I set up a Terraform google_cloudfunctions2_function
with the following trigger config:
event_trigger {
trigger_region = var.region
event_type = "google.cloud.audit.log.v1.written"
retry_policy = "RETRY_POLICY_RETRY"
service_account_email = google_service_account.event.email
event_filters {
attribute = "serviceName"
value = "run.googleapis.com"
}
event_filters {
attribute = "methodName"
value = "/Jobs.RunJob"
}
...
If I query the Cloud Logs for:
protoPayload.serviceName="run.googleapis.com"
protoPayload.methodName="/Jobs.RunJob"
I can see the events there, but they're not triggering my Cloud Function. Roles are all there:
- roles/eventarc.eventReceiver
- roles/run.invoker
- roles/cloudfunctions.invoker
What am I doing wrong?
What's odd is that this is all v1
in my Audit Logs. The job is created as google_cloud_run_v2_job
in Terraform and I explicitly added execution_environment = "EXECUTION_ENVIRONMENT_GEN2"
, but still v1.
In the Cloud Logs, I can find/filter by those parameters for the events I want to use as a trigger:
I can't believe it is that difficult to trigger something when a Cloud Run Job is done! There should be a simple event already on PubSub just like Cloud Build.
None of the Eventarc methods worked and we subscribed to paid Google Cloud support to get this resolved. The answer is a Log Sink with the following filter:
resource.type = cloud_run_job
protoPayload.status.message =~ Execution.*.has completed successfully
With PubSub as destination.