{"files":{"SKILL.md":"---\nname: cloud-functions-api\ndescription: \"Cloud Functions API skill. Use when working with Cloud Functions for {name}, {name}:generateDownloadUrl, {parent}. Covers 13 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# Cloud Functions API\nAPI version: v2\n\n## Auth\nOAuth2 | OAuth2\n\n## Base URL\nhttps://cloudfunctions.googleapis.com/\n\n## Setup\n1. Configure auth: OAuth2 | OAuth2\n2. GET /v2/{name} -- gets the latest state of a long-running operation. clients can use this method to poll the operation result at intervals as recommended by the api service.\n3. POST /v2/{name}:generateDownloadUrl -- create first v2\n\n## Endpoints\n13 endpoints across 6 groups. See references/api-spec.lap for full details.\n\n### {name}\n| Method | Path | Description |\n|--------|------|-------------|\n| DELETE | /v2/{name} | Deletes a function with the given name from the specified project. If the given function is used by some trigger, the trigger will be updated to remove this function. |\n| GET | /v2/{name} | Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. |\n| PATCH | /v2/{name} | Updates existing function. |\n| GET | /v2/{name}/locations | Lists information about the supported locations for this service. |\n| GET | /v2/{name}/operations | Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. |\n\n### {name}:generateDownloadUrl\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v2/{name}:generateDownloadUrl | Returns a signed URL for downloading deployed function source code. The URL is only valid for a limited period and should be used within 30 minutes of generation. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls |\n\n### {parent}\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /v2/{parent}/functions | Returns a list of functions that belong to the requested project. |\n| POST | /v2/{parent}/functions | Creates a new function. If a function with the given name already exists in the specified project, the long running operation will return `ALREADY_EXISTS` error. |\n| POST | /v2/{parent}/functions:generateUploadUrl | Returns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in CreateFunction or UpdateFunction request as a reference to the function source code. When uploading source code to the generated signed URL, please follow these restrictions: * Source file type should be a zip file. * No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL. When making a HTTP PUT request, these two headers need to be specified: * `content-type: application/zip` And this header SHOULD NOT be specified: * `Authorization: Bearer YOUR_TOKEN` |\n| GET | /v2/{parent}/runtimes | Returns a list of runtimes that are supported for the requested project. |\n\n### {resource}:getIamPolicy\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /v2/{resource}:getIamPolicy | Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set. |\n\n### {resource}:setIamPolicy\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v2/{resource}:setIamPolicy | Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. |\n\n### {resource}:testIamPermissions\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /v2/{resource}:testIamPermissions | Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning. |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Delete a v2?\" -> DELETE /v2/{name}\n- \"Get v2 details?\" -> GET /v2/{name}\n- \"Partially update a v2?\" -> PATCH /v2/{name}\n- \"List all locations?\" -> GET /v2/{name}/locations\n- \"List all operations?\" -> GET /v2/{name}/operations\n- \"List all functions?\" -> GET /v2/{parent}/functions\n- \"Create a function?\" -> POST /v2/{parent}/functions\n- \"Create a functions:generateUploadUrl?\" -> POST /v2/{parent}/functions:generateUploadUrl\n- \"List all runtimes?\" -> GET /v2/{parent}/runtimes\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Cloud Functions API\n@base https://cloudfunctions.googleapis.com/\n@version v2\n@auth OAuth2 | OAuth2\n@endpoints 13\n@toc {name}(5), {name}:generateDownloadUrl(1), {parent}(4), {resource}:getIamPolicy(1), {resource}:setIamPolicy(1), {resource}:testIamPermissions(1)\n\n@group {name}\n@endpoint DELETE /v2/{name}\n@desc Deletes a function with the given name from the specified project. If the given function is used by some trigger, the trigger will be updated to remove this function.\n@required {name: str # Required. The name of the function which should be deleted.}\n@returns(200) {done: bool, error: map{code: int(int32), details: [map], message: str}, metadata: map, name: str, response: map} # Successful response\n\n@endpoint GET /v2/{name}\n@desc Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.\n@required {name: str # The name of the operation resource.}\n@returns(200) {done: bool, error: map{code: int(int32), details: [map], message: str}, metadata: map, name: str, response: map} # Successful response\n\n@endpoint PATCH /v2/{name}\n@desc Updates existing function.\n@required {name: str # A user-defined name of the function. Function names must be unique globally and match pattern `projects/*/locations/*/functions/*`}\n@optional {updateMask: str # The list of fields to be updated. If no field mask is provided, all provided fields in the request will be updated., buildConfig: map{build: str, dockerRegistry: str, dockerRepository: str, entryPoint: str, environmentVariables: map, runtime: str, source: map, sourceProvenance: map, workerPool: str} # Describes the Build step of the function that builds a container from the given source., description: str # User-provided description of a function., environment: str(ENVIRONMENT_UNSPECIFIED/GEN_1/GEN_2) # Describe whether the function is 1st Gen or 2nd Gen., eventTrigger: map{channel: str, eventFilters: [map], eventType: str, pubsubTopic: str, retryPolicy: str, serviceAccountEmail: str, trigger: str, triggerRegion: str} # Describes EventTrigger, used to request events to be sent from another service., kmsKeyName: str # [Preview] Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`., labels: map # Labels associated with this Cloud Function., name: str # A user-defined name of the function. Function names must be unique globally and match pattern `projects/*/locations/*/functions/*`, serviceConfig: map{allTrafficOnLatestRevision: bool, availableCpu: str, availableMemory: str, environmentVariables: map, ingressSettings: str, maxInstanceCount: int(int32), maxInstanceRequestConcurrency: int(int32), minInstanceCount: int(int32), revision: str, secretEnvironmentVariables: [map], secretVolumes: [map], securityLevel: str, service: str, serviceAccountEmail: str, timeoutSeconds: int(int32), uri: str, vpcConnector: str, vpcConnectorEgressSettings: str} # Describes the Service being deployed. Currently Supported : Cloud Run (fully managed)., state: str(STATE_UNSPECIFIED/ACTIVE/FAILED/DEPLOYING/DELETING/UNKNOWN) # Output only. State of the function., stateMessages: [map{message: str, severity: str, type: str}] # Output only. State Messages for this Cloud Function., updateTime: str(google-datetime) # Output only. The last update timestamp of a Cloud Function.}\n@returns(200) {done: bool, error: map{code: int(int32), details: [map], message: str}, metadata: map, name: str, response: map} # Successful response\n\n@endpoint GET /v2/{name}/locations\n@desc Lists information about the supported locations for this service.\n@required {name: str # The resource that owns the locations collection, if applicable.}\n@optional {filter: str # A filter to narrow down results to a preferred subset. The filtering language accepts strings like `\"displayName=tokyo\"`, and is documented in more detail in [AIP-160](https://google.aip.dev/160)., pageSize: int # The maximum number of results to return. If not set, the service selects a default., pageToken: str # A page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page.}\n@returns(200) {locations: [map], nextPageToken: str} # Successful response\n\n@endpoint GET /v2/{name}/operations\n@desc Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`.\n@required {name: str # Must not be set.}\n@optional {filter: str # Required. A filter for matching the requested operations. The supported formats of *filter* are: To query for a specific function: project:*,location:*,function:* To query for all of the latest operations for a project: project:*,latest:true, pageSize: int # The maximum number of records that should be returned. Requested page size cannot exceed 100. If not set, the default page size is 100. Pagination is only supported when querying for a specific function., pageToken: str # Token identifying which result to start with, which is returned by a previous list call. Pagination is only supported when querying for a specific function.}\n@returns(200) {nextPageToken: str, operations: [map]} # Successful response\n\n@endgroup\n\n@group {name}:generateDownloadUrl\n@endpoint POST /v2/{name}:generateDownloadUrl\n@desc Returns a signed URL for downloading deployed function source code. The URL is only valid for a limited period and should be used within 30 minutes of generation. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls\n@required {name: str # Required. The name of function for which source code Google Cloud Storage signed URL should be generated.}\n@returns(200) {downloadUrl: str} # Successful response\n\n@endgroup\n\n@group {parent}\n@endpoint GET /v2/{parent}/functions\n@desc Returns a list of functions that belong to the requested project.\n@required {parent: str # Required. The project and location from which the function should be listed, specified in the format `projects/*/locations/*` If you want to list functions in all locations, use \"-\" in place of a location. When listing functions in all locations, if one or more location(s) are unreachable, the response will contain functions from all reachable locations along with the names of any unreachable locations.}\n@optional {filter: str # The filter for Functions that match the filter expression, following the syntax outlined in https://google.aip.dev/160., orderBy: str # The sorting order of the resources returned. Value should be a comma separated list of fields. The default sorting oder is ascending. See https://google.aip.dev/132#ordering., pageSize: int # Maximum number of functions to return per call. The largest allowed page_size is 1,000, if the page_size is omitted or specified as greater than 1,000 then it will be replaced as 1,000. The size of the list response can be less than specified when used with filters., pageToken: str # The value returned by the last `ListFunctionsResponse`; indicates that this is a continuation of a prior `ListFunctions` call, and that the system should return the next page of data.}\n@returns(200) {functions: [map], nextPageToken: str, unreachable: [str]} # Successful response\n\n@endpoint POST /v2/{parent}/functions\n@desc Creates a new function. If a function with the given name already exists in the specified project, the long running operation will return `ALREADY_EXISTS` error.\n@required {parent: str # Required. The project and location in which the function should be created, specified in the format `projects/*/locations/*`}\n@optional {functionId: str # The ID to use for the function, which will become the final component of the function's resource name. This value should be 4-63 characters, and valid characters are /a-z-/., buildConfig: map{build: str, dockerRegistry: str, dockerRepository: str, entryPoint: str, environmentVariables: map, runtime: str, source: map, sourceProvenance: map, workerPool: str} # Describes the Build step of the function that builds a container from the given source., description: str # User-provided description of a function., environment: str(ENVIRONMENT_UNSPECIFIED/GEN_1/GEN_2) # Describe whether the function is 1st Gen or 2nd Gen., eventTrigger: map{channel: str, eventFilters: [map], eventType: str, pubsubTopic: str, retryPolicy: str, serviceAccountEmail: str, trigger: str, triggerRegion: str} # Describes EventTrigger, used to request events to be sent from another service., kmsKeyName: str # [Preview] Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`., labels: map # Labels associated with this Cloud Function., name: str # A user-defined name of the function. Function names must be unique globally and match pattern `projects/*/locations/*/functions/*`, serviceConfig: map{allTrafficOnLatestRevision: bool, availableCpu: str, availableMemory: str, environmentVariables: map, ingressSettings: str, maxInstanceCount: int(int32), maxInstanceRequestConcurrency: int(int32), minInstanceCount: int(int32), revision: str, secretEnvironmentVariables: [map], secretVolumes: [map], securityLevel: str, service: str, serviceAccountEmail: str, timeoutSeconds: int(int32), uri: str, vpcConnector: str, vpcConnectorEgressSettings: str} # Describes the Service being deployed. Currently Supported : Cloud Run (fully managed)., state: str(STATE_UNSPECIFIED/ACTIVE/FAILED/DEPLOYING/DELETING/UNKNOWN) # Output only. State of the function., stateMessages: [map{message: str, severity: str, type: str}] # Output only. State Messages for this Cloud Function., updateTime: str(google-datetime) # Output only. The last update timestamp of a Cloud Function.}\n@returns(200) {done: bool, error: map{code: int(int32), details: [map], message: str}, metadata: map, name: str, response: map} # Successful response\n\n@endpoint POST /v2/{parent}/functions:generateUploadUrl\n@desc Returns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in CreateFunction or UpdateFunction request as a reference to the function source code. When uploading source code to the generated signed URL, please follow these restrictions: * Source file type should be a zip file. * No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL. When making a HTTP PUT request, these two headers need to be specified: * `content-type: application/zip` And this header SHOULD NOT be specified: * `Authorization: Bearer YOUR_TOKEN`\n@required {parent: str # Required. The project and location in which the Google Cloud Storage signed URL should be generated, specified in the format `projects/*/locations/*`.}\n@optional {kmsKeyName: str # [Preview] Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function source code objects in intermediate Cloud Storage buckets. When you generate an upload url and upload your source code, it gets copied to an intermediate Cloud Storage bucket. The source code is then copied to a versioned directory in the sources bucket in the consumer project during the function deployment. It must match the pattern `projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. The Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) must be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred).}\n@returns(200) {storageSource: map{bucket: str, generation: str(int64), object: str}, uploadUrl: str} # Successful response\n\n@endpoint GET /v2/{parent}/runtimes\n@desc Returns a list of runtimes that are supported for the requested project.\n@required {parent: str # Required. The project and location from which the runtimes should be listed, specified in the format `projects/*/locations/*`}\n@optional {filter: str # The filter for Runtimes that match the filter expression, following the syntax outlined in https://google.aip.dev/160.}\n@returns(200) {runtimes: [map]} # Successful response\n\n@endgroup\n\n@group {resource}:getIamPolicy\n@endpoint GET /v2/{resource}:getIamPolicy\n@desc Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.\n@required {resource: str # REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.}\n@optional {options.requestedPolicyVersion: int # Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).}\n@returns(200) {auditConfigs: [map], bindings: [map], etag: str(byte), version: int(int32)} # Successful response\n\n@endgroup\n\n@group {resource}:setIamPolicy\n@endpoint POST /v2/{resource}:setIamPolicy\n@desc Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.\n@required {resource: str # REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.}\n@optional {policy: map{auditConfigs: [map], bindings: [map], etag: str(byte), version: int(int32)} # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/)., updateMask: str(google-fieldmask) # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`}\n@returns(200) {auditConfigs: [map], bindings: [map], etag: str(byte), version: int(int32)} # Successful response\n\n@endgroup\n\n@group {resource}:testIamPermissions\n@endpoint POST /v2/{resource}:testIamPermissions\n@desc Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.\n@required {resource: str # REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.}\n@optional {permissions: [str] # The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).}\n@returns(200) {permissions: [str]} # Successful response\n\n@endgroup\n\n@end\n"}}