public sealed class ServicePerimeterConfig : IMessage<ServicePerimeterConfig>, IEquatable<ServicePerimeterConfig>, IDeepCloneable<ServicePerimeterConfig>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class ServicePerimeterConfig.
ServicePerimeterConfig
specifies a set of Google Cloud resources that
describe specific Service Perimeter configuration.
Implements
IMessageServicePerimeterConfig, IEquatableServicePerimeterConfig, IDeepCloneableServicePerimeterConfig, IBufferMessage, IMessageNamespace
Google.Identity.AccessContextManager.V1Assembly
Google.Identity.AccessContextManager.V1.dll
Constructors
ServicePerimeterConfig()
public ServicePerimeterConfig()
ServicePerimeterConfig(ServicePerimeterConfig)
public ServicePerimeterConfig(ServicePerimeterConfig other)
Parameter | |
---|---|
Name | Description |
other |
ServicePerimeterConfig |
Properties
AccessLevels
public RepeatedField<string> AccessLevels { get; }
A list of AccessLevel
resource names that allow resources within the
ServicePerimeter
to be accessed from the internet. AccessLevels
listed
must be in the same policy as this ServicePerimeter
. Referencing a
nonexistent AccessLevel
is a syntax error. If no AccessLevel
names are
listed, resources within the perimeter can only be accessed via Google
Cloud calls with request origins within the perimeter. Example:
"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
.
For Service Perimeter Bridge, must be empty.
Property Value | |
---|---|
Type | Description |
RepeatedFieldstring |
EgressPolicies
public RepeatedField<ServicePerimeterConfig.Types.EgressPolicy> EgressPolicies { get; }
List of [EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to apply to the perimeter. A perimeter may have multiple [EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy], each of which is evaluated separately. Access is granted if any [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] grants it. Must be empty for a perimeter bridge.
Property Value | |
---|---|
Type | Description |
RepeatedFieldServicePerimeterConfigTypesEgressPolicy |
IngressPolicies
public RepeatedField<ServicePerimeterConfig.Types.IngressPolicy> IngressPolicies { get; }
List of [IngressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] to apply to the perimeter. A perimeter may have multiple [IngressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy], each of which is evaluated separately. Access is granted if any [Ingress Policy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] grants it. Must be empty for a perimeter bridge.
Property Value | |
---|---|
Type | Description |
RepeatedFieldServicePerimeterConfigTypesIngressPolicy |
Resources
public RepeatedField<string> Resources { get; }
A list of Google Cloud resources that are inside of the service perimeter.
Currently only projects are allowed. Format: projects/{project_number}
Property Value | |
---|---|
Type | Description |
RepeatedFieldstring |
RestrictedServices
public RepeatedField<string> RestrictedServices { get; }
Google Cloud services that are subject to the Service Perimeter
restrictions. For example, if storage.googleapis.com
is specified, access
to the storage buckets inside the perimeter must meet the perimeter's
access restrictions.
Property Value | |
---|---|
Type | Description |
RepeatedFieldstring |
VpcAccessibleServices
public ServicePerimeterConfig.Types.VpcAccessibleServices VpcAccessibleServices { get; set; }
Configuration for APIs allowed within Perimeter.
Property Value | |
---|---|
Type | Description |
ServicePerimeterConfigTypesVpcAccessibleServices |