REST Resource: projects.locations.edgeCacheServices

Resource: EdgeCacheService

Defines the IP addresses, protocols, security policies, cache policies, and routing configuration.

JSON representation
{
  "name": string,
  "createTime": string,
  "updateTime": string,
  "description": string,
  "labels": {
    string: string,
    ...
  },
  "disableQuic": boolean,
  "disableHttp2": boolean,
  "requireTls": boolean,
  "edgeSslCertificates": [
    string
  ],
  "ipv4Addresses": [
    string
  ],
  "ipv6Addresses": [
    string
  ],
  "routing": {
    object (Routing)
  },
  "logConfig": {
    object (LogConfig)
  },
  "edgeSecurityPolicy": string
}
Fields
name

string

Required. The name of the resource as provided by the client when the resource is created. The name must be 1-64 characters long, and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, an underscore, a letter, or a digit.

createTime

string (Timestamp format)

Output only. The creation timestamp in RFC3339 text format.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. The update timestamp in RFC3339 text format.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

description

string

Optional. A human-readable description of the resource.

labels

map (key: string, value: string)

Optional. A set of label tags associated with the EdgeCacheService resource.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

disableQuic

boolean

Optional. HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.

disableHttp2

boolean

Optional. Disables HTTP/2.

HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.

Some legacy HTTP clients might have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true prevents HTTP/2 from being advertised and negotiated.

requireTls

boolean

Optional. Require TLS (HTTPS) for all clients connecting to this service.

Clients who connect over HTTP (port 80) see an HTTP 301 response to the same URL over HTTPS (port 443). You must have at least one edgeSslCertificates specified to enable this.

edgeSslCertificates[]

string

Optional. Certificate resources that are used to authenticate connections between users and the EdgeCacheService resource.

Note that only global certificates with a scope of EDGE_CACHE can be attached to an EdgeCacheService resource.

The following are both valid paths to an edgeSslCertificates resource:

  • projects/project/locations/global/certificates/media-example-com-cert
  • media-example-com-cert

You can specify up to five SSL certificates.

ipv4Addresses[]

string

Output only. The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.

IP addresses provisioned via Bring-Your-Own-IP (BYOIP) are not supported.

ipv6Addresses[]

string

Output only. The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.

IP addresses provisioned via Bring-Your-Own-IP (BYOIP) are not supported.

routing

object (Routing)

Required. Defines how requests are routed, modified, and cached, and which origin the content is filled from.

logConfig

object (LogConfig)

Optional. The logging options for the traffic served by this service. If logging is enabled, logs are exported to Cloud Logging.

edgeSecurityPolicy

string

Optional. The resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService resource.

Routing

Defines how requests are routed, modified, cached, and which origin the content is filled from.

JSON representation
{
  "hostRules": [
    {
      object (HostRule)
    }
  ],
  "pathMatchers": [
    {
      object (PathMatcher)
    }
  ]
}
Fields
hostRules[]

object (HostRule)

Required. A list of HostRule rules to match against. RouteRule rules support advanced routing behavior, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.

You can specify up to 50 host rules.

pathMatchers[]

object (PathMatcher)

Required. A list of PathMatcher values referenced by name by HostRule values. PathMatcher is used to match the path portion of the URL when aHostRule value matches the URL's host portion.

You can specify up to 10 path matchers.

HostRule

The hostname configured for the EdgeCacheService. A HostRule value associates a hostname (or hostnames) with a set of routing rules, which define configuration based on the path and header.

JSON representation
{
  "description": string,
  "hosts": [
    string
  ],
  "pathMatcher": string
}
Fields
description

string

Optional. A human-readable description of the HostRule value.

hosts[]

string

Required. A list of host patterns to match.

Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match an empty string.

When multiple hosts are specified, hosts are matched in the following priority:

  1. Exact domain names: www.foo.com.
  2. Suffix domain wildcards: *.foo.com or *-bar.foo.com.
  3. Prefix domain wildcards: foo.* or foo-*.
  4. Special wildcard * matching any domain.

The wildcard doesn't match the empty string. For example, *-bar.foo.com matches baz-bar.foo.com but not -bar.foo.com. The longest wildcards match first. Only a single host in the entire service can match on *.

A domain must be unique across all configured hosts within a service.

Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the :authority header, in the incoming request.

You can specify up to 10 hosts.

pathMatcher

string

Required. The name of the PathMatcher associated with this HostRule.

PathMatcher

The name of the PathMatcher to use to match the path portion of the URL if the HostRule matches the URL's host portion.

JSON representation
{
  "name": string,
  "description": string,
  "routeRules": [
    {
      object (RouteRule)
    }
  ]
}
Fields
name

string

Required. The name to which this PathMatcher is referred by the HostRule.

description

string

Optional. A human-readable description of the resource.

routeRules[]

object (RouteRule)

Required. A list of RouteRule rules to match against. RouteRule rules support advanced routing behavior, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.

You must specify at least one rule, and can specify a maximum of 200 rules.

RouteRule rules must not have duplicate priority values.

RouteRule

The priority of a given route, including its match conditions and the actions to take on a request that matches.

JSON representation
{
  "priority": string,
  "description": string,
  "matchRules": [
    {
      object (MatchRule)
    }
  ],
  "routeMethods": {
    object (RouteMethods)
  },
  "headerAction": {
    object (HeaderAction)
  },
  "routeAction": {
    object (RouteAction)
  },

  // Union field type can be only one of the following:
  "origin": string,
  "urlRedirect": {
    object (UrlRedirect)
  }
  // End of list of possible types for union field type.
}
Fields
priority

string (int64 format)

Required. The priority of this route rule, where 1 is the highest priority.

You cannot configure two or more RouteRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.

Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.

description

string

Optional. A human-readable description of the RouteRule.

matchRules[]

object (MatchRule)

Required. The list of criteria for matching attributes of a request to this RouteRule. This list has OR semantics: the request matches this RouteRule when any of the MatchRules are satisfied. However, predicates within a given MatchRule have AND semantics. All predicates within a MatchRule must match for the request to match the rule.

You can specify up to five match rules.

routeMethods

object (RouteMethods)

Optional. Allow overriding the set of methods that are allowed for this route. When not set, Media CDN allows only GET, HEAD, and OPTIONS.

headerAction

object (HeaderAction)

Optional. The header actions, including adding and removing headers, for requests that match this route.

routeAction

object (RouteAction)

Optional. In response to a matching path, the RouteAction performs advanced routing actions like URL rewrites, header transformations, and so forth prior to forwarding the request to the selected origin.

Union field type.

type can be only one of the following:

origin

string

Optional. An alternate EdgeCacheOrigin resource that this route responds with when a matching response is not in the cache.

The following are both valid paths to an EdgeCacheOrigin resource:

  • projects/my-project/locations/global/edgeCacheOrigins/my-origin
  • my-origin

Only one of origin or urlRedirect can be set.

urlRedirect

object (UrlRedirect)

Optional. The URL redirect configuration for requests that match this route.

Only one of origin or urlRedirect can be set.

UrlRedirect

The HTTP redirect configuration for a given request.

JSON representation
{
  "hostRedirect": string,
  "redirectResponseCode": enum (RedirectResponseCode),
  "httpsRedirect": boolean,
  "stripQuery": boolean,

  // Union field path_specifier can be only one of the following:
  "pathRedirect": string,
  "prefixRedirect": string
  // End of list of possible types for union field path_specifier.
}
Fields
hostRedirect

string

Optional. The host that is used in the redirect response instead of the one that was supplied in the request.

The value must be between 1 and 255 characters.

redirectResponseCode

enum (RedirectResponseCode)

Optional. The HTTP status code to use for this redirect action. For a list of supported values, see RedirectResponseCode.

httpsRedirect

boolean

Optional. Determines whether the URL scheme in the redirected request is adjusted to HTTPS or remains that of the request.

If it is set to true and at least one edgeSslCertificates is set on the service, the URL scheme in the redirected request is set to HTTPS.

If it is set to false, the URL scheme of the redirected request remains the same as that of the request.

stripQuery

boolean

Optional. Determines whether accompanying query portions of the original URL are removed prior to redirecting the request.

If it is set to true, the accompanying query portion of the original URL is removed before redirecting the request.

If it is set to false, the query portion of the original URL is retained.

The default is false.

Union field path_specifier.

path_specifier can be only one of the following:

pathRedirect

string

Optional. The path that is used in the redirect response instead of the one that was supplied in the request.

pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect.

The path value must be between 1 and 1024 characters.

prefixRedirect

string

Optional. The prefix that replaces the prefixMatch specified in the RouteRule rule, retaining the remaining portion of the URL before redirecting the request.

prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect.

The prefix value must be between 1 and 1024 characters.

RedirectResponseCode

The HTTP status codes that might be used as redirect responses.

Enums
MOVED_PERMANENTLY_DEFAULT HTTP 301 (Moved Permanently)
FOUND HTTP 302 Found
SEE_OTHER HTTP 303 See Other
TEMPORARY_REDIRECT HTTP 307 (Temporary Redirect). In this case, the request method is retained.
PERMANENT_REDIRECT HTTP 308 (Permanent Redirect). In this case, the request method is retained.

MatchRule

A collection of match conditions (such as query, header, or URI) for a request.

JSON representation
{
  "ignoreCase": boolean,
  "headerMatches": [
    {
      object (HeaderMatch)
    }
  ],
  "queryParameterMatches": [
    {
      object (QueryParameterMatcher)
    }
  ],

  // Union field path_match can be only one of the following:
  "prefixMatch": string,
  "fullPathMatch": string,
  "pathTemplateMatch": string
  // End of list of possible types for union field path_match.
}
Fields
ignoreCase

boolean

Optional. Specifies that prefixMatch and fullPathMatch matches are not case sensitive. The default value is false, which means that matches are case sensitive.

headerMatches[]

object (HeaderMatch)

Optional. A list of HeaderMatch criteria, all of which must match corresponding headers in the request.

You can specify up to three headers to match on.

queryParameterMatches[]

object (QueryParameterMatcher)

Optional. A list of QueryParameterMatcher criteria, all of which must match corresponding query parameters in the request.

You can specify up to five query parameters to match on.

Union field path_match.

path_match can be only one of the following:

prefixMatch

string

Optional. To satisfy the MatchRule condition, the request's path must begin with the specified prefixMatch.

prefixMatch must begin with a /. The value must be between 1 and 1024 characters (inclusive).

One of prefixMatch, fullPathMatch, or pathTemplateMatch must be specified.

fullPathMatch

string

Optional. To satisfy the MatchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchors that might be part of the original URL.

fullPathMatch must begin with a /. The value must be between 1 and 1024 characters, (inclusive).

One of prefixMatch, fullPathMatch, or pathTemplateMatch must be specified.

pathTemplateMatch

string

Optional. To satisfy the MatchRule condition, the path of the request must match the wildcard pattern specified in pathTemplateMatch after removing any query parameters and anchors that might be part of the original URL.

pathTemplateMatch must be between 1 and 255 characters (inclusive). The pattern specified by pathTemplateMatch can have at most 10 wildcard operators and 10 variable captures.

One of prefixMatch, fullPathMatch, or pathTemplateMatch must be specified.

HeaderMatch

The match conditions for HTTP request headers.

JSON representation
{
  "headerName": string,
  "invertMatch": boolean,

  // Union field match_specifier can be only one of the following:
  "presentMatch": boolean,
  "exactMatch": string,
  "prefixMatch": string,
  "suffixMatch": string
  // End of list of possible types for union field match_specifier.
}
Fields
headerName

string

Required. The header name to match on. The :method pseudo-header may be used to match on the request HTTP method.

invertMatch

boolean

Optional. If set to false, HeaderMatch is considered a match when the match criteria above are met. If set to true, HeaderMatch is considered a match when the match criteria above are not met.

The default is false.

Union field match_specifier.

match_specifier can be only one of the following:

presentMatch

boolean

Optional. A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.

Only one of exactMatch, prefixMatch, suffixMatch, or presentMatch must be set.

exactMatch

string

Optional. The value of the header must exactly match contents of exactMatch.

Only one of exactMatch, prefixMatch, suffixMatch, or presentMatch must be set.

prefixMatch

string

Optional. The value of the header must start with the contents of prefixMatch.

Only one of exactMatch, prefixMatch, suffixMatch, or presentMatch must be set.

suffixMatch

string

Optional. The value of the header must end with the contents of suffixMatch.

Only one of exactMatch, prefixMatch, suffixMatch, or presentMatch must be set.

QueryParameterMatcher

The match conditions for URI query parameters.

JSON representation
{
  "name": string,

  // Union field match_specifier can be only one of the following:
  "presentMatch": boolean,
  "exactMatch": string
  // End of list of possible types for union field match_specifier.
}
Fields
name

string

Required. The name of the query parameter to match. The query parameter must exist in the request; if it doesn't, the request match fails.

The name must be specified and be between 1 and 32 characters long (inclusive).

Union field match_specifier.

match_specifier can be only one of the following:

presentMatch

boolean

Optional. Specifies that the QueryParameterMatcher matches if the request contains the query parameter. The match can succeed as long as the request contains the query parameter, regardless of whether the parameter has a value or not.

Only one of presentMatch or exactMatch must be set.

exactMatch

string

Optional. The QueryParameterMatcher matches if the value of the parameter exactly matches the contents of exactMatch.

The match value must be between 1 and 64 characters long (inclusive).

Only one of presentMatch or exactMatch must be set.

RouteMethods

Allow overriding the set of methods that are allowed for a route.

JSON representation
{
  "allowedMethods": [
    string
  ]
}
Fields
allowedMethods[]

string

Required. The non-empty set of HTTP methods that are allowed for this route.

HeaderAction

Defines the addition and removal of HTTP headers for requests and responses.

JSON representation
{
  "requestHeadersToAdd": [
    {
      object (AddHeader)
    }
  ],
  "responseHeadersToAdd": [
    {
      object (AddHeader)
    }
  ],
  "requestHeadersToRemove": [
    {
      object (RemoveHeader)
    }
  ],
  "responseHeadersToRemove": [
    {
      object (RemoveHeader)
    }
  ]
}
Fields
requestHeadersToAdd[]

object (AddHeader)

Optional. A list of headers to add to the request prior to forwarding the request to the origin.

You can add a maximum of 25 request headers.

responseHeadersToAdd[]

object (AddHeader)

Optional. A list of headers to add to the response before sending it back to the client.

You can add a maximum of 25 response headers.

Response headers are only sent to the client, and do not have an effect on the cache serving the response.

requestHeadersToRemove[]

object (RemoveHeader)

Optional. A list of header names to remove from the request before forwarding the request to the origin.

You can specify up to 25 request headers to remove.

responseHeadersToRemove[]

object (RemoveHeader)

Optional. A list of headers to remove from the response before sending it back to the client.

Response headers are only sent to the client, and do not have an effect on the cache serving the response.

You can specify up to 25 response headers to remove.

AddHeader

The header to add.

JSON representation
{
  "headerName": string,
  "headerValue": string,
  "replace": boolean
}
Fields
headerName

string

Required. The name of the header to add.

headerValue

string

Required. The value of the header to add.

replace

boolean

Optional. Specifies whether to replace all existing headers with the same name.

RemoveHeader

The header to remove.

JSON representation
{
  "headerName": string
}
Fields
headerName

string

Required. The name of the header to remove.

RouteAction

The actions (such as rewrites, redirects, CORS header injection, and header modification) to take for a given route match.

JSON representation
{
  "cdnPolicy": {
    object (CDNPolicy)
  },
  "urlRewrite": {
    object (UrlRewrite)
  },
  "corsPolicy": {
    object (CORSPolicy)
  }
}
Fields
cdnPolicy

object (CDNPolicy)

Optional. The policy to use for defining caching and signed request behavior for requests that match this route.

urlRewrite

object (UrlRewrite)

Optional. The URL rewrite configuration for requests that match this route.

corsPolicy

object (CORSPolicy)

Optional. The Cross-Origin Resource Sharing (CORS) policy for requests that match this route.

CDNPolicy

The CDN policy to apply to the configured route.

JSON representation
{
  "cacheMode": enum (CacheMode),
  "clientTtl": string,
  "defaultTtl": string,
  "maxTtl": string,
  "cacheKeyPolicy": {
    object (CacheKeyPolicy)
  },
  "negativeCaching": boolean,
  "negativeCachingPolicy": {
    string: string,
    ...
  },
  "signedRequestMode": enum (SignedRequestMode),
  "signedRequestKeyset": string,
  "signedTokenOptions": {
    object (SignedTokenOptions)
  },
  "addSignatures": {
    object (AddSignaturesOptions)
  },
  "signedRequestMaximumExpirationTtl": string
}
Fields
cacheMode

enum (CacheMode)

Optional. Set the CacheMode used by this route.

BYPASS_CACHE and USE_ORIGIN_HEADERS proxy the origin's headers. Other cache modes pass Cache-Control to the client.

Use clientTtl to override what is sent to the client.

clientTtl

string (Duration format)

Optional. Specifies a separate client (such as browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty uses the same cache TTL for both the CDN and the client-facing response.

  • The TTL must be > 0 and <= 86400s (1 day)
  • The clientTtl cannot be larger than the defaultTtl (if set)
  • Fractions of a second are not allowed.

Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.

When the CacheMode is set to USE_ORIGIN_HEADERS or BYPASS_CACHE, you must omit this field.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

defaultTtl

string (Duration format)

Optional. Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).

Defaults to 3600s (1 hour).

  • The TTL must be >= 0 and <= 31,536,000 seconds (1 year)
  • Setting a TTL of 0 means "always revalidate" (equivalent to must-revalidate)
  • The value of defaultTtl cannot be set to a value greater than that of maxTtl.
  • Fractions of a second are not allowed.
  • When the CacheMode is set to FORCE_CACHE_ALL, the defaultTtl overwrites the TTL set in all responses.

Infrequently accessed objects might be evicted from the cache before the defined TTL. Objects that expire are revalidated with the origin.

When the CacheMode is set to USE_ORIGIN_HEADERS or BYPASS_CACHE, you must omit this field.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

maxTtl

string (Duration format)

Optional. The maximum allowed TTL for cached content served by this origin.

Defaults to 86400s (1 day).

Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future are capped at the value of maxTtl, as if it were the value of an s-maxage Cache-Control directive.

  • The TTL must be >= 0 and <= 31,536,000 seconds (1 year)
  • Setting a TTL of 0 means "always revalidate"
  • The value of maxTtl must be equal to or greater than defaultTtl.
  • Fractions of a second are not allowed.

When CacheMode is set to [USE_ORIGIN_HEADERS].[CacheMode.USE_ORIGIN_HEADERS], FORCE_CACHE_ALL, or BYPASS_CACHE, you must omit this field.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

cacheKeyPolicy

object (CacheKeyPolicy)

Optional. The request parameters that contribute to the cache key.

negativeCaching

boolean

Optional. Negative caching allows setting per-status code TTLs, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.

By default, the CDNPolicy applies the following default TTLs to these status codes:

  • 10m: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects)
  • 120s: HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons)
  • 60s: HTTP 405 (Method Not Found), 501 (Not Implemented)

These defaults can be overridden in negativeCachingPolicy

negativeCachingPolicy

map (key: string, value: string (Duration format))

Optional. A cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.

The following limitations apply:

  • Omitting the policy and leaving negativeCaching enabled uses the default TTLs for each status code, defined in negativeCaching.
  • TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day)

You can set only the following status codes:

  • HTTP redirection (300, 301, 302, 307, or 308)
  • Client error (400, 403, 404, 405, 410, 421, or 451)
  • Server error (500, 501, 502, 503, or 504)

When you specify an explicit negativeCachingPolicy, ensure that you also specify a cache TTL for all response codes that you wish to cache. The CDNPolicy doesn't apply any default negative caching when a policy exists.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

signedRequestMode

enum (SignedRequestMode)

Optional. Specifies whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.

You must also set a signedRequestKeyset to enable signed requests.

When set to REQUIRE_SIGNATURES or REQUIRE_TOKENS, all matching requests get their signature validated. Requests that aren't signed with the corresponding private key, or that are otherwise invalid (such as expired or do not match the signature, IP address, or header) are rejected with an HTTP 403 error. If logging is turned on, then invalid requests are also logged.

signedRequestKeyset

string

Optional. The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.

The following are both valid paths to an EdgeCacheKeyset resource:

  • projects/project/locations/global/edgeCacheKeysets/yourKeyset
  • yourKeyset

SignedRequestMode must be set to a value other than DISABLED when a keyset is provided.

signedTokenOptions

object (SignedTokenOptions)

Optional. Any additional options for signed tokens.

signedTokenOptions can only be specified when signedRequestMode is REQUIRE_TOKENS.

addSignatures

object (AddSignaturesOptions)

Optional. Enables signature generation or propagation on this route.

This field can only be specified when signedRequestMode is set to REQUIRE_TOKENS.

signedRequestMaximumExpirationTtl

string (Duration format)

Optional. Limits how far into the future the expiration time of a signed request can be.

When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.

  • The TTL must be > 0.
  • Fractions of a second are not allowed.

By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request might be arbitrarily far into future.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

CacheMode

Lets you control the following:

  • Caching behavior
  • Automatically cached content types
  • Whether origins headers are respected
  • Whether all responses are unconditionally cached

For all cache modes, Cache-Control headers are passed to the client. Use clientTtl to override what is sent to the client.

Enums
CACHE_MODE_UNSPECIFIED Unspecified value. Defaults to CACHE_ALL_STATIC.
CACHE_ALL_STATIC

Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS).

Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), aren't cached.

USE_ORIGIN_HEADERS

Only cache responses with valid HTTP caching directives.

Responses without these headers aren't cached at Google's edge, and require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server.

FORCE_CACHE_ALL

Cache all content, ignoring any private, no-store or no-cache directives in Cache-Control response headers.

Warning: this might result in caching private, per-user (user identifiable) content. Only enable this on routes where the EdgeCacheOrigin doesn't serve private or dynamic content, such as storage buckets.

BYPASS_CACHE

Bypass all caching for requests that match routes with this CDNPolicy applied.

Enabling this causes the edge cache to ignore all HTTP caching directives. All responses are fulfilled from the origin.

CacheKeyPolicy

The request parameters that contribute to the cache key.

JSON representation
{
  "includeProtocol": boolean,
  "excludeQueryString": boolean,
  "excludeHost": boolean,
  "includedQueryParameters": [
    string
  ],
  "excludedQueryParameters": [
    string
  ],
  "includedHeaderNames": [
    string
  ],
  "includedCookieNames": [
    string
  ]
}
Fields
includeProtocol

boolean

Optional. If true, HTTP and HTTPS requests are cached separately.

excludeQueryString

boolean

Optional. If true, exclude query string parameters from the cache key.

If false (the default), include the query string parameters in the cache key according to includedQueryParameters and excludedQueryParameters. If neither is set, the entire query string is included.

excludeHost

boolean

Optional. If true, exclude a request's host from the cache key. Requests with different hosts share content in the cache.

If false (the default), a request's host is included in the cache key. Requests with different hosts are stored independently.

Important: Enable this only if the hosts share the same origin and content. Removing the host from the cache key might inadvertently result in different objects being cached than intended, depending on which route the first user matched.

includedQueryParameters[]

string

Optional. The names of query string parameters to include in cache keys. All other parameters are excluded.

Specify either includedQueryParameters or excludedQueryParameters, not both. & and = are percent encoded and not treated as delimiters.

You can include up to 20 query parameters.

Each query parameter name must be between 1 and 32 characters long (inclusive).

excludedQueryParameters[]

string

Optional. The names of query string parameters to exclude from cache keys. All other parameters are included.

Specify either includedQueryParameters or excludedQueryParameters, not both. & and = are percent encoded and not treated as delimiters.

You can exclude up to 20 query parameters.

Each query parameter name must be between 1 and 32 characters long (inclusive).

includedHeaderNames[]

string

Optional. The names of HTTP request headers to include in cache keys. The value of the header field is used as part of the cache key.

The following limitations apply:

  • Header names must be valid HTTP RFC 7230 header field values.
  • Header field names are case insensitive
  • You can specify up to five header names.
  • To include the HTTP method, use :method

Refer to the documentation for the allowed list of header names.

Specifying several headers or headers that have a large range of values, such as per-user, dramatically impacts the cache hit rate, and might result in a higher eviction rate and reduced performance.

SignedRequestMode

Indicates whether signed requests are required.

Enums
SIGNED_REQUEST_MODE_UNSPECIFIED Unspecified value. Defaults to DISABLED.
DISABLED Do not enforce signed requests.
REQUIRE_SIGNATURES Enforce signed requests using query parameter, path component, or cookie signatures. All requests must have a valid signature. Requests that are missing the signature (URL or cookie-based) are rejected as if the signature was invalid.
REQUIRE_TOKENS Enforce signed requests using signed tokens. All requests must have a valid signed token. Requests that are missing a signed token (URL or cookie-based) are rejected as if the signed token was invalid.

SignedTokenOptions

The configuration options for signed tokens.

JSON representation
{
  "tokenQueryParameter": string,
  "allowedSignatureAlgorithms": [
    enum (SignatureAlgorithm)
  ]
}
Fields
tokenQueryParameter

string

Optional. The query parameter in which to find the token.

The name must be 1-64 characters long and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.

Defaults to edge-cache-token.

allowedSignatureAlgorithms[]

enum (SignatureAlgorithm)

Optional. The allowed signature algorithms to use.

Defaults to using only ED25519.

You can specify up to 3 signature algorithms to use.

SignatureAlgorithm

The signed request signature algorithm to use.

Enums
SIGNATURE_ALGORITHM_UNSPECIFIED It is an error to specify ALGORITHM_UNSPECIFIED.
ED25519 Use an Ed25519 signature scheme. The signature must be specified in the signature field of the token.
HMAC_SHA_256 Use an HMAC based on a SHA-256 hash. The HMAC must be specified in the hmac field of the token.
HMAC_SHA1 Use an HMAC based on a SHA1 hash. The HMAC must be specified in the hmac field of the token.

AddSignaturesOptions

The configuration options for adding signatures to responses.

JSON representation
{
  "actions": [
    enum (SignatureAction)
  ],
  "keyset": string,
  "tokenTtl": string,
  "tokenQueryParameter": string,
  "copiedParameters": [
    string
  ]
}
Fields
actions[]

enum (SignatureAction)

Required. The actions to take to add signatures to responses.

You must specify exactly one action.

keyset

string

Optional. The keyset to use for signature generation.

The following are both valid paths to an EdgeCacheKeyset resource:

  • projects/project/locations/global/edgeCacheKeysets/yourKeyset
  • yourKeyset

This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field can not be specified otherwise.

tokenTtl

string (Duration format)

Optional. The duration the token is valid for starting from the moment the token is first generated.

Defaults to 86400s (1 day).

The TTL must be >= 0 and <= 604,800 seconds (1 week).

This field can only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

tokenQueryParameter

string

Optional. The query parameter in which to put the generated token.

If not specified, defaults to edge-cache-token.

If specified, the name must be 1-64 characters long and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.

This field can only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.

copiedParameters[]

string

Optional. The parameters to copy from the verified token to the generated token.

Only the following parameters can be copied:

  • PathGlobs
  • paths
  • acl
  • URLPrefix
  • IPRanges
  • SessionID
  • id
  • Data
  • data
  • payload
  • Headers

You can specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.

This field can only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.

SignatureAction

The ways a signature can be manipulated in a response.

Enums
SIGNATURE_ACTION_UNSPECIFIED It is an error to specify UNSPECIFIED.
GENERATE_TOKEN_HLS_COOKIELESS

Generate a new signed request authentication token and return the new token by manipulating URLs in an HTTP Live Stream (HLS) playlist.

This action cannot be combined with the PROPAGATE_TOKEN_HLS_COOKIELESS action.

PROPAGATE_TOKEN_HLS_COOKIELESS

Copy the authentication token used in the request to the URLs in an HTTP Live Stream (HLS) playlist.

This action cannot be combined with either the GENERATE_COOKIE action or the GENERATE_TOKEN_HLS_COOKIELESS action.

UrlRewrite

Defines the URL rewrite configuration for a given request.

JSON representation
{
  "pathPrefixRewrite": string,
  "pathTemplateRewrite": string,
  "hostRewrite": string
}
Fields
pathPrefixRewrite

string

Optional. Before forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.

If specified, the path value must start with a / and be between 1 and 1024 characters long (inclusive).

pathPrefixRewrite can only be used when all of a route's matchRules specify prefixMatch or fullPathMatch.

Only one of pathPrefixRewrite and pathTemplateRewrite can be specified.

pathTemplateRewrite

string

Optional. Before forwarding the request to the selected origin, if the request matched a pathTemplateMatch, the matching portion of the request's path is replaced re-written using the pattern specified by pathTemplateRewrite.

pathTemplateRewrite must be between 1 and 255 characters (inclusive), must start with a /, and must only use variables captured by the route's pathTemplateMatch.

pathTemplateRewrite can only be used when all of a route's matchRules specify pathTemplateMatch.

Only one of pathPrefixRewrite and pathTemplateRewrite can be specified.

hostRewrite

string

Optional. Before forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.

The host value must be between 1 and 255 characters.

CORSPolicy

Defines Cross Origin Resource Sharing (CORS) configuration, including which CORS response headers are set.

JSON representation
{
  "maxAge": string,
  "allowCredentials": boolean,
  "allowOrigins": [
    string
  ],
  "allowMethods": [
    string
  ],
  "allowHeaders": [
    string
  ],
  "exposeHeaders": [
    string
  ],
  "disabled": boolean
}
Fields
maxAge

string (Duration format)

Required. Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).

The following limitations apply:

  • Setting the value to -1 forces a pre-flight check for all requests (not recommended)
  • A maximum TTL of 86400s can be set; however, some clients might force pre-flight checks at a more regular interval.

This translates to the Access-Control-Max-Age header.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

allowCredentials

boolean

Optional. In response to a preflight request, setting this to true indicates that the actual request can include user credentials.

This translates to the Access-Control-Allow-Credentials response header.

allowOrigins[]

string

Optional. A list of origins that are allowed to do CORS requests.

This translates to the Access-Control-Allow-Origin response header.

You can specify up to 25 allowed origins.

allowMethods[]

string

Optional. The content for the Access-Control-Allow-Methods response header.

You can specify up to five allowed methods.

allowHeaders[]

string

Optional. The content for the Access-Control-Allow-Headers response header.

You can specify up to 25 headers to include in the Access-Control-Allow-Headers header.

exposeHeaders[]

string

Optional. The content for the Access-Control-Expose-Headers response header.

You can specify up to 25 headers to expose in the Access-Control-Expose-Headers header.

disabled

boolean

Optional. If true, specifies that the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.

LogConfig

The logging options for the traffic served by this service. If logging is enabled, logs are exported to Cloud Logging.

JSON representation
{
  "enable": boolean,
  "sampleRate": number
}
Fields
enable

boolean

Optional. Specifies whether to enable logging for traffic served by this service.

Defaults to false.

sampleRate

number

Optional. The sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 0.0, and the value of the field must be in [0, 1].

This field can be specified only if logging is enabled for this service.

Methods

create

Creates a new EdgeCacheService in a given project and location.

delete

Deletes a single EdgeCacheService.

get

Gets details of a single EdgeCacheService.

getIamPolicy

Gets the access control policy for a resource.

invalidateCache

Sends a cache invalidation request.

list

Lists EdgeCacheServices in a given project and location.

patch

Updates the parameters of a single EdgeCacheService.

setIamPolicy

Sets the access control policy on the specified resource.

testIamPermissions

Returns permissions that a caller has on the specified resource.