Policy for egress from perimeter.
[EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
match requests based on egress_from
and egress_to
stanzas. For an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
to match, both egress_from
and egress_to
stanzas must be matched. If an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request, the request is allowed to span the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
For example, an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
can be used to allow VMs on networks within the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
defined set of projects outside the perimeter in certain contexts (e.g. to
read data from a Cloud Storage bucket or query against a BigQuery dataset).
[EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] are concerned with the resources that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom] and [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#egress_from
def egress_from() -> ::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressFrom
- (::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressFrom) — Defines conditions on the source of a request causing this [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to apply.
#egress_from=
def egress_from=(value) -> ::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressFrom
- value (::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressFrom) — Defines conditions on the source of a request causing this [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to apply.
- (::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressFrom) — Defines conditions on the source of a request causing this [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to apply.
#egress_to
def egress_to() -> ::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo
- (::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo) — Defines the conditions on the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] and destination resources that cause this [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to apply.
#egress_to=
def egress_to=(value) -> ::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo
- value (::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo) — Defines the conditions on the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] and destination resources that cause this [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to apply.
- (::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo) — Defines the conditions on the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] and destination resources that cause this [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to apply.