Class: Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressPolicy

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
lib/google/apis/cloudasset_v1p7beta1/classes.rb,
lib/google/apis/cloudasset_v1p7beta1/representations.rb,
lib/google/apis/cloudasset_v1p7beta1/representations.rb

Overview

Policy for egress from perimeter. EgressPolicies match requests based on egress_from and egress_to stanzas. For an EgressPolicy to match, both egress_from and egress_to stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the * resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1EgressPolicy

Returns a new instance of GoogleIdentityAccesscontextmanagerV1EgressPolicy.



1541
1542
1543
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1541

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#egress_fromGoogle::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressFrom

Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. Corresponds to the JSON property egressFrom

Returns:



1520
1521
1522
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1520

def egress_from
  @egress_from
end

#egress_toGoogle::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressTo

Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the resources specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter. Corresponds to the JSON property egressTo

Returns:



1531
1532
1533
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1531

def egress_to
  @egress_to
end

#titleString

Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. Corresponds to the JSON property title

Returns:

  • (String) 


1539
1540
1541
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1539

def title
  @title
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1546
1547
1548
1549
1550
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1546

def update!(**args)
  @egress_from = args[:egress_from] if args.key?(:egress_from)
  @egress_to = args[:egress_to] if args.key?(:egress_to)
  @title = args[:title] if args.key?(:title)
end