public sealed class ServicePerimeterConfig : IMessage<ServicePerimeterConfig>, IEquatable<ServicePerimeterConfig>, IDeepCloneable<ServicePerimeterConfig>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.
ServicePerimeterConfig specifies a set of Google Cloud resources that
describe specific Service Perimeter configuration.
public RepeatedField<string> AccessLevels { get; }
A list of AccessLevel resource names that allow resources within the
ServicePerimeter to be accessed from the internet. AccessLevels listed
must be in the same policy as this ServicePerimeter. Referencing a
nonexistent AccessLevel is a syntax error. If no AccessLevel names are
listed, resources within the perimeter can only be accessed via Google
Cloud calls with request origins within the perimeter. Example:
"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL".
For Service Perimeter Bridge, must be empty.
public RepeatedField<ServicePerimeterConfig.Types.EgressPolicy> EgressPolicies { get; }
List of [EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
to apply to the perimeter. A perimeter may have multiple [EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy],
each of which is evaluated separately. Access is granted if any
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
grants it. Must be empty for a perimeter bridge.
public RepeatedField<ServicePerimeterConfig.Types.IngressPolicy> IngressPolicies { get; }
List of [IngressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
to apply to the perimeter. A perimeter may have multiple [IngressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy],
each of which is evaluated separately. Access is granted if any [Ingress
Policy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
grants it. Must be empty for a perimeter bridge.
public RepeatedField<string> RestrictedServices { get; }
Google Cloud services that are subject to the Service Perimeter
restrictions. For example, if storage.googleapis.com is specified, access
to the storage buckets inside the perimeter must meet the perimeter's
access restrictions.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eServicePerimeterConfig\u003c/code\u003e class in the Google Identity Access Context Manager v1 API defines the configuration for a Service Perimeter, specifying which Google Cloud resources and services are within its boundaries.\u003c/p\u003e\n"],["\u003cp\u003eMultiple versions of the documentation for \u003ccode\u003eServicePerimeterConfig\u003c/code\u003e are available, ranging from version 1.2.0 to the latest 2.5.0, with links provided for each.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eServicePerimeterConfig\u003c/code\u003e class can implement interfaces like IMessage, IEquatable, IDeepCloneable, and IBufferMessage, enabling functionalities such as deep cloning and equality checks.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eServicePerimeterConfig\u003c/code\u003e allows configuration of access through properties like \u003ccode\u003eAccessLevels\u003c/code\u003e, \u003ccode\u003eEgressPolicies\u003c/code\u003e, and \u003ccode\u003eIngressPolicies\u003c/code\u003e, to control how resources within the perimeter are accessed, and it can also define the \u003ccode\u003eRestrictedServices\u003c/code\u003e and \u003ccode\u003eResources\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eVpcAccessibleServices\u003c/code\u003e property, which can be configured in the ServicePerimeterConfig, specifies the configuration for the APIs that are permitted within the defined perimeter.\u003c/p\u003e\n"]]],[],null,["# Identity Access Context Manager v1 API - Class ServicePerimeterConfig (2.5.0)\n\nVersion latestkeyboard_arrow_down\n\n- [2.5.0 (latest)](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [2.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.4.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [2.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.3.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [2.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.2.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [2.1.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.1.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [2.0.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.0.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [1.5.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.5.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [1.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.4.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [1.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.3.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)\n- [1.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.2.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig) \n\n public sealed class ServicePerimeterConfig : IMessage\u003cServicePerimeterConfig\u003e, IEquatable\u003cServicePerimeterConfig\u003e, IDeepCloneable\u003cServicePerimeterConfig\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.\n\n`ServicePerimeterConfig` specifies a set of Google Cloud resources that\ndescribe specific Service Perimeter configuration. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e ServicePerimeterConfig \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Identity.AccessContextManager.V1](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1)\n\nAssembly\n--------\n\nGoogle.Identity.AccessContextManager.V1.dll\n\nConstructors\n------------\n\n### ServicePerimeterConfig()\n\n public ServicePerimeterConfig()\n\n### ServicePerimeterConfig(ServicePerimeterConfig)\n\n public ServicePerimeterConfig(ServicePerimeterConfig other)\n\nProperties\n----------\n\n### AccessLevels\n\n public RepeatedField\u003cstring\u003e AccessLevels { get; }\n\nA list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via Google\nCloud calls with request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.\n\n### EgressPolicies\n\n public RepeatedField\u003cServicePerimeterConfig.Types.EgressPolicy\u003e EgressPolicies { get; }\n\nList of \\[EgressPolicies\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\nto apply to the perimeter. A perimeter may have multiple \\[EgressPolicies\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\],\neach of which is evaluated separately. Access is granted if any\n\\[EgressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\\]\ngrants it. Must be empty for a perimeter bridge.\n\n### IngressPolicies\n\n public RepeatedField\u003cServicePerimeterConfig.Types.IngressPolicy\u003e IngressPolicies { get; }\n\nList of \\[IngressPolicies\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\]\nto apply to the perimeter. A perimeter may have multiple \\[IngressPolicies\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\],\neach of which is evaluated separately. Access is granted if any \\[Ingress\nPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\]\ngrants it. Must be empty for a perimeter bridge.\n\n### Resources\n\n public RepeatedField\u003cstring\u003e Resources { get; }\n\nA list of Google Cloud resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`\n\n### RestrictedServices\n\n public RepeatedField\u003cstring\u003e RestrictedServices { get; }\n\nGoogle Cloud services that are subject to the Service Perimeter\nrestrictions. For example, if `storage.googleapis.com` is specified, access\nto the storage buckets inside the perimeter must meet the perimeter's\naccess restrictions.\n\n### VpcAccessibleServices\n\n public ServicePerimeterConfig.Types.VpcAccessibleServices VpcAccessibleServices { get; set; }\n\nConfiguration for APIs allowed within Perimeter."]]