Cloud Functions API Connector Overview

The Workflows connector defines the built-in functions that can be used to access other Google Cloud products within a workflow.

This page provides an overview of the individual connector. There is no need to import or load connector libraries in a workflow—connectors work out of the box when used in a call step.

Cloud Functions API

Manages lightweight user-provided functions executed in response to events. To learn more, see the Cloud Functions API documentation.

Cloud Functions connector sample

YAML

# This workflow demonstrates how to use the Cloud Functions connector:
# Create a function using source code stored as a zip archive in a
# Cloud Storage bucket (gs://BUCKET_NAME/cloud-function-source.zip)
# Source code must be a properly structured Cloud Function
# Expected output: "SUCCESS"
main:
  params: []
  steps:
    - init:
        assign:
          - project: ${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
          - location: "us-central1"
          - name: "example-function"
          - bucket: "BUCKET_NAME"  # replace BUCKET_NAME placeholder
          - sourceArchiveUrl: ${"gs://" + bucket + "/cloud-function-source.zip"}
          - service_account: ${project + "@appspot.gserviceaccount.com"}  # App Engine default service account
    - create_function:
        call: googleapis.cloudfunctions.v1.projects.locations.functions.create
        args:
          location: ${"projects/" + project + "/locations/" + location}
          body:
            name: ${"projects/" + project + "/locations/" + location + "/functions/" + name}
            description: "Cloud Function for Workflows connector testing"
            entryPoint: "helloWorld"
            runtime: "nodejs10"
            serviceAccountEmail: ${service_account}
            sourceArchiveUrl: ${sourceArchiveUrl}
            httpsTrigger:
              securityLevel: "SECURE_OPTIONAL"
    - get_function:
        call: googleapis.cloudfunctions.v1.projects.locations.functions.get
        args:
          name: ${"projects/" + project + "/locations/" + location + "/functions/" + name}
        result: function
    - grant_permission_to_all:
        call: googleapis.cloudfunctions.v1.projects.locations.functions.setIamPolicy
        args:
          resource: ${"projects/" + project + "/locations/" + location + "/functions/" + name}
          body:
            policy:
              bindings:
                - members: ["allUsers"]
                  role: "roles/cloudfunctions.invoker"
    - call_function:
        call: http.get
        args:
          url: ${function.httpsTrigger.url}
        result: resp
    - verify_response:
        call: assert_response
        args:
          expected_response: "success"  # function must return "success" when triggered
          actual_response: ${resp.body}
    - delete_function:
        call: googleapis.cloudfunctions.v1.projects.locations.functions.delete
        args:
          name: ${"projects/" + project + "/locations/" + location + "/functions/" + name}
    - the_end:
        return: "SUCCESS"

assert_response:
  params: [expected_response, actual_response]
  steps:
    - compare:
        switch:
          - condition: ${expected_response == actual_response}
            next: end
    - fail:
        raise: ${"Expected response is " + expected_response + ". Received " + actual_response + " instead."}

JSON

{
  "main": {
    "params": [],
    "steps": [
      {
        "init": {
          "assign": [
            {
              "project": "${sys.get_env(\"GOOGLE_CLOUD_PROJECT_ID\")}"
            },
            {
              "location": "us-central1"
            },
            {
              "name": "example-function"
            },
            {
              "bucket": "BUCKET_NAME"
            },
            {
              "sourceArchiveUrl": "${\"gs://\" + bucket + \"/cloud-function-source.zip\"}"
            },
            {
              "service_account": "${project + \"@appspot.gserviceaccount.com\"}"
            }
          ]
        }
      },
      {
        "create_function": {
          "call": "googleapis.cloudfunctions.v1.projects.locations.functions.create",
          "args": {
            "location": "${\"projects/\" + project + \"/locations/\" + location}",
            "body": {
              "name": "${\"projects/\" + project + \"/locations/\" + location + \"/functions/\" + name}",
              "description": "Cloud Function for Workflows connector testing",
              "entryPoint": "helloWorld",
              "runtime": "nodejs10",
              "serviceAccountEmail": "${service_account}",
              "sourceArchiveUrl": "${sourceArchiveUrl}",
              "httpsTrigger": {
                "securityLevel": "SECURE_OPTIONAL"
              }
            }
          }
        }
      },
      {
        "get_function": {
          "call": "googleapis.cloudfunctions.v1.projects.locations.functions.get",
          "args": {
            "name": "${\"projects/\" + project + \"/locations/\" + location + \"/functions/\" + name}"
          },
          "result": "function"
        }
      },
      {
        "grant_permission_to_all": {
          "call": "googleapis.cloudfunctions.v1.projects.locations.functions.setIamPolicy",
          "args": {
            "resource": "${\"projects/\" + project + \"/locations/\" + location + \"/functions/\" + name}",
            "body": {
              "policy": {
                "bindings": [
                  {
                    "members": [
                      "allUsers"
                    ],
                    "role": "roles/cloudfunctions.invoker"
                  }
                ]
              }
            }
          }
        }
      },
      {
        "call_function": {
          "call": "http.get",
          "args": {
            "url": "${function.httpsTrigger.url}"
          },
          "result": "resp"
        }
      },
      {
        "verify_response": {
          "call": "assert_response",
          "args": {
            "expected_response": "success",
            "actual_response": "${resp.body}"
          }
        }
      },
      {
        "delete_function": {
          "call": "googleapis.cloudfunctions.v1.projects.locations.functions.delete",
          "args": {
            "name": "${\"projects/\" + project + \"/locations/\" + location + \"/functions/\" + name}"
          }
        }
      },
      {
        "the_end": {
          "return": "SUCCESS"
        }
      }
    ]
  },
  "assert_response": {
    "params": [
      "expected_response",
      "actual_response"
    ],
    "steps": [
      {
        "compare": {
          "switch": [
            {
              "condition": "${expected_response == actual_response}",
              "next": "end"
            }
          ]
        }
      },
      {
        "fail": {
          "raise": "${\"Expected response is \" + expected_response + \". Received \" + actual_response + \" instead.\"}"
        }
      }
    ]
  }
}

Module: googleapis.cloudfunctions.v1.operations

Functions
getGets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
listLists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED. NOTE: the name binding allows API services to override the binding to use different resource name schemes, such as users/*/operations. To override the binding, API services can add a binding such as "/v1/{name=users/*}/operations" to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.

Module: googleapis.cloudfunctions.v1.projects.locations

Functions
listLists information about the supported locations for this service.

Module: googleapis.cloudfunctions.v1.projects.locations.functions

Functions
callSynchronously invokes a deployed Cloud Function. To be used for testing purposes as very limited traffic is allowed. For more information on the actual limits, refer to Rate Limits.
createCreates a new function. If a function with the given name already exists in the specified project, the long running operation will return ALREADY_EXISTS error.
deleteDeletes a function with the given name from the specified project. If the given function is used by some trigger, the trigger will be updated to remove this function.
generateDownloadUrlReturns a signed URL for downloading deployed function source code. The URL is only valid for a limited period and should be used within minutes after generation. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls
generateUploadUrlReturns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in CreateFunction or UpdateFunction request as a reference to the function source code. When uploading source code to the generated signed URL, please follow these restrictions: * Source file type should be a zip file. * Source file size should not exceed 100MB limit. * No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL. When making a HTTP PUT request, these two headers need to be specified: * content-type: application/zip * x-goog-content-length-range: 0,104857600 And this header SHOULD NOT be specified: * Authorization: Bearer YOUR_TOKEN
getReturns a function with the given name from the requested project.
getIamPolicyGets the IAM access control policy for a function. Returns an empty policy if the function exists and does not have a policy set.
listReturns a list of functions that belong to the requested project.
Updates existing function.
setIamPolicySets the IAM access control policy on the specified function. Replaces any existing policy.
testIamPermissionsTests the specified permissions against the IAM access control policy for a function. If the function does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Module: googleapis.cloudfunctions.v2.projects.locations

Functions
listLists information about the supported locations for this service.

Module: googleapis.cloudfunctions.v2.projects.locations.functions

Functions
createCreates a new function. If a function with the given name already exists in the specified project, the long running operation will return ALREADY_EXISTS error.
deleteDeletes a function with the given name from the specified project. If the given function is used by some trigger, the trigger will be updated to remove this function.
generateDownloadUrlReturns a signed URL for downloading deployed function source code. The URL is only valid for a limited period and should be used within 30 minutes of generation. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls
generateUploadUrlReturns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in CreateFunction or UpdateFunction request as a reference to the function source code. When uploading source code to the generated signed URL, please follow these restrictions: * Source file type should be a zip file. * No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL. When making a HTTP PUT request, these two headers need to be specified: * content-type: application/zip And this header SHOULD NOT be specified: * Authorization: Bearer YOUR_TOKEN
getReturns a function with the given name from the requested project.
getIamPolicyGets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
listReturns a list of functions that belong to the requested project.
Updates existing function.
setIamPolicySets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
testIamPermissionsReturns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Module: googleapis.cloudfunctions.v2.projects.locations.operations

Functions
getGets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
listLists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED. NOTE: the name binding allows API services to override the binding to use different resource name schemes, such as users/*/operations. To override the binding, API services can add a binding such as "/v1/{name=users/*}/operations" to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.

Module: googleapis.cloudfunctions.v2.projects.locations.runtimes

Functions
listReturns a list of runtimes that are supported for the requested project.