지정된 프로젝트 및 영역에 새 CA 풀을 만듭니다.
더 살펴보기
이 코드 샘플이 포함된 자세한 문서는 다음을 참조하세요.
코드 샘플
Go
CA Service에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
import (
"context"
"fmt"
"io"
privateca "cloud.google.com/go/security/privateca/apiv1"
"cloud.google.com/go/security/privateca/apiv1/privatecapb"
)
// Create a Certificate Authority pool. All certificates created under this CA pool will
// follow the same issuance policy, IAM policies, etc.
func createCaPool(w io.Writer, projectId string, location string, caPoolId string) error {
// projectId := "your_project_id"
// location := "us-central1" // For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
// caPoolId := "ca-pool-id" // A unique id/name for the ca pool.
ctx := context.Background()
caClient, err := privateca.NewCertificateAuthorityClient(ctx)
if err != nil {
return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
}
defer caClient.Close()
caPool := &privatecapb.CaPool{
// Set the tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers).
Tier: privatecapb.CaPool_ENTERPRISE,
}
locationPath := fmt.Sprintf("projects/%s/locations/%s", projectId, location)
// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#CreateCaPoolRequest.
req := &privatecapb.CreateCaPoolRequest{
Parent: locationPath,
CaPoolId: caPoolId,
CaPool: caPool,
}
op, err := caClient.CreateCaPool(ctx, req)
if err != nil {
return fmt.Errorf("CreateCaPool failed: %w", err)
}
if _, err = op.Wait(ctx); err != nil {
return fmt.Errorf("CreateCaPool failed during wait: %w", err)
}
fmt.Fprintf(w, "CA Pool created")
return nil
}
Java
CA Service에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CaPool;
import com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy;
import com.google.cloud.security.privateca.v1.CaPool.Tier;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.CertificateIdentityConstraints;
import com.google.cloud.security.privateca.v1.CreateCaPoolRequest;
import com.google.cloud.security.privateca.v1.LocationName;
import com.google.longrunning.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
public class CreateCaPool {
public static void main(String[] args)
throws InterruptedException, ExecutionException, IOException {
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// poolId: Set a unique poolId for the CA pool.
String project = "your-project-id";
String location = "ca-location";
String poolId = "ca-pool-id";
createCaPool(project, location, poolId);
}
// Create a Certificate Authority Pool. All certificates created under this CA pool will
// follow the same issuance policy, IAM policies,etc.,
public static void createCaPool(String project, String location, String poolId)
throws InterruptedException, ExecutionException, IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the `certificateAuthorityServiceClient.close()` method on the client to safely
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {
IssuancePolicy issuancePolicy = IssuancePolicy.newBuilder()
.setIdentityConstraints(CertificateIdentityConstraints.newBuilder()
.setAllowSubjectPassthrough(true)
.setAllowSubjectAltNamesPassthrough(true)
.build())
.build();
/* Create the pool request
Set Parent which denotes the project id and location.
Set the Tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers).
*/
CreateCaPoolRequest caPoolRequest =
CreateCaPoolRequest.newBuilder()
.setParent(LocationName.of(project, location).toString())
.setCaPoolId(poolId)
.setCaPool(
CaPool.newBuilder()
.setIssuancePolicy(issuancePolicy)
.setTier(Tier.ENTERPRISE)
.build())
.build();
// Create the CA pool.
ApiFuture<Operation> futureCall =
certificateAuthorityServiceClient.createCaPoolCallable().futureCall(caPoolRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while creating CA pool !" + response.getError());
return;
}
System.out.println("CA pool created successfully: " + poolId);
}
}
}
Python
CA Service에 인증하려면 애플리케이션 기본 사용자 인증 정보를 설정합니다. 자세한 내용은 로컬 개발 환경의 인증 설정을 참조하세요.
import google.cloud.security.privateca_v1 as privateca_v1
def create_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None:
"""
Create a Certificate Authority pool. All certificates created under this CA pool will
follow the same issuance policy, IAM policies,etc.,
Args:
project_id: project ID or project number of the Cloud project you want to use.
location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
ca_pool_name: a unique name for the ca pool.
"""
caServiceClient = privateca_v1.CertificateAuthorityServiceClient()
ca_pool = privateca_v1.CaPool(
# Set the tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers).
tier=privateca_v1.CaPool.Tier.ENTERPRISE,
)
location_path = caServiceClient.common_location_path(project_id, location)
# Create the pool request.
request = privateca_v1.CreateCaPoolRequest(
parent=location_path,
ca_pool_id=ca_pool_name,
ca_pool=ca_pool,
)
# Create the CA pool.
operation = caServiceClient.create_ca_pool(request=request)
print("Operation result:", operation.result())
Terraform
Terraform 구성을 적용하거나 삭제하는 방법은 기본 Terraform 명령어를 참조하세요. 자세한 내용은 Terraform 제공업체 참고 문서를 확인하세요.
resource "google_privateca_ca_pool" "default" {
name = "ca-pool"
location = "us-central1"
tier = "ENTERPRISE"
publishing_options {
publish_ca_cert = true
publish_crl = true
}
labels = {
foo = "bar"
}
}
다음 단계
다른 Google Cloud 제품의 코드 샘플을 검색하고 필터링하려면 Google Cloud 샘플 브라우저를 참조하세요.