Restore a deleted CA, if still within the grace period of 30 days.
Code sample
Java
import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CertificateAuthority.State;
import com.google.cloud.security.privateca.v1.CertificateAuthorityName;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest;
import com.google.longrunning.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
public class UndeleteCertificateAuthority {
public static void main(String[] args)
throws InterruptedException, ExecutionException, TimeoutException, IOException {
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// poolId: The id of the CA pool under which the deleted CA is present.
// certificateAuthorityName: The name of the CA to be restored (undeleted).
String project = "your-project-id";
String location = "ca-location";
String poolId = "ca-pool-id";
String certificateAuthorityName = "certificate-authority-name";
undeleteCertificateAuthority(project, location, poolId, certificateAuthorityName);
}
// Restore a deleted CA, if still within the grace period of 30 days.
public static void undeleteCertificateAuthority(
String project, String location, String poolId, String certificateAuthorityName)
throws IOException, ExecutionException, InterruptedException, TimeoutException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the `certificateAuthorityServiceClient.close()` method on the client to safely
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {
String certificateAuthorityParent =
CertificateAuthorityName.of(project, location, poolId, certificateAuthorityName)
.toString();
// Confirm if the CA is in DELETED stage.
if (getCurrentState(certificateAuthorityServiceClient, certificateAuthorityParent)
!= State.DELETED) {
System.out.println("CA is not deleted !");
return;
}
// Create the Request.
UndeleteCertificateAuthorityRequest undeleteCertificateAuthorityRequest =
UndeleteCertificateAuthorityRequest.newBuilder()
.setName(certificateAuthorityParent)
.build();
// Undelete the CA.
ApiFuture<Operation> futureCall =
certificateAuthorityServiceClient
.undeleteCertificateAuthorityCallable()
.futureCall(undeleteCertificateAuthorityRequest);
Operation response = futureCall.get(5, TimeUnit.SECONDS);
// CA state changes from DELETED to DISABLED if successfully restored.
// Confirm if the CA is DISABLED.
if (response.hasError()
|| getCurrentState(certificateAuthorityServiceClient, certificateAuthorityParent)
!= State.DISABLED) {
System.out.println(
"Unable to restore the Certificate Authority! Please try again !"
+ response.getError());
return;
}
// The CA will be in the DISABLED state. Enable before use.
System.out.println(
"Successfully restored the Certificate Authority ! " + certificateAuthorityName);
}
}
// Get the current state of CA.
private static State getCurrentState(
CertificateAuthorityServiceClient client, String certificateAuthorityParent) {
return client.getCertificateAuthority(certificateAuthorityParent).getState();
}
}
Python
import google.cloud.security.privateca_v1 as privateca_v1
def undelete_certificate_authority(
project_id: str, location: str, ca_pool_name: str, ca_name: str
) -> None:
"""
Restore a deleted CA, if still within the grace period of 30 days.
Args:
project_id: project ID or project number of the Cloud project you want to use.
location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
ca_pool_name: the name of the CA pool under which the deleted CA is present.
ca_name: the name of the CA to be restored (undeleted).
"""
caServiceClient = privateca_v1.CertificateAuthorityServiceClient()
ca_path = caServiceClient.certificate_authority_path(
project_id, location, ca_pool_name, ca_name
)
# Confirm if the CA is in DELETED stage.
ca_state = caServiceClient.get_certificate_authority(name=ca_path).state
if ca_state != privateca_v1.CertificateAuthority.State.DELETED:
print("CA is not deleted !")
return
# Create the Request.
request = privateca_v1.UndeleteCertificateAuthorityRequest(name=ca_path)
# Undelete the CA.
operation = caServiceClient.undelete_certificate_authority(request=request)
result = operation.result()
print("Operation result", result)
# Get the current CA state.
ca_state = caServiceClient.get_certificate_authority(name=ca_path).state
# CA state changes from DELETED to DISABLED if successfully restored.
# Confirm if the CA is DISABLED.
if ca_state == privateca_v1.CertificateAuthority.State.DISABLED:
print("Successfully undeleted Certificate Authority:", ca_name)
else:
print(
"Unable to restore the Certificate Authority! Please try again! Current state:",
ca_state,
)
What's next
To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.