文档首页/ 云容器引擎 CCE/ API参考/ API/ 集群管理/ 吊销用户的集群证书
更新时间:2024-11-06 GMT+08:00

吊销用户的集群证书

功能介绍

该API用于吊销指定集群的用户证书

吊销操作完成后,此证书申请人之前下载的证书和 kubectl 配置文件无法再用于连接集群。此证书申请人可以重新下载证书或 kubectl 配置文件,并使用新下载的文件连接集群

接口约束

吊销用户集群证书首先需要获取用户ID,如何获取 ID:

  • 方式一:如果您可以获取到此证书申请人下载的证书,证书的通用名称 (CN - Common Name) 即所需 ID。

  • 方式二:如果您无法获取到此证书申请人下载的证书,您可以通过云审计服务查询删除用户 (deleteUser)、删除委托 (deleteAgency) 的事件,事件对应的资源 ID 分别是已删除用户、已删除委托账号的 ID。

    如果使用上述方式均无法获取到所需 ID,请提交工单联系运维人员处理。

调用方法

请参见如何调用API

URI

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercertrevoke

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

参数解释:

项目ID,获取方式请参见如何获取接口URI中参数

约束限制:

不涉及

取值范围:

账号的项目ID

默认取值:

不涉及

cluster_id

String

参数解释:

集群ID,获取方式请参见如何获取接口URI中参数

约束限制:

不涉及

取值范围:

集群ID

默认取值:

不涉及

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

Content-Type

String

参数解释:

消息体的类型(格式)

约束限制:

GET方法不做校验

取值范围:

  • application/json

  • application/json;charset=utf-8

  • application/x-pem-file

默认取值:

不涉及

X-Auth-Token

String

参数解释:

调用接口的认证方式分为Token和AK/SK两种,如果您使用的Token方式,此参数为必填,请填写Token的值,获取方式请参见获取token

约束限制:

不涉及

取值范围:

不涉及

默认取值:

不涉及

表3 请求Body参数

参数

是否必选

参数类型

描述

userId

String

用户ID

agencyId

String

委托用户ID

响应参数

请求示例

POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercertrevoke

{
  "userId" : "537e7a3bd**********6c5657fd908ff"
}

响应示例

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cce.v3.region.CceRegion;
import com.huaweicloud.sdk.cce.v3.*;
import com.huaweicloud.sdk.cce.v3.model.*;


public class RevokeKubernetesClusterCertSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CceClient client = CceClient.newBuilder()
                .withCredential(auth)
                .withRegion(CceRegion.valueOf("<YOUR REGION>"))
                .build();
        RevokeKubernetesClusterCertRequest request = new RevokeKubernetesClusterCertRequest();
        request.withClusterId("{cluster_id}");
        CertRevokeConfigRequestBody body = new CertRevokeConfigRequestBody();
        body.withUserId("537e7a3bd**********6c5657fd908ff");
        request.withBody(body);
        try {
            RevokeKubernetesClusterCertResponse response = client.revokeKubernetesClusterCert(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcce.v3.region.cce_region import CceRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcce.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CceClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CceRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = RevokeKubernetesClusterCertRequest()
        request.cluster_id = "{cluster_id}"
        request.body = CertRevokeConfigRequestBody(
            user_id="537e7a3bd**********6c5657fd908ff"
        )
        response = client.revoke_kubernetes_cluster_cert(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cce "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cce/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := cce.NewCceClient(
        cce.CceClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.RevokeKubernetesClusterCertRequest{}
	request.ClusterId = "{cluster_id}"
	userIdCertRevokeConfigRequestBody:= "537e7a3bd**********6c5657fd908ff"
	request.Body = &model.CertRevokeConfigRequestBody{
		UserId: &userIdCertRevokeConfigRequestBody,
	}
	response, err := client.RevokeKubernetesClusterCert(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

吊销用户集群证书成功

错误码

请参见错误码