Index
CloudFunctionsService
(interface)CallFunctionRequest
(message)CallFunctionResponse
(message)CloudFunction
(message)CloudFunction.AutomaticUpdatePolicy
(message)CloudFunction.DockerRegistry
(enum)CloudFunction.IngressSettings
(enum)CloudFunction.OnDeployUpdatePolicy
(message)CloudFunction.VpcConnectorEgressSettings
(enum)CloudFunctionStatus
(enum)CreateFunctionRequest
(message)DeleteFunctionRequest
(message)EventTrigger
(message)FailurePolicy
(message)FailurePolicy.Retry
(message)GenerateDownloadUrlRequest
(message)GenerateDownloadUrlResponse
(message)GenerateUploadUrlRequest
(message)GenerateUploadUrlResponse
(message)GetFunctionRequest
(message)HttpsTrigger
(message)HttpsTrigger.SecurityLevel
(enum)ListFunctionsRequest
(message)ListFunctionsResponse
(message)OperationMetadataV1
(message)OperationType
(enum)SecretEnvVar
(message)SecretVolume
(message)SecretVolume.SecretVersion
(message)SourceRepository
(message)UpdateFunctionRequest
(message)
CloudFunctionsService
A service that application uses to manipulate triggers and functions.
CallFunction |
---|
Synchronously invokes a deployed Cloud Function. To be used for testing purposes as very limited traffic is allowed. For more information on the actual limits, refer to Rate Limits.
|
CreateFunction |
---|
Creates a new function. If a function with the given name already exists in the specified project, the long running operation will return
|
DeleteFunction |
---|
Deletes a function with the given name from the specified project. If the given function is used by some trigger, the trigger will be updated to remove this function.
|
GenerateDownloadUrl |
---|
Returns a signed URL for downloading deployed function source code. The URL is only valid for a limited period and should be used within minutes after generation. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls
|
GenerateUploadUrl |
---|
Returns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in CreateFunction or UpdateFunction request as a reference to the function source code. When uploading source code to the generated signed URL, please follow these restrictions:
When making a HTTP PUT request, these two headers need to be specified:
And this header SHOULD NOT be specified:
|
GetFunction |
---|
Returns a function with the given name from the requested project.
|
GetIamPolicy |
---|
Gets the IAM access control policy for a function. Returns an empty policy if the function exists and does not have a policy set.
|
ListFunctions |
---|
Returns a list of functions that belong to the requested project.
|
SetIamPolicy |
---|
Sets the IAM access control policy on the specified function. Replaces any existing policy.
|
TestIamPermissions |
---|
Tests the specified permissions against the IAM access control policy for a function. If the function does not exist, this will return an empty set of permissions, not a NOT_FOUND error.
|
UpdateFunction |
---|
Updates existing function.
|
CallFunctionRequest
Request for the CallFunction
method.
Fields | |
---|---|
name |
Required. The name of the function to be called. Authorization requires the following IAM permission on the specified resource
|
data |
Required. Input to be passed to the function. |
CallFunctionResponse
Response of CallFunction
method.
Fields | |
---|---|
execution_id |
Execution id of function invocation. |
result |
Result populated for successful execution of synchronous function. Will not be populated if function does not return a result through context. |
error |
Either system or user-function generated error. Set if execution was not successful. |
CloudFunction
Describes a Cloud Function that contains user computation executed in response to an event. It encapsulate function and triggers configurations.
Fields | |
---|---|
name |
A user-defined name of the function. Function names must be unique globally and match pattern |
description |
User-provided description of a function. |
status |
Output only. Status of the function deployment. |
entry_point |
The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix (ID of the function), if not specified. |
runtime |
The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. For a complete list of possible choices, see the |
timeout |
The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds. |
available_memory_mb |
The amount of memory in MB available for a function. Defaults to 256MB. |
service_account_email |
The email of the function's service account. If empty, defaults to |
update_time |
Output only. The last update timestamp of a Cloud Function. |
version_id |
Output only. The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created. |
labels |
Labels associated with this Cloud Function. |
environment_variables |
Environment variables that shall be available during function execution. |
build_environment_variables |
Build environment variables that shall be available during build time. |
network |
Deprecated: use vpc_connector |
max_instances |
The limit on the maximum number of function instances that may coexist at a given time. In some cases, such as rapid traffic surges, Cloud Functions may, for a short period of time, create more instances than the specified max instances limit. If your function cannot tolerate this temporary behavior, you may want to factor in a safety margin and set a lower max instances value than your function can tolerate. See the Max Instances Guide for more details. |
min_instances |
A lower bound for the number function instances that may coexist at a given time. |
vpc_connector |
The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is This field is mutually exclusive with See the VPC documentation for more information on connecting Cloud projects. |
vpc_connector_egress_settings |
The egress settings for the connector, controlling what traffic is diverted through it. |
ingress_settings |
The ingress settings for the function, controlling what traffic can reach it. |
kms_key_name |
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern If specified, you must also provide an artifact registry repository using the The following service accounts need to be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred).
Google Cloud Functions delegates access to service agents to protect function resources in internal projects that are not accessible by the end user. |
build_worker_pool |
Name of the Cloud Build Custom Worker Pool that should be used to build the function. The format of this field is If the project id is not the same as the function, then the Cloud Functions Service Agent ( |
build_id |
Output only. The Cloud Build ID of the latest successful deployment of the function. |
build_name |
Output only. The Cloud Build Name of the function deployment. |
secret_environment_variables[] |
Secret environment variables configuration. |
secret_volumes[] |
Secret volumes configuration. |
source_token |
Input only. An identifier for Firebase function sources. Disclaimer: This field is only supported for Firebase function deployments. |
docker_repository |
User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and It must match the pattern Cross-project repositories are not supported. Cross-location repositories are not supported. Repository format must be 'DOCKER'. |
docker_registry |
Docker Registry to use for this deployment. If unspecified, it defaults to |
build_service_account |
A service account the user provides for use with Cloud Build. The format of this field is |
Union field source_code . The location of the function source code. source_code can be only one of the following: |
|
source_archive_url |
The Google Cloud Storage URL, starting with |
source_repository |
Beta Feature The source repository where a function is hosted. |
source_upload_url |
The Google Cloud Storage signed URL used for source uploading, generated by calling [google.cloud.functions.v1.GenerateUploadUrl]. The signature is validated on write methods (Create, Update) The signature is stripped from the Function object on read methods (Get, List) |
Union field trigger . An event that triggers the function. trigger can be only one of the following: |
|
https_trigger |
An HTTPS endpoint type of source that can be triggered via URL. |
event_trigger |
A source that fires events in response to a condition in another service. |
Union field runtime_update_policy . This controls when security patches are applied to the runtime environment. runtime_update_policy can be only one of the following: |
|
automatic_update_policy |
|
on_deploy_update_policy |
AutomaticUpdatePolicy
This type has no fields.
Security patches are applied automatically to the runtime without requiring the function to be redeployed.
DockerRegistry
Docker Registry to use for storing function Docker images.
Enums | |
---|---|
DOCKER_REGISTRY_UNSPECIFIED |
Unspecified. |
CONTAINER_REGISTRY |
Docker images will be stored in multi-regional Container Registry repositories named gcf . |
ARTIFACT_REGISTRY |
Docker images will be stored in regional Artifact Registry repositories. By default, GCF will create and use repositories named gcf-artifacts in every region in which a function is deployed. But the repository to use can also be specified by the user using the docker_repository field. |
IngressSettings
Available ingress settings.
This controls what traffic can reach the function.
If unspecified, ALLOW_ALL will be used.
Enums | |
---|---|
INGRESS_SETTINGS_UNSPECIFIED |
Unspecified. |
ALLOW_ALL |
Allow HTTP traffic from public and private sources. |
ALLOW_INTERNAL_ONLY |
Allow HTTP traffic from only private VPC sources. |
ALLOW_INTERNAL_AND_GCLB |
Allow HTTP traffic from private VPC sources and through GCLB. |
OnDeployUpdatePolicy
Security patches are only applied when a function is redeployed.
Fields | |
---|---|
runtime_version |
Output only. Contains the runtime version which was used during latest function deployment. |
VpcConnectorEgressSettings
Available egress settings.
This controls what traffic is diverted through the VPC Access Connector resource. By default PRIVATE_RANGES_ONLY will be used.
Enums | |
---|---|
VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED |
Unspecified. |
PRIVATE_RANGES_ONLY |
Use the VPC Access Connector only for private IP space from RFC1918. |
ALL_TRAFFIC |
Force the use of VPC Access Connector for all egress traffic from the function. |
CloudFunctionStatus
Describes the current stage of a deployment.
Enums | |
---|---|
CLOUD_FUNCTION_STATUS_UNSPECIFIED |
Not specified. Invalid state. |
ACTIVE |
Function has been successfully deployed and is serving. |
OFFLINE |
Function deployment failed and the function isn’t serving. |
DEPLOY_IN_PROGRESS |
Function is being created or updated. |
DELETE_IN_PROGRESS |
Function is being deleted. |
UNKNOWN |
Function deployment failed and the function serving state is undefined. The function should be updated or deleted to move it out of this state. |
CreateFunctionRequest
Request for the CreateFunction
method.
Fields | |
---|---|
location |
Required. The project and location in which the function should be created, specified in the format Authorization requires the following IAM permission on the specified resource
|
function |
Required. Function to be created. |
DeleteFunctionRequest
Request for the DeleteFunction
method.
Fields | |
---|---|
name |
Required. The name of the function which should be deleted. Authorization requires the following IAM permission on the specified resource
|
EventTrigger
Describes EventTrigger, used to request events be sent from another service.
Fields | |
---|---|
event_type |
Required. The type of event to observe. For example: Event types match pattern
|
resource |
Required. The resource(s) from which to observe events, for example, Not all syntactically correct values are accepted by all services. For example:
Additionally, some services may support short names when creating an See each service's documentation for supported formats. |
service |
The hostname of the service that should be observed. If no string is provided, the default service implementing the API will be used. For example, |
failure_policy |
Specifies policy for failed executions. |
FailurePolicy
Describes the policy in case of function's execution failure. If empty, then defaults to ignoring failures (i.e. not retrying them).
Fields | |
---|---|
Union field action . Defines the action taken in case of a function execution failure. action can be only one of the following: |
|
retry |
If specified, then the function will be retried in case of a failure. |
Retry
This type has no fields.
Describes the retry policy in case of function's execution failure. A function execution will be retried on any failure. A failed execution will be retried up to 7 days with an exponential backoff (capped at 10 seconds). Retried execution is charged as any other execution.
GenerateDownloadUrlRequest
Request of GenerateDownloadUrl
method.
Fields | |
---|---|
name |
The name of function for which source code Google Cloud Storage signed URL should be generated. Authorization requires the following IAM permission on the specified resource
|
version_id |
The optional version of function. If not set, default, current version is used. |
GenerateDownloadUrlResponse
Response of GenerateDownloadUrl
method.
Fields | |
---|---|
download_url |
The generated Google Cloud Storage signed URL that should be used for function source code download. |
GenerateUploadUrlRequest
Request of GenerateSourceUploadUrl
method.
Fields | |
---|---|
parent |
The project and location in which the Google Cloud Storage signed URL should be generated, specified in the format Authorization requires the following IAM permission on the specified resource
|
kms_key_name |
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function source code objects in intermediate Cloud Storage buckets. When you generate an upload url and upload your source code, it gets copied to an intermediate Cloud Storage bucket. The source code is then copied to a versioned directory in the sources bucket in the consumer project during the function deployment. It must match the pattern The Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) must be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred). GCF will delegate access to the Google Storage service account in the internal project. |
GenerateUploadUrlResponse
Response of GenerateSourceUploadUrl
method.
Fields | |
---|---|
upload_url |
The generated Google Cloud Storage signed URL that should be used for a function source code upload. The uploaded file should be a zip archive which contains a function. |
GetFunctionRequest
Request for the GetFunction
method.
Fields | |
---|---|
name |
Required. The name of the function which details should be obtained. Authorization requires the following IAM permission on the specified resource
|
version_id |
Optional. The optional version of the function whose details should be obtained. The version of a 1st Gen function is an integer that starts from 1 and gets incremented on redeployments. Each deployment creates a config version of the underlying function. GCF may keep historical configs for old versions. This field can be specified to fetch the historical configs. Leave it blank or set to 0 to get the latest version of the function. |
HttpsTrigger
Describes HttpsTrigger, could be used to connect web hooks to function.
Fields | |
---|---|
url |
Output only. The deployed url for the function. |
security_level |
The security level for the function. |
SecurityLevel
Available security level settings.
This controls the methods to enforce security (HTTPS) on a URL.
If unspecified, SECURE_OPTIONAL will be used.
Enums | |
---|---|
SECURITY_LEVEL_UNSPECIFIED |
Unspecified. |
SECURE_ALWAYS |
Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are reserved for the redirect. |
SECURE_OPTIONAL |
Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly. |
ListFunctionsRequest
Request for the ListFunctions
method.
Fields | |
---|---|
parent |
The project and location from which the function should be listed, specified in the format Authorization requires the following IAM permission on the specified resource
|
page_size |
Maximum number of functions to return per call. |
page_token |
The value returned by the last |
ListFunctionsResponse
Response for the ListFunctions
method.
Fields | |
---|---|
functions[] |
The functions that match the request. |
next_page_token |
If not empty, indicates that there may be more functions that match the request; this value should be passed in a new |
unreachable[] |
Locations that could not be reached. The response does not include any functions from these locations. |
OperationMetadataV1
Metadata describing an Operation
Fields | |
---|---|
target |
Target of the operation - for example |
type |
Type of operation. |
request |
The original request that started the operation. |
version_id |
Version id of the function created or updated by an API call. This field is only populated for Create and Update operations. |
update_time |
The last update timestamp of the operation. |
build_id |
The Cloud Build ID of the function created or updated by an API call. This field is only populated for Create and Update operations. |
source_token |
An identifier for Firebase function sources. Disclaimer: This field is only supported for Firebase function deployments. |
build_name |
The Cloud Build Name of the function deployment. This field is only populated for Create and Update operations. |
OperationType
A type of an operation.
Enums | |
---|---|
OPERATION_UNSPECIFIED |
Unknown operation type. |
CREATE_FUNCTION |
Triggered by CreateFunction call |
UPDATE_FUNCTION |
Triggered by UpdateFunction call |
DELETE_FUNCTION |
Triggered by DeleteFunction call. |
SecretEnvVar
Configuration for a secret environment variable. It has the information necessary to fetch the secret value from secret manager and expose it as an environment variable.
Fields | |
---|---|
key |
Name of the environment variable. |
project_id |
Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. |
secret |
Name of the secret in secret manager (not the full resource name). |
version |
Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start. |
SecretVolume
Configuration for a secret volume. It has the information necessary to fetch the secret value from secret manager and make it available as files mounted at the requested paths within the application container. Secret value is not a part of the configuration. Every filesystem read operation performs a lookup in secret manager to retrieve the secret value.
Fields | |
---|---|
mount_path |
The path within the container to mount the secret volume. For example, setting the mount_path as Recommended mount paths: /etc/secrets Restricted mount paths: /cloudsql, /dev/log, /pod, /proc, /var/log |
project_id |
Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. |
secret |
Name of the secret in secret manager (not the full resource name). |
versions[] |
List of secret versions to mount for this secret. If empty, the |
SecretVersion
Configuration for a single version.
Fields | |
---|---|
version |
Version of the secret (version number or the string 'latest'). It is preferable to use |
path |
Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as '/etc/secrets' and path as |
SourceRepository
Describes SourceRepository, used to represent parameters related to source repository where a function is hosted.
Fields | |
---|---|
url |
The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats: To refer to a specific commit: You may omit |
deployed_url |
Output only. The URL pointing to the hosted repository where the function were defined at the time of deployment. It always points to a specific commit in the format described above. |
UpdateFunctionRequest
Request for the UpdateFunction
method.
Fields | |
---|---|
function |
Required. New version of the function. Authorization requires the following IAM permission on the specified resource
|
update_mask |
Required. The list of fields in |