Modify App Hub resources on app-enabled folders

You can list, view, update, and delete App Hub resources on an app-enabled folder using either the Google Cloud console or the Google Cloud CLI in either your terminal or Cloud Shell.

Prerequisites

Before you modify App Hub resources, complete the following tasks:

  1. Follow the prerequisites to set up App Hub.
  2. Depending on the type of resource that you'd like to modify, ensure that you have run the steps to set up App Hub. For more information, see Set up App Hub.

Required roles

To get the permissions that you need to Modify App Hub resources, ask your administrator to grant you the following IAM roles on the app-enabled folder:

  • To create and update applications, register and unregister services and workloads, and update associated attributes:
  • To view applications, services, and workloads, and their attributes: App Hub Viewer (roles/apphub.viewer)
  • To view applications, services, and workloads, and their attributes across Google Cloud services that support application management: App Hub Management Viewer (roles/apphub.appManagementViewer)

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

List applications

You can list and filter applications in an app-enabled folder.

Console

  1. To view applications in an app-enabled folder, in the Google Cloud console, go to the App Hub Applications page.

    Go to Applications

    You see a list of applications.

  2. To filter applications:

    1. In the Filter field, select a filter such as Criticality.
    2. Specify a value for the filter. For example, to display applications with high criticality, select High as the value.
      A list of applications that match the specified filter, appears.

gcloud

  1. To view applications in an app-enabled folder:

    gcloud apphub applications list \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    Replace the following:

    • MANAGEMENT_PROJECT_ID: the ID of your management project. You can find your management project ID on the Identity and Access Management (IAM) & Admin Settings page of the Google Cloud console. If you can't find the Management project ID, you might not be on an app-enabled folder. From the purview picker (or project selector), select your app-enabled folder. For more information on enabling a folder for application management, see Enable application management.
    • REGION: the region of the application. Depending on the --scope-type of the application, give this the value global or the region of the application, for example us-east1. For more information on setting the --scope-type for the application, see Create an application.

  2. To filter the applications based on variable attributes, use the --filter flag. For example, to list all applications where the environment-type attribute is set to PRODUCTION:

    gcloud apphub applications list \
    --filter='attributes.environment.type=PRODUCTION' \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

View an application

You can describe an application in an app-enabled folder.

Console

  1. In the Google Cloud console, go to the App Hub Applications page.

    Go to Applications

  2. From the list of applications, click the application you want to know the details about.

  3. Click the Details tab to display the details of the application.

gcloud

gcloud apphub applications describe APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

Replace APPLICATION_NAME with the name of your application. The name must include only lowercase alphanumeric characters without spaces.

Update an App Hub application

You can update your application's attributes after the application is created.

Console

  1. In the Google Cloud console, go to the App Hub Applications page.

    Go to Applications

  2. From the list of applications, click Edit for the application that you'd like to update.

  3. Edit fields as required.

  4. Click Save.

gcloud

  1. Update your application with the criticality-type, environment-type, and owner type attributes:

    gcloud apphub applications update APPLICATION_NAME \
    --display-name='APPLICATION_DISPLAY_NAME' \
    --criticality-type='CRITICALITY_LEVEL' \
    --environment-type='ENVIRONMENT' \
    --developer-owners=display-name=DISPLAY-NAME-DEVELOPER,email=EMAIL-DEVELOPER \
    --operator-owners=display-name=DISPLAY-NAME-OPERATOR,email=EMAIL-OPERATOR \
    --business-owners=display-name=DISPLAY-NAME-BUSINESS,email=EMAIL-BUSINESS \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    Replace the following:

    • APPLICATION_NAME: the name of your application. The name must include only lowercase alphanumeric characters without spaces.
    • REGION: the region of the application.

    You can update any of the following:

    • APPLICATION_DISPLAY_NAME: indicates the display name of the application.
    • CRITICALITY_LEVEL: indicates how critical an application, service, or workload is to your business operations. Provide one of the following values:
      • MISSION_CRITICAL
      • HIGH
      • MEDIUM
      • LOW
    • ENVIRONMENT: indicates the stages of the software lifecycle. Provide one of the following values:
      • PRODUCTION
      • STAGING
      • DEVELOPMENT
      • TEST
    • DISPLAY-NAME-DEVELOPER, DISPLAY-NAME-OPERATOR, and DISPLAY-NAME-BUSINESS: display names of the developer, operator, and business owners, respectively.
    • EMAIL-NAME-DEVELOPER, EMAIL-NAME-OPERATOR, and EMAIL-NAME-BUSINESS: email addresses of the developer, operator, and business owners, respectively. These values must have the format username@yourdomain, for example, 222larabrown@gmail.com.

    For example:

    gcloud apphub applications update my-application \
    --criticality-type='MEDIUM' \
    --environment-type='STAGING' \
    --developer-owners=display-name=developer-name,email=username@yourdomain \
    --project=google-mpf-FOLDER-ID \
    --location=us-east1

View services and workloads

You can view, list, and filter services and workloads in an application.

Console

  1. To list services and workloads:

    1. In the Google Cloud console, go to the App Hub Services and Workloads page.

      Go to Services and Workloads

    2. In the Region list, select the regions from where you'd like to view the services and workloads. For example, select us-east1.
      The Services and Workloads page displays all the services and workloads from the attached service projects associated with us-east1.

  2. To filter the services or workloads:

    1. In the Filter field, select a filter such as Environment.
    2. Specify a value for the filter. For example, to view services and workloads in production, select Production as the value.
      A list of services and workloads that match the specified filter appears.

gcloud

List discovered services

Discovered services are available to be registered to an application.

  1. To list discovered services:

    gcloud apphub discovered-services list \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    You see output similar to the following:

    ID                      SERVICE_REFERENCE                                                                                                                   SERVICE_PROPERTIES
[DISCOVERED_SERVICE_ID] {'uri': '//compute.googleapis.com/projects/[PROJECT_NUMBER]/regions/REGION/forwardingRules/testing-forwarding-rule-1'}    {'gcpProject': 'projects/PROJECT_ID', 'location': 'REGION'}

  2. Optional: Filter the list of discovered services. For example, to filter the discovered services with forwarding rules in the app-enabled folder:

    gcloud apphub discovered-services list \
    --filter='service_reference.uri~"forwardingRules"' \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

List registered services

List and filter registered App Hub services from an application.

  1. To list registered services in an application:

    gcloud apphub applications services list \
    --application=APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    You see output similar to the following:

    ID             DISPLAY_NAME            SERVICE_REFERENCE                                                                                                                CREATE_TIME
SERVICE_NAME   mywebserver-service1    {'uri': '//compute.googleapis.com/projects/[PROJECT_NUMBER]/regions/REGION/forwardingRules/testing-forwarding-rule'}   2023-11-01T21:38:08

    Registered, but detached services are denoted by a empty value in the SERVICE_REFERENCE field.

  2. Optional: Filter the list of registered services. For example, to filter the registered services in an application where the environment-type attribute is set to PRODUCTION:

    gcloud apphub applications services list \
    --filter='attributes.environment.type=PRODUCTION' \
    --application=APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

List discovered workloads

Discovered workloads are available to be registered to an application.

  1. To list discovered workloads:

    gcloud apphub discovered-workloads list \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    You see output similar to the following, which includes unregistered MIGs:

    ID                        WORKLOAD_REFERENCE                                                                                                   WORKLOAD_PROPERTIES
[DISCOVERED_WORKLOAD_ID]  {'uri': '//compute.googleapis.com/projects/[PROJECT_NUMBER]/regions/REGION/instanceGroups/testing-mig'}    {'gcpProject': 'projects/PROJECT_ID', 'location': 'REGION'}

  2. Optional: Filter the list of discovered workloads. For example, to filter the list of discovered workloads with compute resources in an app-enabled folder:

    gcloud apphub discovered-workloads list \
    --filter='workload_reference.uri~"compute"'
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

List registered workloads

List and filter registered App Hub workloads from an application.

  1. To list registered workloads in an application:

    gcloud apphub applications workloads list \
    --application=APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    You see output similar to the following:

    ID               DISPLAY_NAME               WORKLOAD_REFERENCE                                                                                                     CREATE_TIME
WORKLOAD_NAME    mywebserver-deployment1    {'uri': '//compute.googleapis.com/projects/[PROJECT_NUMBER]/regions/REGION/instanceGroups/testing-mig'}    2023-10-31T18:34:23

    Registered, but detached workloads are denoted by an empty value in the WORKLOAD_REFERENCE field. For more information about the registration statuses, see the properties and attributes of App Hub.

  2. Optional: Filter the list of registered workloads. For example, to filter the workloads in an application where the environment-type attribute is set to PRODUCTION:

    gcloud apphub applications workloads list \
    --filter='attributes.environment.type=PRODUCTION' \
    --application=APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

Update services and workloads

You can update the services and workloads that are registered to an application.

Console

  1. In the Google Cloud console, go to the App Hub Applications page.

    Go to Applications

  2. Click the name of your application.
    The Services and workloads tab is displayed with a list of registered services and workloads that are in your service projects.

  3. For each service or workload you want to update, do the following:

    1. On the Services and workloads tab, for the service or workload that you'd like to update, click more_vert, and then click Edit service or Edit workload.
    2. In the Edit service or Edit workload pane, edit fields as required and click Save.

gcloud

  1. Update your service with the criticality-type, environment-type, and owner type attributes:

    gcloud apphub applications services update SERVICE_NAME \
    --application=APPLICATION_NAME \
    --display-name='SERVICE_DISPLAY_NAME' \
    --criticality-type='CRITICALITY_LEVEL' \
    --environment-type='ENVIRONMENT' \
    --developer-owners=display-name=DISPLAY-NAME-DEVELOPER,email=EMAIL-DEVELOPER \
    --operator-owners=display-name=DISPLAY-NAME-OPERATOR,email=EMAIL-OPERATOR \
    --business-owners=display-name=DISPLAY-NAME-BUSINESS,email=EMAIL-BUSINESS \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    Replace SERVICE_NAME with a name of the App Hub service.

    You can update any of the following:

    • SERVICE_DISPLAY_NAME: indicates a display name for the service.
    • CRITICALITY_LEVEL: indicates how critical an application, service, or workload is to your business operations. Provide one of the following values:
      • MISSION_CRITICAL
      • HIGH
      • MEDIUM
      • LOW
    • ENVIRONMENT: indicates the stages of the software lifecycle. Provide one of the following values:
      • PRODUCTION
      • STAGING
      • DEVELOPMENT
      • TEST
    • DISPLAY-NAME-DEVELOPER, DISPLAY-NAME-OPERATOR, and DISPLAY-NAME-BUSINESS: display names of the developer, operator, and business owners, respectively.
    • EMAIL-NAME-DEVELOPER, EMAIL-NAME-OPERATOR, and EMAIL-NAME-BUSINESS: email addresses of the developer, operator, and business owners, respectively. These values must have the format username@yourdomain, for example, 222larabrown@gmail.com.

    For example:

    gcloud apphub applications workloads update my-application \
    --criticality-type='MEDIUM' \
    --environment-type='STAGING' \
    --developer-owners=display-name=developer-name,email=username@yourdomain \
    --project=google-mpf-FOLDER-ID \
    --location=us-east1

  2. Update your workload with criticality-type, environment-type, and owner type attributes:

    gcloud apphub applications workloads update WORKLOAD_NAME \
    --application=APPLICATION_NAME \
    --display-name='WORKLOAD_DISPLAY_NAME' \
    --criticality-type='CRITICALITY_LEVEL' \
    --environment-type='ENVIRONMENT' \
    --developer-owners=display-name=DISPLAY-NAME-DEVELOPER,email=EMAIL-DEVELOPER \
    --operator-owners=display-name=DISPLAY-NAME-OPERATOR,email=EMAIL-OPERATOR \
    --business-owners=display-name=DISPLAY-NAME-BUSINESS,email=EMAIL-BUSINESS \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    Replace the WORKLOAD_NAME with the name of the App Hub workload.

    You can update any of the following:

    • WORKLOAD_DISPLAY_NAME: indicates a display name for the service.
    • CRITICALITY_LEVEL: indicates how critical an application, service, or workload is to your business operations. Provide one of the following values:
      • MISSION_CRITICAL
      • HIGH
      • MEDIUM
      • LOW
    • ENVIRONMENT: indicates the stages of the software lifecycle. Provide one of the following values:
      • PRODUCTION
      • STAGING
      • DEVELOPMENT
      • TEST
    • DISPLAY-NAME-DEVELOPER, DISPLAY-NAME-OPERATOR, and DISPLAY-NAME-BUSINESS: display names of the developer, operator, and business owners, respectively.
    • EMAIL-NAME-DEVELOPER, EMAIL-NAME-OPERATOR, and EMAIL-NAME-BUSINESS: email addresses of the developer, operator, and business owners, respectively. These values must have the format username@yourdomain, for example, 222larabrown@gmail.com.

    For example:

    gcloud apphub applications workloads update my-application \
    --criticality-type='MEDIUM' \
    --environment-type='STAGING' \
    --developer-owners=display-name=developer-name,email=username@yourdomain \
    --project=google-mpf-FOLDER-ID \
    --location=us-east1

Delete applications, services, and workloads

Delete an existing application to remove registered resources associated with the app-enabled folder. To do so, you must first unregister workloads and services registered to the application.

Console

  1. In the Google Cloud console, go to the App Hub Applications page.

    Go to Applications

  2. Click the name of an application. A list of services and workloads registered to the application appears.

  3. Unregister a service or a workload.

    1. On the Services and workloads tab, from the Registered services and workloads section, click the name of the service or workload you'd like to unregister.
    2. On the page for the registered service or workload that opens, click Unregister to update the service or workload as a Discovered resource. On the Services and workloads tab, an alert notifies that the workload is unregistered.
    3. Repeat these instructions for each service and workload.

  4. Go to the App Hub Applications page.

    Go to Applications

  5. Click the name of an application.

  6. On the page with the application details, click Delete.

gcloud

  1. List the registered services in the application:

    gcloud apphub applications services list \
    --application=APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

  2. Unregister the service from the application:

    gcloud apphub applications services delete SERVICE_NAME \
    --application=APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    The service is now a discovered service that can be registered to the application.

  3. Repeat the previous command to unregister any remaining registered services from the application.

  4. List the registered workloads in the application:

    gcloud apphub applications workloads list \
    --application=APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

  5. Unregister the workload from the application:

    gcloud apphub applications workloads delete WORKLOAD_NAME \
    --application=APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

    The workload is now a discovered workload that can be registered to the application.

  6. Repeat the previous command to delete any remaining registered workloads from the application.

  7. Delete the application:

    gcloud apphub applications delete APPLICATION_NAME \
    --project=MANAGEMENT_PROJECT_ID \
    --location=REGION

What's next