1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.functions.v2; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/longrunning/operations.proto"; 24import "google/protobuf/any.proto"; 25import "google/protobuf/empty.proto"; 26import "google/protobuf/field_mask.proto"; 27import "google/protobuf/timestamp.proto"; 28 29option go_package = "cloud.google.com/go/functions/apiv2/functionspb;functionspb"; 30option java_multiple_files = true; 31option java_outer_classname = "FunctionsProto"; 32option java_package = "com.google.cloud.functions.v2"; 33option objc_class_prefix = "GCF"; 34option (google.api.resource_definition) = { 35 type: "artifactregistry.googleapis.com/Repository" 36 pattern: "projects/{project}/locations/{location}/repositories/{repository}" 37}; 38option (google.api.resource_definition) = { 39 type: "cloudbuild.googleapis.com/Build" 40 pattern: "projects/{project}/locations/{location}/builds/{build}" 41}; 42option (google.api.resource_definition) = { 43 type: "cloudbuild.googleapis.com/WorkerPool" 44 pattern: "projects/{project}/locations/{location}/workerPools/{worker_pool}" 45}; 46option (google.api.resource_definition) = { 47 type: "run.googleapis.com/Service" 48 pattern: "projects/{project}/locations/{location}/services/{service}" 49}; 50option (google.api.resource_definition) = { 51 type: "vpcaccess.googleapis.com/Connector" 52 pattern: "projects/{project}/locations/{location}/connectors/{connector}" 53}; 54option (google.api.resource_definition) = { 55 type: "eventarc.googleapis.com/Trigger" 56 pattern: "projects/{project}/locations/{location}/triggers/{trigger}" 57}; 58option (google.api.resource_definition) = { 59 type: "eventarc.googleapis.com/Channel" 60 pattern: "projects/{project}/locations/{location}/channels/{channel}" 61}; 62option (google.api.resource_definition) = { 63 type: "pubsub.googleapis.com/Topic" 64 pattern: "projects/{project}/topics/{topic}" 65}; 66option (google.api.resource_definition) = { 67 type: "cloudkms.googleapis.com/CryptoKey" 68 pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}" 69}; 70 71// Google Cloud Functions is used to deploy functions that are executed by 72// Google in response to various events. Data connected with that event is 73// passed to a function as the input data. 74// 75// A **function** is a resource which describes a function that should be 76// executed and how it is triggered. 77service FunctionService { 78 option (google.api.default_host) = "cloudfunctions.googleapis.com"; 79 option (google.api.oauth_scopes) = 80 "https://www.googleapis.com/auth/cloud-platform"; 81 82 // Returns a function with the given name from the requested project. 83 rpc GetFunction(GetFunctionRequest) returns (Function) { 84 option (google.api.http) = { 85 get: "/v2/{name=projects/*/locations/*/functions/*}" 86 }; 87 option (google.api.method_signature) = "name"; 88 } 89 90 // Returns a list of functions that belong to the requested project. 91 rpc ListFunctions(ListFunctionsRequest) returns (ListFunctionsResponse) { 92 option (google.api.http) = { 93 get: "/v2/{parent=projects/*/locations/*}/functions" 94 }; 95 option (google.api.method_signature) = "parent"; 96 } 97 98 // Creates a new function. If a function with the given name already exists in 99 // the specified project, the long running operation will return 100 // `ALREADY_EXISTS` error. 101 rpc CreateFunction(CreateFunctionRequest) 102 returns (google.longrunning.Operation) { 103 option (google.api.http) = { 104 post: "/v2/{parent=projects/*/locations/*}/functions" 105 body: "function" 106 }; 107 option (google.api.method_signature) = "parent,function,function_id"; 108 option (google.longrunning.operation_info) = { 109 response_type: "google.cloud.functions.v2.Function" 110 metadata_type: "google.cloud.functions.v2.OperationMetadata" 111 }; 112 } 113 114 // Updates existing function. 115 rpc UpdateFunction(UpdateFunctionRequest) 116 returns (google.longrunning.Operation) { 117 option (google.api.http) = { 118 patch: "/v2/{function.name=projects/*/locations/*/functions/*}" 119 body: "function" 120 }; 121 option (google.api.method_signature) = "function,update_mask"; 122 option (google.longrunning.operation_info) = { 123 response_type: "google.cloud.functions.v2.Function" 124 metadata_type: "google.cloud.functions.v2.OperationMetadata" 125 }; 126 } 127 128 // Deletes a function with the given name from the specified project. If the 129 // given function is used by some trigger, the trigger will be updated to 130 // remove this function. 131 rpc DeleteFunction(DeleteFunctionRequest) 132 returns (google.longrunning.Operation) { 133 option (google.api.http) = { 134 delete: "/v2/{name=projects/*/locations/*/functions/*}" 135 }; 136 option (google.api.method_signature) = "name"; 137 option (google.longrunning.operation_info) = { 138 response_type: "google.protobuf.Empty" 139 metadata_type: "google.cloud.functions.v2.OperationMetadata" 140 }; 141 } 142 143 // Returns a signed URL for uploading a function source code. 144 // For more information about the signed URL usage see: 145 // https://cloud.google.com/storage/docs/access-control/signed-urls. 146 // Once the function source code upload is complete, the used signed 147 // URL should be provided in CreateFunction or UpdateFunction request 148 // as a reference to the function source code. 149 // 150 // When uploading source code to the generated signed URL, please follow 151 // these restrictions: 152 // 153 // * Source file type should be a zip file. 154 // * No credentials should be attached - the signed URLs provide access to the 155 // target bucket using internal service identity; if credentials were 156 // attached, the identity from the credentials would be used, but that 157 // identity does not have permissions to upload files to the URL. 158 // 159 // When making a HTTP PUT request, these two headers need to be specified: 160 // 161 // * `content-type: application/zip` 162 // 163 // And this header SHOULD NOT be specified: 164 // 165 // * `Authorization: Bearer YOUR_TOKEN` 166 rpc GenerateUploadUrl(GenerateUploadUrlRequest) 167 returns (GenerateUploadUrlResponse) { 168 option (google.api.http) = { 169 post: "/v2/{parent=projects/*/locations/*}/functions:generateUploadUrl" 170 body: "*" 171 }; 172 } 173 174 // Returns a signed URL for downloading deployed function source code. 175 // The URL is only valid for a limited period and should be used within 176 // 30 minutes of generation. 177 // For more information about the signed URL usage see: 178 // https://cloud.google.com/storage/docs/access-control/signed-urls 179 rpc GenerateDownloadUrl(GenerateDownloadUrlRequest) 180 returns (GenerateDownloadUrlResponse) { 181 option (google.api.http) = { 182 post: "/v2/{name=projects/*/locations/*/functions/*}:generateDownloadUrl" 183 body: "*" 184 }; 185 } 186 187 // Returns a list of runtimes that are supported for the requested project. 188 rpc ListRuntimes(ListRuntimesRequest) returns (ListRuntimesResponse) { 189 option (google.api.http) = { 190 get: "/v2/{parent=projects/*/locations/*}/runtimes" 191 }; 192 option (google.api.method_signature) = "parent"; 193 } 194} 195 196// The environment the function is hosted on. 197enum Environment { 198 // Unspecified 199 ENVIRONMENT_UNSPECIFIED = 0; 200 201 // Gen 1 202 GEN_1 = 1; 203 204 // Gen 2 205 GEN_2 = 2; 206} 207 208// Describes a Cloud Function that contains user computation executed in 209// response to an event. It encapsulates function and trigger configurations. 210message Function { 211 option (google.api.resource) = { 212 type: "cloudfunctions.googleapis.com/Function" 213 pattern: "projects/{project}/locations/{location}/functions/{function}" 214 plural: "functions" 215 singular: "function" 216 }; 217 218 // Describes the current state of the function. 219 enum State { 220 // Not specified. Invalid state. 221 STATE_UNSPECIFIED = 0; 222 223 // Function has been successfully deployed and is serving. 224 ACTIVE = 1; 225 226 // Function deployment failed and the function is not serving. 227 FAILED = 2; 228 229 // Function is being created or updated. 230 DEPLOYING = 3; 231 232 // Function is being deleted. 233 DELETING = 4; 234 235 // Function deployment failed and the function serving state is undefined. 236 // The function should be updated or deleted to move it out of this state. 237 UNKNOWN = 5; 238 } 239 240 // A user-defined name of the function. Function names must be unique 241 // globally and match pattern `projects/*/locations/*/functions/*` 242 string name = 1; 243 244 // Describe whether the function is 1st Gen or 2nd Gen. 245 Environment environment = 10; 246 247 // User-provided description of a function. 248 string description = 2; 249 250 // Describes the Build step of the function that builds a container from the 251 // given source. 252 BuildConfig build_config = 3; 253 254 // Describes the Service being deployed. Currently deploys services to Cloud 255 // Run (fully managed). 256 ServiceConfig service_config = 4; 257 258 // An Eventarc trigger managed by Google Cloud Functions that fires events in 259 // response to a condition in another service. 260 EventTrigger event_trigger = 5; 261 262 // Output only. State of the function. 263 State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 264 265 // Output only. The last update timestamp of a Cloud Function. 266 google.protobuf.Timestamp update_time = 7 267 [(google.api.field_behavior) = OUTPUT_ONLY]; 268 269 // Labels associated with this Cloud Function. 270 map<string, string> labels = 8; 271 272 // Output only. State Messages for this Cloud Function. 273 repeated StateMessage state_messages = 9 274 [(google.api.field_behavior) = OUTPUT_ONLY]; 275 276 // Resource name of a KMS crypto key (managed by the user) used to 277 // encrypt/decrypt function resources. 278 // 279 // It must match the pattern 280 // `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. 281 string kms_key_name = 25 [(google.api.resource_reference) = { 282 type: "cloudkms.googleapis.com/CryptoKey" 283 }]; 284 285 // Output only. The deployed url for the function. 286 string url = 14 [(google.api.field_behavior) = OUTPUT_ONLY]; 287} 288 289// Informational messages about the state of the Cloud Function or Operation. 290message StateMessage { 291 // Severity of the state message. 292 enum Severity { 293 // Not specified. Invalid severity. 294 SEVERITY_UNSPECIFIED = 0; 295 296 // ERROR-level severity. 297 ERROR = 1; 298 299 // WARNING-level severity. 300 WARNING = 2; 301 302 // INFO-level severity. 303 INFO = 3; 304 } 305 306 // Severity of the state message. 307 Severity severity = 1; 308 309 // One-word CamelCase type of the state message. 310 string type = 2; 311 312 // The message. 313 string message = 3; 314} 315 316// Location of the source in an archive file in Google Cloud Storage. 317message StorageSource { 318 // Google Cloud Storage bucket containing the source (see 319 // [Bucket Name 320 // Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). 321 string bucket = 1; 322 323 // Google Cloud Storage object containing the source. 324 // 325 // This object must be a gzipped archive file (`.tar.gz`) containing source to 326 // build. 327 string object = 2; 328 329 // Google Cloud Storage generation for the object. If the generation is 330 // omitted, the latest generation will be used. 331 int64 generation = 3; 332} 333 334// Location of the source in a Google Cloud Source Repository. 335message RepoSource { 336 // A revision within the Cloud Source Repository must be specified in 337 // one of these ways. 338 oneof revision { 339 // Regex matching branches to build. 340 // 341 // The syntax of the regular expressions accepted is the syntax accepted by 342 // RE2 and described at https://github.com/google/re2/wiki/Syntax 343 string branch_name = 3; 344 345 // Regex matching tags to build. 346 // 347 // The syntax of the regular expressions accepted is the syntax accepted by 348 // RE2 and described at https://github.com/google/re2/wiki/Syntax 349 string tag_name = 4; 350 351 // Explicit commit SHA to build. 352 string commit_sha = 5; 353 } 354 355 // ID of the project that owns the Cloud Source Repository. If omitted, the 356 // project ID requesting the build is assumed. 357 string project_id = 1; 358 359 // Name of the Cloud Source Repository. 360 string repo_name = 2; 361 362 // Directory, relative to the source root, in which to run the build. 363 // 364 // This must be a relative path. If a step's `dir` is specified and is an 365 // absolute path, this value is ignored for that step's execution. 366 // eg. helloworld (no leading slash allowed) 367 string dir = 6; 368 369 // Only trigger a build if the revision regex does NOT match the revision 370 // regex. 371 bool invert_regex = 7; 372} 373 374// The location of the function source code. 375message Source { 376 // Location of the source. 377 // At least one source needs to be provided for the deployment to succeed. 378 oneof source { 379 // If provided, get the source from this location in Google Cloud Storage. 380 StorageSource storage_source = 1; 381 382 // If provided, get the source from this location in a Cloud Source 383 // Repository. 384 RepoSource repo_source = 2; 385 } 386} 387 388// Provenance of the source. Ways to find the original source, or verify that 389// some source was used for this build. 390message SourceProvenance { 391 // A copy of the build's `source.storage_source`, if exists, with any 392 // generations resolved. 393 StorageSource resolved_storage_source = 1; 394 395 // A copy of the build's `source.repo_source`, if exists, with any 396 // revisions resolved. 397 RepoSource resolved_repo_source = 2; 398} 399 400// Describes the Build step of the function that builds a container from the 401// given source. 402message BuildConfig { 403 // Docker Registry to use for storing function Docker images. 404 enum DockerRegistry { 405 // Unspecified. 406 DOCKER_REGISTRY_UNSPECIFIED = 0; 407 408 // Docker images will be stored in multi-regional Container Registry 409 // repositories named `gcf`. 410 CONTAINER_REGISTRY = 1; 411 412 // Docker images will be stored in regional Artifact Registry repositories. 413 // By default, GCF will create and use repositories named `gcf-artifacts` 414 // in every region in which a function is deployed. But the repository to 415 // use can also be specified by the user using the `docker_repository` 416 // field. 417 ARTIFACT_REGISTRY = 2; 418 } 419 420 // Output only. The Cloud Build name of the latest successful deployment of 421 // the function. 422 string build = 1 [ 423 (google.api.field_behavior) = OUTPUT_ONLY, 424 (google.api.resource_reference) = { 425 type: "cloudbuild.googleapis.com/Build" 426 } 427 ]; 428 429 // The runtime in which to run the function. Required when deploying a new 430 // function, optional when updating an existing function. For a complete 431 // list of possible choices, see the 432 // [`gcloud` command 433 // reference](https://cloud.google.com/sdk/gcloud/reference/functions/deploy#--runtime). 434 string runtime = 2; 435 436 // The name of the function (as defined in source code) that will be 437 // executed. Defaults to the resource name suffix, if not specified. For 438 // backward compatibility, if function with given name is not found, then the 439 // system will try to use function named "function". 440 // For Node.js this is name of a function exported by the module specified 441 // in `source_location`. 442 string entry_point = 3; 443 444 // The location of the function source code. 445 Source source = 4; 446 447 // Output only. A permanent fixed identifier for source. 448 SourceProvenance source_provenance = 8 449 [(google.api.field_behavior) = OUTPUT_ONLY]; 450 451 // Name of the Cloud Build Custom Worker Pool that should be used to build the 452 // function. The format of this field is 453 // `projects/{project}/locations/{region}/workerPools/{workerPool}` where 454 // {project} and {region} are the project id and region respectively where the 455 // worker pool is defined and {workerPool} is the short name of the worker 456 // pool. 457 // 458 // If the project id is not the same as the function, then the Cloud 459 // Functions Service Agent 460 // (service-<project_number>@gcf-admin-robot.iam.gserviceaccount.com) must be 461 // granted the role Cloud Build Custom Workers Builder 462 // (roles/cloudbuild.customworkers.builder) in the project. 463 string worker_pool = 5 [(google.api.resource_reference) = { 464 type: "cloudbuild.googleapis.com/WorkerPool" 465 }]; 466 467 // User-provided build-time environment variables for the function 468 map<string, string> environment_variables = 6; 469 470 // Optional. Docker Registry to use for this deployment. This configuration is 471 // only applicable to 1st Gen functions, 2nd Gen functions can only use 472 // Artifact Registry. 473 // 474 // If `docker_repository` field is specified, this field will be automatically 475 // set as `ARTIFACT_REGISTRY`. 476 // If unspecified, it currently defaults to `CONTAINER_REGISTRY`. 477 // This field may be overridden by the backend for eligible deployments. 478 DockerRegistry docker_registry = 10 [(google.api.field_behavior) = OPTIONAL]; 479 480 // User managed repository created in Artifact Registry optionally with a 481 // customer managed encryption key. This is the repository to which the 482 // function docker image will be pushed after it is built by Cloud Build. 483 // If unspecified, GCF will create and use a repository named 'gcf-artifacts' 484 // for every deployed region. 485 // 486 // It must match the pattern 487 // `projects/{project}/locations/{location}/repositories/{repository}`. 488 // 489 // Cross-project repositories are not supported. 490 // Cross-location repositories are not supported. 491 // Repository format must be 'DOCKER'. 492 string docker_repository = 7 [(google.api.resource_reference) = { 493 type: "artifactregistry.googleapis.com/Repository" 494 }]; 495} 496 497// Describes the Service being deployed. 498// Currently Supported : Cloud Run (fully managed). 499// Next tag: 23 500message ServiceConfig { 501 // Available egress settings. 502 // 503 // This controls what traffic is diverted through the VPC Access Connector 504 // resource. By default PRIVATE_RANGES_ONLY will be used. 505 enum VpcConnectorEgressSettings { 506 // Unspecified. 507 VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED = 0; 508 509 // Use the VPC Access Connector only for private IP space from RFC1918. 510 PRIVATE_RANGES_ONLY = 1; 511 512 // Force the use of VPC Access Connector for all egress traffic from the 513 // function. 514 ALL_TRAFFIC = 2; 515 } 516 517 // Available ingress settings. 518 // 519 // This controls what traffic can reach the function. 520 // 521 // If unspecified, ALLOW_ALL will be used. 522 enum IngressSettings { 523 // Unspecified. 524 INGRESS_SETTINGS_UNSPECIFIED = 0; 525 526 // Allow HTTP traffic from public and private sources. 527 ALLOW_ALL = 1; 528 529 // Allow HTTP traffic from only private VPC sources. 530 ALLOW_INTERNAL_ONLY = 2; 531 532 // Allow HTTP traffic from private VPC sources and through GCLB. 533 ALLOW_INTERNAL_AND_GCLB = 3; 534 } 535 536 // Available security level settings. 537 // 538 // This enforces security protocol on function URL. 539 // 540 // Security level is only ocnfigurable for 1st Gen functions, If unspecified, 541 // SECURE_OPTIONAL will be used. 2nd Gen functions are SECURE_ALWAYS ONLY. 542 enum SecurityLevel { 543 // Unspecified. 544 SECURITY_LEVEL_UNSPECIFIED = 0; 545 546 // Requests for a URL that match this handler that do not use HTTPS are 547 // automatically redirected to the HTTPS URL with the same path. Query 548 // parameters are reserved for the redirect. 549 SECURE_ALWAYS = 1; 550 551 // Both HTTP and HTTPS requests with URLs that match the handler succeed 552 // without redirects. The application can examine the request to determine 553 // which protocol was used and respond accordingly. 554 SECURE_OPTIONAL = 2; 555 } 556 557 // Output only. Name of the service associated with a Function. 558 // The format of this field is 559 // `projects/{project}/locations/{region}/services/{service}` 560 string service = 1 [ 561 (google.api.field_behavior) = OUTPUT_ONLY, 562 (google.api.resource_reference) = { type: "run.googleapis.com/Service" } 563 ]; 564 565 // The function execution timeout. Execution is considered failed and 566 // can be terminated if the function is not completed at the end of the 567 // timeout period. Defaults to 60 seconds. 568 int32 timeout_seconds = 2; 569 570 // The amount of memory available for a function. 571 // Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is 572 // supplied the value is interpreted as bytes. 573 // See 574 // https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go 575 // a full description. 576 string available_memory = 13; 577 578 // The number of CPUs used in a single container instance. 579 // Default value is calculated from available memory. 580 // Supports the same values as Cloud Run, see 581 // https://cloud.google.com/run/docs/reference/rest/v1/Container#resourcerequirements 582 // Example: "1" indicates 1 vCPU 583 string available_cpu = 22; 584 585 // Environment variables that shall be available during function execution. 586 map<string, string> environment_variables = 4; 587 588 // The limit on the maximum number of function instances that may coexist at a 589 // given time. 590 // 591 // In some cases, such as rapid traffic surges, Cloud Functions may, for a 592 // short period of time, create more instances than the specified max 593 // instances limit. If your function cannot tolerate this temporary behavior, 594 // you may want to factor in a safety margin and set a lower max instances 595 // value than your function can tolerate. 596 // 597 // See the [Max 598 // Instances](https://cloud.google.com/functions/docs/max-instances) Guide for 599 // more details. 600 int32 max_instance_count = 5; 601 602 // The limit on the minimum number of function instances that may coexist at a 603 // given time. 604 // 605 // Function instances are kept in idle state for a short period after they 606 // finished executing the request to reduce cold start time for subsequent 607 // requests. Setting a minimum instance count will ensure that the given 608 // number of instances are kept running in idle state always. This can help 609 // with cold start times when jump in incoming request count occurs after the 610 // idle instance would have been stopped in the default case. 611 int32 min_instance_count = 12; 612 613 // The Serverless VPC Access connector that this cloud function can connect 614 // to. The format of this field is `projects/*/locations/*/connectors/*`. 615 string vpc_connector = 6 [(google.api.resource_reference) = { 616 type: "vpcaccess.googleapis.com/Connector" 617 }]; 618 619 // The egress settings for the connector, controlling what traffic is diverted 620 // through it. 621 VpcConnectorEgressSettings vpc_connector_egress_settings = 7; 622 623 // The ingress settings for the function, controlling what traffic can reach 624 // it. 625 IngressSettings ingress_settings = 8; 626 627 // Output only. URI of the Service deployed. 628 string uri = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 629 630 // The email of the service's service account. If empty, defaults to 631 // `{project_number}[email protected]`. 632 string service_account_email = 10; 633 634 // Whether 100% of traffic is routed to the latest revision. 635 // On CreateFunction and UpdateFunction, when set to true, the revision being 636 // deployed will serve 100% of traffic, ignoring any traffic split settings, 637 // if any. On GetFunction, true will be returned if the latest revision is 638 // serving 100% of traffic. 639 bool all_traffic_on_latest_revision = 16; 640 641 // Secret environment variables configuration. 642 repeated SecretEnvVar secret_environment_variables = 17; 643 644 // Secret volumes configuration. 645 repeated SecretVolume secret_volumes = 19; 646 647 // Output only. The name of service revision. 648 string revision = 18 [(google.api.field_behavior) = OUTPUT_ONLY]; 649 650 // Sets the maximum number of concurrent requests that each instance can 651 // receive. Defaults to 1. 652 int32 max_instance_request_concurrency = 20; 653 654 // Security level configure whether the function only accepts https. 655 // This configuration is only applicable to 1st Gen functions with Http 656 // trigger. By default https is optional for 1st Gen functions; 2nd Gen 657 // functions are https ONLY. 658 SecurityLevel security_level = 21; 659} 660 661// Configuration for a secret environment variable. It has the information 662// necessary to fetch the secret value from secret manager and expose it as an 663// environment variable. 664message SecretEnvVar { 665 // Name of the environment variable. 666 string key = 1; 667 668 // Project identifier (preferably project number but can also be the 669 // project ID) of the project that contains the secret. If not set, it is 670 // assumed that the secret is in the same project as the function. 671 string project_id = 2; 672 673 // Name of the secret in secret manager (not the full resource name). 674 string secret = 3; 675 676 // Version of the secret (version number or the string 'latest'). It is 677 // recommended to use a numeric version for secret environment variables as 678 // any updates to the secret value is not reflected until new instances 679 // start. 680 string version = 4; 681} 682 683// Configuration for a secret volume. It has the information necessary to fetch 684// the secret value from secret manager and make it available as files mounted 685// at the requested paths within the application container. 686message SecretVolume { 687 // Configuration for a single version. 688 message SecretVersion { 689 // Version of the secret (version number or the string 'latest'). It is 690 // preferable to use `latest` version with secret volumes as secret value 691 // changes are reflected immediately. 692 string version = 1; 693 694 // Relative path of the file under the mount path where the secret value for 695 // this version will be fetched and made available. For example, setting the 696 // mount_path as '/etc/secrets' and path as `secret_foo` would mount the 697 // secret value file at `/etc/secrets/secret_foo`. 698 string path = 2; 699 } 700 701 // The path within the container to mount the secret volume. For example, 702 // setting the mount_path as `/etc/secrets` would mount the secret value files 703 // under the `/etc/secrets` directory. This directory will also be completely 704 // shadowed and unavailable to mount any other secrets. 705 // Recommended mount path: /etc/secrets 706 string mount_path = 1; 707 708 // Project identifier (preferably project number but can also be the project 709 // ID) of the project that contains the secret. If not set, it is 710 // assumed that the secret is in the same project as the function. 711 string project_id = 2; 712 713 // Name of the secret in secret manager (not the full resource name). 714 string secret = 3; 715 716 // List of secret versions to mount for this secret. If empty, the `latest` 717 // version of the secret will be made available in a file named after the 718 // secret under the mount point. 719 repeated SecretVersion versions = 4; 720} 721 722// Describes EventTrigger, used to request events to be sent from another 723// service. 724message EventTrigger { 725 // Describes the retry policy in case of function's execution failure. 726 // Retried execution is charged as any other execution. 727 enum RetryPolicy { 728 // Not specified. 729 RETRY_POLICY_UNSPECIFIED = 0; 730 731 // Do not retry. 732 RETRY_POLICY_DO_NOT_RETRY = 1; 733 734 // Retry on any failure, retry up to 7 days with an exponential backoff 735 // (capped at 10 seconds). 736 RETRY_POLICY_RETRY = 2; 737 } 738 739 // Output only. The resource name of the Eventarc trigger. The format of this 740 // field is `projects/{project}/locations/{region}/triggers/{trigger}`. 741 string trigger = 1 [ 742 (google.api.field_behavior) = OUTPUT_ONLY, 743 (google.api.resource_reference) = { 744 type: "eventarc.googleapis.com/Trigger" 745 } 746 ]; 747 748 // The region that the trigger will be in. The trigger will only receive 749 // events originating in this region. It can be the same 750 // region as the function, a different region or multi-region, or the global 751 // region. If not provided, defaults to the same region as the function. 752 string trigger_region = 2; 753 754 // Required. The type of event to observe. For example: 755 // `google.cloud.audit.log.v1.written` or 756 // `google.cloud.pubsub.topic.v1.messagePublished`. 757 string event_type = 3 [(google.api.field_behavior) = REQUIRED]; 758 759 // Criteria used to filter events. 760 repeated EventFilter event_filters = 4; 761 762 // Optional. The name of a Pub/Sub topic in the same project that will be used 763 // as the transport topic for the event delivery. Format: 764 // `projects/{project}/topics/{topic}`. 765 // 766 // This is only valid for events of type 767 // `google.cloud.pubsub.topic.v1.messagePublished`. The topic provided here 768 // will not be deleted at function deletion. 769 string pubsub_topic = 5 [ 770 (google.api.field_behavior) = OPTIONAL, 771 (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" } 772 ]; 773 774 // Optional. The email of the trigger's service account. The service account 775 // must have permission to invoke Cloud Run services, the permission is 776 // `run.routes.invoke`. 777 // If empty, defaults to the Compute Engine default service account: 778 // `{project_number}[email protected]`. 779 string service_account_email = 6 [(google.api.field_behavior) = OPTIONAL]; 780 781 // Optional. If unset, then defaults to ignoring failures (i.e. not retrying 782 // them). 783 RetryPolicy retry_policy = 7 [(google.api.field_behavior) = OPTIONAL]; 784 785 // Optional. The name of the channel associated with the trigger in 786 // `projects/{project}/locations/{location}/channels/{channel}` format. 787 // You must provide a channel to receive events from Eventarc SaaS partners. 788 string channel = 8 [ 789 (google.api.field_behavior) = OPTIONAL, 790 (google.api.resource_reference) = { 791 type: "eventarc.googleapis.com/Channel" 792 } 793 ]; 794} 795 796// Filters events based on exact matches on the CloudEvents attributes. 797message EventFilter { 798 // Required. The name of a CloudEvents attribute. 799 string attribute = 1 [(google.api.field_behavior) = REQUIRED]; 800 801 // Required. The value for the attribute. 802 string value = 2 [(google.api.field_behavior) = REQUIRED]; 803 804 // Optional. The operator used for matching the events with the value of the 805 // filter. If not specified, only events that have an exact key-value pair 806 // specified in the filter are matched. The only allowed value is 807 // `match-path-pattern`. 808 string operator = 3 [(google.api.field_behavior) = OPTIONAL]; 809} 810 811// Request for the `GetFunction` method. 812message GetFunctionRequest { 813 // Required. The name of the function which details should be obtained. 814 string name = 1 [ 815 (google.api.field_behavior) = REQUIRED, 816 (google.api.resource_reference) = { 817 type: "cloudfunctions.googleapis.com/Function" 818 } 819 ]; 820} 821 822// Request for the `ListFunctions` method. 823message ListFunctionsRequest { 824 // Required. The project and location from which the function should be 825 // listed, specified in the format `projects/*/locations/*` If you want to 826 // list functions in all locations, use "-" in place of a location. When 827 // listing functions in all locations, if one or more location(s) are 828 // unreachable, the response will contain functions from all reachable 829 // locations along with the names of any unreachable locations. 830 string parent = 1 [ 831 (google.api.field_behavior) = REQUIRED, 832 (google.api.resource_reference) = { 833 child_type: "cloudfunctions.googleapis.com/Function" 834 } 835 ]; 836 837 // Maximum number of functions to return per call. The largest allowed 838 // page_size is 1,000, if the page_size is omitted or specified as greater 839 // than 1,000 then it will be replaced as 1,000. The size of the list 840 // response can be less than specified when used with filters. 841 int32 page_size = 2; 842 843 // The value returned by the last 844 // `ListFunctionsResponse`; indicates that 845 // this is a continuation of a prior `ListFunctions` call, and that the 846 // system should return the next page of data. 847 string page_token = 3; 848 849 // The filter for Functions that match the filter expression, 850 // following the syntax outlined in https://google.aip.dev/160. 851 string filter = 4; 852 853 // The sorting order of the resources returned. Value should be a comma 854 // separated list of fields. The default sorting oder is ascending. 855 // See https://google.aip.dev/132#ordering. 856 string order_by = 5; 857} 858 859// Response for the `ListFunctions` method. 860message ListFunctionsResponse { 861 // The functions that match the request. 862 repeated Function functions = 1; 863 864 // A token, which can be sent as `page_token` to retrieve the next page. 865 // If this field is omitted, there are no subsequent pages. 866 string next_page_token = 2; 867 868 // Locations that could not be reached. The response does not include any 869 // functions from these locations. 870 repeated string unreachable = 3; 871} 872 873// Request for the `CreateFunction` method. 874message CreateFunctionRequest { 875 // Required. The project and location in which the function should be created, 876 // specified in the format `projects/*/locations/*` 877 string parent = 1 [ 878 (google.api.field_behavior) = REQUIRED, 879 (google.api.resource_reference) = { 880 type: "locations.googleapis.com/Location" 881 } 882 ]; 883 884 // Required. Function to be created. 885 Function function = 2 [(google.api.field_behavior) = REQUIRED]; 886 887 // The ID to use for the function, which will become the final component of 888 // the function's resource name. 889 // 890 // This value should be 4-63 characters, and valid characters 891 // are /[a-z][0-9]-/. 892 string function_id = 3; 893} 894 895// Request for the `UpdateFunction` method. 896message UpdateFunctionRequest { 897 // Required. New version of the function. 898 Function function = 1 [(google.api.field_behavior) = REQUIRED]; 899 900 // The list of fields to be updated. 901 // If no field mask is provided, all provided fields in the request will be 902 // updated. 903 google.protobuf.FieldMask update_mask = 2; 904} 905 906// Request for the `DeleteFunction` method. 907message DeleteFunctionRequest { 908 // Required. The name of the function which should be deleted. 909 string name = 1 [ 910 (google.api.field_behavior) = REQUIRED, 911 (google.api.resource_reference) = { 912 type: "cloudfunctions.googleapis.com/Function" 913 } 914 ]; 915} 916 917// Request of `GenerateSourceUploadUrl` method. 918message GenerateUploadUrlRequest { 919 // Required. The project and location in which the Google Cloud Storage signed 920 // URL should be generated, specified in the format `projects/*/locations/*`. 921 string parent = 1 [ 922 (google.api.field_behavior) = REQUIRED, 923 (google.api.resource_reference) = { 924 type: "locations.googleapis.com/Location" 925 } 926 ]; 927 928 // Resource name of a KMS crypto key (managed by the user) used to 929 // encrypt/decrypt function source code objects in intermediate Cloud Storage 930 // buckets. When you generate an upload url and upload your source code, it 931 // gets copied to an intermediate Cloud Storage bucket. The source code is 932 // then copied to a versioned directory in the sources bucket in the consumer 933 // project during the function deployment. 934 // 935 // It must match the pattern 936 // `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. 937 // 938 // The Google Cloud Functions service account 939 // (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) must be 940 // granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter 941 // (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the 942 // Key/KeyRing/Project/Organization (least access preferred). 943 string kms_key_name = 2 [(google.api.resource_reference) = { 944 type: "cloudkms.googleapis.com/CryptoKey" 945 }]; 946} 947 948// Response of `GenerateSourceUploadUrl` method. 949message GenerateUploadUrlResponse { 950 // The generated Google Cloud Storage signed URL that should be used for a 951 // function source code upload. The uploaded file should be a zip archive 952 // which contains a function. 953 string upload_url = 1; 954 955 // The location of the source code in the upload bucket. 956 // 957 // Once the archive is uploaded using the `upload_url` use this field to 958 // set the `function.build_config.source.storage_source` 959 // during CreateFunction and UpdateFunction. 960 // 961 // Generation defaults to 0, as Cloud Storage provides a new generation only 962 // upon uploading a new object or version of an object. 963 StorageSource storage_source = 2; 964} 965 966// Request of `GenerateDownloadUrl` method. 967message GenerateDownloadUrlRequest { 968 // Required. The name of function for which source code Google Cloud Storage 969 // signed URL should be generated. 970 string name = 1 [ 971 (google.api.field_behavior) = REQUIRED, 972 (google.api.resource_reference) = { 973 type: "cloudfunctions.googleapis.com/Function" 974 } 975 ]; 976} 977 978// Response of `GenerateDownloadUrl` method. 979message GenerateDownloadUrlResponse { 980 // The generated Google Cloud Storage signed URL that should be used for 981 // function source code download. 982 string download_url = 1; 983} 984 985// Request for the `ListRuntimes` method. 986message ListRuntimesRequest { 987 // Required. The project and location from which the runtimes should be 988 // listed, specified in the format `projects/*/locations/*` 989 string parent = 1 [ 990 (google.api.field_behavior) = REQUIRED, 991 (google.api.resource_reference) = { 992 type: "locations.googleapis.com/Location" 993 } 994 ]; 995 996 // The filter for Runtimes that match the filter expression, 997 // following the syntax outlined in https://google.aip.dev/160. 998 string filter = 2; 999} 1000 1001// Response for the `ListRuntimes` method. 1002message ListRuntimesResponse { 1003 // Describes a runtime and any special information (e.g., deprecation status) 1004 // related to it. 1005 message Runtime { 1006 // The name of the runtime, e.g., 'go113', 'nodejs12', etc. 1007 string name = 1; 1008 1009 // The user facing name, eg 'Go 1.13', 'Node.js 12', etc. 1010 string display_name = 5; 1011 1012 // The stage of life this runtime is in, e.g., BETA, GA, etc. 1013 RuntimeStage stage = 2; 1014 1015 // Warning messages, e.g., a deprecation warning. 1016 repeated string warnings = 3; 1017 1018 // The environment for the runtime. 1019 Environment environment = 4; 1020 } 1021 1022 // The various stages that a runtime can be in. 1023 enum RuntimeStage { 1024 // Not specified. 1025 RUNTIME_STAGE_UNSPECIFIED = 0; 1026 1027 // The runtime is in development. 1028 DEVELOPMENT = 1; 1029 1030 // The runtime is in the Alpha stage. 1031 ALPHA = 2; 1032 1033 // The runtime is in the Beta stage. 1034 BETA = 3; 1035 1036 // The runtime is generally available. 1037 GA = 4; 1038 1039 // The runtime is deprecated. 1040 DEPRECATED = 5; 1041 1042 // The runtime is no longer supported. 1043 DECOMMISSIONED = 6; 1044 } 1045 1046 // The runtimes that match the request. 1047 repeated Runtime runtimes = 1; 1048} 1049 1050// Represents the metadata of the long-running operation. 1051message OperationMetadata { 1052 // The time the operation was created. 1053 google.protobuf.Timestamp create_time = 1; 1054 1055 // The time the operation finished running. 1056 google.protobuf.Timestamp end_time = 2; 1057 1058 // Server-defined resource path for the target of the operation. 1059 string target = 3; 1060 1061 // Name of the verb executed by the operation. 1062 string verb = 4; 1063 1064 // Human-readable status of the operation, if any. 1065 string status_detail = 5; 1066 1067 // Identifies whether the user has requested cancellation 1068 // of the operation. Operations that have successfully been cancelled 1069 // have [Operation.error][] value with a 1070 // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to 1071 // `Code.CANCELLED`. 1072 bool cancel_requested = 6; 1073 1074 // API version used to start the operation. 1075 string api_version = 7; 1076 1077 // The original request that started the operation. 1078 google.protobuf.Any request_resource = 8; 1079 1080 // Mechanism for reporting in-progress stages 1081 repeated Stage stages = 9; 1082} 1083 1084// Each Stage of the deployment process 1085message Stage { 1086 // Possible names for a Stage 1087 enum Name { 1088 // Not specified. Invalid name. 1089 NAME_UNSPECIFIED = 0; 1090 1091 // Artifact Regsitry Stage 1092 ARTIFACT_REGISTRY = 1; 1093 1094 // Build Stage 1095 BUILD = 2; 1096 1097 // Service Stage 1098 SERVICE = 3; 1099 1100 // Trigger Stage 1101 TRIGGER = 4; 1102 1103 // Service Rollback Stage 1104 SERVICE_ROLLBACK = 5; 1105 1106 // Trigger Rollback Stage 1107 TRIGGER_ROLLBACK = 6; 1108 } 1109 1110 // Possible states for a Stage 1111 enum State { 1112 // Not specified. Invalid state. 1113 STATE_UNSPECIFIED = 0; 1114 1115 // Stage has not started. 1116 NOT_STARTED = 1; 1117 1118 // Stage is in progress. 1119 IN_PROGRESS = 2; 1120 1121 // Stage has completed. 1122 COMPLETE = 3; 1123 } 1124 1125 // Name of the Stage. This will be unique for each Stage. 1126 Name name = 1; 1127 1128 // Message describing the Stage 1129 string message = 2; 1130 1131 // Current state of the Stage 1132 State state = 3; 1133 1134 // Resource of the Stage 1135 string resource = 4; 1136 1137 // Link to the current Stage resource 1138 string resource_uri = 5; 1139 1140 // State messages from the current Stage. 1141 repeated StateMessage state_messages = 6; 1142} 1143