NAME
    gcloud privateca subordinates delete - delete a subordinate certificate
        authority

SYNOPSIS
    gcloud privateca subordinates delete
        (CERTIFICATE_AUTHORITY : --location=LOCATION --pool=POOL)
        [--ignore-active-certificates] [--ignore-dependent-resources]
        [--skip-grace-period] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Delete a Subordinate Certificate Authority. Deleted Subordinate Certificate
    Authorities may be recovered with the gcloud privateca subordinates
    undelete command within a grace period of 30 days.

    Use the --skip-grace-period flag to delete as soon as possible without the
    30-day grace period to undelete.

    Note that any user-managed KMS keys or Google Cloud Storage buckets will
    not be affected by this operation. You will need to delete the user-
    managed resources separately once the CA is deleted. Any Google-managed
    resources will be cleaned up.

    The CA specified in this command MUST:

        1) be in the DISABLED or STAGED state.
        2) have no un-revoked or un-expired certificates. Use the revoke command
           to revoke any active certificates.

    Use the --ignore-active-certificates flag to remove 2) as a requirement.

EXAMPLES
    To delete a subordinate CA:

        $ gcloud privateca subordinates delete server-tls-1 --pool=my-pool \
            --location=us-west1

    To delete a CA while skipping the confirmation input:

        $ gcloud privateca subordinates delete server-tls-1s \
            --pool=my-pool --location=us-west1 --quiet

    To undo the deletion for a subordinate CA:

        $ gcloud privateca subordinates undelete server-tls-1 \
            --pool=my-pool --location=us-west1

POSITIONAL ARGUMENTS
     CERTIFICATE AUTHORITY resource - The certificate authority to delete. The
     arguments in this group can be used to specify the attributes of this
     resource. (NOTE) Some attributes are not given arguments in this group but
     can be set in other ways.

     To set the project attribute:
      ◆ provide the argument CERTIFICATE_AUTHORITY on the command line with a
        fully specified name;
      ◆ provide the argument --project on the command line;
      ◆ set the property core/project.

     This must be specified.

       CERTIFICATE_AUTHORITY
          ID of the CERTIFICATE_AUTHORITY or fully qualified identifier for the
          CERTIFICATE_AUTHORITY.

          To set the certificate_authority attribute:
          ▸ provide the argument CERTIFICATE_AUTHORITY on the command line.

          This positional argument must be specified if any of the other
          arguments in this group are specified.

       --location=LOCATION
          The location of the CERTIFICATE_AUTHORITY.

          To set the location attribute:
          ▸ provide the argument CERTIFICATE_AUTHORITY on the command line
            with a fully specified name;
          ▸ provide the argument --location on the command line;
          ▸ set the property privateca/location.

       --pool=POOL
          The parent CA Pool of the CERTIFICATE_AUTHORITY.

          To set the pool attribute:
          ▸ provide the argument CERTIFICATE_AUTHORITY on the command line
            with a fully specified name;
          ▸ provide the argument --pool on the command line.

FLAGS
     --ignore-active-certificates
        If this flag is set, the Certificate Authority will be deleted even if
        the Certificate Authority has un-revoked or un-expired certificates
        after the grace period.

     --ignore-dependent-resources
        This field skips the integrity check that would normally prevent
        breaking a CA Pool if it is used by another cloud resource and allows
        the CA Pool to be in a state where it is not able to issue
        certificates. Doing so may result in unintended and unrecoverable
        effects on any dependent resource(s) since the CA Pool would not be
        able to issue certificates.

     --skip-grace-period
        If this flag is set, the Certificate Authority will be deleted as soon
        as possible without a 30-day grace period where undeletion would have
        been allowed. If you proceed, there will be no way to recover this CA.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.
