Updated on 2025-07-07 GMT+08:00

Revoking a Cluster Certificate of a User

Function

This API is used to revoke a certificate of a specified cluster.

Once the cluster certificate is revoked, the certificate applicant will no longer be able to use the downloaded certificate and kubectl configuration files to access the cluster. However, the applicant can simply download the files again and use the newly downloaded ones to regain access.

Constraints

Before revoking a cluster certificate, you need to get the user ID, which can be obtained in either of the following ways:

  • Method 1: Obtain the certificate downloaded by the applicant. The name (CN - Common Name) of the certificate is the required user ID.

  • Method 2: If you cannot obtain the certificate downloaded by the applicant, use CTS to obtain the events of deleting a user (deleteUser) and deleting an agency (deleteAgency). The resource IDs of the events are the IDs of the deleted user and delegated account, respectively.

If the ID still cannot be obtained, submit a service ticket.

URI

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercertrevoke

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Details:

Project ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI.

Constraints:

None

Options:

Project IDs of the account

Default value:

N/A

cluster_id

Yes

String

Details:

Cluster ID. For details about how to obtain the value, see How to Obtain Parameters in the API URI.

Constraints:

None

Options:

Cluster IDs

Default value:

N/A

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

Content-Type

Yes

String

Details:

The request body type or format

Constraints:

The GET method is not verified.

Options:

  • application/json

  • application/json;charset=utf-8

  • application/x-pem-file

  • multipart/form-data (used when the FormData parameter is present)

Default value:

N/A

X-Auth-Token

Yes

String

Details:

Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details, see Obtaining a User Token.

Constraints:

None

Options:

N/A

Default value:

N/A

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

userId

No

String

User ID

agencyId

No

String

Agency ID

Response Parameters

Status code: 200

A user cluster certificate has been revoked.

None

Example Requests

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercertrevoke

{
  "userId" : "537e7a3bd**********6c5657fd908ff"
}

Example Responses

None

Status Codes

Status Code

Description

200

A user cluster certificate has been revoked.

Error Codes

See Error Codes.