| _key | core | string | |
| action | core | string | The action that the external access rule performs. Possible values: ['ACTION_UNSPECIFIED', 'ALLOW', 'DENY']. Values descriptions: ['Defaults to allow.', 'Allows connections that match the other specified components.', 'Blocks connections that match the other specified components.'] |
| ancestors | core | array<string> | |
| create_time | core | timestamp | Output only. Creation time of this resource. |
| datadog_display_name | core | string | |
| description | core | string | User-provided description for this external access rule. |
| destination_ip_ranges | core | json | If destination ranges are specified, the external access rule applies only to the traffic that has a destination IP address in these ranges. The specified IP addresses must have reserved external IP addresses in the scope of the parent network policy. To match all external IP addresses in the scope of the parent network policy, specify `0.0.0.0/0`. To match a specific external IP address, specify it using the `IpRange.external_address` property. |
| destination_ports | core | array<string> | A list of destination ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: `["22"]`, `["80","443"]`, or `["12345-12349"]`. To match all destination ports, specify `["0-65535"]`. |
| ip_protocol | core | string | The IP protocol to which the external access rule applies. This value can be one of the following three protocol strings (not case-sensitive): `tcp`, `udp`, or `icmp`. |
| labels | core | array<string> | |
| name | core | string | Output only. The resource name of this external access rule. Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. For example: `projects/my-project/locations/us-central1/networkPolicies/my-policy/externalAccessRules/my-rule` |
| organization_id | core | string | |
| parent | core | string | |
| priority | core | int64 | External access rule priority, which determines the external access rule to use when multiple rules apply. If multiple rules have the same priority, their ordering is non-deterministic. If specific ordering is required, assign unique priorities to enforce such ordering. The external access rule priority is an integer from 100 to 4096, both inclusive. Lower integers indicate higher precedence. For example, a rule with priority `100` has higher precedence than a rule with priority `101`. |
| project_id | core | string | |
| project_number | core | string | |
| resource_name | core | string | |
| source_ip_ranges | core | json | If source ranges are specified, the external access rule applies only to traffic that has a source IP address in these ranges. These ranges can either be expressed in the CIDR format or as an IP address. As only inbound rules are supported, `ExternalAddress` resources cannot be the source IP addresses of an external access rule. To match all source addresses, specify `0.0.0.0/0`. |
| source_ports | core | array<string> | A list of source ports to which the external access rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. For example: `["22"]`, `["80","443"]`, or `["12345-12349"]`. To match all source ports, specify `["0-65535"]`. |
| state | core | string | Output only. The state of the resource. Possible values: ['STATE_UNSPECIFIED', 'ACTIVE', 'CREATING', 'UPDATING', 'DELETING']. Values descriptions: ['The default value. This value is used if the state is omitted.', 'The rule is ready.', 'The rule is being created.', 'The rule is being updated.', 'The rule is being deleted.'] |
| tags | core | hstore | |
| uid | core | string | Output only. System-generated unique identifier for the resource. |
| update_time | core | timestamp | Output only. Last update time of this resource. |
