154 lines
7.4 KiB
YAML
154 lines
7.4 KiB
YAML
$schema: "http://json-schema.org/draft-06/schema#"
|
|
|
|
title: networkservices v1 CDNPolicy export schema
|
|
description: A gcloud export/import command YAML validation schema.
|
|
type: object
|
|
additionalProperties: false
|
|
properties:
|
|
COMMENT:
|
|
type: object
|
|
description: User specified info ignored by gcloud import.
|
|
additionalProperties: false
|
|
properties:
|
|
template-id:
|
|
type: string
|
|
region:
|
|
type: string
|
|
description:
|
|
type: string
|
|
date:
|
|
type: string
|
|
version:
|
|
type: string
|
|
UNKNOWN:
|
|
type: array
|
|
description: Unknown API fields that cannot be imported.
|
|
items:
|
|
type: string
|
|
addSignatures:
|
|
description: |-
|
|
Enables signature generation or propagation on this route. This field can
|
|
only be specified when signed_request_mode is set to REQUIRE_TOKENS.
|
|
$ref: CDNPolicyAddSignaturesOptions.yaml
|
|
cacheKeyPolicy:
|
|
description: The request parameters that contribute to the cache key.
|
|
$ref: CDNPolicyCacheKeyPolicy.yaml
|
|
cacheMode:
|
|
description: |-
|
|
Set the CacheMode used by this route. BYPASS_CACHE and USE_ORIGIN_HEADERS
|
|
proxy the origin's headers. Other cache modes pass Cache-Control to the
|
|
client. Use client_ttl to override what is sent to the client.
|
|
type: string
|
|
enum:
|
|
- BYPASS_CACHE
|
|
- CACHE_ALL_STATIC
|
|
- CACHE_MODE_UNSPECIFIED
|
|
- FORCE_CACHE_ALL
|
|
- USE_ORIGIN_HEADERS
|
|
clientTtl:
|
|
description: |-
|
|
Specifies a separate client (such as browser client) TTL, separate from
|
|
the TTL used by the edge caches. Leaving this empty uses the same cache
|
|
TTL for both the CDN and the client-facing response. - The TTL must be >
|
|
`0` and <= `86400s` (1 day) - The `client_ttl` cannot be larger than the
|
|
default_ttl (if set) - Fractions of a second are not allowed. Omit this
|
|
field to use the `default_ttl`, or the max- age set by the origin, as the
|
|
client-facing TTL. When the CacheMode is set to USE_ORIGIN_HEADERS or
|
|
BYPASS_CACHE, you must omit this field.
|
|
type: string
|
|
defaultTtl:
|
|
description: |-
|
|
Specifies the default TTL for cached content served by this origin for
|
|
responses that do not have an existing valid TTL (max-age or s-max-age).
|
|
Defaults to `3600s` (1 hour). - The TTL must be >= `0` and <= `31,536,000`
|
|
seconds (1 year) - Setting a TTL of `0` means "always revalidate"
|
|
(equivalent to must-revalidate) - The value of `default_ttl` cannot be set
|
|
to a value greater than that of max_ttl. - Fractions of a second are not
|
|
allowed. - When the CacheMode is set to FORCE_CACHE_ALL, the `default_ttl`
|
|
overwrites the TTL set in all responses. Infrequently accessed objects
|
|
might be evicted from the cache before the defined TTL. Objects that
|
|
expire are revalidated with the origin. When the CacheMode is set to
|
|
USE_ORIGIN_HEADERS or BYPASS_CACHE, you must omit this field.
|
|
type: string
|
|
maxTtl:
|
|
description: |-
|
|
The maximum allowed TTL for cached content served by this origin. Defaults
|
|
to `86400s` (1 day). Cache directives that attempt to set a max-age or
|
|
s-maxage higher than this, or an Expires header more than `max_ttl`
|
|
seconds in the future are capped at the value of `max_ttl`, as if it were
|
|
the value of an s-maxage Cache-Control directive. - The TTL must be >= `0`
|
|
and <= `31,536,000` seconds (1 year) - Setting a TTL of `0` means "always
|
|
revalidate" - The value of `max_ttl` must be equal to or greater than
|
|
default_ttl. - Fractions of a second are not allowed. When CacheMode is
|
|
set to [USE_ORIGIN_HEADERS].[CacheMode.USE_ORIGIN_HEADERS],
|
|
FORCE_CACHE_ALL, or BYPASS_CACHE, you must omit this field.
|
|
type: string
|
|
negativeCaching:
|
|
description: |-
|
|
Negative caching allows setting per-status code TTLs, in order to apply
|
|
fine-grained caching for common errors or redirects. This can reduce the
|
|
load on your origin and improve end-user experience by reducing response
|
|
latency. By default, the CDNPolicy applies the following default TTLs to
|
|
these status codes: - **10m**: HTTP 300 (Multiple Choice), 301, 308
|
|
(Permanent Redirects) - **120s**: HTTP 404 (Not Found), 410 (Gone), 451
|
|
(Unavailable For Legal Reasons) - **60s**: HTTP 405 (Method Not Found),
|
|
501 (Not Implemented) These defaults can be overridden in
|
|
negative_caching_policy
|
|
type: boolean
|
|
negativeCachingPolicy:
|
|
description: |-
|
|
A cache TTL for the specified HTTP status code. negative_caching must be
|
|
enabled to configure `negative_caching_policy`. The following limitations
|
|
apply: - Omitting the policy and leaving `negative_caching` enabled uses
|
|
the default TTLs for each status code, defined in `negative_caching`. -
|
|
TTLs must be >= `0` (where `0` is "always revalidate") and <= `86400s` (1
|
|
day) You can set only the following status codes: - HTTP redirection
|
|
(`300`, `301`, `302`, `307`, or `308`) - Client error (`400`, `403`,
|
|
`404`, `405`, `410`, `421`, or `451`) - Server error (`500`, `501`, `502`,
|
|
`503`, or `504`) When you specify an explicit `negative_caching_policy`,
|
|
ensure that you also specify a cache TTL for all response codes that you
|
|
wish to cache. The CDNPolicy doesn't apply any default negative caching
|
|
when a policy exists.
|
|
$ref: NegativeCachingPolicyValue.yaml
|
|
signedRequestKeyset:
|
|
description: |-
|
|
The EdgeCacheKeyset containing the set of public keys used to validate
|
|
signed requests at the edge. The following are both valid paths to an
|
|
`EdgeCacheKeyset` resource: *
|
|
`projects/project/locations/global/edgeCacheKeysets/yourKeyset` *
|
|
`yourKeyset` SignedRequestMode must be set to a value other than DISABLED
|
|
when a keyset is provided.
|
|
type: string
|
|
signedRequestMaximumExpirationTtl:
|
|
description: |-
|
|
Limits how far into the future the expiration time of a signed request can
|
|
be. When set, a signed request is rejected if its expiration time is later
|
|
than `now` + `signed_request_maximum_expiration_ttl`, where `now` is the
|
|
time at which the signed request is first handled by the CDN. - The TTL
|
|
must be > 0. - Fractions of a second are not allowed. By default,
|
|
`signed_request_maximum_expiration_ttl` is not set and the expiration time
|
|
of a signed request might be arbitrarily far into future.
|
|
type: string
|
|
signedRequestMode:
|
|
description: |-
|
|
Specifies whether to enforce signed requests. The default value is
|
|
DISABLED, which means all content is public, and does not authorize
|
|
access. You must also set a signed_request_keyset to enable signed
|
|
requests. When set to REQUIRE_SIGNATURES or REQUIRE_TOKENS, all matching
|
|
requests get their signature validated. Requests that aren't signed with
|
|
the corresponding private key, or that are otherwise invalid (such as
|
|
expired or do not match the signature, IP address, or header) are rejected
|
|
with an HTTP 403 error. If logging is turned on, then invalid requests are
|
|
also logged.
|
|
type: string
|
|
enum:
|
|
- DISABLED
|
|
- REQUIRE_SIGNATURES
|
|
- REQUIRE_TOKENS
|
|
- SIGNED_REQUEST_MODE_UNSPECIFIED
|
|
signedTokenOptions:
|
|
description: |-
|
|
Any additional options for signed tokens. `signed_token_options` can only
|
|
be specified when `signed_request_mode` is `REQUIRE_TOKENS`.
|
|
$ref: CDNPolicySignedTokenOptions.yaml
|