public sealed class ServicePerimeterConfig.Types.IngressPolicy : IMessage<ServicePerimeterConfig.Types.IngressPolicy>, IEquatable<ServicePerimeterConfig.Types.IngressPolicy>, IDeepCloneable<ServicePerimeterConfig.Types.IngressPolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.IngressPolicy.
Policy for ingress into [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter].
[IngressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
match requests based on ingress_from and ingress_to stanzas. For an
ingress policy to match, both the ingress_from and ingress_to stanzas
must be matched. If an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request, the request is allowed through the perimeter boundary
from outside the perimeter.
For example, access from the internet can be allowed either
based on an [AccessLevel]
[google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic
hosted on Google Cloud, the project of the source network. For access from
private networks, using the project of the hosting network is required.
Individual ingress policies can be limited by restricting which
services and/or actions they match using the ingress_to field.
public ServicePerimeterConfig.Types.IngressFrom IngressFrom { get; set; }
Defines the conditions on the source of a request causing this
[IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
to apply.
public ServicePerimeterConfig.Types.IngressTo IngressTo { get; set; }
Defines the conditions on the [ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
and request destination that cause this [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
to apply.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe latest version of the \u003ccode\u003eServicePerimeterConfig.Types.IngressPolicy\u003c/code\u003e class is 2.5.0, with multiple previous versions available, ranging from 1.2.0 to 2.4.0.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eIngressPolicy\u003c/code\u003e is a class that defines the rules for allowing requests from outside the perimeter boundary into a \u003ccode\u003eServicePerimeter\u003c/code\u003e within the Google Identity Access Context Manager v1 API.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eIngressPolicies\u003c/code\u003e match requests based on \u003ccode\u003eingress_from\u003c/code\u003e and \u003ccode\u003eingress_to\u003c/code\u003e stanzas, requiring both to match for the policy to be effective.\u003c/p\u003e\n"],["\u003cp\u003eThe class \u003ccode\u003eServicePerimeterConfig.Types.IngressPolicy\u003c/code\u003e implements multiple interfaces like IMessage, IEquatable, IDeepCloneable, and IBufferMessage and inherits members from the base object class.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eIngressPolicy\u003c/code\u003e class includes two properties, \u003ccode\u003eIngressFrom\u003c/code\u003e and \u003ccode\u003eIngressTo\u003c/code\u003e, which define the source and destination conditions for requests that will match this policy.\u003c/p\u003e\n"]]],[],null,["# Identity Access Context Manager v1 API - Class ServicePerimeterConfig.Types.IngressPolicy (2.5.0)\n\nVersion latestkeyboard_arrow_down\n\n- [2.5.0 (latest)](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [2.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.4.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [2.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.3.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [2.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.2.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [2.1.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.1.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [2.0.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.0.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [1.5.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.5.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [1.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.4.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [1.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.3.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy)\n- [1.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.2.0/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy) \n\n public sealed class ServicePerimeterConfig.Types.IngressPolicy : IMessage\u003cServicePerimeterConfig.Types.IngressPolicy\u003e, IEquatable\u003cServicePerimeterConfig.Types.IngressPolicy\u003e, IDeepCloneable\u003cServicePerimeterConfig.Types.IngressPolicy\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.IngressPolicy.\n\nPolicy for ingress into \\[ServicePerimeter\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeter\\].\n\n\\[IngressPolicies\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\]\nmatch requests based on `ingress_from` and `ingress_to` stanzas. For an\ningress policy to match, both the `ingress_from` and `ingress_to` stanzas\nmust be matched. If an \\[IngressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\]\nmatches a request, the request is allowed through the perimeter boundary\nfrom outside the perimeter.\n\nFor example, access from the internet can be allowed either\nbased on an \\[AccessLevel\\]\n\\[google.identity.accesscontextmanager.v1.AccessLevel\\] or, for traffic\nhosted on Google Cloud, the project of the source network. For access from\nprivate networks, using the project of the hosting network is required.\n\nIndividual ingress policies can be limited by restricting which\nservices and/or actions they match using the `ingress_to` field. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e ServicePerimeterConfig.Types.IngressPolicy \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[IngressPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[IngressPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[ServicePerimeterConfig](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig)[Types](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types)[IngressPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.ServicePerimeterConfig.Types.IngressPolicy), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Identity.AccessContextManager.V1](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1)\n\nAssembly\n--------\n\nGoogle.Identity.AccessContextManager.V1.dll\n\nConstructors\n------------\n\n### IngressPolicy()\n\n public IngressPolicy()\n\n### IngressPolicy(IngressPolicy)\n\n public IngressPolicy(ServicePerimeterConfig.Types.IngressPolicy other)\n\nProperties\n----------\n\n### IngressFrom\n\n public ServicePerimeterConfig.Types.IngressFrom IngressFrom { get; set; }\n\nDefines the conditions on the source of a request causing this\n\\[IngressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\]\nto apply.\n\n### IngressTo\n\n public ServicePerimeterConfig.Types.IngressTo IngressTo { get; set; }\n\nDefines the conditions on the \\[ApiOperation\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\\]\nand request destination that cause this \\[IngressPolicy\\]\n\\[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\\]\nto apply."]]
