Add support for VPC direct connect in GCF 2nd gen

[inlined]

Companion PR to firebase/firebase-functions#1823.

Successfully tested e2e with

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces comprehensive support for VPC direct connect functionality for Google Cloud Functions 2nd generation. This feature allows users to define specific network interfaces for their functions, enabling direct and secure communication within their Google Cloud VPC without relying solely on VPC connectors. The changes involve significant updates to internal data models, parameter resolution, and the translation layer that interfaces with the Cloud Functions v2 API, ensuring seamless integration and deployment of functions with direct VPC connectivity.

Highlights

• Direct VPC Network Interface Support: Enabled the configuration of direct VPC network interfaces for Google Cloud Functions (GCF) 2nd generation, allowing functions to connect directly to specified networks and subnetworks.
• Updated Data Models: Modified internal data structures, including ServiceConfiguration, VpcSettings, and WireEndpoint, to incorporate networkInterfaces as a new option within VPC settings.
• Enhanced Translation Logic: Implemented and updated conversion functions (functionFromEndpoint, endpointFromFunction, toBackend) to correctly translate networkInterfaces and egressSettings between the internal endpoint representation and the GCP Cloud Functions v2 API.
• Flexible VPC Validation: Adjusted validation rules to allow a VPC configuration to specify either a traditional VPC connector or direct network interfaces, providing more flexibility in deployment.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• src/deploy/functions/backend.ts
  • Made vpc.connector optional in the ServiceConfiguration interface.
  • Added vpc.networkInterfaces to the ServiceConfiguration interface.
• src/deploy/functions/build.spec.ts
  • Added a new test case to verify that networkInterfaces are correctly populated from parameter values.
• src/deploy/functions/build.ts
  • Made connector optional and nullable in the VpcSettings interface.
  • Added networkInterfaces to VpcSettings, allowing network, subnetwork, and tags to be expressions.
  • Modified the toBackend function to handle the new networkInterfaces property and conditionally set connector or networkInterfaces.
• src/deploy/functions/runtimes/discovery/v1alpha1.ts
  • Made vpc.connector optional in the WireEndpoint interface.
  • Added vpc.networkInterfaces to the WireEndpoint interface.
  • Updated assertBuildEndpoint to validate that either connector or networkInterfaces is specified if VPC settings are present.
• src/gcp/cloudfunctionsv2.spec.ts
  • Added a test case to ensure networkInterfaces are correctly translated between internal endpoint representation and the GCP Cloud Functions v2 API.
• src/gcp/cloudfunctionsv2.ts
  • Defined a new DirectVpcEgress type.
  • Added directVpcNetworkInterface and directVpcEgress properties to the ServiceConfig interface.
  • Modified functionFromEndpoint to map endpoint.vpc.networkInterfaces to directVpcNetworkInterface and egressSettings to directVpcEgress.
  • Modified endpointFromFunction to map directVpcNetworkInterface and directVpcEgress back to the internal endpoint.vpc structure.

Activity

• No human activity has occurred on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds support for VPC direct connect in GCF 2nd gen functions. The changes include updating data structures across the deployment pipeline to accommodate the new networkInterfaces configuration and modifying the translation logic between internal representations and the GCFv2 API. New validation and tests have been added to ensure correctness. The implementation is solid, and I have one minor suggestion to improve code conciseness.

[brittanycho]

Based on the logic here, it looks like its checking if at least one if present but it also looks like it allows both connector and networkInterfaces to be present (and iiuc, then silently prioritize connector and drop networkInterfaces if both are present)? Do we want to allow clients to provide both or should we log a warning or error if they do?

[inlined]

Great check. Throwing an error.

[brittanycho]

optional nit: wondering if it makes sense to use string replacement or mapping dictionary here to safeguard against any future additions that might not start with "VPC_EGRESS_"?

[inlined]

Yeah doesn't hurt. You're definitely going to hold me to a higher standard for validation it seems 😊