To simplify searches and improve your documentation experience, we're splitting the 1st gen and 2nd gen documentation into separate sets.

Restrict new deployments by product version

Cloud Functions offers two product versions: Cloud Functions (1st gen), the original version, and Cloud Functions (2nd gen). If your organization wants to enforce a restriction specifying that only one of the versions can be used to deploy new functions, you can define a new organization policy with the constraint constraints/cloudfunctions.restrictAllowedGenerations. You use this constraint to specify the generation (version) you want to allow or deny in the folder or project the policy is applied to.

The restriction will only apply to new functions being deployed for the first time. You will still be able to redeploy existing functions even if they don't comply with the policy.

Before you begin

To create or change organization policies, your account must have the role roles/orgpolicy.policyAdmin.

Use a policy to set and enforce restrictions

You can use Google Cloud CLI or Google Cloud console to create a policy that restricts new Cloud Functions that are deployed for the first time within a given organization to the specified environment.

Note that setting a policy does not apply to existing functions. All functions that were deployed before the policy can be redeployed, updated, or deleted without restriction.

Console

Go to the Organization policies page in the Google Cloud console.
Go to the Organization policies page
Select the project, folder, or organization for which you want to add the new policy.

The Organization policies page displays a list of the available organization policy constraints.
Find the Allowed Cloud Functions Generations policy in the list. You can use the Filter field at the top of the list.
Click the name of the policy. Alternatively, you can select Edit Policy from the context menu.
Click Manage Policy.
Select Customize under Applies to.
Select Replace under Policy enforcement.
Click Add Rule under Rules.
Select Custom for Policy Values.
Select Allow for Policy Type.
In Custom Value specify the environment that you want to enforce in the organization. Supported values:
- 1stGen: Allow the use of Cloud Functions (1st gen) only.
- 2ndGen: Allow the use of Cloud Functions (2nd gen) only.
- To explicitly allow both environments, specify 1stGen and 2ndGen together. By default, both environments are allowed when no policy is set.
Click Done.
Click Save.

The changes will take effect shortly, and the policy will prevent the deployment of Cloud Functions in the specified environment.

gcloud

Run the following command:

gcloud resource-manager org-policies \
allow cloudfunctions.restrictAllowedGenerations \
--organization=ORGANIZATION_NUMBER VERSION

where ORGANIZATION_NUMBER is the number of the organization to which you want to apply the policy, and VERSION is the Cloud Functions version that must be used for new deployments. VERSION can be one of the following:

1stGen: Allow the use of Cloud Functions (1st gen) only.
2ndGen: Allow the use of Cloud Functions (2nd gen) only.
To explicitly allow both environments, specify 1stGen and 2ndGen together. By default, both environments are allowed when no policy is set.