Class: Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo

Inherits:

Object

• Object
• Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb

Overview

Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions are based on information about the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] intended to be performed on the resources specified. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter.

Instance Attribute Summary

• #external_resources ⇒ ::Array<::String>

  A list of external resources that are allowed to be accessed.

• #operations ⇒ ::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>

  A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].

• #resources ⇒ ::Array<::String>

  A list of resources, currently only projects in the form projects/<projectnumber>, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].

Instance Attribute Details

#external_resources ⇒ ::Array<::String>

Returns A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.

Returns:

• (::Array<::String>) —

  A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.

# File 'proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb', line 419

class EgressTo
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#operations ⇒ ::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>

Returns A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.

Returns:

• (::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) —

  A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.

# File 'proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb', line 419

class EgressTo
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#resources ⇒ ::Array<::String>

Returns A list of resources, currently only projects in the form projects/<projectnumber>, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If * is specified for resources, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.

Returns:

• (::Array<::String>) —

  A list of resources, currently only projects in the form projects/<projectnumber>, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If * is specified for resources, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.

# File 'proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb', line 419

class EgressTo
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end