# Create a Cloud Storage bucket for Cloud Function source code resource "google_storage_bucket" "function_source" { name = "${var.project_id}-cloud-function-source" location = var.region uniform_bucket_level_access = true depends_on = [google_project_service.services] } # Create a ZIP archive of the Cloud Function source code data "archive_file" "function_source" { type = "zip" output_path = "${path.module}/function-source.zip" source_dir = "${path.module}/../cloud-function" } # Upload the ZIP file to Cloud Storage resource "google_storage_bucket_object" "function_source" { name = "function-source-${data.archive_file.function_source.output_md5}.zip" bucket = google_storage_bucket.function_source.name source = data.archive_file.function_source.output_path } # Create the Cloud Function resource "google_cloudfunctions2_function" "image_processor" { name = "process-image-embedding" location = var.region description = "Process image embeddings and store in vector database" build_config { runtime = "python311" entry_point = "process_image_embedding" source { storage_source { bucket = google_storage_bucket.function_source.name object = google_storage_bucket_object.function_source.name } } } service_config { max_instance_count = 10 min_instance_count = 0 available_memory = "512M" timeout_seconds = 540 environment_variables = { # Qdrant configuration QDRANT_HOST = google_compute_instance.vector_db_vm.network_interface[0].access_config[0].nat_ip QDRANT_PORT = "6333" QDRANT_API_KEY = var.qdrant_api_key QDRANT_COLLECTION = "image_vectors" QDRANT_HTTPS = "false" # Firestore configuration FIRESTORE_PROJECT_ID = var.project_id FIRESTORE_DATABASE_NAME = var.firestore_db_name # Google Cloud Storage configuration GCS_BUCKET_NAME = var.storage_bucket_name # Google Cloud Vision API VISION_API_ENABLED = "true" # Logging LOG_LEVEL = "INFO" } service_account_email = local.cloud_function_service_account } event_trigger { trigger_region = var.region event_type = "google.cloud.pubsub.topic.v1.messagePublished" pubsub_topic = google_pubsub_topic.image_processing.id retry_policy = "RETRY_POLICY_RETRY" } depends_on = [ google_project_service.services, google_compute_instance.vector_db_vm, google_pubsub_topic.image_processing ] } # Grant the Cloud Function service account necessary permissions resource "google_project_iam_member" "function_firestore" { project = var.project_id role = "roles/datastore.user" member = "serviceAccount:${local.cloud_function_service_account}" } resource "google_project_iam_member" "function_storage" { project = var.project_id role = "roles/storage.objectViewer" member = "serviceAccount:${local.cloud_function_service_account}" } resource "google_project_iam_member" "function_vision" { project = var.project_id role = "roles/ml.developer" member = "serviceAccount:${local.cloud_function_service_account}" } # Additional permissions required for Cloud Functions v2 with Eventarc resource "google_project_iam_member" "function_eventarc_receiver" { project = var.project_id role = "roles/eventarc.eventReceiver" member = "serviceAccount:${local.cloud_function_service_account}" } resource "google_project_iam_member" "function_pubsub_subscriber" { project = var.project_id role = "roles/pubsub.subscriber" member = "serviceAccount:${local.cloud_function_service_account}" } # Output the Cloud Function details output "cloud_function_name" { description = "Name of the deployed Cloud Function" value = google_cloudfunctions2_function.image_processor.name } output "cloud_function_url" { description = "URL of the deployed Cloud Function" value = google_cloudfunctions2_function.image_processor.service_config[0].uri }