Manage a secure gateway

This page explains how to complete common secure gateway management tasks.

Set up your shell environment

To streamline the setup process and interact with the secure gateway APIs, define the following environment variables in your working shell.

  • General parameters

    API="beyondcorp.googleapis.com"
    API_VERSION=v1
    PROJECT_ID=MY_PROJECT_ID
    APPLICATION_NAME=MY_APPLICATION_NAME
    HOST_NAME=MY_HOST_NAME
    

    Replace the following:

    • MY_PROJECT_ID: The ID of the project where the secure gateway is created.
    • MY_APPLICATION_NAME: The name of your SaaS application. For example, github. The name can be a maximum of 63 characters, and can contain lowercase letters, numbers, and hyphens. The first character should be a letter, and the last character can be a letter or a number.
    • MY_HOST_NAME: The hostname of your SaaS application. For example, github.com. The hostname can be up to 253 characters long, and must adhere to one of the following formats:

      • A valid IPv4 address
      • A valid IPv6 address
      • A valid DNS name
      • An asterisk (*)
      • An asterisk (*) followed by a valid DNS name
  • Secure gateway parameters

    SECURITY_GATEWAY_ID=MY_SECURITY_GATEWAY_ID
    SECURITY_GATEWAY_DISPLAY_NAME=MY_SECURITY_GATEWAY_DISPLAY_NAME
    

    Replace the following:

    • MY_SECURITY_GATEWAY_ID: The ID of the secure gateway that you want to create. The ID can be a maximum of 63 characters, and can contain lowercase letters, numbers, and hyphens. The first character should be a letter, and the last character can be a letter or a number.
    • MY_SECURITY_GATEWAY_DISPLAY_NAME: The human-readable name of the secure gateway. The name can be up to 63 characters long and include printable characters.

Update a secure gateway

The following example shows how to update the hubs of an existing secure gateway.

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
-X PATCH \
-d "{ \"hubs\": {\"us-central1\": {}, \"us-east1\": {}} }" \
"https://API/API_VERSION/projects/PROJECT_ID/locations/global/securityGateways/SECURITY_GATEWAY_ID?update_mask=hubs"

Get a secure gateway's details

To get the details for a secure gateway, run the following command.

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
"https://API/API_VERSION/projects/PROJECT_ID/locations/global/securityGateways/SECURITY_GATEWAY_ID"

List secure gateways

To list all of the secure gateways in a project, run the following command.

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
"https://API/API_VERSION/projects/PROJECT_ID/locations/global/securityGateways"

Delete a secure gateway

To delete a secure gateway, run the following command.

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
-X DELETE \
"https://API/API_VERSION/projects/PROJECT_ID/locations/global/securityGateways/SECURITY_GATEWAY_ID"

Update an application resource

You can update an existing application by calling the Update API. Following are the allowed editable fields:

  • display_name
  • endpoint_matchers

You can use update_mask to control which fields you want to update. Following is an example to update endpoint_matchers:

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
-X PATCH \
-d "{ \"endpoint_matchers\": [{hostname: \"HOST_NAME\"}] }" \
"https://API/API_VERSION/projects/PROJECT_ID/locations/global/securityGateways/SECURITY_GATEWAY_ID/applications/APPLICATION_NAME?update_mask=endpoint_matchers"

Get the details of an application resource

After a successful application creation or update, you can get the application resource details by calling the Get API.

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
"https://API/API_VERSION/projects/PROJECT_ID/locations/global/securityGateways/SECURITY_GATEWAY_ID/applications/APPLICATION_NAME"

List application resources

You can list all application resources under a secure gateway by calling the List API.

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
"https://API/API_VERSION/projects/PROJECT_ID/locations/global/securityGateways/SECURITY_GATEWAY_ID/applications"

Delete an application resource

To delete an application resource, call the Delete API.

curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
-X DELETE \
"https://API/API_VERSION/projects/PROJECT_ID/locations/global/securityGateways/SECURITY_GATEWAY_ID/applications/APPLICATION_NAME"