Reference documentation and code samples for the Access Context Manager V1 Client class ServicePerimeterConfig.
ServicePerimeterConfigspecifies a set of Google Cloud resources that
describe specific Service Perimeter configuration.
Generated from protobuf messagegoogle.identity.accesscontextmanager.v1.ServicePerimeterConfig
Namespace
Google \ Identity \ AccessContextManager \ V1
Methods
__construct
Constructor.
Parameters
Name
Description
data
array
Optional. Data for populating the Message object.
↳ resources
array
A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format:projects/{project_number}
↳ access_levels
array
A list ofAccessLevelresource names that allow resources within theServicePerimeterto be accessed from the internet.AccessLevelslisted must be in the same policy as thisServicePerimeter. Referencing a nonexistentAccessLevelis a syntax error. If noAccessLevelnames are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL". For Service Perimeter Bridge, must be empty.
↳ restricted_services
array
Google Cloud services that are subject to the Service Perimeter restrictions. For example, ifstorage.googleapis.comis specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.
List of [IngressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] to apply to the perimeter. A perimeter may have multiple [IngressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy], each of which is evaluated separately. Access is granted if any [Ingress Policy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] grants it. Must be empty for a perimeter bridge.
List of [EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to apply to the perimeter. A perimeter may have multiple [EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy], each of which is evaluated separately. Access is granted if any [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] grants it. Must be empty for a perimeter bridge.
getResources
A list of Google Cloud resources that are inside of the service perimeter.
Currently only projects are allowed. Format:projects/{project_number}
A list of Google Cloud resources that are inside of the service perimeter.
Currently only projects are allowed. Format:projects/{project_number}
Parameter
Name
Description
var
string[]
Returns
Type
Description
$this
getAccessLevels
A list ofAccessLevelresource names that allow resources within theServicePerimeterto be accessed from the internet.AccessLevelslisted
must be in the same policy as thisServicePerimeter. Referencing a
nonexistentAccessLevelis a syntax error. If noAccessLevelnames are
listed, resources within the perimeter can only be accessed via Google
Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL".
A list ofAccessLevelresource names that allow resources within theServicePerimeterto be accessed from the internet.AccessLevelslisted
must be in the same policy as thisServicePerimeter. Referencing a
nonexistentAccessLevelis a syntax error. If noAccessLevelnames are
listed, resources within the perimeter can only be accessed via Google
Cloud calls with request origins within the perimeter. Example:"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL".
For Service Perimeter Bridge, must be empty.
Parameter
Name
Description
var
string[]
Returns
Type
Description
$this
getRestrictedServices
Google Cloud services that are subject to the Service Perimeter
restrictions. For example, ifstorage.googleapis.comis specified, access
to the storage buckets inside the perimeter must meet the perimeter's
access restrictions.
Google Cloud services that are subject to the Service Perimeter
restrictions. For example, ifstorage.googleapis.comis specified, access
to the storage buckets inside the perimeter must meet the perimeter's
access restrictions.
List ofIngressPoliciesto apply to the perimeter. A perimeter may have multipleIngressPolicies,
each of which is evaluated separately. Access is granted if anyIngress
Policygrants it. Must be empty for a perimeter bridge.
List ofIngressPoliciesto apply to the perimeter. A perimeter may have multipleIngressPolicies,
each of which is evaluated separately. Access is granted if anyIngress
Policygrants it. Must be empty for a perimeter bridge.
List ofEgressPoliciesto apply to the perimeter. A perimeter may have multipleEgressPolicies,
each of which is evaluated separately. Access is granted if anyEgressPolicygrants it. Must be empty for a perimeter bridge.
List ofEgressPoliciesto apply to the perimeter. A perimeter may have multipleEgressPolicies,
each of which is evaluated separately. Access is granted if anyEgressPolicygrants it. Must be empty for a perimeter bridge.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Access Context Manager V1 Client - Class ServicePerimeterConfig (1.0.4)\n\nVersion latestkeyboard_arrow_down\n\n- [1.0.4 (latest)](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig)\n- [1.0.3](/php/docs/reference/access-context-manager/1.0.3/V1.ServicePerimeterConfig)\n- [0.5.5](/php/docs/reference/access-context-manager/0.5.5/V1.ServicePerimeterConfig)\n- [0.4.5](/php/docs/reference/access-context-manager/0.4.5/V1.ServicePerimeterConfig)\n- [0.3.5](/php/docs/reference/access-context-manager/0.3.5/V1.ServicePerimeterConfig) \nReference documentation and code samples for the Access Context Manager V1 Client class ServicePerimeterConfig.\n\n`ServicePerimeterConfig` specifies a set of Google Cloud resources that\ndescribe specific Service Perimeter configuration.\n\nGenerated from protobuf message `google.identity.accesscontextmanager.v1.ServicePerimeterConfig`\n\nNamespace\n---------\n\nGoogle \\\\ Identity \\\\ AccessContextManager \\\\ V1\n\nMethods\n-------\n\n### __construct\n\nConstructor.\n\n### getResources\n\nA list of Google Cloud resources that are inside of the service perimeter.\n\nCurrently only projects are allowed. Format: `projects/{project_number}`\n\n### setResources\n\nA list of Google Cloud resources that are inside of the service perimeter.\n\nCurrently only projects are allowed. Format: `projects/{project_number}`\n\n### getAccessLevels\n\nA list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via Google\nCloud calls with request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\n\nFor Service Perimeter Bridge, must be empty.\n\n### setAccessLevels\n\nA list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via Google\nCloud calls with request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\n\nFor Service Perimeter Bridge, must be empty.\n\n### getRestrictedServices\n\nGoogle Cloud services that are subject to the Service Perimeter\nrestrictions. For example, if `storage.googleapis.com` is specified, access\nto the storage buckets inside the perimeter must meet the perimeter's\naccess restrictions.\n\n### setRestrictedServices\n\nGoogle Cloud services that are subject to the Service Perimeter\nrestrictions. For example, if `storage.googleapis.com` is specified, access\nto the storage buckets inside the perimeter must meet the perimeter's\naccess restrictions.\n\n### getVpcAccessibleServices\n\nConfiguration for APIs allowed within Perimeter.\n\n### hasVpcAccessibleServices\n\n### clearVpcAccessibleServices\n\n### setVpcAccessibleServices\n\nConfiguration for APIs allowed within Perimeter.\n\n### getIngressPolicies\n\nList of [IngressPolicies](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.IngressPolicy)\nto apply to the perimeter. A perimeter may have multiple [IngressPolicies](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.IngressPolicy),\neach of which is evaluated separately. Access is granted if any [Ingress\nPolicy](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.IngressPolicy)\ngrants it. Must be empty for a perimeter bridge.\n\n### setIngressPolicies\n\nList of [IngressPolicies](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.IngressPolicy)\nto apply to the perimeter. A perimeter may have multiple [IngressPolicies](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.IngressPolicy),\neach of which is evaluated separately. Access is granted if any [Ingress\nPolicy](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.IngressPolicy)\ngrants it. Must be empty for a perimeter bridge.\n\n### getEgressPolicies\n\nList of [EgressPolicies](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.EgressPolicy)\nto apply to the perimeter. A perimeter may have multiple [EgressPolicies](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.EgressPolicy),\neach of which is evaluated separately. Access is granted if any\n[EgressPolicy](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.EgressPolicy)\ngrants it. Must be empty for a perimeter bridge.\n\n### setEgressPolicies\n\nList of [EgressPolicies](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.EgressPolicy)\nto apply to the perimeter. A perimeter may have multiple [EgressPolicies](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.EgressPolicy),\neach of which is evaluated separately. Access is granted if any\n[EgressPolicy](/php/docs/reference/access-context-manager/latest/V1.ServicePerimeterConfig.EgressPolicy)\ngrants it. Must be empty for a perimeter bridge."]]
