Cloud Function v2 - contexts and interface refactor

tests/modules/cloud_function_v2/examples/bucket-creation.yaml

@@ -35,7 +35,6 @@ counts:
   google_cloudfunctions2_function: 1
   google_storage_bucket: 1
   google_storage_bucket_object: 1
-  modules: 1
-  resources: 6
+
 
 outputs: {}

tests/modules/cloud_function_v2/examples/custom-bundle.yaml

@@ -0,0 +1,118 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_project_iam_member.artifact_writer:
+    condition: []
+    member: serviceAccount:123-compute@developer.gserviceaccount.com
+    project: project-id
+    role: roles/artifactregistry.createOnPushWriter
+  google_project_iam_member.bucket_default_compute_account_grant:
+    condition: []
+    member: serviceAccount:123-compute@developer.gserviceaccount.com
+    project: project-id
+    role: roles/storage.objectViewer
+  module.cf-http.data.archive_file.bundle[0]:
+    exclude_symlink_directories: null
+    excludes:
+    - __pycache__
+    output_file_mode: '0644'
+    output_path: bundle.zip
+    source: []
+    source_content: null
+    source_content_filename: null
+    source_dir: assets/sample-function/
+    source_file: null
+    type: zip
+  module.cf-http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+      worker_pool: null
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger: []
+    kms_key_name: null
+    labels: null
+    location: europe-west8
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+      timeout_seconds: 180
+      vpc_connector: null
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.cf-http.google_project_iam_member.default["roles/logging.logWriter"]:
+    condition: []
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    role: roles/logging.logWriter
+  module.cf-http.google_project_iam_member.default["roles/monitoring.metricWriter"]:
+    condition: []
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    role: roles/monitoring.metricWriter
+  module.cf-http.google_service_account.service_account[0]:
+    account_id: test-cf-http
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: test-cf-http
+    email: test-cf-http@project-id.iam.gserviceaccount.com
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    timeouts: null
+  module.cf-http.google_storage_bucket_object.bundle[0]:
+    bucket: bucket
+    cache_control: null
+    content_disposition: null
+    content_encoding: null
+    content_language: null
+    customer_encryption: []
+    deletion_policy: null
+    detect_md5hash: null
+    event_based_hold: null
+    force_empty_content_type: null
+    metadata: null
+    retention: []
+    source: bundle.zip
+    temporary_hold: null
+    timeouts: null
+
+counts:
+  archive_file: 1
+  google_cloudfunctions2_function: 1
+  google_project_iam_member: 4
+  google_service_account: 1
+  google_storage_bucket_object: 1

tests/modules/cloud_function_v2/examples/http-trigger.yaml

@@ -0,0 +1,120 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_project_iam_member.artifact_writer:
+    condition: []
+    member: serviceAccount:123-compute@developer.gserviceaccount.com
+    project: project-id
+    role: roles/artifactregistry.createOnPushWriter
+  google_project_iam_member.bucket_default_compute_account_grant:
+    condition: []
+    member: serviceAccount:123-compute@developer.gserviceaccount.com
+    project: project-id
+    role: roles/storage.objectViewer
+  module.cf-http.data.archive_file.bundle[0]:
+    exclude_symlink_directories: null
+    excludes: null
+    output_file_mode: '0644'
+    output_path: /tmp/bundle-project-id-test-cf-http.zip
+    source: []
+    source_content: null
+    source_content_filename: null
+    source_dir: assets/sample-function/
+    source_file: null
+    type: zip
+  module.cf-http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+      worker_pool: null
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger: []
+    kms_key_name: null
+    labels: null
+    location: europe-west8
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+      timeout_seconds: 180
+      vpc_connector: null
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.cf-http.google_project_iam_member.default["roles/logging.logWriter"]:
+    condition: []
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    role: roles/logging.logWriter
+  module.cf-http.google_project_iam_member.default["roles/monitoring.metricWriter"]:
+    condition: []
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    role: roles/monitoring.metricWriter
+  module.cf-http.google_service_account.service_account[0]:
+    account_id: test-cf-http
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: test-cf-http
+    email: test-cf-http@project-id.iam.gserviceaccount.com
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    timeouts: null
+  module.cf-http.google_storage_bucket_object.bundle[0]:
+    bucket: bucket
+    cache_control: null
+    content_disposition: null
+    content_encoding: null
+    content_language: null
+    customer_encryption: []
+    deletion_policy: null
+    detect_md5hash: null
+    event_based_hold: null
+    force_empty_content_type: null
+    metadata: null
+    retention: []
+    source: /tmp/bundle-project-id-test-cf-http.zip
+    temporary_hold: null
+    timeouts: null
+
+counts:
+  archive_file: 1
+  google_cloudfunctions2_function: 1
+  google_project_iam_member: 4
+  google_service_account: 1
+  google_storage_bucket_object: 1
+
+
+outputs: {}

tests/modules/cloud_function_v2/examples/iam.yaml

@@ -25,12 +25,9 @@ values:
   module.cf-http.google_storage_bucket_object.bundle[0]:
     bucket: bucket
     customer_encryption: []
-    detect_md5hash: different hash
     source: /tmp/bundle-project-id-test-cf-http.zip
 
 counts:
   google_cloud_run_service_iam_binding: 1
   google_cloudfunctions2_function: 1
   google_storage_bucket_object: 1
-  modules: 1
-  resources: 6

tests/modules/cloud_function_v2/examples/multiple_functions.yaml

@@ -22,4 +22,4 @@ counts:
   google_cloudfunctions2_function: 2
   google_storage_bucket_object: 2
   modules: 2
-  resources: 7
+  resources: 13

tests/modules/cloud_function_v2/examples/private-build-pool.yaml

@@ -0,0 +1,130 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_cloudbuild_worker_pool.pool:
+    annotations: null
+    display_name: null
+    location: europe-west9
+    name: custom-pool
+    network_config: []
+    private_service_connect: []
+    project: project-id
+    timeouts: null
+    worker_config:
+    - disk_size_gb: 100
+      machine_type: e2-standard-4
+      no_external_ip: false
+  google_project_iam_member.artifact_writer:
+    condition: []
+    member: serviceAccount:123-compute@developer.gserviceaccount.com
+    project: project-id
+    role: roles/artifactregistry.createOnPushWriter
+  google_project_iam_member.bucket_default_compute_account_grant:
+    condition: []
+    member: serviceAccount:123-compute@developer.gserviceaccount.com
+    project: project-id
+    role: roles/storage.objectViewer
+  module.cf-http.data.archive_file.bundle[0]:
+    exclude_symlink_directories: null
+    excludes: null
+    output_file_mode: '0644'
+    output_path: /tmp/bundle-project-id-test-cf-http.zip
+    source: []
+    source_content: null
+    source_content_filename: null
+    source_dir: assets/sample-function/
+    source_file: null
+    type: zip
+  module.cf-http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger: []
+    kms_key_name: null
+    labels: null
+    location: europe-west9
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+      timeout_seconds: 180
+      vpc_connector: null
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.cf-http.google_project_iam_member.default["roles/logging.logWriter"]:
+    condition: []
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    role: roles/logging.logWriter
+  module.cf-http.google_project_iam_member.default["roles/monitoring.metricWriter"]:
+    condition: []
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    role: roles/monitoring.metricWriter
+  module.cf-http.google_service_account.service_account[0]:
+    account_id: test-cf-http
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: test-cf-http
+    email: test-cf-http@project-id.iam.gserviceaccount.com
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    timeouts: null
+  module.cf-http.google_storage_bucket_object.bundle[0]:
+    bucket: bucket
+    cache_control: null
+    content_disposition: null
+    content_encoding: null
+    content_language: null
+    customer_encryption: []
+    deletion_policy: null
+    detect_md5hash: null
+    event_based_hold: null
+    force_empty_content_type: null
+    metadata: null
+    retention: []
+    source: /tmp/bundle-project-id-test-cf-http.zip
+    temporary_hold: null
+    timeouts: null
+
+counts:
+  archive_file: 1
+  google_cloudbuild_worker_pool: 1
+  google_cloudfunctions2_function: 1
+  google_project_iam_member: 4
+  google_service_account: 1
+  google_storage_bucket_object: 1

tests/modules/cloud_function_v2/examples/pubsub-non-http-trigger.yaml

@@ -0,0 +1,91 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cf-http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+      worker_pool: null
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger:
+    - event_filters: []
+      event_type: google.cloud.pubsub.topic.v1.messagePublished
+      retry_policy: RETRY_POLICY_DO_NOT_RETRY
+      service_account_email: sa-cloudfunction@project-id.iam.gserviceaccount.com
+      trigger_region: europe-west8
+    kms_key_name: null
+    labels: null
+    location: europe-west8
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+      timeout_seconds: 180
+      vpc_connector: null
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.pubsub.google_pubsub_topic.default:
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    ingestion_data_source_settings: []
+    kms_key_name: null
+    labels: null
+    message_retention_duration: null
+    message_transforms: []
+    name: topic
+    project: project-id
+    schema_settings: []
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.pubsub.google_pubsub_topic_iam_binding.authoritative["roles/pubsub.subscriber"]:
+    condition: []
+    members:
+    - serviceAccount:123-compute@developer.gserviceaccount.com
+    project: project-id
+    role: roles/pubsub.subscriber
+    topic: topic
+
+counts:
+  archive_file: 1
+  google_cloudfunctions2_function: 1
+  google_project_iam_member: 5
+  google_pubsub_topic: 1
+  google_pubsub_topic_iam_binding: 1
+  google_service_account: 2
+  google_storage_bucket_object: 1
+
+
+outputs: {}

tests/modules/cloud_function_v2/examples/secrets.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,9 +27,55 @@ values:
             # secret: var_secret # known after apply
             versions:
               - {}
+        service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+  module.cf-http.google_service_account.service_account[0]:
+    account_id: test-cf-http
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: test-cf-http
+    email: test-cf-http@project-id.iam.gserviceaccount.com
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    timeouts: null
+  module.secret-manager.google_secret_manager_secret.default["credentials"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: project-id
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: credentials
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secret-manager.google_secret_manager_secret_iam_binding.authoritative["credentials.roles/secretmanager.secretAccessor"]:
+    condition: []
+    members:
+      - serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    role: roles/secretmanager.secretAccessor
+  module.secret-manager.google_secret_manager_secret_version.default["credentials/v1"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data: manual foo bar spam
+    secret_data_wo: null
+    secret_data_wo_version: 0
+    timeouts: null
 
 counts:
   google_cloudfunctions2_function: 1
-  google_storage_bucket_object: 1
-  modules: 2
-  resources: 8
+  google_secret_manager_secret: 1
+  google_secret_manager_secret_iam_binding: 1
+  google_secret_manager_secret_version: 1
+  google_service_account: 1

tests/modules/cloud_function_v2/examples/service-account-1.yaml

@@ -0,0 +1,80 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cf-http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+      worker_pool: null
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger: []
+    kms_key_name: null
+    labels: null
+    location: europe-west8
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: test-cf-http@project-id.iam.gserviceaccount.com
+      timeout_seconds: 180
+      vpc_connector: null
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.cf-http.google_project_iam_member.default["roles/logging.logWriter"]:
+    condition: []
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    role: roles/logging.logWriter
+  module.cf-http.google_project_iam_member.default["roles/monitoring.metricWriter"]:
+    condition: []
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    role: roles/monitoring.metricWriter
+  module.cf-http.google_service_account.service_account[0]:
+    account_id: test-cf-http
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: test-cf-http
+    email: test-cf-http@project-id.iam.gserviceaccount.com
+    member: serviceAccount:test-cf-http@project-id.iam.gserviceaccount.com
+    project: project-id
+    timeouts: null
+
+counts:
+  archive_file: 1
+  google_cloudfunctions2_function: 1
+  google_project_iam_member: 4
+  google_service_account: 1
+  google_storage_bucket_object: 1

tests/modules/cloud_function_v2/examples/service-account-2.yaml

@@ -0,0 +1,58 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cf-http.google_cloudfunctions2_function.function:
+    build_config:
+    - entry_point: main
+      on_deploy_update_policy: []
+      runtime: python310
+      source:
+      - repo_source: []
+        storage_source:
+        - bucket: bucket
+      worker_pool: null
+    description: Terraform managed.
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    event_trigger: []
+    kms_key_name: null
+    labels: null
+    location: europe-west8
+    name: test-cf-http
+    project: project-id
+    service_config:
+    - all_traffic_on_latest_revision: true
+      available_cpu: '0.166'
+      available_memory: 256M
+      binary_authorization_policy: null
+      environment_variables:
+        LOG_EXECUTION_ID: 'true'
+      ingress_settings: ALLOW_ALL
+      max_instance_count: 1
+      min_instance_count: 0
+      secret_environment_variables: []
+      secret_volumes: []
+      service_account_email: sa1@sa.example
+      timeout_seconds: 180
+      vpc_connector: null
+      vpc_connector_egress_settings: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+
+counts:
+  google_cloudfunctions2_function: 1
+  google_project_iam_member: 2
+  google_service_account: 0