리소스가 포함된 이벤트 기반 Cloud Functions(2세대)를 배포하는 전체 Terraform 구성
코드 샘플
Terraform
Terraform 구성을 적용하거나 삭제하는 방법은 기본 Terraform 명령어를 참조하세요. 자세한 내용은 Terraform 제공업체 참고 문서를 확인하세요.
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.34.0"
}
}
}
resource "random_id" "bucket_prefix" {
byte_length = 8
}
resource "google_storage_bucket" "source_bucket" {
name = "${random_id.bucket_prefix.hex}-gcf-source-bucket"
location = "US"
uniform_bucket_level_access = true
}
data "archive_file" "default" {
type = "zip"
output_path = "/tmp/function-source.zip"
source_dir = "function-source/"
}
resource "google_storage_bucket_object" "default" {
name = "function-source.zip"
bucket = google_storage_bucket.source_bucket.name
source = data.archive_file.default.output_path # Path to the zipped function source code
}
resource "google_storage_bucket" "trigger_bucket" {
name = "${random_id.bucket_prefix.hex}-gcf-trigger-bucket"
location = "us-central1" # The trigger must be in the same location as the bucket
uniform_bucket_level_access = true
}
data "google_storage_project_service_account" "default" {
}
# To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
# (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
data "google_project" "project" {
}
resource "google_project_iam_member" "gcs_pubsub_publishing" {
project = data.google_project.project.project_id
role = "roles/pubsub.publisher"
member = "serviceAccount:${data.google_storage_project_service_account.default.email_address}"
}
resource "google_service_account" "account" {
account_id = "gcf-sa"
display_name = "Test Service Account - used for both the cloud function and eventarc trigger in the test"
}
# Permissions on the service account used by the function and Eventarc trigger
resource "google_project_iam_member" "invoking" {
project = data.google_project.project.project_id
role = "roles/run.invoker"
member = "serviceAccount:${google_service_account.account.email}"
depends_on = [google_project_iam_member.gcs_pubsub_publishing]
}
resource "google_project_iam_member" "event_receiving" {
project = data.google_project.project.project_id
role = "roles/eventarc.eventReceiver"
member = "serviceAccount:${google_service_account.account.email}"
depends_on = [google_project_iam_member.invoking]
}
resource "google_project_iam_member" "artifactregistry_reader" {
project = data.google_project.project.project_id
role = "roles/artifactregistry.reader"
member = "serviceAccount:${google_service_account.account.email}"
depends_on = [google_project_iam_member.event_receiving]
}
resource "google_cloudfunctions2_function" "default" {
depends_on = [
google_project_iam_member.event_receiving,
google_project_iam_member.artifactregistry_reader,
]
name = "function"
location = "us-central1"
description = "a new function"
build_config {
runtime = "nodejs12"
entry_point = "entryPoint" # Set the entry point in the code
environment_variables = {
BUILD_CONFIG_TEST = "build_test"
}
source {
storage_source {
bucket = google_storage_bucket.source_bucket.name
object = google_storage_bucket_object.default.name
}
}
}
service_config {
max_instance_count = 3
min_instance_count = 1
available_memory = "256M"
timeout_seconds = 60
environment_variables = {
SERVICE_CONFIG_TEST = "config_test"
}
ingress_settings = "ALLOW_INTERNAL_ONLY"
all_traffic_on_latest_revision = true
service_account_email = google_service_account.account.email
}
event_trigger {
trigger_region = "us-central1" # The trigger must be in the same location as the bucket
event_type = "google.cloud.storage.object.v1.finalized"
retry_policy = "RETRY_POLICY_RETRY"
service_account_email = google_service_account.account.email
event_filters {
attribute = "bucket"
value = google_storage_bucket.trigger_bucket.name
}
}
}다음 단계
다른 Google Cloud 제품의 코드 샘플을 검색하고 필터링하려면 Google Cloud 샘플 브라우저를 참조하세요.