$schema: "http://json-schema.org/draft-06/schema#"

title: networkservices v1 CDNPolicy export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  addSignatures:
    description: |-
      Enables signature generation or propagation on this route. This field can
      only be specified when signed_request_mode is set to REQUIRE_TOKENS.
    $ref: CDNPolicyAddSignaturesOptions.yaml
  cacheKeyPolicy:
    description: The request parameters that contribute to the cache key.
    $ref: CDNPolicyCacheKeyPolicy.yaml
  cacheMode:
    description: |-
      Set the CacheMode used by this route. BYPASS_CACHE and USE_ORIGIN_HEADERS
      proxy the origin's headers. Other cache modes pass Cache-Control to the
      client. Use client_ttl to override what is sent to the client.
    type: string
    enum:
    - BYPASS_CACHE
    - CACHE_ALL_STATIC
    - CACHE_MODE_UNSPECIFIED
    - FORCE_CACHE_ALL
    - USE_ORIGIN_HEADERS
  clientTtl:
    description: |-
      Specifies a separate client (such as browser client) TTL, separate from
      the TTL used by the edge caches. Leaving this empty uses the same cache
      TTL for both the CDN and the client-facing response. - The TTL must be >
      `0` and <= `86400s` (1 day) - The `client_ttl` cannot be larger than the
      default_ttl (if set) - Fractions of a second are not allowed. Omit this
      field to use the `default_ttl`, or the max- age set by the origin, as the
      client-facing TTL. When the CacheMode is set to USE_ORIGIN_HEADERS or
      BYPASS_CACHE, you must omit this field.
    type: string
  defaultTtl:
    description: |-
      Specifies the default TTL for cached content served by this origin for
      responses that do not have an existing valid TTL (max-age or s-max-age).
      Defaults to `3600s` (1 hour). - The TTL must be >= `0` and <= `31,536,000`
      seconds (1 year) - Setting a TTL of `0` means "always revalidate"
      (equivalent to must-revalidate) - The value of `default_ttl` cannot be set
      to a value greater than that of max_ttl. - Fractions of a second are not
      allowed. - When the CacheMode is set to FORCE_CACHE_ALL, the `default_ttl`
      overwrites the TTL set in all responses. Infrequently accessed objects
      might be evicted from the cache before the defined TTL. Objects that
      expire are revalidated with the origin. When the CacheMode is set to
      USE_ORIGIN_HEADERS or BYPASS_CACHE, you must omit this field.
    type: string
  maxTtl:
    description: |-
      The maximum allowed TTL for cached content served by this origin. Defaults
      to `86400s` (1 day). Cache directives that attempt to set a max-age or
      s-maxage higher than this, or an Expires header more than `max_ttl`
      seconds in the future are capped at the value of `max_ttl`, as if it were
      the value of an s-maxage Cache-Control directive. - The TTL must be >= `0`
      and <= `31,536,000` seconds (1 year) - Setting a TTL of `0` means "always
      revalidate" - The value of `max_ttl` must be equal to or greater than
      default_ttl. - Fractions of a second are not allowed. When CacheMode is
      set to [USE_ORIGIN_HEADERS].[CacheMode.USE_ORIGIN_HEADERS],
      FORCE_CACHE_ALL, or BYPASS_CACHE, you must omit this field.
    type: string
  negativeCaching:
    description: |-
      Negative caching allows setting per-status code TTLs, in order to apply
      fine-grained caching for common errors or redirects. This can reduce the
      load on your origin and improve end-user experience by reducing response
      latency. By default, the CDNPolicy applies the following default TTLs to
      these status codes: - **10m**: HTTP 300 (Multiple Choice), 301, 308
      (Permanent Redirects) - **120s**: HTTP 404 (Not Found), 410 (Gone), 451
      (Unavailable For Legal Reasons) - **60s**: HTTP 405 (Method Not Found),
      501 (Not Implemented) These defaults can be overridden in
      negative_caching_policy
    type: boolean
  negativeCachingPolicy:
    description: |-
      A cache TTL for the specified HTTP status code. negative_caching must be
      enabled to configure `negative_caching_policy`. The following limitations
      apply: - Omitting the policy and leaving `negative_caching` enabled uses
      the default TTLs for each status code, defined in `negative_caching`. -
      TTLs must be >= `0` (where `0` is "always revalidate") and <= `86400s` (1
      day) You can set only the following status codes: - HTTP redirection
      (`300`, `301`, `302`, `307`, or `308`) - Client error (`400`, `403`,
      `404`, `405`, `410`, `421`, or `451`) - Server error (`500`, `501`, `502`,
      `503`, or `504`) When you specify an explicit `negative_caching_policy`,
      ensure that you also specify a cache TTL for all response codes that you
      wish to cache. The CDNPolicy doesn't apply any default negative caching
      when a policy exists.
    $ref: NegativeCachingPolicyValue.yaml
  signedRequestKeyset:
    description: |-
      The EdgeCacheKeyset containing the set of public keys used to validate
      signed requests at the edge. The following are both valid paths to an
      `EdgeCacheKeyset` resource: *
      `projects/project/locations/global/edgeCacheKeysets/yourKeyset` *
      `yourKeyset` SignedRequestMode must be set to a value other than DISABLED
      when a keyset is provided.
    type: string
  signedRequestMaximumExpirationTtl:
    description: |-
      Limits how far into the future the expiration time of a signed request can
      be. When set, a signed request is rejected if its expiration time is later
      than `now` + `signed_request_maximum_expiration_ttl`, where `now` is the
      time at which the signed request is first handled by the CDN. - The TTL
      must be > 0. - Fractions of a second are not allowed. By default,
      `signed_request_maximum_expiration_ttl` is not set and the expiration time
      of a signed request might be arbitrarily far into future.
    type: string
  signedRequestMode:
    description: |-
      Specifies whether to enforce signed requests. The default value is
      DISABLED, which means all content is public, and does not authorize
      access. You must also set a signed_request_keyset to enable signed
      requests. When set to REQUIRE_SIGNATURES or REQUIRE_TOKENS, all matching
      requests get their signature validated. Requests that aren't signed with
      the corresponding private key, or that are otherwise invalid (such as
      expired or do not match the signature, IP address, or header) are rejected
      with an HTTP 403 error. If logging is turned on, then invalid requests are
      also logged.
    type: string
    enum:
    - DISABLED
    - REQUIRE_SIGNATURES
    - REQUIRE_TOKENS
    - SIGNED_REQUEST_MODE_UNSPECIFIED
  signedTokenOptions:
    description: |-
      Any additional options for signed tokens. `signed_token_options` can only
      be specified when `signed_request_mode` is `REQUIRE_TOKENS`.
    $ref: CDNPolicySignedTokenOptions.yaml