本頁說明如何完成常見的安全閘道管理工作。
設定 Shell 環境
如要簡化設定程序並與安全閘道 API 互動,請在工作殼層中定義下列環境變數。
一般參數
API="beyondcorp.googleapis.com" API_VERSION=v1 PROJECT_ID=
MY_PROJECT_IDAPPLICATION_ID=MY_APPLICATION_IDAPPLICATION_DISPLAY_NAME="MY_APPLICATION_DISPLAY_NAME" HOST_NAME=MY_HOST_NAME更改下列內容:
MY_PROJECT_ID:安全閘道建立所在的專案 ID。MY_APPLICATION_ID:應用程式的 ID,例如github。名稱最多可包含 63 個字元,並能搭配使用小寫英文字母、數字和連字號,第一個字元必須是英文字母,最後一個字元可以是英文字母或數字。MY_APPLICATION_DISPLAY_NAME:要顯示的名稱,方便使用者辨識。MY_HOST_NAME:應用程式的主機名稱。例如:github.com。主機名稱長度上限為 253 個字元,且必須符合下列其中一種格式:- 有效的 IPv4 位址
- 有效的 IPv6 位址
- 有效的 DNS 名稱
- 星號 (*)
- 星號 (*) 後接有效的 DNS 名稱
安全閘道參數
SECURITY_GATEWAY_ID=
MY_SECURITY_GATEWAY_IDSECURITY_GATEWAY_DISPLAY_NAME="MY_SECURITY_GATEWAY_DISPLAY_NAME"更改下列內容:
MY_SECURITY_GATEWAY_ID:安全閘道的 ID。ID 最多可包含 63 個字元,且只能包含小寫英文字母、數字和連字號。開頭須為英文字母,結尾可以是英文字母或數字。MY_SECURITY_GATEWAY_DISPLAY_NAME:安全閘道清楚易懂的名稱。名稱長度上限為 63 個字元,且只能包含可列印的字元。
更新安全閘道
以下範例說明如何更新現有安全閘道的中心。
gcloud
gcloud beta beyondcorp security-gateways update ${SECURITY_GATEWAY_ID} \ --project=${PROJECT_ID} \ --location=global \ --hubs=us-central1,us-east1
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -X PATCH \ -d "{ \"hubs\": {\"us-central1\": {}, \"us-east1\": {}} }" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}?update_mask=hubs"
取得安全閘道的詳細資料
如要取得安全閘道的詳細資料,請執行下列指令。
gcloud
gcloud beta beyondcorp security-gateways describe ${SECURITY_GATEWAY_ID} \ --project=${PROJECT_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}"
列出安全閘道
如要列出專案中的所有安全閘道,請執行下列指令。
gcloud
gcloud beta beyondcorp security-gateways list \ --project=${PROJECT_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways"
刪除安全閘道
如要刪除安全閘道,請執行下列指令。
gcloud
gcloud beta beyondcorp security-gateways delete ${SECURITY_GATEWAY_ID} \ --project=${PROJECT_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -X DELETE \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}"
更新應用程式資源
以下範例說明如何更新現有應用程式。 可編輯的欄位包括:
display_nameendpoint_matchers
您可以使用 update_mask 控制要更新的欄位。
以下範例說明如何更新 endpoint_matchers 欄位:
gcloud
gcloud beta beyondcorp security-gateways applications update ${APPLICATION_ID} \ --project=${PROJECT_ID} \ --security-gateway=${SECURITY_GATEWAY_ID} \ --location=global \ --endpoint-matchers="hostname=${HOST_NAME},ports=[443]"
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -X PATCH \ -d "{ \"endpoint_matchers\": [{hostname: \"${HOST_NAME}\", ports: [443]}] }" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}?update_mask=endpoint_matchers"
取得應用程式資源的詳細資料
如要取得應用程式的詳細資料,請執行下列指令。
gcloud
gcloud beta beyondcorp security-gateways applications describe ${APPLICATION_ID} \ --project=${PROJECT_ID} \ --security-gateway=${SECURITY_GATEWAY_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}"
列出應用程式資源
如要列出安全閘道中的所有應用程式,請執行下列指令。
gcloud
gcloud beta beyondcorp security-gateways applications list \ --project=${PROJECT_ID} \ --security-gateway=${SECURITY_GATEWAY_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications"
刪除應用程式資源
如要刪除應用程式,請執行下列指令。
gcloud
gcloud beta beyondcorp security-gateways applications delete ${APPLICATION_ID} \ --project=${PROJECT_ID} \ --security-gateway=${SECURITY_GATEWAY_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -X DELETE \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}"