From 0263e0417e536666719c5157e98267212095912f Mon Sep 17 00:00:00 2001 From: Vipul Mittal Date: Thu, 22 Aug 2024 12:21:49 +0000 Subject: [PATCH] fix:added samples for SM --- .../delete_regional_secret_with_etag.py | 66 ++++++++++++++++ ...stroy_regional_secret_version_with_etag.py | 75 ++++++++++++++++++ ...sable_regional_secret_version_with_etag.py | 76 +++++++++++++++++++ ...nable_regional_secret_version_with_etag.py | 76 +++++++++++++++++++ .../regional_samples/snippets_test.py | 52 +++++++++++++ .../update_regional_secret_with_etag.py | 67 ++++++++++++++++ 6 files changed, 412 insertions(+) create mode 100644 secretmanager/snippets/regional_samples/delete_regional_secret_with_etag.py create mode 100644 secretmanager/snippets/regional_samples/destroy_regional_secret_version_with_etag.py create mode 100644 secretmanager/snippets/regional_samples/disable_regional_secret_version_with_etag.py create mode 100644 secretmanager/snippets/regional_samples/enable_regional_secret_version_with_etag.py create mode 100644 secretmanager/snippets/regional_samples/update_regional_secret_with_etag.py diff --git a/secretmanager/snippets/regional_samples/delete_regional_secret_with_etag.py b/secretmanager/snippets/regional_samples/delete_regional_secret_with_etag.py new file mode 100644 index 00000000000..41d03b3e501 --- /dev/null +++ b/secretmanager/snippets/regional_samples/delete_regional_secret_with_etag.py @@ -0,0 +1,66 @@ +#!/usr/bin/env python + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for deleting an existing regional +secret. +""" + +import argparse + + +# [START secretmanager_v1_delete_regional_secret_with_etag] +def delete_regional_secret_with_etag(project_id: str, location_id: str, secret_id: str, etag: str) -> None: + """ + Delete the regional secret with the given name, etag, and all of its versions. + """ + + # Import the Secret Manager client library and types. + from google.cloud import secretmanager_v1 + from google.cloud.secretmanager_v1.types import service + + # Endpoint to call the regional secret manager sever + api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = secretmanager_v1.SecretManagerServiceClient(client_options={ + "api_endpoint": api_endpoint + }) + + # Build the resource name of the secret. + name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}" + + # Build the request + request = service.DeleteSecretRequest() + request.name = name + request.etag = etag + + # Delete the secret. + client.delete_secret(request=request) + + +# [END secretmanager_v1_delete_regional_secret_with_etag] + + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter + ) + parser.add_argument("project_id", help="id of the GCP project") + parser.add_argument("location_id", help="id of location where secret is stored") + parser.add_argument("secret_id", help="id of the secret to delete") + parser.add_argument("etag", help="current etag of the secret to delete") + args = parser.parse_args() + + delete_regional_secret_with_etag(args.project_id, args.location_id, args.secret_id, args.etag) \ No newline at end of file diff --git a/secretmanager/snippets/regional_samples/destroy_regional_secret_version_with_etag.py b/secretmanager/snippets/regional_samples/destroy_regional_secret_version_with_etag.py new file mode 100644 index 00000000000..f7a3557f8aa --- /dev/null +++ b/secretmanager/snippets/regional_samples/destroy_regional_secret_version_with_etag.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for destroying a secret version. +""" + +import argparse + +from google.cloud import secretmanager_v1 + + +# [START secretmanager_v1_destroy_regional_secret_version_with_etag] +def destroy_regional_secret_version_with_etag( + project_id: str, location_id: str, secret_id: str, version_id: str, etag: str +) -> secretmanager_v1.DestroySecretVersionRequest: + """ + Destroy the given secret version, making the payload irrecoverable. Other + secrets versions are unaffected. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1 + from google.cloud.secretmanager_v1.types import service + + # Endpoint to call the regional secret manager sever + api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = secretmanager_v1.SecretManagerServiceClient(client_options={ + "api_endpoint": api_endpoint + }) + + # Build the resource name of the secret version + name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}/versions/{version_id}" + + # Build the request + request = service.DestroySecretVersionRequest() + request.name = name + request.etag = etag + + # Destroy the secret version. + response = client.destroy_secret_version(request=request) + + print(f"Destroyed secret version: {response.name}") + # [END secretmanager_v1_destroy_regional_secret_version_with_etag] + + return response + + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter + ) + parser.add_argument("project_id", help="id of the GCP project") + parser.add_argument("location_id", help="id of location where secret is stored") + parser.add_argument("secret_id", help="id of the secret from which to act") + parser.add_argument("version_id", help="id of the version to destroy") + parser.add_argument("etag", help="current etag of the version") + args = parser.parse_args() + + destroy_regional_secret_version_with_etag( + args.project_id, args.location_id, args.secret_id, args.version_id, args.etag + ) \ No newline at end of file diff --git a/secretmanager/snippets/regional_samples/disable_regional_secret_version_with_etag.py b/secretmanager/snippets/regional_samples/disable_regional_secret_version_with_etag.py new file mode 100644 index 00000000000..37e2e064255 --- /dev/null +++ b/secretmanager/snippets/regional_samples/disable_regional_secret_version_with_etag.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for disabling a regional +secret version. +""" + +import argparse + +from google.cloud import secretmanager_v1 + + +# [START secretmanager_v1_disable_regional_secret_version_with_etag] +def disable_regional_secret_version_with_etag( + project_id: str, location_id: str, secret_id: str, version_id: str, etag: str +) -> secretmanager_v1.DisableSecretVersionRequest: + """ + Disable the given secret version. Future requests will throw an error until + the secret version is enabled. Other secrets versions are unaffected. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1 + from google.cloud.secretmanager_v1.types import service + + # Endpoint to call the regional secret manager sever + api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = secretmanager_v1.SecretManagerServiceClient(client_options={ + "api_endpoint": api_endpoint + }) + + # Build the resource name of the secret version + name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}/versions/{version_id}" + + # Build the request + request = service.DisableSecretVersionRequest() + request.name = name + request.etag = etag + + # Disable the secret version. + response = client.disable_secret_version(request=request) + + print(f"Disabled secret version: {response.name}") + # [END secretmanager_v1_disable_regional_secret_version_with_etag] + + return response + + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter + ) + parser.add_argument("project_id", help="id of the GCP project") + parser.add_argument("location_id", help="id of location where secret is stored") + parser.add_argument("secret_id", help="id of the secret from which to act") + parser.add_argument("version_id", help="id of the version to disable") + parser.add_argument("etag", help="current etag of the version") + args = parser.parse_args() + + disable_regional_secret_version_with_etag( + args.project_id, args.location_id, args.secret_id, args.version_id, args.etag + ) \ No newline at end of file diff --git a/secretmanager/snippets/regional_samples/enable_regional_secret_version_with_etag.py b/secretmanager/snippets/regional_samples/enable_regional_secret_version_with_etag.py new file mode 100644 index 00000000000..bfc2b9e88dc --- /dev/null +++ b/secretmanager/snippets/regional_samples/enable_regional_secret_version_with_etag.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for enabling a regional +secret version. +""" + +import argparse + +from google.cloud import secretmanager_v1 + + +# [START secretmanager_v1_enable_regional_secret_version_with_etag] +def enable_regional_secret_version_with_etag( + project_id: str, location_id: str, secret_id: str, version_id: str, etag: str +) -> secretmanager_v1.EnableSecretVersionRequest: + """ + Enable the given secret version, enabling it to be accessed after + previously being disabled. Other secrets versions are unaffected. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1 + from google.cloud.secretmanager_v1.types import service + + # Endpoint to call the regional secret manager sever + api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = secretmanager_v1.SecretManagerServiceClient(client_options={ + "api_endpoint": api_endpoint + }) + + # Build the resource name of the secret version + name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}/versions/{version_id}" + + # Build the request + request = service.EnableSecretVersionRequest() + request.name = name + request.etag = etag + + # Disable the secret version. + response = client.enable_secret_version(request=request) + + print(f"Enabled secret version: {response.name}") + # [END secretmanager_v1_enable_regional_secret_version_with_etag] + + return response + + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter + ) + parser.add_argument("project_id", help="id of the GCP project") + parser.add_argument("location_id", help="id of location where secret is stored") + parser.add_argument("secret_id", help="id of the secret from which to act") + parser.add_argument("version_id", help="id of the version to enable") + parser.add_argument("etag", help="current etag of the version") + args = parser.parse_args() + + enable_regional_secret_version_with_etag( + args.project_id, args.location_id, args.secret_id, args.version_id, args.etag + ) \ No newline at end of file diff --git a/secretmanager/snippets/regional_samples/snippets_test.py b/secretmanager/snippets/regional_samples/snippets_test.py index 1e3264a529a..11cc18de33b 100644 --- a/secretmanager/snippets/regional_samples/snippets_test.py +++ b/secretmanager/snippets/regional_samples/snippets_test.py @@ -27,19 +27,34 @@ from regional_samples.add_regional_secret_version import add_regional_secret_version from regional_samples.create_regional_secret import create_regional_secret from regional_samples.delete_regional_secret import delete_regional_secret +from regional_samples.delete_regional_secret_with_etag import ( + delete_regional_secret_with_etag, +) from regional_samples.destroy_regional_secret_version import ( destroy_regional_secret_version, ) +from regional_samples.destroy_regional_secret_version_with_etag import ( + destroy_regional_secret_version_with_etag, +) from regional_samples.disable_regional_secret_version import ( disable_regional_secret_version, ) +from regional_samples.disable_regional_secret_version_with_etag import ( + disable_regional_secret_version_with_etag, +) from regional_samples.enable_regional_secret_version import ( enable_regional_secret_version, ) +from regional_samples.enable_regional_secret_version_with_etag import ( + enable_regional_secret_version_with_etag, +) from regional_samples.get_regional_secret import get_regional_secret from regional_samples.get_regional_secret_version import get_regional_secret_version from regional_samples.regional_quickstart import regional_quickstart from regional_samples.update_regional_secret import update_regional_secret +from regional_samples.update_regional_secret_with_etag import ( + update_regional_secret_with_etag, +) @pytest.fixture() def location_id() -> str: @@ -199,6 +214,19 @@ def test_delete_regional_secret( regional_client, request={"name": name} ) +def test_delete_regional_secret_with_etag( + regional_client: secretmanager_v1.SecretManagerServiceClient, + regional_secret: Tuple[str, str, str, str], +) -> None: + project_id, location_id, secret_id, etag = regional_secret + delete_regional_secret_with_etag(project_id, location_id, secret_id, etag) + with pytest.raises(exceptions.NotFound): + print(f"{regional_client}") + name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}/versions/latest" + retry_client_access_regional_secret_version( + regional_client, request={"name": name} + ) + def test_destroy_regional_secret_version( regional_client: secretmanager_v1.SecretManagerServiceClient, regional_secret_version: Tuple[str, str, str, str, str], @@ -224,6 +252,21 @@ def test_enable_disable_regional_secret_version( ) assert version.state == secretmanager.SecretVersion.State.ENABLED +def test_enable_disable_regional_secret_version_with_etag( + regional_client: secretmanager_v1.SecretManagerServiceClient, + regional_secret_version: Tuple[str, str, str, str, str], +) -> None: + project_id, location_id, secret_id, version_id, etag = regional_secret_version + version = disable_regional_secret_version_with_etag( + project_id, location_id, secret_id, version_id, etag + ) + assert version.state == secretmanager.SecretVersion.State.DISABLED + + version = enable_regional_secret_version_with_etag( + project_id, location_id, secret_id, version_id, version.etag + ) + assert version.state == secretmanager.SecretVersion.State.ENABLED + def test_get_regional_secret_version( regional_client: secretmanager_v1.SecretManagerServiceClient, regional_secret_version: Tuple[str, str, str, str, str], @@ -239,3 +282,12 @@ def test_update_regional_secret(regional_secret: Tuple[str, str, str, str]) -> N project_id, location_id, secret_id, _ = regional_secret updated_regional_secret = update_regional_secret(project_id, location_id, secret_id) assert updated_regional_secret.labels["secretmanager"] == "rocks" + +def test_update_regional_secret_with_etag( + regional_secret: Tuple[str, str, str, str] +) -> None: + project_id, location_id, secret_id, etag = regional_secret + updated_regional_secret = update_regional_secret_with_etag( + project_id, location_id, secret_id, etag + ) + assert updated_regional_secret.labels["secretmanager"] == "rocks" diff --git a/secretmanager/snippets/regional_samples/update_regional_secret_with_etag.py b/secretmanager/snippets/regional_samples/update_regional_secret_with_etag.py new file mode 100644 index 00000000000..63af0488d1a --- /dev/null +++ b/secretmanager/snippets/regional_samples/update_regional_secret_with_etag.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python + +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and + +import argparse + +from google.cloud import secretmanager_v1 + + +# [START secretmanager_v1_update_regional_secret_with_etag] +def update_regional_secret_with_etag( + project_id: str, location_id: str, secret_id: str, etag: str +) -> secretmanager_v1.UpdateSecretRequest: + """ + Update the metadata about an existing secret, using etag. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1 + + # Endpoint to call the regional secret manager sever + api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com" + + # Create the Secret Manager client. + client = secretmanager_v1.SecretManagerServiceClient(client_options={ + "api_endpoint": api_endpoint + }) + + # Build the resource name of the secret. + name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}" + + # Update the secret. + secret = {"name": name, "labels": {"secretmanager": "rocks"}, "etag": etag} + update_mask = {"paths": ["labels"]} + response = client.update_secret( + request={"secret": secret, "update_mask": update_mask} + ) + + # Print the new secret name. + print(f"Updated secret: {response.name}") + # [END secretmanager_v1_update_regional_secret_with_etag] + + return response + + +if __name__ == "__main__": + parser = argparse.ArgumentParser( + description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter + ) + parser.add_argument("project_id", help="id of the GCP project") + parser.add_argument("location_id", help="id of location where secret is stored") + parser.add_argument("secret-id", required=True) + parser.add_argument("etag", help="current etag of the secret") + args = parser.parse_args() + + update_regional_secret_with_etag(args.project_id, args.location_id, args.secret_id, args.etag) \ No newline at end of file