feat: Add vpcConnectorEgressSettings & ingressSettings options (#112) (…

…#141) * Add vpcConnectorEgressSettings option * fix #91 ingressSettings * Add input desc to action.yaml and readme Co-authored-by: Bharath KKB <bharathkrishnakb@gmail.com> Co-authored-by: Patrik Spathon <patrik@spathon.com>
google-github-actions · Jul 30, 2021 · d5dec31 · d5dec31
1 parent afe2cad
commit d5dec31
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -52,7 +52,7 @@ steps:
 
 - `entry_point`: (Optional) Name of a function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified.
 
-- `memory_mb`: (Optional) The amount of memory in MB available for a function. Defaults to 256MB. 
+- `memory_mb`: (Optional) The amount of memory in MB available for a function. Defaults to 256MB.
 
 - `region`: (Optional) [Region](https://cloud.google.com/functions/docs/locations) in which the function should be deployed. Defaults to `us-central1`.
 
@@ -78,6 +78,10 @@ steps:
 
 - `vpc_connector`: (Optional) The VPC Access connector that the function can connect to..
 
+- `vpc_connector_egress_settings`: (Optional) The egress settings for the connector, controlling what traffic is diverted through it.
+
+- `ingress_settings`: (Optional) The ingress settings for the function, controlling what traffic can reach it.
+
 - `service_account_email`: (Optional) The email address of the IAM service account associated with the function at runtime.
 
 - `timeout`: (Optional) The function execution timeout in seconds. Defaults to 60.
@@ -115,7 +119,7 @@ with the following roles:
 
 This service account needs to be a member of the `App Engine default service account`
 `(PROJECT_ID@appspot.gserviceaccount.com)`, with role
-`Service Account User` (`roles/iam.serviceAccountUser`). See [additional configuration for deployment](https://cloud.google.com/functions/docs/reference/iam/roles#additional-configuration) 
+`Service Account User` (`roles/iam.serviceAccountUser`). See [additional configuration for deployment](https://cloud.google.com/functions/docs/reference/iam/roles#additional-configuration)
 for further instructions.
 
 ### Used with `setup-gcloud`

diff --git a/action.yaml b/action.yaml
@@ -86,6 +86,16 @@ inputs:
       The VPC Access connector that the function can connect to.
     required: false
 
+  vpc_connector_egress_settings:
+    description: |-
+      The egress settings for the connector, controlling what traffic is diverted through it.
+    required: false
+
+  ingress_settings:
+    description: |-
+      The ingress settings for the function, controlling what traffic can reach it.
+    required: false
+
   service_account_email:
     description: |-
       The email address of the IAM service account associated with the function at runtime.

diff --git a/src/cloudFunction.ts b/src/cloudFunction.ts
@@ -34,6 +34,8 @@ export type KVPair = {
  * @param runtime Runtime to use for the function.
  * @param availableMemoryMb The amount of memory in MB available for a function.
  * @param vpcConnector The VPC Access connector that the function can connect to.
+ * @param vpcConnectorEgressSettings This controls what traffic is diverted through the VPC Access Connector resource.
+ * @param ingressSettings This controls what traffic can reach the function.
  * @param parent Parent of the form projects/${projectId}/locations/${region}.
  * @param serviceAccountEmail The email address of the IAM service account associated with the function at runtime.
  * @param timeout The function execution timeout.
@@ -55,6 +57,8 @@ export type CloudFunctionOptions = {
   runtime: string;
   availableMemoryMb?: number;
   vpcConnector?: string;
+  vpcConnectorEgressSettings?: string;
+  ingressSettings?: string;
   parent: string;
   serviceAccountEmail?: string;
   timeout?: string;
@@ -112,6 +116,12 @@ export class CloudFunction {
       ? opts.serviceAccountEmail
       : null;
     request.vpcConnector = opts?.vpcConnector ? opts.vpcConnector : null;
+    request.vpcConnectorEgressSettings = opts?.vpcConnectorEgressSettings
+      ? opts.vpcConnectorEgressSettings
+      : null;
+    request.ingressSettings = opts?.ingressSettings
+      ? opts.ingressSettings
+      : null;
     request.timeout = opts?.timeout ? `${opts.timeout}s` : null;
     request.maxInstances = opts?.maxInstances ? opts.maxInstances : null;
     request.availableMemoryMb = opts?.availableMemoryMb

diff --git a/src/cloudFunctionClient.ts b/src/cloudFunctionClient.ts
@@ -237,6 +237,8 @@ export class CloudFunctionClient {
         'entryPoint',
         'runtime',
         'vpcConnector',
+        'vpcConnectorEgressSettings',
+        'ingressSettings',
         'serviceAccountEmail',
         'timeout',
         'maxInstances',

diff --git a/src/main.ts b/src/main.ts
@@ -32,6 +32,10 @@ async function run(): Promise<void> {
     const entryPoint = core.getInput('entry_point');
     const sourceDir = core.getInput('source_dir');
     const vpcConnector = core.getInput('vpc_connector');
+    const vpcConnectorEgressSettings = core.getInput(
+      'vpc_connector_egress_settings',
+    );
+    const ingressSettings = core.getInput('ingress_settings');
     const serviceAccountEmail = core.getInput('service_account_email');
     const timeout = core.getInput('timeout');
     const maxInstances = core.getInput('max_instances');
@@ -61,6 +65,8 @@ async function run(): Promise<void> {
       eventTriggerService,
       deployTimeout,
       vpcConnector,
+      vpcConnectorEgressSettings,
+      ingressSettings,
       serviceAccountEmail,
       labels,
     });

diff --git a/tests/cloudFunction.test.ts b/tests/cloudFunction.test.ts
@@ -55,6 +55,8 @@ describe('CloudFunction', function () {
       entryPoint: 'bazFunction',
       runtime: runtime,
       vpcConnector: 'projects/foo/locations/bar/connectors/baz',
+      vpcConnectorEgressSettings: 'ALL_TRAFFIC',
+      ingressSettings: 'ALLOW_INTERNAL_ONLY',
       parent: parent,
       serviceAccountEmail: 'foo@bar.com',
       timeout: '500',
@@ -69,6 +71,10 @@ describe('CloudFunction', function () {
     expect(cf.sourceDir).equal(funcOptions.sourceDir);
     expect(cf.request.entryPoint).equal(funcOptions.entryPoint);
     expect(cf.request.vpcConnector).equal(funcOptions.vpcConnector);
+    expect(cf.request.vpcConnectorEgressSettings).equal(
+      funcOptions.vpcConnectorEgressSettings,
+    );
+    expect(cf.request.ingressSettings).equal(funcOptions.ingressSettings);
     expect(cf.request.serviceAccountEmail).equal(
       funcOptions.serviceAccountEmail,
     );