File: //snap/google-cloud-cli/current/lib/googlecloudsdk/schemas/networkservices/v1/CDNPolicy.yaml
$schema: "http://json-schema.org/draft-06/schema#"
title: networkservices v1 CDNPolicy export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
COMMENT:
type: object
description: User specified info ignored by gcloud import.
additionalProperties: false
properties:
template-id:
type: string
region:
type: string
description:
type: string
date:
type: string
version:
type: string
UNKNOWN:
type: array
description: Unknown API fields that cannot be imported.
items:
type: string
addSignatures:
description: |-
Enables signature generation or propagation on this route. This field can
only be specified when signed_request_mode is set to REQUIRE_TOKENS.
$ref: CDNPolicyAddSignaturesOptions.yaml
cacheKeyPolicy:
description: The request parameters that contribute to the cache key.
$ref: CDNPolicyCacheKeyPolicy.yaml
cacheMode:
description: |-
Set the CacheMode used by this route. BYPASS_CACHE and USE_ORIGIN_HEADERS
proxy the origin's headers. Other cache modes pass Cache-Control to the
client. Use client_ttl to override what is sent to the client.
type: string
enum:
- BYPASS_CACHE
- CACHE_ALL_STATIC
- CACHE_MODE_UNSPECIFIED
- FORCE_CACHE_ALL
- USE_ORIGIN_HEADERS
clientTtl:
description: |-
Specifies a separate client (such as browser client) TTL, separate from
the TTL used by the edge caches. Leaving this empty uses the same cache
TTL for both the CDN and the client-facing response. - The TTL must be >
`0` and <= `86400s` (1 day) - The `client_ttl` cannot be larger than the
default_ttl (if set) - Fractions of a second are not allowed. Omit this
field to use the `default_ttl`, or the max- age set by the origin, as the
client-facing TTL. When the CacheMode is set to USE_ORIGIN_HEADERS or
BYPASS_CACHE, you must omit this field.
type: string
defaultTtl:
description: |-
Specifies the default TTL for cached content served by this origin for
responses that do not have an existing valid TTL (max-age or s-max-age).
Defaults to `3600s` (1 hour). - The TTL must be >= `0` and <= `31,536,000`
seconds (1 year) - Setting a TTL of `0` means "always revalidate"
(equivalent to must-revalidate) - The value of `default_ttl` cannot be set
to a value greater than that of max_ttl. - Fractions of a second are not
allowed. - When the CacheMode is set to FORCE_CACHE_ALL, the `default_ttl`
overwrites the TTL set in all responses. Infrequently accessed objects
might be evicted from the cache before the defined TTL. Objects that
expire are revalidated with the origin. When the CacheMode is set to
USE_ORIGIN_HEADERS or BYPASS_CACHE, you must omit this field.
type: string
maxTtl:
description: |-
The maximum allowed TTL for cached content served by this origin. Defaults
to `86400s` (1 day). Cache directives that attempt to set a max-age or
s-maxage higher than this, or an Expires header more than `max_ttl`
seconds in the future are capped at the value of `max_ttl`, as if it were
the value of an s-maxage Cache-Control directive. - The TTL must be >= `0`
and <= `31,536,000` seconds (1 year) - Setting a TTL of `0` means "always
revalidate" - The value of `max_ttl` must be equal to or greater than
default_ttl. - Fractions of a second are not allowed. When CacheMode is
set to [USE_ORIGIN_HEADERS].[CacheMode.USE_ORIGIN_HEADERS],
FORCE_CACHE_ALL, or BYPASS_CACHE, you must omit this field.
type: string
negativeCaching:
description: |-
Negative caching allows setting per-status code TTLs, in order to apply
fine-grained caching for common errors or redirects. This can reduce the
load on your origin and improve end-user experience by reducing response
latency. By default, the CDNPolicy applies the following default TTLs to
these status codes: - **10m**: HTTP 300 (Multiple Choice), 301, 308
(Permanent Redirects) - **120s**: HTTP 404 (Not Found), 410 (Gone), 451
(Unavailable For Legal Reasons) - **60s**: HTTP 405 (Method Not Found),
501 (Not Implemented) These defaults can be overridden in
negative_caching_policy
type: boolean
negativeCachingPolicy:
description: |-
A cache TTL for the specified HTTP status code. negative_caching must be
enabled to configure `negative_caching_policy`. The following limitations
apply: - Omitting the policy and leaving `negative_caching` enabled uses
the default TTLs for each status code, defined in `negative_caching`. -
TTLs must be >= `0` (where `0` is "always revalidate") and <= `86400s` (1
day) You can set only the following status codes: - HTTP redirection
(`300`, `301`, `302`, `307`, or `308`) - Client error (`400`, `403`,
`404`, `405`, `410`, `421`, or `451`) - Server error (`500`, `501`, `502`,
`503`, or `504`) When you specify an explicit `negative_caching_policy`,
ensure that you also specify a cache TTL for all response codes that you
wish to cache. The CDNPolicy doesn't apply any default negative caching
when a policy exists.
$ref: NegativeCachingPolicyValue.yaml
signedRequestKeyset:
description: |-
The EdgeCacheKeyset containing the set of public keys used to validate
signed requests at the edge. The following are both valid paths to an
`EdgeCacheKeyset` resource: *
`projects/project/locations/global/edgeCacheKeysets/yourKeyset` *
`yourKeyset` SignedRequestMode must be set to a value other than DISABLED
when a keyset is provided.
type: string
signedRequestMaximumExpirationTtl:
description: |-
Limits how far into the future the expiration time of a signed request can
be. When set, a signed request is rejected if its expiration time is later
than `now` + `signed_request_maximum_expiration_ttl`, where `now` is the
time at which the signed request is first handled by the CDN. - The TTL
must be > 0. - Fractions of a second are not allowed. By default,
`signed_request_maximum_expiration_ttl` is not set and the expiration time
of a signed request might be arbitrarily far into future.
type: string
signedRequestMode:
description: |-
Specifies whether to enforce signed requests. The default value is
DISABLED, which means all content is public, and does not authorize
access. You must also set a signed_request_keyset to enable signed
requests. When set to REQUIRE_SIGNATURES or REQUIRE_TOKENS, all matching
requests get their signature validated. Requests that aren't signed with
the corresponding private key, or that are otherwise invalid (such as
expired or do not match the signature, IP address, or header) are rejected
with an HTTP 403 error. If logging is turned on, then invalid requests are
also logged.
type: string
enum:
- DISABLED
- REQUIRE_SIGNATURES
- REQUIRE_TOKENS
- SIGNED_REQUEST_MODE_UNSPECIFIED
signedTokenOptions:
description: |-
Any additional options for signed tokens. `signed_token_options` can only
be specified when `signed_request_mode` is `REQUIRE_TOKENS`.
$ref: CDNPolicySignedTokenOptions.yaml