google-cloud-secret_manager-v1 0.4.3 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44e987993d556e72e1b0eca1ce144dbf6a57ad31fb39a69b4a1af6eb49aa91b4
-  data.tar.gz: 7dce2562bf70a5f0dca416f66d4b5c6fb6de0c0ef60a1e7efe59d04ef921e436
+  metadata.gz: 2661aeba908fe278c44a630a39dfe2b02dae220a52892ff0cb83f053aedf3ef9
+  data.tar.gz: 7e530986a32fa5821977177b957b5c4d2b5b436aa5e512c994deba64ac135331
 SHA512:
-  metadata.gz: 3bc3f8e8be6f7e7360a758907ca6e14810790e9aa09263f41ccecbc6187ca1b76f6e606e0df7a98fb7793c8a20075eb7e9a88732aa446143b35e7871fbe73351
-  data.tar.gz: c7430205f1325140230b7d78b9a7bdfcc4aad80c894581590536642c7e0d985594333bd62ac28e98afa17294c5504890c28840140225c4ba0bc9c61ef916a2ef
+  metadata.gz: 3a5b8939ecf7496ce7a4318c1395b7fd3999b815bf7fab66010df3db467d4098ff828c68794b2f406944b07d5687a7d843d8a139070580270eda7ddbdb55e96e
+  data.tar.gz: 37092d92c82917f057d58e6d72feaff6a65d51266c7b1ac977bed9ee8ee7dacb3eda75d342edf79aa395bd692c9f39949f417e8755cafebf7286186ff4d75029

data/lib/google/cloud/secret_manager/v1.rb

@@ -33,3 +33,6 @@ module Google
     end
   end
 end
+
+helper_path = ::File.join __dir__, "v1", "_helpers.rb"
+require "google/cloud/secret_manager/v1/_helpers" if ::File.file? helper_path

data/lib/google/cloud/secret_manager/v1/secret_manager_service/client.rb

@@ -92,7 +92,7 @@ module Google
                   initial_delay: 1.0,
                   max_delay:     60.0,
                   multiplier:    1.3,
-                  retry_codes:   ["UNAVAILABLE", "UNKNOWN"]
+                  retry_codes:   [14, 2]
                 }
 
                 default_config.rpcs.disable_secret_version.timeout = 60.0
@@ -1347,7 +1347,7 @@ module Google
 
               config_attr :endpoint,      "secretmanager.googleapis.com", ::String
               config_attr :credentials,   nil do |value|
-                allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
+                allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
                 allowed.any? { |klass| klass === value }
               end
@@ -1387,7 +1387,7 @@ module Google
               # Each configuration object is of type `Gapic::Config::Method` and includes
               # the following configuration fields:
               #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
+              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
               #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
               #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
               #     include the following keys:

data/lib/google/cloud/secret_manager/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module SecretManager
       module V1
-        VERSION = "0.4.3"
+        VERSION = "0.6.0"
       end
     end
   end

data/lib/google/cloud/secretmanager/v1/resources_pb.rb

@@ -5,6 +5,7 @@ require 'google/protobuf'
 
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
+require 'google/protobuf/duration_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -14,12 +15,17 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :replication, :message, 2, "google.cloud.secretmanager.v1.Replication"
       optional :create_time, :message, 3, "google.protobuf.Timestamp"
       map :labels, :string, :string, 4
+      oneof :expiration do
+        optional :expire_time, :message, 6, "google.protobuf.Timestamp"
+        optional :ttl, :message, 7, "google.protobuf.Duration"
+      end
     end
     add_message "google.cloud.secretmanager.v1.SecretVersion" do
       optional :name, :string, 1
       optional :create_time, :message, 2, "google.protobuf.Timestamp"
       optional :destroy_time, :message, 3, "google.protobuf.Timestamp"
       optional :state, :enum, 4, "google.cloud.secretmanager.v1.SecretVersion.State"
+      optional :replication_status, :message, 5, "google.cloud.secretmanager.v1.ReplicationStatus"
     end
     add_enum "google.cloud.secretmanager.v1.SecretVersion.State" do
       value :STATE_UNSPECIFIED, 0
@@ -34,12 +40,36 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       end
     end
     add_message "google.cloud.secretmanager.v1.Replication.Automatic" do
+      optional :customer_managed_encryption, :message, 1, "google.cloud.secretmanager.v1.CustomerManagedEncryption"
     end
     add_message "google.cloud.secretmanager.v1.Replication.UserManaged" do
       repeated :replicas, :message, 1, "google.cloud.secretmanager.v1.Replication.UserManaged.Replica"
     end
     add_message "google.cloud.secretmanager.v1.Replication.UserManaged.Replica" do
       optional :location, :string, 1
+      optional :customer_managed_encryption, :message, 2, "google.cloud.secretmanager.v1.CustomerManagedEncryption"
+    end
+    add_message "google.cloud.secretmanager.v1.CustomerManagedEncryption" do
+      optional :kms_key_name, :string, 1
+    end
+    add_message "google.cloud.secretmanager.v1.ReplicationStatus" do
+      oneof :replication_status do
+        optional :automatic, :message, 1, "google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus"
+        optional :user_managed, :message, 2, "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus"
+      end
+    end
+    add_message "google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus" do
+      optional :customer_managed_encryption, :message, 1, "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus"
+    end
+    add_message "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus" do
+      repeated :replicas, :message, 1, "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus"
+    end
+    add_message "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus" do
+      optional :location, :string, 1
+      optional :customer_managed_encryption, :message, 2, "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus"
+    end
+    add_message "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus" do
+      optional :kms_key_version_name, :string, 1
     end
     add_message "google.cloud.secretmanager.v1.SecretPayload" do
       optional :data, :bytes, 1
@@ -58,6 +88,12 @@ module Google
         Replication::Automatic = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.Automatic").msgclass
         Replication::UserManaged = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.UserManaged").msgclass
         Replication::UserManaged::Replica = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.UserManaged.Replica").msgclass
+        CustomerManagedEncryption = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryption").msgclass
+        ReplicationStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus").msgclass
+        ReplicationStatus::AutomaticStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus").msgclass
+        ReplicationStatus::UserManagedStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus").msgclass
+        ReplicationStatus::UserManagedStatus::ReplicaStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus").msgclass
+        CustomerManagedEncryptionStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus").msgclass
         SecretPayload = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.SecretPayload").msgclass
       end
     end

data/lib/google/cloud/secretmanager/v1/service_services_pb.rb

@@ -24,9 +24,6 @@ module Google
     module SecretManager
       module V1
         module SecretManagerService
-          # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
-          # [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
-          #
           # Secret Manager Service
           #
           # Manages secrets and operations using those secrets. Implements a REST
@@ -43,56 +40,56 @@ module Google
             self.service_name = 'google.cloud.secretmanager.v1.SecretManagerService'
 
             # Lists [Secrets][google.cloud.secretmanager.v1.Secret].
-            rpc :ListSecrets, Google::Cloud::SecretManager::V1::ListSecretsRequest, Google::Cloud::SecretManager::V1::ListSecretsResponse
+            rpc :ListSecrets, ::Google::Cloud::SecretManager::V1::ListSecretsRequest, ::Google::Cloud::SecretManager::V1::ListSecretsResponse
             # Creates a new [Secret][google.cloud.secretmanager.v1.Secret] containing no [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].
-            rpc :CreateSecret, Google::Cloud::SecretManager::V1::CreateSecretRequest, Google::Cloud::SecretManager::V1::Secret
+            rpc :CreateSecret, ::Google::Cloud::SecretManager::V1::CreateSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
             # Creates a new [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] containing secret data and attaches
             # it to an existing [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :AddSecretVersion, Google::Cloud::SecretManager::V1::AddSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :AddSecretVersion, ::Google::Cloud::SecretManager::V1::AddSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Gets metadata for a given [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :GetSecret, Google::Cloud::SecretManager::V1::GetSecretRequest, Google::Cloud::SecretManager::V1::Secret
+            rpc :GetSecret, ::Google::Cloud::SecretManager::V1::GetSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
             # Updates metadata of an existing [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :UpdateSecret, Google::Cloud::SecretManager::V1::UpdateSecretRequest, Google::Cloud::SecretManager::V1::Secret
+            rpc :UpdateSecret, ::Google::Cloud::SecretManager::V1::UpdateSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
             # Deletes a [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :DeleteSecret, Google::Cloud::SecretManager::V1::DeleteSecretRequest, Google::Protobuf::Empty
+            rpc :DeleteSecret, ::Google::Cloud::SecretManager::V1::DeleteSecretRequest, ::Google::Protobuf::Empty
             # Lists [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. This call does not return secret
             # data.
-            rpc :ListSecretVersions, Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
+            rpc :ListSecretVersions, ::Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, ::Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
             # Gets metadata for a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
             # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
             # [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
-            rpc :GetSecretVersion, Google::Cloud::SecretManager::V1::GetSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :GetSecretVersion, ::Google::Cloud::SecretManager::V1::GetSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Accesses a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. This call returns the secret data.
             #
             # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
             # [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
-            rpc :AccessSecretVersion, Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
+            rpc :AccessSecretVersion, ::Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, ::Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
             # Disables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
             # Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
             # [DISABLED][google.cloud.secretmanager.v1.SecretVersion.State.DISABLED].
-            rpc :DisableSecretVersion, Google::Cloud::SecretManager::V1::DisableSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :DisableSecretVersion, ::Google::Cloud::SecretManager::V1::DisableSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Enables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
             # Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
             # [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED].
-            rpc :EnableSecretVersion, Google::Cloud::SecretManager::V1::EnableSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :EnableSecretVersion, ::Google::Cloud::SecretManager::V1::EnableSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Destroys a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
             # Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
             # [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED] and irrevocably destroys the
             # secret data.
-            rpc :DestroySecretVersion, Google::Cloud::SecretManager::V1::DestroySecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :DestroySecretVersion, ::Google::Cloud::SecretManager::V1::DestroySecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Sets the access control policy on the specified secret. Replaces any
             # existing policy.
             #
             # Permissions on [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] are enforced according
             # to the policy set on the associated [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :SetIamPolicy, Google::Iam::V1::SetIamPolicyRequest, Google::Iam::V1::Policy
+            rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
             # Gets the access control policy for a secret.
             # Returns empty policy if the secret exists and does not have a policy set.
-            rpc :GetIamPolicy, Google::Iam::V1::GetIamPolicyRequest, Google::Iam::V1::Policy
+            rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
             # Returns permissions that a caller has for the specified secret.
             # If the secret does not exist, this call returns an empty set of
             # permissions, not a NOT_FOUND error.
@@ -100,7 +97,7 @@ module Google
             # Note: This operation is designed to be used for building permission-aware
             # UIs and command-line tools, not for authorization checking. This operation
             # may "fail open" without warning.
-            rpc :TestIamPermissions, Google::Iam::V1::TestIamPermissionsRequest, Google::Iam::V1::TestIamPermissionsResponse
+            rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
           end
 
           Stub = Service.rpc_stub_class

data/proto_docs/google/api/resource.rb

@@ -43,12 +43,12 @@ module Google
     #
     # The ResourceDescriptor Yaml config will look like:
     #
-    #    resources:
-    #    - type: "pubsub.googleapis.com/Topic"
-    #      name_descriptor:
-    #        - pattern: "projects/\\{project}/topics/\\{topic}"
-    #          parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #          parent_name_extractor: "projects/\\{project}"
+    #     resources:
+    #     - type: "pubsub.googleapis.com/Topic"
+    #       name_descriptor:
+    #         - pattern: "projects/{project}/topics/{topic}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -183,15 +183,24 @@ module Google
     #         }
     # @!attribute [rw] plural
     #   @return [::String]
-    #     The plural name used in the resource name, such as 'projects' for
-    #     the name of 'projects/\\{project}'. It is the same concept of the `plural`
-    #     field in k8s CRD spec
+    #     The plural name used in the resource name and permission names, such as
+    #     'projects' for the resource name of 'projects/\\{project}' and the permission
+    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
+    #     concept of the `plural` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #
+    #     Note: The plural form is required even for singleton resources. See
+    #     https://aip.dev/156
     # @!attribute [rw] singular
     #   @return [::String]
     #     The same concept of the `singular` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
     #     Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+    # @!attribute [rw] style
+    #   @return [::Array<::Google::Api::ResourceDescriptor::Style>]
+    #     Style flag(s) for this resource.
+    #     These indicate that a resource is expected to conform to a given
+    #     style. See the specific style flags for additional information.
     class ResourceDescriptor
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -211,6 +220,22 @@ module Google
         # that from being necessary once there are multiple patterns.)
         FUTURE_MULTI_PATTERN = 2
       end
+
+      # A flag representing a specific style that a resource claims to conform to.
+      module Style
+        # The unspecified value. Do not use.
+        STYLE_UNSPECIFIED = 0
+
+        # This resource is intended to be "declarative-friendly".
+        #
+        # Declarative-friendly resources must be more strictly consistent, and
+        # setting this to true communicates to tools that this resource should
+        # adhere to declarative-friendly expectations.
+        #
+        # Note: This is used by the API linter (linter.aip.dev) to enable
+        # additional checks.
+        DECLARATIVE_FRIENDLY = 1
+      end
     end
 
     # Defines a proto annotation that describes a string field that refers to
@@ -226,6 +251,17 @@ module Google
     #             type: "pubsub.googleapis.com/Topic"
     #           }];
     #         }
+    #
+    #     Occasionally, a field may reference an arbitrary resource. In this case,
+    #     APIs use the special value * in their resource reference.
+    #
+    #     Example:
+    #
+    #         message GetIamPolicyRequest {
+    #           string resource = 2 [(google.api.resource_reference) = {
+    #             type: "*"
+    #           }];
+    #         }
     # @!attribute [rw] child_type
     #   @return [::String]
     #     The resource type of a child collection that the annotated field
@@ -234,11 +270,11 @@ module Google
     #
     #     Example:
     #
-    #       message ListLogEntriesRequest {
-    #         string parent = 1 [(google.api.resource_reference) = {
-    #           child_type: "logging.googleapis.com/LogEntry"
-    #         };
-    #       }
+    #         message ListLogEntriesRequest {
+    #           string parent = 1 [(google.api.resource_reference) = {
+    #             child_type: "logging.googleapis.com/LogEntry"
+    #           };
+    #         }
     class ResourceReference
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/secretmanager/v1/resources.rb

@@ -50,6 +50,13 @@ module Google
         #     regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
         #
         #     No more than 64 labels can be assigned to a given resource.
+        # @!attribute [rw] expire_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Optional. Timestamp in UTC when the {::Google::Cloud::SecretManager::V1::Secret Secret} is scheduled to expire. This is
+        #     always provided on output, regardless of what was sent on input.
+        # @!attribute [rw] ttl
+        #   @return [::Google::Protobuf::Duration]
+        #     Input only. The TTL for the {::Google::Cloud::SecretManager::V1::Secret Secret}.
         class Secret
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -83,6 +90,9 @@ module Google
         # @!attribute [r] state
         #   @return [::Google::Cloud::SecretManager::V1::SecretVersion::State]
         #     Output only. The current state of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+        # @!attribute [rw] replication_status
+        #   @return [::Google::Cloud::SecretManager::V1::ReplicationStatus]
+        #     The replication status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
         class SecretVersion
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -106,7 +116,7 @@ module Google
           end
         end
 
-        # A policy that defines the replication configuration of data.
+        # A policy that defines the replication and encryption configuration of data.
         # @!attribute [rw] automatic
         #   @return [::Google::Cloud::SecretManager::V1::Replication::Automatic]
         #     The {::Google::Cloud::SecretManager::V1::Secret Secret} will automatically be replicated without any restrictions.
@@ -119,6 +129,14 @@ module Google
 
           # A replication policy that replicates the {::Google::Cloud::SecretManager::V1::Secret Secret} payload without any
           # restrictions.
+          # @!attribute [rw] customer_managed_encryption
+          #   @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryption]
+          #     Optional. The customer-managed encryption configuration of the {::Google::Cloud::SecretManager::V1::Secret Secret}. If no
+          #     configuration is provided, Google-managed default encryption is used.
+          #
+          #     Updates to the {::Google::Cloud::SecretManager::V1::Secret Secret} encryption configuration only apply to
+          #     {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions} added afterwards. They do not apply
+          #     retroactively to existing {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions}.
           class Automatic
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -140,6 +158,15 @@ module Google
             #   @return [::String]
             #     The canonical IDs of the location to replicate data.
             #     For example: `"us-east1"`.
+            # @!attribute [rw] customer_managed_encryption
+            #   @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryption]
+            #     Optional. The customer-managed encryption configuration of the [User-Managed
+            #     Replica][Replication.UserManaged.Replica]. If no configuration is
+            #     provided, Google-managed default encryption is used.
+            #
+            #     Updates to the {::Google::Cloud::SecretManager::V1::Secret Secret} encryption configuration only apply to
+            #     {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions} added afterwards. They do not apply
+            #     retroactively to existing {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions}.
             class Replica
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -147,6 +174,97 @@ module Google
           end
         end
 
+        # Configuration for encrypting secret payloads using customer-managed
+        # encryption keys (CMEK).
+        # @!attribute [rw] kms_key_name
+        #   @return [::String]
+        #     Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret
+        #     payloads.
+        #
+        #     For secrets using the {::Google::Cloud::SecretManager::V1::Replication::UserManaged UserManaged} replication
+        #     policy type, Cloud KMS CryptoKeys must reside in the same location as the
+        #     [replica location][Secret.UserManaged.Replica.location].
+        #
+        #     For secrets using the {::Google::Cloud::SecretManager::V1::Replication::Automatic Automatic} replication policy
+        #     type, Cloud KMS CryptoKeys must reside in `global`.
+        #
+        #     The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
+        class CustomerManagedEncryption
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+        # @!attribute [rw] automatic
+        #   @return [::Google::Cloud::SecretManager::V1::ReplicationStatus::AutomaticStatus]
+        #     Describes the replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} with
+        #     automatic replication.
+        #
+        #     Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has an automatic replication
+        #     policy.
+        # @!attribute [rw] user_managed
+        #   @return [::Google::Cloud::SecretManager::V1::ReplicationStatus::UserManagedStatus]
+        #     Describes the replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} with
+        #     user-managed replication.
+        #
+        #     Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has a user-managed replication
+        #     policy.
+        class ReplicationStatus
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} using automatic replication.
+          #
+          # Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has an automatic replication
+          # policy.
+          # @!attribute [r] customer_managed_encryption
+          #   @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryptionStatus]
+          #     Output only. The customer-managed encryption status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. Only
+          #     populated if customer-managed encryption is used.
+          class AutomaticStatus
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} using user-managed
+          # replication.
+          #
+          # Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has a user-managed replication
+          # policy.
+          # @!attribute [r] replicas
+          #   @return [::Array<::Google::Cloud::SecretManager::V1::ReplicationStatus::UserManagedStatus::ReplicaStatus>]
+          #     Output only. The list of replica statuses for the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+          class UserManagedStatus
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Describes the status of a user-managed replica for the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+            # @!attribute [r] location
+            #   @return [::String]
+            #     Output only. The canonical ID of the replica location.
+            #     For example: `"us-east1"`.
+            # @!attribute [r] customer_managed_encryption
+            #   @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryptionStatus]
+            #     Output only. The customer-managed encryption status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. Only
+            #     populated if customer-managed encryption is used.
+            class ReplicaStatus
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+        end
+
+        # Describes the status of customer-managed encryption.
+        # @!attribute [rw] kms_key_version_name
+        #   @return [::String]
+        #     Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the
+        #     secret payload, in the following format:
+        #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
+        class CustomerManagedEncryptionStatus
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # A secret payload resource in the Secret Manager API. This contains the
         # sensitive secret payload that is associated with a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
         # @!attribute [rw] data

data/proto_docs/google/protobuf/duration.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Protobuf
+    # A Duration represents a signed, fixed-length span of time represented
+    # as a count of seconds and fractions of seconds at nanosecond
+    # resolution. It is independent of any calendar and concepts like "day"
+    # or "month". It is related to Timestamp in that the difference between
+    # two Timestamp values is a Duration and it can be added or subtracted
+    # from a Timestamp. Range is approximately +-10,000 years.
+    #
+    # # Examples
+    #
+    # Example 1: Compute Duration from two Timestamps in pseudo code.
+    #
+    #     Timestamp start = ...;
+    #     Timestamp end = ...;
+    #     Duration duration = ...;
+    #
+    #     duration.seconds = end.seconds - start.seconds;
+    #     duration.nanos = end.nanos - start.nanos;
+    #
+    #     if (duration.seconds < 0 && duration.nanos > 0) {
+    #       duration.seconds += 1;
+    #       duration.nanos -= 1000000000;
+    #     } else if (duration.seconds > 0 && duration.nanos < 0) {
+    #       duration.seconds -= 1;
+    #       duration.nanos += 1000000000;
+    #     }
+    #
+    # Example 2: Compute Timestamp from Timestamp + Duration in pseudo code.
+    #
+    #     Timestamp start = ...;
+    #     Duration duration = ...;
+    #     Timestamp end = ...;
+    #
+    #     end.seconds = start.seconds + duration.seconds;
+    #     end.nanos = start.nanos + duration.nanos;
+    #
+    #     if (end.nanos < 0) {
+    #       end.seconds -= 1;
+    #       end.nanos += 1000000000;
+    #     } else if (end.nanos >= 1000000000) {
+    #       end.seconds += 1;
+    #       end.nanos -= 1000000000;
+    #     }
+    #
+    # Example 3: Compute Duration from datetime.timedelta in Python.
+    #
+    #     td = datetime.timedelta(days=3, minutes=10)
+    #     duration = Duration()
+    #     duration.FromTimedelta(td)
+    #
+    # # JSON Mapping
+    #
+    # In JSON format, the Duration type is encoded as a string rather than an
+    # object, where the string ends in the suffix "s" (indicating seconds) and
+    # is preceded by the number of seconds, with nanoseconds expressed as
+    # fractional seconds. For example, 3 seconds with 0 nanoseconds should be
+    # encoded in JSON format as "3s", while 3 seconds and 1 nanosecond should
+    # be expressed in JSON format as "3.000000001s", and 3 seconds and 1
+    # microsecond should be expressed in JSON format as "3.000001s".
+    # @!attribute [rw] seconds
+    #   @return [::Integer]
+    #     Signed seconds of the span of time. Must be from -315,576,000,000
+    #     to +315,576,000,000 inclusive. Note: these bounds are computed from:
+    #     60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
+    # @!attribute [rw] nanos
+    #   @return [::Integer]
+    #     Signed fractions of a second at nanosecond resolution of the span
+    #     of time. Durations less than one second are represented with a 0
+    #     `seconds` field and a positive or negative `nanos` field. For durations
+    #     of one second or more, a non-zero value for the `nanos` field must be
+    #     of the same sign as the `seconds` field. Must be from -999,999,999
+    #     to +999,999,999 inclusive.
+    class Duration
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-secret_manager-v1
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.6.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-18 00:00:00.000000000 Z
+date: 2021-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: google-cloud-errors
   requirement: !ruby/object:Gem::Requirement
@@ -201,6 +201,7 @@ files:
 - proto_docs/google/iam/v1/iam_policy.rb
 - proto_docs/google/iam/v1/options.rb
 - proto_docs/google/iam/v1/policy.rb
+- proto_docs/google/protobuf/duration.rb
 - proto_docs/google/protobuf/empty.rb
 - proto_docs/google/protobuf/field_mask.rb
 - proto_docs/google/protobuf/timestamp.rb
@@ -224,7 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.2.6
 signing_key: 
 specification_version: 4
 summary: API Client library for the Secret Manager V1 API