Class: Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressPolicy

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
lib/google/apis/cloudasset_v1p7beta1/classes.rb,
lib/google/apis/cloudasset_v1p7beta1/representations.rb,
lib/google/apis/cloudasset_v1p7beta1/representations.rb

Overview

Policy for egress from perimeter. EgressPolicies match requests based on egress_from and egress_to stanzas. For an EgressPolicy to match, both egress_from and egress_to stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the * resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1EgressPolicy

Returns a new instance of GoogleIdentityAccesscontextmanagerV1EgressPolicy.



1532
1533
1534
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1532

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#egress_fromGoogle::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressFrom

Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. Corresponds to the JSON property egressFrom



1519
1520
1521
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1519

def egress_from
  @egress_from
end

#egress_toGoogle::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressTo

Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the resources specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter. Corresponds to the JSON property egressTo



1530
1531
1532
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1530

def egress_to
  @egress_to
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1537
1538
1539
1540
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1537

def update!(**args)
  @egress_from = args[:egress_from] if args.key?(:egress_from)
  @egress_to = args[:egress_to] if args.key?(:egress_to)
end