diff --git a/modules/cloud-function/README.md b/modules/cloud-function/README.md
index 40619d403..c49e5dc86 100644
--- a/modules/cloud-function/README.md
+++ b/modules/cloud-function/README.md
@@ -243,7 +243,7 @@ module "cf-http" {
| [secrets](variables.tf#L120) | Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format. | map(object({…})) | | {} |
| [service_account](variables.tf#L132) | Service account email. Unused if service account is auto-created. | string | | null |
| [service_account_create](variables.tf#L138) | Auto-create service account. | bool | | false |
-| [trigger_config](variables.tf#L144) | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | null |
+| [trigger_config](variables.tf#L144) | Function trigger configuration. Leave null for HTTP trigger. | object({…}) | | { v1 = null, v2 = null } |
| [v2](variables.tf#L192) | Whether to use Cloud Function version 2nd Gen or 1st Gen. | bool | | false |
| [vpc_connector](variables.tf#L173) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | object({…}) | | null |
| [vpc_connector_config](variables.tf#L183) | VPC connector network configuration. Must be provided if new VPC connector is being created. | object({…}) | | null |
diff --git a/modules/cloud-function/main.tf b/modules/cloud-function/main.tf
index 41af99848..5e5110c2a 100644
--- a/modules/cloud-function/main.tf
+++ b/modules/cloud-function/main.tf
@@ -85,7 +85,7 @@ resource "google_cloudfunctions_function" "function" {
source_archive_bucket = local.bucket
source_archive_object = google_storage_bucket_object.bundle.name
labels = var.labels
- trigger_http = try(var.trigger_config.v1, null) == null ? true : null
+ trigger_http = var.trigger_config.v1 == null ? true : null
ingress_settings = var.ingress_settings
build_worker_pool = var.build_worker_pool
@@ -96,7 +96,7 @@ resource "google_cloudfunctions_function" "function" {
)
dynamic "event_trigger" {
- for_each = try(var.trigger_config.v1, null) != null ? [""] : []
+ for_each = var.trigger_config.v1 == null ? [] : [""]
content {
event_type = var.trigger_config.v1.event
resource = var.trigger_config.v1.resource
@@ -159,7 +159,7 @@ resource "google_cloudfunctions2_function" "function" {
}
}
dynamic "event_trigger" {
- for_each = try(var.trigger_config.v2, null) != null ? [""] : []
+ for_each = var.trigger_config.v2 == null ? [] : [""]
content {
trigger_region = var.trigger_config.v2.region
event_type = var.trigger_config.v2.event_type
@@ -223,7 +223,7 @@ resource "google_cloudfunctions2_function" "function" {
}
resource "google_cloudfunctions_function_iam_binding" "default" {
- for_each = var.v2 == false ? var.iam : {}
+ for_each = !var.v2 ? var.iam : {}
project = var.project_id
region = var.region
cloud_function = local.function.name
@@ -232,7 +232,7 @@ resource "google_cloudfunctions_function_iam_binding" "default" {
}
resource "google_cloudfunctions2_function_iam_binding" "default" {
- for_each = var.v2 == true ? var.iam : {}
+ for_each = var.v2 ? var.iam : {}
project = var.project_id
location = google_cloudfunctions2_function.function[0].location
cloud_function = local.function.name
@@ -293,18 +293,14 @@ resource "google_service_account" "service_account" {
}
resource "google_service_account" "trigger_service_account" {
- count = try(var.trigger_config.v2.service_account_create, null) == null ? 0 : (
- var.trigger_config.v2.service_account_create ? 1 : 0
- )
+ count = try(var.trigger_config.v2.service_account_create, false) == true ? 1 : 0
project = var.project_id
account_id = "tf-cf-trigger-${var.name}"
display_name = "Terraform trigger for Cloud Function ${var.name}."
}
resource "google_project_iam_member" "trigger_iam" {
- count = try(var.trigger_config.v2.service_account_create, null) == null ? 0 : (
- var.trigger_config.v2.service_account_create ? 1 : 0
- )
+ count = try(var.trigger_config.v2.service_account_create, false) == true ? 1 : 0
project = var.project_id
member = "serviceAccount:${google_service_account.trigger_service_account[0].email}"
role = "roles/run.invoker"
diff --git a/modules/cloud-function/variables.tf b/modules/cloud-function/variables.tf
index c701dbe33..7cd573bd5 100644
--- a/modules/cloud-function/variables.tf
+++ b/modules/cloud-function/variables.tf
@@ -163,9 +163,9 @@ variable "trigger_config" {
retry_policy = optional(string)
}))
})
- default = null
+ default = { v1 = null, v2 = null }
validation {
- condition = try(((var.trigger_config.v1 == null) != (var.trigger_config.v2 == null)), var.trigger_config == null)
+ condition = !(var.trigger_config.v1 != null && var.trigger_config.v2 != null)
error_message = "Provide configuration for only one generation - either v1 or v2"
}
}