google_network_services_edge_cache_service

EdgeCacheService defines the IP addresses, protocols, security policies, cache policies and routing configuration.

Open in Cloud Shell

Example Usage - Network Services Edge Cache Service Basic

resource "google_storage_bucket" "dest" {
  name          = "my-bucket"
  location      = "US"
  force_destroy = true
}

resource "google_network_services_edge_cache_origin" "instance" {
  name                 = "my-origin"
  origin_address       = google_storage_bucket.dest.url
  description          = "The default bucket for media edge test"
  max_attempts         = 2
  timeout {
    connect_timeout = "10s"
  }
}

resource "google_network_services_edge_cache_service" "instance" {
  name                 = "my-service"
  description          = "some description"
  routing {
    host_rule {
      description = "host rule description"
      hosts = ["sslcert.tf-test.club"]
      path_matcher = "routes"
    }
    path_matcher {
      name = "routes"
      route_rule {
        description = "a route rule to match against"
        priority = 1
        match_rule {
          prefix_match = "/"
        }
        origin = google_network_services_edge_cache_origin.instance.name
        route_action {
          cdn_policy {
              cache_mode = "CACHE_ALL_STATIC"
              default_ttl = "3600s"
          }
        }
        header_action {
          response_header_to_add {
            header_name = "x-cache-status"
            header_value = "{cdn_cache_status}"
          }
        }
      }
    }
  }
}
Open in Cloud Shell

Example Usage - Network Services Edge Cache Service Advanced

resource "google_storage_bucket" "dest" {
  name          = "my-bucket"
  location      = "US"
  force_destroy = true
}

resource "google_network_services_edge_cache_origin" "google" {
  name                 = "origin-google"
  origin_address       = "google.com"
  description          = "The default bucket for media edge test"
  max_attempts         = 2
  timeout {
    connect_timeout = "10s"
  }
}

resource "google_network_services_edge_cache_origin" "instance" {
  name                 = "my-origin"
  origin_address       = google_storage_bucket.dest.url
  description          = "The default bucket for media edge test"
  max_attempts         = 2
  timeout {
    connect_timeout = "10s"
  }
}

resource "google_network_services_edge_cache_service" "instance" {
  name                 = "my-service"
  description          = "some description"
  disable_quic         = true
  disable_http2        = true
  labels = {
    a = "b"
  }

  routing {
    host_rule {
      description = "host rule description"
      hosts = ["sslcert.tf-test.club"]
      path_matcher = "routes"
    }
    host_rule {
      description = "host rule2"
      hosts = ["sslcert.tf-test2.club"]
      path_matcher = "routes"
    }

    host_rule {
      description = "host rule3"
      hosts = ["sslcert.tf-test3.club"]
      path_matcher = "routesAdvanced"
    }

    path_matcher {
      name = "routes"
      route_rule {
        description = "a route rule to match against"
        priority = 1
        match_rule {
          prefix_match = "/"
        }
        origin = google_network_services_edge_cache_origin.instance.name
        route_action {
          cdn_policy {
              cache_mode = "CACHE_ALL_STATIC"
              default_ttl = "3600s"
          }
        }
        header_action {
          response_header_to_add {
            header_name = "x-cache-status"
            header_value = "{cdn_cache_status}"
          }
        }
      }
    }

    path_matcher {
      name = "routesAdvanced"
      description = "an advanced ruleset"
      route_rule {
        description = "an advanced route rule to match against"
        priority = 1
        match_rule {
          prefix_match = "/potato/"
          query_parameter_match {
            name = "debug"
            present_match = true
          }
          query_parameter_match {
            name = "state"
            exact_match = "debug"
          }
        }
        match_rule {
          full_path_match = "/apple"
        }
        header_action {
          request_header_to_add {
            header_name = "debug"
            header_value = "true"
            replace = true
          }
          request_header_to_add {
            header_name = "potato"
            header_value = "plant"
          }
          response_header_to_add {
            header_name = "potato"
            header_value = "plant"
            replace = true
          }
          request_header_to_remove {
            header_name = "prod"
          }
          response_header_to_remove {
            header_name = "prod"
          }
        }

        origin = google_network_services_edge_cache_origin.instance.name
        route_action {
          cdn_policy {
              cache_mode = "CACHE_ALL_STATIC"
              default_ttl = "3800s"
              client_ttl = "3600s"
              max_ttl = "9000s"
              cache_key_policy {
                include_protocol = true
                exclude_host = true
                included_query_parameters = ["apple", "dev", "santa", "claus"]
                included_header_names = ["banana"]
                included_cookie_names = ["orange"]
              }
              negative_caching = true
              signed_request_mode = "DISABLED"
              negative_caching_policy = {
                "500" = "3000s"
              }
          }
          url_rewrite {
            path_prefix_rewrite = "/dev"
            host_rewrite = "dev.club"
          }
          cors_policy {
            max_age = "2500s"
            allow_credentials = true
            allow_origins = ["*"]
            allow_methods = ["GET"]
            allow_headers = ["dev"]
            expose_headers = ["prod"]
          }
        }
      }
      route_rule {
        description = "a second route rule to match against"
        priority = 2
        match_rule {
          full_path_match = "/yay"
        }
        origin = google_network_services_edge_cache_origin.instance.name
        route_action {
          cdn_policy {
            cache_mode = "CACHE_ALL_STATIC"
            default_ttl = "3600s"
            cache_key_policy {
              excluded_query_parameters = ["dev"]
            }
          }
          cors_policy {
            max_age = "3000s"
            allow_headers = ["dev"]
            disabled = true
          }
        }
      }
    }
  }

  log_config {
    enable = true
    sample_rate = 0.01
  }
}
Open in Cloud Shell

Example Usage - Network Services Edge Cache Service Dual Token

resource "google_secret_manager_secret" "secret-basic" {
  secret_id = "secret-name"

  replication {
    auto {}
  }
}

resource "google_secret_manager_secret_version" "secret-version-basic" {
  secret = google_secret_manager_secret.secret-basic.id

  secret_data = "secret-data"
}

resource "google_network_services_edge_cache_keyset" "keyset" {
  name        = "keyset-name"
  description = "The default keyset"
  public_key {
    id      = "my-public-key"
    managed = true
  }
  validation_shared_keys {
    secret_version = google_secret_manager_secret_version.secret-version-basic.id
  }
}

resource "google_network_services_edge_cache_origin" "instance" {
  name                 = "my-origin"
  origin_address       = "gs://media-edge-default"
  description          = "The default bucket for media edge test"
}

resource "google_network_services_edge_cache_service" "instance" {
  name                 = "my-service"
  description          = "some description"
  routing {
    host_rule {
      description = "host rule description"
      hosts = ["sslcert.tf-test.club"]
      path_matcher = "routes"
    }
    path_matcher {
      name = "routes"
      route_rule {
        description = "a route rule to match against master playlist"
        priority = 1
        match_rule {
          path_template_match = "/master.m3u8"
    }   
        origin = google_network_services_edge_cache_origin.instance.name
        route_action {
          cdn_policy {
        signed_request_mode = "REQUIRE_TOKENS"
        signed_request_keyset = google_network_services_edge_cache_keyset.keyset.id
        signed_token_options {
          token_query_parameter = "edge-cache-token"
        }
        signed_request_maximum_expiration_ttl = "600s"
        add_signatures {
          actions = ["GENERATE_COOKIE"]
          keyset = google_network_services_edge_cache_keyset.keyset.id
          copied_parameters = ["PathGlobs", "SessionID"]
        }
          }
        }
      }
      route_rule {
        description = "a route rule to match against all playlists"
        priority = 2
        match_rule {
          path_template_match = "/*.m3u8"
        }
        origin = google_network_services_edge_cache_origin.instance.name
        route_action {
          cdn_policy {
        signed_request_mode = "REQUIRE_TOKENS"
        signed_request_keyset = google_network_services_edge_cache_keyset.keyset.id
        signed_token_options {
          token_query_parameter = "hdnts"
          allowed_signature_algorithms = ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]
        }
        add_signatures {
          actions = ["GENERATE_TOKEN_HLS_COOKIELESS"]
          keyset = google_network_services_edge_cache_keyset.keyset.id
          token_ttl = "1200s"
          token_query_parameter = "hdntl"
          copied_parameters = ["URLPrefix"]
        }
          }
        }
      }
      route_rule {
        description = "a route rule to match against"
        priority = 3
        match_rule {
          path_template_match = "/**.m3u8"
        }
        origin = google_network_services_edge_cache_origin.instance.name
        route_action {
          cdn_policy {
        signed_request_mode = "REQUIRE_TOKENS"
        signed_request_keyset = google_network_services_edge_cache_keyset.keyset.id
        signed_token_options {
          token_query_parameter = "hdntl"
        }
        add_signatures {
          actions = ["PROPAGATE_TOKEN_HLS_COOKIELESS"]
          token_query_parameter = "hdntl"
        }
          }
        }
      }
    }
  }
}

Argument Reference

The following arguments are supported:

The routing block supports:

The host_rule block supports:

The path_matcher block supports:

The route_rule block supports:

The match_rule block supports:

The header_match block supports:

The query_parameter_match block supports:

The header_action block supports:

The request_header_to_add block supports:

The response_header_to_add block supports:

The request_header_to_remove block supports:

The response_header_to_remove block supports:

The route_action block supports:

The cdn_policy block supports:

The cache_key_policy block supports:

The signed_token_options block supports:

The add_signatures block supports:

The url_rewrite block supports:

The cors_policy block supports:

The url_redirect block supports:


The log_config block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

EdgeCacheService can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import EdgeCacheService using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/global/edgeCacheServices/{{name}}"
  to = google_network_services_edge_cache_service.default
}

When using the terraform import command, EdgeCacheService can be imported using one of the formats above. For example:

$ terraform import google_network_services_edge_cache_service.default projects/{{project}}/locations/global/edgeCacheServices/{{name}}
$ terraform import google_network_services_edge_cache_service.default {{project}}/{{name}}
$ terraform import google_network_services_edge_cache_service.default {{name}}

User Project Overrides

This resource supports User Project Overrides.