Text file src/github.com/GoogleCloudPlatform/k8s-config-connector/scripts/resource-autogen/generated/samples/CloudFunctions2-CloudFunctions2Function-cloudfunctions2_basic_gcs/main.tf

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/scripts/resource-autogen/generated/samples/CloudFunctions2-CloudFunctions2Function-cloudfunctions2_basic_gcs

     1/**
     2 * Copyright 2022 Google LLC
     3 *
     4 * Licensed under the Apache License, Version 2.0 (the "License");
     5 * you may not use this file except in compliance with the License.
     6 * You may obtain a copy of the License at
     7 *
     8 *      http://www.apache.org/licenses/LICENSE-2.0
     9 *
    10 * Unless required by applicable law or agreed to in writing, software
    11 * distributed under the License is distributed on an "AS IS" BASIS,
    12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13 * See the License for the specific language governing permissions and
    14 * limitations under the License.
    15 */
    16
    17```hcl
    18# [START functions_v2_basic_gcs]
    19
    20resource "google_storage_bucket" "source-bucket" {
    21  name     = "gcf-source-bucket"
    22  location = "US"
    23  uniform_bucket_level_access = true
    24}
    25 
    26resource "google_storage_bucket_object" "object" {
    27  name   = "function-source.zip"
    28  bucket = google_storage_bucket.source-bucket.name
    29  source = "function-source.zip"  # Add path to the zipped function source code
    30}
    31
    32resource "google_storage_bucket" "trigger-bucket" {
    33  name     = "gcf-trigger-bucket"
    34  location = "us-central1" # The trigger must be in the same location as the bucket
    35  uniform_bucket_level_access = true
    36}
    37
    38data "google_storage_project_service_account" "gcs_account" {
    39}
    40
    41# To use GCS CloudEvent triggers, the GCS service account requires the Pub/Sub Publisher(roles/pubsub.publisher) IAM role in the specified project.
    42# (See https://cloud.google.com/eventarc/docs/run/quickstart-storage#before-you-begin)
    43resource "google_project_iam_member" "gcs-pubsub-publishing" {
    44  project = "my-project-name"
    45  role    = "roles/pubsub.publisher"
    46  member  = "serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"
    47}
    48
    49resource "google_service_account" "account" {
    50  account_id   = "gcf-sa"
    51  display_name = "Test Service Account - used for both the cloud function and eventarc trigger in the test"
    52}
    53
    54# Permissions on the service account used by the function and Eventarc trigger
    55resource "google_project_iam_member" "invoking" {
    56  project = "my-project-name"
    57  role    = "roles/run.invoker"
    58  member  = "serviceAccount:${google_service_account.account.email}"
    59  depends_on = [google_project_iam_member.gcs-pubsub-publishing]
    60}
    61
    62resource "google_project_iam_member" "event-receiving" {
    63  project = "my-project-name"
    64  role    = "roles/eventarc.eventReceiver"
    65  member  = "serviceAccount:${google_service_account.account.email}"
    66  depends_on = [google_project_iam_member.invoking]
    67}
    68
    69resource "google_project_iam_member" "artifactregistry-reader" {
    70  project = "my-project-name"
    71  role     = "roles/artifactregistry.reader"
    72  member   = "serviceAccount:${google_service_account.account.email}"
    73  depends_on = [google_project_iam_member.event-receiving]
    74}
    75
    76resource "google_cloudfunctions2_function" "function" {
    77  depends_on = [
    78    google_project_iam_member.event-receiving,
    79    google_project_iam_member.artifactregistry-reader,
    80  ]
    81  name = "gcf-function"
    82  location = "us-central1"
    83  description = "a new function"
    84 
    85  build_config {
    86    runtime     = "nodejs12"
    87    entry_point = "entryPoint" # Set the entry point in the code
    88    environment_variables = {
    89      BUILD_CONFIG_TEST = "build_test"
    90    }
    91    source {
    92      storage_source {
    93        bucket = google_storage_bucket.source-bucket.name
    94        object = google_storage_bucket_object.object.name
    95      }
    96    }
    97  }
    98 
    99  service_config {
   100    max_instance_count  = 3
   101    min_instance_count = 1
   102    available_memory    = "256M"
   103    timeout_seconds     = 60
   104    environment_variables = {
   105        SERVICE_CONFIG_TEST = "config_test"
   106    }
   107    ingress_settings = "ALLOW_INTERNAL_ONLY"
   108    all_traffic_on_latest_revision = true
   109    service_account_email = google_service_account.account.email
   110  }
   111
   112  event_trigger {
   113    trigger_region = "us-central1" # The trigger must be in the same location as the bucket
   114    event_type = "google.cloud.storage.object.v1.finalized"
   115    retry_policy = "RETRY_POLICY_RETRY"
   116    service_account_email = google_service_account.account.email
   117    event_filters {
   118      attribute = "bucket"
   119      value = google_storage_bucket.trigger-bucket.name
   120    }
   121  }
   122}
   123# [END functions_v2_basic_gcs]
   124```

View as plain text