Add example of Function v2 and Scheduler HTTP trigger with auth (#8169) (#5838)

modular-magician · shuyama1 · web-flow · commit c734b8b69956 · 2023-06-30T08:48:45.000-07:00
Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
Co-authored-by: Shuya Ma &lt;87669292+shuyama1@users.noreply.github.com&gt;
diff --git a/.changelog/8169.txt b/.changelog/8169.txt
@@ -0,0 +1,3 @@
+```release-note:none
+
+```
diff --git a/website/docs/r/cloudfunctions2_function.html.markdown b/website/docs/r/cloudfunctions2_function.html.markdown
@@ -148,6 +148,91 @@ resource "google_cloudfunctions2_function" "function" {
 }
 # [END functions_v2_full]
 ```
+## Example Usage - Cloudfunctions2 Scheduler Auth
+
+
+```hcl
+# [START function_v2_scheduler_auth]
+locals {
+  project = "my-project-name" # Google Cloud Platform Project ID
+}
+
+resource "google_service_account" "account" {
+  account_id   = "gcf-sa"
+  display_name = "Test Service Account"
+}
+
+resource "google_storage_bucket" "bucket" {
+  name                        = "${local.project}-gcf-source"  # Every bucket name must be globally unique
+  location                    = "US"
+  uniform_bucket_level_access = true
+}
+ 
+resource "google_storage_bucket_object" "object" {
+  name   = "function-source.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "function-source.zip"  # Add path to the zipped function source code
+}
+
+resource "google_cloudfunctions2_function" "function" {
+  name        = "gcf-function" # name should use kebab-case so generated Cloud Run service name will be the same
+  location    = "us-central1"
+  description = "a new function"
+ 
+  build_config {
+    runtime     = "nodejs16"
+    entry_point = "helloHttp"  # Set the entry point
+    source {
+      storage_source {
+        bucket = google_storage_bucket.bucket.name
+        object = google_storage_bucket_object.object.name
+      }
+    }
+  }
+ 
+  service_config {
+    min_instance_count    = 1
+    available_memory      = "256M"
+    timeout_seconds       = 60
+    service_account_email = google_service_account.account.email
+  }
+}
+
+resource "google_cloudfunctions2_function_iam_member" "invoker" {
+  project        = google_cloudfunctions2_function.function.project
+  location       = google_cloudfunctions2_function.function.location
+  cloud_function = google_cloudfunctions2_function.function.name
+  role           = "roles/cloudfunctions.invoker"
+  member         = "serviceAccount:${google_service_account.account.email}"
+}
+
+resource "google_cloud_run_service_iam_member" "cloud_run_invoker" {
+  project  = google_cloudfunctions2_function.function.project
+  location = google_cloudfunctions2_function.function.location
+  service  = google_cloudfunctions2_function.function.name
+  role     = "roles/run.invoker"
+  member   = "serviceAccount:${google_service_account.account.email}"
+}
+
+resource "google_cloud_scheduler_job" "invoke_cloud_function" {
+  name        = "invoke-gcf-function"
+  description = "Schedule the HTTPS trigger for cloud function"
+  schedule    = "0 0 * * *" # every day at midnight
+  project     = google_cloudfunctions2_function.function.project
+  region      = google_cloudfunctions2_function.function.location
+
+  http_target {
+    uri         = google_cloudfunctions2_function.function.service_config[0].uri
+    http_method = "POST"
+    oidc_token {
+      audience              = "${google_cloudfunctions2_function.function.service_config[0].uri}/"
+      service_account_email = google_service_account.account.email
+    }
+  }
+}
+
+# [END function_v2_scheduler_auth]
+```
 ## Example Usage - Cloudfunctions2 Basic Gcs
 
 
