From 771f063e38c76fbd83a4e1a173086cc18ba1b883 Mon Sep 17 00:00:00 2001 From: Fathima Mohammed Date: Wed, 22 Sep 2021 18:02:49 +0000 Subject: [PATCH 1/2] Update repository-function module to support VPC connector, VPC connector egress, and ingress settings. --- modules/repository-function/README.md | 3 +++ modules/repository-function/main.tf | 13 ++++++++----- modules/repository-function/variables.tf | 18 ++++++++++++++++++ 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/modules/repository-function/README.md b/modules/repository-function/README.md index 600faf7..cfa2abc 100644 --- a/modules/repository-function/README.md +++ b/modules/repository-function/README.md @@ -30,6 +30,9 @@ is a tested reference of how to use this submodule with the | runtime | The runtime in which the function will be executed. | string | `"nodejs6"` | no | | source\_repository\_url | The URL of the repository which contains the function source code. | string | n/a | yes | | timeout\_s | The amount of time in seconds allotted for the execution of the function. | number | `"60"` | no | +| vpc\_connector | The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*. | string | `"null"` | no | +| vpc\_connector\_egress\_settings | The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value. | string | `"null"` | no | +| ingress\_settings | The ingress settings for the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function. | string | `"ALLOW_ALL"` | no | ## Outputs diff --git a/modules/repository-function/main.tf b/modules/repository-function/main.tf index 942c311..bb03afb 100644 --- a/modules/repository-function/main.tf +++ b/modules/repository-function/main.tf @@ -15,11 +15,14 @@ */ resource "google_cloudfunctions_function" "main" { - name = var.name - description = var.description - available_memory_mb = var.available_memory_mb - timeout = var.timeout_s - entry_point = var.entry_point + name = var.name + description = var.description + available_memory_mb = var.available_memory_mb + timeout = var.timeout_s + entry_point = var.entry_point + ingress_settings = var.ingress_settings + vpc_connector_egress_settings = var.vpc_connector_egress_settings + vpc_connector = var.vpc_connector event_trigger { event_type = var.event_trigger["event_type"] diff --git a/modules/repository-function/variables.tf b/modules/repository-function/variables.tf index 7221f6a..7406899 100644 --- a/modules/repository-function/variables.tf +++ b/modules/repository-function/variables.tf @@ -79,3 +79,21 @@ variable "timeout_s" { default = 60 description = "The amount of time in seconds allotted for the execution of the function." } + +variable "ingress_settings" { + type = string + default = "ALLOW_ALL" + description = "The ingress settings for the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function." +} + +variable "vpc_connector_egress_settings" { + type = string + default = null + description = "The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value." +} + +variable "vpc_connector" { + type = string + default = null + description = "The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*." +} From 6fc012086773bdbf934b091f7f7efebb1bc8211f Mon Sep 17 00:00:00 2001 From: Fathima Mohammed Date: Wed, 22 Sep 2021 18:28:06 +0000 Subject: [PATCH 2/2] Documentation generation --- modules/repository-function/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/repository-function/README.md b/modules/repository-function/README.md index cfa2abc..6eadd33 100644 --- a/modules/repository-function/README.md +++ b/modules/repository-function/README.md @@ -23,6 +23,7 @@ is a tested reference of how to use this submodule with the | entry\_point | The name of a method in the function source which will be invoked when the function is executed. | string | n/a | yes | | environment\_variables | A set of key/value environment variable pairs to assign to the function. | map(string) | `` | no | | event\_trigger | A source that fires events in response to a condition in another service. | map(string) | n/a | yes | +| ingress\_settings | The ingress settings for the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function. | string | `"ALLOW_ALL"` | no | | labels | A set of key/value label pairs to assign to any lableable resources. | map(string) | `` | no | | name | The name to apply to any nameable resources. | string | n/a | yes | | project\_id | The ID of the project to which resources will be applied. | string | n/a | yes | @@ -32,7 +33,6 @@ is a tested reference of how to use this submodule with the | timeout\_s | The amount of time in seconds allotted for the execution of the function. | number | `"60"` | no | | vpc\_connector | The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects/*/locations/*/connectors/*. | string | `"null"` | no | | vpc\_connector\_egress\_settings | The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value. | string | `"null"` | no | -| ingress\_settings | The ingress settings for the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function. | string | `"ALLOW_ALL"` | no | ## Outputs