Support GCS objects in cloud function modules bundles (#2361)
* cloud function v2 * cloud function v1 * blueprints
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
ea5e6dedc9
commit
fa00deb747
@@ -1,8 +1,6 @@
|
||||
# Cloud Function Module (V1)
|
||||
|
||||
Cloud Function management, with support for IAM roles and optional bucket creation.
|
||||
|
||||
The GCS object used for deployment uses a hash of the bundle zip contents in its name, which ensures change tracking and avoids recreating the function if the GCS object is deleted and needs recreating.
|
||||
Cloud Function management, with support for IAM roles, optional bucket creation and bundle via GCS URI, local zip, or local source folder.
|
||||
|
||||
<!-- BEGIN TOC -->
|
||||
- [TODO](#todo)
|
||||
@@ -39,8 +37,7 @@ module "cf-http" {
|
||||
name = "test-cf-http"
|
||||
bucket_name = var.bucket
|
||||
bundle_config = {
|
||||
path = "assets/sample-function/"
|
||||
output_path = "bundle.zip"
|
||||
path = "assets/sample-function/"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2 e2e
|
||||
@@ -58,8 +55,7 @@ module "cf-http" {
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
output_path = "bundle.zip"
|
||||
path = "assets/sample-function/"
|
||||
}
|
||||
trigger_config = {
|
||||
event = "google.pubsub.topic.publish"
|
||||
@@ -81,8 +77,7 @@ module "cf-http" {
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
output_path = "bundle.zip"
|
||||
path = "assets/sample-function/"
|
||||
}
|
||||
iam = {
|
||||
"roles/cloudfunctions.invoker" = ["allUsers"]
|
||||
@@ -107,7 +102,7 @@ module "cf-http" {
|
||||
lifecycle_delete_age_days = 1
|
||||
}
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
path = "assets/sample-function/"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3 inventory=bucket-creation.yaml
|
||||
@@ -125,8 +120,7 @@ module "cf-http" {
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
output_path = "bundle.zip"
|
||||
path = "assets/sample-function/"
|
||||
}
|
||||
service_account_create = true
|
||||
}
|
||||
@@ -143,8 +137,7 @@ module "cf-http" {
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
output_path = "bundle.zip"
|
||||
path = "assets/sample-function/"
|
||||
}
|
||||
service_account = "non-existent@serice.account.email"
|
||||
}
|
||||
@@ -153,11 +146,13 @@ module "cf-http" {
|
||||
|
||||
### Custom bundle config
|
||||
|
||||
The Cloud Function bundle can be configured via the `bundle_config` variable, so that either a `zip` archive or a source folder can be used.
|
||||
The Cloud Function bundle can be configured via the `bundle_config` variable. The only mandatory argument is `bundle_config.path` which can point to:
|
||||
|
||||
If a `zip` archive is already available, simply set the archive path in `bundle_config.path`. If a dynamically generated archive is needed, set `bundle_config.path` to the source folder path, then optionally configure the path where the archive will be created, and any exclusions needed in the archive.
|
||||
- a GCS URI of a ZIP archive
|
||||
- a local path to a ZIP archive
|
||||
- a local path to a source folder
|
||||
|
||||
If you use a folder and dynamic archive bundling, be mindful that the MD5 checksum of the generated `zip` file does not change across environments (e.g. Cloud Build vs your local development environment), by ensuring that the files in the folder are always the same.
|
||||
When a GCS URI or a local zip file are used, a change in their names will trigger redeployment. When a local source folder is used a ZIP archive will be automatically generated and its internally derived checksum will drive redeployment. You can optionally control its name and exclusions via the attributes in `bundle_config.folder_options`.
|
||||
|
||||
```hcl
|
||||
module "cf-http" {
|
||||
@@ -167,9 +162,11 @@ module "cf-http" {
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
output_path = "bundle.zip"
|
||||
excludes = ["__pycache__"]
|
||||
path = "fabric/assets/"
|
||||
folder_options = {
|
||||
archive_path = "bundle.zip"
|
||||
excludes = ["__pycache__"]
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
@@ -188,8 +185,7 @@ module "cf-http" {
|
||||
bucket_name = "test-cf-bundles"
|
||||
build_worker_pool = "projects/my-project/locations/europe-west1/workerPools/my_build_worker_pool"
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
output_path = "bundle.zip"
|
||||
path = "fabric/assets/"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
@@ -197,7 +193,7 @@ module "cf-http" {
|
||||
|
||||
### Multiple Cloud Functions within project
|
||||
|
||||
When deploying multiple functions do not reuse `bundle_config.output_path` between instances as the result is undefined. Default `output_path` creates file in `/tmp` folder using project Id and function name to avoid name conflicts.
|
||||
When deploying multiple functions do not reuse `bundle_config.archive_path` between instances as the result is undefined. Default `archive_path` creates file in `/tmp` folder using project Id and function name to avoid name conflicts.
|
||||
|
||||
```hcl
|
||||
module "cf-http-one" {
|
||||
@@ -207,7 +203,7 @@ module "cf-http-one" {
|
||||
name = "test-cf-http-one"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets"
|
||||
path = "fabric/assets/"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -218,7 +214,7 @@ module "cf-http-two" {
|
||||
name = "test-cf-http-two"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets"
|
||||
path = "fabric/assets/"
|
||||
}
|
||||
}
|
||||
# tftest modules=2 resources=4 inventory=multiple_functions.yaml
|
||||
@@ -240,8 +236,7 @@ module "cf-http" {
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
output_path = "bundle.zip"
|
||||
path = "fabric/assets/"
|
||||
}
|
||||
secrets = {
|
||||
VARIABLE_SECRET = {
|
||||
@@ -279,8 +274,7 @@ module "cf-http" {
|
||||
name = "test-cf-http"
|
||||
bucket_name = "test-cf-bundles"
|
||||
bundle_config = {
|
||||
path = "fabric/assets/"
|
||||
output_path = "bundle.zip"
|
||||
path = "fabric/assets/"
|
||||
}
|
||||
kms_key = "projects/my-project/locations/europe-west1/keyRings/mykeyring/cryptoKeys/mykey"
|
||||
repository_settings = {
|
||||
@@ -295,29 +289,29 @@ module "cf-http" {
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [bucket_name](variables.tf#L26) | Name of the bucket that will be used for the function code. It will be created with prefix prepended if bucket_config is not null. | <code>string</code> | ✓ | |
|
||||
| [bundle_config](variables.tf#L44) | Cloud function source. If path points to a .zip archive it is uploaded as-is, otherwise an archive is created on the fly. A null output path will use a unique name for the bundle in /tmp. | <code title="object({ path = string excludes = optional(list(string)) output_path = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [name](variables.tf#L127) | Name used for cloud function and associated resources. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L142) | Project id used for all resources. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L147) | Region used for all resources. | <code>string</code> | ✓ | |
|
||||
| [bundle_config](variables.tf#L44) | Cloud function source. Path can point to a GCS object URI, or a local path. A local path to a zip archive will generate a GCS object using its basename, a folder will be zipped and the GCS object name inferred when not specified. | <code title="object({ path = string folder_options = optional(object({ archive_path = optional(string) excludes = optional(list(string)) }), {}) })">object({…})</code> | ✓ | |
|
||||
| [name](variables.tf#L139) | Name used for cloud function and associated resources. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L154) | Project id used for all resources. | <code>string</code> | ✓ | |
|
||||
| [region](variables.tf#L159) | Region used for all resources. | <code>string</code> | ✓ | |
|
||||
| [bucket_config](variables.tf#L17) | Enable and configure auto-created bucket. Set fields to null to use defaults. | <code title="object({ location = optional(string) lifecycle_delete_age_days = optional(number) })">object({…})</code> | | <code>null</code> |
|
||||
| [build_environment_variables](variables.tf#L32) | A set of key/value environment variable pairs available during build time. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [build_worker_pool](variables.tf#L38) | Build worker pool, in projects/<PROJECT-ID>/locations/<REGION>/workerPools/<POOL_NAME> format. | <code>string</code> | | <code>null</code> |
|
||||
| [description](variables.tf#L65) | Optional description. | <code>string</code> | | <code>"Terraform managed."</code> |
|
||||
| [environment_variables](variables.tf#L71) | Cloud function environment variables. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [function_config](variables.tf#L77) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout. | <code title="object({ entry_point = optional(string, "main") instance_count = optional(number, 1) memory_mb = optional(number, 256) # Memory in MB cpu = optional(string, "0.166") runtime = optional(string, "python310") timeout_seconds = optional(number, 180) })">object({…})</code> | | <code title="{ entry_point = "main" instance_count = 1 memory_mb = 256 cpu = "0.166" runtime = "python310" timeout_seconds = 180 }">{…}</code> |
|
||||
| [https_security_level](variables.tf#L97) | The security level for the function: Allowed values are SECURE_ALWAYS, SECURE_OPTIONAL. | <code>string</code> | | <code>null</code> |
|
||||
| [iam](variables.tf#L103) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [ingress_settings](variables.tf#L109) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY . | <code>string</code> | | <code>null</code> |
|
||||
| [kms_key](variables.tf#L115) | Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources in key id format. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. | <code>string</code> | | <code>null</code> |
|
||||
| [labels](variables.tf#L121) | Resource labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [prefix](variables.tf#L132) | Optional prefix used for resource names. | <code>string</code> | | <code>null</code> |
|
||||
| [repository_settings](variables.tf#L152) | Docker Registry to use for storing the function's Docker images and specific repository. If kms_key is provided, the repository must have already been encrypted with the key. | <code title="object({ registry = optional(string) repository = optional(string) })">object({…})</code> | | <code title="{ registry = "ARTIFACT_REGISTRY" }">{…}</code> |
|
||||
| [secrets](variables.tf#L163) | Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format. | <code title="map(object({ is_volume = bool project_id = number secret = string versions = list(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [service_account](variables.tf#L175) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
||||
| [service_account_create](variables.tf#L181) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
||||
| [trigger_config](variables.tf#L187) | Function trigger configuration. Leave null for HTTP trigger. | <code title="object({ event = string resource = string retry = optional(bool) })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_connector](variables.tf#L197) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | <code title="object({ create = bool name = string egress_settings = string })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_connector_config](variables.tf#L207) | VPC connector network configuration. Must be provided if new VPC connector is being created. | <code title="object({ ip_cidr_range = string network = string })">object({…})</code> | | <code>null</code> |
|
||||
| [description](variables.tf#L77) | Optional description. | <code>string</code> | | <code>"Terraform managed."</code> |
|
||||
| [environment_variables](variables.tf#L83) | Cloud function environment variables. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [function_config](variables.tf#L89) | Cloud function configuration. Defaults to using main as entrypoint, 1 instance with 256MiB of memory, and 180 second timeout. | <code title="object({ entry_point = optional(string, "main") instance_count = optional(number, 1) memory_mb = optional(number, 256) # Memory in MB cpu = optional(string, "0.166") runtime = optional(string, "python310") timeout_seconds = optional(number, 180) })">object({…})</code> | | <code title="{ entry_point = "main" instance_count = 1 memory_mb = 256 cpu = "0.166" runtime = "python310" timeout_seconds = 180 }">{…}</code> |
|
||||
| [https_security_level](variables.tf#L109) | The security level for the function: Allowed values are SECURE_ALWAYS, SECURE_OPTIONAL. | <code>string</code> | | <code>null</code> |
|
||||
| [iam](variables.tf#L115) | IAM bindings for topic in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||
| [ingress_settings](variables.tf#L121) | Control traffic that reaches the cloud function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY . | <code>string</code> | | <code>null</code> |
|
||||
| [kms_key](variables.tf#L127) | Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources in key id format. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. | <code>string</code> | | <code>null</code> |
|
||||
| [labels](variables.tf#L133) | Resource labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||
| [prefix](variables.tf#L144) | Optional prefix used for resource names. | <code>string</code> | | <code>null</code> |
|
||||
| [repository_settings](variables.tf#L164) | Docker Registry to use for storing the function's Docker images and specific repository. If kms_key is provided, the repository must have already been encrypted with the key. | <code title="object({ registry = optional(string) repository = optional(string) })">object({…})</code> | | <code title="{ registry = "ARTIFACT_REGISTRY" }">{…}</code> |
|
||||
| [secrets](variables.tf#L175) | Secret Manager secrets. Key is the variable name or mountpoint, volume versions are in version:path format. | <code title="map(object({ is_volume = bool project_id = number secret = string versions = list(string) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [service_account](variables.tf#L187) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
||||
| [service_account_create](variables.tf#L193) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
||||
| [trigger_config](variables.tf#L199) | Function trigger configuration. Leave null for HTTP trigger. | <code title="object({ event = string resource = string retry = optional(bool) })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_connector](variables.tf#L209) | VPC connector configuration. Set create to 'true' if a new connector needs to be created. | <code title="object({ create = bool name = string egress_settings = string })">object({…})</code> | | <code>null</code> |
|
||||
| [vpc_connector_config](variables.tf#L219) | VPC connector network configuration. Must be provided if new VPC connector is being created. | <code title="object({ ip_cidr_range = string network = string })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
Reference in New Issue
Block a user