feat(fixit): Adding privateca/ca_pool samples (GoogleCloudPlatform#3068)

rsamborski · telpirion · kweinmeister · web-flow · commit eecf9fba335c · 2023-05-17T15:47:19.000Z
* feat(fixit): Adding privateca/ca_pool samples

Co-authored-by: Eric Schmidt &lt;erschmid@google.com&gt;
Co-authored-by: Karl Weinmeister &lt;11586922+kweinmeister@users.noreply.github.com&gt;
Co-authored-by: Gleb Otochkin &lt;gleb.otochkin@gmail.com&gt;
Co-authored-by: yucentao &lt;yucentao@google.com&gt;
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -63,6 +63,7 @@
 /iam/                                  @GoogleCloudPlatform/go-samples-reviewers @GoogleCloudPlatform/dee-infra
 /iap/                                  @GoogleCloudPlatform/go-samples-reviewers @GoogleCloudPlatform/dee-infra
 /kms/                                  @GoogleCloudPlatform/go-samples-reviewers @GoogleCloudPlatform/dee-infra
+/privateca/                            @GoogleCloudPlatform/go-samples-reviewers @GoogleCloudPlatform/dee-infra
 /securitycenter/                       @GoogleCloudPlatform/go-samples-reviewers @GoogleCloudPlatform/dee-infra
 /secretmanager/                        @GoogleCloudPlatform/go-samples-reviewers @GoogleCloudPlatform/dee-infra
 /mediacdn/                             @GoogleCloudPlatform/go-samples-reviewers @GoogleCloudPlatform/dee-infra @justin-mp
diff --git a/.github/blunderbuss.yml b/.github/blunderbuss.yml
@@ -53,6 +53,17 @@ assign_issues_by:
   - 'api: dlp'
   to:
   - GoogleCloudPlatform/googleapis-dlp
+- labels:
+  - "api: batch"
+  - "api: compute"
+  - "api: cloudkms"
+  - "api: iam"
+  - "api: kms"
+  - "api: privateca"
+  - "api: secretmanager"
+  - "api: securitycenter"
+  to:
+  - GoogleCloudPlatform/dee-infra
 
 assign_prs_by:
 - labels:
@@ -74,3 +85,14 @@ assign_prs_by:
   - 'api: dlp'
   to:
   - GoogleCloudPlatform/googleapis-dlp
+- labels:
+  - "api: batch"
+  - "api: compute"
+  - "api: cloudkms"
+  - "api: iam"
+  - "api: kms"
+  - "api: privateca"
+  - "api: secretmanager"
+  - "api: securitycenter"
+  to:
+  - GoogleCloudPlatform/dee-infra
diff --git a/.gitignore b/.gitignore
@@ -35,3 +35,5 @@
 testing/kokoro/test-env.sh
 .envrc
 .DS_Store
+go.work
+go.work.sum
diff --git a/privateca/create_ca_pool.go b/privateca/create_ca_pool.go
@@ -0,0 +1,69 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package snippets
+
+// [START privateca_create_ca_pool]
+import (
+	"context"
+	"fmt"
+	"io"
+
+	privateca "cloud.google.com/go/security/privateca/apiv1"
+	"cloud.google.com/go/security/privateca/apiv1/privatecapb"
+)
+
+// Create a Certificate Authority pool. All certificates created under this CA pool will
+// follow the same issuance policy, IAM policies, etc.
+func createCaPool(w io.Writer, projectID string, location string, caPoolId string) error {
+	// projectID := "your_project_id"
+	// location := "us-central1"	// For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
+	// caPoolId := "ca-pool-id"		// A unique id/name for the ca pool.
+
+	ctx := context.Background()
+	caClient, err := privateca.NewCertificateAuthorityClient(ctx)
+	if err != nil {
+		return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
+	}
+	defer caClient.Close()
+
+	caPool := &privatecapb.CaPool{
+		// Set the tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers).
+		Tier: privatecapb.CaPool_ENTERPRISE,
+	}
+
+	locationPath := fmt.Sprintf("projects/%s/locations/%s", projectID, location)
+
+	// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#CreateCaPoolRequest.
+	req := &privatecapb.CreateCaPoolRequest{
+		Parent:   locationPath,
+		CaPoolId: caPoolId,
+		CaPool:   caPool,
+	}
+
+	op, err := caClient.CreateCaPool(ctx, req)
+	if err != nil {
+		return fmt.Errorf("CreateCaPool failed: %w", err)
+	}
+
+	if _, err = op.Wait(ctx); err != nil {
+		return fmt.Errorf("CreateCaPool failed during wait: %w", err)
+	}
+
+	fmt.Fprintf(w, "CA Pool created")
+
+	return nil
+}
+
+// [END privateca_create_ca_pool]
diff --git a/privateca/delete_ca_pool.go b/privateca/delete_ca_pool.go
@@ -0,0 +1,62 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package snippets
+
+// [START privateca_delete_ca_pool]
+import (
+	"context"
+	"fmt"
+	"io"
+
+	privateca "cloud.google.com/go/security/privateca/apiv1"
+	"cloud.google.com/go/security/privateca/apiv1/privatecapb"
+)
+
+// Delete the CA pool as mentioned by the ca_pool_name.
+// Before deleting the pool, all CAs in the pool MUST BE deleted.
+func deleteCaPool(w io.Writer, projectID string, location string, caPoolId string) error {
+	// projectID := "your_project_id"
+	// location := "us-central1"	// For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
+	// caPoolId := "ca-pool-id"		// A unique id/name for the ca pool.
+
+	ctx := context.Background()
+	caClient, err := privateca.NewCertificateAuthorityClient(ctx)
+	if err != nil {
+		return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
+	}
+	defer caClient.Close()
+
+	fullCaPoolName := fmt.Sprintf("projects/%s/locations/%s/caPools/%s", projectID, location, caPoolId)
+
+	// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#DeleteCaPoolRequest.
+	req := &privatecapb.DeleteCaPoolRequest{
+		Name: fullCaPoolName,
+	}
+
+	op, err := caClient.DeleteCaPool(ctx, req)
+	if err != nil {
+		return fmt.Errorf("DeleteCaPool failed: %w", err)
+	}
+
+	if err = op.Wait(ctx); err != nil {
+		return fmt.Errorf("DeleteCaPool failed during wait: %w", err)
+	}
+
+	fmt.Fprintf(w, "CA Pool deleted")
+
+	return nil
+}
+
+// [END privateca_delete_ca_pool]
diff --git a/privateca/go.mod b/privateca/go.mod
@@ -0,0 +1,36 @@
+module github.com/GoogleCloudPlatform/golang-samples/privateca
+
+go 1.19
+
+require (
+	cloud.google.com/go/security v1.14.1
+	github.com/GoogleCloudPlatform/golang-samples v0.0.0-20230517040748-5b807c48c3ca
+	google.golang.org/api v0.122.0
+)
+
+require (
+	cloud.google.com/go v0.110.0 // indirect
+	cloud.google.com/go/compute v1.19.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v0.13.0 // indirect
+	cloud.google.com/go/longrunning v0.4.1 // indirect
+	cloud.google.com/go/storage v1.30.1 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/s2a-go v0.1.3 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
+	github.com/googleapis/gax-go/v2 v2.8.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.7.0 // indirect
+	golang.org/x/net v0.9.0 // indirect
+	golang.org/x/oauth2 v0.7.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+	google.golang.org/grpc v1.55.0 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
+)
diff --git a/privateca/go.sum b/privateca/go.sum
diff --git a/privateca/privateca_test.go b/privateca/privateca_test.go
