Class: Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressPolicy
- Inherits:
-
Object
- Object
- Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressPolicy
- Includes:
- Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
- Defined in:
- lib/google/apis/cloudasset_v1p7beta1/classes.rb,
lib/google/apis/cloudasset_v1p7beta1/representations.rb,
lib/google/apis/cloudasset_v1p7beta1/representations.rb
Overview
Policy for egress from perimeter. EgressPolicies match requests based on
egress_from and egress_to stanzas. For an EgressPolicy to match, both
egress_from and egress_to stanzas must be matched. If an EgressPolicy
matches a request, the request is allowed to span the ServicePerimeter
boundary. For example, an EgressPolicy can be used to allow VMs on networks
within the ServicePerimeter to access a defined set of projects outside the
perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket
or query against a BigQuery dataset). EgressPolicies are concerned with the *
resources* that a request relates as well as the API services and API actions
being used. They do not related to the direction of data movement. More
detailed documentation for this concept can be found in the descriptions of
EgressFrom and EgressTo.
Instance Attribute Summary collapse
-
#egress_from ⇒ Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressFrom
Defines the conditions under which an EgressPolicy matches a request.
-
#egress_to ⇒ Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressTo
Defines the conditions under which an EgressPolicy matches a request.
Instance Method Summary collapse
-
#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1EgressPolicy
constructor
A new instance of GoogleIdentityAccesscontextmanagerV1EgressPolicy.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1EgressPolicy
Returns a new instance of GoogleIdentityAccesscontextmanagerV1EgressPolicy.
1533 1534 1535 |
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1533 def initialize(**args) update!(**args) end |
Instance Attribute Details
#egress_from ⇒ Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressFrom
Defines the conditions under which an EgressPolicy matches a request.
Conditions based on information about the source of the request. Note that if
the destination of the request is also protected by a ServicePerimeter, then
that ServicePerimeter must have an IngressPolicy which allows access in order
for this request to succeed.
Corresponds to the JSON property egressFrom
1520 1521 1522 |
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1520 def egress_from @egress_from end |
#egress_to ⇒ Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressTo
Defines the conditions under which an EgressPolicy matches a request.
Conditions are based on information about the ApiOperation intended to be
performed on the resources specified. Note that if the destination of the
request is also protected by a ServicePerimeter, then that ServicePerimeter
must have an IngressPolicy which allows access in order for this request to
succeed. The request must match operations AND resources fields in order
to be allowed egress out of the perimeter.
Corresponds to the JSON property egressTo
1531 1532 1533 |
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1531 def egress_to @egress_to end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
1538 1539 1540 1541 |
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1538 def update!(**args) @egress_from = args[:egress_from] if args.key?(:egress_from) @egress_to = args[:egress_to] if args.key?(:egress_to) end |