Skip to content

Commit d180952

Browse files
Google APIscopybara-github
Google APIs
authored and
copybara-github
committed
feat: added support for CMEK
docs: clarified wording around quota usage Clients can now specify the docker registry to use for storing function Docker images and KMS crypto keys for function source code objects. PiperOrigin-RevId: 453234231
1 parent 239db5e commit d180952

3 files changed

Lines changed: 87 additions & 37 deletions

File tree

google/cloud/functions/v1/BUILD.bazel

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# This file was automatically generated by BuildFileGenerator
2-
# https://github.com/googleapis/gapic-generator/tree/master/rules_gapic/bazel
2+
# https://github.com/googleapis/rules_gapic/tree/master/bazel
33

44
# Most of the manual changes to this file will be overwritten.
55
# It's **only** allowed to change the following rule attribute values:
@@ -50,7 +50,6 @@ proto_library_with_info(
5050
##############################################################################
5151
# Java
5252
##############################################################################
53-
5453
load(
5554
"@com_google_googleapis_imports//:imports.bzl",
5655
"java_gapic_assembly_gradle_pkg",
@@ -74,13 +73,16 @@ java_grpc_library(
7473
java_gapic_library(
7574
name = "functions_java_gapic",
7675
srcs = [":functions_proto_with_info"],
76+
gapic_yaml = None,
7777
grpc_service_config = "functions_grpc_service_config.json",
78+
service_yaml = "cloudfunctions_v1.yaml",
7879
test_deps = [
7980
":functions_java_grpc",
8081
"//google/iam/v1:iam_java_grpc",
8182
],
8283
deps = [
8384
":functions_java_proto",
85+
"//google/api:api_java_proto",
8486
"//google/iam/v1:iam_java_proto",
8587
],
8688
)
@@ -132,6 +134,7 @@ go_gapic_library(
132134
srcs = [":functions_proto_with_info"],
133135
grpc_service_config = "functions_grpc_service_config.json",
134136
importpath = "cloud.google.com/go/functions/apiv1;functions",
137+
metadata = True,
135138
service_yaml = "cloudfunctions_v1.yaml",
136139
deps = [
137140
":functions_go_proto",
@@ -156,6 +159,7 @@ go_gapic_assembly_pkg(
156159
name = "gapi-cloud-functions-v1-go",
157160
deps = [
158161
":functions_go_gapic",
162+
":functions_go_gapic_srcjar-metadata.srcjar",
159163
":functions_go_gapic_srcjar-test.srcjar",
160164
":functions_go_proto",
161165
],
@@ -174,8 +178,10 @@ py_gapic_library(
174178
name = "functions_py_gapic",
175179
srcs = [":functions_proto"],
176180
grpc_service_config = "functions_grpc_service_config.json",
181+
service_yaml = "cloudfunctions_v1.yaml",
177182
)
178183

184+
# Open Source Packages
179185
py_gapic_assembly_pkg(
180186
name = "functions-v1-py",
181187
deps = [
@@ -280,11 +286,11 @@ ruby_cloud_gapic_library(
280286
name = "functions_ruby_gapic",
281287
srcs = [":functions_proto_with_info"],
282288
extra_protoc_parameters = [
283-
"ruby-cloud-gem-name=google-cloud-functions-v1",
284-
"ruby-cloud-env-prefix=FUNCTIONS",
285-
"ruby-cloud-product-url=https://cloud.google.com/functions",
286289
"ruby-cloud-api-id=cloudfunctions.googleapis.com",
287290
"ruby-cloud-api-shortname=cloudfunctions",
291+
"ruby-cloud-env-prefix=FUNCTIONS",
292+
"ruby-cloud-gem-name=google-cloud-functions-v1",
293+
"ruby-cloud-product-url=https://cloud.google.com/functions",
288294
],
289295
grpc_service_config = "functions_grpc_service_config.json",
290296
ruby_cloud_description = "The Cloud Functions API manages lightweight user-provided functions executed in response to events.",

google/cloud/functions/v1/functions.proto

Lines changed: 75 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright 2021 Google LLC
1+
// Copyright 2022 Google LLC
22
//
33
// Licensed under the Apache License, Version 2.0 (the "License");
44
// you may not use this file except in compliance with the License.
@@ -191,7 +191,6 @@ service CloudFunctionsService {
191191

192192
// Describes a Cloud Function that contains user computation executed in
193193
// response to an event. It encapsulate function and triggers configurations.
194-
// Next tag: 36
195194
message CloudFunction {
196195
option (google.api.resource) = {
197196
type: "cloudfunctions.googleapis.com/CloudFunction"
@@ -233,6 +232,23 @@ message CloudFunction {
233232
ALLOW_INTERNAL_AND_GCLB = 3;
234233
}
235234

235+
// Docker Registry to use for storing function Docker images.
236+
enum DockerRegistry {
237+
// Unspecified.
238+
DOCKER_REGISTRY_UNSPECIFIED = 0;
239+
240+
// Docker images will be stored in multi-regional Container Registry
241+
// repositories named `gcf`.
242+
CONTAINER_REGISTRY = 1;
243+
244+
// Docker images will be stored in regional Artifact Registry repositories.
245+
// By default, GCF will create and use repositories named `gcf-artifacts`
246+
// in every region in which a function is deployed. But the repository to
247+
// use can also be specified by the user using the `docker_repository`
248+
// field.
249+
ARTIFACT_REGISTRY = 2;
250+
}
251+
236252
// A user-defined name of the function. Function names must be unique
237253
// globally and match pattern `projects/*/locations/*/functions/*`
238254
string name = 1;
@@ -380,8 +396,9 @@ message CloudFunction {
380396
// the `docker_repository` field that was created with the same KMS crypto
381397
// key.
382398
//
383-
// The following service accounts need to be granted Cloud KMS crypto key
384-
// encrypter/decrypter roles on the key.
399+
// The following service accounts need to be granted the role 'Cloud KMS
400+
// CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)'
401+
// on the Key/KeyRing/Project/Organization (least access preferred).
385402
//
386403
// 1. Google Cloud Functions service account
387404
// (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) -
@@ -450,6 +467,14 @@ message CloudFunction {
450467
string docker_repository = 34 [(google.api.resource_reference) = {
451468
type: "artifactregistry.googleapis.com/Repository"
452469
}];
470+
471+
// Docker Registry to use for this deployment.
472+
//
473+
// If `docker_repository` field is specified, this field will be automatically
474+
// set as `ARTIFACT_REGISTRY`.
475+
// If unspecified, it currently defaults to `CONTAINER_REGISTRY`.
476+
// This field may be overridden by the backend for eligible deployments.
477+
DockerRegistry docker_registry = 35;
453478
}
454479

455480
// Describes SourceRepository, used to represent parameters related to
@@ -575,10 +600,31 @@ message FailurePolicy {
575600
}
576601
}
577602

603+
// Describes the current stage of a deployment.
604+
enum CloudFunctionStatus {
605+
// Not specified. Invalid state.
606+
CLOUD_FUNCTION_STATUS_UNSPECIFIED = 0;
607+
608+
// Function has been successfully deployed and is serving.
609+
ACTIVE = 1;
610+
611+
// Function deployment failed and the function isn’t serving.
612+
OFFLINE = 2;
613+
614+
// Function is being created or updated.
615+
DEPLOY_IN_PROGRESS = 3;
616+
617+
// Function is being deleted.
618+
DELETE_IN_PROGRESS = 4;
619+
620+
// Function deployment failed and the function serving state is undefined.
621+
// The function should be updated or deleted to move it out of this state.
622+
UNKNOWN = 5;
623+
}
624+
578625
// Configuration for a secret environment variable. It has the information
579626
// necessary to fetch the secret value from secret manager and expose it as an
580-
// environment variable. Secret value is not a part of the configuration. Secret
581-
// values are only fetched when a new clone starts.
627+
// environment variable.
582628
message SecretEnvVar {
583629
// Name of the environment variable.
584630
string key = 1;
@@ -594,7 +640,7 @@ message SecretEnvVar {
594640

595641
// Version of the secret (version number or the string 'latest'). It is
596642
// recommended to use a numeric version for secret environment variables as
597-
// any updates to the secret value is not reflected until new clones start.
643+
// any updates to the secret value is not reflected until new instances start.
598644
string version = 4;
599645
}
600646

@@ -662,32 +708,10 @@ message UpdateFunctionRequest {
662708
// Required. New version of the function.
663709
CloudFunction function = 1 [(google.api.field_behavior) = REQUIRED];
664710

665-
// Required list of fields to be updated in this request.
711+
// Required. The list of fields in `CloudFunction` that have to be updated.
666712
google.protobuf.FieldMask update_mask = 2;
667713
}
668714

669-
// Describes the current stage of a deployment.
670-
enum CloudFunctionStatus {
671-
// Not specified. Invalid state.
672-
CLOUD_FUNCTION_STATUS_UNSPECIFIED = 0;
673-
674-
// Function has been successfully deployed and is serving.
675-
ACTIVE = 1;
676-
677-
// Function deployment failed and the function isn’t serving.
678-
OFFLINE = 2;
679-
680-
// Function is being created or updated.
681-
DEPLOY_IN_PROGRESS = 3;
682-
683-
// Function is being deleted.
684-
DELETE_IN_PROGRESS = 4;
685-
686-
// Function deployment failed and the function serving state is undefined.
687-
// The function should be updated or deleted to move it out of this state.
688-
UNKNOWN = 5;
689-
}
690-
691715
// Request for the `GetFunction` method.
692716
message GetFunctionRequest {
693717
// Required. The name of the function which details should be obtained.
@@ -781,6 +805,27 @@ message GenerateUploadUrlRequest {
781805
// The project and location in which the Google Cloud Storage signed URL
782806
// should be generated, specified in the format `projects/*/locations/*`.
783807
string parent = 1;
808+
809+
// Resource name of a KMS crypto key (managed by the user) used to
810+
// encrypt/decrypt function source code objects in staging Cloud Storage
811+
// buckets. When you generate an upload url and upload your source code, it
812+
// gets copied to a staging Cloud Storage bucket in an internal regional
813+
// project. The source code is then copied to a versioned directory in the
814+
// sources bucket in the consumer project during the function deployment.
815+
//
816+
// It must match the pattern
817+
// `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`.
818+
//
819+
// The Google Cloud Functions service account
820+
// (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) must be
821+
// granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter
822+
// (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the
823+
// Key/KeyRing/Project/Organization (least access preferred). GCF will
824+
// delegate access to the Google Storage service account in the internal
825+
// project.
826+
string kms_key_name = 2 [(google.api.resource_reference) = {
827+
type: "cloudkms.googleapis.com/CryptoKey"
828+
}];
784829
}
785830

786831
// Response of `GenerateSourceUploadUrl` method.

google/cloud/functions/v1/operations.proto

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright 2021 Google LLC
1+
// Copyright 2022 Google LLC
22
//
33
// Licensed under the Apache License, Version 2.0 (the "License");
44
// you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@ package google.cloud.functions.v1;
1818

1919
import "google/protobuf/any.proto";
2020
import "google/protobuf/timestamp.proto";
21-
import "google/api/annotations.proto";
2221

2322
option go_package = "google.golang.org/genproto/googleapis/cloud/functions/v1;functions";
2423
option java_multiple_files = true;

0 commit comments

Comments
 (0)