service_perimeters
Creates, updates, deletes, gets or lists a service_perimeters resource.
Overview
| Name | service_perimeters |
| Type | Resource |
| Id | google.accesscontextmanager.service_perimeters |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Resource name for the ServicePerimeter. Format: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}. The service_perimeter component must begin with a letter, followed by alphanumeric characters or _. After you create a ServicePerimeter, you cannot change its name. |
description | string | Description of the ServicePerimeter and its use. Does not affect behavior. |
perimeterType | string | Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty. |
spec | object | ServicePerimeterConfig specifies a set of Google Cloud resources that describe specific Service Perimeter configuration. |
status | object | ServicePerimeterConfig specifies a set of Google Cloud resources that describe specific Service Perimeter configuration. |
title | string | Human readable title. Must be unique within the Policy. |
useExplicitDryRunSpec | boolean | Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | accessPoliciesId, servicePerimetersId | Gets a service perimeter based on the resource name. |
list | SELECT | accessPoliciesId | Lists all service perimeters for an access policy. |
create | INSERT | accessPoliciesId | Creates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered. |
delete | DELETE | accessPoliciesId, servicePerimetersId | Deletes a service perimeter based on the resource name. The long-running operation from this RPC has a successful status after the service perimeter is removed from long-lasting storage. |
patch | UPDATE | accessPoliciesId, servicePerimetersId | Updates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered. |
replace_all | REPLACE | accessPoliciesId | Replace all existing service perimeters in an access policy with the service perimeters provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. Replacements containing errors result in an error response for the first error encountered. Upon an error, replacement are cancelled and existing service perimeters are not affected. The Operation.response field contains ReplaceServicePerimetersResponse. |
commit | EXEC | accessPoliciesId | Commits the dry-run specification for all the service perimeters in an access policy. A commit operation on a service perimeter involves copying its spec field to the status field of the service perimeter. Only service perimeters with use_explicit_dry_run_spec field set to true are affected by a commit operation. The long-running operation from this RPC has a successful status after the dry-run specifications for all the service perimeters have been committed. If a commit fails, it causes the long-running operation to return an error response and the entire commit operation is cancelled. When successful, the Operation.response field contains CommitServicePerimetersResponse. The dry_run and the spec fields are cleared after a successful commit operation. |
SELECT examples
Lists all service perimeters for an access policy.
SELECT
name,
description,
perimeterType,
spec,
status,
title,
useExplicitDryRunSpec
FROM google.accesscontextmanager.service_perimeters
WHERE accessPoliciesId = '{{ accessPoliciesId }}';
INSERT example
Use the following StackQL query and manifest file to create a new service_perimeters resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO google.accesscontextmanager.service_perimeters (
accessPoliciesId,
name,
title,
description,
perimeterType,
status,
spec,
useExplicitDryRunSpec
)
SELECT
'{{ accessPoliciesId }}',
'{{ name }}',
'{{ title }}',
'{{ description }}',
'{{ perimeterType }}',
'{{ status }}',
'{{ spec }}',
{{ useExplicitDryRunSpec }}
;
- name: your_resource_model_name
props:
- name: name
value: string
- name: title
value: string
- name: description
value: string
- name: perimeterType
value: string
- name: status
value:
- name: resources
value:
- string
- name: accessLevels
value:
- string
- name: restrictedServices
value:
- string
- name: vpcAccessibleServices
value:
- name: enableRestriction
value: boolean
- name: allowedServices
value:
- string
- name: ingressPolicies
value:
- - name: ingressFrom
value:
- name: sources
value:
- - name: accessLevel
value: string
- name: resource
value: string
- name: identities
value:
- string
- name: identityType
value: string
- name: ingressTo
value:
- name: operations
value:
- - name: serviceName
value: string
- name: methodSelectors
value:
- - name: method
value: string
- name: permission
value: string
- name: resources
value:
- string
- name: egressPolicies
value:
- - name: egressFrom
value:
- name: identities
value:
- string
- name: identityType
value: string
- name: sources
value:
- - name: accessLevel
value: string
- name: sourceRestriction
value: string
- name: egressTo
value:
- name: resources
value:
- string
- name: operations
value:
- - name: serviceName
value: string
- name: methodSelectors
value:
- - name: method
value: string
- name: permission
value: string
- name: externalResources
value:
- string
- name: useExplicitDryRunSpec
value: boolean
UPDATE example
Updates a service_perimeters resource.
/*+ update */
UPDATE google.accesscontextmanager.service_perimeters
SET
name = '{{ name }}',
title = '{{ title }}',
description = '{{ description }}',
perimeterType = '{{ perimeterType }}',
status = '{{ status }}',
spec = '{{ spec }}',
useExplicitDryRunSpec = true|false
WHERE
accessPoliciesId = '{{ accessPoliciesId }}'
AND servicePerimetersId = '{{ servicePerimetersId }}';
REPLACE example
Replaces all fields in the specified service_perimeters resource.
/*+ update */
REPLACE google.accesscontextmanager.service_perimeters
SET
servicePerimeters = '{{ servicePerimeters }}',
etag = '{{ etag }}'
WHERE
accessPoliciesId = '{{ accessPoliciesId }}';
DELETE example
Deletes the specified service_perimeters resource.
/*+ delete */
DELETE FROM google.accesscontextmanager.service_perimeters
WHERE accessPoliciesId = '{{ accessPoliciesId }}'
AND servicePerimetersId = '{{ servicePerimetersId }}';