gcp.accesscontextmanager.ServicePerimeterDryRunIngressPolicy
Explore with Pulumi AI
Manage a single IngressPolicy in the spec (dry-run) configuration for a service perimeter. IngressPolicies match requests based on ingressFrom and ingressTo stanzas. For an ingress policy to match, both the ingressFrom and ingressTo stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/ or actions they match using the ingressTo field.
Note: By default, updates to this resource will remove the IngressPolicy from the from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy is added before the old one is removed, add a
lifecycle
block withcreate_before_destroy = true
to this resource.
To get more information about ServicePerimeterDryRunIngressPolicy, see:
- API documentation
- How-to Guides
Example Usage
Create ServicePerimeterDryRunIngressPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServicePerimeterDryRunIngressPolicy(name: string, args: ServicePerimeterDryRunIngressPolicyArgs, opts?: CustomResourceOptions);
@overload
def ServicePerimeterDryRunIngressPolicy(resource_name: str,
args: ServicePerimeterDryRunIngressPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServicePerimeterDryRunIngressPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
perimeter: Optional[str] = None,
ingress_from: Optional[ServicePerimeterDryRunIngressPolicyIngressFromArgs] = None,
ingress_to: Optional[ServicePerimeterDryRunIngressPolicyIngressToArgs] = None)
func NewServicePerimeterDryRunIngressPolicy(ctx *Context, name string, args ServicePerimeterDryRunIngressPolicyArgs, opts ...ResourceOption) (*ServicePerimeterDryRunIngressPolicy, error)
public ServicePerimeterDryRunIngressPolicy(string name, ServicePerimeterDryRunIngressPolicyArgs args, CustomResourceOptions? opts = null)
public ServicePerimeterDryRunIngressPolicy(String name, ServicePerimeterDryRunIngressPolicyArgs args)
public ServicePerimeterDryRunIngressPolicy(String name, ServicePerimeterDryRunIngressPolicyArgs args, CustomResourceOptions options)
type: gcp:accesscontextmanager:ServicePerimeterDryRunIngressPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServicePerimeterDryRunIngressPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServicePerimeterDryRunIngressPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServicePerimeterDryRunIngressPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServicePerimeterDryRunIngressPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServicePerimeterDryRunIngressPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var servicePerimeterDryRunIngressPolicyResource = new Gcp.AccessContextManager.ServicePerimeterDryRunIngressPolicy("servicePerimeterDryRunIngressPolicyResource", new()
{
Perimeter = "string",
IngressFrom = new Gcp.AccessContextManager.Inputs.ServicePerimeterDryRunIngressPolicyIngressFromArgs
{
Identities = new[]
{
"string",
},
IdentityType = "string",
Sources = new[]
{
new Gcp.AccessContextManager.Inputs.ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs
{
AccessLevel = "string",
Resource = "string",
},
},
},
IngressTo = new Gcp.AccessContextManager.Inputs.ServicePerimeterDryRunIngressPolicyIngressToArgs
{
Operations = new[]
{
new Gcp.AccessContextManager.Inputs.ServicePerimeterDryRunIngressPolicyIngressToOperationArgs
{
MethodSelectors = new[]
{
new Gcp.AccessContextManager.Inputs.ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs
{
Method = "string",
Permission = "string",
},
},
ServiceName = "string",
},
},
Resources = new[]
{
"string",
},
},
});
example, err := accesscontextmanager.NewServicePerimeterDryRunIngressPolicy(ctx, "servicePerimeterDryRunIngressPolicyResource", &accesscontextmanager.ServicePerimeterDryRunIngressPolicyArgs{
Perimeter: pulumi.String("string"),
IngressFrom: &accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressFromArgs{
Identities: pulumi.StringArray{
pulumi.String("string"),
},
IdentityType: pulumi.String("string"),
Sources: accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressFromSourceArray{
&accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs{
AccessLevel: pulumi.String("string"),
Resource: pulumi.String("string"),
},
},
},
IngressTo: &accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressToArgs{
Operations: accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressToOperationArray{
&accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressToOperationArgs{
MethodSelectors: accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArray{
&accesscontextmanager.ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs{
Method: pulumi.String("string"),
Permission: pulumi.String("string"),
},
},
ServiceName: pulumi.String("string"),
},
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var servicePerimeterDryRunIngressPolicyResource = new ServicePerimeterDryRunIngressPolicy("servicePerimeterDryRunIngressPolicyResource", ServicePerimeterDryRunIngressPolicyArgs.builder()
.perimeter("string")
.ingressFrom(ServicePerimeterDryRunIngressPolicyIngressFromArgs.builder()
.identities("string")
.identityType("string")
.sources(ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs.builder()
.accessLevel("string")
.resource("string")
.build())
.build())
.ingressTo(ServicePerimeterDryRunIngressPolicyIngressToArgs.builder()
.operations(ServicePerimeterDryRunIngressPolicyIngressToOperationArgs.builder()
.methodSelectors(ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs.builder()
.method("string")
.permission("string")
.build())
.serviceName("string")
.build())
.resources("string")
.build())
.build());
service_perimeter_dry_run_ingress_policy_resource = gcp.accesscontextmanager.ServicePerimeterDryRunIngressPolicy("servicePerimeterDryRunIngressPolicyResource",
perimeter="string",
ingress_from={
"identities": ["string"],
"identity_type": "string",
"sources": [{
"access_level": "string",
"resource": "string",
}],
},
ingress_to={
"operations": [{
"method_selectors": [{
"method": "string",
"permission": "string",
}],
"service_name": "string",
}],
"resources": ["string"],
})
const servicePerimeterDryRunIngressPolicyResource = new gcp.accesscontextmanager.ServicePerimeterDryRunIngressPolicy("servicePerimeterDryRunIngressPolicyResource", {
perimeter: "string",
ingressFrom: {
identities: ["string"],
identityType: "string",
sources: [{
accessLevel: "string",
resource: "string",
}],
},
ingressTo: {
operations: [{
methodSelectors: [{
method: "string",
permission: "string",
}],
serviceName: "string",
}],
resources: ["string"],
},
});
type: gcp:accesscontextmanager:ServicePerimeterDryRunIngressPolicy
properties:
ingressFrom:
identities:
- string
identityType: string
sources:
- accessLevel: string
resource: string
ingressTo:
operations:
- methodSelectors:
- method: string
permission: string
serviceName: string
resources:
- string
perimeter: string
ServicePerimeterDryRunIngressPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServicePerimeterDryRunIngressPolicy resource accepts the following input properties:
- Perimeter string
- The name of the Service Perimeter to add this resource to.
- Ingress
From ServicePerimeter Dry Run Ingress Policy Ingress From - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - Ingress
To ServicePerimeter Dry Run Ingress Policy Ingress To - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below.
- Perimeter string
- The name of the Service Perimeter to add this resource to.
- Ingress
From ServicePerimeter Dry Run Ingress Policy Ingress From Args - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - Ingress
To ServicePerimeter Dry Run Ingress Policy Ingress To Args - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below.
- perimeter String
- The name of the Service Perimeter to add this resource to.
- ingress
From ServicePerimeter Dry Run Ingress Policy Ingress From - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - ingress
To ServicePerimeter Dry Run Ingress Policy Ingress To - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below.
- perimeter string
- The name of the Service Perimeter to add this resource to.
- ingress
From ServicePerimeter Dry Run Ingress Policy Ingress From - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - ingress
To ServicePerimeter Dry Run Ingress Policy Ingress To - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below.
- perimeter str
- The name of the Service Perimeter to add this resource to.
- ingress_
from ServicePerimeter Dry Run Ingress Policy Ingress From Args - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - ingress_
to ServicePerimeter Dry Run Ingress Policy Ingress To Args - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below.
- perimeter String
- The name of the Service Perimeter to add this resource to.
- ingress
From Property Map - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - ingress
To Property Map - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServicePerimeterDryRunIngressPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ServicePerimeterDryRunIngressPolicy Resource
Get an existing ServicePerimeterDryRunIngressPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServicePerimeterDryRunIngressPolicyState, opts?: CustomResourceOptions): ServicePerimeterDryRunIngressPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
ingress_from: Optional[ServicePerimeterDryRunIngressPolicyIngressFromArgs] = None,
ingress_to: Optional[ServicePerimeterDryRunIngressPolicyIngressToArgs] = None,
perimeter: Optional[str] = None) -> ServicePerimeterDryRunIngressPolicy
func GetServicePerimeterDryRunIngressPolicy(ctx *Context, name string, id IDInput, state *ServicePerimeterDryRunIngressPolicyState, opts ...ResourceOption) (*ServicePerimeterDryRunIngressPolicy, error)
public static ServicePerimeterDryRunIngressPolicy Get(string name, Input<string> id, ServicePerimeterDryRunIngressPolicyState? state, CustomResourceOptions? opts = null)
public static ServicePerimeterDryRunIngressPolicy get(String name, Output<String> id, ServicePerimeterDryRunIngressPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Ingress
From ServicePerimeter Dry Run Ingress Policy Ingress From - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - Ingress
To ServicePerimeter Dry Run Ingress Policy Ingress To - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below. - Perimeter string
- The name of the Service Perimeter to add this resource to.
- Ingress
From ServicePerimeter Dry Run Ingress Policy Ingress From Args - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - Ingress
To ServicePerimeter Dry Run Ingress Policy Ingress To Args - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below. - Perimeter string
- The name of the Service Perimeter to add this resource to.
- ingress
From ServicePerimeter Dry Run Ingress Policy Ingress From - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - ingress
To ServicePerimeter Dry Run Ingress Policy Ingress To - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below. - perimeter String
- The name of the Service Perimeter to add this resource to.
- ingress
From ServicePerimeter Dry Run Ingress Policy Ingress From - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - ingress
To ServicePerimeter Dry Run Ingress Policy Ingress To - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below. - perimeter string
- The name of the Service Perimeter to add this resource to.
- ingress_
from ServicePerimeter Dry Run Ingress Policy Ingress From Args - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - ingress_
to ServicePerimeter Dry Run Ingress Policy Ingress To Args - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below. - perimeter str
- The name of the Service Perimeter to add this resource to.
- ingress
From Property Map - Defines the conditions on the source of a request causing this
IngressPolicy
to apply. Structure is documented below. - ingress
To Property Map - Defines the conditions on the
ApiOperation
and request destination that cause thisIngressPolicy
to apply. Structure is documented below. - perimeter String
- The name of the Service Perimeter to add this resource to.
Supporting Types
ServicePerimeterDryRunIngressPolicyIngressFrom, ServicePerimeterDryRunIngressPolicyIngressFromArgs
- Identities List<string>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type string - Specifies the type of identities that are allowed access from outside the
perimeter. If left unspecified, then members of
identities
field will be allowed access. Possible values are:ANY_IDENTITY
,ANY_USER_ACCOUNT
,ANY_SERVICE_ACCOUNT
. - Sources
List<Service
Perimeter Dry Run Ingress Policy Ingress From Source> - Sources that this
IngressPolicy
authorizes access from. Structure is documented below.
- Identities []string
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type string - Specifies the type of identities that are allowed access from outside the
perimeter. If left unspecified, then members of
identities
field will be allowed access. Possible values are:ANY_IDENTITY
,ANY_USER_ACCOUNT
,ANY_SERVICE_ACCOUNT
. - Sources
[]Service
Perimeter Dry Run Ingress Policy Ingress From Source - Sources that this
IngressPolicy
authorizes access from. Structure is documented below.
- identities List<String>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type String - Specifies the type of identities that are allowed access from outside the
perimeter. If left unspecified, then members of
identities
field will be allowed access. Possible values are:ANY_IDENTITY
,ANY_USER_ACCOUNT
,ANY_SERVICE_ACCOUNT
. - sources
List<Service
Perimeter Dry Run Ingress Policy Ingress From Source> - Sources that this
IngressPolicy
authorizes access from. Structure is documented below.
- identities string[]
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type string - Specifies the type of identities that are allowed access from outside the
perimeter. If left unspecified, then members of
identities
field will be allowed access. Possible values are:ANY_IDENTITY
,ANY_USER_ACCOUNT
,ANY_SERVICE_ACCOUNT
. - sources
Service
Perimeter Dry Run Ingress Policy Ingress From Source[] - Sources that this
IngressPolicy
authorizes access from. Structure is documented below.
- identities Sequence[str]
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity_
type str - Specifies the type of identities that are allowed access from outside the
perimeter. If left unspecified, then members of
identities
field will be allowed access. Possible values are:ANY_IDENTITY
,ANY_USER_ACCOUNT
,ANY_SERVICE_ACCOUNT
. - sources
Sequence[Service
Perimeter Dry Run Ingress Policy Ingress From Source] - Sources that this
IngressPolicy
authorizes access from. Structure is documented below.
- identities List<String>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type String - Specifies the type of identities that are allowed access from outside the
perimeter. If left unspecified, then members of
identities
field will be allowed access. Possible values are:ANY_IDENTITY
,ANY_USER_ACCOUNT
,ANY_SERVICE_ACCOUNT
. - sources List<Property Map>
- Sources that this
IngressPolicy
authorizes access from. Structure is documented below.
ServicePerimeterDryRunIngressPolicyIngressFromSource, ServicePerimeterDryRunIngressPolicyIngressFromSourceArgs
- Access
Level string - An
AccessLevel
resource name that allow resources within theServicePerimeters
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
will cause an error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. ExampleaccessPolicies/MY_POLICY/accessLevels/MY_LEVEL.
If * is specified, then all IngressSources will be allowed. - Resource string
- A Google Cloud resource that is allowed to ingress the perimeter.
Requests from these resources will be allowed to access perimeter data.
Currently only projects are allowed. Format
projects/{project_number}
The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- Access
Level string - An
AccessLevel
resource name that allow resources within theServicePerimeters
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
will cause an error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. ExampleaccessPolicies/MY_POLICY/accessLevels/MY_LEVEL.
If * is specified, then all IngressSources will be allowed. - Resource string
- A Google Cloud resource that is allowed to ingress the perimeter.
Requests from these resources will be allowed to access perimeter data.
Currently only projects are allowed. Format
projects/{project_number}
The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level String - An
AccessLevel
resource name that allow resources within theServicePerimeters
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
will cause an error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. ExampleaccessPolicies/MY_POLICY/accessLevels/MY_LEVEL.
If * is specified, then all IngressSources will be allowed. - resource String
- A Google Cloud resource that is allowed to ingress the perimeter.
Requests from these resources will be allowed to access perimeter data.
Currently only projects are allowed. Format
projects/{project_number}
The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level string - An
AccessLevel
resource name that allow resources within theServicePerimeters
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
will cause an error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. ExampleaccessPolicies/MY_POLICY/accessLevels/MY_LEVEL.
If * is specified, then all IngressSources will be allowed. - resource string
- A Google Cloud resource that is allowed to ingress the perimeter.
Requests from these resources will be allowed to access perimeter data.
Currently only projects are allowed. Format
projects/{project_number}
The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access_
level str - An
AccessLevel
resource name that allow resources within theServicePerimeters
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
will cause an error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. ExampleaccessPolicies/MY_POLICY/accessLevels/MY_LEVEL.
If * is specified, then all IngressSources will be allowed. - resource str
- A Google Cloud resource that is allowed to ingress the perimeter.
Requests from these resources will be allowed to access perimeter data.
Currently only projects are allowed. Format
projects/{project_number}
The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level String - An
AccessLevel
resource name that allow resources within theServicePerimeters
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
will cause an error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. ExampleaccessPolicies/MY_POLICY/accessLevels/MY_LEVEL.
If * is specified, then all IngressSources will be allowed. - resource String
- A Google Cloud resource that is allowed to ingress the perimeter.
Requests from these resources will be allowed to access perimeter data.
Currently only projects are allowed. Format
projects/{project_number}
The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
ServicePerimeterDryRunIngressPolicyIngressTo, ServicePerimeterDryRunIngressPolicyIngressToArgs
- Operations
List<Service
Perimeter Dry Run Ingress Policy Ingress To Operation> - A list of
ApiOperations
the sources specified in correspondingIngressFrom
are allowed to perform in thisServicePerimeter
. Structure is documented below. - Resources List<string>
- A list of resources, currently only projects in the form
projects/<projectnumber>
, protected by thisServicePerimeter
that are allowed to be accessed by sources defined in the correspondingIngressFrom
. A request matches if it contains a resource in this list. If*
is specified for resources, then thisIngressTo
rule will authorize access to all resources inside the perimeter, provided that the request also matches theoperations
field.
- Operations
[]Service
Perimeter Dry Run Ingress Policy Ingress To Operation - A list of
ApiOperations
the sources specified in correspondingIngressFrom
are allowed to perform in thisServicePerimeter
. Structure is documented below. - Resources []string
- A list of resources, currently only projects in the form
projects/<projectnumber>
, protected by thisServicePerimeter
that are allowed to be accessed by sources defined in the correspondingIngressFrom
. A request matches if it contains a resource in this list. If*
is specified for resources, then thisIngressTo
rule will authorize access to all resources inside the perimeter, provided that the request also matches theoperations
field.
- operations
List<Service
Perimeter Dry Run Ingress Policy Ingress To Operation> - A list of
ApiOperations
the sources specified in correspondingIngressFrom
are allowed to perform in thisServicePerimeter
. Structure is documented below. - resources List<String>
- A list of resources, currently only projects in the form
projects/<projectnumber>
, protected by thisServicePerimeter
that are allowed to be accessed by sources defined in the correspondingIngressFrom
. A request matches if it contains a resource in this list. If*
is specified for resources, then thisIngressTo
rule will authorize access to all resources inside the perimeter, provided that the request also matches theoperations
field.
- operations
Service
Perimeter Dry Run Ingress Policy Ingress To Operation[] - A list of
ApiOperations
the sources specified in correspondingIngressFrom
are allowed to perform in thisServicePerimeter
. Structure is documented below. - resources string[]
- A list of resources, currently only projects in the form
projects/<projectnumber>
, protected by thisServicePerimeter
that are allowed to be accessed by sources defined in the correspondingIngressFrom
. A request matches if it contains a resource in this list. If*
is specified for resources, then thisIngressTo
rule will authorize access to all resources inside the perimeter, provided that the request also matches theoperations
field.
- operations
Sequence[Service
Perimeter Dry Run Ingress Policy Ingress To Operation] - A list of
ApiOperations
the sources specified in correspondingIngressFrom
are allowed to perform in thisServicePerimeter
. Structure is documented below. - resources Sequence[str]
- A list of resources, currently only projects in the form
projects/<projectnumber>
, protected by thisServicePerimeter
that are allowed to be accessed by sources defined in the correspondingIngressFrom
. A request matches if it contains a resource in this list. If*
is specified for resources, then thisIngressTo
rule will authorize access to all resources inside the perimeter, provided that the request also matches theoperations
field.
- operations List<Property Map>
- A list of
ApiOperations
the sources specified in correspondingIngressFrom
are allowed to perform in thisServicePerimeter
. Structure is documented below. - resources List<String>
- A list of resources, currently only projects in the form
projects/<projectnumber>
, protected by thisServicePerimeter
that are allowed to be accessed by sources defined in the correspondingIngressFrom
. A request matches if it contains a resource in this list. If*
is specified for resources, then thisIngressTo
rule will authorize access to all resources inside the perimeter, provided that the request also matches theoperations
field.
ServicePerimeterDryRunIngressPolicyIngressToOperation, ServicePerimeterDryRunIngressPolicyIngressToOperationArgs
- Method
Selectors List<ServicePerimeter Dry Run Ingress Policy Ingress To Operation Method Selector> - API methods or permissions to allow. Method or permission must belong to
the service specified by serviceName field. A single
MethodSelector
entry with*
specified for the method field will allow all methods AND permissions for the service specified inserviceName
. Structure is documented below. - Service
Name string - The name of the API whose methods or permissions the
IngressPolicy
orEgressPolicy
want to allow. A singleApiOperation
withserviceName
field set to*
will allow all methods AND permissions for all services.
- Method
Selectors []ServicePerimeter Dry Run Ingress Policy Ingress To Operation Method Selector - API methods or permissions to allow. Method or permission must belong to
the service specified by serviceName field. A single
MethodSelector
entry with*
specified for the method field will allow all methods AND permissions for the service specified inserviceName
. Structure is documented below. - Service
Name string - The name of the API whose methods or permissions the
IngressPolicy
orEgressPolicy
want to allow. A singleApiOperation
withserviceName
field set to*
will allow all methods AND permissions for all services.
- method
Selectors List<ServicePerimeter Dry Run Ingress Policy Ingress To Operation Method Selector> - API methods or permissions to allow. Method or permission must belong to
the service specified by serviceName field. A single
MethodSelector
entry with*
specified for the method field will allow all methods AND permissions for the service specified inserviceName
. Structure is documented below. - service
Name String - The name of the API whose methods or permissions the
IngressPolicy
orEgressPolicy
want to allow. A singleApiOperation
withserviceName
field set to*
will allow all methods AND permissions for all services.
- method
Selectors ServicePerimeter Dry Run Ingress Policy Ingress To Operation Method Selector[] - API methods or permissions to allow. Method or permission must belong to
the service specified by serviceName field. A single
MethodSelector
entry with*
specified for the method field will allow all methods AND permissions for the service specified inserviceName
. Structure is documented below. - service
Name string - The name of the API whose methods or permissions the
IngressPolicy
orEgressPolicy
want to allow. A singleApiOperation
withserviceName
field set to*
will allow all methods AND permissions for all services.
- method_
selectors Sequence[ServicePerimeter Dry Run Ingress Policy Ingress To Operation Method Selector] - API methods or permissions to allow. Method or permission must belong to
the service specified by serviceName field. A single
MethodSelector
entry with*
specified for the method field will allow all methods AND permissions for the service specified inserviceName
. Structure is documented below. - service_
name str - The name of the API whose methods or permissions the
IngressPolicy
orEgressPolicy
want to allow. A singleApiOperation
withserviceName
field set to*
will allow all methods AND permissions for all services.
- method
Selectors List<Property Map> - API methods or permissions to allow. Method or permission must belong to
the service specified by serviceName field. A single
MethodSelector
entry with*
specified for the method field will allow all methods AND permissions for the service specified inserviceName
. Structure is documented below. - service
Name String - The name of the API whose methods or permissions the
IngressPolicy
orEgressPolicy
want to allow. A singleApiOperation
withserviceName
field set to*
will allow all methods AND permissions for all services.
ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelector, ServicePerimeterDryRunIngressPolicyIngressToOperationMethodSelectorArgs
- Method string
- Value for method should be a valid method name for the corresponding
serviceName in
ApiOperation
. If*
used as value formethod
, then ALL methods and permissions are allowed. - Permission string
- Value for permission should be a valid Cloud IAM permission for the
corresponding
serviceName
inApiOperation
.
- Method string
- Value for method should be a valid method name for the corresponding
serviceName in
ApiOperation
. If*
used as value formethod
, then ALL methods and permissions are allowed. - Permission string
- Value for permission should be a valid Cloud IAM permission for the
corresponding
serviceName
inApiOperation
.
- method String
- Value for method should be a valid method name for the corresponding
serviceName in
ApiOperation
. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission String
- Value for permission should be a valid Cloud IAM permission for the
corresponding
serviceName
inApiOperation
.
- method string
- Value for method should be a valid method name for the corresponding
serviceName in
ApiOperation
. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission string
- Value for permission should be a valid Cloud IAM permission for the
corresponding
serviceName
inApiOperation
.
- method str
- Value for method should be a valid method name for the corresponding
serviceName in
ApiOperation
. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission str
- Value for permission should be a valid Cloud IAM permission for the
corresponding
serviceName
inApiOperation
.
- method String
- Value for method should be a valid method name for the corresponding
serviceName in
ApiOperation
. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission String
- Value for permission should be a valid Cloud IAM permission for the
corresponding
serviceName
inApiOperation
.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.