Class: Google::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1EgressPolicy

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
lib/google/apis/cloudasset_v1/classes.rb,
lib/google/apis/cloudasset_v1/representations.rb,
lib/google/apis/cloudasset_v1/representations.rb

Overview

Policy for egress from perimeter. EgressPolicies match requests based on egress_from and egress_to stanzas. For an EgressPolicy to match, both egress_from and egress_to stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the * resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1EgressPolicy

Returns a new instance of GoogleIdentityAccesscontextmanagerV1EgressPolicy.



3282
3283
3284
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3282

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#egress_fromGoogle::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1EgressFrom

Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. Corresponds to the JSON property egressFrom

Returns:



3261
3262
3263
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3261

def egress_from
  @egress_from
end

#egress_toGoogle::Apis::CloudassetV1::GoogleIdentityAccesscontextmanagerV1EgressTo

Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the resources specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter. Corresponds to the JSON property egressTo

Returns:



3272
3273
3274
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3272

def egress_to
  @egress_to
end

#titleString

Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. Corresponds to the JSON property title

Returns:

  • (String) 


3280
3281
3282
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3280

def title
  @title
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



3287
3288
3289
3290
3291
 
# File 'lib/google/apis/cloudasset_v1/classes.rb', line 3287

def update!(**args)
  @egress_from = args[:egress_from] if args.key?(:egress_from)
  @egress_to = args[:egress_to] if args.key?(:egress_to)
  @title = args[:title] if args.key?(:title)
end