Is it possible to manage Identity-Aware Proxy in Google App Engine Flexible, only by using gcloud CLI?
I need to have dynamic domains with different app versions (eq https://0-2-1-1-dot-myproject-prod.appspot.com/ or later https://0-2-1-1.myproject.com/). I know how to set a fixed domain (eg. https://myproject.com/ or https://new.myproject.com/) in IAP but this is a basic scenario.
I would like to have a possiblity to use wildcards in IAP (like. https://*.myproject.com/) to set it up in advance to all dynamic domains, but AFAIK it is rather not possible.
Second option is to add a new domain together with a new version, tag or even review in DEV project in my CD pipeline, using gcloud CLI, but until now I didn't find any subcommand to do this.
So, can I add a new domain to IAP from CLI?
Unfortunately:
You can add specific additional domains from the API Manager > Credentials screen in Cloud Console. We have some more detailed instructions down at the bottom of https://cloud.google.com/iap/docs/app-engine-quickstart .
(We've heard loud and clear from App Engine users that the interaction between IAP and App Engine versions isn't great due to the redirect URL issues and are working on a solution, but that's the best option today.)
--Matthew, Cloud IAP team