# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- name: 'BackendBucket' kind: 'compute#backendBucket' description: | Backend buckets allow you to use Google Cloud Storage buckets with HTTP(S) load balancing. An HTTP(S) load balancer can direct traffic to specified URLs to a backend bucket rather than a backend service. It can send requests for static content to a Cloud Storage bucket and requests for dynamic content to a virtual machine instance. references: guides: 'Using a Cloud Storage bucket as a load balancer backend': 'https://cloud.google.com/compute/docs/load-balancing/http/backend-bucket' api: 'https://cloud.google.com/compute/docs/reference/v1/backendBuckets' docs: base_url: 'projects/{{project}}/global/backendBuckets' has_self_link: true timeouts: insert_minutes: 20 update_minutes: 20 delete_minutes: 20 async: actions: ['create', 'delete', 'update'] type: 'OpAsync' operation: base_url: '{{op_id}}' result: resource_inside_response: false collection_url_key: 'items' iam_policy: parent_resource_attribute: 'name' example_config_body: 'templates/terraform/iam/iam_attributes.go.tmpl' import_format: - 'projects/{{project}}/global/backendBuckets/{{name}}' - '{{name}}' min_version: 'beta' custom_code: encoder: 'templates/terraform/encoders/compute_backend_bucket.go.tmpl' post_create: 'templates/terraform/post_create/compute_backend_bucket_security_policy.go.tmpl' post_update: 'templates/terraform/post_create/compute_backend_bucket_security_policy.go.tmpl' examples: - name: 'backend_bucket_basic' primary_resource_id: 'image_backend' primary_resource_name: 'fmt.Sprintf("tf-test-image-backend-bucket%s", context["random_suffix"])' vars: backend_bucket_name: 'image-backend-bucket' bucket_name: 'image-store-bucket' - name: 'backend_bucket_full' primary_resource_id: 'image_backend_full' vars: backend_bucket_name: 'image-backend-bucket-full' bucket_name: 'image-store-bucket-full' exclude_docs: true - name: 'backend_bucket_security_policy' primary_resource_id: 'image_backend' vars: backend_bucket_name: 'image-backend-bucket' bucket_name: 'image-store-bucket' - name: 'backend_bucket_query_string_whitelist' primary_resource_id: 'image_backend' vars: backend_bucket_name: 'image-backend-bucket' - name: 'backend_bucket_include_http_headers' primary_resource_id: 'image_backend' vars: backend_bucket_name: 'image-backend-bucket' - name: 'external_cdn_lb_with_backend_bucket' primary_resource_id: 'default' vars: my_bucket: 'my-bucket' index_page: 'index-page' 404_page: '404-page' test_object: 'test-object' example_ip: 'example-ip' http_lb_forwarding_rule: 'http-lb-forwarding-rule' http_lb_proxy: 'http-lb-proxy' http_lb: 'http-lb' cat_backend_bucket: 'cat-backend-bucket' exclude_docs: true - name: 'backend_bucket_bypass_cache' primary_resource_id: 'image_backend' vars: backend_bucket_name: 'image-backend-bucket' bucket_name: 'image-store-bucket' exclude_docs: true - name: 'backend_bucket_coalescing' primary_resource_id: 'image_backend' vars: backend_bucket_name: 'image-backend-bucket' bucket_name: 'image-store-bucket' exclude_docs: true parameters: properties: - name: 'bucketName' type: String description: 'Cloud Storage bucket name.' required: true - name: 'cdnPolicy' type: NestedObject description: 'Cloud CDN configuration for this Backend Bucket.' default_from_api: true properties: - name: 'cacheKeyPolicy' type: NestedObject description: 'The CacheKeyPolicy for this CdnPolicy.' properties: - name: 'queryStringWhitelist' type: Array description: | Names of query string parameters to include in cache keys. Default parameters are always included. '&' and '=' will be percent encoded and not treated as delimiters. send_empty_value: true at_least_one_of: - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' - 'cdn_policy.0.cache_key_policy.0.include_http_headers' item_type: type: String - name: 'includeHttpHeaders' type: Array description: | Allows HTTP request headers (by name) to be used in the cache key. send_empty_value: true at_least_one_of: - 'cdn_policy.0.cache_key_policy.0.query_string_whitelist' - 'cdn_policy.0.cache_key_policy.0.include_http_headers' item_type: type: String - name: 'signedUrlCacheMaxAgeSec' type: Integer description: | Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered. send_empty_value: true - name: 'defaultTtl' type: Integer description: | Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). When the `cache_mode` is set to "USE_ORIGIN_HEADERS", you must omit this field. default_from_api: true send_empty_value: true - name: 'maxTtl' type: Integer description: | Specifies the maximum allowed TTL for cached content served by this origin. When the `cache_mode` is set to "USE_ORIGIN_HEADERS", you must omit this field. default_from_api: true - name: 'clientTtl' type: Integer description: | Specifies the maximum allowed TTL for cached content served by this origin. When the `cache_mode` is set to "USE_ORIGIN_HEADERS", you must omit this field. default_from_api: true send_empty_value: true - name: 'negativeCaching' type: Boolean description: | Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. default_from_api: true send_empty_value: true - name: 'negativeCachingPolicy' type: Array description: | Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. item_type: type: NestedObject properties: - name: 'code' type: Integer description: | The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once. - name: 'ttl' type: Integer description: | The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. send_empty_value: true - name: 'cacheMode' type: Enum description: | Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC default_from_api: true enum_values: - 'USE_ORIGIN_HEADERS' - 'FORCE_CACHE_ALL' - 'CACHE_ALL_STATIC' - name: 'serveWhileStale' type: Integer description: | Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. default_from_api: true send_empty_value: true - name: 'requestCoalescing' type: Boolean description: | If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin. send_empty_value: true - name: 'bypassCacheOnRequestHeaders' type: Array description: | Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The header field name to match on when bypassing cache. Values are case-insensitive. max_size: 5 - name: 'compressionMode' type: Enum description: | Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. enum_values: - 'AUTOMATIC' - 'DISABLED' - name: 'edgeSecurityPolicy' type: String description: | The security policy associated with this backend bucket. diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' - name: 'customResponseHeaders' type: Array description: | Headers that the HTTP/S load balancer should add to proxied responses. item_type: type: String - name: 'creationTimestamp' type: Time description: 'Creation timestamp in RFC3339 text format.' output: true - name: 'description' type: String description: | An optional textual description of the resource; provided by the client when the resource is created. - name: 'enableCdn' type: Boolean description: 'If true, enable Cloud CDN for this BackendBucket.' - name: 'name' type: String description: | Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. required: true immutable: true validation: regex: '^(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?)$'