指定されたプロジェクトとゾーンに新しい CA プールを作成します。
もっと見る
このコードサンプルを含む詳細なドキュメントについては、以下をご覧ください。
コードサンプル
Go
CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import (
"context"
"fmt"
"io"
privateca "cloud.google.com/go/security/privateca/apiv1"
"cloud.google.com/go/security/privateca/apiv1/privatecapb"
)
// Create a Certificate Authority pool. All certificates created under this CA pool will
// follow the same issuance policy, IAM policies, etc.
func createCaPool(w io.Writer, projectId string, location string, caPoolId string) error {
// projectId := "your_project_id"
// location := "us-central1" // For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
// caPoolId := "ca-pool-id" // A unique id/name for the ca pool.
ctx := context.Background()
caClient, err := privateca.NewCertificateAuthorityClient(ctx)
if err != nil {
return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
}
defer caClient.Close()
caPool := &privatecapb.CaPool{
// Set the tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers).
Tier: privatecapb.CaPool_ENTERPRISE,
}
locationPath := fmt.Sprintf("projects/%s/locations/%s", projectId, location)
// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#CreateCaPoolRequest.
req := &privatecapb.CreateCaPoolRequest{
Parent: locationPath,
CaPoolId: caPoolId,
CaPool: caPool,
}
op, err := caClient.CreateCaPool(ctx, req)
if err != nil {
return fmt.Errorf("CreateCaPool failed: %w", err)
}
if _, err = op.Wait(ctx); err != nil {
return fmt.Errorf("CreateCaPool failed during wait: %w", err)
}
fmt.Fprintf(w, "CA Pool created")
return nil
}
Java
CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CaPool;
import com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy;
import com.google.cloud.security.privateca.v1.CaPool.Tier;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.CertificateIdentityConstraints;
import com.google.cloud.security.privateca.v1.CreateCaPoolRequest;
import com.google.cloud.security.privateca.v1.LocationName;
import com.google.longrunning.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
public class CreateCaPool {
public static void main(String[] args)
throws InterruptedException, ExecutionException, IOException {
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// poolId: Set a unique poolId for the CA pool.
String project = "your-project-id";
String location = "ca-location";
String poolId = "ca-pool-id";
createCaPool(project, location, poolId);
}
// Create a Certificate Authority Pool. All certificates created under this CA pool will
// follow the same issuance policy, IAM policies,etc.,
public static void createCaPool(String project, String location, String poolId)
throws InterruptedException, ExecutionException, IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the `certificateAuthorityServiceClient.close()` method on the client to safely
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {
IssuancePolicy issuancePolicy = IssuancePolicy.newBuilder()
.setIdentityConstraints(CertificateIdentityConstraints.newBuilder()
.setAllowSubjectPassthrough(true)
.setAllowSubjectAltNamesPassthrough(true)
.build())
.build();
/* Create the pool request
Set Parent which denotes the project id and location.
Set the Tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers).
*/
CreateCaPoolRequest caPoolRequest =
CreateCaPoolRequest.newBuilder()
.setParent(LocationName.of(project, location).toString())
.setCaPoolId(poolId)
.setCaPool(
CaPool.newBuilder()
.setIssuancePolicy(issuancePolicy)
.setTier(Tier.ENTERPRISE)
.build())
.build();
// Create the CA pool.
ApiFuture<Operation> futureCall =
certificateAuthorityServiceClient.createCaPoolCallable().futureCall(caPoolRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while creating CA pool !" + response.getError());
return;
}
System.out.println("CA pool created successfully: " + poolId);
}
}
}
Python
CA Service への認証を行うには、アプリケーションのデフォルト認証情報を設定します。 詳細については、ローカル開発環境の認証の設定をご覧ください。
import google.cloud.security.privateca_v1 as privateca_v1
def create_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None:
"""
Create a Certificate Authority pool. All certificates created under this CA pool will
follow the same issuance policy, IAM policies,etc.,
Args:
project_id: project ID or project number of the Cloud project you want to use.
location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
ca_pool_name: a unique name for the ca pool.
"""
caServiceClient = privateca_v1.CertificateAuthorityServiceClient()
ca_pool = privateca_v1.CaPool(
# Set the tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers).
tier=privateca_v1.CaPool.Tier.ENTERPRISE,
)
location_path = caServiceClient.common_location_path(project_id, location)
# Create the pool request.
request = privateca_v1.CreateCaPoolRequest(
parent=location_path,
ca_pool_id=ca_pool_name,
ca_pool=ca_pool,
)
# Create the CA pool.
operation = caServiceClient.create_ca_pool(request=request)
print("Operation result:", operation.result())
Terraform
Terraform 構成を適用または削除する方法については、基本的な Terraform コマンドをご覧ください。詳細については、Terraform プロバイダのリファレンス ドキュメントをご覧ください。
resource "google_privateca_ca_pool" "default" {
name = "ca-pool"
location = "us-central1"
tier = "ENTERPRISE"
publishing_options {
publish_ca_cert = true
publish_crl = true
}
labels = {
foo = "bar"
}
}
次のステップ
他の Google Cloud プロダクトに関連するコードサンプルの検索およびフィルタ検索を行うには、Google Cloud のサンプルをご覧ください。