googleNetworkServicesEdgeCacheKeyset
EdgeCacheKeyset represents a collection of public keys used for validating signed requests.
\~> Warning: All arguments including publicKeyPublicKeyValue will be stored in the raw state as plain-text. Read more about sensitive data in state.
Example Usage - Network Services Edge Cache Keyset Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.networkServicesEdgeCacheKeyset.NetworkServicesEdgeCacheKeyset(
this,
"default",
{
description: "The default keyset",
name: "my-keyset",
public_key: [
{
id: "my-public-key",
value: "FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY",
},
{
id: "my-public-key-2",
value: "hzd03llxB1u5FOLKFkZ6_wCJqC7jtN0bg7xlBqS6WVM",
},
],
}
);
Example Usage - Network Services Edge Cache Keyset Dual Token
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleSecretManagerSecretSecretBasic =
new google.secretManagerSecret.SecretManagerSecret(this, "secret-basic", {
replication: [
{
automatic: true,
},
],
secret_id: "secret-name",
});
const googleSecretManagerSecretVersionSecretVersionBasic =
new google.secretManagerSecretVersion.SecretManagerSecretVersion(
this,
"secret-version-basic",
{
secret: googleSecretManagerSecretSecretBasic.id,
secret_data: "secret-data",
}
);
new google.networkServicesEdgeCacheKeyset.NetworkServicesEdgeCacheKeyset(
this,
"default",
{
description: "The default keyset",
name: "my-keyset",
public_key: [
{
id: "my-public-key",
managed: true,
},
],
validation_shared_keys: [
{
secret_version: googleSecretManagerSecretVersionSecretVersionBasic.id,
},
],
}
);
Argument Reference
The following arguments are supported:
name- (Required) Name of the resource; provided by the client when the resource is created. The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.
-
description- (Optional) A human-readable description of the resource. -
labels- (Optional) Set of label tags associated with the EdgeCache resource. -
publicKey- (Optional) An ordered list of Ed25519 public keys to use for validating signed requests. You must specifypublicKeysorvalidationSharedKeys(or both). The keys inpublicKeysare checked first. You may specify no more than one Google-managed public key. If you specifypublicKeys, you must specify at least one (1) key and may specify up to three (3) keys. Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. Structure is documented below. -
validationSharedKeys- (Optional) An ordered list of shared keys to use for validating signed requests. Shared keys are secret. Ensure that only authorized users can addvalidationSharedKeysto a keyset. You can rotate keys by appending (pushing) a new key to the list ofvalidationSharedKeysand removing any superseded keys. You must specifypublicKeysorvalidationSharedKeys(or both). The keys inpublicKeysare checked first. Structure is documented below. -
project- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
-
id- (Required) The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. -
value- (Optional) The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). Representations or encodings of the public key other than this will be rejected with an error. Note: This property is sensitive and will not be displayed in the plan. -
managed- (Optional) Set to true to have the CDN automatically manage this public key value.
The validationSharedKeys block supports:
secretVersion- (Required) The name of the secret version in Secret Manager. The resource name of the secret version must be in the formatprojects/*/secrets/*/versions/*where the*values are replaced by the secrets themselves. The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using.- If you are using HMAC-SHA1, we suggest 20-byte secrets.
- If you are using HMAC-SHA256, we suggest 32-byte secrets. See RFC 2104, Section 3 for more details on these recommendations.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
id- an identifier for the resource with formatprojects/{{project}}/locations/global/edgeCacheKeysets/{{name}}
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 30 minutes.update- Default is 30 minutes.delete- Default is 30 minutes.
Import
EdgeCacheKeyset can be imported using any of these accepted formats:
$ terraform import google_network_services_edge_cache_keyset.default projects/{{project}}/locations/global/edgeCacheKeysets/{{name}}
$ terraform import google_network_services_edge_cache_keyset.default {{project}}/{{name}}
$ terraform import google_network_services_edge_cache_keyset.default {{name}}
User Project Overrides
This resource supports User Project Overrides.