From 409ca006f50193930ca06a6fa52aca4d5ad21dba Mon Sep 17 00:00:00 2001 From: Yash Saraf <45588765+YashSaraf11@users.noreply.github.com> Date: Wed, 25 Dec 2024 03:46:19 +0530 Subject: [PATCH] chore: Add regional code samples for Secret Manager (#28115) --- google-cloud-secret_manager/samples/README.md | 46 +- google-cloud-secret_manager/samples/Rakefile | 10 + .../access_regional_secret_version_test.rb | 27 + .../add_regional_secret_version_test.rb | 35 + .../acceptance/create_regional_secret_test.rb | 29 + .../acceptance/delete_regional_secret_test.rb | 34 + .../delete_regional_secret_with_etag_test.rb | 36 + .../destroy_regional_secret_version_test.rb | 33 + ..._regional_secret_version_with_etag_test.rb | 33 + .../disable_regional_secret_version_test.rb | 33 + ..._regional_secret_version_with_etag_test.rb | 33 + .../enable_regional_secret_version_test.rb | 34 + ..._regional_secret_version_with_etag_test.rb | 36 + .../acceptance/get_regional_secret_test.rb | 30 + .../get_regional_secret_version_test.rb | 30 + .../iam_grant_access_regional_test.rb | 39 + .../iam_revoke_access_regional_test.rb | 48 + .../list_regional_secret_versions_test.rb | 30 + ...gional_secret_versions_with_filter_test.rb | 30 + .../acceptance/list_regional_secrets_test.rb | 29 + .../list_regional_secrets_with_filter_test.rb | 29 + .../samples/acceptance/regional_helper.rb | 69 ++ .../acceptance/regional_quickstart_test.rb | 54 + .../acceptance/regional_snippets_test.rb | 469 +++++++++ .../acceptance/update_regional_secret_test.rb | 32 + .../update_regional_secret_with_alias_test.rb | 33 + .../update_regional_secret_with_etag_test.rb | 35 + .../samples/access_regional_secret_version.rb | 54 + .../samples/add_regional_secret_version.rb | 48 + .../samples/create_regional_secret.rb | 47 + .../samples/delete_regional_secret.rb | 42 + .../delete_regional_secret_with_etag.rb | 43 + .../destroy_regional_secret_version.rb | 49 + ...stroy_regional_secret_version_with_etag.rb | 50 + .../disable_regional_secret_version.rb | 49 + ...sable_regional_secret_version_with_etag.rb | 50 + .../samples/enable_regional_secret_version.rb | 49 + ...nable_regional_secret_version_with_etag.rb | 50 + .../samples/get_regional_secret.rb | 43 + .../samples/get_regional_secret_version.rb | 52 + .../samples/iam_grant_access_regional.rb | 53 + .../samples/iam_revoke_access_regional.rb | 54 + .../samples/list_regional_secret_versions.rb | 45 + ...st_regional_secret_versions_with_filter.rb | 47 + .../samples/list_regional_secrets.rb | 44 + .../list_regional_secrets_with_filter.rb | 46 + .../samples/regional_quickstart.rb | 62 ++ .../samples/regional_snippets.rb | 983 ++++++++++++++++++ .../samples/update_regional_secret.rb | 54 + .../update_regional_secret_with_alias.rb | 54 + .../update_regional_secret_with_etag.rb | 56 + 51 files changed, 3499 insertions(+), 1 deletion(-) create mode 100644 google-cloud-secret_manager/samples/acceptance/access_regional_secret_version_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/add_regional_secret_version_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/create_regional_secret_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/delete_regional_secret_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/delete_regional_secret_with_etag_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/destroy_regional_secret_version_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/destroy_regional_secret_version_with_etag_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/disable_regional_secret_version_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/disable_regional_secret_version_with_etag_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/enable_regional_secret_version_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/enable_regional_secret_version_with_etag_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/get_regional_secret_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/get_regional_secret_version_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/iam_grant_access_regional_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/iam_revoke_access_regional_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/list_regional_secret_versions_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/list_regional_secret_versions_with_filter_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/list_regional_secrets_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/list_regional_secrets_with_filter_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/regional_helper.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/regional_quickstart_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/regional_snippets_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/update_regional_secret_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/update_regional_secret_with_alias_test.rb create mode 100644 google-cloud-secret_manager/samples/acceptance/update_regional_secret_with_etag_test.rb create mode 100644 google-cloud-secret_manager/samples/access_regional_secret_version.rb create mode 100644 google-cloud-secret_manager/samples/add_regional_secret_version.rb create mode 100644 google-cloud-secret_manager/samples/create_regional_secret.rb create mode 100644 google-cloud-secret_manager/samples/delete_regional_secret.rb create mode 100644 google-cloud-secret_manager/samples/delete_regional_secret_with_etag.rb create mode 100644 google-cloud-secret_manager/samples/destroy_regional_secret_version.rb create mode 100644 google-cloud-secret_manager/samples/destroy_regional_secret_version_with_etag.rb create mode 100644 google-cloud-secret_manager/samples/disable_regional_secret_version.rb create mode 100644 google-cloud-secret_manager/samples/disable_regional_secret_version_with_etag.rb create mode 100644 google-cloud-secret_manager/samples/enable_regional_secret_version.rb create mode 100644 google-cloud-secret_manager/samples/enable_regional_secret_version_with_etag.rb create mode 100644 google-cloud-secret_manager/samples/get_regional_secret.rb create mode 100644 google-cloud-secret_manager/samples/get_regional_secret_version.rb create mode 100644 google-cloud-secret_manager/samples/iam_grant_access_regional.rb create mode 100644 google-cloud-secret_manager/samples/iam_revoke_access_regional.rb create mode 100644 google-cloud-secret_manager/samples/list_regional_secret_versions.rb create mode 100644 google-cloud-secret_manager/samples/list_regional_secret_versions_with_filter.rb create mode 100644 google-cloud-secret_manager/samples/list_regional_secrets.rb create mode 100644 google-cloud-secret_manager/samples/list_regional_secrets_with_filter.rb create mode 100644 google-cloud-secret_manager/samples/regional_quickstart.rb create mode 100644 google-cloud-secret_manager/samples/regional_snippets.rb create mode 100644 google-cloud-secret_manager/samples/update_regional_secret.rb create mode 100644 google-cloud-secret_manager/samples/update_regional_secret_with_alias.rb create mode 100644 google-cloud-secret_manager/samples/update_regional_secret_with_etag.rb diff --git a/google-cloud-secret_manager/samples/README.md b/google-cloud-secret_manager/samples/README.md index 1dbfa112c143..bb83fe2a6544 100644 --- a/google-cloud-secret_manager/samples/README.md +++ b/google-cloud-secret_manager/samples/README.md @@ -35,7 +35,11 @@ These samples show how to use the [Google Secret Manager API] $ export GOOGLE_CLOUD_PROJECT="YOUR_PROJECT_ID" ``` -1. **Run samples** + ```text + $ export GOOGLE_CLOUD_LOCATION="YOUR_LOCATION_ID" + ``` + +1. **Run global samples** ```text $ bundle exec ruby snippets.rb @@ -65,6 +69,46 @@ These samples show how to use the [Google Secret Manager API] Environment variables: GOOGLE_CLOUD_PROJECT ID of the Google Cloud project to run snippets ``` +1. **Run regional samples** + + ```text + $ bundle exec ruby regional_snippets.rb + ``` + + The output will show the help text: + + ```text + Usage: bundle exec ruby regional_snippets.rb [command] [arguments] + + Commands: + access_regional_secret_version Access a regional secret version + add_regional_secret_version Add a new regional secret version + create_regional_secret Create a new regional secret + delete_regional_secret_with_etag Delete an existing regional secret with associated etag + delete_regional_secret Delete an existing regional secret + destroy_regional_secret_version_with_etag Destroy a regional secret version with associated etag + destroy_regional_secret_version Destroy a regional secret version + disable_regional_secret_version_with_etag Disable a regional secret version with associated etag + disable_regional_secret_version Disable a regional secret version + enable_regional_secret_version_with_etag Enable a regional secret version with associated etag + enable_regional_secret_version Enable a regional secret version + get_regional_secret Get a regional secret + get_regional_secret_version Get a regional secret version + iam_grant_access_regional Grant the member access to the regional secret + iam_revoke_access_regional Revoke the member access to the regional secret + list_regional_secret_versions_with_filter List all versions for a regional secret which passes filter + list_regional_secret_versions List all versions for a regional secret + list_regional_secrets_with_filter List all regional secrets which passes filter + list_regional_secrets List all regional secrets + update_regional_secret_with_alias Update a regional secret with alias + update_regional_secret_with_etag Update a regional secret with associated etag + update_regional_secret Update a regional secret + + Environment variables: + GOOGLE_CLOUD_PROJECT ID of the Google Cloud project to run the regional snippets + GOOGLE_CLOUD_LOCATION ID of the Google Cloud location to run the regional snippets + ``` + ## Contributing changes diff --git a/google-cloud-secret_manager/samples/Rakefile b/google-cloud-secret_manager/samples/Rakefile index e03c3e166612..8ba466d6a80a 100644 --- a/google-cloud-secret_manager/samples/Rakefile +++ b/google-cloud-secret_manager/samples/Rakefile @@ -15,6 +15,16 @@ require "rake/testtask" require "rubocop/rake_task" +Rake::TestTask.new "global_test" do |t| + t.test_files = FileList["acceptance/*_test.rb"].exclude(/regional/) + t.warning = false +end + +Rake::TestTask.new "regional_test" do |t| + t.test_files = FileList["acceptance/*_test.rb"].select { |file| file =~ /regional/ } + t.warning = false +end + Rake::TestTask.new "test" do |t| t.test_files = FileList["acceptance/*_test.rb"] t.warning = false diff --git a/google-cloud-secret_manager/samples/acceptance/access_regional_secret_version_test.rb b/google-cloud-secret_manager/samples/acceptance/access_regional_secret_version_test.rb new file mode 100644 index 000000000000..5993bd0320cd --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/access_regional_secret_version_test.rb @@ -0,0 +1,27 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#access_regional_secret_version", :regional_secret_manager_snippet do + it "accesses the regional secret version" do + sample = SampleLoader.load "access_regional_secret_version.rb" + + assert_output(/Plaintext: hello world!/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, version_id: version_id + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/add_regional_secret_version_test.rb b/google-cloud-secret_manager/samples/acceptance/add_regional_secret_version_test.rb new file mode 100644 index 000000000000..8c03a560250f --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/add_regional_secret_version_test.rb @@ -0,0 +1,35 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#add_regional_secret_version", :regional_secret_manager_snippet do + it "adds a secret version" do + sample = SampleLoader.load "add_regional_secret_version.rb" + + o_list = client.list_secret_versions(parent: secret.name).to_a + assert_empty o_list + + out, _err = capture_io do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id + end + assert_match(/Added regional secret version: \S+/, out) + version = /Added regional secret version: (\S+)/.match(out)[1] + + n_list = client.list_secret_versions(parent: secret.name).to_a + assert_includes n_list.map(&:name), version + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/create_regional_secret_test.rb b/google-cloud-secret_manager/samples/acceptance/create_regional_secret_test.rb new file mode 100644 index 000000000000..b88c387ef1a7 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/create_regional_secret_test.rb @@ -0,0 +1,29 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#create_regional_secret", :regional_secret_manager_snippet do + it "creates a regional secret" do + sample = SampleLoader.load "create_regional_secret.rb" + + out, _err = capture_io do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id + end + secret_id_regex = Regexp.escape secret_id + assert_match %r{Created regional secret: projects/\S+locations/\S+/secrets/#{secret_id_regex}}, out + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/delete_regional_secret_test.rb b/google-cloud-secret_manager/samples/acceptance/delete_regional_secret_test.rb new file mode 100644 index 000000000000..0a40fd06d702 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/delete_regional_secret_test.rb @@ -0,0 +1,34 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#delete_regional_secret", :regional_secret_manager_snippet do + it "deletes the secret" do + sample = SampleLoader.load "delete_regional_secret.rb" + + refute_nil secret + client.get_secret name: secret_name + + assert_output(/Deleted regional secret/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id + end + + assert_raises Google::Cloud::NotFoundError do + client.get_secret name: secret_name + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/delete_regional_secret_with_etag_test.rb b/google-cloud-secret_manager/samples/acceptance/delete_regional_secret_with_etag_test.rb new file mode 100644 index 000000000000..6267895673b0 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/delete_regional_secret_with_etag_test.rb @@ -0,0 +1,36 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#delete_regional_secret_with_etag", :regional_secret_manager_snippet do + it "deletes the regional secret" do + sample = SampleLoader.load "delete_regional_secret_with_etag.rb" + + refute_nil secret + get_secret_reponse = client.get_secret name: secret_name + + updated_etag = get_secret_reponse.etag + + assert_output(/Deleted regional secret/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, etag: updated_etag + end + + assert_raises Google::Cloud::NotFoundError do + client.get_secret name: secret_name + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/destroy_regional_secret_version_test.rb b/google-cloud-secret_manager/samples/acceptance/destroy_regional_secret_version_test.rb new file mode 100644 index 000000000000..4b5d05167d97 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/destroy_regional_secret_version_test.rb @@ -0,0 +1,33 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#destroy_regional_secret_version", :regional_secret_manager_snippet do + it "destroys the secret version" do + sample = SampleLoader.load "destroy_regional_secret_version.rb" + + refute_nil secret_version + + assert_output(/Destroyed regional secret version/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, version_id: version_id + end + + n_version = client.get_secret_version name: version_name + refute_nil n_version + assert_equal "destroyed", n_version.state.to_s.downcase + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/destroy_regional_secret_version_with_etag_test.rb b/google-cloud-secret_manager/samples/acceptance/destroy_regional_secret_version_with_etag_test.rb new file mode 100644 index 000000000000..777846bda64b --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/destroy_regional_secret_version_with_etag_test.rb @@ -0,0 +1,33 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#destroy_regional_secret_version_with_etag", :regional_secret_manager_snippet do + it "destroys the regional secret version with etag" do + sample = SampleLoader.load "destroy_regional_secret_version_with_etag.rb" + + refute_nil secret_version + + assert_output(/Destroyed regional secret version/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, version_id: version_id, etag: etag + end + + n_version = client.get_secret_version name: version_name + refute_nil n_version + assert_equal "destroyed", n_version.state.to_s.downcase + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/disable_regional_secret_version_test.rb b/google-cloud-secret_manager/samples/acceptance/disable_regional_secret_version_test.rb new file mode 100644 index 000000000000..012432aa673d --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/disable_regional_secret_version_test.rb @@ -0,0 +1,33 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#disable_regional_secret_version", :regional_secret_manager_snippet do + it "disables the secret version" do + sample = SampleLoader.load "disable_regional_secret_version.rb" + + refute_nil secret_version + + assert_output(/Disabled regional secret version/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, version_id: version_id + end + + n_version = client.get_secret_version name: version_name + refute_nil n_version + assert_equal "disabled", n_version.state.to_s.downcase + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/disable_regional_secret_version_with_etag_test.rb b/google-cloud-secret_manager/samples/acceptance/disable_regional_secret_version_with_etag_test.rb new file mode 100644 index 000000000000..961693c2d8bb --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/disable_regional_secret_version_with_etag_test.rb @@ -0,0 +1,33 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#disable_regional_secret_version_with_etag", :regional_secret_manager_snippet do + it "disables the regional secret version with the etag" do + sample = SampleLoader.load "disable_regional_secret_version_with_etag.rb" + + refute_nil secret_version + + assert_output(/Disabled regional secret version/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, version_id: version_id, etag: etag + end + + n_version = client.get_secret_version name: version_name + refute_nil n_version + assert_equal "disabled", n_version.state.to_s.downcase + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/enable_regional_secret_version_test.rb b/google-cloud-secret_manager/samples/acceptance/enable_regional_secret_version_test.rb new file mode 100644 index 000000000000..320ff901be95 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/enable_regional_secret_version_test.rb @@ -0,0 +1,34 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#enable_regional_secret_version", :regional_secret_manager_snippet do + it "enables the secret version" do + sample = SampleLoader.load "enable_regional_secret_version.rb" + + refute_nil secret_version + client.disable_secret_version name: version_name + + assert_output(/Enabled regional secret version/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, version_id: version_id + end + + n_version = client.get_secret_version name: version_name + refute_nil n_version + assert_equal "enabled", n_version.state.to_s.downcase + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/enable_regional_secret_version_with_etag_test.rb b/google-cloud-secret_manager/samples/acceptance/enable_regional_secret_version_with_etag_test.rb new file mode 100644 index 000000000000..d624a8eb90dd --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/enable_regional_secret_version_with_etag_test.rb @@ -0,0 +1,36 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#enable_regional_secret_version_with_etag", :regional_secret_manager_snippet do + it "enables the regional secret version with etag" do + sample = SampleLoader.load "enable_regional_secret_version_with_etag.rb" + + refute_nil secret_version + disable_response = client.disable_secret_version name: version_name + + updated_etag = disable_response.etag + + assert_output(/Enabled regional secret version/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, version_id: version_id, etag: updated_etag + end + + n_version = client.get_secret_version name: version_name + refute_nil n_version + assert_equal "enabled", n_version.state.to_s.downcase + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/get_regional_secret_test.rb b/google-cloud-secret_manager/samples/acceptance/get_regional_secret_test.rb new file mode 100644 index 000000000000..de9ec385994b --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/get_regional_secret_test.rb @@ -0,0 +1,30 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#get_regional_secret", :regional_secret_manager_snippet do + it "gets the regional secret" do + sample = SampleLoader.load "get_regional_secret.rb" + + refute_nil secret + + escaped_name = Regexp.escape(secret.name).to_s + assert_output(/Got regional secret #{escaped_name}/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/get_regional_secret_version_test.rb b/google-cloud-secret_manager/samples/acceptance/get_regional_secret_version_test.rb new file mode 100644 index 000000000000..e18762d2076e --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/get_regional_secret_version_test.rb @@ -0,0 +1,30 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#get_regional_secret_version", :regional_secret_manager_snippet do + it "gets the regional secret version" do + sample = SampleLoader.load "get_regional_secret_version.rb" + + refute_nil secret_version + + escaped_name = Regexp.escape secret_version.name + assert_output(/Got regional secret version #{escaped_name} with state enabled/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, version_id: version_id + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/iam_grant_access_regional_test.rb b/google-cloud-secret_manager/samples/acceptance/iam_grant_access_regional_test.rb new file mode 100644 index 000000000000..ad4fec6b07a2 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/iam_grant_access_regional_test.rb @@ -0,0 +1,39 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#iam_grant_access_regional", :regional_secret_manager_snippet do + it "grants access to the regional secret" do + sample = SampleLoader.load "iam_grant_access_regional.rb" + + refute_nil secret + + assert_output(/Updated regional IAM policy/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, member: iam_user + end + + name = client.secret_path project: project_id, location: location_id, secret: secret_id + n_policy = client.get_iam_policy resource: name + refute_nil n_policy + + bind = n_policy.bindings.find do |b| + b.role == "roles/secretmanager.secretAccessor" + end + refute_nil bind + assert_includes bind.members, iam_user + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/iam_revoke_access_regional_test.rb b/google-cloud-secret_manager/samples/acceptance/iam_revoke_access_regional_test.rb new file mode 100644 index 000000000000..9949d81c16fb --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/iam_revoke_access_regional_test.rb @@ -0,0 +1,48 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#iam_revoke_access_regional", :regional_secret_manager_snippet do + it "revokes access to the regional secret" do + sample = SampleLoader.load "iam_revoke_access_regional.rb" + + refute_nil secret + + # Add an IAM member + name = client.secret_path project: project_id, location: location_id, secret: secret_id + policy = client.get_iam_policy resource: name + policy.bindings << Google::Iam::V1::Binding.new( + members: [iam_user], + role: "roles/secretmanager.secretAccessor" + ) + client.set_iam_policy resource: name, policy: policy + + assert_output(/Updated regional IAM policy/) do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, member: iam_user + end + + n_policy = client.get_iam_policy resource: name + refute_nil n_policy + + bind = n_policy.bindings.find do |b| + b.role == "roles/secretmanager.secretAccessor" + end + # The only member was iam_user, so the server will remove the binding + # automatically. + assert_nil bind + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/list_regional_secret_versions_test.rb b/google-cloud-secret_manager/samples/acceptance/list_regional_secret_versions_test.rb new file mode 100644 index 000000000000..c5ddb9b804f9 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/list_regional_secret_versions_test.rb @@ -0,0 +1,30 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#list_regional_secret_versions", :regional_secret_manager_snippet do + it "lists the regional secret versions" do + sample = SampleLoader.load "list_regional_secret_versions.rb" + + refute_nil secret + refute_nil secret_version + + assert_output %r{Got regional secret version projects/\S+/locations/\S+/secrets/#{Regexp.escape secret_id}/versions/\d+} do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/list_regional_secret_versions_with_filter_test.rb b/google-cloud-secret_manager/samples/acceptance/list_regional_secret_versions_with_filter_test.rb new file mode 100644 index 000000000000..e1aa1ab37363 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/list_regional_secret_versions_with_filter_test.rb @@ -0,0 +1,30 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#list_regional_secret_versions_with_filter", :regional_secret_manager_snippet do + it "lists the regional secret versions with the filter" do + sample = SampleLoader.load "list_regional_secret_versions_with_filter.rb" + + refute_nil secret + refute_nil secret_version + + assert_output %r{Got regional secret version projects/\S+/locations/\S+/secrets/#{Regexp.escape secret_id}/versions/\d+} do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, filter: filter + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/list_regional_secrets_test.rb b/google-cloud-secret_manager/samples/acceptance/list_regional_secrets_test.rb new file mode 100644 index 000000000000..72340dc92aab --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/list_regional_secrets_test.rb @@ -0,0 +1,29 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#list_regional_secrets", :regional_secret_manager_snippet do + it "lists the regional secrets" do + sample = SampleLoader.load "list_regional_secrets.rb" + + refute_nil secret + + assert_output %r{Got regional secret projects/\S+/locations/\S+/secrets/#{Regexp.escape secret_id}} do + sample.run project_id: project_id, location_id: location_id + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/list_regional_secrets_with_filter_test.rb b/google-cloud-secret_manager/samples/acceptance/list_regional_secrets_with_filter_test.rb new file mode 100644 index 000000000000..62f72053f87c --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/list_regional_secrets_with_filter_test.rb @@ -0,0 +1,29 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#list_regional_secrets_with_filter", :regional_secret_manager_snippet do + it "lists the regional secrets with the filter passed" do + sample = SampleLoader.load "list_regional_secrets_with_filter.rb" + + refute_nil secret + + assert_output %r{Got regional secret projects/\S+/locations/\S+/secrets/#{Regexp.escape secret_id}} do + sample.run project_id: project_id, location_id: location_id, filter: filter + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/regional_helper.rb b/google-cloud-secret_manager/samples/acceptance/regional_helper.rb new file mode 100644 index 000000000000..abaa709f0edd --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/regional_helper.rb @@ -0,0 +1,69 @@ +# Copyright 2020 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "minitest/autorun" +require "minitest/focus" +require "minitest/rg" + +require "google/cloud/secret_manager" + +require_relative "../../../.toys/.lib/sample_loader" + +class RegionalSecretManagerSnippetSpec < Minitest::Spec + let(:project_id) { ENV["GOOGLE_CLOUD_PROJECT"] || raise("missing GOOGLE_CLOUD_PROJECT") } + let(:location_id) { ENV["GOOGLE_LOCATION_ID"] || "us-west1" } + + let(:api_endpoint) { "secretmanager.#{location_id}.rep.googleapis.com" } + let(:filter) { "name : ruby-quickstart-" } + + let :client do + Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + end + + let(:secret_id) { "ruby-quickstart-#{(Time.now.to_f * 1000).to_i}" } + let(:secret_name) { "projects/#{project_id}/locations/#{location_id}/secrets/#{secret_id}" } + let(:iam_user) { "user:sarafy@google.com" } + + let :secret do + client.create_secret( + parent: "projects/#{project_id}/locations/#{location_id}", + secret_id: secret_id, + secret: {} + ) + end + + let :secret_version do + client.add_secret_version( + parent: secret.name, + payload: { + data: "hello world!" + } + ) + end + + let(:etag) { secret_version.etag } + + let(:version_id) { URI(secret_version.name).path.split("/").last } + let(:version_name) { "projects/#{project_id}/locations/#{location_id}/secrets/#{secret_id}/versions/#{version_id}" } + + after do + client.delete_secret name: secret_name + rescue Google::Cloud::NotFoundError + # Do nothing + end + + register_spec_type(self) { |*descs| descs.include? :regional_secret_manager_snippet } +end diff --git a/google-cloud-secret_manager/samples/acceptance/regional_quickstart_test.rb b/google-cloud-secret_manager/samples/acceptance/regional_quickstart_test.rb new file mode 100644 index 000000000000..6d3c4683dcf0 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/regional_quickstart_test.rb @@ -0,0 +1,54 @@ +# Copyright 2020 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require_relative "regional_helper" + +describe "Secret Manager Regional Quickstart" do + let(:project_id) { ENV["GOOGLE_CLOUD_PROJECT"] || raise("missing GOOGLE_CLOUD_PROJECT") } + let(:location_id) { "us-west1" } + let(:api_endpoint) { "secretmanager.#{location_id}.rep.googleapis.com" } + + let :client do + Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + end + + let(:secret_id) { "ruby-quickstart-#{(Time.now.to_f * 1000).to_i}" } + let(:secret_name) { "projects/#{project_id}/locations/#{location_id}/secrets/#{secret_id}" } + + after do + client.delete_secret name: secret_name + rescue Google::Cloud::NotFoundError + # Do nothing + end + + it "creates and accesses a secret" do + sample = SampleLoader.load "regional_quickstart.rb" + + assert_output "Plaintext: hello world!\n" do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id + end + + secret = client.get_secret name: secret_name + refute_nil secret + + versions = client.list_secret_versions parent: secret_name + refute_empty versions.to_a + + version = client.access_secret_version name: "#{secret_name}/versions/latest" + refute_nil version + assert_equal "hello world!", version.payload.data + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/regional_snippets_test.rb b/google-cloud-secret_manager/samples/acceptance/regional_snippets_test.rb new file mode 100644 index 000000000000..b766dfd18239 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/regional_snippets_test.rb @@ -0,0 +1,469 @@ +# Copyright 2020 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" +require_relative "../regional_snippets" + +describe "Secret Manager Regional Snippets" do + let(:project_id) { ENV["GOOGLE_CLOUD_PROJECT"] || raise("missing GOOGLE_CLOUD_PROJECT") } + let(:location_id) { "us-west1" } + let(:api_endpoint) { "secretmanager.#{location_id}.rep.googleapis.com" } + let(:filter) { "name : ruby-quickstart-" } + + let :client do + Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + end + + let(:secret_id) { "ruby-quickstart-#{(Time.now.to_f * 1000).to_i}" } + let(:secret_name) { "projects/#{project_id}/locations/#{location_id}/secrets/#{secret_id}" } + let(:iam_user) { "user:sarafy@google.com" } + + let :secret do + client.create_secret( + parent: "projects/#{project_id}/locations/#{location_id}", + secret_id: secret_id, + secret: {} + ) + end + + let :secret_version do + client.add_secret_version( + parent: secret.name, + payload: { + data: "hello world!" + } + ) + end + + let(:etag) { secret_version.etag } + + let(:version_id) { URI(secret_version.name).path.split("/").last } + let(:version_name) { "projects/#{project_id}/locations/#{location_id}/secrets/#{secret_id}/versions/#{version_id}" } + + after do + client.delete_secret name: secret_name + rescue Google::Cloud::NotFoundError + # Do nothing + end + + describe "#access_regional_secret_version" do + it "accesses the regional version" do + expect { + version = access_regional_secret_version( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + version_id: version_id + ) + + expect(version).wont_be_nil + expect(version.name).must_include(secret_id) + expect(version.payload.data).must_equal("hello world!") + }.must_output(/Plaintext: hello world!/) + end + end + + describe "#add_regional_secret_version" do + it "adds a regional secret version" do + o_list = client.list_secret_versions(parent: secret.name).to_a + expect(o_list).must_be_empty + + expect { + version = add_regional_secret_version( + project_id: project_id, + location_id: location_id, + secret_id: secret_id + ) + + n_list = client.list_secret_versions(parent: secret.name).to_a + expect(n_list).must_include(version) + }.must_output(/Added regional secret version:/) + end + end + + describe "#create_regional_secret" do + it "creates a regional secret" do + expect { + secret = create_regional_secret( + project_id: project_id, + location_id: location_id, + secret_id: secret_id + ) + + expect(secret).wont_be_nil + expect(secret.name).must_include(secret_id) + }.must_output(/Created regional secret/) + end + end + + describe "#delete_regional_secret_with_etag" do + it "deletes the regional secret with the passed etag" do + expect(secret).wont_be_nil + + get_secret_reponse = client.get_secret name: secret_name + updated_etag = get_secret_reponse.etag + + expect { + delete_regional_secret_with_etag( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + etag: updated_etag + ) + }.must_output(/Deleted regional secret/) + + expect { + client.get_secret name: secret_name + }.must_raise(Google::Cloud::NotFoundError) + end + end + + describe "#delete_regional_secret" do + it "deletes the regional secret" do + expect(secret).wont_be_nil + + expect { + delete_regional_secret( + project_id: project_id, + location_id: location_id, + secret_id: secret_id + ) + }.must_output(/Deleted regional secret/) + + expect { + client.get_secret name: secret_name + }.must_raise(Google::Cloud::NotFoundError) + end + end + + describe "#destroy_regional_secret_version_with_etag" do + it "destroys the regional secret version with the passed etag" do + expect(secret_version).wont_be_nil + + expect { + destroy_regional_secret_version_with_etag( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + version_id: version_id, + etag: etag + ) + }.must_output(/Destroyed regional secret version/) + + n_version = client.get_secret_version name: version_name + expect(n_version).wont_be_nil + expect(n_version.state.to_s.downcase).must_equal("destroyed") + end + end + + describe "#destroy_regional_secret_version" do + it "destroys the regional secret version" do + expect(secret_version).wont_be_nil + + expect { + destroy_regional_secret_version( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + version_id: version_id + ) + }.must_output(/Destroyed regional secret version/) + + n_version = client.get_secret_version name: version_name + expect(n_version).wont_be_nil + expect(n_version.state.to_s.downcase).must_equal("destroyed") + end + end + + describe "#disable_regional_secret_version_with_etag" do + it "disables the regional secret version with the passed etag" do + expect(secret_version).wont_be_nil + + expect { + disable_regional_secret_version_with_etag( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + version_id: version_id, + etag: etag + ) + }.must_output(/Disabled regional secret version/) + + n_version = client.get_secret_version name: version_name + expect(n_version).wont_be_nil + expect(n_version.state.to_s.downcase).must_equal("disabled") + end + end + + describe "#disable_regional_secret_version" do + it "disables the regional secret version" do + expect(secret_version).wont_be_nil + + expect { + disable_regional_secret_version( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + version_id: version_id + ) + }.must_output(/Disabled regional secret version/) + + n_version = client.get_secret_version name: version_name + expect(n_version).wont_be_nil + expect(n_version.state.to_s.downcase).must_equal("disabled") + end + end + + describe "#enable_regional_secret_version_with_etag" do + it "enables the regional secret version with the passed etag" do + expect(secret_version).wont_be_nil + disable_secret_version_response = client.disable_secret_version name: version_name + + updated_etag = disable_secret_version_response.etag + + expect { + enable_regional_secret_version_with_etag( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + version_id: version_id, + etag: updated_etag + ) + }.must_output(/Enabled regional secret version/) + + n_version = client.get_secret_version name: version_name + expect(n_version).wont_be_nil + expect(n_version.state.to_s.downcase).must_equal("enabled") + end + end + + describe "#enable_regional_secret_version" do + it "enables the regional secret version" do + expect(secret_version).wont_be_nil + client.disable_secret_version name: version_name + + expect { + enable_regional_secret_version( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + version_id: version_id + ) + }.must_output(/Enabled regional secret version/) + + n_version = client.get_secret_version name: version_name + expect(n_version).wont_be_nil + expect(n_version.state.to_s.downcase).must_equal("enabled") + end + end + + describe "#get_regional_secret" do + it "gets the regional secret" do + expect(secret).wont_be_nil + expect { + n_secret = get_regional_secret( + project_id: project_id, + location_id: location_id, + secret_id: secret_id + ) + + expect(n_secret).wont_be_nil + expect(n_secret.name).must_equal(secret.name) + }.must_output(/Got regional secret/) + end + end + + describe "#get_regional_secret_version" do + it "gets the regional secret version" do + expect(secret_version).wont_be_nil + expect { + n_version = get_regional_secret_version( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + version_id: version_id + ) + + expect(n_version).wont_be_nil + expect(n_version.name).must_equal(secret_version.name) + }.must_output(/Got regional secret version/) + end + end + + describe "#iam_grant_access_regional" do + it "grants access to the regional secret" do + expect(secret).wont_be_nil + expect { + policy = iam_grant_access_regional( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + member: iam_user + ) + + expect(policy).wont_be_nil + bind = policy.bindings.find do |b| + b.role == "roles/secretmanager.secretAccessor" + end + + expect(bind).wont_be_nil + expect(bind.members).must_include(iam_user) + }.must_output(/Updated regional IAM policy/) + end + end + + describe "#iam_revoke_access_regional" do + it "revokes access to the regional secret" do + expect(secret).wont_be_nil + + # Add an IAM member + name = client.secret_path project: project_id, location: location_id, secret: secret_id + policy = client.get_iam_policy resource: name + policy.bindings << Google::Iam::V1::Binding.new( + members: [iam_user], + role: "roles/secretmanager.secretAccessor" + ) + client.set_iam_policy resource: name, policy: policy + + expect { + policy = iam_revoke_access_regional( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + member: iam_user + ) + + expect(policy).wont_be_nil + bind = policy.bindings.find do |b| + b.role == "roles/secretmanager.secretAccessor" + end + + # The only member was iam_user, so the server will remove the binding + # automatically. + expect(bind).must_be_nil + }.must_output(/Updated regional IAM policy/) + end + end + + describe "#list_regional_secret_versions_with_filter" do + it "lists the regional secret versions with the passed filter" do + expect(secret).wont_be_nil + expect(secret_version).wont_be_nil + + expect { + list_regional_secret_versions( + project_id: project_id, + location_id: location_id, + secret_id: secret_id + ) + }.must_output(/Got regional secret version(.+)#{version_id}/) + end + end + + describe "#list_regional_secret_versions" do + it "lists the regional secret versions with the passed filter" do + expect(secret).wont_be_nil + expect(secret_version).wont_be_nil + + expect { + list_regional_secret_versions_with_filter( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + filter: filter + ) + }.must_output(/Got regional secret version(.+)#{version_id}/) + end + end + + describe "#list_regional_secrets_with_filter" do + it "lists the regional secrets" do + expect(secret).wont_be_nil + + expect { + list_regional_secrets_with_filter project_id: project_id, location_id: location_id, filter: filter + }.must_output(/Got regional secret(.+)#{secret_id}/) + end + end + + describe "#list_regional_secrets" do + it "lists the regional secrets" do + expect(secret).wont_be_nil + + expect { + list_regional_secrets project_id: project_id, location_id: location_id + }.must_output(/Got regional secret(.+)#{secret_id}/) + end + end + + describe "#update_regional_secret_with_etag" do + it "updates the regional secret with the passed etag" do + expect(secret).wont_be_nil + + get_secret_reponse = client.get_secret name: secret_name + updated_etag = get_secret_reponse.etag + + expect { + n_secret = update_regional_secret_with_etag( + project_id: project_id, + location_id: location_id, + secret_id: secret_id, + etag: updated_etag + ) + + expect(n_secret).wont_be_nil + expect(n_secret.labels["secretmanager"]).must_equal("rocks") + }.must_output(/Updated regional secret/) + end + end + + describe "#update_regional_secret" do + it "updates the regional secret" do + expect(secret).wont_be_nil + + expect { + n_secret = update_regional_secret( + project_id: project_id, + location_id: location_id, + secret_id: secret_id + ) + + expect(n_secret).wont_be_nil + expect(n_secret.labels["secretmanager"]).must_equal("rocks") + }.must_output(/Updated regional secret/) + end + end + + describe "#update_regional_secret_with_alias" do + it "updates the regional secret" do + expect(secret).wont_be_nil + expect(secret_version).wont_be_nil + + expect { + n_secret = update_regional_secret_with_alias( + project_id: project_id, + location_id: location_id, + secret_id: secret_id + ) + + expect(n_secret).wont_be_nil + expect(n_secret.version_aliases["test"]).must_equal(1) + }.must_output(/Updated regional secret/) + end + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/update_regional_secret_test.rb b/google-cloud-secret_manager/samples/acceptance/update_regional_secret_test.rb new file mode 100644 index 000000000000..f41746d4420b --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/update_regional_secret_test.rb @@ -0,0 +1,32 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#update_regional_secret", :regional_secret_manager_snippet do + it "updates the secret" do + sample = SampleLoader.load "update_regional_secret.rb" + + refute_nil secret + + out, _err = capture_io do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id + end + + assert_match(/Updated regional secret/, out) + assert_match(/New label: rocks/, out) + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/update_regional_secret_with_alias_test.rb b/google-cloud-secret_manager/samples/acceptance/update_regional_secret_with_alias_test.rb new file mode 100644 index 000000000000..ca183265cd93 --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/update_regional_secret_with_alias_test.rb @@ -0,0 +1,33 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#update_regional_secret_with_alias", :regional_secret_manager_snippet do + it "updates the regional secret" do + sample = SampleLoader.load "update_regional_secret_with_alias.rb" + + refute_nil secret + refute_nil secret_version + + out, _err = capture_io do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id + end + + assert_match(/Updated regional secret/, out) + assert_match(/New version alias: 1/, out) + end +end diff --git a/google-cloud-secret_manager/samples/acceptance/update_regional_secret_with_etag_test.rb b/google-cloud-secret_manager/samples/acceptance/update_regional_secret_with_etag_test.rb new file mode 100644 index 000000000000..b068a7fff32b --- /dev/null +++ b/google-cloud-secret_manager/samples/acceptance/update_regional_secret_with_etag_test.rb @@ -0,0 +1,35 @@ +# Copyright 2022 Google, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "uri" + +require_relative "regional_helper" + +describe "#update_regional_secret_with_etag", :regional_secret_manager_snippet do + it "updates the secret with the etag" do + sample = SampleLoader.load "update_regional_secret_with_etag.rb" + + refute_nil secret + get_secret_reponse = client.get_secret name: secret_name + + updated_etag = get_secret_reponse.etag + + out, _err = capture_io do + sample.run project_id: project_id, location_id: location_id, secret_id: secret_id, etag: updated_etag + end + + assert_match(/Updated regional secret/, out) + assert_match(/New label: rocks/, out) + end +end diff --git a/google-cloud-secret_manager/samples/access_regional_secret_version.rb b/google-cloud-secret_manager/samples/access_regional_secret_version.rb new file mode 100644 index 000000000000..4cd5bb8f7402 --- /dev/null +++ b/google-cloud-secret_manager/samples/access_regional_secret_version.rb @@ -0,0 +1,54 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_access_regional_secret_version] +require "google/cloud/secret_manager" + +## +# Access a specific version of a secret +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param version_id [String] The version (e.g. "5" or "latest") +# +def access_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Access the secret version. + version = client.access_secret_version name: name + + + # Print the secret payload. + # + # WARNING: Do not print the secret payload in a production environment - this + # snippet is merely showing how to access the secret material. + payload = version.payload.data + puts "Plaintext: #{payload}" +end +# [END secretmanager_access_regional_secret_version] diff --git a/google-cloud-secret_manager/samples/add_regional_secret_version.rb b/google-cloud-secret_manager/samples/add_regional_secret_version.rb new file mode 100644 index 000000000000..b0db36e29ecc --- /dev/null +++ b/google-cloud-secret_manager/samples/add_regional_secret_version.rb @@ -0,0 +1,48 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_add_regional_secret_version] +require "google/cloud/secret_manager" + +## +# Add a new regional secret version +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# +def add_regional_secret_version project_id:, location_id:, secret_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Add the secret version. + version = client.add_secret_version( + parent: name, + payload: { + data: "my super secret data" + } + ) + + # Print the new secret version name. + puts "Added regional secret version: #{version.name}" +end +# [END secretmanager_add_regional_secret_version] diff --git a/google-cloud-secret_manager/samples/create_regional_secret.rb b/google-cloud-secret_manager/samples/create_regional_secret.rb new file mode 100644 index 000000000000..fcd77268f831 --- /dev/null +++ b/google-cloud-secret_manager/samples/create_regional_secret.rb @@ -0,0 +1,47 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_create_regional_secret] +require "google/cloud/secret_manager" + +## +# Create a regional secret +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# +def create_regional_secret project_id:, location_id:, secret_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent project. + parent = client.location_path project: project_id, location: location_id + + # Create the secret. + secret = client.create_secret( + parent: parent, + secret_id: secret_id, + secret: {} + ) + + # Print the new secret name. + puts "Created regional secret: #{secret.name}" +end +# [END secretmanager_create_regional_secret] diff --git a/google-cloud-secret_manager/samples/delete_regional_secret.rb b/google-cloud-secret_manager/samples/delete_regional_secret.rb new file mode 100644 index 000000000000..66088c554d95 --- /dev/null +++ b/google-cloud-secret_manager/samples/delete_regional_secret.rb @@ -0,0 +1,42 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_delete_regional_secret] +require "google/cloud/secret_manager" + +## +# Delete a regional secret +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# +def delete_regional_secret project_id:, location_id:, secret_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + # Delete the secret. + client.delete_secret name: name + + # Print a success message. + puts "Deleted regional secret #{name}" +end +# [END secretmanager_delete_regional_secret] diff --git a/google-cloud-secret_manager/samples/delete_regional_secret_with_etag.rb b/google-cloud-secret_manager/samples/delete_regional_secret_with_etag.rb new file mode 100644 index 000000000000..8f3b277af518 --- /dev/null +++ b/google-cloud-secret_manager/samples/delete_regional_secret_with_etag.rb @@ -0,0 +1,43 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_delete_regional_secret_with_etag] +require "google/cloud/secret_manager" + +## +# Delete a regional secret with the passing etag and name +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param etag [String] The e-tag associated with the secret (e.g. "\"1234\"") +# +def delete_regional_secret_with_etag project_id:, location_id:, secret_id:, etag: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + # Delete the secret. + client.delete_secret name: name, etag: etag + + # Print a success message. + puts "Deleted regional secret #{name}" +end +# [END secretmanager_delete_regional_secret_with_etag] diff --git a/google-cloud-secret_manager/samples/destroy_regional_secret_version.rb b/google-cloud-secret_manager/samples/destroy_regional_secret_version.rb new file mode 100644 index 000000000000..b13841c77ddb --- /dev/null +++ b/google-cloud-secret_manager/samples/destroy_regional_secret_version.rb @@ -0,0 +1,49 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_destroy_regional_secret_version] +require "google/cloud/secret_manager" + +## +# Destroy a regional secret version +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param version_id [String] The version (e.g. "5" or "latest") +# +def destroy_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the regional secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Destroy the secret version. + response = client.destroy_secret_version name: name + + # Print a success message. + puts "Destroyed regional secret version: #{response.name}" +end +# [END secretmanager_destroy_regional_secret_version] diff --git a/google-cloud-secret_manager/samples/destroy_regional_secret_version_with_etag.rb b/google-cloud-secret_manager/samples/destroy_regional_secret_version_with_etag.rb new file mode 100644 index 000000000000..c509fb5147b6 --- /dev/null +++ b/google-cloud-secret_manager/samples/destroy_regional_secret_version_with_etag.rb @@ -0,0 +1,50 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_destroy_regional_secret_version_with_etag] +require "google/cloud/secret_manager" + +## +# Destroy a regional secret version with the given etag and name +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param version_id [String] The version (e.g. "5" or "latest") +# @param etag [String] The e-tag associated with the secret (e.g. "\"1234\"") +# +def destroy_regional_secret_version_with_etag project_id:, location_id:, secret_id:, version_id:, etag: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the regional secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Destroy the secret version. + response = client.destroy_secret_version name: name, etag: etag + + # Print a success message. + puts "Destroyed regional secret version: #{response.name}" +end +# [END secretmanager_destroy_regional_secret_version_with_etag] diff --git a/google-cloud-secret_manager/samples/disable_regional_secret_version.rb b/google-cloud-secret_manager/samples/disable_regional_secret_version.rb new file mode 100644 index 000000000000..9d233a76c13a --- /dev/null +++ b/google-cloud-secret_manager/samples/disable_regional_secret_version.rb @@ -0,0 +1,49 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_disable_regional_secret_version] +require "google/cloud/secret_manager" + +## +# Disable a regional secret version +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param version_id [String] The version (e.g. "5" or "latest") +# +def disable_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Disable the secret version. + response = client.disable_secret_version name: name + + # Print a success message. + puts "Disabled regional secret version: #{response.name}" +end +# [END secretmanager_disable_regional_secret_version] diff --git a/google-cloud-secret_manager/samples/disable_regional_secret_version_with_etag.rb b/google-cloud-secret_manager/samples/disable_regional_secret_version_with_etag.rb new file mode 100644 index 000000000000..013f41632b01 --- /dev/null +++ b/google-cloud-secret_manager/samples/disable_regional_secret_version_with_etag.rb @@ -0,0 +1,50 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_disable_regional_secret_version_with_etag] +require "google/cloud/secret_manager" + +## +# Disable a regional secret version with the given etag and name +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param version_id [String] The version (e.g. "5" or "latest") +# @param etag [String] The e-tag associated with the secret (e.g. "\"1234\"") +# +def disable_regional_secret_version_with_etag project_id:, location_id:, secret_id:, version_id:, etag: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Disable the secret version. + response = client.disable_secret_version name: name, etag: etag + + # Print a success message. + puts "Disabled regional secret version: #{response.name}" +end +# [END secretmanager_disable_regional_secret_version_with_etag] diff --git a/google-cloud-secret_manager/samples/enable_regional_secret_version.rb b/google-cloud-secret_manager/samples/enable_regional_secret_version.rb new file mode 100644 index 000000000000..4e198a5e6d96 --- /dev/null +++ b/google-cloud-secret_manager/samples/enable_regional_secret_version.rb @@ -0,0 +1,49 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_enable_regional_secret_version] +require "google/cloud/secret_manager" + +## +# Enable a regional secret version +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param version_id [String] The version (e.g. "5" or "latest") +# +def enable_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Enable the secret version. + response = client.enable_secret_version name: name + + # Print a success message. + puts "Enabled regional secret version: #{response.name}" +end +# [END secretmanager_enable_regional_secret_version] diff --git a/google-cloud-secret_manager/samples/enable_regional_secret_version_with_etag.rb b/google-cloud-secret_manager/samples/enable_regional_secret_version_with_etag.rb new file mode 100644 index 000000000000..3566ede890e2 --- /dev/null +++ b/google-cloud-secret_manager/samples/enable_regional_secret_version_with_etag.rb @@ -0,0 +1,50 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_enable_regional_secret_version_with_etag] +require "google/cloud/secret_manager" + +## +# Enable a regional secret version with the given etag and name +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param version_id [String] The version (e.g. "5" or "latest") +# @param etag [String] The e-tag associated with the secret (e.g. "\"1234\"") +# +def enable_regional_secret_version_with_etag project_id:, location_id:, secret_id:, version_id:, etag: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Enable the secret version. + response = client.enable_secret_version name: name, etag: etag + + # Print a success message. + puts "Enabled regional secret version: #{response.name}" +end +# [END secretmanager_enable_regional_secret_version_with_etag] diff --git a/google-cloud-secret_manager/samples/get_regional_secret.rb b/google-cloud-secret_manager/samples/get_regional_secret.rb new file mode 100644 index 000000000000..7ac0a379b3ec --- /dev/null +++ b/google-cloud-secret_manager/samples/get_regional_secret.rb @@ -0,0 +1,43 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_get_regional_secret] +require "google/cloud/secret_manager" + +## +# Get a regional secret and its metadata +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west11") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# +def get_regional_secret project_id:, location_id:, secret_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the secret. + secret = client.get_secret name: name + + # Print a success message. + puts "Got regional secret #{secret.name}" +end +# [END secretmanager_get_regional_secret] diff --git a/google-cloud-secret_manager/samples/get_regional_secret_version.rb b/google-cloud-secret_manager/samples/get_regional_secret_version.rb new file mode 100644 index 000000000000..ec0905b7f29f --- /dev/null +++ b/google-cloud-secret_manager/samples/get_regional_secret_version.rb @@ -0,0 +1,52 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_get_regional_secret_version] +require "google/cloud/secret_manager" + +## +# Get a regional secret version and its metadata +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param version_id [String] The version (e.g. "5" or "latest") +# +def get_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Get the secret version. + version = client.get_secret_version name: name + + # Get the state. + state = version.state.to_s.downcase + + # Print a success message. + puts "Got regional secret version #{version.name} with state #{state}" +end +# [END secretmanager_get_regional_secret_version] diff --git a/google-cloud-secret_manager/samples/iam_grant_access_regional.rb b/google-cloud-secret_manager/samples/iam_grant_access_regional.rb new file mode 100644 index 000000000000..761d904a0c60 --- /dev/null +++ b/google-cloud-secret_manager/samples/iam_grant_access_regional.rb @@ -0,0 +1,53 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_iam_grant_access_with_regional_secret] +require "google/cloud/secret_manager" + +## +# Update the IAM policy of regional secret to grant access to a user +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param member [String] User or account (e.g. "user:foo@example.com") +# +def iam_grant_access_regional project_id:, location_id:, secret_id:, member: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the current IAM policy. + policy = client.get_iam_policy resource: name + + # Add new member to current bindings + policy.bindings << Google::Iam::V1::Binding.new( + members: [member], + role: "roles/secretmanager.secretAccessor" + ) + + # Update IAM policy + client.set_iam_policy resource: name, policy: policy + + # Print a success message. + puts "Updated regional IAM policy for #{secret_id}" +end +# [END secretmanager_iam_grant_access_with_regional_secret] diff --git a/google-cloud-secret_manager/samples/iam_revoke_access_regional.rb b/google-cloud-secret_manager/samples/iam_revoke_access_regional.rb new file mode 100644 index 000000000000..6885ff41e65f --- /dev/null +++ b/google-cloud-secret_manager/samples/iam_revoke_access_regional.rb @@ -0,0 +1,54 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_iam_revoke_access_with_regional_secret] +require "google/cloud/secret_manager" + +## +# Update the IAM policy of regional secret to revoke access for a user +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param member [String] User or account (e.g. "user:foo@example.com") +# +def iam_revoke_access_regional project_id:, location_id:, secret_id:, member: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the current IAM policy. + policy = client.get_iam_policy resource: name + + # Remove the member from the current bindings + policy.bindings.each do |bind| + if bind.role == "roles/secretmanager.secretAccessor" + bind.members.delete member + end + end + + # Update IAM policy + client.set_iam_policy resource: name, policy: policy + + # Print a success message. + puts "Updated regional IAM policy for #{secret_id}" +end +# [END secretmanager_iam_revoke_access_with_regional_secret] diff --git a/google-cloud-secret_manager/samples/list_regional_secret_versions.rb b/google-cloud-secret_manager/samples/list_regional_secret_versions.rb new file mode 100644 index 000000000000..6d5d1f3c1a81 --- /dev/null +++ b/google-cloud-secret_manager/samples/list_regional_secret_versions.rb @@ -0,0 +1,45 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_list_regional_secret_versions] +require "google/cloud/secret_manager" + +## +# List versions for a regional secret +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# +def list_regional_secret_versions project_id:, location_id:, secret_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent. + parent = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the list of secret versions. + list = client.list_secret_versions parent: parent + + # List all secret versions. + list.each do |version| + puts "Got regional secret version #{version.name}" + end +end +# [END secretmanager_list_regional_secret_versions] diff --git a/google-cloud-secret_manager/samples/list_regional_secret_versions_with_filter.rb b/google-cloud-secret_manager/samples/list_regional_secret_versions_with_filter.rb new file mode 100644 index 000000000000..12cecfb02f9e --- /dev/null +++ b/google-cloud-secret_manager/samples/list_regional_secret_versions_with_filter.rb @@ -0,0 +1,47 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_list_regional_secret_versions_with_filter] +require "google/cloud/secret_manager" + +## +# List versions for a regional secret +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param filter [String] Your filter to be applied (e.g. "create_time>2021-01-01T00:00:00Z") +# Note : See https://cloud.google.com/secret-manager/docs/filtering for filter syntax and examples. +# +def list_regional_secret_versions_with_filter project_id:, location_id:, secret_id:, filter: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent. + parent = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the list of secret versions. + list = client.list_secret_versions parent: parent, filter: filter + + # List all secret versions. + list.each do |version| + puts "Got regional secret version #{version.name}" + end +end +# [END secretmanager_list_regional_secret_versions_with_filter] diff --git a/google-cloud-secret_manager/samples/list_regional_secrets.rb b/google-cloud-secret_manager/samples/list_regional_secrets.rb new file mode 100644 index 000000000000..4a879e44b680 --- /dev/null +++ b/google-cloud-secret_manager/samples/list_regional_secrets.rb @@ -0,0 +1,44 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_list_regional_secrets] +require "google/cloud/secret_manager" + +## +# List regional secrets in a project +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your secret location (e.g. "us-west1") +# +def list_regional_secrets project_id:, location_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent. + parent = client.location_path project: project_id, location: location_id + + # Get the list of secrets. + list = client.list_secrets parent: parent + + # Print out all secrets. + list.each do |secret| + puts "Got regional secret #{secret.name}" + end +end +# [END secretmanager_list_regional_secrets] diff --git a/google-cloud-secret_manager/samples/list_regional_secrets_with_filter.rb b/google-cloud-secret_manager/samples/list_regional_secrets_with_filter.rb new file mode 100644 index 000000000000..88e798ba3c79 --- /dev/null +++ b/google-cloud-secret_manager/samples/list_regional_secrets_with_filter.rb @@ -0,0 +1,46 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_list_regional_secrets_with_filter] +require "google/cloud/secret_manager" + +## +# List regional secrets in a project +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your secret location (e.g. "us-west1") +# @param filter [String] Your filter to be applied (e.g. "create_time>2021-01-01T00:00:00Z") +# Note : See https://cloud.google.com/secret-manager/docs/filtering for filter syntax and examples. +# +def list_regional_secrets_with_filter project_id:, location_id:, filter: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent. + parent = client.location_path project: project_id, location: location_id + + # Get the list of secrets. + list = client.list_secrets parent: parent, filter: filter + + # Print out all secrets. + list.each do |secret| + puts "Got regional secret #{secret.name}" + end +end +# [END secretmanager_list_regional_secrets_with_filter] diff --git a/google-cloud-secret_manager/samples/regional_quickstart.rb b/google-cloud-secret_manager/samples/regional_quickstart.rb new file mode 100644 index 000000000000..c9c328a57dc7 --- /dev/null +++ b/google-cloud-secret_manager/samples/regional_quickstart.rb @@ -0,0 +1,62 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_regional_quickstart] +require "google/cloud/secret_manager" + +## +# Secret manager regional quickstart +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# +def regional_quickstart project_id:, location_id:, secret_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the parent name from the project. + parent = "projects/#{project_id}/locations/#{location_id}" + + # Create the parent secret. + secret = client.create_secret( + parent: parent, + secret_id: secret_id, + secret: {} + ) + + # Add a secret version. + version = client.add_secret_version( + parent: secret.name, + payload: { + data: "hello world!" + } + ) + + # Access the secret version. + response = client.access_secret_version name: version.name + + # Print the secret payload. + # + # WARNING: Do not print the secret in a production environment - this + # snippet is showing how to access the secret material. + payload = response.payload.data + puts "Plaintext: #{payload}" +end +# [END secretmanager_regional_quickstart] diff --git a/google-cloud-secret_manager/samples/regional_snippets.rb b/google-cloud-secret_manager/samples/regional_snippets.rb new file mode 100644 index 000000000000..03d36c52f786 --- /dev/null +++ b/google-cloud-secret_manager/samples/regional_snippets.rb @@ -0,0 +1,983 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +def access_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # [START secretmanager_access_regional_secret_version] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # version_id = "YOUR-VERSION" # (e.g. "5" or "latest") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Access the secret version. + version = client.access_secret_version name: name + + # Print the secret payload. + # + # WARNING: Do not print the secret in a production environment - this + # snippet is showing how to access the secret material. + payload = version.payload.data + puts "Plaintext: #{payload}" + # [END secretmanager_access_regional_secret_version] + + version +end + +def add_regional_secret_version project_id:, location_id:, secret_id: + # [START secretmanager_add_regional_secret_version] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Add the secret version. + version = client.add_secret_version( + parent: name, + payload: { + data: "my super secret data" + } + ) + + # Print the new secret version name. + puts "Added regional secret version: #{version.name}" + # [END secretmanager_add_regional_secret_version] + + version +end + +def create_regional_secret project_id:, location_id:, secret_id: + # [START secretmanager_create_regional_secret] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1")sss + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent project. + parent = client.location_path project: project_id, location: location_id + + # Create the secret. + secret = client.create_secret( + parent: parent, + secret_id: secret_id, + secret: {} + ) + + # Print the new secret name. + puts "Created regional secret: #{secret.name}" + # [END secretmanager_create_regional_secret] + + secret +end + +def delete_regional_secret_with_etag project_id:, location_id:, secret_id:, etag: + # [START secretmanager_delete_regional_secret_with_etag] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # etag = "YOUR-ETAG-ASSOCIATED-WITH-SECRET" # (e.g. "\"1234\"") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Delete the secret. + client.delete_secret name: name, etag: etag + + # Print a success message. + puts "Deleted regional secret #{name}" + # [END secretmanager_delete_regional_secret_with_etag] +end + +def delete_regional_secret project_id:, location_id:, secret_id: + # [START secretmanager_delete_regional_secret] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Delete the secret. + client.delete_secret name: name + + # Print a success message. + puts "Deleted regional secret #{name}" + # [END secretmanager_delete_regional_secret] +end + +def destroy_regional_secret_version_with_etag project_id:, location_id:, secret_id:, version_id:, etag: + # [START secretmanager_destroy_regional_secret_version_with_etag] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # version_id = "YOUR-VERSION" # (e.g. "5" or "latest") + # etag = "YOUR-ETAG-ASSOCIATED-WITH-SECRET" # (e.g. "\"1234\"") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Destroy the secret version. + response = client.destroy_secret_version name: name, etag: etag + + # Print a success message. + puts "Destroyed regional secret version: #{response.name}" + # [END secretmanager_destroy_regional_secret_version_with_etag] + + response +end + +def destroy_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # [START secretmanager_destroy_regional_secret_version] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # version_id = "YOUR-VERSION" # (e.g. "5" or "latest") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Destroy the secret version. + response = client.destroy_secret_version name: name + + # Print a success message. + puts "Destroyed regional secret version: #{response.name}" + # [END secretmanager_destroy_regional_secret_version] + + response +end + +def disable_regional_secret_version_with_etag project_id:, location_id:, secret_id:, version_id:, etag: + # [START secretmanager_disable_regional_secret_version_with_etag] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # version_id = "YOUR-VERSION" # (e.g. "5" or "latest") + # etag = "YOUR-ASSOCIATED-ETAG WITH SECRET" # (e.g. "\"1234\"") + + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Disable the secret version. + response = client.disable_secret_version name: name, etag: etag + + # Print a success message. + puts "Disabled regional secret version: #{response.name}" + # [END secretmanager_disable_regional_secret_version_with_etag] + + response +end + +def disable_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # [START secretmanager_disable_regional_secret_version] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # version_id = "YOUR-VERSION" # (e.g. "5" or "latest") + + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Disable the secret version. + response = client.disable_secret_version name: name + + # Print a success message. + puts "Disabled regional secret version: #{response.name}" + # [END secretmanager_disable_regional_secret_version] + + response +end + +def enable_regional_secret_version_with_etag project_id:, location_id:, secret_id:, version_id:, etag: + # [START secretmanager_enable_regional_secret_version_with_etag] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # version_id = "YOUR-VERSION" # (e.g. "5" or "latest") + # etag = "YOUR-ETAG-ASSOCIATED-WITH-SECRET" # (e.g. "\"1234\"") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Enable the secret version. + response = client.enable_secret_version name: name, etag: etag + + # Print a success message. + puts "Enabled regional secret version: #{response.name}" + # [END secretmanager_enable_regional_secret_version_with_etag] + + response +end + +def enable_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # [START secretmanager_enable_regional_secret_version] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # version_id = "YOUR-VERSION" # (e.g. "5" or "latest") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Enable the secret version. + response = client.enable_secret_version name: name + + # Print a success message. + puts "Enabled regional secret version: #{response.name}" + # [END secretmanager_enable_regional_secret_version] + + response +end + +def get_regional_secret project_id:, location_id:, secret_id: + # [START secretmanager_get_regional_secret] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the secret. + secret = client.get_secret name: name + + # Print a success message. + puts "Got regional secret #{secret.name}" + # [END secretmanager_get_regional_secret] + + secret +end + +def get_regional_secret_version project_id:, location_id:, secret_id:, version_id: + # [START secretmanager_get_regional_secret_version] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # version_id = "YOUR-VERSION" # (e.g. "5" or "latest") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret version. + name = client.secret_version_path( + project: project_id, + location: location_id, + secret: secret_id, + secret_version: version_id + ) + + # Get the secret version. + version = client.get_secret_version name: name + + # Get the state. + state = version.state.to_s.downcase + + # Print a success message. + puts "Got regional secret version #{version.name} with state #{state}" + # [END secretmanager_get_regional_secret_version] + + version +end + +def iam_grant_access_regional project_id:, location_id:, secret_id:, member: + # [START secretmanager_iam_grant_access_with_regional_secret] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # member = "USER-OR-ACCOUNT" # (e.g. "user:foo@example.com") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the current IAM policy. + policy = client.get_iam_policy resource: name + + # Add new member to current bindings + policy.bindings << Google::Iam::V1::Binding.new( + members: [member], + role: "roles/secretmanager.secretAccessor" + ) + + # Update IAM policy + new_policy = client.set_iam_policy resource: name, policy: policy + + # Print a success message. + puts "Updated regional IAM policy for #{secret_id}" + # [END secretmanager_iam_grant_access_with_regional_secret] + + new_policy +end + +def iam_revoke_access_regional project_id:, location_id:, secret_id:, member: + # [START secretmanager_iam_revoke_access_with_regional_secret] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # member = "USER-OR-ACCOUNT" # (e.g. "user:foo@example.com") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the current IAM policy. + policy = client.get_iam_policy resource: name + + # Remove the member from the current bindings + policy.bindings.each do |bind| + if bind.role == "roles/secretmanager.secretAccessor" + bind.members.delete member + end + end + + # Update IAM policy + new_policy = client.set_iam_policy resource: name, policy: policy + + # Print a success message. + puts "Updated regional IAM policy for #{secret_id}" + # [END secretmanager_iam_revoke_access_with_regional_secret] + + new_policy +end + +def list_regional_secret_versions_with_filter project_id:, location_id:, secret_id:, filter: + # [START secretmanager_list_regional_secret_versions_with_filter] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # filter = "YOUR-FILTER-TO-APPLY" # (e.g. "create_time>2024-01-01T00:00:00Z") + # Note : See https://cloud.google.com/secret-manager/docs/filtering for filter syntax and examples. + + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent. + parent = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the list of secret versions. + list = client.list_secret_versions parent: parent, filter: filter + + # List all secret versions. + list.each do |version| + puts "Got regional secret version #{version.name}" + end + # [END secretmanager_list_regional_secret_versions_with_filter] +end + +def list_regional_secret_versions project_id:, location_id:, secret_id: + # [START secretmanager_list_regional_secret_versions] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent. + parent = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Get the list of secret versions. + list = client.list_secret_versions parent: parent + + # List all secret versions. + list.each do |version| + puts "Got regional secret version #{version.name}" + end + # [END secretmanager_list_regional_secret_versions] +end + +def list_regional_secrets_with_filter project_id:, location_id:, filter: + # [START secretmanager_list_regional_secrets_with_filter] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # filter = "YOUR-FILTER-TO-APPLY" # (e.g. "create_time>2024-01-01T00:00:00Z") + # Note : See https://cloud.google.com/secret-manager/docs/filtering for filter syntax and examples. + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent. + parent = client.location_path project: project_id, location: location_id + + # Get the list of secrets. + list = client.list_secrets parent: parent, filter: filter + + # Print out all secrets. + list.each do |secret| + puts "Got regional secret #{secret.name}" + end + # [END secretmanager_list_regional_secrets_with_filter] +end + +def list_regional_secrets project_id:, location_id: + # [START secretmanager_list_regional_secrets] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the parent. + parent = client.location_path project: project_id, location: location_id + + # Get the list of secrets. + list = client.list_secrets parent: parent + + # Print out all secrets. + list.each do |secret| + puts "Got regional secret #{secret.name}" + end + # [END secretmanager_list_regional_secrets] +end + +def update_regional_secret project_id:, location_id:, secret_id: + # [START secretmanager_update_regional_secret] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Create the secret. + secret = client.update_secret( + secret: { + name: name, + labels: { + secretmanager: "rocks" + } + }, + update_mask: { + paths: ["labels"] + } + ) + + # Print the updated secret name. + puts "Updated regional secret: #{secret.name}" + # [END secretmanager_update_regional_secret] + + secret +end + +def update_regional_secret_with_alias project_id:, location_id:, secret_id: + # [START secretmanager_update_regional_secret_with_alias] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Create the secret. + secret = client.update_secret( + secret: { + name: name, + version_aliases: { + test: 1 + } + }, + update_mask: { + paths: ["version_aliases"] + } + ) + + # Print the updated secret name. + puts "Updated regional secret: #{secret.name}" + # [END secretmanager_update_regional_secret_with_alias] + + secret +end + +def update_regional_secret_with_etag project_id:, location_id:, secret_id:, etag: + # [START secretmanager_update_regional_secret_with_etag] + # project_id = "YOUR-GOOGLE-CLOUD-PROJECT" # (e.g. "my-project") + # location_id = "YOUR-GOOGLE-CLOUD-LOCATION" # (e.g. "us-west1") + # secret_id = "YOUR-SECRET-ID" # (e.g. "my-secret") + # etag = "YOUR-ETAG-ASSOCIATED-WITH-SECRET" # (e.g. "\"1234\"") + + + # Require the Secret Manager client library. + require "google/cloud/secret_manager" + + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Create the secret. + secret = client.update_secret( + secret: { + name: name, + etag: etag, + labels: { + secretmanager: "rocks" + } + }, + update_mask: { + paths: ["labels"] + } + ) + + # Print the updated secret name. + puts "Updated regional secret: #{secret.name}" + # [END secretmanager_update_regional_secret_with_etag] + + secret +end + +if $PROGRAM_NAME == __FILE__ + args = ARGV.dup + command = args.shift + + case command + when "access_regional_secret_version" + access_regional_secret_version( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + version_id: args.shift + ) + when "add_regional_secret_version" + add_regional_secret_version( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift + ) + when "create_regional_secret" + create_regional_secret( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift + ) + when "delete_regional_secret_with_etag" + delete_regional_secret_with_etag( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + etag: args.shift + ) + when "delete_regional_secret" + delete_regional_secret( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift + ) + when "destroy_regional_secret_version_with_etag" + destroy_regional_secret_version_with_etag( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + version_id: args.shift, + etag: args.shift + ) + when "destroy_regional_secret_version" + destroy_regional_secret_version( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + version_id: args.shift + ) + when "enable_regional_secret_version_with_etag" + enable_regional_secret_version_with_etag( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + version_id: args.shift, + etag: args.shift + ) + when "enable_regional_secret_version" + enable_regional_secret_version( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + version_id: args.shift + ) + when "disable_regional_secret_version_with_etag" + disable_regional_secret_version_with_etag( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + version_id: args.shift, + etag: args.shift + ) + when "disable_secret_version" + disable_secret_version( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + version_id: args.shift + ) + when "get_regional_secret" + get_regional_secret( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift + ) + when "get_regional_secret_version" + get_regional_secret_version( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + version_id: args.shift + ) + when "iam_grant_access_regional" + iam_grant_access_regional( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + member: args.shift + ) + when "iam_revoke_access_regional" + iam_revoke_access_regional( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + member: args.shift + ) + when "list_regional_secret_versions_with_filter" + list_regional_secret_versions_with_filter( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + filter: args.shift + ) + when "list_regional_secret_versions" + list_regional_secret_versions( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift + ) + when "list_regional_secrets_with_filter" + list_regional_secrets( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + filter: args.shift + ) + when "list_regional_secrets" + list_regional_secrets( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"] + ) + when "update_regional_secret_with_alias" + update_regional_secret_with_alias( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift + ) + when "update_regional_secret_with_etag" + update_regional_secret_with_etag( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift, + etag: args.shift + ) + when "update_regional_secret" + update_regional_secret( + project_id: ENV["GOOGLE_CLOUD_PROJECT"], + location_id: ENV["GOOGLE_CLOUD_LOCATION"], + secret_id: args.shift + ) + else + puts <<~USAGE + Usage: bundle exec ruby #{__FILE__} [command] [arguments] + + Commands: + access_regional_secret_version Access a regional secret version + add_regional_secret_version Add a new regional secret version + create_regional_secret Create a new regional secret + delete_regional_secret_with_etag Delete an existing regional secret with associated etag + delete_regional_secret Delete an existing regional secret + destroy_regional_secret_version_with_etag Destroy a regional secret version + destroy_regional_secret_version Destroy a regional secret version + disable_regional_secret_version_with_etag Disable a regional secret version + disable_regional_secret_version Disable a regional secret version + enable_regional_secret_version_with_etag Enable a regional secret version + enable_regional_secret_version Enable a regional secret version + get_regional_secret Get a regional secret + get_regional_secret_version Get a regional secret version + iam_grant_access_regional Grant the member access to the regional secret + iam_revoke_access_regional Revoke the member access to the regional secret + list_regional_secret_versions_with_filter List all versions for a regional secret + list_regional_secret_versions List all versions for a regional secret + list_regional_secrets_with_filter List all regional secrets + list_regional_secrets List all regional secrets + update_regional_secret_with_alias Update a regional secret + update_regional_secret_with_etag Update a regional secret + update_regional_secret Update a regional secret + + Environment variables: + GOOGLE_CLOUD_PROJECT ID of the Google Cloud project to run the regional snippets + GOOGLE_CLOUD_LOCATION ID of the Google Cloud location to run the regional snippets + USAGE + end +end diff --git a/google-cloud-secret_manager/samples/update_regional_secret.rb b/google-cloud-secret_manager/samples/update_regional_secret.rb new file mode 100644 index 000000000000..18e2f2d5a837 --- /dev/null +++ b/google-cloud-secret_manager/samples/update_regional_secret.rb @@ -0,0 +1,54 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_update_regional_secret] +require "google/cloud/secret_manager" + +## +# Update a regional secret's labels +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# +def update_regional_secret project_id:, location_id:, secret_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Create the secret. + secret = client.update_secret( + secret: { + name: name, + labels: { + secretmanager: "rocks" + } + }, + update_mask: { + paths: ["labels"] + } + ) + + # Print the updated secret name and the new label value. + puts "Updated regional secret: #{secret.name}" + puts "New label: #{secret.labels['secretmanager']}" +end +# [END secretmanager_update_regional_secret] diff --git a/google-cloud-secret_manager/samples/update_regional_secret_with_alias.rb b/google-cloud-secret_manager/samples/update_regional_secret_with_alias.rb new file mode 100644 index 000000000000..72fb5a7920d9 --- /dev/null +++ b/google-cloud-secret_manager/samples/update_regional_secret_with_alias.rb @@ -0,0 +1,54 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_update_regional_secret_with_alias] +require "google/cloud/secret_manager" + +## +# Update a regional secret's version aliases +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# +def update_regional_secret_with_alias project_id:, location_id:, secret_id: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Create the secret. + secret = client.update_secret( + secret: { + name: name, + version_aliases: { + test: 1 + } + }, + update_mask: { + paths: ["version_aliases"] + } + ) + + # Print the updated secret name and the new version alias. + puts "Updated regional secret: #{secret.name}" + puts "New version alias: #{secret.version_aliases['test']}" +end +# [END secretmanager_update_regional_secret_with_alias] diff --git a/google-cloud-secret_manager/samples/update_regional_secret_with_etag.rb b/google-cloud-secret_manager/samples/update_regional_secret_with_etag.rb new file mode 100644 index 000000000000..c514a2c0aff1 --- /dev/null +++ b/google-cloud-secret_manager/samples/update_regional_secret_with_etag.rb @@ -0,0 +1,56 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START secretmanager_update_regional_secret_with_etag] +require "google/cloud/secret_manager" + +## +# Update a regional secret's labels with the given etag and anme +# +# @param project_id [String] Your Google Cloud project (e.g. "my-project") +# @param location_id [String] Your Google Cloud location (e.g. "us-west1") +# @param secret_id [String] Your secret name (e.g. "my-secret") +# @param etag [String] The e-tag associated with the secret (e.g. "\"1234\"") +# +def update_regional_secret_with_etag project_id:, location_id:, secret_id:, etag: + # Endpoint for the regional secret manager service. + api_endpoint = "secretmanager.#{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = Google::Cloud::SecretManager.secret_manager_service do |config| + config.endpoint = api_endpoint + end + + # Build the resource name of the secret. + name = client.secret_path project: project_id, location: location_id, secret: secret_id + + # Create the secret. + secret = client.update_secret( + secret: { + name: name, + etag: etag, + labels: { + secretmanager: "rocks" + } + }, + update_mask: { + paths: ["labels"] + } + ) + + # Print the updated secret name and the new label value. + puts "Updated regional secret: #{secret.name}" + puts "New label: #{secret.labels['secretmanager']}" +end +# [END secretmanager_update_regional_secret_with_etag]