Erstellen Sie eine Monitoring-Richtlinie, die 30 Tage vor Ablauf einer verwalteten Zertifizierungsstelle benachrichtigt wird.
Codebeispiel
Java
Richten Sie für die Authentifizierung beim CA Service Standardanmeldedaten für Anwendungen ein. Weitere Informationen finden Sie unter Authentifizierung für eine lokale Entwicklungsumgebung einrichten.
import com.google.cloud.monitoring.v3.AlertPolicyServiceClient;
import com.google.cloud.monitoring.v3.NotificationChannelServiceClient;
import com.google.monitoring.v3.AlertPolicy;
import com.google.monitoring.v3.AlertPolicy.Condition;
import com.google.monitoring.v3.AlertPolicy.Condition.MonitoringQueryLanguageCondition;
import com.google.monitoring.v3.AlertPolicy.ConditionCombinerType;
import com.google.monitoring.v3.NotificationChannel;
import com.google.monitoring.v3.ProjectName;
import java.io.IOException;
public class MonitorCertificateAuthority {
public static final String POLICY_NAME = "policy-name";
public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
String project = "your-project-id";
createCaMonitoringPolicy(project);
}
// Creates a monitoring policy that notifies you 30 days before a managed CA expires.
public static String createCaMonitoringPolicy(String project) throws IOException {
/* Initialize client that will be used to send requests. This client only needs to be created
once, and can be reused for multiple requests. After completing all of your requests, call
the `client.close()` method on the client to safely
clean up any remaining background resources. */
try (AlertPolicyServiceClient client = AlertPolicyServiceClient.create();
NotificationChannelServiceClient notificationClient =
NotificationChannelServiceClient.create()) {
/* Query which indicates the resource to monitor and the constraints.
Here, the alert policy notifies you 30 days before a managed CA expires.
For more info on creating queries, see: https://cloud.google.com/monitoring/mql/alerts */
String query =
"fetch privateca.googleapis.com/CertificateAuthority"
+ "| metric 'privateca.googleapis.com/ca/cert_chain_expiration'"
+ "| group_by 5m,"
+ "[value_cert_chain_expiration_mean: mean(value.cert_chain_expiration)]"
+ "| every 5m"
+ "| condition val() < 2.592e+06 's'";
// Create a notification channel.
NotificationChannel notificationChannel =
NotificationChannel.newBuilder()
.setType("email")
.putLabels("email_address", "java-docs-samples-testing@google.com")
.build();
NotificationChannel channel =
notificationClient.createNotificationChannel(
ProjectName.of(project), notificationChannel);
// Set the query and notification channel.
AlertPolicy alertPolicy =
AlertPolicy.newBuilder()
.setDisplayName(POLICY_NAME)
.addConditions(
Condition.newBuilder()
.setDisplayName("ca-cert-chain-expiration")
.setConditionMonitoringQueryLanguage(
MonitoringQueryLanguageCondition.newBuilder().setQuery(query).build())
.build())
.setCombiner(ConditionCombinerType.AND)
.addNotificationChannels(channel.getName())
.build();
AlertPolicy policy = client.createAlertPolicy(ProjectName.of(project), alertPolicy);
System.out.println("Monitoring policy successfully created !" + policy.getName());
return policy.getName();
}
}
}Python
Richten Sie für die Authentifizierung beim CA Service Standardanmeldedaten für Anwendungen ein. Weitere Informationen finden Sie unter Authentifizierung für eine lokale Entwicklungsumgebung einrichten.
import google.cloud.monitoring_v3 as monitoring_v3
def create_ca_monitor_policy(project_id: str) -> None:
"""
Create a monitoring policy that notifies you 30 days before a managed CA expires.
Args:
project_id: project ID or project number of the Cloud project you want to use.
"""
alertPolicyServiceClient = monitoring_v3.AlertPolicyServiceClient()
notificationChannelServiceClient = monitoring_v3.NotificationChannelServiceClient()
# Query which indicates the resource to monitor and the constraints.
# Here, the alert policy notifies you 30 days before a managed CA expires.
# For more information on creating queries, see: https://cloud.google.com/monitoring/mql/alerts
query = (
"fetch privateca.googleapis.com/CertificateAuthority"
"| metric 'privateca.googleapis.com/ca/cert_chain_expiration'"
"| group_by 5m,"
"[value_cert_chain_expiration_mean: mean(value.cert_chain_expiration)]"
"| every 5m"
"| condition val() < 2.592e+06 's'"
)
# Create a notification channel.
notification_channel = monitoring_v3.NotificationChannel(
type_="email",
labels={"email_address": "python-docs-samples-testing@google.com"},
)
channel = notificationChannelServiceClient.create_notification_channel(
name=notificationChannelServiceClient.common_project_path(project_id),
notification_channel=notification_channel,
)
# Set the query and notification channel.
alert_policy = monitoring_v3.AlertPolicy(
display_name="policy-name",
conditions=[
monitoring_v3.AlertPolicy.Condition(
display_name="ca-cert-chain-expiration",
condition_monitoring_query_language=monitoring_v3.AlertPolicy.Condition.MonitoringQueryLanguageCondition(
query=query,
),
)
],
combiner=monitoring_v3.AlertPolicy.ConditionCombinerType.AND,
notification_channels=[channel.name],
)
policy = alertPolicyServiceClient.create_alert_policy(
name=notificationChannelServiceClient.common_project_path(project_id),
alert_policy=alert_policy,
)
print("Monitoring policy successfully created!", policy.name)
Nächste Schritte
Informationen zum Suchen und Filtern von Codebeispielen für andere Google Cloud-Produkte finden Sie im Google Cloud-Beispielbrowser.