1. Docs
  2. Reference
  3. API
  4. pulumi_gcp
  5. cloudfunctions

This page documents the language specification for the gcp package. If you're looking for help working with the inputs, outputs, or functions of gcp resources in a Pulumi program, please see the resource documentation for examples and API reference.

cloudfunctions

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

class pulumi_gcp.cloudfunctions.AwaitableGetFunctionResult(available_memory_mb=None, description=None, entry_point=None, environment_variables=None, event_triggers=None, https_trigger_url=None, id=None, ingress_settings=None, labels=None, max_instances=None, name=None, project=None, region=None, runtime=None, service_account_email=None, source_archive_bucket=None, source_archive_object=None, source_repositories=None, timeout=None, trigger_http=None, vpc_connector=None, vpc_connector_egress_settings=None)
class pulumi_gcp.cloudfunctions.Function(resource_name, opts=None, available_memory_mb=None, description=None, entry_point=None, environment_variables=None, event_trigger=None, https_trigger_url=None, ingress_settings=None, labels=None, max_instances=None, name=None, project=None, region=None, runtime=None, service_account_email=None, source_archive_bucket=None, source_archive_object=None, source_repository=None, timeout=None, trigger_http=None, vpc_connector=None, vpc_connector_egress_settings=None, __props__=None, __name__=None, __opts__=None)

Creates a new Cloud Function. For more information see the official documentation and API.

Warning: As of November 1, 2019, newly created Functions are private-by-default and will require appropriate IAM permissions to be invoked. See below examples for how to set up the appropriate permissions, or view the Cloud Functions IAM resources for Cloud Functions.

import pulumi
import pulumi_gcp as gcp

bucket = gcp.storage.Bucket("bucket")
archive = gcp.storage.BucketObject("archive",
    bucket=bucket.name,
    source=pulumi.FileAsset("./path/to/zip/file/which/contains/code"))
function = gcp.cloudfunctions.Function("function",
    description="My function",
    runtime="nodejs10",
    available_memory_mb=128,
    source_archive_bucket=bucket.name,
    source_archive_object=archive.name,
    trigger_http=True,
    entry_point="helloGET")
# IAM entry for all users to invoke the function
invoker = gcp.cloudfunctions.FunctionIamMember("invoker",
    project=function.project,
    region=function.region,
    cloud_function=function.name,
    role="roles/cloudfunctions.invoker",
    member="allUsers")

import pulumi
import pulumi_gcp as gcp

bucket = gcp.storage.Bucket("bucket")
archive = gcp.storage.BucketObject("archive",
    bucket=bucket.name,
    source=pulumi.FileAsset("./path/to/zip/file/which/contains/code"))
function = gcp.cloudfunctions.Function("function",
    description="My function",
    runtime="nodejs10",
    available_memory_mb=128,
    source_archive_bucket=bucket.name,
    source_archive_object=archive.name,
    trigger_http=True,
    timeout=60,
    entry_point="helloGET",
    labels={
        "my-label": "my-label-value",
    },
    environment_variables={
        "MY_ENV_VAR": "my-env-var-value",
    })
# IAM entry for a single user to invoke the function
invoker = gcp.cloudfunctions.FunctionIamMember("invoker",
    project=function.project,
    region=function.region,
    cloud_function=function.name,
    role="roles/cloudfunctions.invoker",
    member="user:myFunctionInvoker@example.com")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • available_memory_mb (pulumi.Input[float]) – Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.

  • description (pulumi.Input[str]) – Description of the function.

  • entry_point (pulumi.Input[str]) – Name of the function that will be executed when the Google Cloud Function is triggered.

  • environment_variables (pulumi.Input[dict]) – A set of key/value environment variable pairs to assign to the function.

  • event_trigger (pulumi.Input[dict]) – A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.

  • https_trigger_url (pulumi.Input[str]) – URL which triggers function execution. Returned only if trigger_http is used.

  • ingress_settings (pulumi.Input[str]) – String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.

  • labels (pulumi.Input[dict]) – A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

  • max_instances (pulumi.Input[float]) – The limit on the maximum number of function instances that may coexist at a given time.

  • name (pulumi.Input[str]) – A user-defined name of the function. Function names must be unique globally.

  • project (pulumi.Input[str]) – Project of the function. If it is not provided, the provider project is used.

  • region (pulumi.Input[str]) – Region of function. Currently can be only “us-central1”. If it is not provided, the provider region is used.

  • runtime (pulumi.Input[str]) – The runtime in which the function is going to run. Eg. "nodejs8", "nodejs10", "python37", "go111".

  • service_account_email (pulumi.Input[str]) – If provided, the self-provided service account to run the function with.

  • source_archive_bucket (pulumi.Input[str]) – The GCS bucket containing the zip archive which contains the function.

  • source_archive_object (pulumi.Input[str]) – The source archive object (file) in archive bucket.

  • source_repository (pulumi.Input[dict]) – Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below.

  • timeout (pulumi.Input[float]) – Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.

  • trigger_http (pulumi.Input[bool]) – Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.

  • vpc_connector (pulumi.Input[str]) – The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.

  • vpc_connector_egress_settings (pulumi.Input[str]) – The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.

The event_trigger object supports the following:

  • eventType (pulumi.Input[str]) - The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.

  • failurePolicy (pulumi.Input[dict]) - Specifies policy for failed executions. Structure is documented below.

    • retry (pulumi.Input[bool]) - Whether the function should be retried on failure. Defaults to false.

  • resource (pulumi.Input[str]) - Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"

The source_repository object supports the following:

  • deployedUrl (pulumi.Input[str])

  • url (pulumi.Input[str]) - The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

available_memory_mb: pulumi.Output[float] = None

Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.

description: pulumi.Output[str] = None

Description of the function.

entry_point: pulumi.Output[str] = None

Name of the function that will be executed when the Google Cloud Function is triggered.

environment_variables: pulumi.Output[dict] = None

A set of key/value environment variable pairs to assign to the function.

event_trigger: pulumi.Output[dict] = None

A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.

  • eventType (str) - The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.

  • failurePolicy (dict) - Specifies policy for failed executions. Structure is documented below.

    • retry (bool) - Whether the function should be retried on failure. Defaults to false.

  • resource (str) - Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"

https_trigger_url: pulumi.Output[str] = None

URL which triggers function execution. Returned only if trigger_http is used.

ingress_settings: pulumi.Output[str] = None

String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.

labels: pulumi.Output[dict] = None

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

max_instances: pulumi.Output[float] = None

The limit on the maximum number of function instances that may coexist at a given time.

name: pulumi.Output[str] = None

A user-defined name of the function. Function names must be unique globally.

project: pulumi.Output[str] = None

Project of the function. If it is not provided, the provider project is used.

region: pulumi.Output[str] = None

Region of function. Currently can be only “us-central1”. If it is not provided, the provider region is used.

runtime: pulumi.Output[str] = None

The runtime in which the function is going to run. Eg. "nodejs8", "nodejs10", "python37", "go111".

service_account_email: pulumi.Output[str] = None

If provided, the self-provided service account to run the function with.

source_archive_bucket: pulumi.Output[str] = None

The GCS bucket containing the zip archive which contains the function.

source_archive_object: pulumi.Output[str] = None

The source archive object (file) in archive bucket.

source_repository: pulumi.Output[dict] = None

Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below.

  • deployedUrl (str)

  • url (str) - The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

timeout: pulumi.Output[float] = None

Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.

trigger_http: pulumi.Output[bool] = None

Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.

vpc_connector: pulumi.Output[str] = None

The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.

vpc_connector_egress_settings: pulumi.Output[str] = None

The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.

static get(resource_name, id, opts=None, available_memory_mb=None, description=None, entry_point=None, environment_variables=None, event_trigger=None, https_trigger_url=None, ingress_settings=None, labels=None, max_instances=None, name=None, project=None, region=None, runtime=None, service_account_email=None, source_archive_bucket=None, source_archive_object=None, source_repository=None, timeout=None, trigger_http=None, vpc_connector=None, vpc_connector_egress_settings=None)

Get an existing Function resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • available_memory_mb (pulumi.Input[float]) – Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.

  • description (pulumi.Input[str]) – Description of the function.

  • entry_point (pulumi.Input[str]) – Name of the function that will be executed when the Google Cloud Function is triggered.

  • environment_variables (pulumi.Input[dict]) – A set of key/value environment variable pairs to assign to the function.

  • event_trigger (pulumi.Input[dict]) – A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.

  • https_trigger_url (pulumi.Input[str]) – URL which triggers function execution. Returned only if trigger_http is used.

  • ingress_settings (pulumi.Input[str]) – String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.

  • labels (pulumi.Input[dict]) – A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

  • max_instances (pulumi.Input[float]) – The limit on the maximum number of function instances that may coexist at a given time.

  • name (pulumi.Input[str]) – A user-defined name of the function. Function names must be unique globally.

  • project (pulumi.Input[str]) – Project of the function. If it is not provided, the provider project is used.

  • region (pulumi.Input[str]) – Region of function. Currently can be only “us-central1”. If it is not provided, the provider region is used.

  • runtime (pulumi.Input[str]) – The runtime in which the function is going to run. Eg. "nodejs8", "nodejs10", "python37", "go111".

  • service_account_email (pulumi.Input[str]) – If provided, the self-provided service account to run the function with.

  • source_archive_bucket (pulumi.Input[str]) – The GCS bucket containing the zip archive which contains the function.

  • source_archive_object (pulumi.Input[str]) – The source archive object (file) in archive bucket.

  • source_repository (pulumi.Input[dict]) – Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below.

  • timeout (pulumi.Input[float]) – Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.

  • trigger_http (pulumi.Input[bool]) – Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.

  • vpc_connector (pulumi.Input[str]) – The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.

  • vpc_connector_egress_settings (pulumi.Input[str]) – The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.

The event_trigger object supports the following:

  • eventType (pulumi.Input[str]) - The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.

  • failurePolicy (pulumi.Input[dict]) - Specifies policy for failed executions. Structure is documented below.

    • retry (pulumi.Input[bool]) - Whether the function should be retried on failure. Defaults to false.

  • resource (pulumi.Input[str]) - Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"

The source_repository object supports the following:

  • deployedUrl (pulumi.Input[str])

  • url (pulumi.Input[str]) - The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.cloudfunctions.FunctionIamBinding(resource_name, opts=None, cloud_function=None, condition=None, members=None, project=None, region=None, role=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:

  • cloudfunctions.FunctionIamPolicy: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.

  • cloudfunctions.FunctionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.

  • cloudfunctions.FunctionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.

Note: cloudfunctions.FunctionIamPolicy cannot be used in conjunction with cloudfunctions.FunctionIamBinding and cloudfunctions.FunctionIamMember or they will fight over what your policy should be.

Note: cloudfunctions.FunctionIamBinding resources can be used in conjunction with cloudfunctions.FunctionIamMember resources only if they do not grant privilege to the same role.

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/viewer",
    "members": ["user:jane@example.com"],
}])
policy = gcp.cloudfunctions.FunctionIamPolicy("policy",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    policy_data=admin.policy_data)

import pulumi
import pulumi_gcp as gcp

binding = gcp.cloudfunctions.FunctionIamBinding("binding",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    role="roles/viewer",
    members=["user:jane@example.com"])

import pulumi
import pulumi_gcp as gcp

member = gcp.cloudfunctions.FunctionIamMember("member",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    role="roles/viewer",
    member="user:jane@example.com")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • cloud_function (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • region (pulumi.Input[str]) – The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

  • role (pulumi.Input[str]) – The role that should be applied. Only one cloudfunctions.FunctionIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

cloud_function: pulumi.Output[str] = None

Used to find the parent resource to bind the IAM policy to

etag: pulumi.Output[str] = None

(Computed) The etag of the IAM policy.

project: pulumi.Output[str] = None

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

region: pulumi.Output[str] = None

The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

role: pulumi.Output[str] = None

The role that should be applied. Only one cloudfunctions.FunctionIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, cloud_function=None, condition=None, etag=None, members=None, project=None, region=None, role=None)

Get an existing FunctionIamBinding resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • cloud_function (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • region (pulumi.Input[str]) – The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

  • role (pulumi.Input[str]) – The role that should be applied. Only one cloudfunctions.FunctionIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.cloudfunctions.FunctionIamMember(resource_name, opts=None, cloud_function=None, condition=None, member=None, project=None, region=None, role=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:

  • cloudfunctions.FunctionIamPolicy: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.

  • cloudfunctions.FunctionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.

  • cloudfunctions.FunctionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.

Note: cloudfunctions.FunctionIamPolicy cannot be used in conjunction with cloudfunctions.FunctionIamBinding and cloudfunctions.FunctionIamMember or they will fight over what your policy should be.

Note: cloudfunctions.FunctionIamBinding resources can be used in conjunction with cloudfunctions.FunctionIamMember resources only if they do not grant privilege to the same role.

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/viewer",
    "members": ["user:jane@example.com"],
}])
policy = gcp.cloudfunctions.FunctionIamPolicy("policy",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    policy_data=admin.policy_data)

import pulumi
import pulumi_gcp as gcp

binding = gcp.cloudfunctions.FunctionIamBinding("binding",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    role="roles/viewer",
    members=["user:jane@example.com"])

import pulumi
import pulumi_gcp as gcp

member = gcp.cloudfunctions.FunctionIamMember("member",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    role="roles/viewer",
    member="user:jane@example.com")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • cloud_function (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • region (pulumi.Input[str]) – The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

  • role (pulumi.Input[str]) – The role that should be applied. Only one cloudfunctions.FunctionIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

cloud_function: pulumi.Output[str] = None

Used to find the parent resource to bind the IAM policy to

etag: pulumi.Output[str] = None

(Computed) The etag of the IAM policy.

project: pulumi.Output[str] = None

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

region: pulumi.Output[str] = None

The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

role: pulumi.Output[str] = None

The role that should be applied. Only one cloudfunctions.FunctionIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, cloud_function=None, condition=None, etag=None, member=None, project=None, region=None, role=None)

Get an existing FunctionIamMember resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • cloud_function (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • region (pulumi.Input[str]) – The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

  • role (pulumi.Input[str]) – The role that should be applied. Only one cloudfunctions.FunctionIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.cloudfunctions.FunctionIamPolicy(resource_name, opts=None, cloud_function=None, policy_data=None, project=None, region=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:

  • cloudfunctions.FunctionIamPolicy: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.

  • cloudfunctions.FunctionIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.

  • cloudfunctions.FunctionIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.

Note: cloudfunctions.FunctionIamPolicy cannot be used in conjunction with cloudfunctions.FunctionIamBinding and cloudfunctions.FunctionIamMember or they will fight over what your policy should be.

Note: cloudfunctions.FunctionIamBinding resources can be used in conjunction with cloudfunctions.FunctionIamMember resources only if they do not grant privilege to the same role.

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/viewer",
    "members": ["user:jane@example.com"],
}])
policy = gcp.cloudfunctions.FunctionIamPolicy("policy",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    policy_data=admin.policy_data)

import pulumi
import pulumi_gcp as gcp

binding = gcp.cloudfunctions.FunctionIamBinding("binding",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    role="roles/viewer",
    members=["user:jane@example.com"])

import pulumi
import pulumi_gcp as gcp

member = gcp.cloudfunctions.FunctionIamMember("member",
    project=google_cloudfunctions_function["function"]["project"],
    region=google_cloudfunctions_function["function"]["region"],
    cloud_function=google_cloudfunctions_function["function"]["name"],
    role="roles/viewer",
    member="user:jane@example.com")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • cloud_function (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • policy_data (pulumi.Input[str]) – The policy data generated by a organizations.getIAMPolicy data source.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • region (pulumi.Input[str]) – The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

cloud_function: pulumi.Output[str] = None

Used to find the parent resource to bind the IAM policy to

etag: pulumi.Output[str] = None

(Computed) The etag of the IAM policy.

policy_data: pulumi.Output[str] = None

The policy data generated by a organizations.getIAMPolicy data source.

project: pulumi.Output[str] = None

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

region: pulumi.Output[str] = None

The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

static get(resource_name, id, opts=None, cloud_function=None, etag=None, policy_data=None, project=None, region=None)

Get an existing FunctionIamPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • cloud_function (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • policy_data (pulumi.Input[str]) – The policy data generated by a organizations.getIAMPolicy data source.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • region (pulumi.Input[str]) – The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.cloudfunctions.GetFunctionResult(available_memory_mb=None, description=None, entry_point=None, environment_variables=None, event_triggers=None, https_trigger_url=None, id=None, ingress_settings=None, labels=None, max_instances=None, name=None, project=None, region=None, runtime=None, service_account_email=None, source_archive_bucket=None, source_archive_object=None, source_repositories=None, timeout=None, trigger_http=None, vpc_connector=None, vpc_connector_egress_settings=None)

A collection of values returned by getFunction.

available_memory_mb = None

Available memory (in MB) to the function.

description = None

Description of the function.

entry_point = None

Name of a JavaScript function that will be executed when the Google Cloud Function is triggered.

event_triggers = None

A source that fires events in response to a condition in another service. Structure is documented below.

https_trigger_url = None

If function is triggered by HTTP, trigger URL is set here.

id = None

The provider-assigned unique ID for this managed resource.

ingress_settings = None

Controls what traffic can reach the function.

labels = None

A map of labels applied to this function.

name = None

The name of the Cloud Function.

runtime = None

The runtime in which the function is running.

service_account_email = None

The service account email to be assumed by the cloud function.

source_archive_bucket = None

The GCS bucket containing the zip archive which contains the function.

source_archive_object = None

The source archive object (file) in archive bucket.

timeout = None

Function execution timeout (in seconds).

trigger_http = None

If function is triggered by HTTP, this boolean is set.

vpc_connector = None

The VPC Network Connector that this cloud function can connect to.

vpc_connector_egress_settings = None

The egress settings for the connector, controlling what traffic is diverted through it.

pulumi_gcp.cloudfunctions.get_function(name=None, project=None, region=None, opts=None)

Get information about a Google Cloud Function. For more information see the official documentation and API.

import pulumi
import pulumi_gcp as gcp

my_function = gcp.cloudfunctions.get_function(name="function")
Parameters

  • name (str) – The name of a Cloud Function.

  • project (str) – The project in which the resource belongs. If it is not provided, the provider project is used.

  • region (str) – The region in which the resource belongs. If it is not provided, the provider region is used.