn more about how full resource names are formatted, see the Resource names section of the API design guide.

¹ For Cloud Storage, resource names contain an underscore (_) rather than a project ID. You cannot replace the underscore with a project ID, project name, or project number.

² Use the entire object name, including forward slashes. In Cloud Storage, these characters are part of the object name, not path separators.

Examples

The following examples demonstrate how you can and can't use the syntax.

Valid patterns

Invalid patterns

Pattern matching

What's next

• For a list of the events supported by Eventarc, see Google event types supported by Eventarc.