Supprimer un pool d'autorités de certification

Cette page explique comment supprimer un pool d'autorités de certification.

Vous ne pouvez supprimer un pool d'autorités de certification qu'après avoir définitivement supprimé toutes les autorités de certification de ce pool. CA Service supprime définitivement une autorité de certification après un délai de grâce de 30 jours à compter du lancement du processus de suppression. Pour en savoir plus, consultez la section Supprimer des autorités de certification.

Pour supprimer un pool d'autorités de certification, suivez les instructions suivantes.

Console

  1. Accédez à la page Certificate Authority Service de la console Google Cloud.

    2. Accéder à Certificate Authority Service

  2. Cliquez sur l'onglet Gestionnaire de pool d'autorités de certification.
  3. Dans la liste des pools d'autorités de certification, sélectionnez le pool que vous souhaitez supprimer.
  4. Cliquez sur Supprimer.
    5. Supprimez définitivement un pool d'autorités de certification.
  5. Dans la boîte de dialogue qui s'affiche, cliquez sur Confirmer.

gcloud

Exécutez la commande ci-dessous.

gcloud privateca pools delete POOL_ID

Remplacez POOL_ID par le nom du pool d'autorités de certification que vous souhaitez supprimer.

Pour plus d'informations sur la commande gcloud privateca pools delete, consultez la section gcloud privateca pools delete.

Go

Pour vous authentifier auprès du service CA, configurez les Identifiants par défaut de l'application. Pour en savoir plus, consultez Configurer l'authentification pour un environnement de développement local. 

import (
	"context"
	"fmt"
	"io"

	privateca "cloud.google.com/go/security/privateca/apiv1"
	"cloud.google.com/go/security/privateca/apiv1/privatecapb"
)

// Delete the CA pool as mentioned by the ca_pool_name.
// Before deleting the pool, all CAs in the pool MUST BE deleted.
func deleteCaPool(w io.Writer, projectId string, location string, caPoolId string) error {
	// projectId := "your_project_id"
	// location := "us-central1"	// For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
	// caPoolId := "ca-pool-id"		// A unique id/name for the ca pool.

	ctx := context.Background()
	caClient, err := privateca.NewCertificateAuthorityClient(ctx)
	if err != nil {
		return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
	}
	defer caClient.Close()

	fullCaPoolName := fmt.Sprintf("projects/%s/locations/%s/caPools/%s", projectId, location, caPoolId)

	// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#DeleteCaPoolRequest.
	req := &privatecapb.DeleteCaPoolRequest{
		Name: fullCaPoolName,
	}

	op, err := caClient.DeleteCaPool(ctx, req)
	if err != nil {
		return fmt.Errorf("DeleteCaPool failed: %w", err)
	}

	if err = op.Wait(ctx); err != nil {
		return fmt.Errorf("DeleteCaPool failed during wait: %w", err)
	}

	fmt.Fprintf(w, "CA Pool deleted")

	return nil
}

Java

Pour vous authentifier auprès du service CA, configurez les Identifiants par défaut de l'application. Pour en savoir plus, consultez Configurer l'authentification pour un environnement de développement local. 


import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CaPoolName;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.DeleteCaPoolRequest;
import com.google.longrunning.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeoutException;

public class DeleteCaPool {

  public static void main(String[] args)
      throws InterruptedException, ExecutionException, IOException, TimeoutException {
    // TODO(developer): Replace these variables before running the sample.
    // location: For a list of locations, see:
    // https://cloud.google.com/certificate-authority-service/docs/locations
    // poolId: The id of the CA pool to be deleted.
    String project = "your-project-id";
    String location = "ca-location";
    String poolId = "ca-pool-id";
    deleteCaPool(project, location, poolId);
  }

  // Delete the CA pool as mentioned by the poolId.
  // Before deleting the pool, all CAs in the pool MUST BE deleted.
  public static void deleteCaPool(String project, String location, String poolId)
      throws InterruptedException, ExecutionException, IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the `certificateAuthorityServiceClient.close()` method on the client to safely
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
        CertificateAuthorityServiceClient.create()) {

      // Set the project, location and poolId to delete.
      CaPoolName caPool =
          CaPoolName.newBuilder()
              .setProject(project)
              .setLocation(location)
              .setCaPool(poolId)
              .build();

      // Create the Delete request.
      DeleteCaPoolRequest deleteCaPoolRequest =
          DeleteCaPoolRequest.newBuilder().setName(caPool.toString()).build();

      // Delete the CA Pool.
      ApiFuture<Operation> futureCall =
          certificateAuthorityServiceClient.deleteCaPoolCallable().futureCall(deleteCaPoolRequest);
      Operation response = futureCall.get();

      if (response.hasError()) {
        System.out.println("Error while deleting CA pool !" + response.getError());
        return;
      }

      System.out.println("Deleted CA Pool: " + poolId);
    }
  }
}

Python

Pour vous authentifier auprès du service CA, configurez les Identifiants par défaut de l'application. Pour en savoir plus, consultez Configurer l'authentification pour un environnement de développement local. 

import google.cloud.security.privateca_v1 as privateca_v1

def delete_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None:
    """
    Delete the CA pool as mentioned by the ca_pool_name.
    Before deleting the pool, all CAs in the pool MUST BE deleted.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
        ca_pool_name: the name of the CA pool to be deleted.
    """

    caServiceClient = privateca_v1.CertificateAuthorityServiceClient()

    ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name)

    # Create the Delete request.
    request = privateca_v1.DeleteCaPoolRequest(name=ca_pool_path)

    # Delete the CA Pool.
    caServiceClient.delete_ca_pool(request=request)

    print("Deleted CA Pool:", ca_pool_name)

Étapes suivantes