class Google::Apis::AccesscontextmanagerV1::EgressPolicy
Policy for egress from perimeter. EgressPolicies match requests based on ` egress_from
` and `egress_to` stanzas. For an EgressPolicy
to match, both ` egress_from
` and `egress_to` stanzas must be matched. If an EgressPolicy
matches a request, the request is allowed to span the ServicePerimeter
boundary. For example, an EgressPolicy
can be used to allow VMs on networks within the ServicePerimeter
to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the * resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom
and EgressTo
.
Attributes
Defines the conditions under which an EgressPolicy
matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter
, then that ServicePerimeter
must have an IngressPolicy
which allows access in order for this request to succeed. Corresponds to the JSON property `egressFrom` @return [Google::Apis::AccesscontextmanagerV1::EgressFrom]
Defines the conditions under which an EgressPolicy
matches a request. Conditions are based on information about the ApiOperation
intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter
, then that ServicePerimeter
must have an IngressPolicy
which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. Corresponds to the JSON property `egressTo` @return [Google::Apis::AccesscontextmanagerV1::EgressTo]
Public Class Methods
# File lib/google/apis/accesscontextmanager_v1/classes.rb, line 489 def initialize(**args) update!(**args) end
Public Instance Methods
Update properties of this object
# File lib/google/apis/accesscontextmanager_v1/classes.rb, line 494 def update!(**args) @egress_from = args[:egress_from] if args.key?(:egress_from) @egress_to = args[:egress_to] if args.key?(:egress_to) end