feat: Support provider.vpcEgress configuration (#271)

Author: fcr1193

package/lib/compileFunctions.js

@@ -20,11 +20,14 @@ module.exports = {
     this.serverless.service.getAllFunctions().forEach((functionName) => {
       const funcObject = this.serverless.service.getFunction(functionName);
 
+      let vpcEgress = funcObject.vpcEgress || this.serverless.service.provider.vpcEgress;
+
       this.serverless.cli.log(`Compiling function "${functionName}"...`);
 
       validateHandlerProperty(funcObject, functionName);
       validateEventsProperty(funcObject, functionName);
       validateVpcConnectorProperty(funcObject, functionName);
+      validateVpcConnectorEgressProperty(vpcEgress);
 
       const funcTemplate = getFunctionTemplate(
         funcObject,
@@ -57,6 +60,15 @@ module.exports = {
         });
       }
 
+      if (vpcEgress) {
+        vpcEgress = vpcEgress.toUpperCase();
+        if (vpcEgress === 'ALL') vpcEgress = 'ALL_TRAFFIC';
+        if (vpcEgress === 'PRIVATE') vpcEgress = 'PRIVATE_RANGES_ONLY';
+        _.assign(funcTemplate.properties, {
+          vpcConnectorEgressSettings: vpcEgress,
+        });
+      }
+
       if (funcObject.maxInstances) {
         funcTemplate.properties.maxInstances = funcObject.maxInstances;
       }
@@ -116,18 +128,37 @@ const validateHandlerProperty = (funcObject, functionName) => {
 
 const validateVpcConnectorProperty = (funcObject, functionName) => {
   if (funcObject.vpc && typeof funcObject.vpc === 'string') {
-    const vpcNamePattern = /projects\/[\s\S]*\/locations\/[\s\S]*\/connectors\/[\s\S]*/i;
-    if (!vpcNamePattern.test(funcObject.vpc)) {
-      const errorMessage = [
-        `The function "${functionName}" has invalid vpc connection name`,
-        ' VPC Connector name should follow projects/{project_id}/locations/{region}/connectors/{connector_name}',
-        ' Please check the docs for more info.',
-      ].join('');
-      throw new Error(errorMessage);
+    // vpcConnector argument can be one of two possible formats as described here:
+    // https://cloud.google.com/functions/docs/reference/rest/v1/projects.locations.functions#resource:-cloudfunction
+    if (funcObject.vpc.indexOf('/') > -1) {
+      const vpcNamePattern = /projects\/[\s\S]*\/locations\/[\s\S]*\/connectors\/[\s\S]*/i;
+      if (!vpcNamePattern.test(funcObject.vpc)) {
+        const errorMessage = [
+          `The function "${functionName}" has invalid vpc connection name`,
+          ' VPC Connector name should follow projects/{project_id}/locations/{region}/connectors/{connector_name}',
+          ' or just {connector_name} if within the same project.',
+          ' Please check the docs for more info at ',
+          ' https://cloud.google.com/functions/docs/reference/rest/v1/projects.locations.functions#resource:-cloudfunction',
+        ].join('');
+        throw new Error(errorMessage);
+      }
     }
   }
 };
 
+const validateVpcConnectorEgressProperty = (vpcEgress) => {
+  if (vpcEgress && typeof vpcEgress !== 'string') {
+    const errorMessage = [
+      'Your provider/function has invalid vpc connection name',
+      ' VPC Connector Egress Setting be either ALL_TRAFFIC or PRIVATE_RANGES_ONLY. ',
+      ' You may shorten these to ALL or PRIVATE optionally.',
+      ' Please check the docs for more info at',
+      ' https://cloud.google.com/functions/docs/reference/rest/v1/projects.locations.functions#resource:-cloudfunction',
+    ].join('');
+    throw new Error(errorMessage);
+  }
+};
+
 const getFunctionTemplate = (funcObject, projectName, region, sourceArchiveUrl) => {
   //eslint-disable-line
   return {

package/lib/compileFunctions.test.js

@@ -767,4 +767,258 @@ describe('CompileFunctions', () => {
       });
     });
   });
+
+  it('should allow vpc as short name', () => {
+    googlePackage.serverless.service.functions = {
+      func1: {
+        handler: 'func1',
+        memorySize: 128,
+        runtime: 'nodejs10',
+        vpc: 'my-vpc',
+        events: [{ http: 'foo' }],
+      },
+    };
+
+    const compiledResources = [
+      {
+        type: 'gcp-types/cloudfunctions-v1:projects.locations.functions',
+        name: 'my-service-dev-func1',
+        properties: {
+          parent: 'projects/myProject/locations/us-central1',
+          runtime: 'nodejs10',
+          function: 'my-service-dev-func1',
+          entryPoint: 'func1',
+          availableMemoryMb: 128,
+          timeout: '60s',
+          sourceArchiveUrl: 'gs://sls-my-service-dev-12345678/some-path/artifact.zip',
+          httpsTrigger: {
+            url: 'foo',
+          },
+          labels: {},
+          vpcConnector: 'my-vpc',
+        },
+      },
+    ];
+
+    return googlePackage.compileFunctions().then(() => {
+      expect(consoleLogStub.called).toEqual(true);
+      expect(
+        googlePackage.serverless.service.provider.compiledConfigurationTemplate.resources
+      ).toEqual(compiledResources);
+    });
+  });
+
+  it('should allow vpc egress all at function level', () => {
+    googlePackage.serverless.service.functions = {
+      func1: {
+        handler: 'func1',
+        memorySize: 128,
+        runtime: 'nodejs10',
+        vpc: 'my-vpc',
+        vpcEgress: 'all',
+        events: [{ http: 'foo' }],
+      },
+    };
+
+    const compiledResources = [
+      {
+        type: 'gcp-types/cloudfunctions-v1:projects.locations.functions',
+        name: 'my-service-dev-func1',
+        properties: {
+          parent: 'projects/myProject/locations/us-central1',
+          runtime: 'nodejs10',
+          function: 'my-service-dev-func1',
+          entryPoint: 'func1',
+          availableMemoryMb: 128,
+          timeout: '60s',
+          sourceArchiveUrl: 'gs://sls-my-service-dev-12345678/some-path/artifact.zip',
+          httpsTrigger: {
+            url: 'foo',
+          },
+          labels: {},
+          vpcConnector: 'my-vpc',
+          vpcConnectorEgressSettings: 'ALL_TRAFFIC',
+        },
+      },
+    ];
+
+    return googlePackage.compileFunctions().then(() => {
+      expect(consoleLogStub.called).toEqual(true);
+      expect(
+        googlePackage.serverless.service.provider.compiledConfigurationTemplate.resources
+      ).toEqual(compiledResources);
+    });
+  });
+
+  it('should allow vpc egress private at function level', () => {
+    googlePackage.serverless.service.functions = {
+      func1: {
+        handler: 'func1',
+        memorySize: 128,
+        runtime: 'nodejs10',
+        vpc: 'my-vpc',
+        vpcEgress: 'private',
+        events: [{ http: 'foo' }],
+      },
+    };
+
+    const compiledResources = [
+      {
+        type: 'gcp-types/cloudfunctions-v1:projects.locations.functions',
+        name: 'my-service-dev-func1',
+        properties: {
+          parent: 'projects/myProject/locations/us-central1',
+          runtime: 'nodejs10',
+          function: 'my-service-dev-func1',
+          entryPoint: 'func1',
+          availableMemoryMb: 128,
+          timeout: '60s',
+          sourceArchiveUrl: 'gs://sls-my-service-dev-12345678/some-path/artifact.zip',
+          httpsTrigger: {
+            url: 'foo',
+          },
+          labels: {},
+          vpcConnector: 'my-vpc',
+          vpcConnectorEgressSettings: 'PRIVATE_RANGES_ONLY',
+        },
+      },
+    ];
+
+    return googlePackage.compileFunctions().then(() => {
+      expect(consoleLogStub.called).toEqual(true);
+      expect(
+        googlePackage.serverless.service.provider.compiledConfigurationTemplate.resources
+      ).toEqual(compiledResources);
+    });
+  });
+
+  it('should allow vpc egress all at provider level', () => {
+    googlePackage.serverless.service.functions = {
+      func1: {
+        handler: 'func1',
+        memorySize: 128,
+        runtime: 'nodejs10',
+        vpc: 'my-vpc',
+        events: [{ http: 'foo' }],
+      },
+    };
+
+    googlePackage.serverless.service.provider.vpcEgress = 'all';
+
+    const compiledResources = [
+      {
+        type: 'gcp-types/cloudfunctions-v1:projects.locations.functions',
+        name: 'my-service-dev-func1',
+        properties: {
+          parent: 'projects/myProject/locations/us-central1',
+          runtime: 'nodejs10',
+          function: 'my-service-dev-func1',
+          entryPoint: 'func1',
+          availableMemoryMb: 128,
+          timeout: '60s',
+          sourceArchiveUrl: 'gs://sls-my-service-dev-12345678/some-path/artifact.zip',
+          httpsTrigger: {
+            url: 'foo',
+          },
+          labels: {},
+          vpcConnector: 'my-vpc',
+          vpcConnectorEgressSettings: 'ALL_TRAFFIC',
+        },
+      },
+    ];
+
+    return googlePackage.compileFunctions().then(() => {
+      expect(consoleLogStub.called).toEqual(true);
+      expect(
+        googlePackage.serverless.service.provider.compiledConfigurationTemplate.resources
+      ).toEqual(compiledResources);
+    });
+  });
+
+  it('should allow vpc egress private at provider level', () => {
+    googlePackage.serverless.service.functions = {
+      func1: {
+        handler: 'func1',
+        memorySize: 128,
+        runtime: 'nodejs10',
+        vpc: 'my-vpc',
+        events: [{ http: 'foo' }],
+      },
+    };
+
+    googlePackage.serverless.service.provider.vpcEgress = 'private';
+
+    const compiledResources = [
+      {
+        type: 'gcp-types/cloudfunctions-v1:projects.locations.functions',
+        name: 'my-service-dev-func1',
+        properties: {
+          parent: 'projects/myProject/locations/us-central1',
+          runtime: 'nodejs10',
+          function: 'my-service-dev-func1',
+          entryPoint: 'func1',
+          availableMemoryMb: 128,
+          timeout: '60s',
+          sourceArchiveUrl: 'gs://sls-my-service-dev-12345678/some-path/artifact.zip',
+          httpsTrigger: {
+            url: 'foo',
+          },
+          labels: {},
+          vpcConnector: 'my-vpc',
+          vpcConnectorEgressSettings: 'PRIVATE_RANGES_ONLY',
+        },
+      },
+    ];
+
+    return googlePackage.compileFunctions().then(() => {
+      expect(consoleLogStub.called).toEqual(true);
+      expect(
+        googlePackage.serverless.service.provider.compiledConfigurationTemplate.resources
+      ).toEqual(compiledResources);
+    });
+  });
+
+  it('should replace vpc egress private at provider level for a vpc egress all defined at function level', () => {
+    googlePackage.serverless.service.functions = {
+      func1: {
+        handler: 'func1',
+        memorySize: 128,
+        runtime: 'nodejs10',
+        vpc: 'my-vpc',
+        events: [{ http: 'foo' }],
+        vpcEgress: 'all',
+      },
+    };
+
+    googlePackage.serverless.service.provider.vpcEgress = 'private';
+
+    const compiledResources = [
+      {
+        type: 'gcp-types/cloudfunctions-v1:projects.locations.functions',
+        name: 'my-service-dev-func1',
+        properties: {
+          parent: 'projects/myProject/locations/us-central1',
+          runtime: 'nodejs10',
+          function: 'my-service-dev-func1',
+          entryPoint: 'func1',
+          availableMemoryMb: 128,
+          timeout: '60s',
+          sourceArchiveUrl: 'gs://sls-my-service-dev-12345678/some-path/artifact.zip',
+          httpsTrigger: {
+            url: 'foo',
+          },
+          labels: {},
+          vpcConnector: 'my-vpc',
+          vpcConnectorEgressSettings: 'ALL_TRAFFIC',
+        },
+      },
+    ];
+
+    return googlePackage.compileFunctions().then(() => {
+      expect(consoleLogStub.called).toEqual(true);
+      expect(
+        googlePackage.serverless.service.provider.compiledConfigurationTemplate.resources
+      ).toEqual(compiledResources);
+    });
+  });
 });

provider/googleProvider.js

@@ -86,6 +86,9 @@ class GoogleProvider {
           },
           additionalProperties: false,
         },
+        cloudFunctionVpcEgress: {
+          enum: ['ALL', 'ALL_TRAFFIC', 'PRIVATE', 'PRIVATE_RANGES_ONLY'],
+        },
         resourceManagerLabels: {
           type: 'object',
           propertyNames: {
@@ -111,6 +114,7 @@ class GoogleProvider {
           timeout: { type: 'string' }, // Can be overridden by function configuration
           environment: { $ref: '#/definitions/cloudFunctionEnvironmentVariables' }, // Can be overridden by function configuration
           vpc: { type: 'string' }, // Can be overridden by function configuration
+          vpcEgress: { $ref: '#/definitions/cloudFunctionVpcEgress' }, // Can be overridden by function configuration
           labels: { $ref: '#/definitions/resourceManagerLabels' }, // Can be overridden by function configuration
         },
       },
@@ -123,6 +127,7 @@ class GoogleProvider {
           timeout: { type: 'string' }, // Override provider configuration
           environment: { $ref: '#/definitions/cloudFunctionEnvironmentVariables' }, // Override provider configuration
           vpc: { type: 'string' }, // Override provider configuration
+          vpcEgress: { $ref: '#/definitions/cloudFunctionVpcEgress' }, // Can be overridden by function configuration
           labels: { $ref: '#/definitions/resourceManagerLabels' }, // Override provider configuration
         },
       },