GoogleCloudPlatform / iap-gcip-web-toolkit

Apache License 2.0
50 stars 24 forks source link

Support Gen2 Cloud Functions #258

Open anothermh opened 7 months ago

anothermh commented 7 months ago

Identity Platform only supports Gen1 Cloud Functions as blocking functions. Take a simple example function:

import gcipCloudFunctions, {
  type AuthEventContext,
  type UserEventUpdateRequest,
  type UserRecord,
} from 'gcip-cloud-functions'

const authClient = new gcipCloudFunctions.Auth()

export const beforeCreate = authClient
  .functions()
  .beforeCreateHandler(async (user: UserRecord, context: AuthEventContext): Promise<UserEventUpdateRequest> => {
    const response = {
      customClaims: {
        foo: 'bar',
      },
    }

    return response
  })

Then deploy the function as a Gen2 function:

resource "google_cloudfunctions2_function" "before_create" {
  ...
}

Then visit Identity Platform > Settings > Triggers. The function is not visible in the list of functions. No Gen2 functions are returned.

Terraform can be used to configure Identity Platform and use the function_uri of the Gen2 function directly, but this causes Identity Platform to show an error saying that the function that is identified by that URL has been deleted or no longer exists. For example, the following would generate an error even though the URL points to the Gen2 function created above:

resource "google_identity_platform_config" "default" {
  blocking_functions {
    triggers {
      event_type   = "beforeCreate"
      function_uri = "https://us-central1-demo-project.cloudfunctions.net/beforeCreate"
    }
  }
}

The same function can be deployed as a Gen1 function:

resource "google_cloudfunctions_function" "before_create" {
  ...
}

And then it will show up in the list and be usable, both through the UI and through Terraform. It seems like some things around this are hard-coded to use the Gen1 Cloud Functions APIs.

Is this the correct place to report this issue?