An API Configuration is an association of an API Controller Config and a Gateway Config
To get more information about ApiConfig, see:
resource "google_api_gateway_api" "api_cfg" {
provider = google-beta
api_id = "my-api"
}
resource "google_api_gateway_api_config" "api_cfg" {
provider = google-beta
api = google_api_gateway_api.api_cfg.api_id
api_config_id = "my-config"
openapi_documents {
document {
path = "spec.yaml"
contents = filebase64("test-fixtures/openapi.yaml")
}
}
lifecycle {
create_before_destroy = true
}
}
resource "google_api_gateway_api" "api_cfg" {
provider = google-beta
api_id = "my-api"
}
resource "google_api_gateway_api_config" "api_cfg" {
provider = google-beta
api = google_api_gateway_api.api_cfg.api_id
api_config_id = "my-config"
grpc_services {
file_descriptor_set {
path = "api_descriptor.pb"
contents = filebase64("test-fixtures/api_descriptor.pb")
}
}
managed_service_configs {
path = "api_config.yaml"
contents = base64encode(<<-EOF
type: google.api.Service
config_version: 3
name: ${google_api_gateway_api.api_cfg.managed_service}
title: gRPC API example
apis:
- name: endpoints.examples.bookstore.Bookstore
usage:
rules:
- selector: endpoints.examples.bookstore.Bookstore.ListShelves
allow_unregistered_calls: true
backend:
rules:
- selector: "*"
address: grpcs://example.com
disable_auth: true
EOF
)
}
lifecycle {
create_before_destroy = true
}
}
The following arguments are supported:
api
-
(Required)
The API to attach the config to.display_name
-
(Optional)
A user-visible name for the API.
labels
-
(Optional)
Resource labels to represent user-provided metadata.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
gateway_config
-
(Optional)
Immutable. Gateway specific configuration.
If not specified, backend authentication will be set to use OIDC authentication using the default compute service account
Structure is documented below.
openapi_documents
-
(Optional)
OpenAPI specification documents. If specified, grpcServices and managedServiceConfigs must not be included.
Structure is documented below.
grpc_services
-
(Optional)
gRPC service definition files. If specified, openapiDocuments must not be included.
Structure is documented below.
managed_service_configs
-
(Optional)
Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents.
If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields.
Structure is documented below.
api_config_id
-
(Optional)
Identifier to assign to the API Config. Must be unique within scope of the parent resource(api).
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
api_config_id_prefix
- (Optional) Creates a unique name beginning with the
specified prefix. If this and api_config_id are unspecified, a random value is chosen for the name.
The gateway_config
block supports:
backend_config
-
(Required)
Backend settings that are applied to all backends of the Gateway.
Structure is documented below.The backend_config
block supports:
google_service_account
-
(Required)
Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured
(https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend).The openapi_documents
block supports:
document
-
(Required)
The OpenAPI Specification document file.
Structure is documented below.path
-
(Required)
The file path (full or relative path). This is typically the path of the file when it is uploaded.
contents
-
(Required)
Base64 encoded content of the file.
The grpc_services
block supports:
file_descriptor_set
-
(Required)
Input only. File descriptor set, generated by protoc.
To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb.
$ protoc --include_imports --include_source_info test.proto -o out.pb
Structure is documented below.
source
-
(Optional)
Uncompiled proto files associated with the descriptor set, used for display purposes (server-side compilation is not supported). These should match the inputs to 'protoc' command used to generate fileDescriptorSet.
Structure is documented below.
The file_descriptor_set
block supports:
path
-
(Required)
The file path (full or relative path). This is typically the path of the file when it is uploaded.
contents
-
(Required)
Base64 encoded content of the file.
path
-
(Required)
The file path (full or relative path). This is typically the path of the file when it is uploaded.
contents
-
(Required)
Base64 encoded content of the file.
The managed_service_configs
block supports:
path
-
(Required)
The file path (full or relative path). This is typically the path of the file when it is uploaded.
contents
-
(Required)
Base64 encoded content of the file.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config_id}}
name
-
The resource name of the API Config.
service_config_id
-
The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config).
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.ApiConfig can be imported using any of these accepted formats:
projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config_id}}
{{project}}/{{api}}/{{api_config_id}}
{{api}}/{{api_config_id}}
In Terraform v1.5.0 and later, use an import
block to import ApiConfig using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config_id}}"
to = google_api_gateway_api_config.default
}
When using the terraform import
command, ApiConfig can be imported using one of the formats above. For example:
$ terraform import google_api_gateway_api_config.default projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config_id}}
$ terraform import google_api_gateway_api_config.default {{project}}/{{api}}/{{api_config_id}}
$ terraform import google_api_gateway_api_config.default {{api}}/{{api_config_id}}
This resource supports User Project Overrides.