public sealed class EgressTo : IMessage<ServicePerimeterConfig.Types.EgressTo>, IEquatable<ServicePerimeterConfig.Types.EgressTo>, IDeepCloneable<ServicePerimeterConfig.Types.EgressTo>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.EgressTo.
Defines the conditions under which an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the resources
specified. Note that if the
destination of the request is also protected by a [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter], then that
[ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] must have
an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
which allows access in order for this request to succeed. The request must
match operations
AND resources
fields in order to be allowed egress out
of the perimeter.
Implements
IMessage<ServicePerimeterConfig.Types.EgressTo>, IEquatable<ServicePerimeterConfig.Types.EgressTo>, IDeepCloneable<ServicePerimeterConfig.Types.EgressTo>, IBufferMessage, IMessageNamespace
Google.Identity.AccessContextManager.V1Assembly
Google.Identity.AccessContextManager.V1.dll
Constructors
EgressTo()
public EgressTo()
EgressTo(ServicePerimeterConfig.Types.EgressTo)
public EgressTo(ServicePerimeterConfig.Types.EgressTo other)
Parameter | |
---|---|
Name | Description |
other | ServicePerimeterConfig.Types.EgressTo |
Properties
ExternalResources
public RepeatedField<string> ExternalResources { get; }
A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
Property Value | |
---|---|
Type | Description |
RepeatedField<String> |
Operations
public RepeatedField<ServicePerimeterConfig.Types.ApiOperation> Operations { get; }
A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.
Property Value | |
---|---|
Type | Description |
RepeatedField<ServicePerimeterConfig.Types.ApiOperation> |
Resources
public RepeatedField<string> Resources { get; }
A list of resources, currently only projects in the form
projects/<projectnumber>
, that are allowed to be accessed by sources
defined in the corresponding [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it contains a resource in this list. If *
is
specified for resources
, then this [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
rule will authorize access to all resources outside the perimeter.
Property Value | |
---|---|
Type | Description |
RepeatedField<String> |