gcloud beta beyondcorp security-gateways applications update
- NAME
- gcloud beta beyondcorp security-gateways applications update - update applications
- SYNOPSIS
gcloud beta beyondcorp security-gateways applications update(APPLICATION:--location=LOCATION--security-gateway=SECURITY_GATEWAY)[--async][--display-name=DISPLAY_NAME][--request-id=REQUEST_ID][--schema=SCHEMA][--endpoint-matchers=[hostname=HOSTNAME],[ports=PORTS] |--add-endpoint-matchers=[hostname=HOSTNAME],[ports=PORTS]--clear-endpoint-matchers|--remove-endpoint-matchers=[hostname=HOSTNAME],[ports=PORTS]][--upstreams=[egressPolicy=EGRESSPOLICY],[external=EXTERNAL],[network=NETWORK],[proxyProtocol=PROXYPROTOCOL] |--add-upstreams=[egressPolicy=EGRESSPOLICY],[external=EXTERNAL],[network=NETWORK],[proxyProtocol=PROXYPROTOCOL]--clear-upstreams|--remove-upstreams=[egressPolicy=EGRESSPOLICY],[external=EXTERNAL],[network=NETWORK],[proxyProtocol=PROXYPROTOCOL]][GCLOUD_WIDE_FLAG …]
- DESCRIPTION
(BETA)Update an application- EXAMPLES
- To update the application, run:
gcloudbetabeyondcorpsecurity-gatewaysapplicationsupdate - POSITIONAL ARGUMENTS
- Application resource - Identifier. Name of the resource. The arguments in thisgroup can be used to specify the attributes of this resource. (NOTE) Someattributes are not given arguments in this group but can be set in other ways.
To set the
projectattribute:- provide the argument
applicationon the command line with a fullyspecified name; - provide the argument
--projecton the command line; - set the property
core/project.
This must be specified.
APPLICATION- ID of the application or fully qualified identifier for the application.
To set the
applicationattribute:- provide the argument
applicationon the command line.
This positional argument must be specified if any of the other arguments in thisgroup are specified.
- provide the argument
--location=LOCATION- The location id of the application resource. We support only global location.
To set the
locationattribute:- provide the argument
applicationon the command line with a fullyspecified name; - provide the argument
--locationon the command line.
- provide the argument
--security-gateway=SECURITY_GATEWAY- The securityGateway id of the application resource.
To set the
security-gatewayattribute:- provide the argument
applicationon the command line with a fullyspecified name; - provide the argument
--security-gatewayon the command line.
- provide the argument
- provide the argument
- Application resource - Identifier. Name of the resource. The arguments in thisgroup can be used to specify the attributes of this resource. (NOTE) Someattributes are not given arguments in this group but can be set in other ways.
- FLAGS
--async- Return immediately, without waiting for the operation in progress to complete.
--display-name=DISPLAY_NAME- An arbitrary user-provided name for the application resource. Cannot exceed 64characters.
--request-id=REQUEST_ID- An optional request ID to identify requests. Specify a unique request ID so thatif you must retry your request, the server will know to ignore the request if ithas already been completed. The server will guarantee that for at least 60minutes after the first request.
For example, consider a situation where you make an initial request and therequest timed out. If you make the request again with the same request ID, theserver can check if original operation with the same request ID was received,and if so, will ignore the second request. This prevents clients fromaccidentally creating duplicate commitments.
The request ID must be a valid UUID with the exception that zero UUID is notsupported (00000000-0000-0000-0000-000000000000).
--schema=SCHEMA- Type of the external application.
SCHEMAmust be one of:api-gateway- Service Discovery API endpoint when Service Discovery is enabled in Gateway.
proxy-gateway- Proxy which routes traffic to actual applications, like Netscaler Gateway.
- Update endpoint_matchers.
At most one of these can be specified:
--endpoint-matchers=[hostname=HOSTNAME],[ports=PORTS]- Set endpoint_matchers to new value. An array of conditions to match theapplication's network endpoint. Each element in the array is an EndpointMatcherobject, which defines a specific combination of a hostname pattern and one ormore ports. The application is considered matched if at least one of theEndpointMatcher conditions in this array is met (the conditions are combinedusing OR logic). Each EndpointMatcher must contain a hostname pattern, such as"example.com", and one or more port numbers specified as a string, such as"443".
Hostname and port number examples: "
.example.com", "443" "example.com" and"22" "example.com" and "22,33".hostname
- Hostname of the application.
- ports
- The ports of the application.
--endpoint-matchers=hostname=string,ports=[int]--endpoint-matchers=hostname=string,ports=[int]
--endpoint-matchers='[{"hostname": "string", "ports": [int]}]'
--endpoint-matchers=path_to_file.(yaml|json)
- Or at least one of these can be specified:
- --add-endpoint-matchers
=[hostname=HOSTNAME],[ports=PORTS] - Add new value to endpoint_matchers list. An array of conditions to match theapplication's network endpoint. Each element in the array is an EndpointMatcherobject, which defines a specific combination of a hostname pattern and one ormore ports. The application is considered matched if at least one of theEndpointMatcher conditions in this array is met (the conditions are combinedusing OR logic). Each EndpointMatcher must contain a hostname pattern, such as"example.com", and one or more port numbers specified as a string, such as"443".
Hostname and port number examples: ".example.com", "443" "example.com"and "22" "example.com" and "22,33".
hostname- Hostname of the application.
ports- The ports of the application.
Shorthand Example:--add-endpoint-matchers=hostname=string,ports=[int]--add-endpoint-matchers=hostname=string,ports=[int]
JSON Example:--add-endpoint-matchers='[{"hostname": "string", "ports": [int]}]'
File Example:--add-endpoint-matchers=path_to_file.(yaml|json)
- At most one of these can be specified:
--clear-endpoint-matchers- Clear endpoint_matchers value and set to empty list.
--remove-endpoint-matchers=[hostname=HOSTNAME],[ports=PORTS]- Remove existing value from endpoint_matchers list. An array of conditions tomatch the application's network endpoint. Each element in the array is anEndpointMatcher object, which defines a specific combination of a hostnamepattern and one or more ports. The application is considered matched if at leastone of the EndpointMatcher conditions in this array is met (the conditions arecombined using OR logic). Each EndpointMatcher must contain a hostname pattern,such as "example.com", and one or more port numbers specified as a string, suchas "443".
Hostname and port number examples: "
.example.com", "443" "example.com" and"22" "example.com" and "22,33".hostname
- Hostname of the application.
- ports
- The ports of the application.
--remove-endpoint-matchers=hostname=string,ports=[int]--remove-endpoint-matchers=hostname=string,ports=[int]
--remove-endpoint-matchers='[{"hostname": "string", "ports": [int]}]'
--remove-endpoint-matchers=path_to_file.(yaml|json)
- --add-endpoint-matchers
At most one of these can be specified:
- --upstreams
=[egressPolicy=EGRESSPOLICY],[external=EXTERNAL],[network=NETWORK],[proxyProtocol=PROXYPROTOCOL] - Set upstreams to new value. Which upstream resources to forward traffic to.
- egressPolicy
- Routing policy information.
- regions
- List of the regions where the application sends traffic.
- regions
- external
- List of the external endpoints to forward traffic to.
- endpoints
- List of the endpoints to forward traffic to.
- hostname
- Hostname of the endpoint.
- port
- Port of the endpoint.
- hostname
- endpoints
- network
- Network to forward traffic to.
- name
- Network name is of the format:
projects/{project}/global/networks/{network}.
- name
- proxyProtocol
- Enables proxy protocol configuration for the upstream.
- allowedClientHeaders
- List of the allowed client header names.
- clientIp
- Client IP configuration. The client IP address is included if true.
- contextualHeaders
- Configuration for the contextual headers.
- deviceInfo
- The device information configuration.
- outputType
- The output type details for the delegated device.
- outputType
- groupInfo
- Group details.
- outputType
- The output type of the delegated group information.
- outputType
- outputType
- Default output type for all enabled headers.
- userInfo
- User details.
- outputType
- The delegated user's information.
- outputType
- deviceInfo
- gatewayIdentity
- The security gateway identity configuration.
- metadataHeaders
- Custom resource specific headers along with the values. The names should conformto RFC 9110: >Field names can contain alphanumeric characters, hyphens, andperiods, can contain only ASCII-printable characters and tabs, and must startwith a letter.
- KEY
- SetsKEY
value. - VALUE
- SetsVALUE
value.
- KEY
- allowedClientHeaders
--upstreams=egressPolicy={regions=[string]},external={endpoints=[{hostname=string,port=int}]},network={name=string},proxyProtocol={allowedClientHeaders=[string],clientIp=boolean,contextualHeaders={deviceInfo={outputType=string},groupInfo={outputType=string},outputType=string,userInfo={outputType=string}},gatewayIdentity=string,metadataHeaders={string=string}}--upstreams=egressPolicy={regions=[string]},external={endpoints=[{hostname=string,port=int}]},network={name=string},proxyProtocol={allowedClientHeaders=[string],clientIp=boolean,contextualHeaders={deviceInfo={outputType=string},groupInfo={outputType=string},outputType=string,userInfo={outputType=string}},gatewayIdentity=string,metadataHeaders={string=string}}
--upstreams='[{"egressPolicy": {"regions": ["string"]}, "external": {"endpoints": [{"hostname": "string", "port": int}]}, "network": {"name": "string"}, "proxyProtocol": {"allowedClientHeaders": ["string"], "clientIp": boolean, "contextualHeaders": {"deviceInfo": {"outputType": "string"}, "groupInfo": {"outputType": "string"}, "outputType": "string", "userInfo": {"outputType": "string"}}, "gatewayIdentity": "string", "metadataHeaders": {"string": "string"}}}]'
--upstreams=path_to_file.(yaml|json)
- egressPolicy
- Or at least one of these can be specified:
- --add-upstreams
=[egressPolicy=EGRESSPOLICY],[external=EXTERNAL],[network=NETWORK],[proxyProtocol=PROXYPROTOCOL] - Add new value to upstreams list. Which upstream resources to forward traffic to.
- egressPolicy
- Routing policy information.
- regions
- List of the regions where the application sends traffic.
- regions
- external
- List of the external endpoints to forward traffic to.
- endpoints
- List of the endpoints to forward traffic to.
- hostname
- Hostname of the endpoint.
- port
- Port of the endpoint.
- hostname
- endpoints
- network
- Network to forward traffic to.
- name
- Network name is of the format:projects/{project}/global/networks/{network}.
- name
- proxyProtocol
- Enables proxy protocol configuration for the upstream.
- allowedClientHeaders
- List of the allowed client header names.
- clientIp
- Client IP configuration. The client IP address is included if true.
- contextualHeaders
- Configuration for the contextual headers.
- deviceInfo
- The device information configuration.
- outputType
- The output type details for the delegated device.
- outputType
- groupInfo
- Group details.
- outputType
- The output type of the delegated group information.
- outputType
- outputType
- Default output type for all enabled headers.
- userInfo
- User details.
- outputType
- The delegated user's information.
- outputType
- deviceInfo
- gatewayIdentity
- The security gateway identity configuration.
- metadataHeaders
- Custom resource specific headers along with the values. The names should conformto RFC 9110: >Field names can contain alphanumeric characters, hyphens, andperiods, can contain only ASCII-printable characters and tabs, and must startwith a letter.
- KEY
- Sets
KEYvalue. - VALUE
- Sets
VALUEvalue.
- KEY
- allowedClientHeaders
--add-upstreams=egressPolicy={regions=[string]},external={endpoints=[{hostname=string,port=int}]},network={name=string},proxyProtocol={allowedClientHeaders=[string],clientIp=boolean,contextualHeaders={deviceInfo={outputType=string},groupInfo={outputType=string},outputType=string,userInfo={outputType=string}},gatewayIdentity=string,metadataHeaders={string=string}}--add-upstreams=egressPolicy={regions=[string]},external={endpoints=[{hostname=string,port=int}]},network={name=string},proxyProtocol={allowedClientHeaders=[string],clientIp=boolean,contextualHeaders={deviceInfo={outputType=string},groupInfo={outputType=string},outputType=string,userInfo={outputType=string}},gatewayIdentity=string,metadataHeaders={string=string}}
--add-upstreams='[{"egressPolicy": {"regions": ["string"]}, "external": {"endpoints": [{"hostname": "string", "port": int}]}, "network": {"name": "string"}, "proxyProtocol": {"allowedClientHeaders": ["string"], "clientIp": boolean, "contextualHeaders": {"deviceInfo": {"outputType": "string"}, "groupInfo": {"outputType": "string"}, "outputType": "string", "userInfo": {"outputType": "string"}}, "gatewayIdentity": "string", "metadataHeaders": {"string": "string"}}}]'
--add-upstreams=path_to_file.(yaml|json)
- egressPolicy
- At most one of these can be specified:
- --clear-upstreams
- Clear upstreams value and set to empty list.
- --remove-upstreams
=[egressPolicy=EGRESSPOLICY],[external=EXTERNAL],[network=NETWORK],[proxyProtocol=PROXYPROTOCOL] - Remove existing value from upstreams list. Which upstream resources to forwardtraffic to.
- egressPolicy
- Routing policy information.
- regions
- List of the regions where the application sends traffic.
- regions
- external
- List of the external endpoints to forward traffic to.
- endpoints
- List of the endpoints to forward traffic to.
- hostname
- Hostname of the endpoint.
- port
- Port of the endpoint.
- hostname
- endpoints
- network
- Network to forward traffic to.
- name
- Network name is of the format:
projects/{project}/global/networks/{network}.
- name
- proxyProtocol
- Enables proxy protocol configuration for the upstream.
- allowedClientHeaders
- List of the allowed client header names.
- clientIp
- Client IP configuration. The client IP address is included if true.
- contextualHeaders
- Configuration for the contextual headers.
- deviceInfo
- The device information configuration.
- outputType
- The output type details for the delegated device.
- outputType
- groupInfo
- Group details.
- outputType
- The output type of the delegated group information.
- outputType
- outputType
- Default output type for all enabled headers.
- userInfo
- User details.
- outputType
- The delegated user's information.
- outputType
- deviceInfo
- gatewayIdentity
- The security gateway identity configuration.
- metadataHeaders
- Custom resource specific headers along with the values. The names should conformto RFC 9110: >Field names can contain alphanumeric characters, hyphens, andperiods, can contain only ASCII-printable characters and tabs, and must startwith a letter.
- KEY
- SetsKEY
value. - VALUE
- SetsVALUE
value.
- KEY
- allowedClientHeaders
--remove-upstreams=egressPolicy={regions=[string]},external={endpoints=[{hostname=string,port=int}]},network={name=string},proxyProtocol={allowedClientHeaders=[string],clientIp=boolean,contextualHeaders={deviceInfo={outputType=string},groupInfo={outputType=string},outputType=string,userInfo={outputType=string}},gatewayIdentity=string,metadataHeaders={string=string}}--remove-upstreams=egressPolicy={regions=[string]},external={endpoints=[{hostname=string,port=int}]},network={name=string},proxyProtocol={allowedClientHeaders=[string],clientIp=boolean,contextualHeaders={deviceInfo={outputType=string},groupInfo={outputType=string},outputType=string,userInfo={outputType=string}},gatewayIdentity=string,metadataHeaders={string=string}}
--remove-upstreams='[{"egressPolicy": {"regions": ["string"]}, "external": {"endpoints": [{"hostname": "string", "port": int}]}, "network": {"name": "string"}, "proxyProtocol": {"allowedClientHeaders": ["string"], "clientIp": boolean, "contextualHeaders": {"deviceInfo": {"outputType": "string"}, "groupInfo": {"outputType": "string"}, "outputType": "string", "userInfo": {"outputType": "string"}}, "gatewayIdentity": "string", "metadataHeaders": {"string": "string"}}}]'
--remove-upstreams=path_to_file.(yaml|json)
- egressPolicy
- --clear-upstreams
- --add-upstreams
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run$gcloud help for details.
beyondcorp/v1 API. The full documentation forthis API can be found at:https://cloud.google.com/gcloudbeyondcorpsecurity-gatewaysapplicationsupdateExcept as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-01-21 UTC.