CA プールを削除する

このページでは、CA プールを削除する方法について説明します。

CA プールを削除できるのは、CA プール内の CA が完全に削除された後のみです。CA Service は、削除プロセスが開始されてから 30 日間の猶予期間の後に、CA を完全に削除します。詳細については、CA を削除するをご覧ください。

CA プールを削除するには、次の手順に従います。

Console

  1. Google Cloud コンソールの [Certificate Authority Service] ページに移動します。
  2. Certificate Authority Service に移動

  3. [CA プール マネージャー] タブをクリックします。
  4. CA プールのリストで、削除する CA プールを選択します。
  5. [削除] をクリックします。
  6. CA プールを完全に削除します。
  7. 表示されたダイアログ ボックスで [確認] をクリックします。

gcloud

次のコマンドを実行します。

gcloud privateca pools delete POOL_ID

POOL_ID は、削除する CA プールの名前に置き換えます。

gcloud privateca pools delete コマンドの詳細については、gcloud privateca pools delete をご覧ください。

Go

CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。

import (
	"context"
	"fmt"
	"io"

	privateca "cloud.google.com/go/security/privateca/apiv1"
	"cloud.google.com/go/security/privateca/apiv1/privatecapb"
)

// Delete the CA pool as mentioned by the ca_pool_name.
// Before deleting the pool, all CAs in the pool MUST BE deleted.
func deleteCaPool(w io.Writer, projectId string, location string, caPoolId string) error {
	// projectId := "your_project_id"
	// location := "us-central1"	// For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
	// caPoolId := "ca-pool-id"		// A unique id/name for the ca pool.

	ctx := context.Background()
	caClient, err := privateca.NewCertificateAuthorityClient(ctx)
	if err != nil {
		return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
	}
	defer caClient.Close()

	fullCaPoolName := fmt.Sprintf("projects/%s/locations/%s/caPools/%s", projectId, location, caPoolId)

	// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#DeleteCaPoolRequest.
	req := &privatecapb.DeleteCaPoolRequest{
		Name: fullCaPoolName,
	}

	op, err := caClient.DeleteCaPool(ctx, req)
	if err != nil {
		return fmt.Errorf("DeleteCaPool failed: %w", err)
	}

	if err = op.Wait(ctx); err != nil {
		return fmt.Errorf("DeleteCaPool failed during wait: %w", err)
	}

	fmt.Fprintf(w, "CA Pool deleted")

	return nil
}

Java

CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。


import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CaPoolName;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.DeleteCaPoolRequest;
import com.google.longrunning.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeoutException;

public class DeleteCaPool {

  public static void main(String[] args)
      throws InterruptedException, ExecutionException, IOException, TimeoutException {
    // TODO(developer): Replace these variables before running the sample.
    // location: For a list of locations, see:
    // https://cloud.google.com/certificate-authority-service/docs/locations
    // poolId: The id of the CA pool to be deleted.
    String project = "your-project-id";
    String location = "ca-location";
    String poolId = "ca-pool-id";
    deleteCaPool(project, location, poolId);
  }

  // Delete the CA pool as mentioned by the poolId.
  // Before deleting the pool, all CAs in the pool MUST BE deleted.
  public static void deleteCaPool(String project, String location, String poolId)
      throws InterruptedException, ExecutionException, IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the `certificateAuthorityServiceClient.close()` method on the client to safely
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
        CertificateAuthorityServiceClient.create()) {

      // Set the project, location and poolId to delete.
      CaPoolName caPool =
          CaPoolName.newBuilder()
              .setProject(project)
              .setLocation(location)
              .setCaPool(poolId)
              .build();

      // Create the Delete request.
      DeleteCaPoolRequest deleteCaPoolRequest =
          DeleteCaPoolRequest.newBuilder().setName(caPool.toString()).build();

      // Delete the CA Pool.
      ApiFuture<Operation> futureCall =
          certificateAuthorityServiceClient.deleteCaPoolCallable().futureCall(deleteCaPoolRequest);
      Operation response = futureCall.get();

      if (response.hasError()) {
        System.out.println("Error while deleting CA pool !" + response.getError());
        return;
      }

      System.out.println("Deleted CA Pool: " + poolId);
    }
  }
}

Python

CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。

import google.cloud.security.privateca_v1 as privateca_v1


def delete_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None:
    """
    Delete the CA pool as mentioned by the ca_pool_name.
    Before deleting the pool, all CAs in the pool MUST BE deleted.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
        ca_pool_name: the name of the CA pool to be deleted.
    """

    caServiceClient = privateca_v1.CertificateAuthorityServiceClient()

    ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name)

    # Create the Delete request.
    request = privateca_v1.DeleteCaPoolRequest(name=ca_pool_path)

    # Delete the CA Pool.
    caServiceClient.delete_ca_pool(request=request)

    print("Deleted CA Pool:", ca_pool_name)

次のステップ