- Resource: EdgeCacheService
- Routing
- HostRule
- PathMatcher
- RouteRule
- UrlRedirect
- RedirectResponseCode
- MatchRule
- HeaderMatch
- QueryParameterMatcher
- RouteMethods
- HeaderAction
- AddHeader
- RemoveHeader
- RouteAction
- CDNPolicy
- CacheMode
- CacheKeyPolicy
- SignedRequestMode
- SignedTokenOptions
- SignatureAlgorithm
- AddSignaturesOptions
- SignatureAction
- UrlRewrite
- CORSPolicy
- CompressionMode
- LogConfig
- Methods
Resource: EdgeCacheService
Defines the IP addresses, protocols, security policies, cache policies, and routing configuration.
| JSON representation |
|---|
{ "name" : string , "createTime" : string , "updateTime" : string , "description" : string , "labels" : { string : string , ... } , "disableQuic" : boolean , "disableHttp2" : boolean , "requireTls" : boolean , "edgeSslCertificates" : [ string ] , "ipv4Addresses" : [ string ] , "ipv6Addresses" : [ string ] , "routing" : { object ( |
name
string
Required. The name of the resource as provided by the client when the resource is created. The name must be 1-64 characters long, and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])*
which means the first character must be a letter, and all following characters must be a dash, an underscore, a letter, or a digit.
createTime
string (
Timestamp
format)
Output only. The creation timestamp in RFC3339 text format.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z"
and "2014-10-02T15:01:23.045123456Z"
.
updateTime
string (
Timestamp
format)
Output only. The update timestamp in RFC3339 text format.
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z"
and "2014-10-02T15:01:23.045123456Z"
.
description
string
Optional. A human-readable description of the resource.
labels
map (key: string, value: string)
Optional. A set of label tags associated with the EdgeCacheService
resource.
An object containing a list of "key": value
pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }
.
disableQuic
boolean
Optional. HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.
disableHttp2
boolean
Optional. Disables HTTP/2.
HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.
Some legacy HTTP clients might have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true
prevents HTTP/2 from being advertised and negotiated.
requireTls
boolean
Optional. Require TLS (HTTPS) for all clients connecting to this service.
Clients who connect over HTTP (port 80) see an HTTP 301
response to the same URL over HTTPS (port 443). You must have at least one edgeSslCertificates
specified to enable this.
edgeSslCertificates[]
string
Optional. Certificate resources that are used to authenticate connections between users and the EdgeCacheService
resource.
Note that only global certificates with a scope of EDGE_CACHE
can be attached to an EdgeCacheService
resource.
The following are both valid paths to an edgeSslCertificates
resource:
-
projects/project/locations/global/certificates/media-example-com-cert -
media-example-com-cert
You can specify up to five SSL certificates.
ipv4Addresses[]
string
Output only. The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.
IP addresses provisioned via Bring-Your-Own-IP (BYOIP) are not supported.
ipv6Addresses[]
string
Output only. The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.
IP addresses provisioned via Bring-Your-Own-IP (BYOIP) are not supported.
routing
object (
Routing
)
Required. Defines how requests are routed, modified, and cached, and which origin the content is filled from.
logConfig
object (
LogConfig
)
Optional. The logging options for the traffic served by this service. If logging is enabled, logs are exported to Cloud Logging.
edgeSecurityPolicy
string
Optional. The resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService
resource.
Routing
Defines how requests are routed, modified, cached, and which origin the content is filled from.
| JSON representation |
|---|
{ "hostRules" : [ { object ( |
| Fields | |
|---|---|
hostRules[]
|
Required. A list of You can specify up to 50 host rules. |
pathMatchers[]
|
Required. A list of You can specify up to 50 path matchers. |
HostRule
The hostname configured for the EdgeCacheService
. A HostRule
value associates a hostname (or hostnames) with a set of routing rules, which define configuration based on the path and header.
| JSON representation |
|---|
{ "description" : string , "hosts" : [ string ] , "pathMatcher" : string } |
description
string
Optional. A human-readable description of the HostRule
value.
hosts[]
string
Required. A list of host patterns to match.
Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. *
matches any string of ([a-z0-9-.]*)
. It does not match an empty string.
When multiple hosts are specified, hosts are matched in the following priority:
- Exact domain names:
www.foo.com. - Suffix domain wildcards:
*.foo.comor*-bar.foo.com. - Prefix domain wildcards:
foo.*orfoo-*. - Special wildcard
*matching any domain.
The wildcard doesn't match the empty string. For example, *-bar.foo.com
matches baz-bar.foo.com
but not -bar.foo.com
. The longest wildcards match first. Only a single host in the entire service can match on *
.
A domain must be unique across all configured hosts within a service.
Hosts are matched against the HTTP Host
header, or for HTTP/2 and HTTP/3, the :authority
header, in the incoming request.
You can specify up to 10 hosts.
pathMatcher
string
Required. The name of the PathMatcher
associated with this HostRule
.
PathMatcher
The name of the PathMatcher
to use to match the path portion of the URL if the HostRule
matches the URL's host portion.
| JSON representation |
|---|
{
"name"
:
string
,
"description"
:
string
,
"routeRules"
:
[
{
object (
|
| Fields | |
|---|---|
name
|
Required. The name to which this |
description
|
Optional. A human-readable description of the resource. |
routeRules[]
|
Required. A list of You must specify at least one rule, and can specify a maximum of 200 rules. |
RouteRule
The priority of a given route, including its match conditions and the actions to take on a request that matches.
| JSON representation |
|---|
{ "priority" : string , "description" : string , "matchRules" : [ { object ( |
priority
string ( int64
format)
Required. The priority of this route rule, where 1
is the highest priority.
You cannot configure two or more RouteRules
with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.
Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16
is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.
description
string
Optional. A human-readable description of the RouteRule
.
matchRules[]
object (
MatchRule
)
Required. The list of criteria for matching attributes of a request to this RouteRule
. This list has OR
semantics: the request matches this RouteRule
when any of the MatchRule
s are satisfied. However, predicates within a given MatchRule
have AND
semantics. All predicates within a MatchRule
must match for the request to match the rule.
You can specify up to five match rules.
routeMethods
object (
RouteMethods
)
Optional. Allow overriding the set of methods that are allowed for this route. When not set, Media CDN allows only GET
, HEAD
, and OPTIONS
.
headerAction
object (
HeaderAction
)
Optional. The header actions, including adding and removing headers, for requests that match this route.
routeAction
object (
RouteAction
)
Optional. In response to a matching path, the RouteAction
performs advanced routing actions like URL rewrites, header transformations, and so forth prior to forwarding the request to the selected origin.
Union field type
.
type
can be only one of the following:
origin
string
Optional. An alternate EdgeCacheOrigin
resource that this route responds with when a matching response is not in the cache.
The following are both valid paths to an EdgeCacheOrigin
resource:
-
projects/my-project/locations/global/edgeCacheOrigins/my-origin -
my-origin
Only one of origin
or urlRedirect
can be set.
urlRedirect
object (
UrlRedirect
)
Optional. The URL redirect configuration for requests that match this route.
Only one of origin
or urlRedirect
can be set.
UrlRedirect
The HTTP redirect configuration for a given request.
| JSON representation |
|---|
{ "hostRedirect" : string , "redirectResponseCode" : enum ( |
hostRedirect
string
Optional. The host that is used in the redirect response instead of the one that was supplied in the request.
The value must be between 1 and 255 characters.
redirectResponseCode
enum (
RedirectResponseCode
)
Optional. The HTTP status code to use for this redirect action. For a list of supported values, see RedirectResponseCode
.
httpsRedirect
boolean
Optional. Determines whether the URL scheme in the redirected request is adjusted to HTTPS
or remains that of the request.
If it is set to true
and at least one edgeSslCertificates
is set on the service, the URL scheme in the redirected request is set to HTTPS
.
If it is set to false
, the URL scheme of the redirected request remains the same as that of the request.
stripQuery
boolean
Optional. Determines whether accompanying query portions of the original URL are removed prior to redirecting the request.
If it is set to true
, the accompanying query portion of the original URL is removed before redirecting the request.
If it is set to false
, the query portion of the original URL is retained.
The default is false
.
Union field path_specifier
.
path_specifier
can be only one of the following:
pathRedirect
string
Optional. The path that is used in the redirect response instead of the one that was supplied in the request.
pathRedirect
cannot be supplied together with prefixRedirect
. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect.
The path value must be between 1 and 1024 characters.
prefixRedirect
string
Optional. The prefix that replaces the prefixMatch
specified in the RouteRule
rule, retaining the remaining portion of the URL before redirecting the request.
prefixRedirect
cannot be supplied together with pathRedirect
. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect.
The prefix value must be between 1 and 1024 characters.
RedirectResponseCode
The HTTP status codes that might be used as redirect responses.
| Enums | |
|---|---|
MOVED_PERMANENTLY_DEFAULT
|
HTTP 301 (Moved Permanently)
|
FOUND
|
HTTP 302 Found |
SEE_OTHER
|
HTTP 303 See Other |
TEMPORARY_REDIRECT
|
HTTP 307 (Temporary Redirect)
. In this case, the request method is retained. |
PERMANENT_REDIRECT
|
HTTP 308 (Permanent Redirect)
. In this case, the request method is retained. |
MatchRule
A collection of match conditions (such as query, header, or URI) for a request.
| JSON representation |
|---|
{ "ignoreCase" : boolean , "headerMatches" : [ { object ( |
ignoreCase
boolean
Optional. Specifies that prefixMatch
and fullPathMatch
matches are not case sensitive. The default value is false
, which means that matches are case sensitive.
headerMatches[]
object (
HeaderMatch
)
Optional. A list of HeaderMatch
criteria, all of which must match corresponding headers in the request.
You can specify up to three headers to match on.
queryParameterMatches[]
object (
QueryParameterMatcher
)
Optional. A list of QueryParameterMatcher
criteria, all of which must match corresponding query parameters in the request.
You can specify up to five query parameters to match on.
Union field path_match
.
path_match
can be only one of the following:
prefixMatch
string
Optional. To satisfy the MatchRule
condition, the request's path must begin with the specified prefixMatch
.
prefixMatch
must begin with a /
. The value must be between 1 and 1024 characters (inclusive).
One of prefixMatch
, fullPathMatch
, or pathTemplateMatch
must be specified.
fullPathMatch
string
Optional. To satisfy the MatchRule
condition, the path of the request must exactly match the value specified in fullPathMatch
after removing any query parameters and anchors that might be part of the original URL.
fullPathMatch
must begin with a /
. The value must be between 1 and 1024 characters, (inclusive).
One of prefixMatch
, fullPathMatch
, or pathTemplateMatch
must be specified.
pathTemplateMatch
string
Optional. To satisfy the MatchRule
condition, the path of the request must match the wildcard pattern specified in pathTemplateMatch
after removing any query parameters and anchors that might be part of the original URL.
pathTemplateMatch
must be between 1 and 255 characters (inclusive). The pattern specified by pathTemplateMatch
can have at most 10 wildcard operators and 10 variable captures.
One of prefixMatch
, fullPathMatch
, or pathTemplateMatch
must be specified.
HeaderMatch
The match conditions for HTTP request headers.
| JSON representation |
|---|
{ "headerName" : string , "invertMatch" : boolean , // Union field |
headerName
string
Required. The header name to match on. The :method
pseudo-header may be used to match on the request HTTP method.
invertMatch
boolean
Optional. If set to false
, HeaderMatch
is considered a match when the match criteria above are met. If set to true
, HeaderMatch
is considered a match when the match criteria above are not met.
The default is false
.
Union field match_specifier
.
match_specifier
can be only one of the following:
presentMatch
boolean
Optional. A header with the contents of headerName
must exist. The match takes place whether or not the request's header has a value.
Only one of exactMatch
, prefixMatch
, suffixMatch
, or presentMatch
must be set.
exactMatch
string
Optional. The value of the header must exactly match contents of exactMatch
.
Only one of exactMatch
, prefixMatch
, suffixMatch
, or presentMatch
must be set.
prefixMatch
string
Optional. The value of the header must start with the contents of prefixMatch
.
Only one of exactMatch
, prefixMatch
, suffixMatch
, or presentMatch
must be set.
suffixMatch
string
Optional. The value of the header must end with the contents of suffixMatch
.
Only one of exactMatch
, prefixMatch
, suffixMatch
, or presentMatch
must be set.
QueryParameterMatcher
The match conditions for URI query parameters.
| JSON representation |
|---|
{ "name" : string , // Union field |
name
string
Required. The name of the query parameter to match. The query parameter must exist in the request; if it doesn't, the request match fails.
The name must be specified and be between 1 and 32 characters long (inclusive).
Union field match_specifier
.
match_specifier
can be only one of the following:
presentMatch
boolean
Optional. Specifies that the QueryParameterMatcher
matches if the request contains the query parameter. The match can succeed as long as the request contains the query parameter, regardless of whether the parameter has a value or not.
Only one of presentMatch
or exactMatch
must be set.
exactMatch
string
Optional. The QueryParameterMatcher
matches if the value of the parameter exactly matches the contents of exactMatch
.
The match value must be between 1 and 64 characters long (inclusive).
Only one of presentMatch
or exactMatch
must be set.
RouteMethods
Allow overriding the set of methods that are allowed for a route.
| JSON representation |
|---|
{ "allowedMethods" : [ string ] } |
| Fields | |
|---|---|
allowedMethods[]
|
Required. The non-empty set of HTTP methods that are allowed for this route. |
HeaderAction
Defines the addition and removal of HTTP headers for requests and responses.
| JSON representation |
|---|
{ "requestHeadersToAdd" : [ { object ( |
| Fields | |
|---|---|
requestHeadersToAdd[]
|
Optional. A list of headers to add to the request prior to forwarding the request to the origin. You can add a maximum of 25 request headers. |
responseHeadersToAdd[]
|
Optional. A list of headers to add to the response before sending it back to the client. You can add a maximum of 25 response headers. Response headers are only sent to the client, and do not have an effect on the cache serving the response. |
requestHeadersToRemove[]
|
Optional. A list of header names to remove from the request before forwarding the request to the origin. You can specify up to 25 request headers to remove. |
responseHeadersToRemove[]
|
Optional. A list of headers to remove from the response before sending it back to the client. Response headers are only sent to the client, and do not have an effect on the cache serving the response. You can specify up to 25 response headers to remove. |
AddHeader
The header to add.
| JSON representation |
|---|
{ "headerName" : string , "headerValue" : string , "replace" : boolean } |
| Fields | |
|---|---|
headerName
|
Required. The name of the header to add. |
headerValue
|
Required. The value of the header to add. |
replace
|
Optional. Specifies whether to replace all existing headers with the same name. |
RemoveHeader
The header to remove.
| JSON representation |
|---|
{ "headerName" : string } |
| Fields | |
|---|---|
headerName
|
Required. The name of the header to remove. |
RouteAction
The actions (such as rewrites, redirects, CORS header injection, and header modification) to take for a given route match.
| JSON representation |
|---|
{ "cdnPolicy" : { object ( |
| Fields | |
|---|---|
cdnPolicy
|
Optional. The policy to use for defining caching and signed request behavior for requests that match this route. |
urlRewrite
|
Optional. The URL rewrite configuration for requests that match this route. |
corsPolicy
|
Optional. The Cross-Origin Resource Sharing (CORS) policy for requests that match this route. |
compressionMode
|
Optional. The compression mode to use for responses. If not specified, Media CDN doesn't compress uncompressed responses received from the origin. |
CDNPolicy
The CDN policy to apply to the configured route.
| JSON representation |
|---|
{ "cacheMode" : enum ( |
cacheMode
enum (
CacheMode
)
Optional. Set the CacheMode
used by this route.
BYPASS_CACHE
and USE_ORIGIN_HEADERS
proxy the origin's headers. Other cache modes pass Cache-Control to the client.
Use clientTtl
to override what is sent to the client.
clientTtl
string (
Duration
format)
Optional. Specifies a separate client (such as browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty uses the same cache TTL for both the CDN and the client-facing response.
- The TTL must be >
0and <=86400s(1 day) - The
clientTtlcannot be larger than thedefaultTtl(if set) - Fractions of a second are not allowed.
Omit this field to use the defaultTtl
, or the max-age set by the origin, as the client-facing TTL.
When the CacheMode
is set to USE_ORIGIN_HEADERS
or BYPASS_CACHE
, you must omit this field.
A duration in seconds with up to nine fractional digits, ending with ' s
'. Example: "3.5s"
.
defaultTtl
string (
Duration
format)
Optional. Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
Defaults to 3600s
(1 hour).
- The TTL must be >=
0and <=31,536,000seconds (1 year) - Setting a TTL of
0means "always revalidate" (equivalent to must-revalidate) - The value of
defaultTtlcannot be set to a value greater than that ofmaxTtl. - Fractions of a second are not allowed.
- When the
CacheModeis set toFORCE_CACHE_ALL, thedefaultTtloverwrites the TTL set in all responses.
Infrequently accessed objects might be evicted from the cache before the defined TTL. Objects that expire are revalidated with the origin.
When the CacheMode
is set to USE_ORIGIN_HEADERS
or BYPASS_CACHE
, you must omit this field.
A duration in seconds with up to nine fractional digits, ending with ' s
'. Example: "3.5s"
.
maxTtl
string (
Duration
format)
Optional. The maximum allowed TTL for cached content served by this origin.
Defaults to 86400s
(1 day).
Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl
seconds in the future are capped at the value of maxTtl
, as if it were the value of an s-maxage Cache-Control directive.
- The TTL must be >=
0and <=31,536,000seconds (1 year) - Setting a TTL of
0means "always revalidate" - The value of
maxTtlmust be equal to or greater thandefaultTtl. - Fractions of a second are not allowed.
When CacheMode
is set to [USE_ORIGIN_HEADERS].[CacheMode.USE_ORIGIN_HEADERS], FORCE_CACHE_ALL
, or BYPASS_CACHE
, you must omit this field.
A duration in seconds with up to nine fractional digits, ending with ' s
'. Example: "3.5s"
.
cacheKeyPolicy
object (
CacheKeyPolicy
)
Optional. The request parameters that contribute to the cache key.
negativeCaching
boolean
Optional. Negative caching allows setting per-status code TTLs, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.
By default, the CDNPolicy
applies the following default TTLs to these status codes:
- 10m: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects)
- 120s: HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons)
- 60s: HTTP 405 (Method Not Found), 501 (Not Implemented)
These defaults can be overridden in negativeCachingPolicy
negativeCachingPolicy
map (key: string, value: string (
Duration
format))
Optional. A cache TTL for the specified HTTP status code. negativeCaching
must be enabled to configure negativeCachingPolicy
.
The following limitations apply:
- Omitting the policy and leaving
negativeCachingenabled uses the default TTLs for each status code, defined innegativeCaching. - TTLs must be >=
0(where0is "always revalidate") and <=86400s(1 day)
You can set only the following status codes:
- HTTP redirection (
300,301,302,307, or308) - Client error (
400,403,404,405,410,421, or451) - Server error (
500,501,502,503, or504)
When you specify an explicit negativeCachingPolicy
, ensure that you also specify a cache TTL for all response codes that you wish to cache. The CDNPolicy
doesn't apply any default negative caching when a policy exists.
An object containing a list of "key": value
pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }
.
signedRequestMode
enum (
SignedRequestMode
)
Optional. Specifies whether to enforce signed requests. The default value is DISABLED
, which means all content is public, and does not authorize access.
You must also set a signedRequestKeyset
to enable signed requests.
When set to REQUIRE_SIGNATURES
or REQUIRE_TOKENS
, all matching requests get their signature validated. Requests that aren't signed with the corresponding private key, or that are otherwise invalid (such as expired or do not match the signature, IP address, or header) are rejected with an HTTP 403 error. If logging is turned on, then invalid requests are also logged.
signedRequestKeyset
string
Optional. The EdgeCacheKeyset
containing the set of public keys used to validate signed requests at the edge.
The following are both valid paths to an EdgeCacheKeyset
resource:
-
projects/project/locations/global/edgeCacheKeysets/yourKeyset -
yourKeyset
SignedRequestMode
must be set to a value other than DISABLED
when a keyset is provided.
addSignatures
object (
AddSignaturesOptions
)
Optional. Enables signature generation or propagation on this route.
This field can only be specified when signedRequestMode
is set to REQUIRE_TOKENS
.
signedRequestMaximumExpirationTtl
string (
Duration
format)
Optional. Limits how far into the future the expiration time of a signed request can be.
When set, a signed request is rejected if its expiration time is later than now
+ signedRequestMaximumExpirationTtl
, where now
is the time at which the signed request is first handled by the CDN.
- The TTL must be > 0.
- Fractions of a second are not allowed.
By default, signedRequestMaximumExpirationTtl
is not set and the expiration time of a signed request might be arbitrarily far into future.
A duration in seconds with up to nine fractional digits, ending with ' s
'. Example: "3.5s"
.
CacheMode
Lets you control the following:
- Caching behavior
- Automatically cached content types
- Whether origins headers are respected
- Whether all responses are unconditionally cached
For all cache modes, Cache-Control headers are passed to the client. Use clientTtl
to override what is sent to the client.
| Enums | |
|---|---|
CACHE_MODE_UNSPECIFIED
|
Unspecified value. Defaults to CACHE_ALL_STATIC
. |
CACHE_ALL_STATIC
|
Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), aren't cached. |
USE_ORIGIN_HEADERS
|
Only cache responses with valid HTTP caching directives. Responses without these headers aren't cached at Google's edge, and require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. |
FORCE_CACHE_ALL
|
Cache all content, ignoring any Warning:this might result in caching private, per-user (user identifiable) content. Only enable this on routes where the |
BYPASS_CACHE
|
Bypass all caching for requests that match routes with this Enabling this causes the edge cache to ignore all HTTP caching directives. All responses are fulfilled from the origin. |
CacheKeyPolicy
The request parameters that contribute to the cache key.
| JSON representation |
|---|
{ "includeProtocol" : boolean , "excludeQueryString" : boolean , "excludeHost" : boolean , "includedQueryParameters" : [ string ] , "excludedQueryParameters" : [ string ] , "includedHeaderNames" : [ string ] , "includedCookieNames" : [ string ] } |
includeProtocol
boolean
Optional. If true
, HTTP and HTTPS requests are cached separately.
excludeQueryString
boolean
Optional. If true
, exclude query string parameters from the cache key.
If false
(the default), include the query string parameters in the cache key according to includedQueryParameters
and excludedQueryParameters
. If neither is set, the entire query string is included.
excludeHost
boolean
Optional. If true
, exclude a request's host from the cache key. Requests with different hosts share content in the cache.
If false
(the default), a request's host is included in the cache key. Requests with different hosts are stored independently.
Important:Enable this only if the hosts share the same origin and content. Removing the host from the cache key might inadvertently result in different objects being cached than intended, depending on which route the first user matched.
includedQueryParameters[]
string
Optional. The names of query string parameters to include in cache keys. All other parameters are excluded.
Specify either includedQueryParameters
or excludedQueryParameters
, not both. &
and =
are percent encoded and not treated as delimiters.
You can include up to 20 query parameters.
Each query parameter name must be between 1 and 32 characters long (inclusive).
excludedQueryParameters[]
string
Optional. The names of query string parameters to exclude from cache keys. All other parameters are included.
Specify either includedQueryParameters
or excludedQueryParameters
, not both. &
and =
are percent encoded and not treated as delimiters.
You can exclude up to 20 query parameters.
Each query parameter name must be between 1 and 32 characters long (inclusive).
includedHeaderNames[]
string
Optional. The names of HTTP request headers to include in cache keys. The value of the header field is used as part of the cache key.
The following limitations apply:
- Header names must be valid HTTP RFC 7230 header field values.
- Header field names are case insensitive
- You can specify up to five header names.
- To include the HTTP method, use
:method
Refer to the documentation for the allowed list of header names.
Specifying several headers or headers that have a large range of values, such as per-user, dramatically impacts the cache hit rate, and might result in a higher eviction rate and reduced performance.
SignedRequestMode
Indicates whether signed requests are required.
| Enums | |
|---|---|
SIGNED_REQUEST_MODE_UNSPECIFIED
|
Unspecified value. Defaults to DISABLED
. |
DISABLED
|
Do not enforce signed requests. |
REQUIRE_SIGNATURES
|
Enforce signed requests using query parameter, path component, or cookie signatures. All requests must have a valid signature. Requests that are missing the signature (URL or cookie-based) are rejected as if the signature was invalid. |
REQUIRE_TOKENS
|
Enforce signed requests using signed tokens. All requests must have a valid signed token. Requests that are missing a signed token (URL or cookie-based) are rejected as if the signed token was invalid. |
SignedTokenOptions
The configuration options for signed tokens.
| JSON representation |
|---|
{
"tokenQueryParameter"
:
string
,
"allowedSignatureAlgorithms"
:
[
enum (
|
| Fields | |
|---|---|
tokenQueryParameter
|
Optional. The query parameter in which to find the token. The name must be 1-64 characters long and match the regular expression Defaults to |
allowedSignatureAlgorithms[]
|
Optional. The allowed signature algorithms to use. Defaults to using only ED25519. You can specify up to 3 signature algorithms to use. |
SignatureAlgorithm
The signed request signature algorithm to use.
| Enums | |
|---|---|
SIGNATURE_ALGORITHM_UNSPECIFIED
|
It is an error to specify ALGORITHM_UNSPECIFIED. |
ED25519
|
Use an Ed25519 signature scheme. The signature must be specified in the signature field of the token. |
HMAC_SHA_256
|
Use an HMAC based on a SHA-256 hash. The HMAC must be specified in the hmac field of the token. |
HMAC_SHA1
|
Use an HMAC based on a SHA1 hash. The HMAC must be specified in the hmac field of the token. |
AddSignaturesOptions
The configuration options for adding signatures to responses.
| JSON representation |
|---|
{
"actions"
:
[
enum (
|
actions[]
enum (
SignatureAction
)
Required. The actions to take to add signatures to responses.
You must specify exactly one action.
keyset
string
Optional. The keyset to use for signature generation.
The following are both valid paths to an EdgeCacheKeyset
resource:
-
projects/project/locations/global/edgeCacheKeysets/yourKeyset -
yourKeyset
This must be specified when the GENERATE_COOKIE
or GENERATE_TOKEN_HLS_COOKIELESS
actions are specified. This field can not be specified otherwise.
tokenTtl
string (
Duration
format)
Optional. The duration the token is valid for starting from the moment the token is first generated.
Defaults to 86400s
(1 day).
The TTL must be >= 0 and <= 604,800 seconds (1 week).
This field can only be specified when the GENERATE_COOKIE
or GENERATE_TOKEN_HLS_COOKIELESS
actions are specified.
A duration in seconds with up to nine fractional digits, ending with ' s
'. Example: "3.5s"
.
tokenQueryParameter
string
Optional. The query parameter in which to put the generated token.
If not specified, defaults to edge-cache-token
.
If specified, the name must be 1-64 characters long and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])*
which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
This field can only be set when the GENERATE_TOKEN_HLS_COOKIELESS
or PROPAGATE_TOKEN_HLS_COOKIELESS
actions are specified.
copiedParameters[]
string
Optional. The parameters to copy from the verified token to the generated token.
Only the following parameters can be copied:
-
PathGlobs -
paths -
acl -
URLPrefix -
IPRanges -
SessionID -
id -
Data -
data -
payload -
Headers
You can specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.
This field can only be specified when the GENERATE_COOKIE
or GENERATE_TOKEN_HLS_COOKIELESS
actions are specified.
SignatureAction
The ways a signature can be manipulated in a response.
| Enums | |
|---|---|
SIGNATURE_ACTION_UNSPECIFIED
|
It is an error to specify UNSPECIFIED
. |
GENERATE_COOKIE
|
Generate a new signed request cookie and return the cookie in a Set-Cookie header of the response. This action cannot be combined with the |
GENERATE_TOKEN_HLS_COOKIELESS
|
Generate a new signed request authentication token and return the new token by manipulating URLs in an HTTP Live Stream (HLS) playlist. This action cannot be combined with the |
PROPAGATE_TOKEN_HLS_COOKIELESS
|
Copy the authentication token used in the request to the URLs in an HTTP Live Stream (HLS) playlist. This action cannot be combined with either the |
UrlRewrite
Defines the URL rewrite configuration for a given request.
| JSON representation |
|---|
{ "pathPrefixRewrite" : string , "pathTemplateRewrite" : string , "hostRewrite" : string } |
| Fields | |
|---|---|
pathPrefixRewrite
|
Optional. Before forwarding the request to the selected origin, the matching portion of the request's path is replaced by If specified, the path value must start with a Only one of |
pathTemplateRewrite
|
Optional. Before forwarding the request to the selected origin, if the request matched a Only one of |
hostRewrite
|
Optional. Before forwarding the request to the selected origin, the request's host header is replaced with contents of The host value must be between 1 and 255 characters. |
CORSPolicy
Defines Cross Origin Resource Sharing (CORS) configuration, including which CORS response headers are set.
| JSON representation |
|---|
{ "maxAge" : string , "allowCredentials" : boolean , "allowOrigins" : [ string ] , "allowMethods" : [ string ] , "allowHeaders" : [ string ] , "exposeHeaders" : [ string ] , "disabled" : boolean } |
maxAge
string (
Duration
format)
Required. Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).
The following limitations apply:
- Setting the value to
-1forces a pre-flight check for all requests (not recommended) - A maximum TTL of
86400scan be set; however, some clients might force pre-flight checks at a more regular interval.
This translates to the Access-Control-Max-Age
header.
A duration in seconds with up to nine fractional digits, ending with ' s
'. Example: "3.5s"
.
allowCredentials
boolean
Optional. In response to a preflight request, setting this to true
indicates that the actual request can include user credentials.
This translates to the Access-Control-Allow-Credentials
response header.
allowOrigins[]
string
Optional. A list of origins that are allowed to do CORS requests.
This translates to the Access-Control-Allow-Origin
response header.
You can specify up to 25 allowed origins.
allowMethods[]
string
Optional. The content for the Access-Control-Allow-Methods
response header.
You can specify up to five allowed methods.
allowHeaders[]
string
Optional. The content for the Access-Control-Allow-Headers
response header.
You can specify up to 25 headers to include in the Access-Control-Allow-Headers
header.
exposeHeaders[]
string
Optional. The content for the Access-Control-Expose-Headers response header.
You can specify up to 25 headers to expose in the Access-Control-Expose-Headers
header.
disabled
boolean
Optional. If true
, specifies that the CORS policy is disabled. The default value is false
, which indicates that the CORS policy is in effect.
CompressionMode
Compression mode lets users control whether Media CDN compresses responses or not.
| Enums | |
|---|---|
COMPRESSION_MODE_UNSPECIFIED
|
Unspecified value. Defaults to DISABLED. |
DISABLED
|
Disables compression. |
AUTOMATIC
|
Automatically uses the best compression mode. Compression requires an appropriate Accept-Encoding
header to be sent by the client and is enabled based on content type, content size, and other factors. |
LogConfig
The logging options for the traffic served by this service. If logging is enabled, logs are exported to Cloud Logging.
| JSON representation |
|---|
{ "enable" : boolean , "sampleRate" : number } |
| Fields | |
|---|---|
enable
|
Optional. Specifies whether to enable logging for traffic served by this service. Defaults to false. |
sampleRate
|
Optional. The sampling rate of requests, where This field can be specified only if logging is enabled for this service. |
Methods |
|
|---|---|
|
Creates a new EdgeCacheService in a given project and location. |
|
Deletes a single EdgeCacheService. |
|
Gets details of a single EdgeCacheService. |
|
Gets the access control policy for a resource. |
|
Sends a cache invalidation request. |
|
Lists EdgeCacheServices in a given project and location. |
|
Updates the parameters of a single EdgeCacheService. |
|
Sets the access control policy on the specified resource. |
|
Returns permissions that a caller has on the specified resource. |
