是否可以在Terraform中更新GCP Cloud Function的源代码？

Question

I use Terraform to manage resources of Google Cloud Functions. But while the inital deployment of the cloud function worked, further deploments with changed cloud function source code (the source archive sourcecode.zip ) were not redeployed when I use terraform apply after updating the source archive.

The storage bucket object gets updated but this does not trigger an update/redeployment of the cloud function resource.

Is this an error of the provider? Is there a way to redeploy a function in terraform when the code changes?

The simplified source code I am using:

resource "google_storage_bucket" "cloud_function_source_bucket" {
  name                        = "${local.project}-function-bucket"
  location                    = local.region
  uniform_bucket_level_access = true
}

resource "google_storage_bucket_object" "function_source_archive" {
  name   = "sourcecode.zip"
  bucket = google_storage_bucket.cloud_function_source_bucket.name
  source = "./../../../sourcecode.zip"
}

resource "google_cloudfunctions_function" "test_function" {
  name                          = "test_func"
  runtime                       = "python39"
  region                        = local.region
  project                       = local.project
  available_memory_mb           = 256
  source_archive_bucket         = google_storage_bucket.cloud_function_source_bucket.name
  source_archive_object         = google_storage_bucket_object.function_source_archive.name
  trigger_http                  = true
  entry_point                   = "trigger_endpoint"
  service_account_email         = google_service_account.function_service_account.email
  vpc_connector                 = "projects/${local.project}/locations/${local.region}/connectors/serverless-main"
  vpc_connector_egress_settings = "ALL_TRAFFIC"
  ingress_settings              = "ALLOW_ALL"
}

Answer 1

You can append MD5 or SHA256 checksum of the content of zip to the bucket object's name. That will trigger recreation of cloud function whenever source code changes.

${data.archive_file.function_src.output_md5}

data "archive_file" "function_src" {
type = "zip"
source_dir = "SOURCECODE_PATH/sourcecode"
output_path = "./SAVING/PATH/sourcecode.zip"
}

resource "google_storage_bucket_object" "function_source_archive" {
name   = "sourcecode.${data.archive_file.function_src.output_md5}.zip"
bucket = google_storage_bucket.cloud_function_source_bucket.name
source = data.archive_file.function_src.output_path
}

You can read more about terraform archive here - terraform archive_file

Answer 2

You might consider that as a defect. Personally, I am not so sure about it.

Terraform has some logic, when an "apply" command is executed.

The question to think about - how does terraform know that the source code of the cloud function is changed, and the cloud function is to be redeployed? Terraform does not "read" the cloud function source code, does not compare it with the previous version. It only reads the terraform's script files. And if nothing is changed in those files (in comparison to the state file, and resources existed in GCP projects) - nothing to be redeployed.

Therefore, something is to be changed. For example the name of the archive file. In that case, terraform finds out that the cloud function has to be redeployed (because the state file has the old name of the archive object). The cloud function is redeployed.

An example of that code with more detailed explanation, was provided some time ago: don't take into account the question working - just read the answer