GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressPolicy (google_api_cloud_asset v0.23.2) View Source

Policy for egress from perimeter. EgressPolicies match requests based on egress_from and egress_to stanzas. For an EgressPolicy to match, both egress_from and egress_to stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the resources that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.


  • egressFrom (type: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressFrom.t, default: nil) - Defines conditions on the source of a request causing this EgressPolicy to apply.
  • egressTo (type: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressTo.t, default: nil) - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.

Link to this section Summary


Unwrap a decoded JSON object into its complex fields.

Link to this section Types


t() ::
      | nil,
      | nil

Link to this section Functions


decode(struct(), keyword()) :: struct()

Unwrap a decoded JSON object into its complex fields.