Class: Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1EgressTo

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
lib/google/apis/cloudasset_v1p7beta1/classes.rb,
lib/google/apis/cloudasset_v1p7beta1/representations.rb,
lib/google/apis/cloudasset_v1p7beta1/representations.rb

Overview

Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the resources specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ GoogleIdentityAccesscontextmanagerV1EgressTo

Returns a new instance of GoogleIdentityAccesscontextmanagerV1EgressTo.



1661
1662
1663
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1661

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#external_resourcesArray<String>

A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported formats are s3:// BUCKET_NAME, s3a://BUCKET_NAME, and s3n://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3:/ /bucket/path). Currently '*' is not allowed. Corresponds to the JSON property externalResources

Returns:

  • (Array<String>) 


1637
1638
1639
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1637

def external_resources
  @external_resources
end

#operationsArray<Google::Apis::CloudassetV1p7beta1::GoogleIdentityAccesscontextmanagerV1ApiOperation>

A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/ service in this list. Corresponds to the JSON property operations

Returns:



1644
1645
1646
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1644

def operations
  @operations
end

#resourcesArray<String>

A list of resources, currently only projects in the form projects/, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If * is specified for resources, then this EgressTo rule will authorize access to all resources outside the perimeter. Corresponds to the JSON property resources

Returns:

  • (Array<String>) 


1653
1654
1655
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1653

def resources
  @resources
end

#rolesArray<String>

IAM roles that represent the set of operations that the sources specified in the corresponding EgressFrom. are allowed to perform in this ServicePerimeter. Corresponds to the JSON property roles

Returns:

  • (Array<String>) 


1659
1660
1661
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1659

def roles
  @roles
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1666
1667
1668
1669
1670
1671
 
# File 'lib/google/apis/cloudasset_v1p7beta1/classes.rb', line 1666

def update!(**args)
  @external_resources = args[:external_resources] if args.key?(:external_resources)
  @operations = args[:operations] if args.key?(:operations)
  @resources = args[:resources] if args.key?(:resources)
  @roles = args[:roles] if args.key?(:roles)
end