Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.accesscontextmanager/v1.ServicePerimeter
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.
Create ServicePerimeter Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServicePerimeter(name: string, args: ServicePerimeterArgs, opts?: CustomResourceOptions);
@overload
def ServicePerimeter(resource_name: str,
args: ServicePerimeterArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServicePerimeter(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_policy_id: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
perimeter_type: Optional[ServicePerimeterPerimeterType] = None,
spec: Optional[ServicePerimeterConfigArgs] = None,
title: Optional[str] = None,
use_explicit_dry_run_spec: Optional[bool] = None)
func NewServicePerimeter(ctx *Context, name string, args ServicePerimeterArgs, opts ...ResourceOption) (*ServicePerimeter, error)
public ServicePerimeter(string name, ServicePerimeterArgs args, CustomResourceOptions? opts = null)
public ServicePerimeter(String name, ServicePerimeterArgs args)
public ServicePerimeter(String name, ServicePerimeterArgs args, CustomResourceOptions options)
type: google-native:accesscontextmanager/v1:ServicePerimeter
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServicePerimeterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServicePerimeterArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServicePerimeterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServicePerimeterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServicePerimeterArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var servicePerimeterResource = new GoogleNative.AccessContextManager.V1.ServicePerimeter("servicePerimeterResource", new()
{
AccessPolicyId = "string",
Description = "string",
Name = "string",
PerimeterType = GoogleNative.AccessContextManager.V1.ServicePerimeterPerimeterType.PerimeterTypeRegular,
Spec = new GoogleNative.AccessContextManager.V1.Inputs.ServicePerimeterConfigArgs
{
AccessLevels = new[]
{
"string",
},
EgressPolicies = new[]
{
new GoogleNative.AccessContextManager.V1.Inputs.EgressPolicyArgs
{
EgressFrom = new GoogleNative.AccessContextManager.V1.Inputs.EgressFromArgs
{
Identities = new[]
{
"string",
},
IdentityType = GoogleNative.AccessContextManager.V1.EgressFromIdentityType.IdentityTypeUnspecified,
SourceRestriction = GoogleNative.AccessContextManager.V1.EgressFromSourceRestriction.SourceRestrictionUnspecified,
Sources = new[]
{
new GoogleNative.AccessContextManager.V1.Inputs.EgressSourceArgs
{
AccessLevel = "string",
},
},
},
EgressTo = new GoogleNative.AccessContextManager.V1.Inputs.EgressToArgs
{
ExternalResources = new[]
{
"string",
},
Operations = new[]
{
new GoogleNative.AccessContextManager.V1.Inputs.ApiOperationArgs
{
MethodSelectors = new[]
{
new GoogleNative.AccessContextManager.V1.Inputs.MethodSelectorArgs
{
Method = "string",
Permission = "string",
},
},
ServiceName = "string",
},
},
Resources = new[]
{
"string",
},
},
},
},
IngressPolicies = new[]
{
new GoogleNative.AccessContextManager.V1.Inputs.IngressPolicyArgs
{
IngressFrom = new GoogleNative.AccessContextManager.V1.Inputs.IngressFromArgs
{
Identities = new[]
{
"string",
},
IdentityType = GoogleNative.AccessContextManager.V1.IngressFromIdentityType.IdentityTypeUnspecified,
Sources = new[]
{
new GoogleNative.AccessContextManager.V1.Inputs.IngressSourceArgs
{
AccessLevel = "string",
Resource = "string",
},
},
},
IngressTo = new GoogleNative.AccessContextManager.V1.Inputs.IngressToArgs
{
Operations = new[]
{
new GoogleNative.AccessContextManager.V1.Inputs.ApiOperationArgs
{
MethodSelectors = new[]
{
new GoogleNative.AccessContextManager.V1.Inputs.MethodSelectorArgs
{
Method = "string",
Permission = "string",
},
},
ServiceName = "string",
},
},
Resources = new[]
{
"string",
},
},
},
},
Resources = new[]
{
"string",
},
RestrictedServices = new[]
{
"string",
},
VpcAccessibleServices = new GoogleNative.AccessContextManager.V1.Inputs.VpcAccessibleServicesArgs
{
AllowedServices = new[]
{
"string",
},
EnableRestriction = false,
},
},
Title = "string",
UseExplicitDryRunSpec = false,
});
example, err := accesscontextmanager.NewServicePerimeter(ctx, "servicePerimeterResource", &accesscontextmanager.ServicePerimeterArgs{
AccessPolicyId: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
PerimeterType: accesscontextmanager.ServicePerimeterPerimeterTypePerimeterTypeRegular,
Spec: &accesscontextmanager.ServicePerimeterConfigArgs{
AccessLevels: pulumi.StringArray{
pulumi.String("string"),
},
EgressPolicies: accesscontextmanager.EgressPolicyArray{
&accesscontextmanager.EgressPolicyArgs{
EgressFrom: &accesscontextmanager.EgressFromArgs{
Identities: pulumi.StringArray{
pulumi.String("string"),
},
IdentityType: accesscontextmanager.EgressFromIdentityTypeIdentityTypeUnspecified,
SourceRestriction: accesscontextmanager.EgressFromSourceRestrictionSourceRestrictionUnspecified,
Sources: accesscontextmanager.EgressSourceArray{
&accesscontextmanager.EgressSourceArgs{
AccessLevel: pulumi.String("string"),
},
},
},
EgressTo: &accesscontextmanager.EgressToArgs{
ExternalResources: pulumi.StringArray{
pulumi.String("string"),
},
Operations: accesscontextmanager.ApiOperationArray{
&accesscontextmanager.ApiOperationArgs{
MethodSelectors: accesscontextmanager.MethodSelectorArray{
&accesscontextmanager.MethodSelectorArgs{
Method: pulumi.String("string"),
Permission: pulumi.String("string"),
},
},
ServiceName: pulumi.String("string"),
},
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
IngressPolicies: accesscontextmanager.IngressPolicyArray{
&accesscontextmanager.IngressPolicyArgs{
IngressFrom: &accesscontextmanager.IngressFromArgs{
Identities: pulumi.StringArray{
pulumi.String("string"),
},
IdentityType: accesscontextmanager.IngressFromIdentityTypeIdentityTypeUnspecified,
Sources: accesscontextmanager.IngressSourceArray{
&accesscontextmanager.IngressSourceArgs{
AccessLevel: pulumi.String("string"),
Resource: pulumi.String("string"),
},
},
},
IngressTo: &accesscontextmanager.IngressToArgs{
Operations: accesscontextmanager.ApiOperationArray{
&accesscontextmanager.ApiOperationArgs{
MethodSelectors: accesscontextmanager.MethodSelectorArray{
&accesscontextmanager.MethodSelectorArgs{
Method: pulumi.String("string"),
Permission: pulumi.String("string"),
},
},
ServiceName: pulumi.String("string"),
},
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
RestrictedServices: pulumi.StringArray{
pulumi.String("string"),
},
VpcAccessibleServices: &accesscontextmanager.VpcAccessibleServicesArgs{
AllowedServices: pulumi.StringArray{
pulumi.String("string"),
},
EnableRestriction: pulumi.Bool(false),
},
},
Title: pulumi.String("string"),
UseExplicitDryRunSpec: pulumi.Bool(false),
})
var servicePerimeterResource = new ServicePerimeter("servicePerimeterResource", ServicePerimeterArgs.builder()
.accessPolicyId("string")
.description("string")
.name("string")
.perimeterType("PERIMETER_TYPE_REGULAR")
.spec(ServicePerimeterConfigArgs.builder()
.accessLevels("string")
.egressPolicies(EgressPolicyArgs.builder()
.egressFrom(EgressFromArgs.builder()
.identities("string")
.identityType("IDENTITY_TYPE_UNSPECIFIED")
.sourceRestriction("SOURCE_RESTRICTION_UNSPECIFIED")
.sources(EgressSourceArgs.builder()
.accessLevel("string")
.build())
.build())
.egressTo(EgressToArgs.builder()
.externalResources("string")
.operations(ApiOperationArgs.builder()
.methodSelectors(MethodSelectorArgs.builder()
.method("string")
.permission("string")
.build())
.serviceName("string")
.build())
.resources("string")
.build())
.build())
.ingressPolicies(IngressPolicyArgs.builder()
.ingressFrom(IngressFromArgs.builder()
.identities("string")
.identityType("IDENTITY_TYPE_UNSPECIFIED")
.sources(IngressSourceArgs.builder()
.accessLevel("string")
.resource("string")
.build())
.build())
.ingressTo(IngressToArgs.builder()
.operations(ApiOperationArgs.builder()
.methodSelectors(MethodSelectorArgs.builder()
.method("string")
.permission("string")
.build())
.serviceName("string")
.build())
.resources("string")
.build())
.build())
.resources("string")
.restrictedServices("string")
.vpcAccessibleServices(VpcAccessibleServicesArgs.builder()
.allowedServices("string")
.enableRestriction(false)
.build())
.build())
.title("string")
.useExplicitDryRunSpec(false)
.build());
service_perimeter_resource = google_native.accesscontextmanager.v1.ServicePerimeter("servicePerimeterResource",
access_policy_id="string",
description="string",
name="string",
perimeter_type=google_native.accesscontextmanager.v1.ServicePerimeterPerimeterType.PERIMETER_TYPE_REGULAR,
spec={
"access_levels": ["string"],
"egress_policies": [{
"egress_from": {
"identities": ["string"],
"identity_type": google_native.accesscontextmanager.v1.EgressFromIdentityType.IDENTITY_TYPE_UNSPECIFIED,
"source_restriction": google_native.accesscontextmanager.v1.EgressFromSourceRestriction.SOURCE_RESTRICTION_UNSPECIFIED,
"sources": [{
"access_level": "string",
}],
},
"egress_to": {
"external_resources": ["string"],
"operations": [{
"method_selectors": [{
"method": "string",
"permission": "string",
}],
"service_name": "string",
}],
"resources": ["string"],
},
}],
"ingress_policies": [{
"ingress_from": {
"identities": ["string"],
"identity_type": google_native.accesscontextmanager.v1.IngressFromIdentityType.IDENTITY_TYPE_UNSPECIFIED,
"sources": [{
"access_level": "string",
"resource": "string",
}],
},
"ingress_to": {
"operations": [{
"method_selectors": [{
"method": "string",
"permission": "string",
}],
"service_name": "string",
}],
"resources": ["string"],
},
}],
"resources": ["string"],
"restricted_services": ["string"],
"vpc_accessible_services": {
"allowed_services": ["string"],
"enable_restriction": False,
},
},
title="string",
use_explicit_dry_run_spec=False)
const servicePerimeterResource = new google_native.accesscontextmanager.v1.ServicePerimeter("servicePerimeterResource", {
accessPolicyId: "string",
description: "string",
name: "string",
perimeterType: google_native.accesscontextmanager.v1.ServicePerimeterPerimeterType.PerimeterTypeRegular,
spec: {
accessLevels: ["string"],
egressPolicies: [{
egressFrom: {
identities: ["string"],
identityType: google_native.accesscontextmanager.v1.EgressFromIdentityType.IdentityTypeUnspecified,
sourceRestriction: google_native.accesscontextmanager.v1.EgressFromSourceRestriction.SourceRestrictionUnspecified,
sources: [{
accessLevel: "string",
}],
},
egressTo: {
externalResources: ["string"],
operations: [{
methodSelectors: [{
method: "string",
permission: "string",
}],
serviceName: "string",
}],
resources: ["string"],
},
}],
ingressPolicies: [{
ingressFrom: {
identities: ["string"],
identityType: google_native.accesscontextmanager.v1.IngressFromIdentityType.IdentityTypeUnspecified,
sources: [{
accessLevel: "string",
resource: "string",
}],
},
ingressTo: {
operations: [{
methodSelectors: [{
method: "string",
permission: "string",
}],
serviceName: "string",
}],
resources: ["string"],
},
}],
resources: ["string"],
restrictedServices: ["string"],
vpcAccessibleServices: {
allowedServices: ["string"],
enableRestriction: false,
},
},
title: "string",
useExplicitDryRunSpec: false,
});
type: google-native:accesscontextmanager/v1:ServicePerimeter
properties:
accessPolicyId: string
description: string
name: string
perimeterType: PERIMETER_TYPE_REGULAR
spec:
accessLevels:
- string
egressPolicies:
- egressFrom:
identities:
- string
identityType: IDENTITY_TYPE_UNSPECIFIED
sourceRestriction: SOURCE_RESTRICTION_UNSPECIFIED
sources:
- accessLevel: string
egressTo:
externalResources:
- string
operations:
- methodSelectors:
- method: string
permission: string
serviceName: string
resources:
- string
ingressPolicies:
- ingressFrom:
identities:
- string
identityType: IDENTITY_TYPE_UNSPECIFIED
sources:
- accessLevel: string
resource: string
ingressTo:
operations:
- methodSelectors:
- method: string
permission: string
serviceName: string
resources:
- string
resources:
- string
restrictedServices:
- string
vpcAccessibleServices:
allowedServices:
- string
enableRestriction: false
title: string
useExplicitDryRunSpec: false
ServicePerimeter Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServicePerimeter resource accepts the following input properties:
- Access
Policy stringId - Description string
- Description of the
ServicePerimeter
and its use. Does not affect behavior. - Name string
- Resource name for the
ServicePerimeter
. Format:accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}
. Theservice_perimeter
component must begin with a letter, followed by alphanumeric characters or_
. After you create aServicePerimeter
, you cannot change itsname
. - Perimeter
Type Pulumi.Google Native. Access Context Manager. V1. Service Perimeter Perimeter Type - Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
- Spec
Pulumi.
Google Native. Access Context Manager. V1. Inputs. Service Perimeter Config - Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
- Title string
- Human readable title. Must be unique within the Policy.
- Use
Explicit boolDry Run Spec - Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
- Access
Policy stringId - Description string
- Description of the
ServicePerimeter
and its use. Does not affect behavior. - Name string
- Resource name for the
ServicePerimeter
. Format:accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}
. Theservice_perimeter
component must begin with a letter, followed by alphanumeric characters or_
. After you create aServicePerimeter
, you cannot change itsname
. - Perimeter
Type ServicePerimeter Perimeter Type - Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
- Spec
Service
Perimeter Config Args - Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
- Title string
- Human readable title. Must be unique within the Policy.
- Use
Explicit boolDry Run Spec - Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
- access
Policy StringId - description String
- Description of the
ServicePerimeter
and its use. Does not affect behavior. - name String
- Resource name for the
ServicePerimeter
. Format:accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}
. Theservice_perimeter
component must begin with a letter, followed by alphanumeric characters or_
. After you create aServicePerimeter
, you cannot change itsname
. - perimeter
Type ServicePerimeter Perimeter Type - Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
- spec
Service
Perimeter Config - Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
- title String
- Human readable title. Must be unique within the Policy.
- use
Explicit BooleanDry Run Spec - Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
- access
Policy stringId - description string
- Description of the
ServicePerimeter
and its use. Does not affect behavior. - name string
- Resource name for the
ServicePerimeter
. Format:accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}
. Theservice_perimeter
component must begin with a letter, followed by alphanumeric characters or_
. After you create aServicePerimeter
, you cannot change itsname
. - perimeter
Type ServicePerimeter Perimeter Type - Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
- spec
Service
Perimeter Config - Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
- title string
- Human readable title. Must be unique within the Policy.
- use
Explicit booleanDry Run Spec - Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
- access_
policy_ strid - description str
- Description of the
ServicePerimeter
and its use. Does not affect behavior. - name str
- Resource name for the
ServicePerimeter
. Format:accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}
. Theservice_perimeter
component must begin with a letter, followed by alphanumeric characters or_
. After you create aServicePerimeter
, you cannot change itsname
. - perimeter_
type ServicePerimeter Perimeter Type - Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
- spec
Service
Perimeter Config Args - Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
- title str
- Human readable title. Must be unique within the Policy.
- use_
explicit_ booldry_ run_ spec - Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
- access
Policy StringId - description String
- Description of the
ServicePerimeter
and its use. Does not affect behavior. - name String
- Resource name for the
ServicePerimeter
. Format:accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}
. Theservice_perimeter
component must begin with a letter, followed by alphanumeric characters or_
. After you create aServicePerimeter
, you cannot change itsname
. - perimeter
Type "PERIMETER_TYPE_REGULAR" | "PERIMETER_TYPE_BRIDGE" - Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
- spec Property Map
- Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the "use_explicit_dry_run_spec" flag is set.
- title String
- Human readable title. Must be unique within the Policy.
- use
Explicit BooleanDry Run Spec - Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServicePerimeter resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Status
Pulumi.
Google Native. Access Context Manager. V1. Outputs. Service Perimeter Config Response - Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
- Id string
- The provider-assigned unique ID for this managed resource.
- Status
Service
Perimeter Config Response - Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
- id String
- The provider-assigned unique ID for this managed resource.
- status
Service
Perimeter Config Response - Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
- id string
- The provider-assigned unique ID for this managed resource.
- status
Service
Perimeter Config Response - Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
- id str
- The provider-assigned unique ID for this managed resource.
- status
Service
Perimeter Config Response - Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
- id String
- The provider-assigned unique ID for this managed resource.
- status Property Map
- Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries.
Supporting Types
ApiOperation, ApiOperationArgs
- Method
Selectors List<Pulumi.Google Native. Access Context Manager. V1. Inputs. Method Selector> - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - Service
Name string - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- Method
Selectors []MethodSelector - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - Service
Name string - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- method
Selectors List<MethodSelector> - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - service
Name String - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- method
Selectors MethodSelector[] - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - service
Name string - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- method_
selectors Sequence[MethodSelector] - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - service_
name str - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- method
Selectors List<Property Map> - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - service
Name String - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
ApiOperationResponse, ApiOperationResponseArgs
- Method
Selectors List<Pulumi.Google Native. Access Context Manager. V1. Inputs. Method Selector Response> - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - Service
Name string - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- Method
Selectors []MethodSelector Response - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - Service
Name string - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- method
Selectors List<MethodSelector Response> - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - service
Name String - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- method
Selectors MethodSelector Response[] - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - service
Name string - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- method_
selectors Sequence[MethodSelector Response] - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - service_
name str - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
- method
Selectors List<Property Map> - API methods or permissions to allow. Method or permission must belong to the service specified by
service_name
field. A single MethodSelector entry with*
specified for themethod
field will allow all methods AND permissions for the service specified inservice_name
. - service
Name String - The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with
service_name
field set to*
will allow all methods AND permissions for all services.
EgressFrom, EgressFromArgs
- Identities List<string>
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type Pulumi.Google Native. Access Context Manager. V1. Egress From Identity Type - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - Source
Restriction Pulumi.Google Native. Access Context Manager. V1. Egress From Source Restriction - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - Sources
List<Pulumi.
Google Native. Access Context Manager. V1. Inputs. Egress Source> - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- Identities []string
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type EgressFrom Identity Type - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - Source
Restriction EgressFrom Source Restriction - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - Sources
[]Egress
Source - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- identities List<String>
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type EgressFrom Identity Type - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - source
Restriction EgressFrom Source Restriction - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - sources
List<Egress
Source> - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- identities string[]
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type EgressFrom Identity Type - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - source
Restriction EgressFrom Source Restriction - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - sources
Egress
Source[] - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- identities Sequence[str]
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- identity_
type EgressFrom Identity Type - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - source_
restriction EgressFrom Source Restriction - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - sources
Sequence[Egress
Source] - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- identities List<String>
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type "IDENTITY_TYPE_UNSPECIFIED" | "ANY_IDENTITY" | "ANY_USER_ACCOUNT" | "ANY_SERVICE_ACCOUNT" - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - source
Restriction "SOURCE_RESTRICTION_UNSPECIFIED" | "SOURCE_RESTRICTION_ENABLED" | "SOURCE_RESTRICTION_DISABLED" - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - sources List<Property Map>
- Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
EgressFromIdentityType, EgressFromIdentityTypeArgs
- Identity
Type Unspecified - IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- Any
Identity - ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- Any
User Account - ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- Any
Service Account - ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- Egress
From Identity Type Identity Type Unspecified - IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- Egress
From Identity Type Any Identity - ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- Egress
From Identity Type Any User Account - ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- Egress
From Identity Type Any Service Account - ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- Identity
Type Unspecified - IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- Any
Identity - ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- Any
User Account - ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- Any
Service Account - ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- Identity
Type Unspecified - IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- Any
Identity - ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- Any
User Account - ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- Any
Service Account - ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- IDENTITY_TYPE_UNSPECIFIED
- IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- ANY_IDENTITY
- ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- ANY_USER_ACCOUNT
- ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- ANY_SERVICE_ACCOUNT
- ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- "IDENTITY_TYPE_UNSPECIFIED"
- IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- "ANY_IDENTITY"
- ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- "ANY_USER_ACCOUNT"
- ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- "ANY_SERVICE_ACCOUNT"
- ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
EgressFromResponse, EgressFromResponseArgs
- Identities List<string>
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type string - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - Source
Restriction string - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - Sources
List<Pulumi.
Google Native. Access Context Manager. V1. Inputs. Egress Source Response> - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- Identities []string
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type string - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - Source
Restriction string - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - Sources
[]Egress
Source Response - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- identities List<String>
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type String - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - source
Restriction String - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - sources
List<Egress
Source Response> - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- identities string[]
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type string - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - source
Restriction string - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - sources
Egress
Source Response[] - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- identities Sequence[str]
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- identity_
type str - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - source_
restriction str - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - sources
Sequence[Egress
Source Response] - Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
- identities List<String>
- A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type String - Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - source
Restriction String - Whether to enforce traffic restrictions based on
sources
field. If thesources
fields is non-empty, then this field must be set toSOURCE_RESTRICTION_ENABLED
. - sources List<Property Map>
- Sources that this EgressPolicy authorizes access from. If this field is not empty, then
source_restriction
must be set toSOURCE_RESTRICTION_ENABLED
.
EgressFromSourceRestriction, EgressFromSourceRestrictionArgs
- Source
Restriction Unspecified - SOURCE_RESTRICTION_UNSPECIFIEDEnforcement preference unspecified, will not enforce traffic restrictions based on
sources
in EgressFrom. - Source
Restriction Enabled - SOURCE_RESTRICTION_ENABLEDEnforcement preference enabled, traffic restrictions will be enforced based on
sources
in EgressFrom. - Source
Restriction Disabled - SOURCE_RESTRICTION_DISABLEDEnforcement preference disabled, will not enforce traffic restrictions based on
sources
in EgressFrom.
- Egress
From Source Restriction Source Restriction Unspecified - SOURCE_RESTRICTION_UNSPECIFIEDEnforcement preference unspecified, will not enforce traffic restrictions based on
sources
in EgressFrom. - Egress
From Source Restriction Source Restriction Enabled - SOURCE_RESTRICTION_ENABLEDEnforcement preference enabled, traffic restrictions will be enforced based on
sources
in EgressFrom. - Egress
From Source Restriction Source Restriction Disabled - SOURCE_RESTRICTION_DISABLEDEnforcement preference disabled, will not enforce traffic restrictions based on
sources
in EgressFrom.
- Source
Restriction Unspecified - SOURCE_RESTRICTION_UNSPECIFIEDEnforcement preference unspecified, will not enforce traffic restrictions based on
sources
in EgressFrom. - Source
Restriction Enabled - SOURCE_RESTRICTION_ENABLEDEnforcement preference enabled, traffic restrictions will be enforced based on
sources
in EgressFrom. - Source
Restriction Disabled - SOURCE_RESTRICTION_DISABLEDEnforcement preference disabled, will not enforce traffic restrictions based on
sources
in EgressFrom.
- Source
Restriction Unspecified - SOURCE_RESTRICTION_UNSPECIFIEDEnforcement preference unspecified, will not enforce traffic restrictions based on
sources
in EgressFrom. - Source
Restriction Enabled - SOURCE_RESTRICTION_ENABLEDEnforcement preference enabled, traffic restrictions will be enforced based on
sources
in EgressFrom. - Source
Restriction Disabled - SOURCE_RESTRICTION_DISABLEDEnforcement preference disabled, will not enforce traffic restrictions based on
sources
in EgressFrom.
- SOURCE_RESTRICTION_UNSPECIFIED
- SOURCE_RESTRICTION_UNSPECIFIEDEnforcement preference unspecified, will not enforce traffic restrictions based on
sources
in EgressFrom. - SOURCE_RESTRICTION_ENABLED
- SOURCE_RESTRICTION_ENABLEDEnforcement preference enabled, traffic restrictions will be enforced based on
sources
in EgressFrom. - SOURCE_RESTRICTION_DISABLED
- SOURCE_RESTRICTION_DISABLEDEnforcement preference disabled, will not enforce traffic restrictions based on
sources
in EgressFrom.
- "SOURCE_RESTRICTION_UNSPECIFIED"
- SOURCE_RESTRICTION_UNSPECIFIEDEnforcement preference unspecified, will not enforce traffic restrictions based on
sources
in EgressFrom. - "SOURCE_RESTRICTION_ENABLED"
- SOURCE_RESTRICTION_ENABLEDEnforcement preference enabled, traffic restrictions will be enforced based on
sources
in EgressFrom. - "SOURCE_RESTRICTION_DISABLED"
- SOURCE_RESTRICTION_DISABLEDEnforcement preference disabled, will not enforce traffic restrictions based on
sources
in EgressFrom.
EgressPolicy, EgressPolicyArgs
- Egress
From Pulumi.Google Native. Access Context Manager. V1. Inputs. Egress From - Defines conditions on the source of a request causing this EgressPolicy to apply.
- Egress
To Pulumi.Google Native. Access Context Manager. V1. Inputs. Egress To - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- Egress
From EgressFrom - Defines conditions on the source of a request causing this EgressPolicy to apply.
- Egress
To EgressTo - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- egress
From EgressFrom - Defines conditions on the source of a request causing this EgressPolicy to apply.
- egress
To EgressTo - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- egress
From EgressFrom - Defines conditions on the source of a request causing this EgressPolicy to apply.
- egress
To EgressTo - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- egress_
from EgressFrom - Defines conditions on the source of a request causing this EgressPolicy to apply.
- egress_
to EgressTo - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- egress
From Property Map - Defines conditions on the source of a request causing this EgressPolicy to apply.
- egress
To Property Map - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
EgressPolicyResponse, EgressPolicyResponseArgs
- Egress
From Pulumi.Google Native. Access Context Manager. V1. Inputs. Egress From Response - Defines conditions on the source of a request causing this EgressPolicy to apply.
- Egress
To Pulumi.Google Native. Access Context Manager. V1. Inputs. Egress To Response - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- Egress
From EgressFrom Response - Defines conditions on the source of a request causing this EgressPolicy to apply.
- Egress
To EgressTo Response - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- egress
From EgressFrom Response - Defines conditions on the source of a request causing this EgressPolicy to apply.
- egress
To EgressTo Response - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- egress
From EgressFrom Response - Defines conditions on the source of a request causing this EgressPolicy to apply.
- egress
To EgressTo Response - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- egress_
from EgressFrom Response - Defines conditions on the source of a request causing this EgressPolicy to apply.
- egress_
to EgressTo Response - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- egress
From Property Map - Defines conditions on the source of a request causing this EgressPolicy to apply.
- egress
To Property Map - Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
EgressSource, EgressSourceArgs
- Access
Level string - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- Access
Level string - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- access
Level String - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- access
Level string - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- access_
level str - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- access
Level String - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
EgressSourceResponse, EgressSourceResponseArgs
- Access
Level string - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- Access
Level string - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- access
Level String - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- access
Level string - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- access_
level str - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
- access
Level String - An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all EgressSources will be allowed.
EgressTo, EgressToArgs
- External
Resources List<string> - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- Operations
List<Pulumi.
Google Native. Access Context Manager. V1. Inputs. Api Operation> - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- Resources List<string>
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- External
Resources []string - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- Operations
[]Api
Operation - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- Resources []string
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- external
Resources List<String> - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- operations
List<Api
Operation> - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- resources List<String>
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- external
Resources string[] - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- operations
Api
Operation[] - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- resources string[]
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- external_
resources Sequence[str] - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- operations
Sequence[Api
Operation] - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- resources Sequence[str]
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- external
Resources List<String> - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- operations List<Property Map>
- A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- resources List<String>
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
EgressToResponse, EgressToResponseArgs
- External
Resources List<string> - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- Operations
List<Pulumi.
Google Native. Access Context Manager. V1. Inputs. Api Operation Response> - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- Resources List<string>
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- External
Resources []string - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- Operations
[]Api
Operation Response - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- Resources []string
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- external
Resources List<String> - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- operations
List<Api
Operation Response> - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- resources List<String>
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- external
Resources string[] - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- operations
Api
Operation Response[] - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- resources string[]
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- external_
resources Sequence[str] - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- operations
Sequence[Api
Operation Response] - A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- resources Sequence[str]
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
- external
Resources List<String> - A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- operations List<Property Map>
- A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
- resources List<String>
- A list of resources, currently only projects in the form
projects/
, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If*
is specified forresources
, then this EgressTo rule will authorize access to all resources outside the perimeter.
IngressFrom, IngressFromArgs
- Identities List<string>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type Pulumi.Google Native. Access Context Manager. V1. Ingress From Identity Type - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - Sources
List<Pulumi.
Google Native. Access Context Manager. V1. Inputs. Ingress Source> - Sources that this IngressPolicy authorizes access from.
- Identities []string
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type IngressFrom Identity Type - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - Sources
[]Ingress
Source - Sources that this IngressPolicy authorizes access from.
- identities List<String>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type IngressFrom Identity Type - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - sources
List<Ingress
Source> - Sources that this IngressPolicy authorizes access from.
- identities string[]
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type IngressFrom Identity Type - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - sources
Ingress
Source[] - Sources that this IngressPolicy authorizes access from.
- identities Sequence[str]
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity_
type IngressFrom Identity Type - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - sources
Sequence[Ingress
Source] - Sources that this IngressPolicy authorizes access from.
- identities List<String>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type "IDENTITY_TYPE_UNSPECIFIED" | "ANY_IDENTITY" | "ANY_USER_ACCOUNT" | "ANY_SERVICE_ACCOUNT" - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - sources List<Property Map>
- Sources that this IngressPolicy authorizes access from.
IngressFromIdentityType, IngressFromIdentityTypeArgs
- Identity
Type Unspecified - IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- Any
Identity - ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- Any
User Account - ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- Any
Service Account - ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- Ingress
From Identity Type Identity Type Unspecified - IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- Ingress
From Identity Type Any Identity - ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- Ingress
From Identity Type Any User Account - ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- Ingress
From Identity Type Any Service Account - ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- Identity
Type Unspecified - IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- Any
Identity - ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- Any
User Account - ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- Any
Service Account - ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- Identity
Type Unspecified - IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- Any
Identity - ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- Any
User Account - ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- Any
Service Account - ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- IDENTITY_TYPE_UNSPECIFIED
- IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- ANY_IDENTITY
- ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- ANY_USER_ACCOUNT
- ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- ANY_SERVICE_ACCOUNT
- ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
- "IDENTITY_TYPE_UNSPECIFIED"
- IDENTITY_TYPE_UNSPECIFIEDNo blanket identity group specified.
- "ANY_IDENTITY"
- ANY_IDENTITYAuthorize access from all identities outside the perimeter.
- "ANY_USER_ACCOUNT"
- ANY_USER_ACCOUNTAuthorize access from all human users outside the perimeter.
- "ANY_SERVICE_ACCOUNT"
- ANY_SERVICE_ACCOUNTAuthorize access from all service accounts outside the perimeter.
IngressFromResponse, IngressFromResponseArgs
- Identities List<string>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type string - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - Sources
List<Pulumi.
Google Native. Access Context Manager. V1. Inputs. Ingress Source Response> - Sources that this IngressPolicy authorizes access from.
- Identities []string
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- Identity
Type string - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - Sources
[]Ingress
Source Response - Sources that this IngressPolicy authorizes access from.
- identities List<String>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type String - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - sources
List<Ingress
Source Response> - Sources that this IngressPolicy authorizes access from.
- identities string[]
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type string - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - sources
Ingress
Source Response[] - Sources that this IngressPolicy authorizes access from.
- identities Sequence[str]
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity_
type str - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - sources
Sequence[Ingress
Source Response] - Sources that this IngressPolicy authorizes access from.
- identities List<String>
- A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
- identity
Type String - Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of
identities
field will be allowed access. - sources List<Property Map>
- Sources that this IngressPolicy authorizes access from.
IngressPolicy, IngressPolicyArgs
- Ingress
From Pulumi.Google Native. Access Context Manager. V1. Inputs. Ingress From - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- Ingress
To Pulumi.Google Native. Access Context Manager. V1. Inputs. Ingress To - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- Ingress
From IngressFrom - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- Ingress
To IngressTo - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- ingress
From IngressFrom - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- ingress
To IngressTo - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- ingress
From IngressFrom - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- ingress
To IngressTo - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- ingress_
from IngressFrom - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- ingress_
to IngressTo - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- ingress
From Property Map - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- ingress
To Property Map - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
IngressPolicyResponse, IngressPolicyResponseArgs
- Ingress
From Pulumi.Google Native. Access Context Manager. V1. Inputs. Ingress From Response - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- Ingress
To Pulumi.Google Native. Access Context Manager. V1. Inputs. Ingress To Response - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- Ingress
From IngressFrom Response - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- Ingress
To IngressTo Response - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- ingress
From IngressFrom Response - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- ingress
To IngressTo Response - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- ingress
From IngressFrom Response - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- ingress
To IngressTo Response - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- ingress_
from IngressFrom Response - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- ingress_
to IngressTo Response - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- ingress
From Property Map - Defines the conditions on the source of a request causing this IngressPolicy to apply.
- ingress
To Property Map - Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
IngressSource, IngressSourceArgs
- Access
Level string - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - Resource string
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- Access
Level string - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - Resource string
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level String - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - resource String
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level string - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - resource string
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access_
level str - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - resource str
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level String - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - resource String
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
IngressSourceResponse, IngressSourceResponseArgs
- Access
Level string - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - Resource string
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- Access
Level string - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - Resource string
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level String - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - resource String
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level string - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - resource string
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access_
level str - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - resource str
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
- access
Level String - An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:
accessPolicies/MY_POLICY/accessLevels/MY_LEVEL
. If a single*
is specified foraccess_level
, then all IngressSources will be allowed. - resource String
- A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in.*
is not allowed, the case of allowing all Google Cloud resources only is not supported.
IngressTo, IngressToArgs
- Operations
List<Pulumi.
Google Native. Access Context Manager. V1. Inputs. Api Operation> - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- Resources List<string>
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- Operations
[]Api
Operation - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- Resources []string
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- operations
List<Api
Operation> - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- resources List<String>
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- operations
Api
Operation[] - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- resources string[]
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- operations
Sequence[Api
Operation] - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- resources Sequence[str]
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- operations List<Property Map>
- A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- resources List<String>
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
IngressToResponse, IngressToResponseArgs
- Operations
List<Pulumi.
Google Native. Access Context Manager. V1. Inputs. Api Operation Response> - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- Resources List<string>
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- Operations
[]Api
Operation Response - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- Resources []string
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- operations
List<Api
Operation Response> - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- resources List<String>
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- operations
Api
Operation Response[] - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- resources string[]
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- operations
Sequence[Api
Operation Response] - A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- resources Sequence[str]
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
- operations List<Property Map>
- A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
- resources List<String>
- A list of resources, currently only projects in the form
projects/
, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single*
is specified, then access to all resources inside the perimeter are allowed.
MethodSelector, MethodSelectorArgs
- Method string
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - Permission string
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- Method string
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - Permission string
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- method String
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission String
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- method string
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission string
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- method str
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission str
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- method String
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission String
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
MethodSelectorResponse, MethodSelectorResponseArgs
- Method string
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - Permission string
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- Method string
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - Permission string
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- method String
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission String
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- method string
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission string
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- method str
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission str
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
- method String
- Value for
method
should be a valid method name for the correspondingservice_name
in ApiOperation. If*
used as value formethod
, then ALL methods and permissions are allowed. - permission String
- Value for
permission
should be a valid Cloud IAM permission for the correspondingservice_name
in ApiOperation.
ServicePerimeterConfig, ServicePerimeterConfigArgs
- Access
Levels List<string> - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - Egress
Policies List<Pulumi.Google Native. Access Context Manager. V1. Inputs. Egress Policy> - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- Ingress
Policies List<Pulumi.Google Native. Access Context Manager. V1. Inputs. Ingress Policy> - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- Resources List<string>
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - Restricted
Services List<string> - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - Vpc
Accessible Pulumi.Services Google Native. Access Context Manager. V1. Inputs. Vpc Accessible Services - Configuration for APIs allowed within Perimeter.
- Access
Levels []string - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - Egress
Policies []EgressPolicy - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- Ingress
Policies []IngressPolicy - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- Resources []string
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - Restricted
Services []string - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - Vpc
Accessible VpcServices Accessible Services - Configuration for APIs allowed within Perimeter.
- access
Levels List<String> - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - egress
Policies List<EgressPolicy> - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- ingress
Policies List<IngressPolicy> - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- resources List<String>
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - restricted
Services List<String> - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - vpc
Accessible VpcServices Accessible Services - Configuration for APIs allowed within Perimeter.
- access
Levels string[] - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - egress
Policies EgressPolicy[] - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- ingress
Policies IngressPolicy[] - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- resources string[]
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - restricted
Services string[] - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - vpc
Accessible VpcServices Accessible Services - Configuration for APIs allowed within Perimeter.
- access_
levels Sequence[str] - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - egress_
policies Sequence[EgressPolicy] - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- ingress_
policies Sequence[IngressPolicy] - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- resources Sequence[str]
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - restricted_
services Sequence[str] - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - vpc_
accessible_ Vpcservices Accessible Services - Configuration for APIs allowed within Perimeter.
- access
Levels List<String> - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - egress
Policies List<Property Map> - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- ingress
Policies List<Property Map> - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- resources List<String>
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - restricted
Services List<String> - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - vpc
Accessible Property MapServices - Configuration for APIs allowed within Perimeter.
ServicePerimeterConfigResponse, ServicePerimeterConfigResponseArgs
- Access
Levels List<string> - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - Egress
Policies List<Pulumi.Google Native. Access Context Manager. V1. Inputs. Egress Policy Response> - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- Ingress
Policies List<Pulumi.Google Native. Access Context Manager. V1. Inputs. Ingress Policy Response> - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- Resources List<string>
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - Restricted
Services List<string> - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - Vpc
Accessible Pulumi.Services Google Native. Access Context Manager. V1. Inputs. Vpc Accessible Services Response - Configuration for APIs allowed within Perimeter.
- Access
Levels []string - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - Egress
Policies []EgressPolicy Response - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- Ingress
Policies []IngressPolicy Response - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- Resources []string
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - Restricted
Services []string - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - Vpc
Accessible VpcServices Accessible Services Response - Configuration for APIs allowed within Perimeter.
- access
Levels List<String> - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - egress
Policies List<EgressPolicy Response> - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- ingress
Policies List<IngressPolicy Response> - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- resources List<String>
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - restricted
Services List<String> - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - vpc
Accessible VpcServices Accessible Services Response - Configuration for APIs allowed within Perimeter.
- access
Levels string[] - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - egress
Policies EgressPolicy Response[] - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- ingress
Policies IngressPolicy Response[] - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- resources string[]
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - restricted
Services string[] - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - vpc
Accessible VpcServices Accessible Services Response - Configuration for APIs allowed within Perimeter.
- access_
levels Sequence[str] - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - egress_
policies Sequence[EgressPolicy Response] - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- ingress_
policies Sequence[IngressPolicy Response] - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- resources Sequence[str]
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - restricted_
services Sequence[str] - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - vpc_
accessible_ Vpcservices Accessible Services Response - Configuration for APIs allowed within Perimeter.
- access
Levels List<String> - A list of
AccessLevel
resource names that allow resources within theServicePerimeter
to be accessed from the internet.AccessLevels
listed must be in the same policy as thisServicePerimeter
. Referencing a nonexistentAccessLevel
is a syntax error. If noAccessLevel
names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"
. For Service Perimeter Bridge, must be empty. - egress
Policies List<Property Map> - List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
- ingress
Policies List<Property Map> - List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
- resources List<String>
- A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format:
projects/{project_number}
VPC network format://compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}
. - restricted
Services List<String> - Google Cloud services that are subject to the Service Perimeter restrictions. For example, if
storage.googleapis.com
is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. - vpc
Accessible Property MapServices - Configuration for APIs allowed within Perimeter.
ServicePerimeterPerimeterType, ServicePerimeterPerimeterTypeArgs
- Perimeter
Type Regular - PERIMETER_TYPE_REGULARRegular Perimeter. When no value is specified, the perimeter uses this type.
- Perimeter
Type Bridge - PERIMETER_TYPE_BRIDGEPerimeter Bridge.
- Service
Perimeter Perimeter Type Perimeter Type Regular - PERIMETER_TYPE_REGULARRegular Perimeter. When no value is specified, the perimeter uses this type.
- Service
Perimeter Perimeter Type Perimeter Type Bridge - PERIMETER_TYPE_BRIDGEPerimeter Bridge.
- Perimeter
Type Regular - PERIMETER_TYPE_REGULARRegular Perimeter. When no value is specified, the perimeter uses this type.
- Perimeter
Type Bridge - PERIMETER_TYPE_BRIDGEPerimeter Bridge.
- Perimeter
Type Regular - PERIMETER_TYPE_REGULARRegular Perimeter. When no value is specified, the perimeter uses this type.
- Perimeter
Type Bridge - PERIMETER_TYPE_BRIDGEPerimeter Bridge.
- PERIMETER_TYPE_REGULAR
- PERIMETER_TYPE_REGULARRegular Perimeter. When no value is specified, the perimeter uses this type.
- PERIMETER_TYPE_BRIDGE
- PERIMETER_TYPE_BRIDGEPerimeter Bridge.
- "PERIMETER_TYPE_REGULAR"
- PERIMETER_TYPE_REGULARRegular Perimeter. When no value is specified, the perimeter uses this type.
- "PERIMETER_TYPE_BRIDGE"
- PERIMETER_TYPE_BRIDGEPerimeter Bridge.
VpcAccessibleServices, VpcAccessibleServicesArgs
- Allowed
Services List<string> - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- Enable
Restriction bool - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- Allowed
Services []string - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- Enable
Restriction bool - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- allowed
Services List<String> - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- enable
Restriction Boolean - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- allowed
Services string[] - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- enable
Restriction boolean - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- allowed_
services Sequence[str] - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- enable_
restriction bool - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- allowed
Services List<String> - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- enable
Restriction Boolean - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
VpcAccessibleServicesResponse, VpcAccessibleServicesResponseArgs
- Allowed
Services List<string> - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- Enable
Restriction bool - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- Allowed
Services []string - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- Enable
Restriction bool - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- allowed
Services List<String> - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- enable
Restriction Boolean - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- allowed
Services string[] - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- enable
Restriction boolean - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- allowed_
services Sequence[str] - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- enable_
restriction bool - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
- allowed
Services List<String> - The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
- enable
Restriction Boolean - Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.