Class ServicePerimeterConfig.Types.EgressTo (1.4.0)

Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions are based on information about the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] intended to be performed on the resources specified. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter.

A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.

A list of resources, currently only projects in the form projects/<projectnumber>, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If * is specified for resources, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.