feat: Etags in Secret Manager (#253)

* feat: Etags in Secret Manager Users can now use etags for optimistic concurrency control when modifying Secret or SecretVersion. PiperOrigin-RevId: 373836373 Source-Link: googleapis/googleapis@bff8074 Source-Link: googleapis/googleapis-gen@174c036 * 🦉 Updates from OwlBot * 🦉 Updates from OwlBot Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: sofisl <55454395+sofisl@users.noreply.github.com>
googleapis · May 24, 2021 · d4db4cb · d4db4cb
1 parent c572571
commit d4db4cb
Show file tree

Hide file tree

Showing 6 changed files with 283 additions and 17 deletions.
diff --git a/packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/resources.proto b/packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/resources.proto
@@ -91,6 +91,9 @@ message Secret {
  google.protobuf.Duration ttl = 7 [(google.api.field_behavior) = INPUT_ONLY];
  }
 
+ // Optional. Etag of the currently stored [Secret][google.cloud.secretmanager.v1.Secret].
+ string etag = 8 [(google.api.field_behavior) = OPTIONAL];
+
  // Optional. Rotation policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. May be excluded if there is no
  // rotation policy.
  Rotation rotation = 9 [(google.api.field_behavior) = OPTIONAL];
@@ -141,6 +144,9 @@ message SecretVersion {
 
  // The replication status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
  ReplicationStatus replication_status = 5;
+
+ // Output only. Etag of the currently stored [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+ string etag = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
 // A policy that defines the replication and encryption configuration of data.
@@ -286,7 +292,9 @@ message Topic {
 // Manager will send a Pub/Sub notification to the topics configured on the
 // Secret. [Secret.topics][google.cloud.secretmanager.v1.Secret.topics] must be set to configure rotation.
 message Rotation {
- // Optional. Timestamp in UTC at which the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to rotate.
+ // Optional. Timestamp in UTC at which the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to rotate. Cannot be
+ // set to less than 300s (5 min) in the future and at most 3153600000s (100
+ // years).
  //
  // [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] MUST be set if [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] is set.
  google.protobuf.Timestamp next_rotation_time = 1 [(google.api.field_behavior) = OPTIONAL];

diff --git a/packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/service.proto b/packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/service.proto
@@ -110,8 +110,8 @@ service SecretManagerService {
 
  // Gets metadata for a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
  //
- // `projects/*/secrets/*/versions/latest` is an alias to the `latest`
- // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+ // `projects/*/secrets/*/versions/latest` is an alias to the most recently
+ // created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
  rpc GetSecretVersion(GetSecretVersionRequest) returns (SecretVersion) {
  option (google.api.http) = {
  get: "/v1/{name=projects/*/secrets/*/versions/*}"
@@ -121,8 +121,8 @@ service SecretManagerService {
 
  // Accesses a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. This call returns the secret data.
  //
- // `projects/*/secrets/*/versions/latest` is an alias to the `latest`
- // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+ // `projects/*/secrets/*/versions/latest` is an alias to the most recently
+ // created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
  rpc AccessSecretVersion(AccessSecretVersionRequest) returns (AccessSecretVersionResponse) {
  option (google.api.http) = {
  get: "/v1/{name=projects/*/secrets/*/versions/*}:access"
@@ -325,8 +325,9 @@ message ListSecretVersionsResponse {
 message GetSecretVersionRequest {
  // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format
  // `projects/*/secrets/*/versions/*`.
- // `projects/*/secrets/*/versions/latest` is an alias to the `latest`
- // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+ //
+ // `projects/*/secrets/*/versions/latest` is an alias to the most recently
+ // created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
  string name = 1 [
  (google.api.field_behavior) = REQUIRED,
  (google.api.resource_reference) = {
@@ -348,6 +349,9 @@ message UpdateSecretRequest {
 message AccessSecretVersionRequest {
  // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format
  // `projects/*/secrets/*/versions/*`.
+ //
+ // `projects/*/secrets/*/versions/latest` is an alias to the most recently
+ // created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
  string name = 1 [
  (google.api.field_behavior) = REQUIRED,
  (google.api.resource_reference) = {
@@ -378,6 +382,11 @@ message DeleteSecretRequest {
  type: "secretmanager.googleapis.com/Secret"
  }
  ];
+
+ // Optional. Etag of the [Secret][google.cloud.secretmanager.v1.Secret]. The request succeeds if it matches
+ // the etag of the currently stored secret object. If the etag is omitted,
+ // the request succeeds.
+ string etag = 2 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DisableSecretVersion].
@@ -390,6 +399,11 @@ message DisableSecretVersionRequest {
  type: "secretmanager.googleapis.com/SecretVersion"
  }
  ];
+
+ // Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches
+ // the etag of the currently stored secret version object. If the etag is
+ // omitted, the request succeeds.
+ string etag = 2 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.EnableSecretVersion].
@@ -402,6 +416,11 @@ message EnableSecretVersionRequest {
  type: "secretmanager.googleapis.com/SecretVersion"
  }
  ];
+
+ // Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches
+ // the etag of the currently stored secret version object. If the etag is
+ // omitted, the request succeeds.
+ string etag = 2 [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DestroySecretVersion].
@@ -414,4 +433,9 @@ message DestroySecretVersionRequest {
  type: "secretmanager.googleapis.com/SecretVersion"
  }
  ];
+
+ // Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches
+ // the etag of the currently stored secret version object. If the etag is
+ // omitted, the request succeeds.
+ string etag = 2 [(google.api.field_behavior) = OPTIONAL];
 }
diff --git a/packages/google-cloud-secretmanager/protos/protos.d.ts b/packages/google-cloud-secretmanager/protos/protos.d.ts