VPC Direct Connection for Cloud Functions v2

[titan-graham]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Recently the terraform resources for Cloud Run were updated to support VPC direct connections 👍

• 15568

It would be very useful if the google_cloudfunctions2_function resource could also specify VPC Direct connection as an alternative to setting a VPC connector in the service_config block.

New or Affected Resource(s)

• google_cloudfunctions2_function

Potential Terraform Configuration

  service_config {
    vpc_access{
      network_interfaces {
        network = "default"
        subnetwork = "default"
        tags = ["tag1", "tag2", "tag3"]
      }
      egress = "ALL_TRAFFIC"
    }
  }

References

• 15568

b/305197548

[imrannayer]

@titan-graham this feature is only available for Cloud Run. Do you have any reference for this feature with cloud function?

[titan-graham]

@imrannayer hmm 🤔 maybe I've made an assumption here. A v2 cloud function deploys a v2 cloud run instance for it's compute, I thought therefore it would be a supported use case for Direct VPC access - since the benefits are the same...

I don't see any docs in GCP specific to functions and direct VPC access, but the option is available in the cloud run instance provisioned by a function.

[silvpol]

It works if you change it manually on the automatically-provisioned Cloud Run service. The Cloud Run service has same name as the Cloud Function so you can just use it's name directly. I was considering just importing the created Cloud Run service into Terraform but that felt too hacky.

N.B. you can also use Managed Domains feature directly in Terraform with Cloud Functions:

resource "google_cloud_run_domain_mapping" "RESOURCE_NAME" {
  name     = "example.com"
  project  = PROJECT_ID
  location = LOCATION

  metadata {
    namespace = PROJECT_ID
  }

  spec {
    route_name = google_cloudfunctions2_function.MY_FUNCTION.name
  }
}

[rosmo]

Looks like this is not available from API perspective, so it either needs to be added to the API (sounds to me like just exposing an annotations field would make the most sense) or use some kind of after-creation operation of fetching the Cloud Run service and patching it.