GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig (google_api_cloud_asset v0.42.0)

View Source

ServicePerimeterConfig specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.

Attributes

  • accessLevels (type: list(String.t), default: nil) - A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL". For Service Perimeter Bridge, must be empty.
  • egressPolicies (type: list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressPolicy.t), default: nil) - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
  • ingressPolicies (type: list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1IngressPolicy.t), default: nil) - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
  • resources (type: list(String.t), default: nil) - A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}.
  • restrictedServices (type: list(String.t), default: nil) - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.
  • vpcAccessibleServices (type: GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices.t, default: nil) - Configuration for APIs allowed within Perimeter.

Summary

Types

t()

Functions

decode(value, options)

Unwrap a decoded JSON object into its complex fields.

Types

t()

@type t() ::
  %GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig{
    accessLevels: [String.t()] | nil,
    egressPolicies:
      [
        GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1EgressPolicy.t()
      ]
      | nil,
    ingressPolicies:
      [
        GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1IngressPolicy.t()
      ]
      | nil,
    resources: [String.t()] | nil,
    restrictedServices: [String.t()] | nil,
    vpcAccessibleServices:
      GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices.t()
      | nil
  }

Functions

decode(value, options)

@spec decode(struct(), keyword()) :: struct()

Unwrap a decoded JSON object into its complex fields.