From 60033ccc6ddff775c71692802c84611dfa09074f Mon Sep 17 00:00:00 2001 From: Hank Hollenstain Date: Wed, 15 Nov 2023 15:51:43 -0800 Subject: [PATCH] feat: add bypass_cache_on_request_headers to cdn_policy --- README.md | 2 +- autogen/main.tf.tmpl | 7 +++++++ autogen/variables.tf.tmpl | 1 + examples/cdn-policy/main.tf | 1 + main.tf | 7 +++++++ modules/dynamic_backends/README.md | 2 +- modules/dynamic_backends/main.tf | 7 +++++++ modules/dynamic_backends/variables.tf | 1 + modules/serverless_negs/README.md | 2 +- modules/serverless_negs/main.tf | 7 +++++++ modules/serverless_negs/variables.tf | 1 + variables.tf | 1 + 12 files changed, 36 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e07a8c2d..ce901a2d 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ module "gce-lb-http" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no | -| backends | Map backend indices to list of backend maps. | 
map(object({
    port                    = optional(number)
    project                 = optional(string)
    protocol                = optional(string)
    port_name               = optional(string)
    description             = optional(string)
    enable_cdn              = optional(bool)
    compression_mode        = optional(string)
    security_policy         = optional(string, null)
    edge_security_policy    = optional(string, null)
    custom_request_headers  = optional(list(string))
    custom_response_headers = optional(list(string))

    timeout_sec                     = optional(number)
    connection_draining_timeout_sec = optional(number)
    session_affinity                = optional(string)
    affinity_cookie_ttl_sec         = optional(number)

    health_check = object({
      host                = optional(string)
      request_path        = optional(string)
      request             = optional(string)
      response            = optional(string)
      port                = optional(number)
      port_name           = optional(string)
      proxy_header        = optional(string)
      port_specification  = optional(string)
      protocol            = optional(string)
      check_interval_sec  = optional(number)
      timeout_sec         = optional(number)
      healthy_threshold   = optional(number)
      unhealthy_threshold = optional(number)
      logging             = optional(bool)
    })

    log_config = object({
      enable      = optional(bool)
      sample_rate = optional(number)
    })

    groups = list(object({
      group = string

      balancing_mode               = optional(string)
      capacity_scaler              = optional(number)
      description                  = optional(string)
      max_connections              = optional(number)
      max_connections_per_instance = optional(number)
      max_connections_per_endpoint = optional(number)
      max_rate                     = optional(number)
      max_rate_per_instance        = optional(number)
      max_rate_per_endpoint        = optional(number)
      max_utilization              = optional(number)
    }))
    iap_config = object({
      enable               = bool
      oauth2_client_id     = optional(string)
      oauth2_client_secret = optional(string)
    })
    cdn_policy = optional(object({
      cache_mode                   = optional(string)
      signed_url_cache_max_age_sec = optional(string)
      default_ttl                  = optional(number)
      max_ttl                      = optional(number)
      client_ttl                   = optional(number)
      negative_caching             = optional(bool)
      negative_caching_policy = optional(object({
        code = optional(number)
        ttl  = optional(number)
      }))
      serve_while_stale = optional(number)
      cache_key_policy = optional(object({
        include_host           = optional(bool)
        include_protocol       = optional(bool)
        include_query_string   = optional(bool)
        query_string_blacklist = optional(list(string))
        query_string_whitelist = optional(list(string))
        include_http_headers   = optional(list(string))
        include_named_cookies  = optional(list(string))
      }))
    }))
    outlier_detection = optional(object({
      base_ejection_time = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      consecutive_errors                    = optional(number)
      consecutive_gateway_failure           = optional(number)
      enforcing_consecutive_errors          = optional(number)
      enforcing_consecutive_gateway_failure = optional(number)
      enforcing_success_rate                = optional(number)
      interval = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      max_ejection_percent        = optional(number)
      success_rate_minimum_hosts  = optional(number)
      success_rate_request_volume = optional(number)
      success_rate_stdev_factor   = optional(number)
    }))
  }))
| n/a | yes | +| backends | Map backend indices to list of backend maps. | 
map(object({
    port                    = optional(number)
    project                 = optional(string)
    protocol                = optional(string)
    port_name               = optional(string)
    description             = optional(string)
    enable_cdn              = optional(bool)
    compression_mode        = optional(string)
    security_policy         = optional(string, null)
    edge_security_policy    = optional(string, null)
    custom_request_headers  = optional(list(string))
    custom_response_headers = optional(list(string))

    timeout_sec                     = optional(number)
    connection_draining_timeout_sec = optional(number)
    session_affinity                = optional(string)
    affinity_cookie_ttl_sec         = optional(number)

    health_check = object({
      host                = optional(string)
      request_path        = optional(string)
      request             = optional(string)
      response            = optional(string)
      port                = optional(number)
      port_name           = optional(string)
      proxy_header        = optional(string)
      port_specification  = optional(string)
      protocol            = optional(string)
      check_interval_sec  = optional(number)
      timeout_sec         = optional(number)
      healthy_threshold   = optional(number)
      unhealthy_threshold = optional(number)
      logging             = optional(bool)
    })

    log_config = object({
      enable      = optional(bool)
      sample_rate = optional(number)
    })

    groups = list(object({
      group = string

      balancing_mode               = optional(string)
      capacity_scaler              = optional(number)
      description                  = optional(string)
      max_connections              = optional(number)
      max_connections_per_instance = optional(number)
      max_connections_per_endpoint = optional(number)
      max_rate                     = optional(number)
      max_rate_per_instance        = optional(number)
      max_rate_per_endpoint        = optional(number)
      max_utilization              = optional(number)
    }))
    iap_config = object({
      enable               = bool
      oauth2_client_id     = optional(string)
      oauth2_client_secret = optional(string)
    })
    cdn_policy = optional(object({
      cache_mode                   = optional(string)
      signed_url_cache_max_age_sec = optional(string)
      default_ttl                  = optional(number)
      max_ttl                      = optional(number)
      client_ttl                   = optional(number)
      negative_caching             = optional(bool)
      negative_caching_policy = optional(object({
        code = optional(number)
        ttl  = optional(number)
      }))
      serve_while_stale = optional(number)
      cache_key_policy = optional(object({
        include_host           = optional(bool)
        include_protocol       = optional(bool)
        include_query_string   = optional(bool)
        query_string_blacklist = optional(list(string))
        query_string_whitelist = optional(list(string))
        include_http_headers   = optional(list(string))
        include_named_cookies  = optional(list(string))
      }))
      bypass_cache_on_request_headers = optional(list(string))
    }))
    outlier_detection = optional(object({
      base_ejection_time = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      consecutive_errors                    = optional(number)
      consecutive_gateway_failure           = optional(number)
      enforcing_consecutive_errors          = optional(number)
      enforcing_consecutive_gateway_failure = optional(number)
      enforcing_success_rate                = optional(number)
      interval = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      max_ejection_percent        = optional(number)
      success_rate_minimum_hosts  = optional(number)
      success_rate_request_volume = optional(number)
      success_rate_stdev_factor   = optional(number)
    }))
  }))
| n/a | yes | | certificate | Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no | | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` | `string` | `null` | no | | create\_address | Create a new global IPv4 address | `bool` | `true` | no | diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl index 2ae6a0e7..570a7c74 100644 --- a/autogen/main.tf.tmpl +++ b/autogen/main.tf.tmpl @@ -283,6 +283,13 @@ resource "google_compute_backend_service" "default" { include_named_cookies = each.value.cdn_policy.cache_key_policy.include_named_cookies } } + + dynamic "bypass_cache_on_request_headers" { + for_each = toset(each.value.cdn_policy.bypass_cache_on_request_headers) + content { + header_name = each.key + } + } } } diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl index fdc50d9c..f41b8099 100644 --- a/autogen/variables.tf.tmpl +++ b/autogen/variables.tf.tmpl @@ -173,6 +173,7 @@ variable "backends" { include_http_headers = optional(list(string)) include_named_cookies = optional(list(string)) })) + bypass_cache_on_request_headers = optional(list(string)) })) outlier_detection = optional(object({ base_ejection_time = optional(object({ diff --git a/examples/cdn-policy/main.tf b/examples/cdn-policy/main.tf index 774d763c..15834555 100644 --- a/examples/cdn-policy/main.tf +++ b/examples/cdn-policy/main.tf @@ -116,6 +116,7 @@ module "gce-lb-http" { include_query_string = true include_named_cookies = ["__next_preview_data", "__prerender_bypass"] } + bypass_cache_on_request_headers = ["example-header-1", "example-header-2"] } groups = [ diff --git a/main.tf b/main.tf index d3aec207..75ab8859 100644 --- a/main.tf +++ b/main.tf @@ -274,6 +274,13 @@ resource "google_compute_backend_service" "default" { include_named_cookies = each.value.cdn_policy.cache_key_policy.include_named_cookies } } + + dynamic "bypass_cache_on_request_headers" { + for_each = toset(each.value.cdn_policy.bypass_cache_on_request_headers) + content { + header_name = each.key + } + } } } diff --git a/modules/dynamic_backends/README.md b/modules/dynamic_backends/README.md index 7f1d65cb..fc9c8b3d 100644 --- a/modules/dynamic_backends/README.md +++ b/modules/dynamic_backends/README.md @@ -87,7 +87,7 @@ module "gce-lb-http" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no | -| backends | Map backend indices to list of backend maps. | 
map(object({
    port                    = optional(number)
    project                 = optional(string)
    protocol                = optional(string)
    port_name               = optional(string)
    description             = optional(string)
    enable_cdn              = optional(bool)
    compression_mode        = optional(string)
    security_policy         = optional(string, null)
    edge_security_policy    = optional(string, null)
    custom_request_headers  = optional(list(string))
    custom_response_headers = optional(list(string))

    timeout_sec                     = optional(number)
    connection_draining_timeout_sec = optional(number)
    session_affinity                = optional(string)
    affinity_cookie_ttl_sec         = optional(number)

    health_check = object({
      host                = optional(string)
      request_path        = optional(string)
      request             = optional(string)
      response            = optional(string)
      port                = optional(number)
      port_name           = optional(string)
      proxy_header        = optional(string)
      port_specification  = optional(string)
      protocol            = optional(string)
      check_interval_sec  = optional(number)
      timeout_sec         = optional(number)
      healthy_threshold   = optional(number)
      unhealthy_threshold = optional(number)
      logging             = optional(bool)
    })

    log_config = object({
      enable      = optional(bool)
      sample_rate = optional(number)
    })

    groups = list(object({
      group = string

      balancing_mode               = optional(string)
      capacity_scaler              = optional(number)
      description                  = optional(string)
      max_connections              = optional(number)
      max_connections_per_instance = optional(number)
      max_connections_per_endpoint = optional(number)
      max_rate                     = optional(number)
      max_rate_per_instance        = optional(number)
      max_rate_per_endpoint        = optional(number)
      max_utilization              = optional(number)
    }))
    iap_config = object({
      enable               = bool
      oauth2_client_id     = optional(string)
      oauth2_client_secret = optional(string)
    })
    cdn_policy = optional(object({
      cache_mode                   = optional(string)
      signed_url_cache_max_age_sec = optional(string)
      default_ttl                  = optional(number)
      max_ttl                      = optional(number)
      client_ttl                   = optional(number)
      negative_caching             = optional(bool)
      negative_caching_policy = optional(object({
        code = optional(number)
        ttl  = optional(number)
      }))
      serve_while_stale = optional(number)
      cache_key_policy = optional(object({
        include_host           = optional(bool)
        include_protocol       = optional(bool)
        include_query_string   = optional(bool)
        query_string_blacklist = optional(list(string))
        query_string_whitelist = optional(list(string))
        include_http_headers   = optional(list(string))
        include_named_cookies  = optional(list(string))
      }))
    }))
    outlier_detection = optional(object({
      base_ejection_time = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      consecutive_errors                    = optional(number)
      consecutive_gateway_failure           = optional(number)
      enforcing_consecutive_errors          = optional(number)
      enforcing_consecutive_gateway_failure = optional(number)
      enforcing_success_rate                = optional(number)
      interval = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      max_ejection_percent        = optional(number)
      success_rate_minimum_hosts  = optional(number)
      success_rate_request_volume = optional(number)
      success_rate_stdev_factor   = optional(number)
    }))
  }))
| n/a | yes | +| backends | Map backend indices to list of backend maps. | 
map(object({
    port                    = optional(number)
    project                 = optional(string)
    protocol                = optional(string)
    port_name               = optional(string)
    description             = optional(string)
    enable_cdn              = optional(bool)
    compression_mode        = optional(string)
    security_policy         = optional(string, null)
    edge_security_policy    = optional(string, null)
    custom_request_headers  = optional(list(string))
    custom_response_headers = optional(list(string))

    timeout_sec                     = optional(number)
    connection_draining_timeout_sec = optional(number)
    session_affinity                = optional(string)
    affinity_cookie_ttl_sec         = optional(number)

    health_check = object({
      host                = optional(string)
      request_path        = optional(string)
      request             = optional(string)
      response            = optional(string)
      port                = optional(number)
      port_name           = optional(string)
      proxy_header        = optional(string)
      port_specification  = optional(string)
      protocol            = optional(string)
      check_interval_sec  = optional(number)
      timeout_sec         = optional(number)
      healthy_threshold   = optional(number)
      unhealthy_threshold = optional(number)
      logging             = optional(bool)
    })

    log_config = object({
      enable      = optional(bool)
      sample_rate = optional(number)
    })

    groups = list(object({
      group = string

      balancing_mode               = optional(string)
      capacity_scaler              = optional(number)
      description                  = optional(string)
      max_connections              = optional(number)
      max_connections_per_instance = optional(number)
      max_connections_per_endpoint = optional(number)
      max_rate                     = optional(number)
      max_rate_per_instance        = optional(number)
      max_rate_per_endpoint        = optional(number)
      max_utilization              = optional(number)
    }))
    iap_config = object({
      enable               = bool
      oauth2_client_id     = optional(string)
      oauth2_client_secret = optional(string)
    })
    cdn_policy = optional(object({
      cache_mode                   = optional(string)
      signed_url_cache_max_age_sec = optional(string)
      default_ttl                  = optional(number)
      max_ttl                      = optional(number)
      client_ttl                   = optional(number)
      negative_caching             = optional(bool)
      negative_caching_policy = optional(object({
        code = optional(number)
        ttl  = optional(number)
      }))
      serve_while_stale = optional(number)
      cache_key_policy = optional(object({
        include_host           = optional(bool)
        include_protocol       = optional(bool)
        include_query_string   = optional(bool)
        query_string_blacklist = optional(list(string))
        query_string_whitelist = optional(list(string))
        include_http_headers   = optional(list(string))
        include_named_cookies  = optional(list(string))
      }))
      bypass_cache_on_request_headers = optional(list(string))
    }))
    outlier_detection = optional(object({
      base_ejection_time = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      consecutive_errors                    = optional(number)
      consecutive_gateway_failure           = optional(number)
      enforcing_consecutive_errors          = optional(number)
      enforcing_consecutive_gateway_failure = optional(number)
      enforcing_success_rate                = optional(number)
      interval = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      max_ejection_percent        = optional(number)
      success_rate_minimum_hosts  = optional(number)
      success_rate_request_volume = optional(number)
      success_rate_stdev_factor   = optional(number)
    }))
  }))
| n/a | yes | | certificate | Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no | | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` | `string` | `null` | no | | create\_address | Create a new global IPv4 address | `bool` | `true` | no | diff --git a/modules/dynamic_backends/main.tf b/modules/dynamic_backends/main.tf index 066e2350..6ecb12df 100644 --- a/modules/dynamic_backends/main.tf +++ b/modules/dynamic_backends/main.tf @@ -274,6 +274,13 @@ resource "google_compute_backend_service" "default" { include_named_cookies = each.value.cdn_policy.cache_key_policy.include_named_cookies } } + + dynamic "bypass_cache_on_request_headers" { + for_each = toset(each.value.cdn_policy.bypass_cache_on_request_headers) + content { + header_name = each.key + } + } } } diff --git a/modules/dynamic_backends/variables.tf b/modules/dynamic_backends/variables.tf index 56018f1b..a44ca32e 100644 --- a/modules/dynamic_backends/variables.tf +++ b/modules/dynamic_backends/variables.tf @@ -160,6 +160,7 @@ variable "backends" { include_http_headers = optional(list(string)) include_named_cookies = optional(list(string)) })) + bypass_cache_on_request_headers = optional(list(string)) })) outlier_detection = optional(object({ base_ejection_time = optional(object({ diff --git a/modules/serverless_negs/README.md b/modules/serverless_negs/README.md index cb1f13a5..c31074a2 100644 --- a/modules/serverless_negs/README.md +++ b/modules/serverless_negs/README.md @@ -72,7 +72,7 @@ module "lb-http" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no | -| backends | Map backend indices to list of backend maps. | 
map(object({
    project                 = optional(string)
    protocol                = optional(string)
    port_name               = optional(string)
    description             = optional(string)
    enable_cdn              = optional(bool)
    compression_mode        = optional(string)
    security_policy         = optional(string, null)
    edge_security_policy    = optional(string, null)
    custom_request_headers  = optional(list(string))
    custom_response_headers = optional(list(string))

    connection_draining_timeout_sec = optional(number)
    session_affinity                = optional(string)
    affinity_cookie_ttl_sec         = optional(number)


    log_config = object({
      enable      = optional(bool)
      sample_rate = optional(number)
    })

    groups = list(object({
      group = string

    }))
    iap_config = object({
      enable               = bool
      oauth2_client_id     = optional(string)
      oauth2_client_secret = optional(string)
    })
    cdn_policy = optional(object({
      cache_mode                   = optional(string)
      signed_url_cache_max_age_sec = optional(string)
      default_ttl                  = optional(number)
      max_ttl                      = optional(number)
      client_ttl                   = optional(number)
      negative_caching             = optional(bool)
      negative_caching_policy = optional(object({
        code = optional(number)
        ttl  = optional(number)
      }))
      serve_while_stale = optional(number)
      cache_key_policy = optional(object({
        include_host           = optional(bool)
        include_protocol       = optional(bool)
        include_query_string   = optional(bool)
        query_string_blacklist = optional(list(string))
        query_string_whitelist = optional(list(string))
        include_http_headers   = optional(list(string))
        include_named_cookies  = optional(list(string))
      }))
    }))
    outlier_detection = optional(object({
      base_ejection_time = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      consecutive_errors                    = optional(number)
      consecutive_gateway_failure           = optional(number)
      enforcing_consecutive_errors          = optional(number)
      enforcing_consecutive_gateway_failure = optional(number)
      enforcing_success_rate                = optional(number)
      interval = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      max_ejection_percent        = optional(number)
      success_rate_minimum_hosts  = optional(number)
      success_rate_request_volume = optional(number)
      success_rate_stdev_factor   = optional(number)
    }))
  }))
| n/a | yes | +| backends | Map backend indices to list of backend maps. | 
map(object({
    project                 = optional(string)
    protocol                = optional(string)
    port_name               = optional(string)
    description             = optional(string)
    enable_cdn              = optional(bool)
    compression_mode        = optional(string)
    security_policy         = optional(string, null)
    edge_security_policy    = optional(string, null)
    custom_request_headers  = optional(list(string))
    custom_response_headers = optional(list(string))

    connection_draining_timeout_sec = optional(number)
    session_affinity                = optional(string)
    affinity_cookie_ttl_sec         = optional(number)


    log_config = object({
      enable      = optional(bool)
      sample_rate = optional(number)
    })

    groups = list(object({
      group = string

    }))
    iap_config = object({
      enable               = bool
      oauth2_client_id     = optional(string)
      oauth2_client_secret = optional(string)
    })
    cdn_policy = optional(object({
      cache_mode                   = optional(string)
      signed_url_cache_max_age_sec = optional(string)
      default_ttl                  = optional(number)
      max_ttl                      = optional(number)
      client_ttl                   = optional(number)
      negative_caching             = optional(bool)
      negative_caching_policy = optional(object({
        code = optional(number)
        ttl  = optional(number)
      }))
      serve_while_stale = optional(number)
      cache_key_policy = optional(object({
        include_host           = optional(bool)
        include_protocol       = optional(bool)
        include_query_string   = optional(bool)
        query_string_blacklist = optional(list(string))
        query_string_whitelist = optional(list(string))
        include_http_headers   = optional(list(string))
        include_named_cookies  = optional(list(string))
      }))
      bypass_cache_on_request_headers = optional(list(string))
    }))
    outlier_detection = optional(object({
      base_ejection_time = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      consecutive_errors                    = optional(number)
      consecutive_gateway_failure           = optional(number)
      enforcing_consecutive_errors          = optional(number)
      enforcing_consecutive_gateway_failure = optional(number)
      enforcing_success_rate                = optional(number)
      interval = optional(object({
        seconds = number
        nanos   = optional(number)
      }))
      max_ejection_percent        = optional(number)
      success_rate_minimum_hosts  = optional(number)
      success_rate_request_volume = optional(number)
      success_rate_stdev_factor   = optional(number)
    }))
  }))
| n/a | yes | | certificate | Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no | | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy. Requires `ssl` to be set to `true` | `string` | `null` | no | | create\_address | Create a new global IPv4 address | `bool` | `true` | no | diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf index fe42890f..ec9ada5b 100644 --- a/modules/serverless_negs/main.tf +++ b/modules/serverless_negs/main.tf @@ -262,6 +262,13 @@ resource "google_compute_backend_service" "default" { include_named_cookies = each.value.cdn_policy.cache_key_policy.include_named_cookies } } + + dynamic "bypass_cache_on_request_headers" { + for_each = toset(each.value.cdn_policy.bypass_cache_on_request_headers) + content { + header_name = each.key + } + } } } diff --git a/modules/serverless_negs/variables.tf b/modules/serverless_negs/variables.tf index 59a56b3e..94683c1f 100644 --- a/modules/serverless_negs/variables.tf +++ b/modules/serverless_negs/variables.tf @@ -109,6 +109,7 @@ variable "backends" { include_http_headers = optional(list(string)) include_named_cookies = optional(list(string)) })) + bypass_cache_on_request_headers = optional(list(string)) })) outlier_detection = optional(object({ base_ejection_time = optional(object({ diff --git a/variables.tf b/variables.tf index 56018f1b..a44ca32e 100644 --- a/variables.tf +++ b/variables.tf @@ -160,6 +160,7 @@ variable "backends" { include_http_headers = optional(list(string)) include_named_cookies = optional(list(string)) })) + bypass_cache_on_request_headers = optional(list(string)) })) outlier_detection = optional(object({ base_ejection_time = optional(object({