EdgeCacheService defines the IP addresses, protocols, security policies, cache policies and routing configuration.
resource "google_storage_bucket" "dest" {
name = "my-bucket"
location = "US"
force_destroy = true
}
resource "google_network_services_edge_cache_origin" "instance" {
name = "my-origin"
origin_address = google_storage_bucket.dest.url
description = "The default bucket for media edge test"
max_attempts = 2
timeout {
connect_timeout = "10s"
}
}
resource "google_network_services_edge_cache_service" "instance" {
name = "my-service"
description = "some description"
routing {
host_rule {
description = "host rule description"
hosts = ["sslcert.tf-test.club"]
path_matcher = "routes"
}
path_matcher {
name = "routes"
route_rule {
description = "a route rule to match against"
priority = 1
match_rule {
prefix_match = "/"
}
origin = google_network_services_edge_cache_origin.instance.name
route_action {
cdn_policy {
cache_mode = "CACHE_ALL_STATIC"
default_ttl = "3600s"
}
}
header_action {
response_header_to_add {
header_name = "x-cache-status"
header_value = "{cdn_cache_status}"
}
}
}
}
}
}
resource "google_storage_bucket" "dest" {
name = "my-bucket"
location = "US"
force_destroy = true
}
resource "google_network_services_edge_cache_origin" "google" {
name = "origin-google"
origin_address = "google.com"
description = "The default bucket for media edge test"
max_attempts = 2
timeout {
connect_timeout = "10s"
}
}
resource "google_network_services_edge_cache_origin" "instance" {
name = "my-origin"
origin_address = google_storage_bucket.dest.url
description = "The default bucket for media edge test"
max_attempts = 2
timeout {
connect_timeout = "10s"
}
}
resource "google_network_services_edge_cache_service" "instance" {
name = "my-service"
description = "some description"
disable_quic = true
disable_http2 = true
labels = {
a = "b"
}
routing {
host_rule {
description = "host rule description"
hosts = ["sslcert.tf-test.club"]
path_matcher = "routes"
}
host_rule {
description = "host rule2"
hosts = ["sslcert.tf-test2.club"]
path_matcher = "routes"
}
host_rule {
description = "host rule3"
hosts = ["sslcert.tf-test3.club"]
path_matcher = "routesAdvanced"
}
path_matcher {
name = "routes"
route_rule {
description = "a route rule to match against"
priority = 1
match_rule {
prefix_match = "/"
}
origin = google_network_services_edge_cache_origin.instance.name
route_action {
cdn_policy {
cache_mode = "CACHE_ALL_STATIC"
default_ttl = "3600s"
}
}
header_action {
response_header_to_add {
header_name = "x-cache-status"
header_value = "{cdn_cache_status}"
}
}
}
}
path_matcher {
name = "routesAdvanced"
description = "an advanced ruleset"
route_rule {
description = "an advanced route rule to match against"
priority = 1
match_rule {
prefix_match = "/potato/"
query_parameter_match {
name = "debug"
present_match = true
}
query_parameter_match {
name = "state"
exact_match = "debug"
}
}
match_rule {
full_path_match = "/apple"
}
header_action {
request_header_to_add {
header_name = "debug"
header_value = "true"
replace = true
}
request_header_to_add {
header_name = "potato"
header_value = "plant"
}
response_header_to_add {
header_name = "potato"
header_value = "plant"
replace = true
}
request_header_to_remove {
header_name = "prod"
}
response_header_to_remove {
header_name = "prod"
}
}
origin = google_network_services_edge_cache_origin.instance.name
route_action {
cdn_policy {
cache_mode = "CACHE_ALL_STATIC"
default_ttl = "3800s"
client_ttl = "3600s"
max_ttl = "9000s"
cache_key_policy {
include_protocol = true
exclude_host = true
included_query_parameters = ["apple", "dev", "santa", "claus"]
included_header_names = ["banana"]
included_cookie_names = ["orange"]
}
negative_caching = true
signed_request_mode = "DISABLED"
negative_caching_policy = {
"500" = "3000s"
}
}
url_rewrite {
path_prefix_rewrite = "/dev"
host_rewrite = "dev.club"
}
cors_policy {
max_age = "2500s"
allow_credentials = true
allow_origins = ["*"]
allow_methods = ["GET"]
allow_headers = ["dev"]
expose_headers = ["prod"]
}
}
}
route_rule {
description = "a second route rule to match against"
priority = 2
match_rule {
full_path_match = "/yay"
}
origin = google_network_services_edge_cache_origin.instance.name
route_action {
cdn_policy {
cache_mode = "CACHE_ALL_STATIC"
default_ttl = "3600s"
cache_key_policy {
excluded_query_parameters = ["dev"]
}
}
cors_policy {
max_age = "3000s"
allow_headers = ["dev"]
disabled = true
}
}
}
}
}
log_config {
enable = true
sample_rate = 0.01
}
}
resource "google_secret_manager_secret" "secret-basic" {
secret_id = "secret-name"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "secret-version-basic" {
secret = google_secret_manager_secret.secret-basic.id
secret_data = "secret-data"
}
resource "google_network_services_edge_cache_keyset" "keyset" {
name = "keyset-name"
description = "The default keyset"
public_key {
id = "my-public-key"
managed = true
}
validation_shared_keys {
secret_version = google_secret_manager_secret_version.secret-version-basic.id
}
}
resource "google_network_services_edge_cache_origin" "instance" {
name = "my-origin"
origin_address = "gs://media-edge-default"
description = "The default bucket for media edge test"
}
resource "google_network_services_edge_cache_service" "instance" {
name = "my-service"
description = "some description"
routing {
host_rule {
description = "host rule description"
hosts = ["sslcert.tf-test.club"]
path_matcher = "routes"
}
path_matcher {
name = "routes"
route_rule {
description = "a route rule to match against master playlist"
priority = 1
match_rule {
path_template_match = "/master.m3u8"
}
origin = google_network_services_edge_cache_origin.instance.name
route_action {
cdn_policy {
signed_request_mode = "REQUIRE_TOKENS"
signed_request_keyset = google_network_services_edge_cache_keyset.keyset.id
signed_token_options {
token_query_parameter = "edge-cache-token"
}
signed_request_maximum_expiration_ttl = "600s"
add_signatures {
actions = ["GENERATE_COOKIE"]
keyset = google_network_services_edge_cache_keyset.keyset.id
copied_parameters = ["PathGlobs", "SessionID"]
}
}
}
}
route_rule {
description = "a route rule to match against all playlists"
priority = 2
match_rule {
path_template_match = "/*.m3u8"
}
origin = google_network_services_edge_cache_origin.instance.name
route_action {
cdn_policy {
signed_request_mode = "REQUIRE_TOKENS"
signed_request_keyset = google_network_services_edge_cache_keyset.keyset.id
signed_token_options {
token_query_parameter = "hdnts"
allowed_signature_algorithms = ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]
}
add_signatures {
actions = ["GENERATE_TOKEN_HLS_COOKIELESS"]
keyset = google_network_services_edge_cache_keyset.keyset.id
token_ttl = "1200s"
token_query_parameter = "hdntl"
copied_parameters = ["URLPrefix"]
}
}
}
}
route_rule {
description = "a route rule to match against"
priority = 3
match_rule {
path_template_match = "/**.m3u8"
}
origin = google_network_services_edge_cache_origin.instance.name
route_action {
cdn_policy {
signed_request_mode = "REQUIRE_TOKENS"
signed_request_keyset = google_network_services_edge_cache_keyset.keyset.id
signed_token_options {
token_query_parameter = "hdntl"
}
add_signatures {
actions = ["PROPAGATE_TOKEN_HLS_COOKIELESS"]
token_query_parameter = "hdntl"
}
}
}
}
}
}
}
The following arguments are supported:
routing
-
(Required)
Defines how requests are routed, modified, cached and/or which origin content is filled from.
Structure is documented below.
name
-
(Required)
Name of the resource; provided by the client when the resource is created.
The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,
and all following characters must be a dash, underscore, letter or digit.
host_rule
-
(Required)
The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply.
Structure is documented below.
path_matcher
-
(Required)
The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion.
Structure is documented below.
description
-
(Optional)
A human-readable description of the hostRule.
hosts
-
(Required)
The list of host patterns to match.
Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string.
When multiple hosts are specified, hosts are matched in the following priority:
www.foo.com
.*.foo.com
or *-bar.foo.com
.foo.*
or foo-*
.*
matching any domain.
Notes:
The wildcard will not match the empty string. e.g. *-bar.foo.com
will match baz-bar.foo.com
but not -bar.foo.com
. The longest wildcards match first. Only a single host in the entire service can match on *
. A domain must be unique across all configured hosts within a service.
Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request.
You may specify up to 10 hosts.path_matcher
-
(Required)
The name of the pathMatcher associated with this hostRule.
The path_matcher
block supports:
name
-
(Required)
The name to which this PathMatcher is referred by the HostRule.
description
-
(Optional)
A human-readable description of the resource.
route_rule
-
(Required)
The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.
Structure is documented below.
The route_rule
block supports:
priority
-
(Required)
The priority of this route rule, where 1 is the highest priority.
You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.
Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers
to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.
description
-
(Optional)
A human-readable description of the routeRule.
match_rule
-
(Required)
The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates
within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.
Structure is documented below.
header_action
-
(Optional)
The header actions, including adding & removing headers, for requests that match this route.
Structure is documented below.
route_action
-
(Optional)
In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin.
Structure is documented below.
origin
-
(Optional)
The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin"
Only one of origin or urlRedirect can be set.
url_redirect
-
(Optional)
The URL redirect configuration for requests that match this route.
Structure is documented below.
The match_rule
block supports:
ignore_case
-
(Optional)
Specifies that prefixMatch and fullPathMatch matches are case sensitive.
header_match
-
(Optional)
Specifies a list of header match criteria, all of which must match corresponding headers in the request.
Structure is documented below.
query_parameter_match
-
(Optional)
Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request.
Structure is documented below.
prefix_match
-
(Optional)
For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /.
path_template_match
-
(Optional)
For satisfying the matchRule condition, the path of the request
must match the wildcard pattern specified in pathTemplateMatch
after removing any query parameters and anchor that may be part
of the original URL.
pathTemplateMatch must be between 1 and 255 characters
(inclusive). The pattern specified by pathTemplateMatch may
have at most 5 wildcard operators and at most 5 variable
captures in total.
full_path_match
-
(Optional)
For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL.
The header_match
block supports:
header_name
-
(Required)
The header name to match on.
present_match
-
(Optional)
A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.
exact_match
-
(Optional)
The value of the header should exactly match contents of exactMatch.
prefix_match
-
(Optional)
The value of the header must start with the contents of prefixMatch.
suffix_match
-
(Optional)
The value of the header must end with the contents of suffixMatch.
invert_match
-
(Optional)
If set to false (default), the headerMatch is considered a match if the match criteria above are met.
If set to true, the headerMatch is considered a match if the match criteria above are NOT met.
The query_parameter_match
block supports:
name
-
(Required)
The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.
present_match
-
(Optional)
Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not.
exact_match
-
(Optional)
The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch.
The header_action
block supports:
request_header_to_add
-
(Optional)
Describes a header to add.
Structure is documented below.
response_header_to_add
-
(Optional)
Headers to add to the response prior to sending it back to the client.
Response headers are only sent to the client, and do not have an effect on the cache serving the response.
Structure is documented below.
request_header_to_remove
-
(Optional)
A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.
Structure is documented below.
response_header_to_remove
-
(Optional)
A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.
Structure is documented below.
The request_header_to_add
block supports:
header_name
-
(Required)
The name of the header to add.
header_value
-
(Required)
The value of the header to add.
replace
-
(Optional)
Whether to replace all existing headers with the same name.
The response_header_to_add
block supports:
header_name
-
(Required)
The name of the header to add.
header_value
-
(Required)
The value of the header to add.
replace
-
(Optional)
Whether to replace all existing headers with the same name.
The request_header_to_remove
block supports:
header_name
-
(Required)
The name of the header to remove.The response_header_to_remove
block supports:
header_name
-
(Required)
Headers to remove from the response prior to sending it back to the client.
Response headers are only sent to the client, and do not have an effect on the cache serving the response.The route_action
block supports:
cdn_policy
-
(Optional)
The policy to use for defining caching and signed request behaviour for requests that match this route.
Structure is documented below.
url_rewrite
-
(Optional)
The URL rewrite configuration for requests that match this route.
Structure is documented below.
cors_policy
-
(Optional)
CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set.
Structure is documented below.
The cdn_policy
block supports:
cache_mode
-
(Optional)
Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses.
For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client.
Possible values are: CACHE_ALL_STATIC
, USE_ORIGIN_HEADERS
, FORCE_CACHE_ALL
, BYPASS_CACHE
.
client_ttl
-
(Optional)
Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response.
default_ttl
-
(Optional)
Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
Defaults to 3600s (1 hour).
max_ttl
-
(Optional)
Specifies the maximum allowed TTL for cached content served by this origin.
Defaults to 86400s (1 day).
Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive.
cache_key_policy
-
(Optional)
Defines the request parameters that contribute to the cache key.
Structure is documented below.
negative_caching
-
(Optional)
Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.
By default, the CDNPolicy will apply the following default TTLs to these status codes:
negative_caching_policy
-
(Optional)
Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.
signed_request_mode
-
(Optional)
Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.
You must also set a signedRequestKeyset to enable signed requests.
When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged.
Possible values are: DISABLED
, REQUIRE_SIGNATURES
, REQUIRE_TOKENS
.
signed_request_keyset
-
(Optional)
The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.
signed_token_options
-
(Optional)
Additional options for signed tokens.
signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS.
Structure is documented below.
add_signatures
-
(Optional)
Enable signature generation or propagation on this route.
This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS.
Structure is documented below.
signed_request_maximum_expiration_ttl
-
(Optional)
Limit how far into the future the expiration time of a signed request may be.
When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.
The cache_key_policy
block supports:
include_protocol
-
(Optional)
If true, http and https requests will be cached separately.
exclude_query_string
-
(Optional)
If true, exclude query string parameters from the cache key
If false (the default), include the query string parameters in
the cache key according to includeQueryParameters and
excludeQueryParameters. If neither includeQueryParameters nor
excludeQueryParameters is set, the entire query string will be
included.
exclude_host
-
(Optional)
If true, requests to different hosts will be cached separately.
Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched.
included_query_parameters
-
(Optional)
Names of query string parameters to include in cache keys. All other parameters will be excluded.
Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters.
excluded_query_parameters
-
(Optional)
Names of query string parameters to exclude from cache keys. All other parameters will be included.
Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters.
included_header_names
-
(Optional)
Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key.
included_cookie_names
-
(Optional)
Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key.
Cookie names:
The signed_token_options
block supports:
token_query_parameter
-
(Optional)
The query parameter in which to find the token.
The name must be 1-64 characters long and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])*
which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
Defaults to edge-cache-token
.
allowed_signature_algorithms
-
(Optional)
The allowed signature algorithms to use.
Defaults to using only ED25519.
You may specify up to 3 signature algorithms to use.
Each value may be one of: ED25519
, HMAC_SHA_256
, HMAC_SHA1
.
The add_signatures
block supports:
actions
-
(Required)
The actions to take to add signatures to responses.
Each value may be one of: GENERATE_COOKIE
, GENERATE_TOKEN_HLS_COOKIELESS
, PROPAGATE_TOKEN_HLS_COOKIELESS
.
keyset
-
(Optional)
The keyset to use for signature generation.
The following are both valid paths to an EdgeCacheKeyset resource:
projects/project/locations/global/edgeCacheKeysets/yourKeyset
yourKeyset
This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise.token_ttl
-
(Optional)
The duration the token is valid starting from the moment the token is first generated.
Defaults to 86400s
(1 day).
The TTL must be >= 0 and <= 604,800 seconds (1 week).
This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.
A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
token_query_parameter
-
(Optional)
The query parameter in which to put the generated token.
If not specified, defaults to edge-cache-token
.
If specified, the name must be 1-64 characters long and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])*
which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.
copied_parameters
-
(Optional)
The parameters to copy from the verified token to the generated token.
Only the following parameters may be copied:
PathGlobs
paths
acl
URLPrefix
IPRanges
SessionID
id
Data
data
payload
Headers
You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.
This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.The url_rewrite
block supports:
path_prefix_rewrite
-
(Optional)
Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.
host_rewrite
-
(Optional)
Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.
path_template_rewrite
-
(Optional)
Prior to forwarding the request to the selected origin, if the
request matched a pathTemplateMatch, the matching portion of the
request's path is replaced re-written using the pattern specified
by pathTemplateRewrite.
pathTemplateRewrite must be between 1 and 255 characters
(inclusive), must start with a '/', and must only use variables
captured by the route's pathTemplate matchers.
pathTemplateRewrite may only be used when all of a route's
MatchRules specify pathTemplate.
Only one of pathPrefixRewrite and pathTemplateRewrite may be
specified.
The cors_policy
block supports:
max_age
-
(Required)
Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).
allow_credentials
-
(Optional)
In response to a preflight request, setting this to true indicates that the actual request can include user credentials.
This translates to the Access-Control-Allow-Credentials response header.
allow_origins
-
(Optional)
Specifies the list of origins that will be allowed to do CORS requests.
This translates to the Access-Control-Allow-Origin response header.
allow_methods
-
(Optional)
Specifies the content for the Access-Control-Allow-Methods response header.
allow_headers
-
(Optional)
Specifies the content for the Access-Control-Allow-Headers response header.
expose_headers
-
(Optional)
Specifies the content for the Access-Control-Allow-Headers response header.
disabled
-
(Optional)
If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.
The url_redirect
block supports:
host_redirect
-
(Optional)
The host that will be used in the redirect response instead of the one that was supplied in the request.
path_redirect
-
(Optional)
The path that will be used in the redirect response instead of the one that was supplied in the request.
pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.
The path value must be between 1 and 1024 characters.
prefix_redirect
-
(Optional)
The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request.
prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.
redirect_response_code
-
(Optional)
The HTTP Status code to use for this RedirectAction.
The supported values are:
MOVED_PERMANENTLY_DEFAULT
, which is the default value and corresponds to 301.FOUND
, which corresponds to 302.SEE_OTHER
which corresponds to 303.TEMPORARY_REDIRECT
, which corresponds to 307. in this case, the request method will be retained.PERMANENT_REDIRECT
, which corresponds to 308. in this case, the request method will be retained.
Possible values are: MOVED_PERMANENTLY_DEFAULT
, FOUND
, SEE_OTHER
, TEMPORARY_REDIRECT
, PERMANENT_REDIRECT
.https_redirect
-
(Optional)
If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request.
This can only be set if there is at least one (1) edgeSslCertificate set on the service.
strip_query
-
(Optional)
If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained.
description
-
(Optional)
A human-readable description of the resource.
labels
-
(Optional)
Set of label tags associated with the EdgeCache resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
disable_quic
-
(Optional)
HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.
disable_http2
-
(Optional)
Disables HTTP/2.
HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.
Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.
require_tls
-
(Optional)
Require TLS (HTTPS) for all clients connecting to this service.
Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443).
You must have at least one (1) edgeSslCertificate specified to enable this.
edge_ssl_certificates
-
(Optional)
URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService.
Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService.
ssl_policy
-
(Optional)
URL of the SslPolicy resource that will be associated with the EdgeCacheService.
If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy.
log_config
-
(Optional)
Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging.
Structure is documented below.
edge_security_policy
-
(Optional)
Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The log_config
block supports:
enable
-
(Required)
Specifies whether to enable logging for traffic served by this service.
sample_rate
-
(Optional)
Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1].
This field can only be specified if logging is enabled for this service.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/global/edgeCacheServices/{{name}}
ipv4_addresses
-
The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.
ipv6_addresses
-
The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 60 minutes.update
- Default is 60 minutes.delete
- Default is 60 minutes.EdgeCacheService can be imported using any of these accepted formats:
projects/{{project}}/locations/global/edgeCacheServices/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import EdgeCacheService using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/global/edgeCacheServices/{{name}}"
to = google_network_services_edge_cache_service.default
}
When using the terraform import
command, EdgeCacheService can be imported using one of the formats above. For example:
$ terraform import google_network_services_edge_cache_service.default projects/{{project}}/locations/global/edgeCacheServices/{{name}}
$ terraform import google_network_services_edge_cache_service.default {{project}}/{{name}}
$ terraform import google_network_services_edge_cache_service.default {{name}}
This resource supports User Project Overrides.