Skip to content

Latest commit

 

History

History
146 lines (117 loc) · 9.2 KB

File metadata and controls

146 lines (117 loc) · 9.2 KB

Terraform Google Scheduled Functions Module

This modules makes it easy to set up a scheduled job to trigger events/run functions.

Compatibility

This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v1.6.0.

Usage

You can go to the examples folder, however the usage of the module could be like this in your own main.tf file:

module "scheduled-function" {
  source  = "terraform-google-modules/scheduled-function/google"
  version = "0.1.0"
  project_id   = "<PROJECT ID>"
  job_name="<NAME_OF_JOB>"
  job_schedule="<CRON_SYNTAX_SCHEDULE>"
  function_entry_point="<NAME_OF_FUNCTION>"
  function_source_directory="<DIRECTORY_OF_FUNCTION_SOURCE>"
  function_name="<RESOURCE_NAMES>"
  region="<REGION>"
}

Then perform the following commands on the root folder:

  • terraform init to get the plugins
  • terraform plan to see the infrastructure plan
  • terraform apply to apply the infrastructure build
  • terraform destroy to destroy the built infrastructure

Inputs

Name Description Type Default Required
bucket_force_destroy When deleting the GCS bucket containing the cloud function, delete all objects in the bucket first. bool true no
bucket_name The name to apply to the bucket. Will default to a string of -scheduled-function-XXXX> with XXXX being random characters. string "" no
create_bucket Create bucket (default). Set to false to use existing one bool true no
function_available_memory_mb The amount of memory in megabytes allotted for the function to use. number 256 no
function_description The description of the function. string "Processes log export events provided through a Pub/Sub topic subscription." no
function_docker_registry Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY. string null no
function_docker_repository User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. string null no
function_entry_point The name of a method in the function source which will be invoked when the function is executed. string n/a yes
function_environment_variables A set of key/value environment variable pairs to assign to the function. map(string) {} no
function_event_trigger_failure_policy_retry A toggle to determine if the function should be retried on failure. bool false no
function_kms_key_name Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. string null no
function_labels A set of key/value label pairs to assign to the function. map(string) {} no
function_max_instances The maximum number of parallel executions of the function. number null no
function_name The name to apply to the function string n/a yes
function_runtime The runtime in which the function will be executed. string "nodejs10" no
function_secret_environment_variables A list of maps which contains key, project_id, secret_name (not the full secret id) and version to assign to the function as a set of secret environment variables. list(map(string)) [] no
function_service_account_email The service account to run the function as. string "" no
function_source_archive_bucket_labels A set of key/value label pairs to assign to the function source archive bucket. map(string) {} no
function_source_dependent_files A list of any terraform created local_files that the module will wait for before creating the archive.
list(object({
filename = string
id = string
}))
[] no
function_source_directory The contents of this directory will be archived and used as the function source. string n/a yes
function_timeout_s The amount of time in seconds allotted for the execution of the function. number 60 no
grant_token_creator Specify true if you want to add token creator role to the default Pub/Sub SA bool false no
ingress_settings The ingress settings for the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function. string null no
job_description Addition text to describe the job string "" no
job_name The name of the scheduled job to run string null no
job_schedule The job frequency, in cron syntax string "*/2 * * * *" no
message_data The data to send in the topic message. string "dGVzdA==" no
project_id The ID of the project where the resources will be created string n/a yes
region The region in which resources will be applied. string n/a yes
scheduler_job An existing Cloud Scheduler job instance object({ name = string }) null no
time_zone The timezone to use in scheduler string "Etc/UTC" no
topic_kms_key_name The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. string null no
topic_labels A set of key/value label pairs to assign to the pubsub topic. map(string) {} no
topic_name Name of pubsub topic connecting the scheduled job and the function string "test-topic" no
vpc_connector The VPC Network Connector that this cloud function can connect to. It should be set up as fully-qualified URI. The format of this field is projects//locations//connectors/*. string null no
vpc_connector_egress_settings The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value. string null no

Outputs

Name Description
name The name of the job created
pubsub_topic_name PubSub topic name
scheduler_job The Cloud Scheduler job instance

Requirements

These sections describe requirements for using this module.

Software

The following dependencies must be available:

App Engine

Note that this module requires App Engine being configured in the specified project/region. This is because Google Cloud Scheduler is dependent on the project being configured with App Engine. Refer to the Google Cloud Scheduler documentation information on the App Engine dependency.

The recommended way to create projects with App Engine enabled is via the Project Factory module. There is an example of how to create the project within that module

Service Account

A service account with the following roles must be used to provision the resources of this module:

  • Storage Admin: roles/storage.admin
  • PubSub Editor: roles/pubsub.editor
  • Cloudscheduler Admin: roles/cloudscheduler.admin
  • Cloudfunctions Developer: roles/cloudfunctions.developer
  • IAM ServiceAccount User: roles/iam.serviceAccountUser

The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.

APIs

A project with the following APIs enabled must be used to host the resources of this module:

  • Cloud Scheduler API: cloudscheduler.googleapis.com
  • Cloud PubSub API: pubsub.googleapis.com
  • Cloud Functions API: cloudfunctions.googleapis.com
  • Cloud Build API: cloudbuild.googleapis.com
  • App Engine Admin API: appengine.googleapis.com

The Project Factory module can be used to provision a project with the necessary APIs enabled.

Contributing

Refer to the contribution guidelines for information on contributing to this module.