使用资源部署事件驱动型 Cloud Functions(第 2 代)函数的完整 Terraform 配置
代码示例
Terraform
如需了解如何应用或移除 Terraform 配置,请参阅基本 Terraform 命令。 如需了解详情,请参阅 Terraform 提供程序参考文档。
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.34.0"
}
}
}
resource "random_id" "bucket_prefix" {
byte_length = 8
}
resource "google_storage_bucket" "source_bucket" {
name = "${random_id.bucket_prefix.hex}-gcf-source-bucket"
location = "US"
uniform_bucket_level_access = true
}
data "archive_file" "default" {
type = "zip"
output_path = "/tmp/function-source.zip"
source_dir = "function-source/"
}
resource "google_storage_bucket_object" "default" {
name = "function-source.zip"
bucket = google_storage_bucket.source_bucket.name
source = data.archive_file.default.output_path # Path to the zipped function source code
}
resource "google_storage_bucket" "trigger_bucket" {
name = "${random_id.bucket_prefix.hex}-gcf-trigger-bucket"
location = "us-central1" # The trigger must be in the same location as the bucket
uniform_bucket_level_access = true
}
data "google_storage_project_service_account" "default" {
}
# To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
# (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
data "google_project" "project" {
}
resource "google_project_iam_member" "gcs_pubsub_publishing" {
project = data.google_project.project.project_id
role = "roles/pubsub.publisher"
member = "serviceAccount:${data.google_storage_project_service_account.default.email_address}"
}
resource "google_service_account" "account" {
account_id = "gcf-sa"
display_name = "Test Service Account - used for both the cloud function and eventarc trigger in the test"
}
# Permissions on the service account used by the function and Eventarc trigger
resource "google_project_iam_member" "invoking" {
project = data.google_project.project.project_id
role = "roles/run.invoker"
member = "serviceAccount:${google_service_account.account.email}"
depends_on = [google_project_iam_member.gcs_pubsub_publishing]
}
resource "google_project_iam_member" "event_receiving" {
project = data.google_project.project.project_id
role = "roles/eventarc.eventReceiver"
member = "serviceAccount:${google_service_account.account.email}"
depends_on = [google_project_iam_member.invoking]
}
resource "google_project_iam_member" "artifactregistry_reader" {
project = data.google_project.project.project_id
role = "roles/artifactregistry.reader"
member = "serviceAccount:${google_service_account.account.email}"
depends_on = [google_project_iam_member.event_receiving]
}
resource "google_cloudfunctions2_function" "default" {
depends_on = [
google_project_iam_member.event_receiving,
google_project_iam_member.artifactregistry_reader,
]
name = "function"
location = "us-central1"
description = "a new function"
build_config {
runtime = "nodejs12"
entry_point = "entryPoint" # Set the entry point in the code
environment_variables = {
BUILD_CONFIG_TEST = "build_test"
}
source {
storage_source {
bucket = google_storage_bucket.source_bucket.name
object = google_storage_bucket_object.default.name
}
}
}
service_config {
max_instance_count = 3
min_instance_count = 1
available_memory = "256M"
timeout_seconds = 60
environment_variables = {
SERVICE_CONFIG_TEST = "config_test"
}
ingress_settings = "ALLOW_INTERNAL_ONLY"
all_traffic_on_latest_revision = true
service_account_email = google_service_account.account.email
}
event_trigger {
trigger_region = "us-central1" # The trigger must be in the same location as the bucket
event_type = "google.cloud.storage.object.v1.finalized"
retry_policy = "RETRY_POLICY_RETRY"
service_account_email = google_service_account.account.email
event_filters {
attribute = "bucket"
value = google_storage_bucket.trigger_bucket.name
}
}
}后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。