This page explains how to complete common secure gateway management tasks.
Set up your shell environment
To streamline the setup process and interact with the secure gateway APIs, define the following environment variables in your working shell.
General parameters
API="beyondcorp.googleapis.com" API_VERSION=v1 PROJECT_ID=
MY_PROJECT_IDAPPLICATION_ID=MY_APPLICATION_IDAPPLICATION_DISPLAY_NAME="MY_APPLICATION_DISPLAY_NAME" HOST_NAME=MY_HOST_NAMEReplace the following:
MY_PROJECT_ID: The ID of the project where the secure gateway is created.MY_APPLICATION_ID: The ID of your application, such asgithub. The name can be up to 63 characters, and can contain lowercase letters, numbers, and hyphens. The first character must be a letter, and the last character can be a letter or number.MY_APPLICATION_DISPLAY_NAME: The human-readable name to display.MY_HOST_NAME: The hostname of your application. For example,github.com. The hostname can be up to 253 characters long, and must adhere to one of the following formats:- A valid IPv4 address
- A valid IPv6 address
- A valid DNS name
- An asterisk (*)
- An asterisk (*) followed by a valid DNS name
Secure gateway parameters
SECURITY_GATEWAY_ID=
MY_SECURITY_GATEWAY_IDSECURITY_GATEWAY_DISPLAY_NAME="MY_SECURITY_GATEWAY_DISPLAY_NAME"Replace the following:
MY_SECURITY_GATEWAY_ID: The ID of the secure gateway. The ID can be up to 63 characters, and can contain lowercase letters, numbers, and hyphens. The first character should be a letter, and the last character can be a letter or number.MY_SECURITY_GATEWAY_DISPLAY_NAME: The human-readable name of the secure gateway. The name can be up to 63 characters long and can only contain printable characters.
Update a secure gateway
The following example shows how to update the hubs of an existing secure gateway.
gcloud
gcloud beta beyondcorp security-gateways update ${SECURITY_GATEWAY_ID} \ --project=${PROJECT_ID} \ --location=global \ --hubs=us-central1,us-east1
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -X PATCH \ -d "{ \"hubs\": {\"us-central1\": {}, \"us-east1\": {}} }" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}?update_mask=hubs"
Get a secure gateway's details
To get the details for a secure gateway, run the following command.
gcloud
gcloud beta beyondcorp security-gateways describe ${SECURITY_GATEWAY_ID} \ --project=${PROJECT_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}"
List secure gateways
To list all of the secure gateways in a project, run the following command.
gcloud
gcloud beta beyondcorp security-gateways list \ --project=${PROJECT_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways"
Delete a secure gateway
To delete a secure gateway, run the following command.
gcloud
gcloud beta beyondcorp security-gateways delete ${SECURITY_GATEWAY_ID} \ --project=${PROJECT_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -X DELETE \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}"
Update an application resource
The following example shows how to update an existing application. Allowed editable fields include the following:
display_nameendpoint_matchers
You can use update_mask to control which fields are updated.
The following example shows how to update the endpoint_matchers
field:
gcloud
gcloud beta beyondcorp security-gateways applications update ${APPLICATION_ID} \ --project=${PROJECT_ID} \ --security-gateway=${SECURITY_GATEWAY_ID} \ --location=global \ --endpoint-matchers="hostname=${HOST_NAME},ports=[443]"
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -X PATCH \ -d "{ \"endpoint_matchers\": [{hostname: \"${HOST_NAME}\", ports: [443]}] }" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}?update_mask=endpoint_matchers"
Get the details of an application resource
To get the details of an application, run the following command.
gcloud
gcloud beta beyondcorp security-gateways applications describe ${APPLICATION_ID} \ --project=${PROJECT_ID} \ --security-gateway=${SECURITY_GATEWAY_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}"
List application resources
To list all of the applications in a security gateway, run the following command.
gcloud
gcloud beta beyondcorp security-gateways applications list \ --project=${PROJECT_ID} \ --security-gateway=${SECURITY_GATEWAY_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications"
Delete an application resource
To delete an application, run the following command.
gcloud
gcloud beta beyondcorp security-gateways applications delete ${APPLICATION_ID} \ --project=${PROJECT_ID} \ --security-gateway=${SECURITY_GATEWAY_ID} \ --location=global
REST
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "Content-Type: application/json" \ -X DELETE \ "https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}"