In the first code lab, you will store pictures in a bucket. This will generate a file creation event that will be handled by a function. The function will make a call to Vision API to do image analysis and save results in a datastore.

What you'll learn

Codelab-at-a-conference setup

If you see a "request account button" at the top of the main Codelabs window, click it to obtain a temporary account. Otherwise ask one of the staff for a coupon with username/password.

These temporary accounts have existing projects that are set up with billing so that there are no costs associated for you with running this codelab.

Note that all these accounts will be disabled soon after the codelab is over.

Use these credentials to log into the machine or to open a new Google Cloud Console window Accept the new account Terms of Service and any updates to Terms of Service.

Here's what you should see once logged in:

When presented with this console landing page, please select the only project available. Alternatively, from the console home page, click on "Select a Project" :

Start Cloud Shell

While Google Cloud can be operated remotely from your laptop, in this codelab you will be using Google Cloud Shell, a command line environment running in the Cloud.

From the GCP Console click the Cloud Shell icon on the top right toolbar:

It should only take a few moments to provision and connect to the environment. When it is finished, you should see something like this:

This virtual machine is loaded with all the development tools you'll need. It offers a persistent 5GB home directory, and runs on Google Cloud, greatly enhancing network performance and authentication. All of your work in this lab can be done with simply a browser.

For this lab, you will be using Cloud Functions and Vision API but first they need to be enabled either in Cloud Console or with gcloud.

To enable Vision API in Cloud Console, search for Cloud Vision API in the search bar:

You will land on the Cloud Vision API page:

Click the ENABLE button.

Alternatively, you can also enable it Cloud Shell using the gcloud command line tool.

Inside Cloud Shell, run the following command:

gcloud services enable

You should see the operation to finish successfully:

Operation "operations/acf.12dba18b-106f-4fd2-942d-fea80ecc5c1c" finished successfully.

Enable Cloud Functions as well:

gcloud services enable

Create a storage bucket for the pictures. You can do this from Google Cloud Platform console ( or with gsutil command line tool from Cloud Shell or your local development environment.

Navigate to Storage

From the "hamburger" (☰) menu, navigate to the Storage page.

Name your bucket

Click on the CREATE BUCKET button.


Choose Location

Create a multi-regional bucket in the region of your choice (here Europe).


Choose default storage class

Choose the Standard storage class for your data.


Set Access Control

As you will be working with publicly accessible images, you want all our pictures stored in this bucket to have the same uniform access control.

Choose the Uniform access control option.


Set Encryption

Select Google-managed key, as you won't use your own encryption keys.

Click CREATE, to eventually finalize our bucket creation.

Add allUsers as storage viewer

Go to the Permissions tab:

Add an allUsers member to the bucket, with a role of Storage > Storage Object Viewer, as follows:

Click SAVE.

You can also use the gsutil command line tool in Cloud Shell to create buckets.

In Cloud Shell, set a variable for the unique bucket name. Cloud Shell already has GOOGLE_CLOUD_PROJECT set to your unique project id. You can append that to the bucket name.

For example:

export BUCKET_PICTURES=uploaded-pictures-${GOOGLE_CLOUD_PROJECT}

Create a standard multi-region zone in Europe:

gsutil mb -l EU gs://${BUCKET_PICTURES}

Ensure uniform bucket level access:

gsutil uniformbucketlevelaccess set on gs://${BUCKET_PICTURES}

Make the bucket public:

gsutil iam ch allUsers:objectViewer gs://${BUCKET_PICTURES}

If you go to Cloud Storage section of the console, you should have a public uploaded-pictures bucket:

Test that you can upload pictures to the bucket and the uploaded pictures are publicly available, as explained in the previous step.

Going back to the storage browser, you'll see your bucket in the list, with "Public" access (including a warning sign reminding you that anyone has access to the content of that bucket).

Your bucket is now ready to receive pictures.

If you click on the bucket name, you'll see the bucket details.

There, you can try the Upload files button, to test that you can add a picture to the bucket. A file chooser popup will ask you to select a file. Once selected, it'll be uploaded to your bucket, and you will see again the public access that has been automatically attributed to this new file.

Along the Public access label, you will also see a little link icon. When clicking on it, your browser will navigate to the public URL of that image, which will be of the form:

With BUCKET_NAME being the globally unique name you have chosen for your bucket, and then the file name of your picture.

By clicking on the check box along the picture name, the DELETE button will be enabled, and you can delete this first image.

In this step, you create a function that reacts to picture upload events.

Visit the Cloud Functions section of the Google Cloud console. By visiting it, the Cloud Functions service will be automatically enabled.

Click on Create function.

Choose a name (eg. picture-uploaded) and the amount of memory (here 256 MB):

There are two kinds of functions:

You want to create a background function that is triggered when a new file is uploaded to our Cloud Storage bucket:

You are interested in the Finalize/Create event type, which is the event that is triggered when a file is created or updated in the bucket:

Select the bucket created before, to tell Cloud Functions to be notified when a file is created / updated in this particular bucket:

Click Select to choose the bucket you created earlier.

Keep the Inline editor for this function:

Select the default Node.js 8 runtime:

The source code consists of an index.js JavaScript file, and a package.json file that provides various metadata and dependencies.

Leave the default snippet of code: it logs the file name of the uploaded picture:

For now, keep the name of the function to execute to helloGCS, for testing purposes.

At the bottom of the page, you'll notice the following folded section:

Click on Environment variables, networking, timeouts and more

Select the same region as other resources, for example europe-west1:

No need to further change any other advanced setting.

Click on Create to deploy the function. Once the deployment succeeded, you should see a green-circled check mark in the list of functions:

In this step, test that the function responds to storage events.

From the "hamburger" (☰) menu, navigate back to the Storage page.

Click on the images bucket, and then on Upload files to upload an image.

Navigate again within the cloud console to go to the Logging > Logs viewer page.

In the audited resource selector, select Cloud Function to see the logs dedicated to your functions. You can even select a specific function to have a finer-grained view of the functions related logs.

You should see the log items mentioning the creation of the function, the start and end times of the function, and our actual log statement:

Our log statement reads: Processing file: my-picture.png, meaning that the event related to the creation and storage of this picture has indeed been triggered as expected.

You will store information about the picture given by the Vision API into the Cloud Firestore database, a fast, fully managed, serverless, cloud-native NoSQL document database. Prepare your database by going to the Firestore section of the Cloud Console:

Two options are offered: Native mode or Datastore mode. Use the native mode, which offers extra features like offline support and real-time synchronization.


Pick a multi-region (here in Europe, but ideally at least the same region your function and storage bucket are).

Click the CREATE DATABASE button.

Once the database is created, you should see the following:

Create a new collection by clicking the + START COLLECTION button.

Name collection pictures.

You don't need to create a document. You'll add them programmatically as new pictures are stored in Cloud Storage and analysed by the Vision API.

Click Save.

Firestore creates a first default document in the newly created collection, you can safely delete that document as it doesn't contain any useful information:

The documents that will be created programmatically in our collection will contain 4 fields:

As we will be searching in Firestore to find pictures that have thumbnails available, and sorting along the creation date, we'll need to create a search index. You can create the index with the following command in Cloud Shell:

gcloud alpha firestore indexes composite create \ 
  --collection-group=pictures \
  --field-config field-path=thumbnail,order=descending \
  --field-config field-path=created,order=descending

Or you can also do it from the Cloud Console, by clicking on Indexes, in the navigation column on the left, and then creating a composite index as shown below:

Click Create.

Move back to the Functions page, to update the function to invoke the Vision API to analyze our pictures, and to store the metadata in Firestore.

From the "hamburger" (☰) menu, navigate to the Cloud Functions section, click on the function name, select the Source tab, and then click the EDIT button.

You can click the four-corner square icon in the top right hand corner to maximize the source code view:

First, edit the package.json file which lists the dependencies of our Node.JS function. Update the code to add the Cloud Vision API NPM dependency:

  "name": "picture-analysis-function",
  "version": "0.0.1",
  "dependencies": {
    "@google-cloud/storage": "^1.6.0",
    "@google-cloud/vision": "^1.8.0",
    "@google-cloud/firestore": "^3.4.1"

Now that the dependencies are up-to-date, you are going to work on the code of our function, by updating the index.js file.

Replace the code in index.js with the code below. It will be explained in the next step.

const vision = require('@google-cloud/vision');
const Storage = require('@google-cloud/storage');
const Firestore = require('@google-cloud/firestore');

const client = new vision.ImageAnnotatorClient();

exports.vision_analysis = async (event, context) => {
    console.log(`Event: ${JSON.stringify(event)}`);

    const filename =;
    const filebucket = event.bucket;

    console.log(`New picture uploaded ${filename} in ${filebucket}`);

    const request = {
        image: { source: { imageUri: `gs://${filebucket}/${filename}` } },
        features: [
            { type: 'LABEL_DETECTION' },
            { type: 'IMAGE_PROPERTIES' },
            { type: 'SAFE_SEARCH_DETECTION' }

    // invoking the Vision API
    const [response] = await client.annotateImage(request);
    console.log(`Raw vision output for: ${filename}: ${JSON.stringify(response)}`);

    if (response.error === null) {
        // listing the labels found in the picture
        const labels = response.labelAnnotations
            .sort((ann1, ann2) => ann2.score - ann1.score)
            .map(ann => ann.description)
        console.log(`Labels: ${labels.join(', ')}`);

        // retrieving the dominant color of the picture
        const color = response.imagePropertiesAnnotation.dominantColors.colors
            .sort((c1, c2) => c2.score - c1.score)[0].color;
        const colorHex = decColorToHex(,,;
        console.log(`Colors: ${colorHex}`);

        // determining if the picture is safe to show
        const safeSearch = response.safeSearchAnnotation;
        const isSafe = ["adult", "spoof", "medical", "violence", "racy"].every(k => 
            !['LIKELY', 'VERY_LIKELY'].includes(safeSearch[k]));
        console.log(`Safe? ${isSafe}`);

        // if the picture is safe to display, store it in Firestore
        if (isSafe) {
            const pictureStore = new Firestore().collection('pictures');
            const doc = pictureStore.doc(filename);
            await doc.set({
                labels: labels,
                color: colorHex,
            }, {merge: true});

            console.log("Stored metadata in Firestore");
    } else {
        throw new Error(`Vision API error: code ${response.error.code}, message: "${response.error.message}"`);

function decColorToHex(r, g, b) {
    return '#' + Number(r).toString(16).padStart(2, '0') + 
                 Number(g).toString(16).padStart(2, '0') + 
                 Number(b).toString(16).padStart(2, '0');

Let's have a closer look at the various interesting parts.

First, we're require-ing the needed modules, for Vision, Storage and Firestore:

const vision = require('@google-cloud/vision');
const Storage = require('@google-cloud/storage');
const Firestore = require('@google-cloud/firestore');

Then, we prepare a client for the Vision API:

const client = new vision.ImageAnnotatorClient();

Now comes the structure of our function. We make it an async function, as we are using the async / await capabilities introduced in Node.js 8:

exports.vision_analysis = async (event, context) => {
    const filename =;
    const filebucket = event.bucket;

Notice the signature, but also how we retrieve the name of the file and bucket which triggered the Cloud Function.

For reference, here's what the event payload looks like:


We prepare a request to send via the Vision client:

const request = {
    image: { source: { imageUri: `gs://${filebucket}/${filename}` } },
    features: [
        { type: 'LABEL_DETECTION' },
        { type: 'IMAGE_PROPERTIES' },
        { type: 'SAFE_SEARCH_DETECTION' }

We're asking for 3 key capabilities of the Vision API:

At this point, we can make the call to the Vision API:

const [response] = await client.annotateImage(request);

For reference, here's what the response from the Vision API looks like:

  "faceAnnotations": [],
  "landmarkAnnotations": [],
  "logoAnnotations": [],
  "labelAnnotations": [
      "locations": [],
      "properties": [],
      "mid": "/m/01yrx",
      "locale": "",
      "description": "Cat",
      "score": 0.9959855675697327,
      "confidence": 0,
      "topicality": 0.9959855675697327,
      "boundingPoly": null
    ✄ - - - ✄
  "textAnnotations": [],
  "localizedObjectAnnotations": [],
  "safeSearchAnnotation": {
    "adult": "VERY_UNLIKELY",
    "spoof": "UNLIKELY",
    "medical": "VERY_UNLIKELY",
    "violence": "VERY_UNLIKELY",
    "racy": "VERY_UNLIKELY",
    "adultConfidence": 0,
    "spoofConfidence": 0,
    "medicalConfidence": 0,
    "violenceConfidence": 0,
    "racyConfidence": 0,
    "nsfwConfidence": 0
  "imagePropertiesAnnotation": {
    "dominantColors": {
      "colors": [
          "color": {
            "red": 203,
            "green": 201,
            "blue": 201,
            "alpha": null
          "score": 0.4175916016101837,
          "pixelFraction": 0.44456374645233154
        ✄ - - - ✄
  "error": null,
  "cropHintsAnnotation": {
    "cropHints": [
        "boundingPoly": {
          "vertices": [
            { "x": 0, "y": 118 },
            { "x": 1177, "y": 118 },
            { "x": 1177, "y": 783 },
            { "x": 0, "y": 783 }
          "normalizedVertices": []
        "confidence": 0.41695669293403625,
        "importanceFraction": 1
  "fullTextAnnotation": null,
  "webDetection": null,
  "productSearchResults": null,
  "context": null

If there's no error returned, we can move on, hence why we have this if block:

if (response.error === null) {
} else {
    throw new Error(`Vision API error: code ${response.error.code},  
                     message: "${response.error.message}"`);

We are going to get the labels of the things, categories or themes recognised in the picture:

const labels = response.labelAnnotations
    .sort((ann1, ann2) => ann2.score - ann1.score)
    .map(ann => ann.description)

We're sorting the labels by highest score first.

We're interested in knowing the dominant color of the picture:

const color = response.imagePropertiesAnnotation.dominantColors.colors
    .sort((c1, c2) => c2.score - c1.score)[0].color;
const colorHex = decColorToHex(,,;

We're again sorting colors by score and take the first one.

We're also using a utility function to transform the red / green / blue values into an hexadecimal color code that we can use in CSS stylesheets.

Let's check if the picture is safe to show:

const safeSearch = response.safeSearchAnnotation;
const isSafe = ["adult", "spoof", "medical", "violence", "racy"]
    .every(k => !['LIKELY', 'VERY_LIKELY'].includes(safeSearch[k]));

We're checking the adult / spoof / medical / violence / racy attributes to see if they are not likely or very likely to.

If the result of the safe search is okay, we can store metadata in Firestore:

if (isSafe) {
    const pictureStore = new Firestore().collection('pictures');
    const doc = pictureStore.doc(filename);
    await doc.set({
        labels: labels,
        color: colorHex,
    }, {merge: true});

Time to deploy the function.

Hit DEPLOY button and the new version will be deployed, you can see the progress:

Once the function is successfully deployed, you will post a picture to Cloud Storage, see if our function is invoked, what the Vision API returns, and if metadata is stored in Firestore.

Navigate back to Cloud Storage, and click on the bucket we created at the beginning of the lab:

Once in the bucket details page:

Click on the Upload files button to upload a picture.

From the "hamburger" (☰) menu, navigate to the Logging > Logs viewer:

Notice that you can select the logs for particular resources. In our case, we're especially interested in seeing logs coming from our functions:

And indeed, in the list of logs, I can see that our function was invoked:

The logs indicate the start and end of the function execution. And in between, we can see the logs we put in our function with the console.log() statements. We see:

Again from the "hamburger" (☰) menu, go to the Firestore section. In the Data subsection (shown by default), you should see the pictures collection with a new document added, corresponding to the picture you just uploaded:

If you don't intend to continue with the other labs in the series, you can clean up resources to save costs and to be an overall good cloud citizen. You can clean up resources individually as follows.

Delete the bucket:

gsutil rb gs://${BUCKET_PICTURES}

Delete the function:

gcloud functions delete picture-uploaded --region europe-west1 -q

Delete the Firestore collection by selecting Delete collection from the collection:

Alternatively, you can delete the whole project:

gcloud projects delete ${GOOGLE_CLOUD_PROJECT} 

Congratulations! You've successfully implemented the first key service of the project!

What we've covered

Next Steps