- Resource: EdgeCacheService
- Routing
- HostRule
- PathMatcher
- RouteRule
- UrlRedirect
- RedirectResponseCode
- MatchRule
- HeaderMatch
- QueryParameterMatcher
- RouteMethods
- HeaderAction
- AddHeader
- RemoveHeader
- RouteAction
- CDNPolicy
- CacheMode
- CacheKeyPolicy
- SignedRequestMode
- SignedTokenOptions
- SignatureAlgorithm
- AddSignaturesOptions
- SignatureAction
- UrlRewrite
- CORSPolicy
- LogConfig
- Methods
Resource: EdgeCacheService
Defines the IP addresses, protocols, security policies, cache policies, and routing configuration.
JSON representation |
---|
{ "name": string, "createTime": string, "updateTime": string, "description": string, "labels": { string: string, ... }, "disableQuic": boolean, "disableHttp2": boolean, "requireTls": boolean, "edgeSslCertificates": [ string ], "ipv4Addresses": [ string ], "ipv6Addresses": [ string ], "routing": { object ( |
Fields | |
---|---|
name |
Required. The name of the resource as provided by the client when the resource is created. The name must be 1-64 characters long, and match the regular expression |
createTime |
Output only. The creation timestamp in RFC3339 text format. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
Output only. The update timestamp in RFC3339 text format. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
description |
Optional. A human-readable description of the resource. |
labels |
Optional. A set of label tags associated with the An object containing a list of |
disableQuic |
Optional. HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. |
disableHttp2 |
Optional. Disables HTTP/2. HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. Some legacy HTTP clients might have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to |
requireTls |
Optional. Require TLS (HTTPS) for all clients connecting to this service. Clients who connect over HTTP (port 80) see an |
edgeSslCertificates[] |
Optional. Certificate resources that are used to authenticate connections between users and the Note that only global certificates with a scope of The following are both valid paths to an
You can specify up to five SSL certificates. |
ipv4Addresses[] |
Output only. The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service. IP addresses provisioned via Bring-Your-Own-IP (BYOIP) are not supported. |
ipv6Addresses[] |
Output only. The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service. IP addresses provisioned via Bring-Your-Own-IP (BYOIP) are not supported. |
routing |
Required. Defines how requests are routed, modified, and cached, and which origin the content is filled from. |
logConfig |
Optional. The logging options for the traffic served by this service. If logging is enabled, logs are exported to Cloud Logging. |
edgeSecurityPolicy |
Optional. The resource URL that points at the Cloud Armor edge security policy that is applied on each request against the |
Routing
Defines how requests are routed, modified, cached, and which origin the content is filled from.
JSON representation |
---|
{ "hostRules": [ { object ( |
Fields | |
---|---|
hostRules[] |
Required. A list of You can specify up to 50 host rules. |
pathMatchers[] |
Required. A list of You can specify up to 10 path matchers. |
HostRule
The hostname configured for the EdgeCacheService
. A HostRule
value associates a hostname (or hostnames) with a set of routing rules, which define configuration based on the path and header.
JSON representation |
---|
{ "description": string, "hosts": [ string ], "pathMatcher": string } |
Fields | |
---|---|
description |
Optional. A human-readable description of the |
hosts[] |
Required. A list of host patterns to match. Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. When multiple hosts are specified, hosts are matched in the following priority:
The wildcard doesn't match the empty string. For example, A domain must be unique across all configured hosts within a service. Hosts are matched against the HTTP You can specify up to 10 hosts. |
pathMatcher |
Required. The name of the |
PathMatcher
The name of the PathMatcher
to use to match the path portion of the URL if the HostRule
matches the URL's host portion.
JSON representation |
---|
{
"name": string,
"description": string,
"routeRules": [
{
object ( |
Fields | |
---|---|
name |
Required. The name to which this |
description |
Optional. A human-readable description of the resource. |
routeRules[] |
Required. A list of You must specify at least one rule, and can specify a maximum of 200 rules.
|
RouteRule
The priority of a given route, including its match conditions and the actions to take on a request that matches.
JSON representation |
---|
{ "priority": string, "description": string, "matchRules": [ { object ( |
Fields | |
---|---|
priority |
Required. The priority of this route rule, where You cannot configure two or more Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, |
description |
Optional. A human-readable description of the |
matchRules[] |
Required. The list of criteria for matching attributes of a request to this You can specify up to five match rules. |
routeMethods |
Optional. Allow overriding the set of methods that are allowed for this route. When not set, Media CDN allows only |
headerAction |
Optional. The header actions, including adding and removing headers, for requests that match this route. |
routeAction |
Optional. In response to a matching path, the |
Union field
|
|
origin |
Optional. An alternate The following are both valid paths to an
Only one of |
urlRedirect |
Optional. The URL redirect configuration for requests that match this route. Only one of |
UrlRedirect
The HTTP redirect configuration for a given request.
JSON representation |
---|
{ "hostRedirect": string, "redirectResponseCode": enum ( |
Fields | |
---|---|
hostRedirect |
Optional. The host that is used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. |
redirectResponseCode |
Optional. The HTTP status code to use for this redirect action. For a list of supported values, see |
httpsRedirect |
Optional. Determines whether the URL scheme in the redirected request is adjusted to If it is set to If it is set to |
stripQuery |
Optional. Determines whether accompanying query portions of the original URL are removed prior to redirecting the request. If it is set to If it is set to The default is |
Union field
|
|
pathRedirect |
Optional. The path that is used in the redirect response instead of the one that was supplied in the request.
The path value must be between 1 and 1024 characters. |
prefixRedirect |
Optional. The prefix that replaces the
The prefix value must be between 1 and 1024 characters. |
RedirectResponseCode
The HTTP status codes that might be used as redirect responses.
Enums | |
---|---|
MOVED_PERMANENTLY_DEFAULT |
HTTP 301 (Moved Permanently) |
FOUND |
HTTP 302 Found |
SEE_OTHER |
HTTP 303 See Other |
TEMPORARY_REDIRECT |
HTTP 307 (Temporary Redirect) . In this case, the request method is retained. |
PERMANENT_REDIRECT |
HTTP 308 (Permanent Redirect) . In this case, the request method is retained. |
MatchRule
A collection of match conditions (such as query, header, or URI) for a request.
JSON representation |
---|
{ "ignoreCase": boolean, "headerMatches": [ { object ( |
Fields | |
---|---|
ignoreCase |
Optional. Specifies that |
headerMatches[] |
Optional. A list of You can specify up to three headers to match on. |
queryParameterMatches[] |
Optional. A list of You can specify up to five query parameters to match on. |
Union field
|
|
prefixMatch |
Optional. To satisfy the
One of |
fullPathMatch |
Optional. To satisfy the
One of |
pathTemplateMatch |
Optional. To satisfy the
One of |
HeaderMatch
The match conditions for HTTP request headers.
JSON representation |
---|
{ "headerName": string, "invertMatch": boolean, // Union field |
Fields | |
---|---|
headerName |
Required. The header name to match on. The |
invertMatch |
Optional. If set to The default is |
Union field
|
|
presentMatch |
Optional. A header with the contents of Only one of |
exactMatch |
Optional. The value of the header must exactly match contents of Only one of |
prefixMatch |
Optional. The value of the header must start with the contents of Only one of |
suffixMatch |
Optional. The value of the header must end with the contents of Only one of |
QueryParameterMatcher
The match conditions for URI query parameters.
JSON representation |
---|
{ "name": string, // Union field |
Fields | |
---|---|
name |
Required. The name of the query parameter to match. The query parameter must exist in the request; if it doesn't, the request match fails. The name must be specified and be between 1 and 32 characters long (inclusive). |
Union field
|
|
presentMatch |
Optional. Specifies that the Only one of |
exactMatch |
Optional. The The match value must be between 1 and 64 characters long (inclusive). Only one of |
RouteMethods
Allow overriding the set of methods that are allowed for a route.
JSON representation |
---|
{ "allowedMethods": [ string ] } |
Fields | |
---|---|
allowedMethods[] |
Required. The non-empty set of HTTP methods that are allowed for this route. |
HeaderAction
Defines the addition and removal of HTTP headers for requests and responses.
JSON representation |
---|
{ "requestHeadersToAdd": [ { object ( |
Fields | |
---|---|
requestHeadersToAdd[] |
Optional. A list of headers to add to the request prior to forwarding the request to the origin. You can add a maximum of 25 request headers. |
responseHeadersToAdd[] |
Optional. A list of headers to add to the response before sending it back to the client. You can add a maximum of 25 response headers. Response headers are only sent to the client, and do not have an effect on the cache serving the response. |
requestHeadersToRemove[] |
Optional. A list of header names to remove from the request before forwarding the request to the origin. You can specify up to 25 request headers to remove. |
responseHeadersToRemove[] |
Optional. A list of headers to remove from the response before sending it back to the client. Response headers are only sent to the client, and do not have an effect on the cache serving the response. You can specify up to 25 response headers to remove. |
AddHeader
The header to add.
JSON representation |
---|
{ "headerName": string, "headerValue": string, "replace": boolean } |
Fields | |
---|---|
headerName |
Required. The name of the header to add. |
headerValue |
Required. The value of the header to add. |
replace |
Optional. Specifies whether to replace all existing headers with the same name. |
RemoveHeader
The header to remove.
JSON representation |
---|
{ "headerName": string } |
Fields | |
---|---|
headerName |
Required. The name of the header to remove. |
RouteAction
The actions (such as rewrites, redirects, CORS header injection, and header modification) to take for a given route match.
JSON representation |
---|
{ "cdnPolicy": { object ( |
Fields | |
---|---|
cdnPolicy |
Optional. The policy to use for defining caching and signed request behavior for requests that match this route. |
urlRewrite |
Optional. The URL rewrite configuration for requests that match this route. |
corsPolicy |
Optional. The Cross-Origin Resource Sharing (CORS) policy for requests that match this route. |
CDNPolicy
The CDN policy to apply to the configured route.
JSON representation |
---|
{ "cacheMode": enum ( |
Fields | |
---|---|
cacheMode |
Optional. Set the
Use |
clientTtl |
Optional. Specifies a separate client (such as browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty uses the same cache TTL for both the CDN and the client-facing response.
Omit this field to use the When the A duration in seconds with up to nine fractional digits, ending with ' |
defaultTtl |
Optional. Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Defaults to
Infrequently accessed objects might be evicted from the cache before the defined TTL. Objects that expire are revalidated with the origin. When the A duration in seconds with up to nine fractional digits, ending with ' |
maxTtl |
Optional. The maximum allowed TTL for cached content served by this origin. Defaults to Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than
When A duration in seconds with up to nine fractional digits, ending with ' |
cacheKeyPolicy |
Optional. The request parameters that contribute to the cache key. |
negativeCaching |
Optional. Negative caching allows setting per-status code TTLs, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. By default, the
These defaults can be overridden in |
negativeCachingPolicy |
Optional. A cache TTL for the specified HTTP status code. The following limitations apply:
You can set only the following status codes:
When you specify an explicit An object containing a list of |
signedRequestMode |
Optional. Specifies whether to enforce signed requests. The default value is You must also set a When set to |
signedRequestKeyset |
Optional. The The following are both valid paths to an
|
signedTokenOptions |
Optional. Any additional options for signed tokens.
|
addSignatures |
Optional. Enables signature generation or propagation on this route. This field can only be specified when |
signedRequestMaximumExpirationTtl |
Optional. Limits how far into the future the expiration time of a signed request can be. When set, a signed request is rejected if its expiration time is later than
By default, A duration in seconds with up to nine fractional digits, ending with ' |
CacheMode
Lets you control the following:
- Caching behavior
- Automatically cached content types
- Whether origins headers are respected
- Whether all responses are unconditionally cached
For all cache modes, Cache-Control headers are passed to the client. Use clientTtl
to override what is sent to the client.
Enums | |
---|---|
CACHE_MODE_UNSPECIFIED |
Unspecified value. Defaults to CACHE_ALL_STATIC . |
CACHE_ALL_STATIC |
Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), aren't cached. |
USE_ORIGIN_HEADERS |
Only cache responses with valid HTTP caching directives. Responses without these headers aren't cached at Google's edge, and require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. |
FORCE_CACHE_ALL |
Cache all content, ignoring any Warning: this might result in caching private, per-user (user identifiable) content. Only enable this on routes where the |
BYPASS_CACHE |
Bypass all caching for requests that match routes with this Enabling this causes the edge cache to ignore all HTTP caching directives. All responses are fulfilled from the origin. |
CacheKeyPolicy
The request parameters that contribute to the cache key.
JSON representation |
---|
{ "includeProtocol": boolean, "excludeQueryString": boolean, "excludeHost": boolean, "includedQueryParameters": [ string ], "excludedQueryParameters": [ string ], "includedHeaderNames": [ string ], "includedCookieNames": [ string ] } |
Fields | |
---|---|
includeProtocol |
Optional. If |
excludeQueryString |
Optional. If If |
excludeHost |
Optional. If If Important: Enable this only if the hosts share the same origin and content. Removing the host from the cache key might inadvertently result in different objects being cached than intended, depending on which route the first user matched. |
includedQueryParameters[] |
Optional. The names of query string parameters to include in cache keys. All other parameters are excluded. Specify either You can include up to 20 query parameters. Each query parameter name must be between 1 and 32 characters long (inclusive). |
excludedQueryParameters[] |
Optional. The names of query string parameters to exclude from cache keys. All other parameters are included. Specify either You can exclude up to 20 query parameters. Each query parameter name must be between 1 and 32 characters long (inclusive). |
includedHeaderNames[] |
Optional. The names of HTTP request headers to include in cache keys. The value of the header field is used as part of the cache key. The following limitations apply:
Refer to the documentation for the allowed list of header names. Specifying several headers or headers that have a large range of values, such as per-user, dramatically impacts the cache hit rate, and might result in a higher eviction rate and reduced performance. |
includedCookieNames[] |
Optional. The names of cookies to include in cache keys. The cookie name and cookie value of each cookie named is used as part of the cache key. The following limitations apply:
Specifying several cookies or cookies that have a large range of values, such as per-user, dramatically impacts the cache hit rate, and might result in a higher eviction rate and reduced performance. You can specify up to three cookie names. |
SignedRequestMode
Indicates whether signed requests are required.
Enums | |
---|---|
SIGNED_REQUEST_MODE_UNSPECIFIED |
Unspecified value. Defaults to DISABLED . |
DISABLED |
Do not enforce signed requests. |
REQUIRE_SIGNATURES |
Enforce signed requests using query parameter, path component, or cookie signatures. All requests must have a valid signature. Requests that are missing the signature (URL or cookie-based) are rejected as if the signature was invalid. |
REQUIRE_TOKENS |
Enforce signed requests using signed tokens. All requests must have a valid signed token. Requests that are missing a signed token (URL or cookie-based) are rejected as if the signed token was invalid. |
SignedTokenOptions
The configuration options for signed tokens.
JSON representation |
---|
{
"tokenQueryParameter": string,
"allowedSignatureAlgorithms": [
enum ( |
Fields | |
---|---|
tokenQueryParameter |
Optional. The query parameter in which to find the token. The name must be 1-64 characters long and match the regular expression Defaults to |
allowedSignatureAlgorithms[] |
Optional. The allowed signature algorithms to use. Defaults to using only ED25519. You can specify up to 3 signature algorithms to use. |
SignatureAlgorithm
The signed request signature algorithm to use.
Enums | |
---|---|
SIGNATURE_ALGORITHM_UNSPECIFIED |
It is an error to specify ALGORITHM_UNSPECIFIED. |
ED25519 |
Use an Ed25519 signature scheme. The signature must be specified in the signature field of the token. |
HMAC_SHA_256 |
Use an HMAC based on a SHA-256 hash. The HMAC must be specified in the hmac field of the token. |
HMAC_SHA1 |
Use an HMAC based on a SHA1 hash. The HMAC must be specified in the hmac field of the token. |
AddSignaturesOptions
The configuration options for adding signatures to responses.
JSON representation |
---|
{
"actions": [
enum ( |
Fields | |
---|---|
actions[] |
Required. The actions to take to add signatures to responses. You must specify exactly one action. |
keyset |
Optional. The keyset to use for signature generation. The following are both valid paths to an
This must be specified when the |
tokenTtl |
Optional. The duration the token is valid for starting from the moment the token is first generated. Defaults to The TTL must be >= 0 and <= 604,800 seconds (1 week). This field can only be specified when the A duration in seconds with up to nine fractional digits, ending with ' |
tokenQueryParameter |
Optional. The query parameter in which to put the generated token. If not specified, defaults to If specified, the name must be 1-64 characters long and match the regular expression This field can only be set when the |
copiedParameters[] |
Optional. The parameters to copy from the verified token to the generated token. Only the following parameters can be copied:
You can specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. This field can only be specified when the |
SignatureAction
The ways a signature can be manipulated in a response.
Enums | |
---|---|
SIGNATURE_ACTION_UNSPECIFIED |
It is an error to specify UNSPECIFIED . |
GENERATE_COOKIE |
Generate a new signed request cookie and return the cookie in a Set-Cookie header of the response. This action cannot be combined with the |
GENERATE_TOKEN_HLS_COOKIELESS |
Generate a new signed request authentication token and return the new token by manipulating URLs in an HTTP Live Stream (HLS) playlist. This action cannot be combined with the |
PROPAGATE_TOKEN_HLS_COOKIELESS |
Copy the authentication token used in the request to the URLs in an HTTP Live Stream (HLS) playlist. This action cannot be combined with either the |
UrlRewrite
Defines the URL rewrite configuration for a given request.
JSON representation |
---|
{ "pathPrefixRewrite": string, "pathTemplateRewrite": string, "hostRewrite": string } |
Fields | |
---|---|
pathPrefixRewrite |
Optional. Before forwarding the request to the selected origin, the matching portion of the request's path is replaced by If specified, the path value must start with a
Only one of |
pathTemplateRewrite |
Optional. Before forwarding the request to the selected origin, if the request matched a
Only one of |
hostRewrite |
Optional. Before forwarding the request to the selected origin, the request's host header is replaced with contents of The host value must be between 1 and 255 characters. |
CORSPolicy
Defines Cross Origin Resource Sharing (CORS) configuration, including which CORS response headers are set.
JSON representation |
---|
{ "maxAge": string, "allowCredentials": boolean, "allowOrigins": [ string ], "allowMethods": [ string ], "allowHeaders": [ string ], "exposeHeaders": [ string ], "disabled": boolean } |
Fields | |
---|---|
maxAge |
Required. Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). The following limitations apply:
This translates to the A duration in seconds with up to nine fractional digits, ending with ' |
allowCredentials |
Optional. In response to a preflight request, setting this to This translates to the |
allowOrigins[] |
Optional. A list of origins that are allowed to do CORS requests. This translates to the You can specify up to 25 allowed origins. |
allowMethods[] |
Optional. The content for the You can specify up to five allowed methods. |
allowHeaders[] |
Optional. The content for the You can specify up to 25 headers to include in the |
exposeHeaders[] |
Optional. The content for the Access-Control-Expose-Headers response header. You can specify up to 25 headers to expose in the |
disabled |
Optional. If |
LogConfig
The logging options for the traffic served by this service. If logging is enabled, logs are exported to Cloud Logging.
JSON representation |
---|
{ "enable": boolean, "sampleRate": number } |
Fields | |
---|---|
enable |
Optional. Specifies whether to enable logging for traffic served by this service. Defaults to false. |
sampleRate |
Optional. The sampling rate of requests, where This field can be specified only if logging is enabled for this service. |
Methods |
|
---|---|
|
Creates a new EdgeCacheService in a given project and location. |
|
Deletes a single EdgeCacheService. |
|
Gets details of a single EdgeCacheService. |
|
Gets the access control policy for a resource. |
|
Sends a cache invalidation request. |
|
Lists EdgeCacheServices in a given project and location. |
|
Updates the parameters of a single EdgeCacheService. |
|
Sets the access control policy on the specified resource. |
|
Returns permissions that a caller has on the specified resource. |