1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.functions.v2; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/longrunning/operations.proto"; 24import "google/protobuf/any.proto"; 25import "google/protobuf/empty.proto"; 26import "google/protobuf/field_mask.proto"; 27import "google/protobuf/timestamp.proto"; 28 29option go_package = "cloud.google.com/go/functions/apiv2/functionspb;functionspb"; 30option java_multiple_files = true; 31option java_outer_classname = "FunctionsProto"; 32option java_package = "com.google.cloud.functions.v2"; 33option objc_class_prefix = "GCF"; 34option (google.api.resource_definition) = { 35 type: "artifactregistry.googleapis.com/Repository" 36 pattern: "projects/{project}/locations/{location}/repositories/{repository}" 37}; 38option (google.api.resource_definition) = { 39 type: "cloudbuild.googleapis.com/Build" 40 pattern: "projects/{project}/locations/{location}/builds/{build}" 41}; 42option (google.api.resource_definition) = { 43 type: "cloudbuild.googleapis.com/WorkerPool" 44 pattern: "projects/{project}/locations/{location}/workerPools/{worker_pool}" 45}; 46option (google.api.resource_definition) = { 47 type: "run.googleapis.com/Service" 48 pattern: "projects/{project}/locations/{location}/services/{service}" 49}; 50option (google.api.resource_definition) = { 51 type: "vpcaccess.googleapis.com/Connector" 52 pattern: "projects/{project}/locations/{location}/connectors/{connector}" 53}; 54option (google.api.resource_definition) = { 55 type: "eventarc.googleapis.com/Trigger" 56 pattern: "projects/{project}/locations/{location}/triggers/{trigger}" 57}; 58option (google.api.resource_definition) = { 59 type: "eventarc.googleapis.com/Channel" 60 pattern: "projects/{project}/locations/{location}/channels/{channel}" 61}; 62option (google.api.resource_definition) = { 63 type: "pubsub.googleapis.com/Topic" 64 pattern: "projects/{project}/topics/{topic}" 65}; 66option (google.api.resource_definition) = { 67 type: "cloudkms.googleapis.com/CryptoKey" 68 pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}" 69}; 70 71// Google Cloud Functions is used to deploy functions that are executed by 72// Google in response to various events. Data connected with that event is 73// passed to a function as the input data. 74// 75// A **function** is a resource which describes a function that should be 76// executed and how it is triggered. 77service FunctionService { 78 option (google.api.default_host) = "cloudfunctions.googleapis.com"; 79 option (google.api.oauth_scopes) = 80 "https://www.googleapis.com/auth/cloud-platform"; 81 82 // Returns a function with the given name from the requested project. 83 rpc GetFunction(GetFunctionRequest) returns (Function) { 84 option (google.api.http) = { 85 get: "/v2/{name=projects/*/locations/*/functions/*}" 86 }; 87 option (google.api.method_signature) = "name"; 88 } 89 90 // Returns a list of functions that belong to the requested project. 91 rpc ListFunctions(ListFunctionsRequest) returns (ListFunctionsResponse) { 92 option (google.api.http) = { 93 get: "/v2/{parent=projects/*/locations/*}/functions" 94 }; 95 option (google.api.method_signature) = "parent"; 96 } 97 98 // Creates a new function. If a function with the given name already exists in 99 // the specified project, the long running operation will return 100 // `ALREADY_EXISTS` error. 101 rpc CreateFunction(CreateFunctionRequest) 102 returns (google.longrunning.Operation) { 103 option (google.api.http) = { 104 post: "/v2/{parent=projects/*/locations/*}/functions" 105 body: "function" 106 }; 107 option (google.api.method_signature) = "parent,function,function_id"; 108 option (google.longrunning.operation_info) = { 109 response_type: "google.cloud.functions.v2.Function" 110 metadata_type: "google.cloud.functions.v2.OperationMetadata" 111 }; 112 } 113 114 // Updates existing function. 115 rpc UpdateFunction(UpdateFunctionRequest) 116 returns (google.longrunning.Operation) { 117 option (google.api.http) = { 118 patch: "/v2/{function.name=projects/*/locations/*/functions/*}" 119 body: "function" 120 }; 121 option (google.api.method_signature) = "function,update_mask"; 122 option (google.longrunning.operation_info) = { 123 response_type: "google.cloud.functions.v2.Function" 124 metadata_type: "google.cloud.functions.v2.OperationMetadata" 125 }; 126 } 127 128 // Deletes a function with the given name from the specified project. If the 129 // given function is used by some trigger, the trigger will be updated to 130 // remove this function. 131 rpc DeleteFunction(DeleteFunctionRequest) 132 returns (google.longrunning.Operation) { 133 option (google.api.http) = { 134 delete: "/v2/{name=projects/*/locations/*/functions/*}" 135 }; 136 option (google.api.method_signature) = "name"; 137 option (google.longrunning.operation_info) = { 138 response_type: "google.protobuf.Empty" 139 metadata_type: "google.cloud.functions.v2.OperationMetadata" 140 }; 141 } 142 143 // Returns a signed URL for uploading a function source code. 144 // For more information about the signed URL usage see: 145 // https://cloud.google.com/storage/docs/access-control/signed-urls. 146 // Once the function source code upload is complete, the used signed 147 // URL should be provided in CreateFunction or UpdateFunction request 148 // as a reference to the function source code. 149 // 150 // When uploading source code to the generated signed URL, please follow 151 // these restrictions: 152 // 153 // * Source file type should be a zip file. 154 // * No credentials should be attached - the signed URLs provide access to the 155 // target bucket using internal service identity; if credentials were 156 // attached, the identity from the credentials would be used, but that 157 // identity does not have permissions to upload files to the URL. 158 // 159 // When making a HTTP PUT request, these two headers need to be specified: 160 // 161 // * `content-type: application/zip` 162 // 163 // And this header SHOULD NOT be specified: 164 // 165 // * `Authorization: Bearer YOUR_TOKEN` 166 rpc GenerateUploadUrl(GenerateUploadUrlRequest) 167 returns (GenerateUploadUrlResponse) { 168 option (google.api.http) = { 169 post: "/v2/{parent=projects/*/locations/*}/functions:generateUploadUrl" 170 body: "*" 171 }; 172 } 173 174 // Returns a signed URL for downloading deployed function source code. 175 // The URL is only valid for a limited period and should be used within 176 // 30 minutes of generation. 177 // For more information about the signed URL usage see: 178 // https://cloud.google.com/storage/docs/access-control/signed-urls 179 rpc GenerateDownloadUrl(GenerateDownloadUrlRequest) 180 returns (GenerateDownloadUrlResponse) { 181 option (google.api.http) = { 182 post: "/v2/{name=projects/*/locations/*/functions/*}:generateDownloadUrl" 183 body: "*" 184 }; 185 } 186 187 // Returns a list of runtimes that are supported for the requested project. 188 rpc ListRuntimes(ListRuntimesRequest) returns (ListRuntimesResponse) { 189 option (google.api.http) = { 190 get: "/v2/{parent=projects/*/locations/*}/runtimes" 191 }; 192 option (google.api.method_signature) = "parent"; 193 } 194} 195 196// The environment the function is hosted on. 197enum Environment { 198 // Unspecified 199 ENVIRONMENT_UNSPECIFIED = 0; 200 201 // Gen 1 202 GEN_1 = 1; 203 204 // Gen 2 205 GEN_2 = 2; 206} 207 208// Describes a Cloud Function that contains user computation executed in 209// response to an event. It encapsulates function and trigger configurations. 210message Function { 211 option (google.api.resource) = { 212 type: "cloudfunctions.googleapis.com/Function" 213 pattern: "projects/{project}/locations/{location}/functions/{function}" 214 plural: "functions" 215 singular: "function" 216 }; 217 218 // Describes the current state of the function. 219 enum State { 220 // Not specified. Invalid state. 221 STATE_UNSPECIFIED = 0; 222 223 // Function has been successfully deployed and is serving. 224 ACTIVE = 1; 225 226 // Function deployment failed and the function is not serving. 227 FAILED = 2; 228 229 // Function is being created or updated. 230 DEPLOYING = 3; 231 232 // Function is being deleted. 233 DELETING = 4; 234 235 // Function deployment failed and the function serving state is undefined. 236 // The function should be updated or deleted to move it out of this state. 237 UNKNOWN = 5; 238 } 239 240 // A user-defined name of the function. Function names must be unique 241 // globally and match pattern `projects/*/locations/*/functions/*` 242 string name = 1; 243 244 // User-provided description of a function. 245 string description = 2; 246 247 // Describes the Build step of the function that builds a container from the 248 // given source. 249 BuildConfig build_config = 3; 250 251 // Describes the Service being deployed. Currently deploys services to Cloud 252 // Run (fully managed). 253 ServiceConfig service_config = 4; 254 255 // An Eventarc trigger managed by Google Cloud Functions that fires events in 256 // response to a condition in another service. 257 EventTrigger event_trigger = 5; 258 259 // Output only. State of the function. 260 State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; 261 262 // Output only. The last update timestamp of a Cloud Function. 263 google.protobuf.Timestamp update_time = 7 264 [(google.api.field_behavior) = OUTPUT_ONLY]; 265 266 // Labels associated with this Cloud Function. 267 map<string, string> labels = 8; 268 269 // Output only. State Messages for this Cloud Function. 270 repeated StateMessage state_messages = 9 271 [(google.api.field_behavior) = OUTPUT_ONLY]; 272 273 // Describe whether the function is 1st Gen or 2nd Gen. 274 Environment environment = 10; 275 276 // Output only. The deployed url for the function. 277 string url = 14 [(google.api.field_behavior) = OUTPUT_ONLY]; 278 279 // [Preview] Resource name of a KMS crypto key (managed by the user) used to 280 // encrypt/decrypt function resources. 281 // 282 // It must match the pattern 283 // `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. 284 string kms_key_name = 25 [(google.api.resource_reference) = { 285 type: "cloudkms.googleapis.com/CryptoKey" 286 }]; 287} 288 289// Informational messages about the state of the Cloud Function or Operation. 290message StateMessage { 291 // Severity of the state message. 292 enum Severity { 293 // Not specified. Invalid severity. 294 SEVERITY_UNSPECIFIED = 0; 295 296 // ERROR-level severity. 297 ERROR = 1; 298 299 // WARNING-level severity. 300 WARNING = 2; 301 302 // INFO-level severity. 303 INFO = 3; 304 } 305 306 // Severity of the state message. 307 Severity severity = 1; 308 309 // One-word CamelCase type of the state message. 310 string type = 2; 311 312 // The message. 313 string message = 3; 314} 315 316// Location of the source in an archive file in Google Cloud Storage. 317message StorageSource { 318 // Google Cloud Storage bucket containing the source (see 319 // [Bucket Name 320 // Requirements](https://cloud.google.com/storage/docs/bucket-naming#requirements)). 321 string bucket = 1; 322 323 // Google Cloud Storage object containing the source. 324 // 325 // This object must be a gzipped archive file (`.tar.gz`) containing source to 326 // build. 327 string object = 2; 328 329 // Google Cloud Storage generation for the object. If the generation is 330 // omitted, the latest generation will be used. 331 int64 generation = 3; 332} 333 334// Location of the source in a Google Cloud Source Repository. 335message RepoSource { 336 // A revision within the Cloud Source Repository must be specified in 337 // one of these ways. 338 oneof revision { 339 // Regex matching branches to build. 340 // 341 // The syntax of the regular expressions accepted is the syntax accepted by 342 // RE2 and described at https://github.com/google/re2/wiki/Syntax 343 string branch_name = 3; 344 345 // Regex matching tags to build. 346 // 347 // The syntax of the regular expressions accepted is the syntax accepted by 348 // RE2 and described at https://github.com/google/re2/wiki/Syntax 349 string tag_name = 4; 350 351 // Explicit commit SHA to build. 352 string commit_sha = 5; 353 } 354 355 // ID of the project that owns the Cloud Source Repository. If omitted, the 356 // project ID requesting the build is assumed. 357 string project_id = 1; 358 359 // Name of the Cloud Source Repository. 360 string repo_name = 2; 361 362 // Directory, relative to the source root, in which to run the build. 363 // 364 // This must be a relative path. If a step's `dir` is specified and is an 365 // absolute path, this value is ignored for that step's execution. 366 // eg. helloworld (no leading slash allowed) 367 string dir = 6; 368 369 // Only trigger a build if the revision regex does NOT match the revision 370 // regex. 371 bool invert_regex = 7; 372} 373 374// The location of the function source code. 375message Source { 376 // Location of the source. 377 // At least one source needs to be provided for the deployment to succeed. 378 oneof source { 379 // If provided, get the source from this location in Google Cloud Storage. 380 StorageSource storage_source = 1; 381 382 // If provided, get the source from this location in a Cloud Source 383 // Repository. 384 RepoSource repo_source = 2; 385 } 386} 387 388// Provenance of the source. Ways to find the original source, or verify that 389// some source was used for this build. 390message SourceProvenance { 391 // A copy of the build's `source.storage_source`, if exists, with any 392 // generations resolved. 393 StorageSource resolved_storage_source = 1; 394 395 // A copy of the build's `source.repo_source`, if exists, with any 396 // revisions resolved. 397 RepoSource resolved_repo_source = 2; 398} 399 400// Describes the Build step of the function that builds a container from the 401// given source. 402message BuildConfig { 403 // Docker Registry to use for storing function Docker images. 404 enum DockerRegistry { 405 // Unspecified. 406 DOCKER_REGISTRY_UNSPECIFIED = 0; 407 408 // Docker images will be stored in multi-regional Container Registry 409 // repositories named `gcf`. 410 CONTAINER_REGISTRY = 1; 411 412 // Docker images will be stored in regional Artifact Registry repositories. 413 // By default, GCF will create and use repositories named `gcf-artifacts` 414 // in every region in which a function is deployed. But the repository to 415 // use can also be specified by the user using the `docker_repository` 416 // field. 417 ARTIFACT_REGISTRY = 2; 418 } 419 420 // Output only. The Cloud Build name of the latest successful deployment of 421 // the function. 422 string build = 1 [ 423 (google.api.field_behavior) = OUTPUT_ONLY, 424 (google.api.resource_reference) = { 425 type: "cloudbuild.googleapis.com/Build" 426 } 427 ]; 428 429 // The runtime in which to run the function. Required when deploying a new 430 // function, optional when updating an existing function. For a complete 431 // list of possible choices, see the 432 // [`gcloud` command 433 // reference](https://cloud.google.com/sdk/gcloud/reference/functions/deploy#--runtime). 434 string runtime = 2; 435 436 // The name of the function (as defined in source code) that will be 437 // executed. Defaults to the resource name suffix, if not specified. For 438 // backward compatibility, if function with given name is not found, then the 439 // system will try to use function named "function". 440 // For Node.js this is name of a function exported by the module specified 441 // in `source_location`. 442 string entry_point = 3; 443 444 // The location of the function source code. 445 Source source = 4; 446 447 // Output only. A permanent fixed identifier for source. 448 SourceProvenance source_provenance = 8 449 [(google.api.field_behavior) = OUTPUT_ONLY]; 450 451 // Name of the Cloud Build Custom Worker Pool that should be used to build the 452 // function. The format of this field is 453 // `projects/{project}/locations/{region}/workerPools/{workerPool}` where 454 // {project} and {region} are the project id and region respectively where the 455 // worker pool is defined and {workerPool} is the short name of the worker 456 // pool. 457 // 458 // If the project id is not the same as the function, then the Cloud 459 // Functions Service Agent 460 // (service-<project_number>@gcf-admin-robot.iam.gserviceaccount.com) must be 461 // granted the role Cloud Build Custom Workers Builder 462 // (roles/cloudbuild.customworkers.builder) in the project. 463 string worker_pool = 5 [(google.api.resource_reference) = { 464 type: "cloudbuild.googleapis.com/WorkerPool" 465 }]; 466 467 // User-provided build-time environment variables for the function 468 map<string, string> environment_variables = 6; 469 470 // Docker Registry to use for this deployment. This configuration is only 471 // applicable to 1st Gen functions, 2nd Gen functions can only use Artifact 472 // Registry. 473 // 474 // If `docker_repository` field is specified, this field will be automatically 475 // set as `ARTIFACT_REGISTRY`. 476 // If unspecified, it currently defaults to `CONTAINER_REGISTRY`. 477 // This field may be overridden by the backend for eligible deployments. 478 DockerRegistry docker_registry = 10; 479 480 // User managed repository created in Artifact Registry optionally 481 // with a customer managed encryption key. This is the repository to which the 482 // function docker image will be pushed after it is built by Cloud Build. 483 // If unspecified, GCF will create and use a repository named 'gcf-artifacts' 484 // for every deployed region. 485 // 486 // It must match the pattern 487 // `projects/{project}/locations/{location}/repositories/{repository}`. 488 // 489 // Cross-project repositories are not supported. 490 // Cross-location repositories are not supported. 491 // Repository format must be 'DOCKER'. 492 string docker_repository = 7 [(google.api.resource_reference) = { 493 type: "artifactregistry.googleapis.com/Repository" 494 }]; 495} 496 497// Describes the Service being deployed. 498// Currently Supported : Cloud Run (fully managed). 499message ServiceConfig { 500 // Available egress settings. 501 // 502 // This controls what traffic is diverted through the VPC Access Connector 503 // resource. By default PRIVATE_RANGES_ONLY will be used. 504 enum VpcConnectorEgressSettings { 505 // Unspecified. 506 VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED = 0; 507 508 // Use the VPC Access Connector only for private IP space from RFC1918. 509 PRIVATE_RANGES_ONLY = 1; 510 511 // Force the use of VPC Access Connector for all egress traffic from the 512 // function. 513 ALL_TRAFFIC = 2; 514 } 515 516 // Available ingress settings. 517 // 518 // This controls what traffic can reach the function. 519 // 520 // If unspecified, ALLOW_ALL will be used. 521 enum IngressSettings { 522 // Unspecified. 523 INGRESS_SETTINGS_UNSPECIFIED = 0; 524 525 // Allow HTTP traffic from public and private sources. 526 ALLOW_ALL = 1; 527 528 // Allow HTTP traffic from only private VPC sources. 529 ALLOW_INTERNAL_ONLY = 2; 530 531 // Allow HTTP traffic from private VPC sources and through GCLB. 532 ALLOW_INTERNAL_AND_GCLB = 3; 533 } 534 535 // Available security level settings. 536 // 537 // This enforces security protocol on function URL. 538 // 539 // Security level is only configurable for 1st Gen functions, If unspecified, 540 // SECURE_OPTIONAL will be used. 2nd Gen functions are SECURE_ALWAYS ONLY. 541 enum SecurityLevel { 542 // Unspecified. 543 SECURITY_LEVEL_UNSPECIFIED = 0; 544 545 // Requests for a URL that match this handler that do not use HTTPS are 546 // automatically redirected to the HTTPS URL with the same path. Query 547 // parameters are reserved for the redirect. 548 SECURE_ALWAYS = 1; 549 550 // Both HTTP and HTTPS requests with URLs that match the handler succeed 551 // without redirects. The application can examine the request to determine 552 // which protocol was used and respond accordingly. 553 SECURE_OPTIONAL = 2; 554 } 555 556 // Output only. Name of the service associated with a Function. 557 // The format of this field is 558 // `projects/{project}/locations/{region}/services/{service}` 559 string service = 1 [ 560 (google.api.field_behavior) = OUTPUT_ONLY, 561 (google.api.resource_reference) = { type: "run.googleapis.com/Service" } 562 ]; 563 564 // The function execution timeout. Execution is considered failed and 565 // can be terminated if the function is not completed at the end of the 566 // timeout period. Defaults to 60 seconds. 567 int32 timeout_seconds = 2; 568 569 // The amount of memory available for a function. 570 // Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is 571 // supplied the value is interpreted as bytes. 572 // See 573 // https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go 574 // a full description. 575 string available_memory = 13; 576 577 // [Preview] The number of CPUs used in a single container instance. 578 // Default value is calculated from available memory. 579 // Supports the same values as Cloud Run, see 580 // https://cloud.google.com/run/docs/reference/rest/v1/Container#resourcerequirements 581 // Example: "1" indicates 1 vCPU 582 string available_cpu = 22; 583 584 // Environment variables that shall be available during function execution. 585 map<string, string> environment_variables = 4; 586 587 // The limit on the maximum number of function instances that may coexist at a 588 // given time. 589 // 590 // In some cases, such as rapid traffic surges, Cloud Functions may, for a 591 // short period of time, create more instances than the specified max 592 // instances limit. If your function cannot tolerate this temporary behavior, 593 // you may want to factor in a safety margin and set a lower max instances 594 // value than your function can tolerate. 595 // 596 // See the [Max 597 // Instances](https://cloud.google.com/functions/docs/max-instances) Guide for 598 // more details. 599 int32 max_instance_count = 5; 600 601 // The limit on the minimum number of function instances that may coexist at a 602 // given time. 603 // 604 // Function instances are kept in idle state for a short period after they 605 // finished executing the request to reduce cold start time for subsequent 606 // requests. Setting a minimum instance count will ensure that the given 607 // number of instances are kept running in idle state always. This can help 608 // with cold start times when jump in incoming request count occurs after the 609 // idle instance would have been stopped in the default case. 610 int32 min_instance_count = 12; 611 612 // The Serverless VPC Access connector that this cloud function can connect 613 // to. The format of this field is `projects/*/locations/*/connectors/*`. 614 string vpc_connector = 6 [(google.api.resource_reference) = { 615 type: "vpcaccess.googleapis.com/Connector" 616 }]; 617 618 // The egress settings for the connector, controlling what traffic is diverted 619 // through it. 620 VpcConnectorEgressSettings vpc_connector_egress_settings = 7; 621 622 // The ingress settings for the function, controlling what traffic can reach 623 // it. 624 IngressSettings ingress_settings = 8; 625 626 // Output only. URI of the Service deployed. 627 string uri = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; 628 629 // The email of the service's service account. If empty, defaults to 630 // `{project_number}[email protected]`. 631 string service_account_email = 10; 632 633 // Whether 100% of traffic is routed to the latest revision. 634 // On CreateFunction and UpdateFunction, when set to true, the revision being 635 // deployed will serve 100% of traffic, ignoring any traffic split settings, 636 // if any. On GetFunction, true will be returned if the latest revision is 637 // serving 100% of traffic. 638 bool all_traffic_on_latest_revision = 16; 639 640 // Secret environment variables configuration. 641 repeated SecretEnvVar secret_environment_variables = 17; 642 643 // Secret volumes configuration. 644 repeated SecretVolume secret_volumes = 19; 645 646 // Output only. The name of service revision. 647 string revision = 18 [(google.api.field_behavior) = OUTPUT_ONLY]; 648 649 // [Preview] Sets the maximum number of concurrent requests that each instance 650 // can receive. Defaults to 1. 651 int32 max_instance_request_concurrency = 20; 652 653 // Security level configure whether the function only accepts https. 654 // This configuration is only applicable to 1st Gen functions with Http 655 // trigger. By default https is optional for 1st Gen functions; 2nd Gen 656 // functions are https ONLY. 657 SecurityLevel security_level = 21; 658} 659 660// Configuration for a secret environment variable. It has the information 661// necessary to fetch the secret value from secret manager and expose it as an 662// environment variable. 663message SecretEnvVar { 664 // Name of the environment variable. 665 string key = 1; 666 667 // Project identifier (preferably project number but can also be the 668 // project ID) of the project that contains the secret. If not set, it is 669 // assumed that the secret is in the same project as the function. 670 string project_id = 2; 671 672 // Name of the secret in secret manager (not the full resource name). 673 string secret = 3; 674 675 // Version of the secret (version number or the string 'latest'). It is 676 // recommended to use a numeric version for secret environment variables as 677 // any updates to the secret value is not reflected until new instances 678 // start. 679 string version = 4; 680} 681 682// Configuration for a secret volume. It has the information necessary to fetch 683// the secret value from secret manager and make it available as files mounted 684// at the requested paths within the application container. 685message SecretVolume { 686 // Configuration for a single version. 687 message SecretVersion { 688 // Version of the secret (version number or the string 'latest'). It is 689 // preferable to use `latest` version with secret volumes as secret value 690 // changes are reflected immediately. 691 string version = 1; 692 693 // Relative path of the file under the mount path where the secret value for 694 // this version will be fetched and made available. For example, setting the 695 // mount_path as '/etc/secrets' and path as `secret_foo` would mount the 696 // secret value file at `/etc/secrets/secret_foo`. 697 string path = 2; 698 } 699 700 // The path within the container to mount the secret volume. For example, 701 // setting the mount_path as `/etc/secrets` would mount the secret value files 702 // under the `/etc/secrets` directory. This directory will also be completely 703 // shadowed and unavailable to mount any other secrets. 704 // Recommended mount path: /etc/secrets 705 string mount_path = 1; 706 707 // Project identifier (preferably project number but can also be the project 708 // ID) of the project that contains the secret. If not set, it is 709 // assumed that the secret is in the same project as the function. 710 string project_id = 2; 711 712 // Name of the secret in secret manager (not the full resource name). 713 string secret = 3; 714 715 // List of secret versions to mount for this secret. If empty, the `latest` 716 // version of the secret will be made available in a file named after the 717 // secret under the mount point. 718 repeated SecretVersion versions = 4; 719} 720 721// Describes EventTrigger, used to request events to be sent from another 722// service. 723message EventTrigger { 724 // Describes the retry policy in case of function's execution failure. 725 // Retried execution is charged as any other execution. 726 enum RetryPolicy { 727 // Not specified. 728 RETRY_POLICY_UNSPECIFIED = 0; 729 730 // Do not retry. 731 RETRY_POLICY_DO_NOT_RETRY = 1; 732 733 // Retry on any failure, retry up to 7 days with an exponential backoff 734 // (capped at 10 seconds). 735 RETRY_POLICY_RETRY = 2; 736 } 737 738 // Output only. The resource name of the Eventarc trigger. The format of this 739 // field is `projects/{project}/locations/{region}/triggers/{trigger}`. 740 string trigger = 1 [ 741 (google.api.field_behavior) = OUTPUT_ONLY, 742 (google.api.resource_reference) = { 743 type: "eventarc.googleapis.com/Trigger" 744 } 745 ]; 746 747 // The region that the trigger will be in. The trigger will only receive 748 // events originating in this region. It can be the same 749 // region as the function, a different region or multi-region, or the global 750 // region. If not provided, defaults to the same region as the function. 751 string trigger_region = 2; 752 753 // Required. The type of event to observe. For example: 754 // `google.cloud.audit.log.v1.written` or 755 // `google.cloud.pubsub.topic.v1.messagePublished`. 756 string event_type = 3 [(google.api.field_behavior) = REQUIRED]; 757 758 // Criteria used to filter events. 759 repeated EventFilter event_filters = 4; 760 761 // Optional. The name of a Pub/Sub topic in the same project that will be used 762 // as the transport topic for the event delivery. Format: 763 // `projects/{project}/topics/{topic}`. 764 // 765 // This is only valid for events of type 766 // `google.cloud.pubsub.topic.v1.messagePublished`. The topic provided here 767 // will not be deleted at function deletion. 768 string pubsub_topic = 5 [ 769 (google.api.field_behavior) = OPTIONAL, 770 (google.api.resource_reference) = { type: "pubsub.googleapis.com/Topic" } 771 ]; 772 773 // Optional. The email of the trigger's service account. The service account 774 // must have permission to invoke Cloud Run services, the permission is 775 // `run.routes.invoke`. 776 // If empty, defaults to the Compute Engine default service account: 777 // `{project_number}[email protected]`. 778 string service_account_email = 6 [(google.api.field_behavior) = OPTIONAL]; 779 780 // Optional. If unset, then defaults to ignoring failures (i.e. not retrying 781 // them). 782 RetryPolicy retry_policy = 7 [(google.api.field_behavior) = OPTIONAL]; 783 784 // Optional. The name of the channel associated with the trigger in 785 // `projects/{project}/locations/{location}/channels/{channel}` format. 786 // You must provide a channel to receive events from Eventarc SaaS partners. 787 string channel = 8 [ 788 (google.api.field_behavior) = OPTIONAL, 789 (google.api.resource_reference) = { 790 type: "eventarc.googleapis.com/Channel" 791 } 792 ]; 793} 794 795// Filters events based on exact matches on the CloudEvents attributes. 796message EventFilter { 797 // Required. The name of a CloudEvents attribute. 798 string attribute = 1 [(google.api.field_behavior) = REQUIRED]; 799 800 // Required. The value for the attribute. 801 string value = 2 [(google.api.field_behavior) = REQUIRED]; 802 803 // Optional. The operator used for matching the events with the value of the 804 // filter. If not specified, only events that have an exact key-value pair 805 // specified in the filter are matched. The only allowed value is 806 // `match-path-pattern`. 807 string operator = 3 [(google.api.field_behavior) = OPTIONAL]; 808} 809 810// Request for the `GetFunction` method. 811message GetFunctionRequest { 812 // Required. The name of the function which details should be obtained. 813 string name = 1 [ 814 (google.api.field_behavior) = REQUIRED, 815 (google.api.resource_reference) = { 816 type: "cloudfunctions.googleapis.com/Function" 817 } 818 ]; 819} 820 821// Request for the `ListFunctions` method. 822message ListFunctionsRequest { 823 // Required. The project and location from which the function should be 824 // listed, specified in the format `projects/*/locations/*` If you want to 825 // list functions in all locations, use "-" in place of a location. When 826 // listing functions in all locations, if one or more location(s) are 827 // unreachable, the response will contain functions from all reachable 828 // locations along with the names of any unreachable locations. 829 string parent = 1 [ 830 (google.api.field_behavior) = REQUIRED, 831 (google.api.resource_reference) = { 832 child_type: "cloudfunctions.googleapis.com/Function" 833 } 834 ]; 835 836 // Maximum number of functions to return per call. The largest allowed 837 // page_size is 1,000, if the page_size is omitted or specified as greater 838 // than 1,000 then it will be replaced as 1,000. The size of the list 839 // response can be less than specified when used with filters. 840 int32 page_size = 2; 841 842 // The value returned by the last 843 // `ListFunctionsResponse`; indicates that 844 // this is a continuation of a prior `ListFunctions` call, and that the 845 // system should return the next page of data. 846 string page_token = 3; 847 848 // The filter for Functions that match the filter expression, 849 // following the syntax outlined in https://google.aip.dev/160. 850 string filter = 4; 851 852 // The sorting order of the resources returned. Value should be a comma 853 // separated list of fields. The default sorting oder is ascending. 854 // See https://google.aip.dev/132#ordering. 855 string order_by = 5; 856} 857 858// Response for the `ListFunctions` method. 859message ListFunctionsResponse { 860 // The functions that match the request. 861 repeated Function functions = 1; 862 863 // A token, which can be sent as `page_token` to retrieve the next page. 864 // If this field is omitted, there are no subsequent pages. 865 string next_page_token = 2; 866 867 // Locations that could not be reached. The response does not include any 868 // functions from these locations. 869 repeated string unreachable = 3; 870} 871 872// Request for the `CreateFunction` method. 873message CreateFunctionRequest { 874 // Required. The project and location in which the function should be created, 875 // specified in the format `projects/*/locations/*` 876 string parent = 1 [ 877 (google.api.field_behavior) = REQUIRED, 878 (google.api.resource_reference) = { 879 type: "locations.googleapis.com/Location" 880 } 881 ]; 882 883 // Required. Function to be created. 884 Function function = 2 [(google.api.field_behavior) = REQUIRED]; 885 886 // The ID to use for the function, which will become the final component of 887 // the function's resource name. 888 // 889 // This value should be 4-63 characters, and valid characters 890 // are /[a-z][0-9]-/. 891 string function_id = 3; 892} 893 894// Request for the `UpdateFunction` method. 895message UpdateFunctionRequest { 896 // Required. New version of the function. 897 Function function = 1 [(google.api.field_behavior) = REQUIRED]; 898 899 // The list of fields to be updated. 900 // If no field mask is provided, all provided fields in the request will be 901 // updated. 902 google.protobuf.FieldMask update_mask = 2; 903} 904 905// Request for the `DeleteFunction` method. 906message DeleteFunctionRequest { 907 // Required. The name of the function which should be deleted. 908 string name = 1 [ 909 (google.api.field_behavior) = REQUIRED, 910 (google.api.resource_reference) = { 911 type: "cloudfunctions.googleapis.com/Function" 912 } 913 ]; 914} 915 916// Request of `GenerateSourceUploadUrl` method. 917message GenerateUploadUrlRequest { 918 // Required. The project and location in which the Google Cloud Storage signed 919 // URL should be generated, specified in the format `projects/*/locations/*`. 920 string parent = 1 [ 921 (google.api.field_behavior) = REQUIRED, 922 (google.api.resource_reference) = { 923 type: "locations.googleapis.com/Location" 924 } 925 ]; 926 927 // [Preview] Resource name of a KMS crypto key (managed by the user) used to 928 // encrypt/decrypt function source code objects in intermediate Cloud Storage 929 // buckets. When you generate an upload url and upload your source code, it 930 // gets copied to an intermediate Cloud Storage bucket. The source code is 931 // then copied to a versioned directory in the sources bucket in the consumer 932 // project during the function deployment. 933 // 934 // It must match the pattern 935 // `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. 936 // 937 // The Google Cloud Functions service account 938 // (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) must be 939 // granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter 940 // (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the 941 // Key/KeyRing/Project/Organization (least access preferred). 942 string kms_key_name = 2 [(google.api.resource_reference) = { 943 type: "cloudkms.googleapis.com/CryptoKey" 944 }]; 945} 946 947// Response of `GenerateSourceUploadUrl` method. 948message GenerateUploadUrlResponse { 949 // The generated Google Cloud Storage signed URL that should be used for a 950 // function source code upload. The uploaded file should be a zip archive 951 // which contains a function. 952 string upload_url = 1; 953 954 // The location of the source code in the upload bucket. 955 // 956 // Once the archive is uploaded using the `upload_url` use this field to 957 // set the `function.build_config.source.storage_source` 958 // during CreateFunction and UpdateFunction. 959 // 960 // Generation defaults to 0, as Cloud Storage provides a new generation only 961 // upon uploading a new object or version of an object. 962 StorageSource storage_source = 2; 963} 964 965// Request of `GenerateDownloadUrl` method. 966message GenerateDownloadUrlRequest { 967 // Required. The name of function for which source code Google Cloud Storage 968 // signed URL should be generated. 969 string name = 1 [ 970 (google.api.field_behavior) = REQUIRED, 971 (google.api.resource_reference) = { 972 type: "cloudfunctions.googleapis.com/Function" 973 } 974 ]; 975} 976 977// Response of `GenerateDownloadUrl` method. 978message GenerateDownloadUrlResponse { 979 // The generated Google Cloud Storage signed URL that should be used for 980 // function source code download. 981 string download_url = 1; 982} 983 984// Request for the `ListRuntimes` method. 985message ListRuntimesRequest { 986 // Required. The project and location from which the runtimes should be 987 // listed, specified in the format `projects/*/locations/*` 988 string parent = 1 [ 989 (google.api.field_behavior) = REQUIRED, 990 (google.api.resource_reference) = { 991 type: "locations.googleapis.com/Location" 992 } 993 ]; 994 995 // The filter for Runtimes that match the filter expression, 996 // following the syntax outlined in https://google.aip.dev/160. 997 string filter = 2; 998} 999 1000// Response for the `ListRuntimes` method. 1001message ListRuntimesResponse { 1002 // Describes a runtime and any special information (e.g., deprecation status) 1003 // related to it. 1004 message Runtime { 1005 // The name of the runtime, e.g., 'go113', 'nodejs12', etc. 1006 string name = 1; 1007 1008 // The user facing name, eg 'Go 1.13', 'Node.js 12', etc. 1009 string display_name = 5; 1010 1011 // The stage of life this runtime is in, e.g., BETA, GA, etc. 1012 RuntimeStage stage = 2; 1013 1014 // Warning messages, e.g., a deprecation warning. 1015 repeated string warnings = 3; 1016 1017 // The environment for the runtime. 1018 Environment environment = 4; 1019 } 1020 1021 // The various stages that a runtime can be in. 1022 enum RuntimeStage { 1023 // Not specified. 1024 RUNTIME_STAGE_UNSPECIFIED = 0; 1025 1026 // The runtime is in development. 1027 DEVELOPMENT = 1; 1028 1029 // The runtime is in the Alpha stage. 1030 ALPHA = 2; 1031 1032 // The runtime is in the Beta stage. 1033 BETA = 3; 1034 1035 // The runtime is generally available. 1036 GA = 4; 1037 1038 // The runtime is deprecated. 1039 DEPRECATED = 5; 1040 1041 // The runtime is no longer supported. 1042 DECOMMISSIONED = 6; 1043 } 1044 1045 // The runtimes that match the request. 1046 repeated Runtime runtimes = 1; 1047} 1048 1049// Represents the metadata of the long-running operation. 1050message OperationMetadata { 1051 // The time the operation was created. 1052 google.protobuf.Timestamp create_time = 1; 1053 1054 // The time the operation finished running. 1055 google.protobuf.Timestamp end_time = 2; 1056 1057 // Server-defined resource path for the target of the operation. 1058 string target = 3; 1059 1060 // Name of the verb executed by the operation. 1061 string verb = 4; 1062 1063 // Human-readable status of the operation, if any. 1064 string status_detail = 5; 1065 1066 // Identifies whether the user has requested cancellation 1067 // of the operation. Operations that have successfully been cancelled 1068 // have [Operation.error][] value with a 1069 // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to 1070 // `Code.CANCELLED`. 1071 bool cancel_requested = 6; 1072 1073 // API version used to start the operation. 1074 string api_version = 7; 1075 1076 // The original request that started the operation. 1077 google.protobuf.Any request_resource = 8; 1078 1079 // Mechanism for reporting in-progress stages 1080 repeated Stage stages = 9; 1081} 1082 1083// Extra GCF specific location information. 1084message LocationMetadata { 1085 // The Cloud Function environments this location supports. 1086 repeated Environment environments = 1; 1087} 1088 1089// Each Stage of the deployment process 1090message Stage { 1091 // Possible names for a Stage 1092 enum Name { 1093 // Not specified. Invalid name. 1094 NAME_UNSPECIFIED = 0; 1095 1096 // Artifact Regsitry Stage 1097 ARTIFACT_REGISTRY = 1; 1098 1099 // Build Stage 1100 BUILD = 2; 1101 1102 // Service Stage 1103 SERVICE = 3; 1104 1105 // Trigger Stage 1106 TRIGGER = 4; 1107 1108 // Service Rollback Stage 1109 SERVICE_ROLLBACK = 5; 1110 1111 // Trigger Rollback Stage 1112 TRIGGER_ROLLBACK = 6; 1113 } 1114 1115 // Possible states for a Stage 1116 enum State { 1117 // Not specified. Invalid state. 1118 STATE_UNSPECIFIED = 0; 1119 1120 // Stage has not started. 1121 NOT_STARTED = 1; 1122 1123 // Stage is in progress. 1124 IN_PROGRESS = 2; 1125 1126 // Stage has completed. 1127 COMPLETE = 3; 1128 } 1129 1130 // Name of the Stage. This will be unique for each Stage. 1131 Name name = 1; 1132 1133 // Message describing the Stage 1134 string message = 2; 1135 1136 // Current state of the Stage 1137 State state = 3; 1138 1139 // Resource of the Stage 1140 string resource = 4; 1141 1142 // Link to the current Stage resource 1143 string resource_uri = 5; 1144 1145 // State messages from the current Stage. 1146 repeated StateMessage state_messages = 6; 1147} 1148