REST Resource: projects.locations.edgeCacheServices

{
  "name": string,
  "createTime": string,
  "updateTime": string,
  "description": string,
  "labels": {
    string: string,
    ...
  },
  "disableQuic": boolean,
  "disableHttp2": boolean,
  "requireTls": boolean,
  "edgeSslCertificates": [
    string
  ],
  "ipv4Addresses": [
    string
  ],
  "ipv6Addresses": [
    string
  ],
  "routing": {
    object (Routing)
  },
  "logConfig": {
    object (LogConfig)
  },
  "edgeSecurityPolicy": string
}

string

Required. The name of the resource as provided by the client when the resource is created. The name must be 1-64 characters long, and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, an underscore, a letter, or a digit.

string (Timestamp format)

Output only. The creation timestamp in RFC3339 text format.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string (Timestamp format)

Output only. The update timestamp in RFC3339 text format.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string

Optional. A human-readable description of the resource.

map (key: string, value: string)

Optional. A set of label tags associated with the EdgeCacheService resource.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

boolean

Optional. HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.

boolean

Optional. Disables HTTP/2.

HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.

Some legacy HTTP clients might have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true prevents HTTP/2 from being advertised and negotiated.

boolean

Optional. Require TLS (HTTPS) for all clients connecting to this service.

Clients who connect over HTTP (port 80) see an HTTP 301 response to the same URL over HTTPS (port 443). You must have at least one edgeSslCertificates specified to enable this.

string

Optional. Certificate resources that are used to authenticate connections between users and the EdgeCacheService resource.

Note that only global certificates with a scope of EDGE_CACHE can be attached to an EdgeCacheService resource.

The following are both valid paths to an edgeSslCertificates resource:

• projects/project/locations/global/certificates/media-example-com-cert
• media-example-com-cert

You can specify up to five SSL certificates.

string

Output only. The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.

IP addresses provisioned via Bring-Your-Own-IP (BYOIP) are not supported.

string

Output only. The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.

IP addresses provisioned via Bring-Your-Own-IP (BYOIP) are not supported.

object (Routing)

Required. Defines how requests are routed, modified, and cached, and which origin the content is filled from.

object (LogConfig)

Optional. The logging options for the traffic served by this service. If logging is enabled, logs are exported to Cloud Logging.

string

Optional. The resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService resource.

{
  "hostRules": [
    {
      object (HostRule)
    }
  ],
  "pathMatchers": [
    {
      object (PathMatcher)
    }
  ]
}

object (HostRule)

Required. A list of HostRule rules to match against. RouteRule rules support advanced routing behavior, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.

You can specify up to 50 host rules.

object (PathMatcher)

Required. A list of PathMatcher values referenced by name by HostRule values. PathMatcher is used to match the path portion of the URL when aHostRule value matches the URL's host portion.

You can specify up to 50 path matchers.

{
  "description": string,
  "hosts": [
    string
  ],
  "pathMatcher": string
}

string

Optional. A human-readable description of the HostRule value.

string

Required. A list of host patterns to match.

Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match an empty string.

When multiple hosts are specified, hosts are matched in the following priority:

1. Exact domain names: www.foo.com.
2. Suffix domain wildcards: *.foo.com or *-bar.foo.com.
3. Prefix domain wildcards: foo.* or foo-*.
4. Special wildcard * matching any domain.

The wildcard doesn't match the empty string. For example, *-bar.foo.com matches baz-bar.foo.com but not -bar.foo.com. The longest wildcards match first. Only a single host in the entire service can match on *.

A domain must be unique across all configured hosts within a service.

Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the :authority header, in the incoming request.

You can specify up to 10 hosts.

string

Required. The name of the PathMatcher associated with this HostRule.

{
  "name": string,
  "description": string,
  "routeRules": [
    {
      object (RouteRule)
    }
  ]
}

string

Required. The name to which this PathMatcher is referred by the HostRule.

string

Optional. A human-readable description of the resource.

object (RouteRule)

Required. A list of RouteRule rules to match against. RouteRule rules support advanced routing behavior, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.

You must specify at least one rule, and can specify a maximum of 200 rules.

RouteRule rules must not have duplicate priority values.

{
  "priority": string,
  "description": string,
  "matchRules": [
    {
      object (MatchRule)
    }
  ],
  "routeMethods": {
    object (RouteMethods)
  },
  "headerAction": {
    object (HeaderAction)
  },
  "routeAction": {
    object (RouteAction)
  },

  // Union field type can be only one of the following:
  "origin": string,
  "urlRedirect": {
    object (UrlRedirect)
  }
  // End of list of possible types for union field type.
}

string (int64 format)

Required. The priority of this route rule, where 1 is the highest priority.

You cannot configure two or more RouteRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.

Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.

string

Optional. A human-readable description of the RouteRule.

object (MatchRule)

Required. The list of criteria for matching attributes of a request to this RouteRule. This list has OR semantics: the request matches this RouteRule when any of the MatchRules are satisfied. However, predicates within a given MatchRule have AND semantics. All predicates within a MatchRule must match for the request to match the rule.

You can specify up to five match rules.

object (RouteMethods)

Optional. Allow overriding the set of methods that are allowed for this route. When not set, Media CDN allows only GET, HEAD, and OPTIONS.

object (HeaderAction)

Optional. The header actions, including adding and removing headers, for requests that match this route.

object (RouteAction)

Optional. In response to a matching path, the RouteAction performs advanced routing actions like URL rewrites, header transformations, and so forth prior to forwarding the request to the selected origin.

string

Optional. An alternate EdgeCacheOrigin resource that this route responds with when a matching response is not in the cache.

The following are both valid paths to an EdgeCacheOrigin resource:

• projects/my-project/locations/global/edgeCacheOrigins/my-origin
• my-origin

Only one of origin or urlRedirect can be set.

object (UrlRedirect)

Optional. The URL redirect configuration for requests that match this route.

Only one of origin or urlRedirect can be set.

{
  "hostRedirect": string,
  "redirectResponseCode": enum (RedirectResponseCode),
  "httpsRedirect": boolean,
  "stripQuery": boolean,

  // Union field path_specifier can be only one of the following:
  "pathRedirect": string,
  "prefixRedirect": string
  // End of list of possible types for union field path_specifier.
}

string

Optional. The host that is used in the redirect response instead of the one that was supplied in the request.

The value must be between 1 and 255 characters.

enum (RedirectResponseCode)

Optional. The HTTP status code to use for this redirect action. For a list of supported values, see RedirectResponseCode.

boolean

Optional. Determines whether the URL scheme in the redirected request is adjusted to HTTPS or remains that of the request.

If it is set to true and at least one edgeSslCertificates is set on the service, the URL scheme in the redirected request is set to HTTPS.

If it is set to false, the URL scheme of the redirected request remains the same as that of the request.

boolean

Optional. Determines whether accompanying query portions of the original URL are removed prior to redirecting the request.

If it is set to true, the accompanying query portion of the original URL is removed before redirecting the request.

If it is set to false, the query portion of the original URL is retained.

The default is false.

string

Optional. The path that is used in the redirect response instead of the one that was supplied in the request.

pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect.

The path value must be between 1 and 1024 characters.

string

Optional. The prefix that replaces the prefixMatch specified in the RouteRule rule, retaining the remaining portion of the URL before redirecting the request.

prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect.

The prefix value must be between 1 and 1024 characters.

{
  "ignoreCase": boolean,
  "headerMatches": [
    {
      object (HeaderMatch)
    }
  ],
  "queryParameterMatches": [
    {
      object (QueryParameterMatcher)
    }
  ],

  // Union field path_match can be only one of the following:
  "prefixMatch": string,
  "fullPathMatch": string,
  "pathTemplateMatch": string
  // End of list of possible types for union field path_match.
}

boolean

Optional. Specifies that prefixMatch and fullPathMatch matches are not case sensitive. The default value is false, which means that matches are case sensitive.

object (HeaderMatch)

Optional. A list of HeaderMatch criteria, all of which must match corresponding headers in the request.

You can specify up to three headers to match on.

object (QueryParameterMatcher)

Optional. A list of QueryParameterMatcher criteria, all of which must match corresponding query parameters in the request.

You can specify up to five query parameters to match on.

string

Optional. To satisfy the MatchRule condition, the request's path must begin with the specified prefixMatch.

prefixMatch must begin with a /. The value must be between 1 and 1024 characters (inclusive).

One of prefixMatch, fullPathMatch, or pathTemplateMatch must be specified.

string

Optional. To satisfy the MatchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchors that might be part of the original URL.

fullPathMatch must begin with a /. The value must be between 1 and 1024 characters, (inclusive).

One of prefixMatch, fullPathMatch, or pathTemplateMatch must be specified.

string

Optional. To satisfy the MatchRule condition, the path of the request must match the wildcard pattern specified in pathTemplateMatch after removing any query parameters and anchors that might be part of the original URL.

pathTemplateMatch must be between 1 and 255 characters (inclusive). The pattern specified by pathTemplateMatch can have at most 10 wildcard operators and 10 variable captures.

One of prefixMatch, fullPathMatch, or pathTemplateMatch must be specified.

{
  "headerName": string,
  "invertMatch": boolean,

  // Union field match_specifier can be only one of the following:
  "presentMatch": boolean,
  "exactMatch": string,
  "prefixMatch": string,
  "suffixMatch": string
  // End of list of possible types for union field match_specifier.
}

string

Required. The header name to match on. The :method pseudo-header may be used to match on the request HTTP method.

boolean

Optional. If set to false, HeaderMatch is considered a match when the match criteria above are met. If set to true, HeaderMatch is considered a match when the match criteria above are not met.

The default is false.

boolean

Optional. A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.

Only one of exactMatch, prefixMatch, suffixMatch, or presentMatch must be set.

string

Optional. The value of the header must exactly match contents of exactMatch.

Only one of exactMatch, prefixMatch, suffixMatch, or presentMatch must be set.

string

Optional. The value of the header must start with the contents of prefixMatch.

Only one of exactMatch, prefixMatch, suffixMatch, or presentMatch must be set.

string

Optional. The value of the header must end with the contents of suffixMatch.

Only one of exactMatch, prefixMatch, suffixMatch, or presentMatch must be set.

{
  "name": string,

  // Union field match_specifier can be only one of the following:
  "presentMatch": boolean,
  "exactMatch": string
  // End of list of possible types for union field match_specifier.
}

string

Required. The name of the query parameter to match. The query parameter must exist in the request; if it doesn't, the request match fails.

The name must be specified and be between 1 and 32 characters long (inclusive).

boolean

Optional. Specifies that the QueryParameterMatcher matches if the request contains the query parameter. The match can succeed as long as the request contains the query parameter, regardless of whether the parameter has a value or not.

Only one of presentMatch or exactMatch must be set.

string

Optional. The QueryParameterMatcher matches if the value of the parameter exactly matches the contents of exactMatch.

The match value must be between 1 and 64 characters long (inclusive).

Only one of presentMatch or exactMatch must be set.

{
  "allowedMethods": [
    string
  ]
}

string

Required. The non-empty set of HTTP methods that are allowed for this route.

{
  "requestHeadersToAdd": [
    {
      object (AddHeader)
    }
  ],
  "responseHeadersToAdd": [
    {
      object (AddHeader)
    }
  ],
  "requestHeadersToRemove": [
    {
      object (RemoveHeader)
    }
  ],
  "responseHeadersToRemove": [
    {
      object (RemoveHeader)
    }
  ]
}

object (AddHeader)

Optional. A list of headers to add to the request prior to forwarding the request to the origin.

You can add a maximum of 25 request headers.

object (AddHeader)

Optional. A list of headers to add to the response before sending it back to the client.

You can add a maximum of 25 response headers.

Response headers are only sent to the client, and do not have an effect on the cache serving the response.

object (RemoveHeader)

Optional. A list of header names to remove from the request before forwarding the request to the origin.

You can specify up to 25 request headers to remove.

object (RemoveHeader)

Optional. A list of headers to remove from the response before sending it back to the client.

Response headers are only sent to the client, and do not have an effect on the cache serving the response.

You can specify up to 25 response headers to remove.

{
  "headerName": string,
  "headerValue": string,
  "replace": boolean
}

string

Required. The name of the header to add.

string

Required. The value of the header to add.

boolean

Optional. Specifies whether to replace all existing headers with the same name.

{
  "headerName": string
}

string

Required. The name of the header to remove.

{
  "cdnPolicy": {
    object (CDNPolicy)
  },
  "urlRewrite": {
    object (UrlRewrite)
  },
  "corsPolicy": {
    object (CORSPolicy)
  }
}

object (CDNPolicy)

Optional. The policy to use for defining caching and signed request behavior for requests that match this route.

object (UrlRewrite)

Optional. The URL rewrite configuration for requests that match this route.

object (CORSPolicy)

Optional. The Cross-Origin Resource Sharing (CORS) policy for requests that match this route.

{
  "cacheMode": enum (CacheMode),
  "clientTtl": string,
  "defaultTtl": string,
  "maxTtl": string,
  "cacheKeyPolicy": {
    object (CacheKeyPolicy)
  },
  "negativeCaching": boolean,
  "negativeCachingPolicy": {
    string: string,
    ...
  },
  "signedRequestMode": enum (SignedRequestMode),
  "signedRequestKeyset": string,
  "signedTokenOptions": {
    object (SignedTokenOptions)
  },
  "addSignatures": {
    object (AddSignaturesOptions)
  },
  "signedRequestMaximumExpirationTtl": string
}

enum (CacheMode)

Optional. Set the CacheMode used by this route.

BYPASS_CACHE and USE_ORIGIN_HEADERS proxy the origin's headers. Other cache modes pass Cache-Control to the client.

Use clientTtl to override what is sent to the client.

string (Duration format)

Optional. Specifies a separate client (such as browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty uses the same cache TTL for both the CDN and the client-facing response.

• The TTL must be > 0 and <= 86400s (1 day)
• The clientTtl cannot be larger than the defaultTtl (if set)
• Fractions of a second are not allowed.

Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.

When the CacheMode is set to USE_ORIGIN_HEADERS or BYPASS_CACHE, you must omit this field.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

string (Duration format)

Optional. Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).

Defaults to 3600s (1 hour).

• The TTL must be >= 0 and <= 31,536,000 seconds (1 year)
• Setting a TTL of 0 means "always revalidate" (equivalent to must-revalidate)
• The value of defaultTtl cannot be set to a value greater than that of maxTtl.
• Fractions of a second are not allowed.
• When the CacheMode is set to FORCE_CACHE_ALL, the defaultTtl overwrites the TTL set in all responses.

Infrequently accessed objects might be evicted from the cache before the defined TTL. Objects that expire are revalidated with the origin.

When the CacheMode is set to USE_ORIGIN_HEADERS or BYPASS_CACHE, you must omit this field.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

string (Duration format)

Optional. The maximum allowed TTL for cached content served by this origin.

Defaults to 86400s (1 day).

Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future are capped at the value of maxTtl, as if it were the value of an s-maxage Cache-Control directive.

• The TTL must be >= 0 and <= 31,536,000 seconds (1 year)
• Setting a TTL of 0 means "always revalidate"
• The value of maxTtl must be equal to or greater than defaultTtl.
• Fractions of a second are not allowed.

When CacheMode is set to [USE_ORIGIN_HEADERS].[CacheMode.USE_ORIGIN_HEADERS], FORCE_CACHE_ALL, or BYPASS_CACHE, you must omit this field.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

object (CacheKeyPolicy)

Optional. The request parameters that contribute to the cache key.

boolean

Optional. Negative caching allows setting per-status code TTLs, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.

By default, the CDNPolicy applies the following default TTLs to these status codes:

• 10m: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects)
• 120s: HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons)
• 60s: HTTP 405 (Method Not Found), 501 (Not Implemented)

These defaults can be overridden in negativeCachingPolicy

map (key: string, value: string (Duration format))

Optional. A cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.

The following limitations apply:

• Omitting the policy and leaving negativeCaching enabled uses the default TTLs for each status code, defined in negativeCaching.
• TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day)

You can set only the following status codes:

• HTTP redirection (300, 301, 302, 307, or 308)
• Client error (400, 403, 404, 405, 410, 421, or 451)
• Server error (500, 501, 502, 503, or 504)

When you specify an explicit negativeCachingPolicy, ensure that you also specify a cache TTL for all response codes that you wish to cache. The CDNPolicy doesn't apply any default negative caching when a policy exists.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

enum (SignedRequestMode)

Optional. Specifies whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.

You must also set a signedRequestKeyset to enable signed requests.

When set to REQUIRE_SIGNATURES or REQUIRE_TOKENS, all matching requests get their signature validated. Requests that aren't signed with the corresponding private key, or that are otherwise invalid (such as expired or do not match the signature, IP address, or header) are rejected with an HTTP 403 error. If logging is turned on, then invalid requests are also logged.

string

Optional. The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.

The following are both valid paths to an EdgeCacheKeyset resource:

• projects/project/locations/global/edgeCacheKeysets/yourKeyset
• yourKeyset

SignedRequestMode must be set to a value other than DISABLED when a keyset is provided.

object (SignedTokenOptions)

Optional. Any additional options for signed tokens.

signedTokenOptions can only be specified when signedRequestMode is REQUIRE_TOKENS.

object (AddSignaturesOptions)

Optional. Enables signature generation or propagation on this route.

This field can only be specified when signedRequestMode is set to REQUIRE_TOKENS.

string (Duration format)

Optional. Limits how far into the future the expiration time of a signed request can be.

When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.

• The TTL must be > 0.
• Fractions of a second are not allowed.

By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request might be arbitrarily far into future.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

{
  "includeProtocol": boolean,
  "includeQueryString": boolean,
  "excludeQueryString": boolean,
  "excludeHost": boolean,
  "includedQueryParameters": [
    string
  ],
  "excludedQueryParameters": [
    string
  ],
  "includedHeaderNames": [
    string
  ],
  "includedCookieNames": [
    string
  ]
}

boolean

Optional. If true, HTTP and HTTPS requests are cached separately.

boolean

Optional. If true, include query string parameters in the cache key according to includedQueryParameters and excludedQueryParameters.

If neither is set, the entire query string is included. If false, the query string is excluded from the cache key entirely.

boolean

Optional. If true, exclude query string parameters from the cache key.

If false (the default), include the query string parameters in the cache key according to includedQueryParameters and excludedQueryParameters. If neither is set, the entire query string is included.

boolean

Optional. If true, exclude a request's host from the cache key. Requests with different hosts share content in the cache.

If false (the default), a request's host is included in the cache key. Requests with different hosts are stored independently.

Important: Enable this only if the hosts share the same origin and content. Removing the host from the cache key might inadvertently result in different objects being cached than intended, depending on which route the first user matched.

string

Optional. The names of query string parameters to include in cache keys. All other parameters are excluded.

Specify either includedQueryParameters or excludedQueryParameters, not both. & and = are percent encoded and not treated as delimiters.

You can include up to 20 query parameters.

Each query parameter name must be between 1 and 32 characters long (inclusive).

string

Optional. The names of query string parameters to exclude from cache keys. All other parameters are included.

Specify either includedQueryParameters or excludedQueryParameters, not both. & and = are percent encoded and not treated as delimiters.

You can exclude up to 20 query parameters.

Each query parameter name must be between 1 and 32 characters long (inclusive).

string

Optional. The names of HTTP request headers to include in cache keys. The value of the header field is used as part of the cache key.

The following limitations apply:

• Header names must be valid HTTP RFC 7230 header field values.
• Header field names are case insensitive
• You can specify up to five header names.
• To include the HTTP method, use :method

Refer to the documentation for the allowed list of header names.

Specifying several headers or headers that have a large range of values, such as per-user, dramatically impacts the cache hit rate, and might result in a higher eviction rate and reduced performance.

string

Optional. The names of cookies to include in cache keys. The cookie name and cookie value of each cookie named is used as part of the cache key.

The following limitations apply:

• Must be valid RFC 6265 "cookie-name" tokens
• Are case sensitive
• Cannot start with "Edge-Cache-" (case insensitive)

Specifying several cookies or cookies that have a large range of values, such as per-user, dramatically impacts the cache hit rate, and might result in a higher eviction rate and reduced performance.

You can specify up to three cookie names.

{
  "tokenQueryParameter": string,
  "allowedSignatureAlgorithms": [
    enum (SignatureAlgorithm)
  ]
}

string

Optional. The query parameter in which to find the token.

The name must be 1-64 characters long and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.

Defaults to edge-cache-token.

enum (SignatureAlgorithm)

Optional. The allowed signature algorithms to use.

Defaults to using only ED25519.

You can specify up to 3 signature algorithms to use.

{
  "actions": [
    enum (SignatureAction)
  ],
  "keyset": string,
  "tokenTtl": string,
  "tokenQueryParameter": string,
  "copiedParameters": [
    string
  ]
}

enum (SignatureAction)

Required. The actions to take to add signatures to responses.

You must specify exactly one action.

string

Optional. The keyset to use for signature generation.

The following are both valid paths to an EdgeCacheKeyset resource:

• projects/project/locations/global/edgeCacheKeysets/yourKeyset
• yourKeyset

This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field can not be specified otherwise.

string (Duration format)

Optional. The duration the token is valid for starting from the moment the token is first generated.

Defaults to 86400s (1 day).

The TTL must be >= 0 and <= 604,800 seconds (1 week).

This field can only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

string

Optional. The query parameter in which to put the generated token.

If not specified, defaults to edge-cache-token.

If specified, the name must be 1-64 characters long and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.

This field can only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.

string

Optional. The parameters to copy from the verified token to the generated token.

Only the following parameters can be copied:

• PathGlobs
• paths
• acl
• URLPrefix
• IPRanges
• SessionID
• id
• Data
• data
• payload
• Headers

You can specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.

This field can only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.

{
  "pathPrefixRewrite": string,
  "pathTemplateRewrite": string,
  "hostRewrite": string
}

string

Optional. Before forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.

If specified, the path value must start with a / and be between 1 and 1024 characters long (inclusive).

pathPrefixRewrite can only be used when all of a route's matchRules specify prefixMatch or fullPathMatch.

Only one of pathPrefixRewrite and pathTemplateRewrite can be specified.

string

Optional. Before forwarding the request to the selected origin, if the request matched a pathTemplateMatch, the matching portion of the request's path is replaced re-written using the pattern specified by pathTemplateRewrite.

pathTemplateRewrite must be between 1 and 255 characters (inclusive), must start with a /, and must only use variables captured by the route's pathTemplateMatch.

pathTemplateRewrite can only be used when all of a route's matchRules specify pathTemplateMatch.

Only one of pathPrefixRewrite and pathTemplateRewrite can be specified.

string

Optional. Before forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.

The host value must be between 1 and 255 characters.

{
  "maxAge": string,
  "allowCredentials": boolean,
  "allowOrigins": [
    string
  ],
  "allowMethods": [
    string
  ],
  "allowHeaders": [
    string
  ],
  "exposeHeaders": [
    string
  ],
  "disabled": boolean
}

string (Duration format)

Required. Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).

The following limitations apply:

• Setting the value to -1 forces a pre-flight check for all requests (not recommended)
• A maximum TTL of 86400s can be set; however, some clients might force pre-flight checks at a more regular interval.

This translates to the Access-Control-Max-Age header.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

boolean

Optional. In response to a preflight request, setting this to true indicates that the actual request can include user credentials.

This translates to the Access-Control-Allow-Credentials response header.

string

Optional. A list of origins that are allowed to do CORS requests.

This translates to the Access-Control-Allow-Origin response header.

You can specify up to 25 allowed origins.

string

Optional. The content for the Access-Control-Allow-Methods response header.

You can specify up to five allowed methods.

string

Optional. The content for the Access-Control-Allow-Headers response header.

You can specify up to 25 headers to include in the Access-Control-Allow-Headers header.

string

Optional. The content for the Access-Control-Expose-Headers response header.

You can specify up to 25 headers to expose in the Access-Control-Expose-Headers header.

boolean

Optional. If true, specifies that the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.

{
  "enable": boolean,
  "sampleRate": number
}

boolean

Optional. Specifies whether to enable logging for traffic served by this service.

Defaults to false.

number

Optional. The sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 0.0, and the value of the field must be in [0, 1].

This field can be specified only if logging is enabled for this service.