# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- name: 'UrlMap' kind: 'compute#urlMap' description: | UrlMaps are used to route requests to a backend service based on rules that you define for the host and path of an incoming URL. references: guides: 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/url-map-concepts' api: 'https://cloud.google.com/compute/docs/reference/rest/v1/urlMaps' docs: base_url: 'projects/{{project}}/global/urlMaps' has_self_link: true timeouts: insert_minutes: 20 update_minutes: 20 delete_minutes: 20 async: actions: ['create', 'delete', 'update'] type: 'OpAsync' operation: base_url: '{{op_id}}' result: resource_inside_response: false collection_url_key: 'items' custom_code: examples: - name: 'url_map_bucket_and_service' primary_resource_id: 'urlmap' vars: url_map_name: 'urlmap' login_backend_service_name: 'login' http_health_check_name: 'health-check' backend_bucket_name: 'static-asset-backend-bucket' storage_bucket_name: 'static-asset-bucket' - name: 'url_map_traffic_director_route' primary_resource_id: 'urlmap' vars: url_map_name: 'urlmap' home_backend_service_name: 'home' health_check_name: 'health-check' - name: 'url_map_traffic_director_route_partial' primary_resource_id: 'urlmap' vars: url_map_name: 'urlmap' home_backend_service_name: 'home' health_check_name: 'health-check' - name: 'url_map_traffic_director_path' primary_resource_id: 'urlmap' vars: url_map_name: 'urlmap' home_backend_service_name: 'home' health_check_name: 'health-check' - name: 'url_map_traffic_director_path_partial' primary_resource_id: 'urlmap' vars: url_map_name: 'urlmap' home_backend_service_name: 'home' health_check_name: 'health-check' - name: 'url_map_header_based_routing' primary_resource_id: 'urlmap' vars: url_map_name: 'urlmap' default_backend_service_name: 'default' service_a_backend_service_name: 'service-a' service_b_backend_service_name: 'service-b' health_check_name: 'health-check' - name: 'url_map_parameter_based_routing' primary_resource_id: 'urlmap' vars: url_map_name: 'urlmap' default_backend_service_name: 'default' service_a_backend_service_name: 'service-a' service_b_backend_service_name: 'service-b' health_check_name: 'health-check' - name: 'external_http_lb_mig_backend' primary_resource_id: 'default' vars: lb_backend_template: 'lb-backend-template' lb_backend_example: 'lb-backend-example' fw_allow_health_check: 'fw-allow-health-check' lb_ipv4_1: 'lb-ipv4-1' http_basic_check: 'http-basic-check' web_backend_service: 'web-backend-service' web_map_http: 'web-map-http' http_lb_proxy: 'http-lb-proxy' http_content_rule: 'http-content-rule' ignore_read_extra: - 'metadata' - 'metadata_startup_script' # Very similar to external_http_lb_mig_backend_custom_header exclude_test: true exclude_docs: true - name: 'url_map_path_template_match' primary_resource_id: 'urlmap' vars: url_map_name: 'urlmap' cart_backend_service_name: 'cart-service' user_backend_service_name: 'user-service' http_health_check_name: 'health-check' backend_bucket_name: 'static-asset-backend-bucket' storage_bucket_name: 'static-asset-bucket' - name: 'url_map_custom_error_response_policy' primary_resource_id: 'urlmap' min_version: 'beta' vars: url_map_name: 'urlmap' backend_service_name: 'login' http_health_check_name: 'health-check' storage_bucket_name: 'static-asset-bucket' error_backend_bucket_name: 'error-backend-bucket' parameters: properties: - name: 'creationTimestamp' type: Time description: 'Creation timestamp in RFC3339 text format.' output: true - name: 'defaultService' type: ResourceRef description: |- The backend service or backend bucket to use when none of the given rules match. exactly_one_of: - 'default_service' - 'default_url_redirect' - 'default_route_action.0.weighted_backend_services' custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'description' type: String description: | An optional description of this resource. Provide this property when you create the resource. - name: 'map_id' type: Integer description: 'The unique identifier for the resource.' api_name: id output: true - name: 'fingerprint' type: Fingerprint description: | Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. output: true - name: 'headerAction' type: NestedObject description: | Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction specified here take effect after headerAction specified under pathMatcher. properties: - name: 'requestHeadersToAdd' type: Array description: | Headers to add to a matching request prior to forwarding the request to the backendService. at_least_one_of: - 'header_action.0.request_headers_to_add' - 'header_action.0.request_headers_to_remove' - 'header_action.0.response_headers_to_add' - 'header_action.0.response_headers_to_remove' item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'requestHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. at_least_one_of: - 'header_action.0.request_headers_to_add' - 'header_action.0.request_headers_to_remove' - 'header_action.0.response_headers_to_add' - 'header_action.0.response_headers_to_remove' item_type: type: String - name: 'responseHeadersToAdd' type: Array description: | Headers to add the response prior to sending the response back to the client. at_least_one_of: - 'header_action.0.request_headers_to_add' - 'header_action.0.request_headers_to_remove' - 'header_action.0.response_headers_to_add' - 'header_action.0.response_headers_to_remove' item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'responseHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the response prior to sending the response back to the client. at_least_one_of: - 'header_action.0.request_headers_to_add' - 'header_action.0.request_headers_to_remove' - 'header_action.0.response_headers_to_add' - 'header_action.0.response_headers_to_remove' item_type: type: String - name: 'host_rule' type: Array description: | The list of HostRules to use against the URL. api_name: hostRules is_set: true item_type: type: NestedObject properties: - name: 'description' type: String description: | An optional description of this resource. Provide this property when you create the resource. - name: 'hosts' type: Array description: | The list of host patterns to match. They must be valid hostnames, except * will match any string of ([a-z0-9-.]*). In that case, * must be the first character and must be followed in the pattern by either - or .. is_set: true required: true item_type: type: String - name: 'pathMatcher' type: String description: | The name of the PathMatcher to use to match the path portion of the URL if the hostRule matches the URL's host portion. required: true - name: 'name' type: String description: | Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. required: true immutable: true - name: 'path_matcher' type: Array description: | The list of named PathMatchers to use against the URL. api_name: pathMatchers item_type: type: NestedObject properties: - name: 'defaultService' type: ResourceRef description: The backend service or backend bucket to use when none of the given paths match. # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. # (github.com/hashicorp/terraform-plugin-sdk/issues/470) # exactly_one_of: # - path_matchers.0.default_service # - path_matchers.0.default_url_redirect # - path_matchers.0.default_route_action.0.weighted_backend_services custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'description' type: String description: | An optional description of this resource. Provide this property when you create the resource. - name: 'defaultCustomErrorResponsePolicy' type: NestedObject description: | defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendService or BackendBucket responds with an error. This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors A RouteRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. defaultCustomErrorResponsePolicy is supported only for global external Application Load Balancers. min_version: 'beta' properties: - name: 'errorResponseRule' type: Array description: | Specifies rules for returning error responses. In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. api_name: errorResponseRules item_type: type: NestedObject properties: - name: 'matchResponseCodes' type: Array description: | Valid values include: - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. item_type: type: String - name: 'path' type: String description: | The full path to a file within backendBucket . For example: /errors/defaultError.html path must start with a leading slash. path cannot have trailing slashes. If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. The value must be from 1 to 1024 characters - name: 'overrideResponseCode' type: Integer description: | The HTTP status code returned with the response containing the custom error content. If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. - name: 'errorService' type: ResourceRef description: | The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket compute/v1/projects/project/global/backendBuckets/myBackendBucket global/backendBuckets/myBackendBucket If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). resource: 'BackendBucket' imports: 'selfLink' - name: 'headerAction' type: NestedObject description: | Specifies changes to request and response headers that need to take effect for the selected backendService. HeaderAction specified here are applied after the matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap properties: - name: 'requestHeadersToAdd' type: Array description: | Headers to add to a matching request prior to forwarding the request to the backendService. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'requestHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. item_type: type: String - name: 'responseHeadersToAdd' type: Array description: | Headers to add the response prior to sending the response back to the client. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'responseHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the response prior to sending the response back to the client. item_type: type: String - name: 'name' type: String description: | The name to which this PathMatcher is referred by the HostRule. required: true - name: 'path_rule' type: Array description: | The list of path rules. Use this list instead of routeRules when routing based on simple path matching is all that's required. The order by which path rules are specified does not matter. Matches are always done on the longest-path-first basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* irrespective of the order in which those paths appear in this list. Within a given pathMatcher, only one of pathRules or routeRules must be set. api_name: pathRules item_type: type: NestedObject properties: - name: 'service' type: ResourceRef description: The backend service or backend bucket to use if any of the given paths match. custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'paths' type: Array description: | The list of path patterns to match. Each must start with / and the only place a \* is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here. is_set: true required: true item_type: type: String - name: 'customErrorResponsePolicy' type: NestedObject description: | customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendService or BackendBucket responds with an error. If a policy for an error code is not configured for the PathRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors A PathRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in PathRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. customErrorResponsePolicy is supported only for global external Application Load Balancers. min_version: 'beta' properties: - name: 'errorResponseRule' type: Array description: | Specifies rules for returning error responses. In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. api_name: errorResponseRules item_type: type: NestedObject properties: - name: 'matchResponseCodes' type: Array description: | Valid values include: - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. item_type: type: String - name: 'path' type: String description: | The full path to a file within backendBucket . For example: /errors/defaultError.html path must start with a leading slash. path cannot have trailing slashes. If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. The value must be from 1 to 1024 characters - name: 'overrideResponseCode' type: Integer description: | The HTTP status code returned with the response containing the custom error content. If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. - name: 'errorService' type: ResourceRef description: | The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket compute/v1/projects/project/global/backendBuckets/myBackendBucket global/backendBuckets/myBackendBucket If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). resource: 'BackendBucket' imports: 'selfLink' - name: 'routeAction' type: NestedObject description: | In response to a matching path, the load balancer performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of routeAction or urlRedirect must be set. properties: - name: 'corsPolicy' type: NestedObject description: | The specification for allowing client side cross-origin requests. Please see W3C Recommendation for Cross Origin Resource Sharing properties: - name: 'allowCredentials' type: Boolean description: | In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access- Control-Allow-Credentials header. Defaults to false. default_value: false - name: 'allowHeaders' type: Array description: | Specifies the content for the Access-Control-Allow-Headers header. item_type: type: String - name: 'allowMethods' type: Array description: | Specifies the content for the Access-Control-Allow-Methods header. item_type: type: String - name: 'allowOriginRegexes' type: Array description: | Specifies the regular expression patterns that match allowed origins. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript An origin is allowed if it matches either allow_origins or allow_origin_regex. item_type: type: String - name: 'allowOrigins' type: Array description: | Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either allow_origins or allow_origin_regex. item_type: type: String - name: 'disabled' type: Boolean description: | If true, specifies the CORS policy is disabled. required: true - name: 'exposeHeaders' type: Array description: | Specifies the content for the Access-Control-Expose-Headers header. item_type: type: String - name: 'maxAge' type: Integer description: | Specifies how long the results of a preflight request can be cached. This translates to the content for the Access-Control-Max-Age header. - name: 'faultInjectionPolicy' type: NestedObject description: | The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the Loadbalancer for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy. properties: - name: 'abort' type: NestedObject description: | The specification for how client requests are aborted as part of fault injection. properties: - name: 'httpStatus' type: Integer description: | The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. required: true - name: 'percentage' type: Double description: | The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. The value must be between 0.0 and 100.0 inclusive. required: true - name: 'delay' type: NestedObject description: | The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. properties: - name: 'fixedDelay' type: NestedObject description: | Specifies the value of the fixed delay interval. required: true properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. required: true - name: 'percentage' type: Double description: | The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. The value must be between 0.0 and 100.0 inclusive. required: true - name: 'requestMirrorPolicy' type: NestedObject description: | Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. properties: - name: 'backendService' type: ResourceRef description: | The BackendService resource being mirrored to. required: true custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'retryPolicy' type: NestedObject description: | Specifies the retry policy associated with this route. properties: - name: 'numRetries' type: Integer description: | Specifies the allowed number retries. This number must be > 0. - name: 'perTryTimeout' type: NestedObject description: | Specifies a non-zero timeout per retry attempt. properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. required: true - name: 'retryConditions' type: Array description: | Specifies one or more conditions when this retry rule applies. Valid values are: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, for example: disconnects, reset, read timeout, connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. * connect-failure: Loadbalancer will retry on failures connecting to backend services, for example due to connection timeouts. * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. Currently the only retriable error supported is 409. * refused-stream: Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable item_type: type: String - name: 'timeout' type: NestedObject description: | Specifies the timeout for the selected route. Timeout is computed from the time the request is has been fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. If not specified, the default value is 15 seconds. properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. required: true - name: 'maxStreamDuration' type: NestedObject description: | Specifies the maximum duration (timeout) for streams on the selected route. Unlike the `Timeout` field where the timeout duration starts from the time the request has been fully processed (known as end-of-stream), the duration in this field is computed from the beginning of the stream until the response has been processed, including all retries. A stream that does not complete in this duration is closed. default_from_api: true properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. required: true - name: 'urlRewrite' type: NestedObject description: | The spec to modify the URL of the request, prior to forwarding the request to the matched service properties: - name: 'hostRewrite' type: String description: | Prior to forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be between 1 and 255 characters. - name: 'pathPrefixRewrite' type: String description: | Prior to forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. - name: 'weightedBackendServices' type: Array description: | A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non 0 number. Once a backendService is identified and before forwarding the request to the backend service, advanced routing actions like Url rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. item_type: type: NestedObject properties: - name: 'backendService' type: ResourceRef description: | The default BackendService resource. Before forwarding the request to backendService, the loadbalancer applies any relevant headerActions specified as part of this backendServiceWeight. required: true custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'headerAction' type: NestedObject description: | Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. properties: - name: 'requestHeadersToAdd' type: Array description: | Headers to add to a matching request prior to forwarding the request to the backendService. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'requestHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. item_type: type: String - name: 'responseHeadersToAdd' type: Array description: | Headers to add the response prior to sending the response back to the client. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'responseHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the response prior to sending the response back to the client. item_type: type: String - name: 'weight' type: Integer description: | Specifies the fraction of traffic sent to backendService, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backendService, subsequent requests will be sent to the same backendService as determined by the BackendService's session affinity policy. The value must be between 0 and 1000 required: true - name: 'urlRedirect' type: NestedObject description: | When a path pattern is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. properties: - name: 'hostRedirect' type: String description: | The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. - name: 'httpsRedirect' type: Boolean description: | If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. default_value: false - name: 'pathRedirect' type: String description: | The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - name: 'prefixRedirect' type: String description: | The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - name: 'redirectResponseCode' type: Enum description: | The HTTP Status code to use for this RedirectAction. Supported values are: * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. * FOUND, which corresponds to 302. * SEE_OTHER which corresponds to 303. * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. enum_values: - 'FOUND' - 'MOVED_PERMANENTLY_DEFAULT' - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. This field is required to ensure an empty block is not set. The normal default value is false. required: true - name: 'routeRules' type: Array description: | The list of ordered HTTP route rules. Use this list instead of pathRules when advanced route matching and routing actions are desired. The order of specifying routeRules matters: the first rule that matches will cause its specified routing action to take effect. Within a given pathMatcher, only one of pathRules or routeRules must be set. routeRules are not supported in UrlMaps intended for External load balancers. item_type: type: NestedObject properties: - name: 'priority' type: Integer description: | For routeRules within a given pathMatcher, priority determines the order in which load balancer will interpret routeRules. RouteRules are evaluated in order of priority, from the lowest to highest number. The priority of a rule decreases as its number increases (1, 2, 3, N+1). The first rule that matches the request is applied. You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 0 and 2147483647 inclusive. Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. required: true - name: 'service' type: ResourceRef description: | The backend service resource to which traffic is directed if this rule is matched. If routeAction is additionally specified, advanced routing actions like URL Rewrites, etc. take effect prior to sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendService s. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set. custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'headerAction' type: NestedObject description: | Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction specified here are applied before the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r outeAction.weightedBackendService.backendServiceWeightAction[].headerAction properties: - name: 'requestHeadersToAdd' type: Array description: | Headers to add to a matching request prior to forwarding the request to the backendService. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'requestHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. item_type: type: String - name: 'responseHeadersToAdd' type: Array description: | Headers to add the response prior to sending the response back to the client. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'responseHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the response prior to sending the response back to the client. item_type: type: String - name: 'matchRules' type: Array description: | The rules for determining a match. item_type: type: NestedObject properties: - name: 'fullPathMatch' type: String description: | For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL. FullPathMatch must be between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified. - name: 'headerMatches' type: Array description: | Specifies a list of header match criteria, all of which must match corresponding headers in the request. item_type: type: NestedObject properties: - name: 'exactMatch' type: String description: | The value should exactly match contents of exactMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - name: 'headerName' type: String description: | The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name ":authority". For matching a request's method, use the headerName ":method". required: true - name: 'invertMatch' type: Boolean description: | If set to false, the headerMatch is considered a match if the match criteria above are met. If set to true, the headerMatch is considered a match if the match criteria above are NOT met. Defaults to false. default_value: false - name: 'prefixMatch' type: String description: | The value of the header must start with the contents of prefixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - name: 'presentMatch' type: Boolean description: | A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value or not. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - name: 'rangeMatch' type: NestedObject description: | The header value must be an integer and its value must be in the range specified in rangeMatch. If the header does not contain an integer, number or is empty, the match fails. For example for a range [-5, 0] - -3 will match. - 0 will not match. - 0.25 will not match. - -3someString will not match. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. properties: - name: 'rangeEnd' type: Integer description: | The end of the range (exclusive). required: true - name: 'rangeStart' type: Integer description: | The start of the range (inclusive). required: true - name: 'regexMatch' type: String description: | The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to PORT and a regular expression that satisfies the RFC2616 Host header's port specifier. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - name: 'suffixMatch' type: String description: | The value of the header must end with the contents of suffixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - name: 'ignoreCase' type: Boolean description: | Specifies that prefixMatch and fullPathMatch matches are case sensitive. Defaults to false. default_value: false - name: 'metadataFilters' type: Array description: | Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overrides those specified in ForwardingRule that refers to this UrlMap. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. item_type: type: NestedObject properties: - name: 'filterLabels' type: Array description: | The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. required: true item_type: type: NestedObject properties: - name: 'name' type: String description: | Name of metadata label. The name can have a maximum length of 1024 characters and must be at least 1 character long. required: true - name: 'value' type: String description: | The value of the label must match the specified value. value can have a maximum length of 1024 characters. required: true min_size: 1 max_size: 64 - name: 'filterMatchCriteria' type: Enum description: | Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. Supported values are: - MATCH_ANY: At least one of the filterLabels must have a matching label in the provided metadata. - MATCH_ALL: All filterLabels must have matching labels in the provided metadata. required: true enum_values: - 'MATCH_ALL' - 'MATCH_ANY' - name: 'prefixMatch' type: String description: | For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. The value must be between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified. - name: 'queryParameterMatches' type: Array description: | Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request. item_type: type: NestedObject properties: - name: 'exactMatch' type: String description: | The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch must be set. - name: 'name' type: String description: | The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails. required: true - name: 'presentMatch' type: Boolean description: | Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not. Only one of presentMatch, exactMatch and regexMatch must be set. - name: 'regexMatch' type: String description: | The queryParameterMatch matches if the value of the parameter matches the regular expression specified by regexMatch. For the regular expression grammar, please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, exactMatch and regexMatch must be set. - name: 'regexMatch' type: String description: | For satisfying the matchRule condition, the path of the request must satisfy the regular expression specified in regexMatch after removing any query parameters and anchor supplied with the original URL. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, fullPathMatch or regexMatch must be specified. - name: 'pathTemplateMatch' type: String description: | For satisfying the matchRule condition, the path of the request must match the wildcard pattern specified in pathTemplateMatch after removing any query parameters and anchor that may be part of the original URL. pathTemplateMatch must be between 1 and 255 characters (inclusive). The pattern specified by pathTemplateMatch may have at most 5 wildcard operators and at most 5 variable captures in total. - name: 'routeAction' type: NestedObject description: | In response to a matching matchRule, the load balancer performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of routeAction or urlRedirect must be set. properties: - name: 'corsPolicy' type: NestedObject description: | The specification for allowing client side cross-origin requests. Please see W3C Recommendation for Cross Origin Resource Sharing properties: - name: 'allowCredentials' type: Boolean description: | In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access- Control-Allow-Credentials header. Defaults to false. default_value: false - name: 'allowHeaders' type: Array description: | Specifies the content for the Access-Control-Allow-Headers header. item_type: type: String - name: 'allowMethods' type: Array description: | Specifies the content for the Access-Control-Allow-Methods header. item_type: type: String - name: 'allowOriginRegexes' type: Array description: | Specifies the regular expression patterns that match allowed origins. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript An origin is allowed if it matches either allow_origins or allow_origin_regex. item_type: type: String - name: 'allowOrigins' type: Array description: | Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either allow_origins or allow_origin_regex. item_type: type: String - name: 'disabled' type: Boolean description: | If true, specifies the CORS policy is disabled. which indicates that the CORS policy is in effect. Defaults to false. default_value: false - name: 'exposeHeaders' type: Array description: | Specifies the content for the Access-Control-Expose-Headers header. item_type: type: String - name: 'maxAge' type: Integer description: | Specifies how long the results of a preflight request can be cached. This translates to the content for the Access-Control-Max-Age header. - name: 'faultInjectionPolicy' type: NestedObject description: | The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the Loadbalancer for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy. properties: - name: 'abort' type: NestedObject description: | The specification for how client requests are aborted as part of fault injection. properties: - name: 'httpStatus' type: Integer description: | The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. - name: 'percentage' type: Double description: | The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. The value must be between 0.0 and 100.0 inclusive. - name: 'delay' type: NestedObject description: | The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. properties: - name: 'fixedDelay' type: NestedObject description: | Specifies the value of the fixed delay interval. properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. required: true - name: 'percentage' type: Double description: | The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. The value must be between 0.0 and 100.0 inclusive. - name: 'requestMirrorPolicy' type: NestedObject description: | Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. properties: - name: 'backendService' type: ResourceRef description: | The BackendService resource being mirrored to. required: true custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'retryPolicy' type: NestedObject description: | Specifies the retry policy associated with this route. properties: - name: 'numRetries' type: Integer description: | Specifies the allowed number retries. This number must be > 0. required: true - name: 'perTryTimeout' type: NestedObject description: | Specifies a non-zero timeout per retry attempt. If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, will use the largest timeout among all backend services associated with the route. properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. required: true - name: 'retryConditions' type: Array description: | Specfies one or more conditions when this retry rule applies. Valid values are: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, for example: disconnects, reset, read timeout, connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. * connect-failure: Loadbalancer will retry on failures connecting to backend services, for example due to connection timeouts. * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. Currently the only retriable error supported is 409. * refused-stream: Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable item_type: type: String - name: 'timeout' type: NestedObject description: | Specifies the timeout for the selected route. Timeout is computed from the time the request is has been fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. If not specified, the default value is 15 seconds. properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. required: true - name: 'maxStreamDuration' type: NestedObject description: | Specifies the maximum duration (timeout) for streams on the selected route. Unlike the `Timeout` field where the timeout duration starts from the time the request has been fully processed (known as end-of-stream), the duration in this field is computed from the beginning of the stream until the response has been processed, including all retries. A stream that does not complete in this duration is closed. default_from_api: true properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. required: true - name: 'urlRewrite' type: NestedObject description: | The spec to modify the URL of the request, prior to forwarding the request to the matched service properties: - name: 'hostRewrite' type: String description: | Prior to forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be between 1 and 255 characters. - name: 'pathPrefixRewrite' type: String description: | Prior to forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. - name: 'pathTemplateRewrite' type: String description: | Prior to forwarding the request to the selected origin, if the request matched a pathTemplateMatch, the matching portion of the request's path is replaced re-written using the pattern specified by pathTemplateRewrite. pathTemplateRewrite must be between 1 and 255 characters (inclusive), must start with a '/', and must only use variables captured by the route's pathTemplate matchers. pathTemplateRewrite may only be used when all of a route's MatchRules specify pathTemplate. Only one of pathPrefixRewrite and pathTemplateRewrite may be specified. - name: 'weightedBackendServices' type: Array description: | A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non 0 number. Once a backendService is identified and before forwarding the request to the backend service, advanced routing actions like Url rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. item_type: type: NestedObject properties: - name: 'backendService' type: ResourceRef description: | The default BackendService resource. Before forwarding the request to backendService, the loadbalancer applies any relevant headerActions specified as part of this backendServiceWeight. required: true custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'headerAction' type: NestedObject description: | Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. properties: - name: 'requestHeadersToAdd' type: Array description: | Headers to add to a matching request prior to forwarding the request to the backendService. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'requestHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. item_type: type: String - name: 'responseHeadersToAdd' type: Array description: | Headers to add the response prior to sending the response back to the client. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header. required: true - name: 'headerValue' type: String description: | The value of the header to add. required: true - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. required: true - name: 'responseHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the response prior to sending the response back to the client. item_type: type: String - name: 'weight' type: Integer description: | Specifies the fraction of traffic sent to backendService, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backendService, subsequent requests will be sent to the same backendService as determined by the BackendService's session affinity policy. The value must be between 0 and 1000 required: true - name: 'urlRedirect' type: NestedObject description: | When this rule is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. properties: - name: 'hostRedirect' type: String description: | The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. - name: 'httpsRedirect' type: Boolean description: | If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. Defaults to false. default_value: false - name: 'pathRedirect' type: String description: | The path that will be used in the redirect response instead of the one that was supplied in the request. Only one of pathRedirect or prefixRedirect must be specified. The value must be between 1 and 1024 characters. - name: 'prefixRedirect' type: String description: | The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. - name: 'redirectResponseCode' type: Enum description: | The HTTP Status code to use for this RedirectAction. Supported values are: * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. * FOUND, which corresponds to 302. * SEE_OTHER which corresponds to 303. * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. enum_values: - 'FOUND' - 'MOVED_PERMANENTLY_DEFAULT' - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. Defaults to false. default_value: false - name: 'customErrorResponsePolicy' type: NestedObject description: | customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendService or BackendBucket responds with an error. min_version: 'beta' properties: - name: 'errorResponseRule' type: Array description: | Specifies rules for returning error responses. In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. api_name: errorResponseRules item_type: type: NestedObject properties: - name: 'matchResponseCodes' type: Array description: | Valid values include: - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. item_type: type: String - name: 'path' type: String description: | The full path to a file within backendBucket . For example: /errors/defaultError.html path must start with a leading slash. path cannot have trailing slashes. If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. The value must be from 1 to 1024 characters - name: 'overrideResponseCode' type: Integer description: | The HTTP status code returned with the response containing the custom error content. If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. - name: 'errorService' type: ResourceRef description: | The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket compute/v1/projects/project/global/backendBuckets/myBackendBucket global/backendBuckets/myBackendBucket If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). resource: 'BackendBucket' imports: 'selfLink' - name: 'defaultUrlRedirect' type: NestedObject # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. # (github.com/hashicorp/terraform-plugin-sdk/issues/470) # exactly_one_of: # - path_matchers.0.default_service # - path_matchers.0.default_url_redirect # - path_matchers.0.default_route_action.0.weighted_backend_services description: | When none of the specified hostRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. properties: - name: 'hostRedirect' type: String description: | The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. - name: 'httpsRedirect' type: Boolean description: | If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. default_value: false - name: 'pathRedirect' type: String description: | The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - name: 'prefixRedirect' type: String description: | The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - name: 'redirectResponseCode' type: Enum description: | The HTTP Status code to use for this RedirectAction. Supported values are: * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. * FOUND, which corresponds to 302. * SEE_OTHER which corresponds to 303. * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. enum_values: - 'FOUND' - 'MOVED_PERMANENTLY_DEFAULT' - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. This field is required to ensure an empty block is not set. The normal default value is false. required: true - name: 'defaultRouteAction' type: NestedObject # TODO: (mbang) conflicts also won't work for array path matchers yet, uncomment here once supported. # conflicts: # - path_matcher.path_matcher.default_url_redirect description: | defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. Only one of defaultRouteAction or defaultUrlRedirect must be set. properties: - name: 'weightedBackendServices' type: Array # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. # (github.com/hashicorp/terraform-plugin-sdk/issues/470) # exactly_one_of: # - path_matchers.0.default_service # - path_matchers.0.default_url_redirect # - path_matchers.0.default_route_action.0.weighted_backend_services description: | A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non 0 number. Once a backendService is identified and before forwarding the request to the backend service, advanced routing actions like Url rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. item_type: type: NestedObject properties: - name: 'backendService' type: ResourceRef description: | The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the loadbalancer applies any relevant headerActions specified as part of this backendServiceWeight. custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'weight' type: Integer description: | Specifies the fraction of traffic sent to backendService, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backendService, subsequent requests will be sent to the same backendService as determined by the BackendService's session affinity policy. The value must be between 0 and 1000 validation: function: 'validation.IntBetween(0, 1000)' - name: 'headerAction' type: NestedObject description: | Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. properties: - name: 'requestHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. item_type: type: String - name: 'requestHeadersToAdd' type: Array description: | Headers to add to a matching request prior to forwarding the request to the backendService. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header to add. - name: 'headerValue' type: String description: | The value of the header to add. - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. default_value: false - name: 'responseHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the response prior to sending the response back to the client. item_type: type: String - name: 'responseHeadersToAdd' type: Array description: | Headers to add the response prior to sending the response back to the client. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header to add. - name: 'headerValue' type: String description: | The value of the header to add. - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. default_value: false - name: 'urlRewrite' type: NestedObject description: | The spec to modify the URL of the request, prior to forwarding the request to the matched service. properties: - name: 'pathPrefixRewrite' type: String description: | Prior to forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. - name: 'hostRewrite' type: String description: | Prior to forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be between 1 and 255 characters. - name: 'timeout' type: NestedObject description: | Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. If not specified, will use the largest timeout among all backend services associated with the route. default_from_api: true properties: - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - name: 'maxStreamDuration' type: NestedObject description: | Specifies the maximum duration (timeout) for streams on the selected route. Unlike the `Timeout` field where the timeout duration starts from the time the request has been fully processed (known as end-of-stream), the duration in this field is computed from the beginning of the stream until the response has been processed, including all retries. A stream that does not complete in this duration is closed. default_from_api: true properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years required: true - name: 'retryPolicy' type: NestedObject description: | Specifies the retry policy associated with this route. properties: - name: 'retryConditions' type: Array description: | Specfies one or more conditions when this retry rule applies. Valid values are: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, example: disconnects, reset, read timeout, * connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. * connect-failure: Loadbalancer will retry on failures connecting to backend services, for example due to connection timeouts. * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. Currently the only retriable error supported is 409. * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable item_type: type: String - name: 'numRetries' type: Integer description: | Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. validation: function: 'validation.IntAtLeast(1)' default_value: 1 - name: 'perTryTimeout' type: NestedObject description: | Specifies a non-zero timeout per retry attempt. If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, will use the largest timeout among all backend services associated with the route. properties: - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - name: 'requestMirrorPolicy' type: NestedObject description: | Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. properties: - name: 'backendService' type: ResourceRef description: | The full or partial URL to the BackendService resource being mirrored to. required: true custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'corsPolicy' type: NestedObject description: | The specification for allowing client side cross-origin requests. Please see [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) properties: - name: 'allowOrigins' type: Array description: | Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. item_type: type: String - name: 'allowOriginRegexes' type: Array description: | Specifies the regular expression patterns that match allowed origins. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. item_type: type: String - name: 'allowMethods' type: Array description: | Specifies the content for the Access-Control-Allow-Methods header. item_type: type: String - name: 'allowHeaders' type: Array description: | Specifies the content for the Access-Control-Allow-Headers header. item_type: type: String - name: 'exposeHeaders' type: Array description: | Specifies the content for the Access-Control-Expose-Headers header. item_type: type: String - name: 'maxAge' type: Integer description: | Specifies how long results of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. - name: 'allowCredentials' type: Boolean description: | In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. default_value: false - name: 'disabled' type: Boolean description: | If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. default_value: false - name: 'faultInjectionPolicy' type: NestedObject description: | The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the Loadbalancer for a percentage of requests. timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. properties: - name: 'delay' type: NestedObject description: | The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. properties: - name: 'fixedDelay' type: NestedObject description: | Specifies the value of the fixed delay interval. properties: - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - name: 'percentage' type: Double description: | The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. The value must be between 0.0 and 100.0 inclusive. validation: function: 'validation.FloatBetween(0, 100)' - name: 'abort' type: NestedObject description: | The specification for how client requests are aborted as part of fault injection. properties: - name: 'httpStatus' type: Integer description: | The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. validation: function: 'validation.IntBetween(200, 599)' - name: 'percentage' type: Double description: | The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. The value must be between 0.0 and 100.0 inclusive. validation: function: 'validation.FloatBetween(0, 100)' - name: 'defaultCustomErrorResponsePolicy' type: NestedObject description: | defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendService or BackendBucket responds with an error. This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors A RouteRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. defaultCustomErrorResponsePolicy is supported only for global external Application Load Balancers. min_version: 'beta' properties: - name: 'errorResponseRule' type: Array description: | Specifies rules for returning error responses. In a given policy, if you specify rules for both a range of error codes as well as rules for specific error codes then rules with specific error codes have a higher priority. For example, assume that you configure a rule for 401 (Un-authorized) code, and another for all 4 series error codes (4XX). If the backend service returns a 401, then the rule for 401 will be applied. However if the backend service returns a 403, the rule for 4xx takes effect. api_name: errorResponseRules item_type: type: NestedObject properties: - name: 'matchResponseCodes' type: Array description: | Valid values include: - A number between 400 and 599: For example 401 or 503, in which case the load balancer applies the policy if the error code exactly matches this value. - 5xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 500 to 599. - 4xx: Load Balancer will apply the policy if the backend service responds with any response code in the range of 400 to 499. Values must be unique within matchResponseCodes and across all errorResponseRules of CustomErrorResponsePolicy. item_type: type: String - name: 'path' type: String description: | The full path to a file within backendBucket. For example: /errors/defaultError.html path must start with a leading slash. path cannot have trailing slashes. If the file is not available in backendBucket or the load balancer cannot reach the BackendBucket, a simple Not Found Error is returned to the client. The value must be from 1 to 1024 characters. - name: 'overrideResponseCode' type: Integer description: | The HTTP status code returned with the response containing the custom error content. If overrideResponseCode is not supplied, the same response code returned by the original backend bucket or backend service is returned to the client. - name: 'errorService' type: ResourceRef description: | The full or partial URL to the BackendBucket resource that contains the custom error content. Examples are: https://www.googleapis.com/compute/v1/projects/project/global/backendBuckets/myBackendBucket compute/v1/projects/project/global/backendBuckets/myBackendBucket global/backendBuckets/myBackendBucket If errorService is not specified at lower levels like pathMatcher, pathRule and routeRule, an errorService specified at a higher level in the UrlMap will be used. If UrlMap.defaultCustomErrorResponsePolicy contains one or more errorResponseRules[], it must specify errorService. If load balancer cannot reach the backendBucket, a simple Not Found Error will be returned, with the original response code (or overrideResponseCode if configured). resource: 'BackendBucket' imports: 'selfLink' - name: 'test' type: Array description: | The list of expected URL mapping tests. Request to update this UrlMap will succeed only if all of the test cases pass. You can specify a maximum of 100 tests per UrlMap. api_name: tests item_type: type: NestedObject properties: - name: 'description' type: String description: | Description of this test case. - name: 'host' type: String description: | Host portion of the URL. required: true - name: 'path' type: String description: | Path portion of the URL. required: true - name: 'service' type: ResourceRef description: The backend service or backend bucket link that should be matched by this test. required: true custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'defaultUrlRedirect' type: NestedObject description: | When none of the specified hostRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. conflicts: - default_route_action exactly_one_of: - 'default_service' - 'default_url_redirect' - 'default_route_action.0.weighted_backend_services' properties: - name: 'hostRedirect' type: String description: | The host that will be used in the redirect response instead of the one that was supplied in the request. The value must be between 1 and 255 characters. - name: 'httpsRedirect' type: Boolean description: | If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false. default_value: false - name: 'pathRedirect' type: String description: | The path that will be used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - name: 'prefixRedirect' type: String description: | The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. The value must be between 1 and 1024 characters. - name: 'redirectResponseCode' type: Enum description: | The HTTP Status code to use for this RedirectAction. Supported values are: * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. * FOUND, which corresponds to 302. * SEE_OTHER which corresponds to 303. * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. enum_values: - 'FOUND' - 'MOVED_PERMANENTLY_DEFAULT' - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false. This field is required to ensure an empty block is not set. The normal default value is false. required: true - name: 'defaultRouteAction' type: NestedObject description: | defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. Only one of defaultRouteAction or defaultUrlRedirect must be set. conflicts: - default_url_redirect properties: - name: 'weightedBackendServices' type: Array description: | A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non 0 number. Once a backendService is identified and before forwarding the request to the backend service, advanced routing actions like Url rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. at_least_one_of: - 'default_route_action.0.weighted_backend_services' - 'default_route_action.0.url_rewrite' - 'default_route_action.0.timeout' - 'default_route_action.0.retry_policy' - 'default_route_action.0.request_mirror_policy' - 'default_route_action.0.cors_policy' - 'default_route_action.0.fault_injection_policy' exactly_one_of: - 'default_service' - 'default_url_redirect' - 'default_route_action.0.weighted_backend_services' item_type: type: NestedObject properties: - name: 'backendService' type: ResourceRef description: | The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the loadbalancer applies any relevant headerActions specified as part of this backendServiceWeight. custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'weight' type: Integer description: | Specifies the fraction of traffic sent to backendService, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backendService, subsequent requests will be sent to the same backendService as determined by the BackendService's session affinity policy. The value must be between 0 and 1000 validation: function: 'validation.IntBetween(0, 1000)' - name: 'headerAction' type: NestedObject description: | Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. properties: - name: 'requestHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the request prior to forwarding the request to the backendService. item_type: type: String - name: 'requestHeadersToAdd' type: Array description: | Headers to add to a matching request prior to forwarding the request to the backendService. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header to add. - name: 'headerValue' type: String description: | The value of the header to add. - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. default_value: false - name: 'responseHeadersToRemove' type: Array description: | A list of header names for headers that need to be removed from the response prior to sending the response back to the client. item_type: type: String - name: 'responseHeadersToAdd' type: Array description: | Headers to add the response prior to sending the response back to the client. item_type: type: NestedObject properties: - name: 'headerName' type: String description: | The name of the header to add. - name: 'headerValue' type: String description: | The value of the header to add. - name: 'replace' type: Boolean description: | If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. default_value: false - name: 'urlRewrite' type: NestedObject description: | The spec to modify the URL of the request, prior to forwarding the request to the matched service. at_least_one_of: - 'default_route_action.0.weighted_backend_services' - 'default_route_action.0.url_rewrite' - 'default_route_action.0.timeout' - 'default_route_action.0.retry_policy' - 'default_route_action.0.request_mirror_policy' - 'default_route_action.0.cors_policy' - 'default_route_action.0.fault_injection_policy' properties: - name: 'pathPrefixRewrite' type: String description: | Prior to forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. at_least_one_of: - 'default_route_action.0.url_rewrite.0.path_prefix_rewrite' - 'default_route_action.0.url_rewrite.0.host_rewrite' - name: 'hostRewrite' type: String description: | Prior to forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be between 1 and 255 characters. at_least_one_of: - 'default_route_action.0.url_rewrite.0.path_prefix_rewrite' - 'default_route_action.0.url_rewrite.0.host_rewrite' - name: 'timeout' type: NestedObject description: | Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. If not specified, will use the largest timeout among all backend services associated with the route. default_from_api: true at_least_one_of: - 'default_route_action.0.weighted_backend_services' - 'default_route_action.0.url_rewrite' - 'default_route_action.0.timeout' - 'default_route_action.0.retry_policy' - 'default_route_action.0.request_mirror_policy' - 'default_route_action.0.cors_policy' - 'default_route_action.0.fault_injection_policy' properties: - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years at_least_one_of: - 'default_route_action.0.timeout.0.seconds' - 'default_route_action.0.timeout.0.nanos' - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. at_least_one_of: - 'default_route_action.0.timeout.0.seconds' - 'default_route_action.0.timeout.0.nanos' - name: 'maxStreamDuration' type: NestedObject description: | Specifies the maximum duration (timeout) for streams on the selected route. Unlike the `Timeout` field where the timeout duration starts from the time the request has been fully processed (known as end-of-stream), the duration in this field is computed from the beginning of the stream until the response has been processed, including all retries. A stream that does not complete in this duration is closed. default_from_api: true properties: - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years required: true - name: 'retryPolicy' type: NestedObject description: | Specifies the retry policy associated with this route. at_least_one_of: - 'default_route_action.0.weighted_backend_services' - 'default_route_action.0.url_rewrite' - 'default_route_action.0.timeout' - 'default_route_action.0.retry_policy' - 'default_route_action.0.request_mirror_policy' - 'default_route_action.0.cors_policy' - 'default_route_action.0.fault_injection_policy' properties: - name: 'retryConditions' type: Array description: | Specfies one or more conditions when this retry rule applies. Valid values are: * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, or if the backend service does not respond at all, example: disconnects, reset, read timeout, * connection failure, and refused streams. * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. * connect-failure: Loadbalancer will retry on failures connecting to backend services, for example due to connection timeouts. * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. Currently the only retriable error supported is 409. * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable at_least_one_of: - 'default_route_action.0.retry_policy.0.retry_conditions' - 'default_route_action.0.retry_policy.0.num_retries' - 'default_route_action.0.retry_policy.0.per_try_timeout' item_type: type: String - name: 'numRetries' type: Integer description: | Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. at_least_one_of: - 'default_route_action.0.retry_policy.0.retry_conditions' - 'default_route_action.0.retry_policy.0.num_retries' - 'default_route_action.0.retry_policy.0.per_try_timeout' validation: function: 'validation.IntAtLeast(1)' default_value: 1 - name: 'perTryTimeout' type: NestedObject description: | Specifies a non-zero timeout per retry attempt. If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, will use the largest timeout among all backend services associated with the route. at_least_one_of: - 'default_route_action.0.retry_policy.0.retry_conditions' - 'default_route_action.0.retry_policy.0.num_retries' - 'default_route_action.0.retry_policy.0.per_try_timeout' properties: - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years at_least_one_of: - 'default_route_action.0.retry_policy.0.per_try_timeout.0.seconds' - 'default_route_action.0.retry_policy.0.per_try_timeout.0.nanos' - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. at_least_one_of: - 'default_route_action.0.retry_policy.0.per_try_timeout.0.seconds' - 'default_route_action.0.retry_policy.0.per_try_timeout.0.nanos' - name: 'requestMirrorPolicy' type: NestedObject description: | Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host / authority header is suffixed with -shadow. at_least_one_of: - 'default_route_action.0.weighted_backend_services' - 'default_route_action.0.url_rewrite' - 'default_route_action.0.timeout' - 'default_route_action.0.retry_policy' - 'default_route_action.0.request_mirror_policy' - 'default_route_action.0.cors_policy' - 'default_route_action.0.fault_injection_policy' properties: - name: 'backendService' type: ResourceRef description: | The full or partial URL to the BackendService resource being mirrored to. required: true custom_expand: 'templates/terraform/custom_expand/reference_to_backend.tmpl' resource: 'BackendService' imports: 'selfLink' - name: 'corsPolicy' type: NestedObject description: | The specification for allowing client side cross-origin requests. Please see [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) at_least_one_of: - 'default_route_action.0.weighted_backend_services' - 'default_route_action.0.url_rewrite' - 'default_route_action.0.timeout' - 'default_route_action.0.retry_policy' - 'default_route_action.0.request_mirror_policy' - 'default_route_action.0.cors_policy' - 'default_route_action.0.fault_injection_policy' properties: - name: 'allowOrigins' type: Array description: | Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. at_least_one_of: - 'default_route_action.0.cors_policy.0.allow_origins' - 'default_route_action.0.cors_policy.0.allow_origin_regexes' - 'default_route_action.0.cors_policy.0.allow_methods' - 'default_route_action.0.cors_policy.0.allow_headers' - 'default_route_action.0.cors_policy.0.expose_headers' - 'default_route_action.0.cors_policy.0.max_age' - 'default_route_action.0.cors_policy.0.allow_credentials' - 'default_route_action.0.cors_policy.0.disabled' item_type: type: String - name: 'allowOriginRegexes' type: Array description: | Specifies the regular expression patterns that match allowed origins. For regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. at_least_one_of: - 'default_route_action.0.cors_policy.0.allow_origins' - 'default_route_action.0.cors_policy.0.allow_origin_regexes' - 'default_route_action.0.cors_policy.0.allow_methods' - 'default_route_action.0.cors_policy.0.allow_headers' - 'default_route_action.0.cors_policy.0.expose_headers' - 'default_route_action.0.cors_policy.0.max_age' - 'default_route_action.0.cors_policy.0.allow_credentials' - 'default_route_action.0.cors_policy.0.disabled' item_type: type: String - name: 'allowMethods' type: Array description: | Specifies the content for the Access-Control-Allow-Methods header. at_least_one_of: - 'default_route_action.0.cors_policy.0.allow_origins' - 'default_route_action.0.cors_policy.0.allow_origin_regexes' - 'default_route_action.0.cors_policy.0.allow_methods' - 'default_route_action.0.cors_policy.0.allow_headers' - 'default_route_action.0.cors_policy.0.expose_headers' - 'default_route_action.0.cors_policy.0.max_age' - 'default_route_action.0.cors_policy.0.allow_credentials' - 'default_route_action.0.cors_policy.0.disabled' item_type: type: String - name: 'allowHeaders' type: Array description: | Specifies the content for the Access-Control-Allow-Headers header. at_least_one_of: - 'default_route_action.0.cors_policy.0.allow_origins' - 'default_route_action.0.cors_policy.0.allow_origin_regexes' - 'default_route_action.0.cors_policy.0.allow_methods' - 'default_route_action.0.cors_policy.0.allow_headers' - 'default_route_action.0.cors_policy.0.expose_headers' - 'default_route_action.0.cors_policy.0.max_age' - 'default_route_action.0.cors_policy.0.allow_credentials' - 'default_route_action.0.cors_policy.0.disabled' item_type: type: String - name: 'exposeHeaders' type: Array description: | Specifies the content for the Access-Control-Expose-Headers header. at_least_one_of: - 'default_route_action.0.cors_policy.0.allow_origins' - 'default_route_action.0.cors_policy.0.allow_origin_regexes' - 'default_route_action.0.cors_policy.0.allow_methods' - 'default_route_action.0.cors_policy.0.allow_headers' - 'default_route_action.0.cors_policy.0.expose_headers' - 'default_route_action.0.cors_policy.0.max_age' - 'default_route_action.0.cors_policy.0.allow_credentials' - 'default_route_action.0.cors_policy.0.disabled' item_type: type: String - name: 'maxAge' type: Integer description: | Specifies how long results of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. at_least_one_of: - 'default_route_action.0.cors_policy.0.allow_origins' - 'default_route_action.0.cors_policy.0.allow_origin_regexes' - 'default_route_action.0.cors_policy.0.allow_methods' - 'default_route_action.0.cors_policy.0.allow_headers' - 'default_route_action.0.cors_policy.0.expose_headers' - 'default_route_action.0.cors_policy.0.max_age' - 'default_route_action.0.cors_policy.0.allow_credentials' - 'default_route_action.0.cors_policy.0.disabled' - name: 'allowCredentials' type: Boolean description: | In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. at_least_one_of: - 'default_route_action.0.cors_policy.0.allow_origins' - 'default_route_action.0.cors_policy.0.allow_origin_regexes' - 'default_route_action.0.cors_policy.0.allow_methods' - 'default_route_action.0.cors_policy.0.allow_headers' - 'default_route_action.0.cors_policy.0.expose_headers' - 'default_route_action.0.cors_policy.0.max_age' - 'default_route_action.0.cors_policy.0.allow_credentials' - 'default_route_action.0.cors_policy.0.disabled' default_value: false - name: 'disabled' type: Boolean description: | If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. at_least_one_of: - 'default_route_action.0.cors_policy.0.allow_origins' - 'default_route_action.0.cors_policy.0.allow_origin_regexes' - 'default_route_action.0.cors_policy.0.allow_methods' - 'default_route_action.0.cors_policy.0.allow_headers' - 'default_route_action.0.cors_policy.0.expose_headers' - 'default_route_action.0.cors_policy.0.max_age' - 'default_route_action.0.cors_policy.0.allow_credentials' - 'default_route_action.0.cors_policy.0.disabled' default_value: false - name: 'faultInjectionPolicy' type: NestedObject description: | The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the Loadbalancer for a percentage of requests. timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. at_least_one_of: - 'default_route_action.0.weighted_backend_services' - 'default_route_action.0.url_rewrite' - 'default_route_action.0.timeout' - 'default_route_action.0.retry_policy' - 'default_route_action.0.request_mirror_policy' - 'default_route_action.0.cors_policy' - 'default_route_action.0.fault_injection_policy' properties: - name: 'delay' type: NestedObject description: | The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. at_least_one_of: - 'default_route_action.0.fault_injection_policy.0.delay' - 'default_route_action.0.fault_injection_policy.0.abort' properties: - name: 'fixedDelay' type: NestedObject description: | Specifies the value of the fixed delay interval. at_least_one_of: - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay' - 'default_route_action.0.fault_injection_policy.0.delay.0.percentage' properties: - name: 'seconds' type: String description: | Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years at_least_one_of: - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds' - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos' - name: 'nanos' type: Integer description: | Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. at_least_one_of: - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds' - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos' - name: 'percentage' type: Double description: | The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. The value must be between 0.0 and 100.0 inclusive. at_least_one_of: - 'default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay' - 'default_route_action.0.fault_injection_policy.0.delay.0.percentage' validation: function: 'validation.FloatBetween(0, 100)' - name: 'abort' type: NestedObject description: | The specification for how client requests are aborted as part of fault injection. at_least_one_of: - 'default_route_action.0.fault_injection_policy.0.delay' - 'default_route_action.0.fault_injection_policy.0.abort' properties: - name: 'httpStatus' type: Integer description: | The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. at_least_one_of: - 'default_route_action.0.fault_injection_policy.0.abort.0.http_status' - 'default_route_action.0.fault_injection_policy.0.abort.0.percentage' validation: function: 'validation.IntBetween(200, 599)' - name: 'percentage' type: Double description: | The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. The value must be between 0.0 and 100.0 inclusive. at_least_one_of: - 'default_route_action.0.fault_injection_policy.0.abort.0.http_status' - 'default_route_action.0.fault_injection_policy.0.abort.0.percentage' validation: function: 'validation.FloatBetween(0, 100)'