Please add support for source_code_hash in google_cloudfunctions_function

[mcapts]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The google_cloudfunctions_function resource will not currently update if you change your source code. The current steps I use are:

1. Render my .py file as a template_file
2. Zip this as an archive_file
3. Upload this .zip to GCS via google_storage_bucket_object
4. Use the bucket/object name from step 3 when creating a google_cloudfunctions_function This is similar to: https://www.terraform.io/docs/providers/google/r/cloudfunctions_function.html

If I update my .py, the object zip gets re-uploaded to GCS, but the function does not update. AWS Lambda has support for source_code_hash, which solves this: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#source_code_hash

New or Affected Resource(s)

• google_cloudfunctions_function

Potential Terraform Configuration

# Propose what you think the configuration to take advantage of this feature should look like.
# We may not use it verbatim, but it's helpful in understanding your intent.

References

• b/274818513

[thommahoney]

Is there a common pattern that people use as a workaround to this missing functionality?

[iennae]

One workaround that I've seen implemented is using an MD5 hash of the zipped file as the filename. Diarmuid Mac Namara wrote this pattern up here https://diarmuid.ie/blog/setting-up-a-recurring-google-cloud-function-with-terraform. I don't know how common this pattern is.

[thommahoney]

I ended up working around this using the following pattern:

data "archive_file" "some_archive" {
  type        = "zip"
  source_dir  = "..."
  output_path = "..."
}

resource "google_storage_bucket_object" "some_object" {
  name   = "${basename(data.archive_file.some_archive.output_path)}-${data.archive_file.some_archive.output_sha}"
  source = data.archive_file.some_archive.output_path
  ...
}

resource "google_cloudfunctions_function" "function" {
  source_archive_object = google_storage_bucket_object.some_object.name
  ...
}

By naming the object based on the shasum of the archive, it's possible to only update the object & function when the source changes.

[melinath]

It looks like the aws source_code_hash field is an API field. We might be able to make a local field that's only used for change detection but I'm not sure that's something we'd want to do.