Last active
May 3, 2023 14:47
-
-
Save jlarrow/6456b3c394429fd95ead9ddae99f1823 to your computer and use it in GitHub Desktop.
GCP function (requires id token for auth)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.gcloudignore | |
.git | |
.gitignore | |
.flake8 | |
*.hcl | |
*.json | |
*.svg | |
*.log | |
*.json | |
deploy.* | |
Makefile | |
node_modules | |
README.md | |
requirements.in |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# variables | |
prj='lab-b28c3b02' | |
sa_name='sa-functions' | |
sa="$sa_name@$prj.iam.gserviceaccount.com" | |
usr="jlarrow@devad.ford.com" # who am i? | |
loc='us-central1' | |
fun_name='hello_http' | |
connector_name='fun-con' | |
network='net' | |
# defaults | |
gcloud config set project $prj | |
gcloud config set disable_prompts true | |
# APIs | |
gcloud services enable \ | |
cloudfunctions.googleapis.com \ | |
run.googleapis.com \ | |
vpcaccess.googleapis.com \ | |
logging.googleapis.com | |
# Networking | |
gcloud compute networks subnets create "sn-$connector_name" \ | |
--network=$network \ | |
--range="10.8.0.0/28" \ | |
--region=$loc | |
gcloud compute networks vpc-access connectors create $connector_name \ | |
--region $loc \ | |
--subnet "sn-$connector_name" | |
# IAM | |
gcloud iam service-accounts create $sa_name | |
gcloud iam service-accounts keys create key.json --iam-account=$sa | |
gcloud iam service-accounts add-iam-policy-binding $sa --member="user:$usr" --role="roles/iam.serviceAccountTokenCreator" | |
gcloud projects add-iam-policy-binding $prj --member="serviceAccount:$sa" --role="roles/cloudfunctions.invoker" | |
gcloud projects add-iam-policy-binding $prj --member="serviceAccount:$sa" --role="roles/run.invoker" | |
gcloud projects add-iam-policy-binding $prj --member="user:$usr" --role="roles/cloudfunctions.admin" | |
gcloud projects add-iam-policy-binding $prj --member="user:$usr" --role="roles/cloudfunctions.developer" | |
# FINIALLY, deploy it | |
gcloud functions deploy $fun_name \ | |
--entry-point=$fun_name \ | |
--region=$loc \ | |
--service-account=$sa \ | |
--gen2 \ | |
--runtime=python311 \ | |
--timeout=300 \ | |
--source=. \ | |
--vpc-connector="projects/$prj/locations/$loc/connectors/$connector_name" \ | |
--egress-settings=all \ | |
--ingress-settings=all \ | |
--trigger-http | |
# Test it | |
uri=$(gcloud functions describe $fun_name --gen2 --region=$loc --format="value(serviceConfig.uri)") | |
token=$(gcloud auth print-identity-token --impersonate-service-account=$sa) | |
curl -H "Authorization: bearer $token" -H "Content-Type: application/json" "$uri/?name=Superman" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import functions_framework | |
@functions_framework.http | |
def hello_http(request): | |
"""HTTP Cloud Function. | |
Args: | |
request (flask.Request): The request object. | |
<https://flask.palletsprojects.com/en/1.1.x/api/#incoming-request-data> | |
Returns: | |
The response text, or any set of values that can be turned into a | |
Response object using `make_response` | |
<https://flask.palletsprojects.com/en/1.1.x/api/#flask.make_response>. | |
""" | |
request_json = request.get_json(silent=True) | |
request_args = request.args | |
if request_json and 'name' in request_json: | |
name = request_json['name'] | |
elif request_args and 'name' in request_args: | |
name = request_args['name'] | |
else: | |
name = 'World' | |
return 'Hello {}!'.format(name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
functions-framework==3.* |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment