Identity Access Context Manager v1 API - Class ServicePerimeterConfig.Types.EgressTo (2.2.0)

public sealed class EgressTo : IMessage<ServicePerimeterConfig.Types.EgressTo>, IEquatable<ServicePerimeterConfig.Types.EgressTo>, IDeepCloneable<ServicePerimeterConfig.Types.EgressTo>, IBufferMessage, IMessage

Reference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.EgressTo.

Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions are based on information about the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] intended to be performed on the resources specified. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter.

Inheritance

Object > ServicePerimeterConfig.Types.EgressTo

Namespace

Google.Identity.AccessContextManager.V1

Assembly

Google.Identity.AccessContextManager.V1.dll

Constructors

EgressTo()

public EgressTo()

EgressTo(ServicePerimeterConfig.Types.EgressTo)

public EgressTo(ServicePerimeterConfig.Types.EgressTo other)
Parameter
NameDescription
otherServicePerimeterConfig.Types.EgressTo

Properties

ExternalResources

public RepeatedField<string> ExternalResources { get; }

A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.

Property Value
TypeDescription
RepeatedField<String>

Operations

public RepeatedField<ServicePerimeterConfig.Types.ApiOperation> Operations { get; }

A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.

Property Value
TypeDescription
RepeatedField<ServicePerimeterConfig.Types.ApiOperation>

Resources

public RepeatedField<string> Resources { get; }

A list of resources, currently only projects in the form projects/<projectnumber>, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If * is specified for resources, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.

Property Value
TypeDescription
RepeatedField<String>