从指定的 CA 池中删除证书授权机构。
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
Go
如需向 CA Service 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
privateca "cloud.google.com/go/security/privateca/apiv1"
"cloud.google.com/go/security/privateca/apiv1/privatecapb"
)
// Delete a Certificate Authority from the specified CA pool.
// Before deletion, the CA must be disabled or staged and must not contain any active certificates.
func deleteCa(w io.Writer, projectId string, location string, caPoolId string, caId string) error {
// projectId := "your_project_id"
// location := "us-central1" // For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
// caPoolId := "ca-pool-id" // The id of the CA pool under which the CA is present.
// caId := "ca-id" // The id of the CA to be deleted.
ctx := context.Background()
caClient, err := privateca.NewCertificateAuthorityClient(ctx)
if err != nil {
return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
}
defer caClient.Close()
fullCaName := fmt.Sprintf("projects/%s/locations/%s/caPools/%s/certificateAuthorities/%s",
projectId, location, caPoolId, caId)
// Check if the CA is disabled or staged.
// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#GetCertificateAuthorityRequest.
caReq := &privatecapb.GetCertificateAuthorityRequest{Name: fullCaName}
caResp, err := caClient.GetCertificateAuthority(ctx, caReq)
if err != nil {
return fmt.Errorf("GetCertificateAuthority failed: %w", err)
}
if caResp.State != privatecapb.CertificateAuthority_DISABLED &&
caResp.State != privatecapb.CertificateAuthority_STAGED {
return fmt.Errorf("you can only delete disabled or staged Certificate Authorities. %s is not disabled", caId)
}
// Create the DeleteCertificateAuthorityRequest.
// Setting the IgnoreActiveCertificates to True will delete the CA
// even if it contains active certificates. Care should be taken to re-anchor
// the certificates to new CA before deleting.
// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#DeleteCertificateAuthorityRequest.
req := &privatecapb.DeleteCertificateAuthorityRequest{
Name: fullCaName,
IgnoreActiveCertificates: false,
}
op, err := caClient.DeleteCertificateAuthority(ctx, req)
if err != nil {
return fmt.Errorf("DeleteCertificateAuthority failed: %w", err)
}
if caResp, err = op.Wait(ctx); err != nil {
return fmt.Errorf("DeleteCertificateAuthority failed during wait: %w", err)
}
if caResp.State != privatecapb.CertificateAuthority_DELETED {
return fmt.Errorf("unable to delete Certificate Authority. Current state: %s", caResp.State.String())
}
fmt.Fprintf(w, "Successfully deleted Certificate Authority: %s.", caId)
return nil
}
Java
如需向 CA Service 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CertificateAuthority.State;
import com.google.cloud.security.privateca.v1.CertificateAuthorityName;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest;
import com.google.longrunning.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
public class DeleteCertificateAuthority {
public static void main(String[] args)
throws InterruptedException, ExecutionException, IOException {
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// poolId: The id of the CA pool under which the CA is present.
// certificateAuthorityName: The name of the CA to be deleted.
String project = "your-project-id";
String location = "ca-location";
String poolId = "ca-pool-id";
String certificateAuthorityName = "certificate-authority-name";
deleteCertificateAuthority(project, location, poolId, certificateAuthorityName);
}
// Delete the Certificate Authority from the specified CA pool.
// Before deletion, the CA must be disabled and must not contain any active certificates.
public static void deleteCertificateAuthority(
String project, String location, String poolId, String certificateAuthorityName)
throws IOException, ExecutionException, InterruptedException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the `certificateAuthorityServiceClient.close()` method on the client to safely
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {
// Create the Certificate Authority Name.
CertificateAuthorityName certificateAuthorityNameParent =
CertificateAuthorityName.newBuilder()
.setProject(project)
.setLocation(location)
.setCaPool(poolId)
.setCertificateAuthority(certificateAuthorityName)
.build();
// Check if the CA is enabled.
State caState =
certificateAuthorityServiceClient
.getCertificateAuthority(certificateAuthorityNameParent)
.getState();
if (caState == State.ENABLED) {
System.out.println(
"Please disable the Certificate Authority before deletion ! Current state: " + caState);
return;
}
// Create the DeleteCertificateAuthorityRequest.
// Setting the setIgnoreActiveCertificates() to true, will delete the CA
// even if it contains active certificates. Care should be taken to re-anchor
// the certificates to new CA before deleting.
DeleteCertificateAuthorityRequest deleteCertificateAuthorityRequest =
DeleteCertificateAuthorityRequest.newBuilder()
.setName(certificateAuthorityNameParent.toString())
.setIgnoreActiveCertificates(false)
.build();
// Delete the Certificate Authority.
ApiFuture<Operation> futureCall =
certificateAuthorityServiceClient
.deleteCertificateAuthorityCallable()
.futureCall(deleteCertificateAuthorityRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while deleting Certificate Authority !" + response.getError());
return;
}
// Check if the CA has been deleted.
caState =
certificateAuthorityServiceClient
.getCertificateAuthority(certificateAuthorityNameParent)
.getState();
if (caState == State.DELETED) {
System.out.println(
"Successfully deleted Certificate Authority : " + certificateAuthorityName);
} else {
System.out.println(
"Unable to delete Certificate Authority. Please try again ! Current state: " + caState);
}
}
}
}
Python
如需向 CA Service 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.security.privateca_v1 as privateca_v1
def delete_certificate_authority(
project_id: str, location: str, ca_pool_name: str, ca_name: str
) -> None:
"""
Delete the Certificate Authority from the specified CA pool.
Before deletion, the CA must be disabled and must not contain any active certificates.
Args:
project_id: project ID or project number of the Cloud project you want to use.
location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
ca_pool_name: the name of the CA pool under which the CA is present.
ca_name: the name of the CA to be deleted.
"""
caServiceClient = privateca_v1.CertificateAuthorityServiceClient()
ca_path = caServiceClient.certificate_authority_path(
project_id, location, ca_pool_name, ca_name
)
# Check if the CA is enabled.
ca_state = caServiceClient.get_certificate_authority(name=ca_path).state
if ca_state != privateca_v1.CertificateAuthority.State.DISABLED:
print(
"Please disable the Certificate Authority before deletion ! Current state:",
ca_state,
)
raise RuntimeError(
f"You can only delete disabled Certificate Authorities. "
f"{ca_name} is not disabled!"
)
# Create the DeleteCertificateAuthorityRequest.
# Setting the ignore_active_certificates to True will delete the CA
# even if it contains active certificates. Care should be taken to re-anchor
# the certificates to new CA before deleting.
request = privateca_v1.DeleteCertificateAuthorityRequest(
name=ca_path, ignore_active_certificates=False
)
# Delete the Certificate Authority.
operation = caServiceClient.delete_certificate_authority(request=request)
result = operation.result()
print("Operation result", result)
# Get the current CA state.
ca_state = caServiceClient.get_certificate_authority(name=ca_path).state
# Check if the CA has been deleted.
if ca_state == privateca_v1.CertificateAuthority.State.DELETED:
print("Successfully deleted Certificate Authority:", ca_name)
else:
print(
"Unable to delete Certificate Authority. Please try again ! Current state:",
ca_state,
)
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。