Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.

Attributes

• identities (type: list(String.t), default: nil) - A list of identities that are allowed access through [EgressPolicy]. Identities can be an individual user, service account, Google group, or third-party identity. For third-party identity, only single identities are supported and other identity types are not supported. The v1 identities that have the prefix user, group, serviceAccount, and principal in https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported.
• identityType (type: String.t, default: nil) - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of identities field will be allowed access.
• sourceRestriction (type: String.t, default: nil) - Whether to enforce traffic restrictions based on sources field. If the sources fields is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED.
• sources (type: list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressSource.t), default: nil) - Sources that this EgressPolicy authorizes access from. If this field is not empty, then source_restriction must be set to SOURCE_RESTRICTION_ENABLED.