Cloud Asset V1 API - Class Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo (v0.24.0)

Reference documentation and code samples for the Cloud Asset V1 API class Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo.

Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions are based on information about the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] intended to be performed on the resources specified. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#external_resources

def external_resources() -> ::Array<::String>
Returns
  • (::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.

#external_resources=

def external_resources=(value) -> ::Array<::String>
Parameter
  • value (::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
Returns
  • (::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.

#operations

def operations() -> ::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>
Returns
  • (::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.

#operations=

def operations=(value) -> ::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>
Parameter
  • value (::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.
Returns
  • (::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.

#resources

def resources() -> ::Array<::String>
Returns
  • (::Array<::String>) — A list of resources, currently only projects in the form projects/<projectnumber>, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If * is specified for resources, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.

#resources=

def resources=(value) -> ::Array<::String>
Parameter
  • value (::Array<::String>) — A list of resources, currently only projects in the form projects/<projectnumber>, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If * is specified for resources, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.
Returns
  • (::Array<::String>) — A list of resources, currently only projects in the form projects/<projectnumber>, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If * is specified for resources, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.