doc changes

GoogleCloudPlatform · Sep 17, 2019 · cd55e96 · cd55e96
1 parent 9ea2057
commit cd55e96
Showing 1 changed file with 38 additions and 1 deletion.
diff --git a/third_party/terraform/website/docs/r/cloudfunctions_function.html.markdown b/third_party/terraform/website/docs/r/cloudfunctions_function.html.markdown
@@ -16,11 +16,12 @@ and
 ~> **Warning:** As of November 1, 2019, newly created Functions are
 private-by-default and will require [appropriate IAM permissions](https://cloud.google.com/functions/docs/reference/iam/roles)
 to be invoked. See below examples for how to set up the appropriate permissions,
-or view the Terraform [IAM resources](/docs/r/cloudfunctions_cloud_function_iam.html)
+or view the [Cloud Functions IAM resources](/docs/r/cloudfunctions_cloud_function_iam.html)
 for Cloud Functions.
 
 ## Example Usage
 
+Secured function with a user allowed to invoke:
 ```hcl
 resource "google_storage_bucket" "bucket" {
   name = "test-bucket"
@@ -63,6 +64,42 @@ resource "google_cloudfunctions_function_iam_member" "invoker" {
 }
 ```
 
+A publically invocable function (similar behavior to functions created before
+private-by-default):
+
+```hcl
+resource "google_storage_bucket" "bucket" {
+  name = "test-bucket"
+}
+
+resource "google_storage_bucket_object" "archive" {
+  name   = "index.zip"
+  bucket = "${google_storage_bucket.bucket.name}"
+  source = "./path/to/zip/file/which/contains/code"
+}
+
+resource "google_cloudfunctions_function" "function" {
+  name                  = "function-test"
+  description           = "My function"
+  runtime               = "nodejs10"
+
+  available_memory_mb   = 128
+  source_archive_bucket = "${google_storage_bucket.bucket.name}"
+  source_archive_object = "${google_storage_bucket_object.archive.name}"
+  trigger_http          = true
+  entry_point           = "helloGET"
+}
+
+# Add IAM member for a user who can invoke the function (no admin actions)
+resource "google_cloudfunctions_function_iam_member" "invoker" {
+  project = "${google_cloudfunctions_function.function.project}"
+  region = "${google_cloudfunctions_function.function.region}"
+  cloud_function = "${google_cloudfunctions_function.function.name}"
+
+  role = "roles/cloudfunctions.invoker"
+  member = "allUsers"
+}
+```
 ## Argument Reference
 
 The following arguments are supported: