import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * EdgeCacheService defines the IP addresses, protocols, security policies, cache policies and routing configuration. * * > **Warning:** These resources require allow-listing to use, and are not openly available to all Cloud customers. Engage with your Cloud account team to discuss how to onboard. * * ## Example Usage * * ### Network Services Edge Cache Service Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const dest = new gcp.storage.Bucket("dest", { * name: "my-bucket", * location: "US", * forceDestroy: true, * }); * const instance = new gcp.networkservices.EdgeCacheOrigin("instance", { * name: "my-origin", * originAddress: dest.url, * description: "The default bucket for media edge test", * maxAttempts: 2, * timeout: { * connectTimeout: "10s", * }, * }); * const instanceEdgeCacheService = new gcp.networkservices.EdgeCacheService("instance", { * name: "my-service", * description: "some description", * routing: { * hostRules: [{ * description: "host rule description", * hosts: ["sslcert.tf-test.club"], * pathMatcher: "routes", * }], * pathMatchers: [{ * name: "routes", * routeRules: [{ * description: "a route rule to match against", * priority: "1", * matchRules: [{ * prefixMatch: "/", * }], * origin: instance.name, * routeAction: { * cdnPolicy: { * cacheMode: "CACHE_ALL_STATIC", * defaultTtl: "3600s", * }, * }, * headerAction: { * responseHeaderToAdds: [{ * headerName: "x-cache-status", * headerValue: "{cdn_cache_status}", * }], * }, * }], * }], * }, * }); * ``` * ### Network Services Edge Cache Service Advanced * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const dest = new gcp.storage.Bucket("dest", { * name: "my-bucket", * location: "US", * forceDestroy: true, * }); * const google = new gcp.networkservices.EdgeCacheOrigin("google", { * name: "origin-google", * originAddress: "google.com", * description: "The default bucket for media edge test", * maxAttempts: 2, * timeout: { * connectTimeout: "10s", * }, * }); * const instance = new gcp.networkservices.EdgeCacheOrigin("instance", { * name: "my-origin", * originAddress: dest.url, * description: "The default bucket for media edge test", * maxAttempts: 2, * timeout: { * connectTimeout: "10s", * }, * }); * const instanceEdgeCacheService = new gcp.networkservices.EdgeCacheService("instance", { * name: "my-service", * description: "some description", * disableQuic: true, * disableHttp2: true, * labels: { * a: "b", * }, * routing: { * hostRules: [ * { * description: "host rule description", * hosts: ["sslcert.tf-test.club"], * pathMatcher: "routes", * }, * { * description: "host rule2", * hosts: ["sslcert.tf-test2.club"], * pathMatcher: "routes", * }, * { * description: "host rule3", * hosts: ["sslcert.tf-test3.club"], * pathMatcher: "routesAdvanced", * }, * ], * pathMatchers: [ * { * name: "routes", * routeRules: [{ * description: "a route rule to match against", * priority: "1", * matchRules: [{ * prefixMatch: "/", * }], * origin: instance.name, * routeAction: { * cdnPolicy: { * cacheMode: "CACHE_ALL_STATIC", * defaultTtl: "3600s", * }, * }, * headerAction: { * responseHeaderToAdds: [{ * headerName: "x-cache-status", * headerValue: "{cdn_cache_status}", * }], * }, * }], * }, * { * name: "routesAdvanced", * description: "an advanced ruleset", * routeRules: [ * { * description: "an advanced route rule to match against", * priority: "1", * matchRules: [ * { * prefixMatch: "/potato/", * queryParameterMatches: [ * { * name: "debug", * presentMatch: true, * }, * { * name: "state", * exactMatch: "debug", * }, * ], * }, * { * fullPathMatch: "/apple", * }, * ], * headerAction: { * requestHeaderToAdds: [ * { * headerName: "debug", * headerValue: "true", * replace: true, * }, * { * headerName: "potato", * headerValue: "plant", * }, * ], * responseHeaderToAdds: [{ * headerName: "potato", * headerValue: "plant", * replace: true, * }], * requestHeaderToRemoves: [{ * headerName: "prod", * }], * responseHeaderToRemoves: [{ * headerName: "prod", * }], * }, * origin: instance.name, * routeAction: { * cdnPolicy: { * cacheMode: "CACHE_ALL_STATIC", * defaultTtl: "3800s", * clientTtl: "3600s", * maxTtl: "9000s", * cacheKeyPolicy: { * includeProtocol: true, * excludeHost: true, * includedQueryParameters: [ * "apple", * "dev", * "santa", * "claus", * ], * includedHeaderNames: ["banana"], * includedCookieNames: ["orange"], * }, * negativeCaching: true, * signedRequestMode: "DISABLED", * negativeCachingPolicy: { * "500": "3000s", * }, * }, * urlRewrite: { * pathPrefixRewrite: "/dev", * hostRewrite: "dev.club", * }, * corsPolicy: { * maxAge: "2500s", * allowCredentials: true, * allowOrigins: ["*"], * allowMethods: ["GET"], * allowHeaders: ["dev"], * exposeHeaders: ["prod"], * }, * }, * }, * { * description: "a second route rule to match against", * priority: "2", * matchRules: [{ * fullPathMatch: "/yay", * }], * origin: instance.name, * routeAction: { * cdnPolicy: { * cacheMode: "CACHE_ALL_STATIC", * defaultTtl: "3600s", * cacheKeyPolicy: { * excludedQueryParameters: ["dev"], * }, * }, * corsPolicy: { * maxAge: "3000s", * allowHeaders: ["dev"], * disabled: true, * }, * }, * }, * ], * }, * ], * }, * logConfig: { * enable: true, * sampleRate: 0.01, * }, * }); * ``` * ### Network Services Edge Cache Service Dual Token * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const secret_basic = new gcp.secretmanager.Secret("secret-basic", { * secretId: "secret-name", * replication: { * auto: {}, * }, * }); * const secret_version_basic = new gcp.secretmanager.SecretVersion("secret-version-basic", { * secret: secret_basic.id, * secretData: "secret-data", * }); * const keyset = new gcp.networkservices.EdgeCacheKeyset("keyset", { * name: "keyset-name", * description: "The default keyset", * publicKeys: [{ * id: "my-public-key", * managed: true, * }], * validationSharedKeys: [{ * secretVersion: secret_version_basic.id, * }], * }); * const instance = new gcp.networkservices.EdgeCacheOrigin("instance", { * name: "my-origin", * originAddress: "gs://media-edge-default", * description: "The default bucket for media edge test", * }); * const instanceEdgeCacheService = new gcp.networkservices.EdgeCacheService("instance", { * name: "my-service", * description: "some description", * routing: { * hostRules: [{ * description: "host rule description", * hosts: ["sslcert.tf-test.club"], * pathMatcher: "routes", * }], * pathMatchers: [{ * name: "routes", * routeRules: [ * { * description: "a route rule to match against master playlist", * priority: "1", * matchRules: [{ * pathTemplateMatch: "/master.m3u8", * }], * origin: instance.name, * routeAction: { * cdnPolicy: { * signedRequestMode: "REQUIRE_TOKENS", * signedRequestKeyset: keyset.id, * signedTokenOptions: { * tokenQueryParameter: "edge-cache-token", * }, * signedRequestMaximumExpirationTtl: "600s", * addSignatures: { * actions: "GENERATE_COOKIE", * keyset: keyset.id, * copiedParameters: [ * "PathGlobs", * "SessionID", * ], * }, * }, * }, * }, * { * description: "a route rule to match against all playlists", * priority: "2", * matchRules: [{ * pathTemplateMatch: "/*.m3u8", * }], * origin: instance.name, * routeAction: { * cdnPolicy: { * signedRequestMode: "REQUIRE_TOKENS", * signedRequestKeyset: keyset.id, * signedTokenOptions: { * tokenQueryParameter: "hdnts", * allowedSignatureAlgorithms: [ * "ED25519", * "HMAC_SHA_256", * "HMAC_SHA1", * ], * }, * addSignatures: { * actions: "GENERATE_TOKEN_HLS_COOKIELESS", * keyset: keyset.id, * tokenTtl: "1200s", * tokenQueryParameter: "hdntl", * copiedParameters: ["URLPrefix"], * }, * }, * }, * }, * { * description: "a route rule to match against", * priority: "3", * matchRules: [{ * pathTemplateMatch: "/**.m3u8", * }], * origin: instance.name, * routeAction: { * cdnPolicy: { * signedRequestMode: "REQUIRE_TOKENS", * signedRequestKeyset: keyset.id, * signedTokenOptions: { * tokenQueryParameter: "hdntl", * }, * addSignatures: { * actions: "PROPAGATE_TOKEN_HLS_COOKIELESS", * tokenQueryParameter: "hdntl", * }, * }, * }, * }, * ], * }], * }, * }); * ``` * * ## Import * * EdgeCacheService can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/global/edgeCacheServices/{{name}}` * * `{{project}}/{{name}}` * * `{{name}}` * * When using the `pulumi import` command, EdgeCacheService can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:networkservices/edgeCacheService:EdgeCacheService default projects/{{project}}/locations/global/edgeCacheServices/{{name}} * $ pulumi import gcp:networkservices/edgeCacheService:EdgeCacheService default {{project}}/{{name}} * $ pulumi import gcp:networkservices/edgeCacheService:EdgeCacheService default {{name}} * ``` */ export declare class EdgeCacheService extends pulumi.CustomResource { /** * Get an existing EdgeCacheService resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: EdgeCacheServiceState, opts?: pulumi.CustomResourceOptions): EdgeCacheService; /** * Returns true if the given object is an instance of EdgeCacheService. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is EdgeCacheService; /** * A human-readable description of the resource. */ readonly description: pulumi.Output; /** * Disables HTTP/2. * HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. * Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. */ readonly disableHttp2: pulumi.Output; /** * HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. */ readonly disableQuic: pulumi.Output; /** * Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService. */ readonly edgeSecurityPolicy: pulumi.Output; /** * URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. * Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. */ readonly edgeSslCertificates: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service. */ readonly ipv4Addresses: pulumi.Output; /** * The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service. */ readonly ipv6Addresses: pulumi.Output; /** * Set of label tags associated with the EdgeCache resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging. * Structure is documented below. */ readonly logConfig: pulumi.Output; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, * and all following characters must be a dash, underscore, letter or digit. */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * Require TLS (HTTPS) for all clients connecting to this service. * Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). * You must have at least one (1) edgeSslCertificate specified to enable this. */ readonly requireTls: pulumi.Output; /** * Defines how requests are routed, modified, cached and/or which origin content is filled from. * Structure is documented below. */ readonly routing: pulumi.Output; /** * URL of the SslPolicy resource that will be associated with the EdgeCacheService. * If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. */ readonly sslPolicy: pulumi.Output; /** * Create a EdgeCacheService resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: EdgeCacheServiceArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering EdgeCacheService resources. */ export interface EdgeCacheServiceState { /** * A human-readable description of the resource. */ description?: pulumi.Input; /** * Disables HTTP/2. * HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. * Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. */ disableHttp2?: pulumi.Input; /** * HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. */ disableQuic?: pulumi.Input; /** * Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService. */ edgeSecurityPolicy?: pulumi.Input; /** * URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. * Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. */ edgeSslCertificates?: pulumi.Input[]>; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service. */ ipv4Addresses?: pulumi.Input[]>; /** * The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service. */ ipv6Addresses?: pulumi.Input[]>; /** * Set of label tags associated with the EdgeCache resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging. * Structure is documented below. */ logConfig?: pulumi.Input; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, * and all following characters must be a dash, underscore, letter or digit. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Require TLS (HTTPS) for all clients connecting to this service. * Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). * You must have at least one (1) edgeSslCertificate specified to enable this. */ requireTls?: pulumi.Input; /** * Defines how requests are routed, modified, cached and/or which origin content is filled from. * Structure is documented below. */ routing?: pulumi.Input; /** * URL of the SslPolicy resource that will be associated with the EdgeCacheService. * If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. */ sslPolicy?: pulumi.Input; } /** * The set of arguments for constructing a EdgeCacheService resource. */ export interface EdgeCacheServiceArgs { /** * A human-readable description of the resource. */ description?: pulumi.Input; /** * Disables HTTP/2. * HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. * Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. */ disableHttp2?: pulumi.Input; /** * HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. */ disableQuic?: pulumi.Input; /** * Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService. */ edgeSecurityPolicy?: pulumi.Input; /** * URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. * Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. */ edgeSslCertificates?: pulumi.Input[]>; /** * Set of label tags associated with the EdgeCache resource. * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging. * Structure is documented below. */ logConfig?: pulumi.Input; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, * and all following characters must be a dash, underscore, letter or digit. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Require TLS (HTTPS) for all clients connecting to this service. * Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). * You must have at least one (1) edgeSslCertificate specified to enable this. */ requireTls?: pulumi.Input; /** * Defines how requests are routed, modified, cached and/or which origin content is filled from. * Structure is documented below. */ routing: pulumi.Input; /** * URL of the SslPolicy resource that will be associated with the EdgeCacheService. * If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. */ sslPolicy?: pulumi.Input; }