Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. cloudfunctions
  5. Function
Google Cloud v8.32.1 published on Thursday, May 22, 2025 by Pulumi
pulumi/pulumi-gcp

gcp.cloudfunctions.Function

Explore with Pulumi AI

Google Cloud v8.32.1 published on Thursday, May 22, 2025 by Pulumi
pulumi/pulumi-gcp

Creates a new Cloud Function. For more information see:

Warning: As of November 1, 2019, newly created Functions are private-by-default and will require appropriate IAM permissions to be invoked. See below examples for how to set up the appropriate permissions, or view the Cloud Functions IAM resources for Cloud Functions.

Example Usage

Public Function

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const bucket = new gcp.storage.Bucket("bucket", {
    name: "test-bucket",
    location: "US",
});
const archive = new gcp.storage.BucketObject("archive", {
    name: "index.zip",
    bucket: bucket.name,
    source: new pulumi.asset.FileAsset("./path/to/zip/file/which/contains/code"),
});
const _function = new gcp.cloudfunctions.Function("function", {
    name: "function-test",
    description: "My function",
    runtime: "nodejs20",
    availableMemoryMb: 128,
    sourceArchiveBucket: bucket.name,
    sourceArchiveObject: archive.name,
    triggerHttp: true,
    entryPoint: "helloGET",
});
// IAM entry for all users to invoke the function
const invoker = new gcp.cloudfunctions.FunctionIamMember("invoker", {
    project: _function.project,
    region: _function.region,
    cloudFunction: _function.name,
    role: "roles/cloudfunctions.invoker",
    member: "allUsers",
});
Copy
import pulumi
import pulumi_gcp as gcp

bucket = gcp.storage.Bucket("bucket",
    name="test-bucket",
    location="US")
archive = gcp.storage.BucketObject("archive",
    name="index.zip",
    bucket=bucket.name,
    source=pulumi.FileAsset("./path/to/zip/file/which/contains/code"))
function = gcp.cloudfunctions.Function("function",
    name="function-test",
    description="My function",
    runtime="nodejs20",
    available_memory_mb=128,
    source_archive_bucket=bucket.name,
    source_archive_object=archive.name,
    trigger_http=True,
    entry_point="helloGET")
# IAM entry for all users to invoke the function
invoker = gcp.cloudfunctions.FunctionIamMember("invoker",
    project=function.project,
    region=function.region,
    cloud_function=function.name,
    role="roles/cloudfunctions.invoker",
    member="allUsers")
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := storage.NewBucket(ctx, "bucket", &storage.BucketArgs{
			Name:     pulumi.String("test-bucket"),
			Location: pulumi.String("US"),
		})
		if err != nil {
			return err
		}
		archive, err := storage.NewBucketObject(ctx, "archive", &storage.BucketObjectArgs{
			Name:   pulumi.String("index.zip"),
			Bucket: bucket.Name,
			Source: pulumi.NewFileAsset("./path/to/zip/file/which/contains/code"),
		})
		if err != nil {
			return err
		}
		function, err := cloudfunctions.NewFunction(ctx, "function", &cloudfunctions.FunctionArgs{
			Name:                pulumi.String("function-test"),
			Description:         pulumi.String("My function"),
			Runtime:             pulumi.String("nodejs20"),
			AvailableMemoryMb:   pulumi.Int(128),
			SourceArchiveBucket: bucket.Name,
			SourceArchiveObject: archive.Name,
			TriggerHttp:         pulumi.Bool(true),
			EntryPoint:          pulumi.String("helloGET"),
		})
		if err != nil {
			return err
		}
		// IAM entry for all users to invoke the function
		_, err = cloudfunctions.NewFunctionIamMember(ctx, "invoker", &cloudfunctions.FunctionIamMemberArgs{
			Project:       function.Project,
			Region:        function.Region,
			CloudFunction: function.Name,
			Role:          pulumi.String("roles/cloudfunctions.invoker"),
			Member:        pulumi.String("allUsers"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var bucket = new Gcp.Storage.Bucket("bucket", new()
    {
        Name = "test-bucket",
        Location = "US",
    });

    var archive = new Gcp.Storage.BucketObject("archive", new()
    {
        Name = "index.zip",
        Bucket = bucket.Name,
        Source = new FileAsset("./path/to/zip/file/which/contains/code"),
    });

    var function = new Gcp.CloudFunctions.Function("function", new()
    {
        Name = "function-test",
        Description = "My function",
        Runtime = "nodejs20",
        AvailableMemoryMb = 128,
        SourceArchiveBucket = bucket.Name,
        SourceArchiveObject = archive.Name,
        TriggerHttp = true,
        EntryPoint = "helloGET",
    });

    // IAM entry for all users to invoke the function
    var invoker = new Gcp.CloudFunctions.FunctionIamMember("invoker", new()
    {
        Project = function.Project,
        Region = function.Region,
        CloudFunction = function.Name,
        Role = "roles/cloudfunctions.invoker",
        Member = "allUsers",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.cloudfunctions.Function;
import com.pulumi.gcp.cloudfunctions.FunctionArgs;
import com.pulumi.gcp.cloudfunctions.FunctionIamMember;
import com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .name("test-bucket")
            .location("US")
            .build());

        var archive = new BucketObject("archive", BucketObjectArgs.builder()
            .name("index.zip")
            .bucket(bucket.name())
            .source(new FileAsset("./path/to/zip/file/which/contains/code"))
            .build());

        var function = new Function("function", FunctionArgs.builder()
            .name("function-test")
            .description("My function")
            .runtime("nodejs20")
            .availableMemoryMb(128)
            .sourceArchiveBucket(bucket.name())
            .sourceArchiveObject(archive.name())
            .triggerHttp(true)
            .entryPoint("helloGET")
            .build());

        // IAM entry for all users to invoke the function
        var invoker = new FunctionIamMember("invoker", FunctionIamMemberArgs.builder()
            .project(function.project())
            .region(function.region())
            .cloudFunction(function.name())
            .role("roles/cloudfunctions.invoker")
            .member("allUsers")
            .build());

    }
}
Copy
resources:
  bucket:
    type: gcp:storage:Bucket
    properties:
      name: test-bucket
      location: US
  archive:
    type: gcp:storage:BucketObject
    properties:
      name: index.zip
      bucket: ${bucket.name}
      source:
        fn::FileAsset: ./path/to/zip/file/which/contains/code
  function:
    type: gcp:cloudfunctions:Function
    properties:
      name: function-test
      description: My function
      runtime: nodejs20
      availableMemoryMb: 128
      sourceArchiveBucket: ${bucket.name}
      sourceArchiveObject: ${archive.name}
      triggerHttp: true
      entryPoint: helloGET
  # IAM entry for all users to invoke the function
  invoker:
    type: gcp:cloudfunctions:FunctionIamMember
    properties:
      project: ${function.project}
      region: ${function.region}
      cloudFunction: ${function.name}
      role: roles/cloudfunctions.invoker
      member: allUsers
Copy

Single User

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const bucket = new gcp.storage.Bucket("bucket", {
    name: "test-bucket",
    location: "US",
});
const archive = new gcp.storage.BucketObject("archive", {
    name: "index.zip",
    bucket: bucket.name,
    source: new pulumi.asset.FileAsset("./path/to/zip/file/which/contains/code"),
});
const _function = new gcp.cloudfunctions.Function("function", {
    name: "function-test",
    description: "My function",
    runtime: "nodejs20",
    availableMemoryMb: 128,
    sourceArchiveBucket: bucket.name,
    sourceArchiveObject: archive.name,
    triggerHttp: true,
    httpsTriggerSecurityLevel: "SECURE_ALWAYS",
    timeout: 60,
    entryPoint: "helloGET",
    labels: {
        "my-label": "my-label-value",
    },
    environmentVariables: {
        MY_ENV_VAR: "my-env-var-value",
    },
});
// IAM entry for a single user to invoke the function
const invoker = new gcp.cloudfunctions.FunctionIamMember("invoker", {
    project: _function.project,
    region: _function.region,
    cloudFunction: _function.name,
    role: "roles/cloudfunctions.invoker",
    member: "user:myFunctionInvoker@example.com",
});
Copy
import pulumi
import pulumi_gcp as gcp

bucket = gcp.storage.Bucket("bucket",
    name="test-bucket",
    location="US")
archive = gcp.storage.BucketObject("archive",
    name="index.zip",
    bucket=bucket.name,
    source=pulumi.FileAsset("./path/to/zip/file/which/contains/code"))
function = gcp.cloudfunctions.Function("function",
    name="function-test",
    description="My function",
    runtime="nodejs20",
    available_memory_mb=128,
    source_archive_bucket=bucket.name,
    source_archive_object=archive.name,
    trigger_http=True,
    https_trigger_security_level="SECURE_ALWAYS",
    timeout=60,
    entry_point="helloGET",
    labels={
        "my-label": "my-label-value",
    },
    environment_variables={
        "MY_ENV_VAR": "my-env-var-value",
    })
# IAM entry for a single user to invoke the function
invoker = gcp.cloudfunctions.FunctionIamMember("invoker",
    project=function.project,
    region=function.region,
    cloud_function=function.name,
    role="roles/cloudfunctions.invoker",
    member="user:myFunctionInvoker@example.com")
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := storage.NewBucket(ctx, "bucket", &storage.BucketArgs{
			Name:     pulumi.String("test-bucket"),
			Location: pulumi.String("US"),
		})
		if err != nil {
			return err
		}
		archive, err := storage.NewBucketObject(ctx, "archive", &storage.BucketObjectArgs{
			Name:   pulumi.String("index.zip"),
			Bucket: bucket.Name,
			Source: pulumi.NewFileAsset("./path/to/zip/file/which/contains/code"),
		})
		if err != nil {
			return err
		}
		function, err := cloudfunctions.NewFunction(ctx, "function", &cloudfunctions.FunctionArgs{
			Name:                      pulumi.String("function-test"),
			Description:               pulumi.String("My function"),
			Runtime:                   pulumi.String("nodejs20"),
			AvailableMemoryMb:         pulumi.Int(128),
			SourceArchiveBucket:       bucket.Name,
			SourceArchiveObject:       archive.Name,
			TriggerHttp:               pulumi.Bool(true),
			HttpsTriggerSecurityLevel: pulumi.String("SECURE_ALWAYS"),
			Timeout:                   pulumi.Int(60),
			EntryPoint:                pulumi.String("helloGET"),
			Labels: pulumi.StringMap{
				"my-label": pulumi.String("my-label-value"),
			},
			EnvironmentVariables: pulumi.StringMap{
				"MY_ENV_VAR": pulumi.String("my-env-var-value"),
			},
		})
		if err != nil {
			return err
		}
		// IAM entry for a single user to invoke the function
		_, err = cloudfunctions.NewFunctionIamMember(ctx, "invoker", &cloudfunctions.FunctionIamMemberArgs{
			Project:       function.Project,
			Region:        function.Region,
			CloudFunction: function.Name,
			Role:          pulumi.String("roles/cloudfunctions.invoker"),
			Member:        pulumi.String("user:myFunctionInvoker@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var bucket = new Gcp.Storage.Bucket("bucket", new()
    {
        Name = "test-bucket",
        Location = "US",
    });

    var archive = new Gcp.Storage.BucketObject("archive", new()
    {
        Name = "index.zip",
        Bucket = bucket.Name,
        Source = new FileAsset("./path/to/zip/file/which/contains/code"),
    });

    var function = new Gcp.CloudFunctions.Function("function", new()
    {
        Name = "function-test",
        Description = "My function",
        Runtime = "nodejs20",
        AvailableMemoryMb = 128,
        SourceArchiveBucket = bucket.Name,
        SourceArchiveObject = archive.Name,
        TriggerHttp = true,
        HttpsTriggerSecurityLevel = "SECURE_ALWAYS",
        Timeout = 60,
        EntryPoint = "helloGET",
        Labels = 
        {
            { "my-label", "my-label-value" },
        },
        EnvironmentVariables = 
        {
            { "MY_ENV_VAR", "my-env-var-value" },
        },
    });

    // IAM entry for a single user to invoke the function
    var invoker = new Gcp.CloudFunctions.FunctionIamMember("invoker", new()
    {
        Project = function.Project,
        Region = function.Region,
        CloudFunction = function.Name,
        Role = "roles/cloudfunctions.invoker",
        Member = "user:myFunctionInvoker@example.com",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.cloudfunctions.Function;
import com.pulumi.gcp.cloudfunctions.FunctionArgs;
import com.pulumi.gcp.cloudfunctions.FunctionIamMember;
import com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var bucket = new Bucket("bucket", BucketArgs.builder()
            .name("test-bucket")
            .location("US")
            .build());

        var archive = new BucketObject("archive", BucketObjectArgs.builder()
            .name("index.zip")
            .bucket(bucket.name())
            .source(new FileAsset("./path/to/zip/file/which/contains/code"))
            .build());

        var function = new Function("function", FunctionArgs.builder()
            .name("function-test")
            .description("My function")
            .runtime("nodejs20")
            .availableMemoryMb(128)
            .sourceArchiveBucket(bucket.name())
            .sourceArchiveObject(archive.name())
            .triggerHttp(true)
            .httpsTriggerSecurityLevel("SECURE_ALWAYS")
            .timeout(60)
            .entryPoint("helloGET")
            .labels(Map.of("my-label", "my-label-value"))
            .environmentVariables(Map.of("MY_ENV_VAR", "my-env-var-value"))
            .build());

        // IAM entry for a single user to invoke the function
        var invoker = new FunctionIamMember("invoker", FunctionIamMemberArgs.builder()
            .project(function.project())
            .region(function.region())
            .cloudFunction(function.name())
            .role("roles/cloudfunctions.invoker")
            .member("user:myFunctionInvoker@example.com")
            .build());

    }
}
Copy
resources:
  bucket:
    type: gcp:storage:Bucket
    properties:
      name: test-bucket
      location: US
  archive:
    type: gcp:storage:BucketObject
    properties:
      name: index.zip
      bucket: ${bucket.name}
      source:
        fn::FileAsset: ./path/to/zip/file/which/contains/code
  function:
    type: gcp:cloudfunctions:Function
    properties:
      name: function-test
      description: My function
      runtime: nodejs20
      availableMemoryMb: 128
      sourceArchiveBucket: ${bucket.name}
      sourceArchiveObject: ${archive.name}
      triggerHttp: true
      httpsTriggerSecurityLevel: SECURE_ALWAYS
      timeout: 60
      entryPoint: helloGET
      labels:
        my-label: my-label-value
      environmentVariables:
        MY_ENV_VAR: my-env-var-value
  # IAM entry for a single user to invoke the function
  invoker:
    type: gcp:cloudfunctions:FunctionIamMember
    properties:
      project: ${function.project}
      region: ${function.region}
      cloudFunction: ${function.name}
      role: roles/cloudfunctions.invoker
      member: user:myFunctionInvoker@example.com
Copy

Create Function Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Function(name: string, args: FunctionArgs, opts?: CustomResourceOptions);
@overload
def Function(resource_name: str,
             args: FunctionArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Function(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             runtime: Optional[str] = None,
             labels: Optional[Mapping[str, str]] = None,
             secret_environment_variables: Optional[Sequence[FunctionSecretEnvironmentVariableArgs]] = None,
             build_worker_pool: Optional[str] = None,
             description: Optional[str] = None,
             docker_registry: Optional[str] = None,
             docker_repository: Optional[str] = None,
             entry_point: Optional[str] = None,
             environment_variables: Optional[Mapping[str, str]] = None,
             event_trigger: Optional[FunctionEventTriggerArgs] = None,
             https_trigger_security_level: Optional[str] = None,
             https_trigger_url: Optional[str] = None,
             ingress_settings: Optional[str] = None,
             kms_key_name: Optional[str] = None,
             available_memory_mb: Optional[int] = None,
             build_service_account: Optional[str] = None,
             max_instances: Optional[int] = None,
             service_account_email: Optional[str] = None,
             project: Optional[str] = None,
             region: Optional[str] = None,
             build_environment_variables: Optional[Mapping[str, str]] = None,
             min_instances: Optional[int] = None,
             secret_volumes: Optional[Sequence[FunctionSecretVolumeArgs]] = None,
             name: Optional[str] = None,
             source_archive_bucket: Optional[str] = None,
             source_archive_object: Optional[str] = None,
             source_repository: Optional[FunctionSourceRepositoryArgs] = None,
             timeout: Optional[int] = None,
             trigger_http: Optional[bool] = None,
             vpc_connector: Optional[str] = None,
             vpc_connector_egress_settings: Optional[str] = None)
func NewFunction(ctx *Context, name string, args FunctionArgs, opts ...ResourceOption) (*Function, error)
public Function(string name, FunctionArgs args, CustomResourceOptions? opts = null)
public Function(String name, FunctionArgs args)
public Function(String name, FunctionArgs args, CustomResourceOptions options)

type: gcp:cloudfunctions:Function
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FunctionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FunctionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FunctionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FunctionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FunctionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var functionResource = new Gcp.CloudFunctions.Function("functionResource", new()
{
    Runtime = "string",
    Labels = 
    {
        { "string", "string" },
    },
    SecretEnvironmentVariables = new[]
    {
        new Gcp.CloudFunctions.Inputs.FunctionSecretEnvironmentVariableArgs
        {
            Key = "string",
            Secret = "string",
            Version = "string",
            ProjectId = "string",
        },
    },
    BuildWorkerPool = "string",
    Description = "string",
    DockerRegistry = "string",
    DockerRepository = "string",
    EntryPoint = "string",
    EnvironmentVariables = 
    {
        { "string", "string" },
    },
    EventTrigger = new Gcp.CloudFunctions.Inputs.FunctionEventTriggerArgs
    {
        EventType = "string",
        Resource = "string",
        FailurePolicy = new Gcp.CloudFunctions.Inputs.FunctionEventTriggerFailurePolicyArgs
        {
            Retry = false,
        },
    },
    HttpsTriggerSecurityLevel = "string",
    HttpsTriggerUrl = "string",
    IngressSettings = "string",
    KmsKeyName = "string",
    AvailableMemoryMb = 0,
    BuildServiceAccount = "string",
    MaxInstances = 0,
    ServiceAccountEmail = "string",
    Project = "string",
    Region = "string",
    BuildEnvironmentVariables = 
    {
        { "string", "string" },
    },
    MinInstances = 0,
    SecretVolumes = new[]
    {
        new Gcp.CloudFunctions.Inputs.FunctionSecretVolumeArgs
        {
            MountPath = "string",
            Secret = "string",
            ProjectId = "string",
            Versions = new[]
            {
                new Gcp.CloudFunctions.Inputs.FunctionSecretVolumeVersionArgs
                {
                    Path = "string",
                    Version = "string",
                },
            },
        },
    },
    Name = "string",
    SourceArchiveBucket = "string",
    SourceArchiveObject = "string",
    SourceRepository = new Gcp.CloudFunctions.Inputs.FunctionSourceRepositoryArgs
    {
        Url = "string",
        DeployedUrl = "string",
    },
    Timeout = 0,
    TriggerHttp = false,
    VpcConnector = "string",
    VpcConnectorEgressSettings = "string",
});
Copy
example, err := cloudfunctions.NewFunction(ctx, "functionResource", &cloudfunctions.FunctionArgs{
	Runtime: pulumi.String("string"),
	Labels: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	SecretEnvironmentVariables: cloudfunctions.FunctionSecretEnvironmentVariableArray{
		&cloudfunctions.FunctionSecretEnvironmentVariableArgs{
			Key:       pulumi.String("string"),
			Secret:    pulumi.String("string"),
			Version:   pulumi.String("string"),
			ProjectId: pulumi.String("string"),
		},
	},
	BuildWorkerPool:  pulumi.String("string"),
	Description:      pulumi.String("string"),
	DockerRegistry:   pulumi.String("string"),
	DockerRepository: pulumi.String("string"),
	EntryPoint:       pulumi.String("string"),
	EnvironmentVariables: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	EventTrigger: &cloudfunctions.FunctionEventTriggerArgs{
		EventType: pulumi.String("string"),
		Resource:  pulumi.String("string"),
		FailurePolicy: &cloudfunctions.FunctionEventTriggerFailurePolicyArgs{
			Retry: pulumi.Bool(false),
		},
	},
	HttpsTriggerSecurityLevel: pulumi.String("string"),
	HttpsTriggerUrl:           pulumi.String("string"),
	IngressSettings:           pulumi.String("string"),
	KmsKeyName:                pulumi.String("string"),
	AvailableMemoryMb:         pulumi.Int(0),
	BuildServiceAccount:       pulumi.String("string"),
	MaxInstances:              pulumi.Int(0),
	ServiceAccountEmail:       pulumi.String("string"),
	Project:                   pulumi.String("string"),
	Region:                    pulumi.String("string"),
	BuildEnvironmentVariables: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	MinInstances: pulumi.Int(0),
	SecretVolumes: cloudfunctions.FunctionSecretVolumeArray{
		&cloudfunctions.FunctionSecretVolumeArgs{
			MountPath: pulumi.String("string"),
			Secret:    pulumi.String("string"),
			ProjectId: pulumi.String("string"),
			Versions: cloudfunctions.FunctionSecretVolumeVersionArray{
				&cloudfunctions.FunctionSecretVolumeVersionArgs{
					Path:    pulumi.String("string"),
					Version: pulumi.String("string"),
				},
			},
		},
	},
	Name:                pulumi.String("string"),
	SourceArchiveBucket: pulumi.String("string"),
	SourceArchiveObject: pulumi.String("string"),
	SourceRepository: &cloudfunctions.FunctionSourceRepositoryArgs{
		Url:         pulumi.String("string"),
		DeployedUrl: pulumi.String("string"),
	},
	Timeout:                    pulumi.Int(0),
	TriggerHttp:                pulumi.Bool(false),
	VpcConnector:               pulumi.String("string"),
	VpcConnectorEgressSettings: pulumi.String("string"),
})
Copy
var functionResource = new com.pulumi.gcp.cloudfunctions.Function("functionResource", com.pulumi.gcp.cloudfunctions.FunctionArgs.builder()
    .runtime("string")
    .labels(Map.of("string", "string"))
    .secretEnvironmentVariables(FunctionSecretEnvironmentVariableArgs.builder()
        .key("string")
        .secret("string")
        .version("string")
        .projectId("string")
        .build())
    .buildWorkerPool("string")
    .description("string")
    .dockerRegistry("string")
    .dockerRepository("string")
    .entryPoint("string")
    .environmentVariables(Map.of("string", "string"))
    .eventTrigger(FunctionEventTriggerArgs.builder()
        .eventType("string")
        .resource("string")
        .failurePolicy(FunctionEventTriggerFailurePolicyArgs.builder()
            .retry(false)
            .build())
        .build())
    .httpsTriggerSecurityLevel("string")
    .httpsTriggerUrl("string")
    .ingressSettings("string")
    .kmsKeyName("string")
    .availableMemoryMb(0)
    .buildServiceAccount("string")
    .maxInstances(0)
    .serviceAccountEmail("string")
    .project("string")
    .region("string")
    .buildEnvironmentVariables(Map.of("string", "string"))
    .minInstances(0)
    .secretVolumes(FunctionSecretVolumeArgs.builder()
        .mountPath("string")
        .secret("string")
        .projectId("string")
        .versions(FunctionSecretVolumeVersionArgs.builder()
            .path("string")
            .version("string")
            .build())
        .build())
    .name("string")
    .sourceArchiveBucket("string")
    .sourceArchiveObject("string")
    .sourceRepository(FunctionSourceRepositoryArgs.builder()
        .url("string")
        .deployedUrl("string")
        .build())
    .timeout(0)
    .triggerHttp(false)
    .vpcConnector("string")
    .vpcConnectorEgressSettings("string")
    .build());
Copy
function_resource = gcp.cloudfunctions.Function("functionResource",
    runtime="string",
    labels={
        "string": "string",
    },
    secret_environment_variables=[{
        "key": "string",
        "secret": "string",
        "version": "string",
        "project_id": "string",
    }],
    build_worker_pool="string",
    description="string",
    docker_registry="string",
    docker_repository="string",
    entry_point="string",
    environment_variables={
        "string": "string",
    },
    event_trigger={
        "event_type": "string",
        "resource": "string",
        "failure_policy": {
            "retry": False,
        },
    },
    https_trigger_security_level="string",
    https_trigger_url="string",
    ingress_settings="string",
    kms_key_name="string",
    available_memory_mb=0,
    build_service_account="string",
    max_instances=0,
    service_account_email="string",
    project="string",
    region="string",
    build_environment_variables={
        "string": "string",
    },
    min_instances=0,
    secret_volumes=[{
        "mount_path": "string",
        "secret": "string",
        "project_id": "string",
        "versions": [{
            "path": "string",
            "version": "string",
        }],
    }],
    name="string",
    source_archive_bucket="string",
    source_archive_object="string",
    source_repository={
        "url": "string",
        "deployed_url": "string",
    },
    timeout=0,
    trigger_http=False,
    vpc_connector="string",
    vpc_connector_egress_settings="string")
Copy
const functionResource = new gcp.cloudfunctions.Function("functionResource", {
    runtime: "string",
    labels: {
        string: "string",
    },
    secretEnvironmentVariables: [{
        key: "string",
        secret: "string",
        version: "string",
        projectId: "string",
    }],
    buildWorkerPool: "string",
    description: "string",
    dockerRegistry: "string",
    dockerRepository: "string",
    entryPoint: "string",
    environmentVariables: {
        string: "string",
    },
    eventTrigger: {
        eventType: "string",
        resource: "string",
        failurePolicy: {
            retry: false,
        },
    },
    httpsTriggerSecurityLevel: "string",
    httpsTriggerUrl: "string",
    ingressSettings: "string",
    kmsKeyName: "string",
    availableMemoryMb: 0,
    buildServiceAccount: "string",
    maxInstances: 0,
    serviceAccountEmail: "string",
    project: "string",
    region: "string",
    buildEnvironmentVariables: {
        string: "string",
    },
    minInstances: 0,
    secretVolumes: [{
        mountPath: "string",
        secret: "string",
        projectId: "string",
        versions: [{
            path: "string",
            version: "string",
        }],
    }],
    name: "string",
    sourceArchiveBucket: "string",
    sourceArchiveObject: "string",
    sourceRepository: {
        url: "string",
        deployedUrl: "string",
    },
    timeout: 0,
    triggerHttp: false,
    vpcConnector: "string",
    vpcConnectorEgressSettings: "string",
});
Copy
type: gcp:cloudfunctions:Function
properties:
    availableMemoryMb: 0
    buildEnvironmentVariables:
        string: string
    buildServiceAccount: string
    buildWorkerPool: string
    description: string
    dockerRegistry: string
    dockerRepository: string
    entryPoint: string
    environmentVariables:
        string: string
    eventTrigger:
        eventType: string
        failurePolicy:
            retry: false
        resource: string
    httpsTriggerSecurityLevel: string
    httpsTriggerUrl: string
    ingressSettings: string
    kmsKeyName: string
    labels:
        string: string
    maxInstances: 0
    minInstances: 0
    name: string
    project: string
    region: string
    runtime: string
    secretEnvironmentVariables:
        - key: string
          projectId: string
          secret: string
          version: string
    secretVolumes:
        - mountPath: string
          projectId: string
          secret: string
          versions:
            - path: string
              version: string
    serviceAccountEmail: string
    sourceArchiveBucket: string
    sourceArchiveObject: string
    sourceRepository:
        deployedUrl: string
        url: string
    timeout: 0
    triggerHttp: false
    vpcConnector: string
    vpcConnectorEgressSettings: string
Copy

Function Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Function resource accepts the following input properties:

Runtime This property is required. string
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

AvailableMemoryMb int
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
BuildEnvironmentVariables Dictionary<string, string>
A set of key/value environment variable pairs available during build time.
BuildServiceAccount string
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
BuildWorkerPool string
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
Description string
Description of the function.
DockerRegistry string
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
DockerRepository string
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
EntryPoint Changes to this property will trigger replacement. string
Name of the function that will be executed when the Google Cloud Function is triggered.
EnvironmentVariables Dictionary<string, string>
A set of key/value environment variable pairs to assign to the function.
EventTrigger FunctionEventTrigger
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
HttpsTriggerSecurityLevel string
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
HttpsTriggerUrl string
URL which triggers function execution. Returned only if trigger_http is used.
IngressSettings string
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
KmsKeyName string
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
Labels Dictionary<string, string>

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

MaxInstances int
The limit on the maximum number of function instances that may coexist at a given time.
MinInstances int
The limit on the minimum number of function instances that may coexist at a given time.
Name Changes to this property will trigger replacement. string
A user-defined name of the function. Function names must be unique globally.
Project Changes to this property will trigger replacement. string
Project of the function. If it is not provided, the provider project is used.
Region Changes to this property will trigger replacement. string
Region of function. If it is not provided, the provider region is used.
SecretEnvironmentVariables List<FunctionSecretEnvironmentVariable>
Secret environment variables configuration. Structure is documented below.
SecretVolumes List<FunctionSecretVolume>
Secret volumes configuration. Structure is documented below.
ServiceAccountEmail Changes to this property will trigger replacement. string
If provided, the self-provided service account to run the function with.
SourceArchiveBucket string
The GCS bucket containing the zip archive which contains the function.
SourceArchiveObject string
The source archive object (file) in archive bucket.
SourceRepository FunctionSourceRepository
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
Timeout int
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
TriggerHttp Changes to this property will trigger replacement. bool
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
VpcConnector string
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
VpcConnectorEgressSettings string
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
Runtime This property is required. string
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

AvailableMemoryMb int
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
BuildEnvironmentVariables map[string]string
A set of key/value environment variable pairs available during build time.
BuildServiceAccount string
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
BuildWorkerPool string
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
Description string
Description of the function.
DockerRegistry string
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
DockerRepository string
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
EntryPoint Changes to this property will trigger replacement. string
Name of the function that will be executed when the Google Cloud Function is triggered.
EnvironmentVariables map[string]string
A set of key/value environment variable pairs to assign to the function.
EventTrigger FunctionEventTriggerArgs
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
HttpsTriggerSecurityLevel string
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
HttpsTriggerUrl string
URL which triggers function execution. Returned only if trigger_http is used.
IngressSettings string
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
KmsKeyName string
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
Labels map[string]string

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

MaxInstances int
The limit on the maximum number of function instances that may coexist at a given time.
MinInstances int
The limit on the minimum number of function instances that may coexist at a given time.
Name Changes to this property will trigger replacement. string
A user-defined name of the function. Function names must be unique globally.
Project Changes to this property will trigger replacement. string
Project of the function. If it is not provided, the provider project is used.
Region Changes to this property will trigger replacement. string
Region of function. If it is not provided, the provider region is used.
SecretEnvironmentVariables []FunctionSecretEnvironmentVariableArgs
Secret environment variables configuration. Structure is documented below.
SecretVolumes []FunctionSecretVolumeArgs
Secret volumes configuration. Structure is documented below.
ServiceAccountEmail Changes to this property will trigger replacement. string
If provided, the self-provided service account to run the function with.
SourceArchiveBucket string
The GCS bucket containing the zip archive which contains the function.
SourceArchiveObject string
The source archive object (file) in archive bucket.
SourceRepository FunctionSourceRepositoryArgs
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
Timeout int
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
TriggerHttp Changes to this property will trigger replacement. bool
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
VpcConnector string
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
VpcConnectorEgressSettings string
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
runtime This property is required. String
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

availableMemoryMb Integer
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
buildEnvironmentVariables Map<String,String>
A set of key/value environment variable pairs available during build time.
buildServiceAccount String
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
buildWorkerPool String
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
description String
Description of the function.
dockerRegistry String
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
dockerRepository String
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
entryPoint Changes to this property will trigger replacement. String
Name of the function that will be executed when the Google Cloud Function is triggered.
environmentVariables Map<String,String>
A set of key/value environment variable pairs to assign to the function.
eventTrigger FunctionEventTrigger
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
httpsTriggerSecurityLevel String
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
httpsTriggerUrl String
URL which triggers function execution. Returned only if trigger_http is used.
ingressSettings String
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
kmsKeyName String
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
labels Map<String,String>

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

maxInstances Integer
The limit on the maximum number of function instances that may coexist at a given time.
minInstances Integer
The limit on the minimum number of function instances that may coexist at a given time.
name Changes to this property will trigger replacement. String
A user-defined name of the function. Function names must be unique globally.
project Changes to this property will trigger replacement. String
Project of the function. If it is not provided, the provider project is used.
region Changes to this property will trigger replacement. String
Region of function. If it is not provided, the provider region is used.
secretEnvironmentVariables List<FunctionSecretEnvironmentVariable>
Secret environment variables configuration. Structure is documented below.
secretVolumes List<FunctionSecretVolume>
Secret volumes configuration. Structure is documented below.
serviceAccountEmail Changes to this property will trigger replacement. String
If provided, the self-provided service account to run the function with.
sourceArchiveBucket String
The GCS bucket containing the zip archive which contains the function.
sourceArchiveObject String
The source archive object (file) in archive bucket.
sourceRepository FunctionSourceRepository
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
timeout Integer
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
triggerHttp Changes to this property will trigger replacement. Boolean
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
vpcConnector String
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
vpcConnectorEgressSettings String
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
runtime This property is required. string
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

availableMemoryMb number
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
buildEnvironmentVariables {[key: string]: string}
A set of key/value environment variable pairs available during build time.
buildServiceAccount string
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
buildWorkerPool string
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
description string
Description of the function.
dockerRegistry string
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
dockerRepository string
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
entryPoint Changes to this property will trigger replacement. string
Name of the function that will be executed when the Google Cloud Function is triggered.
environmentVariables {[key: string]: string}
A set of key/value environment variable pairs to assign to the function.
eventTrigger FunctionEventTrigger
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
httpsTriggerSecurityLevel string
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
httpsTriggerUrl string
URL which triggers function execution. Returned only if trigger_http is used.
ingressSettings string
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
kmsKeyName string
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
labels {[key: string]: string}

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

maxInstances number
The limit on the maximum number of function instances that may coexist at a given time.
minInstances number
The limit on the minimum number of function instances that may coexist at a given time.
name Changes to this property will trigger replacement. string
A user-defined name of the function. Function names must be unique globally.
project Changes to this property will trigger replacement. string
Project of the function. If it is not provided, the provider project is used.
region Changes to this property will trigger replacement. string
Region of function. If it is not provided, the provider region is used.
secretEnvironmentVariables FunctionSecretEnvironmentVariable[]
Secret environment variables configuration. Structure is documented below.
secretVolumes FunctionSecretVolume[]
Secret volumes configuration. Structure is documented below.
serviceAccountEmail Changes to this property will trigger replacement. string
If provided, the self-provided service account to run the function with.
sourceArchiveBucket string
The GCS bucket containing the zip archive which contains the function.
sourceArchiveObject string
The source archive object (file) in archive bucket.
sourceRepository FunctionSourceRepository
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
timeout number
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
triggerHttp Changes to this property will trigger replacement. boolean
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
vpcConnector string
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
vpcConnectorEgressSettings string
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
runtime This property is required. str
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

available_memory_mb int
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
build_environment_variables Mapping[str, str]
A set of key/value environment variable pairs available during build time.
build_service_account str
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
build_worker_pool str
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
description str
Description of the function.
docker_registry str
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
docker_repository str
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
entry_point Changes to this property will trigger replacement. str
Name of the function that will be executed when the Google Cloud Function is triggered.
environment_variables Mapping[str, str]
A set of key/value environment variable pairs to assign to the function.
event_trigger FunctionEventTriggerArgs
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
https_trigger_security_level str
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
https_trigger_url str
URL which triggers function execution. Returned only if trigger_http is used.
ingress_settings str
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
kms_key_name str
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
labels Mapping[str, str]

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

max_instances int
The limit on the maximum number of function instances that may coexist at a given time.
min_instances int
The limit on the minimum number of function instances that may coexist at a given time.
name Changes to this property will trigger replacement. str
A user-defined name of the function. Function names must be unique globally.
project Changes to this property will trigger replacement. str
Project of the function. If it is not provided, the provider project is used.
region Changes to this property will trigger replacement. str
Region of function. If it is not provided, the provider region is used.
secret_environment_variables Sequence[FunctionSecretEnvironmentVariableArgs]
Secret environment variables configuration. Structure is documented below.
secret_volumes Sequence[FunctionSecretVolumeArgs]
Secret volumes configuration. Structure is documented below.
service_account_email Changes to this property will trigger replacement. str
If provided, the self-provided service account to run the function with.
source_archive_bucket str
The GCS bucket containing the zip archive which contains the function.
source_archive_object str
The source archive object (file) in archive bucket.
source_repository FunctionSourceRepositoryArgs
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
timeout int
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
trigger_http Changes to this property will trigger replacement. bool
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
vpc_connector str
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
vpc_connector_egress_settings str
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
runtime This property is required. String
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

availableMemoryMb Number
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
buildEnvironmentVariables Map<String>
A set of key/value environment variable pairs available during build time.
buildServiceAccount String
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
buildWorkerPool String
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
description String
Description of the function.
dockerRegistry String
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
dockerRepository String
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
entryPoint Changes to this property will trigger replacement. String
Name of the function that will be executed when the Google Cloud Function is triggered.
environmentVariables Map<String>
A set of key/value environment variable pairs to assign to the function.
eventTrigger Property Map
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
httpsTriggerSecurityLevel String
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
httpsTriggerUrl String
URL which triggers function execution. Returned only if trigger_http is used.
ingressSettings String
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
kmsKeyName String
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
labels Map<String>

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

maxInstances Number
The limit on the maximum number of function instances that may coexist at a given time.
minInstances Number
The limit on the minimum number of function instances that may coexist at a given time.
name Changes to this property will trigger replacement. String
A user-defined name of the function. Function names must be unique globally.
project Changes to this property will trigger replacement. String
Project of the function. If it is not provided, the provider project is used.
region Changes to this property will trigger replacement. String
Region of function. If it is not provided, the provider region is used.
secretEnvironmentVariables List<Property Map>
Secret environment variables configuration. Structure is documented below.
secretVolumes List<Property Map>
Secret volumes configuration. Structure is documented below.
serviceAccountEmail Changes to this property will trigger replacement. String
If provided, the self-provided service account to run the function with.
sourceArchiveBucket String
The GCS bucket containing the zip archive which contains the function.
sourceArchiveObject String
The source archive object (file) in archive bucket.
sourceRepository Property Map
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
timeout Number
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
triggerHttp Changes to this property will trigger replacement. Boolean
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
vpcConnector String
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
vpcConnectorEgressSettings String
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.

Outputs

All input properties are implicitly available as output properties. Additionally, the Function resource produces the following output properties:

EffectiveLabels Dictionary<string, string>
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Id string
The provider-assigned unique ID for this managed resource.
PulumiLabels Dictionary<string, string>
The combination of labels configured directly on the resource and default labels configured on the provider.
Status string
Describes the current stage of a deployment.
VersionId string
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
EffectiveLabels map[string]string
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Id string
The provider-assigned unique ID for this managed resource.
PulumiLabels map[string]string
The combination of labels configured directly on the resource and default labels configured on the provider.
Status string
Describes the current stage of a deployment.
VersionId string
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
effectiveLabels Map<String,String>
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id String
The provider-assigned unique ID for this managed resource.
pulumiLabels Map<String,String>
The combination of labels configured directly on the resource and default labels configured on the provider.
status String
Describes the current stage of a deployment.
versionId String
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
effectiveLabels {[key: string]: string}
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id string
The provider-assigned unique ID for this managed resource.
pulumiLabels {[key: string]: string}
The combination of labels configured directly on the resource and default labels configured on the provider.
status string
Describes the current stage of a deployment.
versionId string
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
effective_labels Mapping[str, str]
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id str
The provider-assigned unique ID for this managed resource.
pulumi_labels Mapping[str, str]
The combination of labels configured directly on the resource and default labels configured on the provider.
status str
Describes the current stage of a deployment.
version_id str
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
effectiveLabels Map<String>
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
id String
The provider-assigned unique ID for this managed resource.
pulumiLabels Map<String>
The combination of labels configured directly on the resource and default labels configured on the provider.
status String
Describes the current stage of a deployment.
versionId String
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.

Look up Existing Function Resource

Get an existing Function resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FunctionState, opts?: CustomResourceOptions): Function
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        available_memory_mb: Optional[int] = None,
        build_environment_variables: Optional[Mapping[str, str]] = None,
        build_service_account: Optional[str] = None,
        build_worker_pool: Optional[str] = None,
        description: Optional[str] = None,
        docker_registry: Optional[str] = None,
        docker_repository: Optional[str] = None,
        effective_labels: Optional[Mapping[str, str]] = None,
        entry_point: Optional[str] = None,
        environment_variables: Optional[Mapping[str, str]] = None,
        event_trigger: Optional[FunctionEventTriggerArgs] = None,
        https_trigger_security_level: Optional[str] = None,
        https_trigger_url: Optional[str] = None,
        ingress_settings: Optional[str] = None,
        kms_key_name: Optional[str] = None,
        labels: Optional[Mapping[str, str]] = None,
        max_instances: Optional[int] = None,
        min_instances: Optional[int] = None,
        name: Optional[str] = None,
        project: Optional[str] = None,
        pulumi_labels: Optional[Mapping[str, str]] = None,
        region: Optional[str] = None,
        runtime: Optional[str] = None,
        secret_environment_variables: Optional[Sequence[FunctionSecretEnvironmentVariableArgs]] = None,
        secret_volumes: Optional[Sequence[FunctionSecretVolumeArgs]] = None,
        service_account_email: Optional[str] = None,
        source_archive_bucket: Optional[str] = None,
        source_archive_object: Optional[str] = None,
        source_repository: Optional[FunctionSourceRepositoryArgs] = None,
        status: Optional[str] = None,
        timeout: Optional[int] = None,
        trigger_http: Optional[bool] = None,
        version_id: Optional[str] = None,
        vpc_connector: Optional[str] = None,
        vpc_connector_egress_settings: Optional[str] = None) -> Function
func GetFunction(ctx *Context, name string, id IDInput, state *FunctionState, opts ...ResourceOption) (*Function, error)
public static Function Get(string name, Input<string> id, FunctionState? state, CustomResourceOptions? opts = null)
public static Function get(String name, Output<String> id, FunctionState state, CustomResourceOptions options)
resources:  _:    type: gcp:cloudfunctions:Function    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AvailableMemoryMb int
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
BuildEnvironmentVariables Dictionary<string, string>
A set of key/value environment variable pairs available during build time.
BuildServiceAccount string
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
BuildWorkerPool string
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
Description string
Description of the function.
DockerRegistry string
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
DockerRepository string
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
EffectiveLabels Dictionary<string, string>
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
EntryPoint Changes to this property will trigger replacement. string
Name of the function that will be executed when the Google Cloud Function is triggered.
EnvironmentVariables Dictionary<string, string>
A set of key/value environment variable pairs to assign to the function.
EventTrigger FunctionEventTrigger
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
HttpsTriggerSecurityLevel string
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
HttpsTriggerUrl string
URL which triggers function execution. Returned only if trigger_http is used.
IngressSettings string
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
KmsKeyName string
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
Labels Dictionary<string, string>

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

MaxInstances int
The limit on the maximum number of function instances that may coexist at a given time.
MinInstances int
The limit on the minimum number of function instances that may coexist at a given time.
Name Changes to this property will trigger replacement. string
A user-defined name of the function. Function names must be unique globally.
Project Changes to this property will trigger replacement. string
Project of the function. If it is not provided, the provider project is used.
PulumiLabels Dictionary<string, string>
The combination of labels configured directly on the resource and default labels configured on the provider.
Region Changes to this property will trigger replacement. string
Region of function. If it is not provided, the provider region is used.
Runtime string
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

SecretEnvironmentVariables List<FunctionSecretEnvironmentVariable>
Secret environment variables configuration. Structure is documented below.
SecretVolumes List<FunctionSecretVolume>
Secret volumes configuration. Structure is documented below.
ServiceAccountEmail Changes to this property will trigger replacement. string
If provided, the self-provided service account to run the function with.
SourceArchiveBucket string
The GCS bucket containing the zip archive which contains the function.
SourceArchiveObject string
The source archive object (file) in archive bucket.
SourceRepository FunctionSourceRepository
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
Status string
Describes the current stage of a deployment.
Timeout int
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
TriggerHttp Changes to this property will trigger replacement. bool
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
VersionId string
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
VpcConnector string
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
VpcConnectorEgressSettings string
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
AvailableMemoryMb int
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
BuildEnvironmentVariables map[string]string
A set of key/value environment variable pairs available during build time.
BuildServiceAccount string
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
BuildWorkerPool string
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
Description string
Description of the function.
DockerRegistry string
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
DockerRepository string
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
EffectiveLabels map[string]string
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
EntryPoint Changes to this property will trigger replacement. string
Name of the function that will be executed when the Google Cloud Function is triggered.
EnvironmentVariables map[string]string
A set of key/value environment variable pairs to assign to the function.
EventTrigger FunctionEventTriggerArgs
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
HttpsTriggerSecurityLevel string
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
HttpsTriggerUrl string
URL which triggers function execution. Returned only if trigger_http is used.
IngressSettings string
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
KmsKeyName string
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
Labels map[string]string

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

MaxInstances int
The limit on the maximum number of function instances that may coexist at a given time.
MinInstances int
The limit on the minimum number of function instances that may coexist at a given time.
Name Changes to this property will trigger replacement. string
A user-defined name of the function. Function names must be unique globally.
Project Changes to this property will trigger replacement. string
Project of the function. If it is not provided, the provider project is used.
PulumiLabels map[string]string
The combination of labels configured directly on the resource and default labels configured on the provider.
Region Changes to this property will trigger replacement. string
Region of function. If it is not provided, the provider region is used.
Runtime string
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

SecretEnvironmentVariables []FunctionSecretEnvironmentVariableArgs
Secret environment variables configuration. Structure is documented below.
SecretVolumes []FunctionSecretVolumeArgs
Secret volumes configuration. Structure is documented below.
ServiceAccountEmail Changes to this property will trigger replacement. string
If provided, the self-provided service account to run the function with.
SourceArchiveBucket string
The GCS bucket containing the zip archive which contains the function.
SourceArchiveObject string
The source archive object (file) in archive bucket.
SourceRepository FunctionSourceRepositoryArgs
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
Status string
Describes the current stage of a deployment.
Timeout int
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
TriggerHttp Changes to this property will trigger replacement. bool
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
VersionId string
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
VpcConnector string
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
VpcConnectorEgressSettings string
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
availableMemoryMb Integer
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
buildEnvironmentVariables Map<String,String>
A set of key/value environment variable pairs available during build time.
buildServiceAccount String
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
buildWorkerPool String
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
description String
Description of the function.
dockerRegistry String
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
dockerRepository String
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
effectiveLabels Map<String,String>
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
entryPoint Changes to this property will trigger replacement. String
Name of the function that will be executed when the Google Cloud Function is triggered.
environmentVariables Map<String,String>
A set of key/value environment variable pairs to assign to the function.
eventTrigger FunctionEventTrigger
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
httpsTriggerSecurityLevel String
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
httpsTriggerUrl String
URL which triggers function execution. Returned only if trigger_http is used.
ingressSettings String
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
kmsKeyName String
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
labels Map<String,String>

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

maxInstances Integer
The limit on the maximum number of function instances that may coexist at a given time.
minInstances Integer
The limit on the minimum number of function instances that may coexist at a given time.
name Changes to this property will trigger replacement. String
A user-defined name of the function. Function names must be unique globally.
project Changes to this property will trigger replacement. String
Project of the function. If it is not provided, the provider project is used.
pulumiLabels Map<String,String>
The combination of labels configured directly on the resource and default labels configured on the provider.
region Changes to this property will trigger replacement. String
Region of function. If it is not provided, the provider region is used.
runtime String
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

secretEnvironmentVariables List<FunctionSecretEnvironmentVariable>
Secret environment variables configuration. Structure is documented below.
secretVolumes List<FunctionSecretVolume>
Secret volumes configuration. Structure is documented below.
serviceAccountEmail Changes to this property will trigger replacement. String
If provided, the self-provided service account to run the function with.
sourceArchiveBucket String
The GCS bucket containing the zip archive which contains the function.
sourceArchiveObject String
The source archive object (file) in archive bucket.
sourceRepository FunctionSourceRepository
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
status String
Describes the current stage of a deployment.
timeout Integer
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
triggerHttp Changes to this property will trigger replacement. Boolean
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
versionId String
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
vpcConnector String
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
vpcConnectorEgressSettings String
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
availableMemoryMb number
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
buildEnvironmentVariables {[key: string]: string}
A set of key/value environment variable pairs available during build time.
buildServiceAccount string
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
buildWorkerPool string
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
description string
Description of the function.
dockerRegistry string
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
dockerRepository string
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
effectiveLabels {[key: string]: string}
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
entryPoint Changes to this property will trigger replacement. string
Name of the function that will be executed when the Google Cloud Function is triggered.
environmentVariables {[key: string]: string}
A set of key/value environment variable pairs to assign to the function.
eventTrigger FunctionEventTrigger
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
httpsTriggerSecurityLevel string
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
httpsTriggerUrl string
URL which triggers function execution. Returned only if trigger_http is used.
ingressSettings string
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
kmsKeyName string
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
labels {[key: string]: string}

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

maxInstances number
The limit on the maximum number of function instances that may coexist at a given time.
minInstances number
The limit on the minimum number of function instances that may coexist at a given time.
name Changes to this property will trigger replacement. string
A user-defined name of the function. Function names must be unique globally.
project Changes to this property will trigger replacement. string
Project of the function. If it is not provided, the provider project is used.
pulumiLabels {[key: string]: string}
The combination of labels configured directly on the resource and default labels configured on the provider.
region Changes to this property will trigger replacement. string
Region of function. If it is not provided, the provider region is used.
runtime string
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

secretEnvironmentVariables FunctionSecretEnvironmentVariable[]
Secret environment variables configuration. Structure is documented below.
secretVolumes FunctionSecretVolume[]
Secret volumes configuration. Structure is documented below.
serviceAccountEmail Changes to this property will trigger replacement. string
If provided, the self-provided service account to run the function with.
sourceArchiveBucket string
The GCS bucket containing the zip archive which contains the function.
sourceArchiveObject string
The source archive object (file) in archive bucket.
sourceRepository FunctionSourceRepository
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
status string
Describes the current stage of a deployment.
timeout number
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
triggerHttp Changes to this property will trigger replacement. boolean
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
versionId string
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
vpcConnector string
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
vpcConnectorEgressSettings string
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
available_memory_mb int
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
build_environment_variables Mapping[str, str]
A set of key/value environment variable pairs available during build time.
build_service_account str
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
build_worker_pool str
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
description str
Description of the function.
docker_registry str
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
docker_repository str
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
effective_labels Mapping[str, str]
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
entry_point Changes to this property will trigger replacement. str
Name of the function that will be executed when the Google Cloud Function is triggered.
environment_variables Mapping[str, str]
A set of key/value environment variable pairs to assign to the function.
event_trigger FunctionEventTriggerArgs
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
https_trigger_security_level str
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
https_trigger_url str
URL which triggers function execution. Returned only if trigger_http is used.
ingress_settings str
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
kms_key_name str
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
labels Mapping[str, str]

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

max_instances int
The limit on the maximum number of function instances that may coexist at a given time.
min_instances int
The limit on the minimum number of function instances that may coexist at a given time.
name Changes to this property will trigger replacement. str
A user-defined name of the function. Function names must be unique globally.
project Changes to this property will trigger replacement. str
Project of the function. If it is not provided, the provider project is used.
pulumi_labels Mapping[str, str]
The combination of labels configured directly on the resource and default labels configured on the provider.
region Changes to this property will trigger replacement. str
Region of function. If it is not provided, the provider region is used.
runtime str
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

secret_environment_variables Sequence[FunctionSecretEnvironmentVariableArgs]
Secret environment variables configuration. Structure is documented below.
secret_volumes Sequence[FunctionSecretVolumeArgs]
Secret volumes configuration. Structure is documented below.
service_account_email Changes to this property will trigger replacement. str
If provided, the self-provided service account to run the function with.
source_archive_bucket str
The GCS bucket containing the zip archive which contains the function.
source_archive_object str
The source archive object (file) in archive bucket.
source_repository FunctionSourceRepositoryArgs
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
status str
Describes the current stage of a deployment.
timeout int
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
trigger_http Changes to this property will trigger replacement. bool
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
version_id str
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
vpc_connector str
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
vpc_connector_egress_settings str
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.
availableMemoryMb Number
Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.
buildEnvironmentVariables Map<String>
A set of key/value environment variable pairs available during build time.
buildServiceAccount String
If provided, the self-provided service account to use to build the function. The format of this field is projects/{project}/serviceAccounts/{serviceAccountEmail}
buildWorkerPool String
Name of the Cloud Build Custom Worker Pool that should be used to build the function.
description String
Description of the function.
dockerRegistry String
Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.
dockerRepository String
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region.
effectiveLabels Map<String>
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
entryPoint Changes to this property will trigger replacement. String
Name of the function that will be executed when the Google Cloud Function is triggered.
environmentVariables Map<String>
A set of key/value environment variable pairs to assign to the function.
eventTrigger Property Map
A source that fires events in response to a condition in another service. Structure is documented below. Cannot be used with trigger_http.
httpsTriggerSecurityLevel String
The security level for the function. The following options are available:

  • SECURE_ALWAYS Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect.
  • SECURE_OPTIONAL Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly.
httpsTriggerUrl String
URL which triggers function execution. Returned only if trigger_http is used.
ingressSettings String
String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function.
kmsKeyName String
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. If specified, you must also provide an artifact registry repository using the docker_repository field that was created with the same KMS crypto key. Before deploying, please complete all pre-requisites described in https://cloud.google.com/functions/docs/securing/cmek#granting_service_accounts_access_to_the_key
labels Map<String>

A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.

Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

maxInstances Number
The limit on the maximum number of function instances that may coexist at a given time.
minInstances Number
The limit on the minimum number of function instances that may coexist at a given time.
name Changes to this property will trigger replacement. String
A user-defined name of the function. Function names must be unique globally.
project Changes to this property will trigger replacement. String
Project of the function. If it is not provided, the provider project is used.
pulumiLabels Map<String>
The combination of labels configured directly on the resource and default labels configured on the provider.
region Changes to this property will trigger replacement. String
Region of function. If it is not provided, the provider region is used.
runtime String
The runtime in which the function is going to run. Eg. "nodejs20", "python39", "dotnet3", "go116", "java11", "ruby30", "php74", etc. Check the official doc for the up-to-date list.

secretEnvironmentVariables List<Property Map>
Secret environment variables configuration. Structure is documented below.
secretVolumes List<Property Map>
Secret volumes configuration. Structure is documented below.
serviceAccountEmail Changes to this property will trigger replacement. String
If provided, the self-provided service account to run the function with.
sourceArchiveBucket String
The GCS bucket containing the zip archive which contains the function.
sourceArchiveObject String
The source archive object (file) in archive bucket.
sourceRepository Property Map
Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object. Structure is documented below. It must match the pattern projects/{project}/locations/{location}/repositories/{repository}.*
status String
Describes the current stage of a deployment.
timeout Number
Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.
triggerHttp Changes to this property will trigger replacement. Boolean
Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with event_trigger.
versionId String
The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.
vpcConnector String
The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*.
vpcConnectorEgressSettings String
The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.

Supporting Types

FunctionEventTrigger
, FunctionEventTriggerArgs

EventType
This property is required.
Changes to this property will trigger replacement.
string
The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.
Resource This property is required. string
Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"
FailurePolicy FunctionEventTriggerFailurePolicy
Specifies policy for failed executions. Structure is documented below.
EventType
This property is required.
Changes to this property will trigger replacement.
string
The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.
Resource This property is required. string
Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"
FailurePolicy FunctionEventTriggerFailurePolicy
Specifies policy for failed executions. Structure is documented below.
eventType
This property is required.
Changes to this property will trigger replacement.
String
The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.
resource This property is required. String
Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"
failurePolicy FunctionEventTriggerFailurePolicy
Specifies policy for failed executions. Structure is documented below.
eventType
This property is required.
Changes to this property will trigger replacement.
string
The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.
resource This property is required. string
Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"
failurePolicy FunctionEventTriggerFailurePolicy
Specifies policy for failed executions. Structure is documented below.
event_type
This property is required.
Changes to this property will trigger replacement.
str
The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.
resource This property is required. str
Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"
failure_policy FunctionEventTriggerFailurePolicy
Specifies policy for failed executions. Structure is documented below.
eventType
This property is required.
Changes to this property will trigger replacement.
String
The type of event to observe. For example: "google.storage.object.finalize". See the documentation on calling Cloud Functions for a full reference of accepted triggers.
resource This property is required. String
Required. The name or partial URI of the resource from which to observe events. For example, "myBucket" or "projects/my-project/topics/my-topic"
failurePolicy Property Map
Specifies policy for failed executions. Structure is documented below.

FunctionEventTriggerFailurePolicy
, FunctionEventTriggerFailurePolicyArgs

Retry This property is required. bool
Whether the function should be retried on failure. Defaults to false.
Retry This property is required. bool
Whether the function should be retried on failure. Defaults to false.
retry This property is required. Boolean
Whether the function should be retried on failure. Defaults to false.
retry This property is required. boolean
Whether the function should be retried on failure. Defaults to false.
retry This property is required. bool
Whether the function should be retried on failure. Defaults to false.
retry This property is required. Boolean
Whether the function should be retried on failure. Defaults to false.

FunctionSecretEnvironmentVariable
, FunctionSecretEnvironmentVariableArgs

Key This property is required. string
Name of the environment variable.
Secret This property is required. string
ID of the secret in secret manager (not the full resource name).
Version This property is required. string
Version of the secret (version number or the string "latest"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.
ProjectId string
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
Key This property is required. string
Name of the environment variable.
Secret This property is required. string
ID of the secret in secret manager (not the full resource name).
Version This property is required. string
Version of the secret (version number or the string "latest"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.
ProjectId string
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
key This property is required. String
Name of the environment variable.
secret This property is required. String
ID of the secret in secret manager (not the full resource name).
version This property is required. String
Version of the secret (version number or the string "latest"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.
projectId String
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
key This property is required. string
Name of the environment variable.
secret This property is required. string
ID of the secret in secret manager (not the full resource name).
version This property is required. string
Version of the secret (version number or the string "latest"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.
projectId string
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
key This property is required. str
Name of the environment variable.
secret This property is required. str
ID of the secret in secret manager (not the full resource name).
version This property is required. str
Version of the secret (version number or the string "latest"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.
project_id str
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
key This property is required. String
Name of the environment variable.
secret This property is required. String
ID of the secret in secret manager (not the full resource name).
version This property is required. String
Version of the secret (version number or the string "latest"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.
projectId String
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.

FunctionSecretVolume
, FunctionSecretVolumeArgs

MountPath This property is required. string
The path within the container to mount the secret volume. For example, setting the mount_path as "/etc/secrets" would mount the secret value files under the "/etc/secrets" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: "/etc/secrets" Restricted mount paths: "/cloudsql", "/dev/log", "/pod", "/proc", "/var/log".
Secret This property is required. string
ID of the secret in secret manager (not the full resource name).
ProjectId string
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
Versions List<FunctionSecretVolumeVersion>
List of secret versions to mount for this secret. If empty, the "latest" version of the secret will be made available in a file named after the secret under the mount point. Structure is documented below.
MountPath This property is required. string
The path within the container to mount the secret volume. For example, setting the mount_path as "/etc/secrets" would mount the secret value files under the "/etc/secrets" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: "/etc/secrets" Restricted mount paths: "/cloudsql", "/dev/log", "/pod", "/proc", "/var/log".
Secret This property is required. string
ID of the secret in secret manager (not the full resource name).
ProjectId string
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
Versions []FunctionSecretVolumeVersion
List of secret versions to mount for this secret. If empty, the "latest" version of the secret will be made available in a file named after the secret under the mount point. Structure is documented below.
mountPath This property is required. String
The path within the container to mount the secret volume. For example, setting the mount_path as "/etc/secrets" would mount the secret value files under the "/etc/secrets" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: "/etc/secrets" Restricted mount paths: "/cloudsql", "/dev/log", "/pod", "/proc", "/var/log".
secret This property is required. String
ID of the secret in secret manager (not the full resource name).
projectId String
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
versions List<FunctionSecretVolumeVersion>
List of secret versions to mount for this secret. If empty, the "latest" version of the secret will be made available in a file named after the secret under the mount point. Structure is documented below.
mountPath This property is required. string
The path within the container to mount the secret volume. For example, setting the mount_path as "/etc/secrets" would mount the secret value files under the "/etc/secrets" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: "/etc/secrets" Restricted mount paths: "/cloudsql", "/dev/log", "/pod", "/proc", "/var/log".
secret This property is required. string
ID of the secret in secret manager (not the full resource name).
projectId string
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
versions FunctionSecretVolumeVersion[]
List of secret versions to mount for this secret. If empty, the "latest" version of the secret will be made available in a file named after the secret under the mount point. Structure is documented below.
mount_path This property is required. str
The path within the container to mount the secret volume. For example, setting the mount_path as "/etc/secrets" would mount the secret value files under the "/etc/secrets" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: "/etc/secrets" Restricted mount paths: "/cloudsql", "/dev/log", "/pod", "/proc", "/var/log".
secret This property is required. str
ID of the secret in secret manager (not the full resource name).
project_id str
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
versions Sequence[FunctionSecretVolumeVersion]
List of secret versions to mount for this secret. If empty, the "latest" version of the secret will be made available in a file named after the secret under the mount point. Structure is documented below.
mountPath This property is required. String
The path within the container to mount the secret volume. For example, setting the mount_path as "/etc/secrets" would mount the secret value files under the "/etc/secrets" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: "/etc/secrets" Restricted mount paths: "/cloudsql", "/dev/log", "/pod", "/proc", "/var/log".
secret This property is required. String
ID of the secret in secret manager (not the full resource name).
projectId String
Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
versions List<Property Map>
List of secret versions to mount for this secret. If empty, the "latest" version of the secret will be made available in a file named after the secret under the mount point. Structure is documented below.

FunctionSecretVolumeVersion
, FunctionSecretVolumeVersionArgs

Path This property is required. string
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as "/etc/secrets" and path as "/secret_foo" would mount the secret value file at "/etc/secrets/secret_foo".
Version This property is required. string
Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
Path This property is required. string
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as "/etc/secrets" and path as "/secret_foo" would mount the secret value file at "/etc/secrets/secret_foo".
Version This property is required. string
Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
path This property is required. String
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as "/etc/secrets" and path as "/secret_foo" would mount the secret value file at "/etc/secrets/secret_foo".
version This property is required. String
Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
path This property is required. string
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as "/etc/secrets" and path as "/secret_foo" would mount the secret value file at "/etc/secrets/secret_foo".
version This property is required. string
Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
path This property is required. str
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as "/etc/secrets" and path as "/secret_foo" would mount the secret value file at "/etc/secrets/secret_foo".
version This property is required. str
Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
path This property is required. String
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as "/etc/secrets" and path as "/secret_foo" would mount the secret value file at "/etc/secrets/secret_foo".
version This property is required. String
Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.

FunctionSourceRepository
, FunctionSourceRepositoryArgs

Url This property is required. string
The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

  • To refer to a specific commit: https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*
  • To refer to a moveable alias (branch): https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*. To refer to HEAD, use the master moveable alias.
  • To refer to a specific fixed alias (tag): https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*
DeployedUrl string
The URL pointing to the hosted repository where the function was defined at the time of deployment.
Url This property is required. string
The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

  • To refer to a specific commit: https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*
  • To refer to a moveable alias (branch): https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*. To refer to HEAD, use the master moveable alias.
  • To refer to a specific fixed alias (tag): https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*
DeployedUrl string
The URL pointing to the hosted repository where the function was defined at the time of deployment.
url This property is required. String
The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

  • To refer to a specific commit: https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*
  • To refer to a moveable alias (branch): https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*. To refer to HEAD, use the master moveable alias.
  • To refer to a specific fixed alias (tag): https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*
deployedUrl String
The URL pointing to the hosted repository where the function was defined at the time of deployment.
url This property is required. string
The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

  • To refer to a specific commit: https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*
  • To refer to a moveable alias (branch): https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*. To refer to HEAD, use the master moveable alias.
  • To refer to a specific fixed alias (tag): https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*
deployedUrl string
The URL pointing to the hosted repository where the function was defined at the time of deployment.
url This property is required. str
The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

  • To refer to a specific commit: https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*
  • To refer to a moveable alias (branch): https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*. To refer to HEAD, use the master moveable alias.
  • To refer to a specific fixed alias (tag): https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*
deployed_url str
The URL pointing to the hosted repository where the function was defined at the time of deployment.
url This property is required. String
The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats:

  • To refer to a specific commit: https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*
  • To refer to a moveable alias (branch): https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*. To refer to HEAD, use the master moveable alias.
  • To refer to a specific fixed alias (tag): https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*
deployedUrl String
The URL pointing to the hosted repository where the function was defined at the time of deployment.

Import

Functions can be imported using the name or {{project}}/{{region}}/name, e.g.

  • {{project}}/{{region}}/{{name}}

  • {{name}}

When using the pulumi import command, Functions can be imported using one of the formats above. For example:

$ pulumi import gcp:cloudfunctions/function:Function default {{project}}/{{region}}/{{name}}
Copy
$ pulumi import gcp:cloudfunctions/function:Function default {{name}}
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes
This Pulumi package is based on the google-beta Terraform Provider.
Google Cloud v8.32.1 published on Thursday, May 22, 2025 by Pulumi
pulumi/pulumi-gcp