diff --git a/google/cloud/functions_v1/services/cloud_functions_service/async_client.py b/google/cloud/functions_v1/services/cloud_functions_service/async_client.py index 49ccc64..aaf41a6 100644 --- a/google/cloud/functions_v1/services/cloud_functions_service/async_client.py +++ b/google/cloud/functions_v1/services/cloud_functions_service/async_client.py @@ -375,7 +375,6 @@ async def sample_get_function(): contains user computation executed in response to an event. It encapsulate function and triggers configurations. - Next tag: 36 """ # Create or coerce a protobuf request object. @@ -500,7 +499,7 @@ async def sample_create_function(): The result type for the operation will be :class:`google.cloud.functions_v1.types.CloudFunction` Describes a Cloud Function that contains user computation executed in response to an event. It encapsulate function and - triggers configurations. Next tag: 36 + triggers configurations. """ # Create or coerce a protobuf request object. @@ -615,7 +614,7 @@ async def sample_update_function(): The result type for the operation will be :class:`google.cloud.functions_v1.types.CloudFunction` Describes a Cloud Function that contains user computation executed in response to an event. It encapsulate function and - triggers configurations. Next tag: 36 + triggers configurations. """ # Create or coerce a protobuf request object. diff --git a/google/cloud/functions_v1/services/cloud_functions_service/client.py b/google/cloud/functions_v1/services/cloud_functions_service/client.py index 03ea8a3..7e28192 100644 --- a/google/cloud/functions_v1/services/cloud_functions_service/client.py +++ b/google/cloud/functions_v1/services/cloud_functions_service/client.py @@ -625,7 +625,6 @@ def sample_get_function(): contains user computation executed in response to an event. It encapsulate function and triggers configurations. - Next tag: 36 """ # Create or coerce a protobuf request object. @@ -740,7 +739,7 @@ def sample_create_function(): The result type for the operation will be :class:`google.cloud.functions_v1.types.CloudFunction` Describes a Cloud Function that contains user computation executed in response to an event. It encapsulate function and - triggers configurations. Next tag: 36 + triggers configurations. """ # Create or coerce a protobuf request object. @@ -855,7 +854,7 @@ def sample_update_function(): The result type for the operation will be :class:`google.cloud.functions_v1.types.CloudFunction` Describes a Cloud Function that contains user computation executed in response to an event. It encapsulate function and - triggers configurations. Next tag: 36 + triggers configurations. """ # Create or coerce a protobuf request object. diff --git a/google/cloud/functions_v1/types/functions.py b/google/cloud/functions_v1/types/functions.py index d31c3a3..73aec68 100644 --- a/google/cloud/functions_v1/types/functions.py +++ b/google/cloud/functions_v1/types/functions.py @@ -58,7 +58,7 @@ class CloudFunctionStatus(proto.Enum): class CloudFunction(proto.Message): r"""Describes a Cloud Function that contains user computation executed in response to an event. It encapsulate function and - triggers configurations. Next tag: 36 + triggers configurations. This message has `oneof`_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. @@ -212,8 +212,10 @@ class CloudFunction(proto.Message): repository using the ``docker_repository`` field that was created with the same KMS crypto key. - The following service accounts need to be granted Cloud KMS - crypto key encrypter/decrypter roles on the key. + The following service accounts need to be granted the role + 'Cloud KMS CryptoKey Encrypter/Decrypter + (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the + Key/KeyRing/Project/Organization (least access preferred). 1. Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) @@ -275,6 +277,14 @@ class CloudFunction(proto.Message): Cross-project repositories are not supported. Cross-location repositories are not supported. Repository format must be 'DOCKER'. + docker_registry (google.cloud.functions_v1.types.CloudFunction.DockerRegistry): + Docker Registry to use for this deployment. + + If ``docker_repository`` field is specified, this field will + be automatically set as ``ARTIFACT_REGISTRY``. If + unspecified, it currently defaults to + ``CONTAINER_REGISTRY``. This field may be overridden by the + backend for eligible deployments. """ class VpcConnectorEgressSettings(proto.Enum): @@ -299,6 +309,12 @@ class IngressSettings(proto.Enum): ALLOW_INTERNAL_ONLY = 2 ALLOW_INTERNAL_AND_GCLB = 3 + class DockerRegistry(proto.Enum): + r"""Docker Registry to use for storing function Docker images.""" + DOCKER_REGISTRY_UNSPECIFIED = 0 + CONTAINER_REGISTRY = 1 + ARTIFACT_REGISTRY = 2 + name = proto.Field( proto.STRING, number=1, @@ -445,6 +461,11 @@ class IngressSettings(proto.Enum): proto.STRING, number=34, ) + docker_registry = proto.Field( + proto.ENUM, + number=35, + enum=DockerRegistry, + ) class SourceRepository(proto.Message): @@ -626,9 +647,7 @@ class Retry(proto.Message): class SecretEnvVar(proto.Message): r"""Configuration for a secret environment variable. It has the information necessary to fetch the secret value from secret - manager and expose it as an environment variable. Secret value - is not a part of the configuration. Secret values are only - fetched when a new clone starts. + manager and expose it as an environment variable. Attributes: key (str): @@ -648,7 +667,7 @@ class SecretEnvVar(proto.Message): string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not - reflected until new clones start. + reflected until new instances start. """ key = proto.Field( @@ -779,8 +798,8 @@ class UpdateFunctionRequest(proto.Message): function (google.cloud.functions_v1.types.CloudFunction): Required. New version of the function. update_mask (google.protobuf.field_mask_pb2.FieldMask): - Required list of fields to be updated in this - request. + Required. The list of fields in ``CloudFunction`` that have + to be updated. """ function = proto.Field( @@ -956,12 +975,37 @@ class GenerateUploadUrlRequest(proto.Message): The project and location in which the Google Cloud Storage signed URL should be generated, specified in the format ``projects/*/locations/*``. + kms_key_name (str): + Resource name of a KMS crypto key (managed by the user) used + to encrypt/decrypt function source code objects in staging + Cloud Storage buckets. When you generate an upload url and + upload your source code, it gets copied to a staging Cloud + Storage bucket in an internal regional project. The source + code is then copied to a versioned directory in the sources + bucket in the consumer project during the function + deployment. + + It must match the pattern + ``projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}``. + + The Google Cloud Functions service account + (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) + must be granted the role 'Cloud KMS CryptoKey + Encrypter/Decrypter + (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the + Key/KeyRing/Project/Organization (least access preferred). + GCF will delegate access to the Google Storage service + account in the internal project. """ parent = proto.Field( proto.STRING, number=1, ) + kms_key_name = proto.Field( + proto.STRING, + number=2, + ) class GenerateUploadUrlResponse(proto.Message): diff --git a/scripts/fixup_functions_v1_keywords.py b/scripts/fixup_functions_v1_keywords.py index 4866c78..6dc057c 100644 --- a/scripts/fixup_functions_v1_keywords.py +++ b/scripts/fixup_functions_v1_keywords.py @@ -43,7 +43,7 @@ class functionsCallTransformer(cst.CSTTransformer): 'create_function': ('location', 'function', ), 'delete_function': ('name', ), 'generate_download_url': ('name', 'version_id', ), - 'generate_upload_url': ('parent', ), + 'generate_upload_url': ('parent', 'kms_key_name', ), 'get_function': ('name', ), 'get_iam_policy': ('resource', 'options', ), 'list_functions': ('parent', 'page_size', 'page_token', ), diff --git a/tests/unit/gapic/functions_v1/test_cloud_functions_service.py b/tests/unit/gapic/functions_v1/test_cloud_functions_service.py index 67a9ff9..7db328f 100644 --- a/tests/unit/gapic/functions_v1/test_cloud_functions_service.py +++ b/tests/unit/gapic/functions_v1/test_cloud_functions_service.py @@ -1073,6 +1073,7 @@ def test_get_function(request_type, transport: str = "grpc"): build_name="build_name_value", source_token="source_token_value", docker_repository="docker_repository_value", + docker_registry=functions.CloudFunction.DockerRegistry.CONTAINER_REGISTRY, source_archive_url="source_archive_url_value", https_trigger=functions.HttpsTrigger(url="url_value"), ) @@ -1110,6 +1111,10 @@ def test_get_function(request_type, transport: str = "grpc"): assert response.build_name == "build_name_value" assert response.source_token == "source_token_value" assert response.docker_repository == "docker_repository_value" + assert ( + response.docker_registry + == functions.CloudFunction.DockerRegistry.CONTAINER_REGISTRY + ) def test_get_function_empty_call(): @@ -1166,6 +1171,7 @@ async def test_get_function_async( build_name="build_name_value", source_token="source_token_value", docker_repository="docker_repository_value", + docker_registry=functions.CloudFunction.DockerRegistry.CONTAINER_REGISTRY, ) ) response = await client.get_function(request) @@ -1202,6 +1208,10 @@ async def test_get_function_async( assert response.build_name == "build_name_value" assert response.source_token == "source_token_value" assert response.docker_repository == "docker_repository_value" + assert ( + response.docker_registry + == functions.CloudFunction.DockerRegistry.CONTAINER_REGISTRY + ) @pytest.mark.asyncio