Class: Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1EgressPolicy

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
lib/google/apis/cloudasset_v1/classes.rb,
lib/google/apis/cloudasset_v1/representations.rb,
lib/google/apis/cloudasset_v1/representations.rb

Overview

Policy for egress from perimeter. EgressPolicies match requests based on egress_from and egress_to stanzas. For an EgressPolicy to match, both egress_from and egress_to stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the * resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1EgressPolicy

Returns a new instance of GoogleIdentityAccesscontextmanagerV1EgressPolicy.



3252
3253
3254
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3252

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#egress_fromGoogle::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1EgressFrom

Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. Corresponds to the JSON property egressFrom

Returns:



3231
3232
3233
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3231

def egress_from
  @egress_from
end

#egress_toGoogle::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1EgressTo

Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the resources specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter. Corresponds to the JSON property egressTo

Returns:



3242
3243
3244
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3242

def egress_to
  @egress_to
end

#titleString

Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. Corresponds to the JSON property title

Returns:

  • (String) 


3250
3251
3252
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3250

def title
  @title
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



3257
3258
3259
3260
3261
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3257

def update!(**args)
  @egress_from = args[:egress_from] if args.key?(:egress_from)
  @egress_to = args[:egress_to] if args.key?(:egress_to)
  @title = args[:title] if args.key?(:title)
end