public sealed class EgressTo : IMessage<ServicePerimeterConfig.Types.EgressTo>, IEquatable<ServicePerimeterConfig.Types.EgressTo>, IDeepCloneable<ServicePerimeterConfig.Types.EgressTo>, IBufferMessage, IMessageReference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.Types.EgressTo.
Defines the conditions under which an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the resources specified. Note that if the
destination of the request is also protected by a [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter], then that
[ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] must have
an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
which allows access in order for this request to succeed. The request must
match operations AND resources fields in order to be allowed egress out
of the perimeter.
Implements
IMessage<ServicePerimeterConfig.Types.EgressTo>, IEquatable<ServicePerimeterConfig.Types.EgressTo>, IDeepCloneable<ServicePerimeterConfig.Types.EgressTo>, IBufferMessage, IMessageNamespace
Google.Identity.AccessContextManager.V1Assembly
Google.Identity.AccessContextManager.V1.dll
Constructors
EgressTo()
public EgressTo()EgressTo(ServicePerimeterConfig.Types.EgressTo)
public EgressTo(ServicePerimeterConfig.Types.EgressTo other)| Parameter | |
|---|---|
| Name | Description | 
| other | ServicePerimeterConfig.Types.EgressTo | 
Properties
ExternalResources
public RepeatedField<string> ExternalResources { get; }A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
| Property Value | |
|---|---|
| Type | Description | 
| RepeatedField<String> | |
Operations
public RepeatedField<ServicePerimeterConfig.Types.ApiOperation> Operations { get; }A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.
| Property Value | |
|---|---|
| Type | Description | 
| RepeatedField<ServicePerimeterConfig.Types.ApiOperation> | |
Resources
public RepeatedField<string> Resources { get; }A list of resources, currently only projects in the form
projects/<projectnumber>, that are allowed to be accessed by sources
defined in the corresponding [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
A request matches if it contains a resource in this list.  If * is
specified for resources, then this [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
rule will authorize access to all resources outside the perimeter.
| Property Value | |
|---|---|
| Type | Description | 
| RepeatedField<String> | |