Borra un grupo de CA

En esta página, se explica cómo borrar un grupo de entidades certificadoras.

Solo puedes borrar un grupo de CA después de haber borrado de forma permanente todas las CA que contiene. El Servicio de CA borra permanentemente una CA después de un período de gracia de 30 días desde que se inicia el proceso de eliminación. Para obtener más información, consulta Borra CAs.

Para borrar un grupo de CA, usa las siguientes instrucciones.

Console

  1. Ve a la página Certificate Authority Service en la consola de Google Cloud .

    2. Ir a Certificate Authority Service

  2. Haz clic en la pestaña Administrador de grupos de CA.
  3. En la lista de grupos de CA, selecciona el que deseas borrar.
  4. Haz clic en Borrar.
    5. Borra un grupo de CA de forma permanente.
  5. En el cuadro de diálogo que se abre, haz clic en Confirmar.

gcloud

Ejecuta el siguiente comando:

gcloud privateca pools delete POOL_ID --location=LOCATION

Reemplaza lo siguiente:

  • POOL_ID: Es el nombre del grupo de AC que deseas borrar.
  • LOCATION: Es la ubicación del grupo de AC. Para obtener la lista completa de ubicaciones, consulta Ubicaciones.

Para obtener más información sobre el comando gcloud privateca pools delete, consulta gcloud privateca pools delete.

Go

Para autenticarte en CA Service, configura las credenciales predeterminadas de la aplicación. Si deseas obtener más información, consulta Configura la autenticación para un entorno de desarrollo local. 

import (
	"context"
	"fmt"
	"io"

	privateca "cloud.google.com/go/security/privateca/apiv1"
	"cloud.google.com/go/security/privateca/apiv1/privatecapb"
)

// Delete the CA pool as mentioned by the ca_pool_name.
// Before deleting the pool, all CAs in the pool MUST BE deleted.
func deleteCaPool(w io.Writer, projectId string, location string, caPoolId string) error {
	// projectId := "your_project_id"
	// location := "us-central1"	// For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
	// caPoolId := "ca-pool-id"		// A unique id/name for the ca pool.

	ctx := context.Background()
	caClient, err := privateca.NewCertificateAuthorityClient(ctx)
	if err != nil {
		return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
	}
	defer caClient.Close()

	fullCaPoolName := fmt.Sprintf("projects/%s/locations/%s/caPools/%s", projectId, location, caPoolId)

	// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#DeleteCaPoolRequest.
	req := &privatecapb.DeleteCaPoolRequest{
		Name: fullCaPoolName,
	}

	op, err := caClient.DeleteCaPool(ctx, req)
	if err != nil {
		return fmt.Errorf("DeleteCaPool failed: %w", err)
	}

	if err = op.Wait(ctx); err != nil {
		return fmt.Errorf("DeleteCaPool failed during wait: %w", err)
	}

	fmt.Fprintf(w, "CA Pool deleted")

	return nil
}

Java

Para autenticarte en CA Service, configura las credenciales predeterminadas de la aplicación. Si deseas obtener más información, consulta Configura la autenticación para un entorno de desarrollo local. 


import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CaPoolName;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.DeleteCaPoolRequest;
import com.google.longrunning.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeoutException;

public class DeleteCaPool {

  public static void main(String[] args)
      throws InterruptedException, ExecutionException, IOException, TimeoutException {
    // TODO(developer): Replace these variables before running the sample.
    // location: For a list of locations, see:
    // https://cloud.google.com/certificate-authority-service/docs/locations
    // poolId: The id of the CA pool to be deleted.
    String project = "your-project-id";
    String location = "ca-location";
    String poolId = "ca-pool-id";
    deleteCaPool(project, location, poolId);
  }

  // Delete the CA pool as mentioned by the poolId.
  // Before deleting the pool, all CAs in the pool MUST BE deleted.
  public static void deleteCaPool(String project, String location, String poolId)
      throws InterruptedException, ExecutionException, IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the `certificateAuthorityServiceClient.close()` method on the client to safely
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
        CertificateAuthorityServiceClient.create()) {

      // Set the project, location and poolId to delete.
      CaPoolName caPool =
          CaPoolName.newBuilder()
              .setProject(project)
              .setLocation(location)
              .setCaPool(poolId)
              .build();

      // Create the Delete request.
      DeleteCaPoolRequest deleteCaPoolRequest =
          DeleteCaPoolRequest.newBuilder().setName(caPool.toString()).build();

      // Delete the CA Pool.
      ApiFuture<Operation> futureCall =
          certificateAuthorityServiceClient.deleteCaPoolCallable().futureCall(deleteCaPoolRequest);
      Operation response = futureCall.get();

      if (response.hasError()) {
        System.out.println("Error while deleting CA pool !" + response.getError());
        return;
      }

      System.out.println("Deleted CA Pool: " + poolId);
    }
  }
}

Python

Para autenticarte en CA Service, configura las credenciales predeterminadas de la aplicación. Si deseas obtener más información, consulta Configura la autenticación para un entorno de desarrollo local. 

import google.cloud.security.privateca_v1 as privateca_v1


def delete_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None:
    """
    Delete the CA pool as mentioned by the ca_pool_name.
    Before deleting the pool, all CAs in the pool MUST BE deleted.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
        ca_pool_name: the name of the CA pool to be deleted.
    """

    caServiceClient = privateca_v1.CertificateAuthorityServiceClient()

    ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name)

    # Create the Delete request.
    request = privateca_v1.DeleteCaPoolRequest(name=ca_pool_path)

    # Delete the CA Pool.
    caServiceClient.delete_ca_pool(request=request)

    print("Deleted CA Pool:", ca_pool_name)

¿Qué sigue?