google-cloud-secret_manager-v1 0.4.5 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE.md +188 -190
- data/README.md +66 -2
- data/lib/google/cloud/secret_manager/v1.rb +3 -0
- data/lib/google/cloud/secret_manager/v1/secret_manager_service/client.rb +29 -23
- data/lib/google/cloud/secret_manager/v1/secret_manager_service/paths.rb +17 -0
- data/lib/google/cloud/secret_manager/v1/version.rb +1 -1
- data/lib/google/cloud/secretmanager/v1/resources_pb.rb +41 -0
- data/lib/google/cloud/secretmanager/v1/service_services_pb.rb +15 -18
- data/proto_docs/google/api/field_behavior.rb +6 -0
- data/proto_docs/google/api/resource.rb +50 -14
- data/proto_docs/google/cloud/secretmanager/v1/resources.rb +135 -1
- data/proto_docs/google/protobuf/duration.rb +98 -0
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- metadata +10 -7
@@ -66,7 +66,7 @@ module Google
|
|
66
66
|
parent_config = while namespace.any?
|
67
67
|
parent_name = namespace.join "::"
|
68
68
|
parent_const = const_get parent_name
|
69
|
-
break parent_const.configure if parent_const
|
69
|
+
break parent_const.configure if parent_const.respond_to? :configure
|
70
70
|
namespace.pop
|
71
71
|
end
|
72
72
|
default_config = Client::Configuration.new parent_config
|
@@ -90,9 +90,9 @@ module Google
|
|
90
90
|
default_config.rpcs.access_secret_version.timeout = 60.0
|
91
91
|
default_config.rpcs.access_secret_version.retry_policy = {
|
92
92
|
initial_delay: 1.0,
|
93
|
-
|
94
|
-
|
95
|
-
|
93
|
+
max_delay: 60.0,
|
94
|
+
multiplier: 1.3,
|
95
|
+
retry_codes: [14, 2]
|
96
96
|
}
|
97
97
|
|
98
98
|
default_config.rpcs.disable_secret_version.timeout = 60.0
|
@@ -168,7 +168,13 @@ module Google
|
|
168
168
|
|
169
169
|
# Create credentials
|
170
170
|
credentials = @config.credentials
|
171
|
-
|
171
|
+
# Use self-signed JWT if the scope and endpoint are unchanged from default,
|
172
|
+
# but only if the default endpoint does not have a region prefix.
|
173
|
+
enable_self_signed_jwt = @config.scope == Client.configure.scope &&
|
174
|
+
@config.endpoint == Client.configure.endpoint &&
|
175
|
+
!@config.endpoint.split(".").first.include?("-")
|
176
|
+
credentials ||= Credentials.default scope: @config.scope,
|
177
|
+
enable_self_signed_jwt: enable_self_signed_jwt
|
172
178
|
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
173
179
|
credentials = Credentials.new credentials, scope: @config.scope
|
174
180
|
end
|
@@ -1354,7 +1360,7 @@ module Google
|
|
1354
1360
|
config_attr :scope, nil, ::String, ::Array, nil
|
1355
1361
|
config_attr :lib_name, nil, ::String, nil
|
1356
1362
|
config_attr :lib_version, nil, ::String, nil
|
1357
|
-
config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
|
1363
|
+
config_attr(:channel_args, { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
|
1358
1364
|
config_attr :interceptors, nil, ::Array, nil
|
1359
1365
|
config_attr :timeout, nil, ::Numeric, nil
|
1360
1366
|
config_attr :metadata, nil, ::Hash, nil
|
@@ -1375,7 +1381,7 @@ module Google
|
|
1375
1381
|
def rpcs
|
1376
1382
|
@rpcs ||= begin
|
1377
1383
|
parent_rpcs = nil
|
1378
|
-
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config
|
1384
|
+
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
|
1379
1385
|
Rpcs.new parent_rpcs
|
1380
1386
|
end
|
1381
1387
|
end
|
@@ -1387,7 +1393,7 @@ module Google
|
|
1387
1393
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
1388
1394
|
# the following configuration fields:
|
1389
1395
|
#
|
1390
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
1396
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
1391
1397
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
1392
1398
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
1393
1399
|
# include the following keys:
|
@@ -1476,35 +1482,35 @@ module Google
|
|
1476
1482
|
|
1477
1483
|
# @private
|
1478
1484
|
def initialize parent_rpcs = nil
|
1479
|
-
list_secrets_config = parent_rpcs
|
1485
|
+
list_secrets_config = parent_rpcs.list_secrets if parent_rpcs.respond_to? :list_secrets
|
1480
1486
|
@list_secrets = ::Gapic::Config::Method.new list_secrets_config
|
1481
|
-
create_secret_config = parent_rpcs
|
1487
|
+
create_secret_config = parent_rpcs.create_secret if parent_rpcs.respond_to? :create_secret
|
1482
1488
|
@create_secret = ::Gapic::Config::Method.new create_secret_config
|
1483
|
-
add_secret_version_config = parent_rpcs
|
1489
|
+
add_secret_version_config = parent_rpcs.add_secret_version if parent_rpcs.respond_to? :add_secret_version
|
1484
1490
|
@add_secret_version = ::Gapic::Config::Method.new add_secret_version_config
|
1485
|
-
get_secret_config = parent_rpcs
|
1491
|
+
get_secret_config = parent_rpcs.get_secret if parent_rpcs.respond_to? :get_secret
|
1486
1492
|
@get_secret = ::Gapic::Config::Method.new get_secret_config
|
1487
|
-
update_secret_config = parent_rpcs
|
1493
|
+
update_secret_config = parent_rpcs.update_secret if parent_rpcs.respond_to? :update_secret
|
1488
1494
|
@update_secret = ::Gapic::Config::Method.new update_secret_config
|
1489
|
-
delete_secret_config = parent_rpcs
|
1495
|
+
delete_secret_config = parent_rpcs.delete_secret if parent_rpcs.respond_to? :delete_secret
|
1490
1496
|
@delete_secret = ::Gapic::Config::Method.new delete_secret_config
|
1491
|
-
list_secret_versions_config = parent_rpcs
|
1497
|
+
list_secret_versions_config = parent_rpcs.list_secret_versions if parent_rpcs.respond_to? :list_secret_versions
|
1492
1498
|
@list_secret_versions = ::Gapic::Config::Method.new list_secret_versions_config
|
1493
|
-
get_secret_version_config = parent_rpcs
|
1499
|
+
get_secret_version_config = parent_rpcs.get_secret_version if parent_rpcs.respond_to? :get_secret_version
|
1494
1500
|
@get_secret_version = ::Gapic::Config::Method.new get_secret_version_config
|
1495
|
-
access_secret_version_config = parent_rpcs
|
1501
|
+
access_secret_version_config = parent_rpcs.access_secret_version if parent_rpcs.respond_to? :access_secret_version
|
1496
1502
|
@access_secret_version = ::Gapic::Config::Method.new access_secret_version_config
|
1497
|
-
disable_secret_version_config = parent_rpcs
|
1503
|
+
disable_secret_version_config = parent_rpcs.disable_secret_version if parent_rpcs.respond_to? :disable_secret_version
|
1498
1504
|
@disable_secret_version = ::Gapic::Config::Method.new disable_secret_version_config
|
1499
|
-
enable_secret_version_config = parent_rpcs
|
1505
|
+
enable_secret_version_config = parent_rpcs.enable_secret_version if parent_rpcs.respond_to? :enable_secret_version
|
1500
1506
|
@enable_secret_version = ::Gapic::Config::Method.new enable_secret_version_config
|
1501
|
-
destroy_secret_version_config = parent_rpcs
|
1507
|
+
destroy_secret_version_config = parent_rpcs.destroy_secret_version if parent_rpcs.respond_to? :destroy_secret_version
|
1502
1508
|
@destroy_secret_version = ::Gapic::Config::Method.new destroy_secret_version_config
|
1503
|
-
set_iam_policy_config = parent_rpcs
|
1509
|
+
set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
|
1504
1510
|
@set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
|
1505
|
-
get_iam_policy_config = parent_rpcs
|
1511
|
+
get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
|
1506
1512
|
@get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
|
1507
|
-
test_iam_permissions_config = parent_rpcs
|
1513
|
+
test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
|
1508
1514
|
@test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
|
1509
1515
|
|
1510
1516
|
yield self if block_given?
|
@@ -74,6 +74,23 @@ module Google
|
|
74
74
|
"projects/#{project}/secrets/#{secret}/versions/#{secret_version}"
|
75
75
|
end
|
76
76
|
|
77
|
+
##
|
78
|
+
# Create a fully-qualified Topic resource string.
|
79
|
+
#
|
80
|
+
# The resource will be in the following format:
|
81
|
+
#
|
82
|
+
# `projects/{project}/topics/{topic}`
|
83
|
+
#
|
84
|
+
# @param project [String]
|
85
|
+
# @param topic [String]
|
86
|
+
#
|
87
|
+
# @return [::String]
|
88
|
+
def topic_path project:, topic:
|
89
|
+
raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
|
90
|
+
|
91
|
+
"projects/#{project}/topics/#{topic}"
|
92
|
+
end
|
93
|
+
|
77
94
|
extend self
|
78
95
|
end
|
79
96
|
end
|
@@ -5,6 +5,7 @@ require 'google/protobuf'
|
|
5
5
|
|
6
6
|
require 'google/api/field_behavior_pb'
|
7
7
|
require 'google/api/resource_pb'
|
8
|
+
require 'google/protobuf/duration_pb'
|
8
9
|
require 'google/protobuf/timestamp_pb'
|
9
10
|
require 'google/api/annotations_pb'
|
10
11
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
@@ -14,12 +15,18 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
14
15
|
optional :replication, :message, 2, "google.cloud.secretmanager.v1.Replication"
|
15
16
|
optional :create_time, :message, 3, "google.protobuf.Timestamp"
|
16
17
|
map :labels, :string, :string, 4
|
18
|
+
repeated :topics, :message, 5, "google.cloud.secretmanager.v1.Topic"
|
19
|
+
oneof :expiration do
|
20
|
+
optional :expire_time, :message, 6, "google.protobuf.Timestamp"
|
21
|
+
optional :ttl, :message, 7, "google.protobuf.Duration"
|
22
|
+
end
|
17
23
|
end
|
18
24
|
add_message "google.cloud.secretmanager.v1.SecretVersion" do
|
19
25
|
optional :name, :string, 1
|
20
26
|
optional :create_time, :message, 2, "google.protobuf.Timestamp"
|
21
27
|
optional :destroy_time, :message, 3, "google.protobuf.Timestamp"
|
22
28
|
optional :state, :enum, 4, "google.cloud.secretmanager.v1.SecretVersion.State"
|
29
|
+
optional :replication_status, :message, 5, "google.cloud.secretmanager.v1.ReplicationStatus"
|
23
30
|
end
|
24
31
|
add_enum "google.cloud.secretmanager.v1.SecretVersion.State" do
|
25
32
|
value :STATE_UNSPECIFIED, 0
|
@@ -34,12 +41,39 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
34
41
|
end
|
35
42
|
end
|
36
43
|
add_message "google.cloud.secretmanager.v1.Replication.Automatic" do
|
44
|
+
optional :customer_managed_encryption, :message, 1, "google.cloud.secretmanager.v1.CustomerManagedEncryption"
|
37
45
|
end
|
38
46
|
add_message "google.cloud.secretmanager.v1.Replication.UserManaged" do
|
39
47
|
repeated :replicas, :message, 1, "google.cloud.secretmanager.v1.Replication.UserManaged.Replica"
|
40
48
|
end
|
41
49
|
add_message "google.cloud.secretmanager.v1.Replication.UserManaged.Replica" do
|
42
50
|
optional :location, :string, 1
|
51
|
+
optional :customer_managed_encryption, :message, 2, "google.cloud.secretmanager.v1.CustomerManagedEncryption"
|
52
|
+
end
|
53
|
+
add_message "google.cloud.secretmanager.v1.CustomerManagedEncryption" do
|
54
|
+
optional :kms_key_name, :string, 1
|
55
|
+
end
|
56
|
+
add_message "google.cloud.secretmanager.v1.ReplicationStatus" do
|
57
|
+
oneof :replication_status do
|
58
|
+
optional :automatic, :message, 1, "google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus"
|
59
|
+
optional :user_managed, :message, 2, "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus"
|
60
|
+
end
|
61
|
+
end
|
62
|
+
add_message "google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus" do
|
63
|
+
optional :customer_managed_encryption, :message, 1, "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus"
|
64
|
+
end
|
65
|
+
add_message "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus" do
|
66
|
+
repeated :replicas, :message, 1, "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus"
|
67
|
+
end
|
68
|
+
add_message "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus" do
|
69
|
+
optional :location, :string, 1
|
70
|
+
optional :customer_managed_encryption, :message, 2, "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus"
|
71
|
+
end
|
72
|
+
add_message "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus" do
|
73
|
+
optional :kms_key_version_name, :string, 1
|
74
|
+
end
|
75
|
+
add_message "google.cloud.secretmanager.v1.Topic" do
|
76
|
+
optional :name, :string, 1
|
43
77
|
end
|
44
78
|
add_message "google.cloud.secretmanager.v1.SecretPayload" do
|
45
79
|
optional :data, :bytes, 1
|
@@ -58,6 +92,13 @@ module Google
|
|
58
92
|
Replication::Automatic = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.Automatic").msgclass
|
59
93
|
Replication::UserManaged = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.UserManaged").msgclass
|
60
94
|
Replication::UserManaged::Replica = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.UserManaged.Replica").msgclass
|
95
|
+
CustomerManagedEncryption = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryption").msgclass
|
96
|
+
ReplicationStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus").msgclass
|
97
|
+
ReplicationStatus::AutomaticStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus").msgclass
|
98
|
+
ReplicationStatus::UserManagedStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus").msgclass
|
99
|
+
ReplicationStatus::UserManagedStatus::ReplicaStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus").msgclass
|
100
|
+
CustomerManagedEncryptionStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus").msgclass
|
101
|
+
Topic = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Topic").msgclass
|
61
102
|
SecretPayload = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.SecretPayload").msgclass
|
62
103
|
end
|
63
104
|
end
|
@@ -24,9 +24,6 @@ module Google
|
|
24
24
|
module SecretManager
|
25
25
|
module V1
|
26
26
|
module SecretManagerService
|
27
|
-
# `projects/*/secrets/*/versions/latest` is an alias to the `latest`
|
28
|
-
# [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
29
|
-
#
|
30
27
|
# Secret Manager Service
|
31
28
|
#
|
32
29
|
# Manages secrets and operations using those secrets. Implements a REST
|
@@ -43,56 +40,56 @@ module Google
|
|
43
40
|
self.service_name = 'google.cloud.secretmanager.v1.SecretManagerService'
|
44
41
|
|
45
42
|
# Lists [Secrets][google.cloud.secretmanager.v1.Secret].
|
46
|
-
rpc :ListSecrets, Google::Cloud::SecretManager::V1::ListSecretsRequest, Google::Cloud::SecretManager::V1::ListSecretsResponse
|
43
|
+
rpc :ListSecrets, ::Google::Cloud::SecretManager::V1::ListSecretsRequest, ::Google::Cloud::SecretManager::V1::ListSecretsResponse
|
47
44
|
# Creates a new [Secret][google.cloud.secretmanager.v1.Secret] containing no [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].
|
48
|
-
rpc :CreateSecret, Google::Cloud::SecretManager::V1::CreateSecretRequest, Google::Cloud::SecretManager::V1::Secret
|
45
|
+
rpc :CreateSecret, ::Google::Cloud::SecretManager::V1::CreateSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
|
49
46
|
# Creates a new [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] containing secret data and attaches
|
50
47
|
# it to an existing [Secret][google.cloud.secretmanager.v1.Secret].
|
51
|
-
rpc :AddSecretVersion, Google::Cloud::SecretManager::V1::AddSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
48
|
+
rpc :AddSecretVersion, ::Google::Cloud::SecretManager::V1::AddSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
52
49
|
# Gets metadata for a given [Secret][google.cloud.secretmanager.v1.Secret].
|
53
|
-
rpc :GetSecret, Google::Cloud::SecretManager::V1::GetSecretRequest, Google::Cloud::SecretManager::V1::Secret
|
50
|
+
rpc :GetSecret, ::Google::Cloud::SecretManager::V1::GetSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
|
54
51
|
# Updates metadata of an existing [Secret][google.cloud.secretmanager.v1.Secret].
|
55
|
-
rpc :UpdateSecret, Google::Cloud::SecretManager::V1::UpdateSecretRequest, Google::Cloud::SecretManager::V1::Secret
|
52
|
+
rpc :UpdateSecret, ::Google::Cloud::SecretManager::V1::UpdateSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
|
56
53
|
# Deletes a [Secret][google.cloud.secretmanager.v1.Secret].
|
57
|
-
rpc :DeleteSecret, Google::Cloud::SecretManager::V1::DeleteSecretRequest, Google::Protobuf::Empty
|
54
|
+
rpc :DeleteSecret, ::Google::Cloud::SecretManager::V1::DeleteSecretRequest, ::Google::Protobuf::Empty
|
58
55
|
# Lists [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. This call does not return secret
|
59
56
|
# data.
|
60
|
-
rpc :ListSecretVersions, Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
|
57
|
+
rpc :ListSecretVersions, ::Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, ::Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
|
61
58
|
# Gets metadata for a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
62
59
|
#
|
63
60
|
# `projects/*/secrets/*/versions/latest` is an alias to the `latest`
|
64
61
|
# [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
65
|
-
rpc :GetSecretVersion, Google::Cloud::SecretManager::V1::GetSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
62
|
+
rpc :GetSecretVersion, ::Google::Cloud::SecretManager::V1::GetSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
66
63
|
# Accesses a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. This call returns the secret data.
|
67
64
|
#
|
68
65
|
# `projects/*/secrets/*/versions/latest` is an alias to the `latest`
|
69
66
|
# [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
70
|
-
rpc :AccessSecretVersion, Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
|
67
|
+
rpc :AccessSecretVersion, ::Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, ::Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
|
71
68
|
# Disables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
72
69
|
#
|
73
70
|
# Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
|
74
71
|
# [DISABLED][google.cloud.secretmanager.v1.SecretVersion.State.DISABLED].
|
75
|
-
rpc :DisableSecretVersion, Google::Cloud::SecretManager::V1::DisableSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
72
|
+
rpc :DisableSecretVersion, ::Google::Cloud::SecretManager::V1::DisableSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
76
73
|
# Enables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
77
74
|
#
|
78
75
|
# Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
|
79
76
|
# [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED].
|
80
|
-
rpc :EnableSecretVersion, Google::Cloud::SecretManager::V1::EnableSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
77
|
+
rpc :EnableSecretVersion, ::Google::Cloud::SecretManager::V1::EnableSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
81
78
|
# Destroys a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
82
79
|
#
|
83
80
|
# Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
|
84
81
|
# [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED] and irrevocably destroys the
|
85
82
|
# secret data.
|
86
|
-
rpc :DestroySecretVersion, Google::Cloud::SecretManager::V1::DestroySecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
83
|
+
rpc :DestroySecretVersion, ::Google::Cloud::SecretManager::V1::DestroySecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
87
84
|
# Sets the access control policy on the specified secret. Replaces any
|
88
85
|
# existing policy.
|
89
86
|
#
|
90
87
|
# Permissions on [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] are enforced according
|
91
88
|
# to the policy set on the associated [Secret][google.cloud.secretmanager.v1.Secret].
|
92
|
-
rpc :SetIamPolicy, Google::Iam::V1::SetIamPolicyRequest, Google::Iam::V1::Policy
|
89
|
+
rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
|
93
90
|
# Gets the access control policy for a secret.
|
94
91
|
# Returns empty policy if the secret exists and does not have a policy set.
|
95
|
-
rpc :GetIamPolicy, Google::Iam::V1::GetIamPolicyRequest, Google::Iam::V1::Policy
|
92
|
+
rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
|
96
93
|
# Returns permissions that a caller has for the specified secret.
|
97
94
|
# If the secret does not exist, this call returns an empty set of
|
98
95
|
# permissions, not a NOT_FOUND error.
|
@@ -100,7 +97,7 @@ module Google
|
|
100
97
|
# Note: This operation is designed to be used for building permission-aware
|
101
98
|
# UIs and command-line tools, not for authorization checking. This operation
|
102
99
|
# may "fail open" without warning.
|
103
|
-
rpc :TestIamPermissions, Google::Iam::V1::TestIamPermissionsRequest, Google::Iam::V1::TestIamPermissionsResponse
|
100
|
+
rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
|
104
101
|
end
|
105
102
|
|
106
103
|
Stub = Service.rpc_stub_class
|
@@ -54,6 +54,12 @@ module Google
|
|
54
54
|
# This indicates that the field may be set once in a request to create a
|
55
55
|
# resource, but may not be changed thereafter.
|
56
56
|
IMMUTABLE = 5
|
57
|
+
|
58
|
+
# Denotes that a (repeated) field is an unordered list.
|
59
|
+
# This indicates that the service may provide the elements of the list
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
61
|
+
# provided. Additionally, the list's order may or may not be stable.
|
62
|
+
UNORDERED_LIST = 6
|
57
63
|
end
|
58
64
|
end
|
59
65
|
end
|
@@ -43,12 +43,12 @@ module Google
|
|
43
43
|
#
|
44
44
|
# The ResourceDescriptor Yaml config will look like:
|
45
45
|
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
46
|
+
# resources:
|
47
|
+
# - type: "pubsub.googleapis.com/Topic"
|
48
|
+
# name_descriptor:
|
49
|
+
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
+
# parent_name_extractor: "projects/{project}"
|
52
52
|
#
|
53
53
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
54
|
# live under multiple parents.
|
@@ -183,15 +183,24 @@ module Google
|
|
183
183
|
# }
|
184
184
|
# @!attribute [rw] plural
|
185
185
|
# @return [::String]
|
186
|
-
# The plural name used in the resource name, such as
|
187
|
-
# the name of 'projects/\\{project}'
|
188
|
-
#
|
186
|
+
# The plural name used in the resource name and permission names, such as
|
187
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
188
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
189
|
+
# concept of the `plural` field in k8s CRD spec
|
189
190
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
191
|
+
#
|
192
|
+
# Note: The plural form is required even for singleton resources. See
|
193
|
+
# https://aip.dev/156
|
190
194
|
# @!attribute [rw] singular
|
191
195
|
# @return [::String]
|
192
196
|
# The same concept of the `singular` field in k8s CRD spec
|
193
197
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
194
198
|
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
199
|
+
# @!attribute [rw] style
|
200
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
201
|
+
# Style flag(s) for this resource.
|
202
|
+
# These indicate that a resource is expected to conform to a given
|
203
|
+
# style. See the specific style flags for additional information.
|
195
204
|
class ResourceDescriptor
|
196
205
|
include ::Google::Protobuf::MessageExts
|
197
206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -211,6 +220,22 @@ module Google
|
|
211
220
|
# that from being necessary once there are multiple patterns.)
|
212
221
|
FUTURE_MULTI_PATTERN = 2
|
213
222
|
end
|
223
|
+
|
224
|
+
# A flag representing a specific style that a resource claims to conform to.
|
225
|
+
module Style
|
226
|
+
# The unspecified value. Do not use.
|
227
|
+
STYLE_UNSPECIFIED = 0
|
228
|
+
|
229
|
+
# This resource is intended to be "declarative-friendly".
|
230
|
+
#
|
231
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
232
|
+
# setting this to true communicates to tools that this resource should
|
233
|
+
# adhere to declarative-friendly expectations.
|
234
|
+
#
|
235
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
236
|
+
# additional checks.
|
237
|
+
DECLARATIVE_FRIENDLY = 1
|
238
|
+
end
|
214
239
|
end
|
215
240
|
|
216
241
|
# Defines a proto annotation that describes a string field that refers to
|
@@ -226,6 +251,17 @@ module Google
|
|
226
251
|
# type: "pubsub.googleapis.com/Topic"
|
227
252
|
# }];
|
228
253
|
# }
|
254
|
+
#
|
255
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
256
|
+
# APIs use the special value * in their resource reference.
|
257
|
+
#
|
258
|
+
# Example:
|
259
|
+
#
|
260
|
+
# message GetIamPolicyRequest {
|
261
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
262
|
+
# type: "*"
|
263
|
+
# }];
|
264
|
+
# }
|
229
265
|
# @!attribute [rw] child_type
|
230
266
|
# @return [::String]
|
231
267
|
# The resource type of a child collection that the annotated field
|
@@ -234,11 +270,11 @@ module Google
|
|
234
270
|
#
|
235
271
|
# Example:
|
236
272
|
#
|
237
|
-
#
|
238
|
-
#
|
239
|
-
#
|
240
|
-
#
|
241
|
-
#
|
273
|
+
# message ListLogEntriesRequest {
|
274
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
275
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
276
|
+
# };
|
277
|
+
# }
|
242
278
|
class ResourceReference
|
243
279
|
include ::Google::Protobuf::MessageExts
|
244
280
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -50,6 +50,17 @@ module Google
|
|
50
50
|
# regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
|
51
51
|
#
|
52
52
|
# No more than 64 labels can be assigned to a given resource.
|
53
|
+
# @!attribute [rw] topics
|
54
|
+
# @return [::Array<::Google::Cloud::SecretManager::V1::Topic>]
|
55
|
+
# Optional. A list of up to 10 Pub/Sub topics to which messages are published when
|
56
|
+
# control plane operations are called on the secret or its versions.
|
57
|
+
# @!attribute [rw] expire_time
|
58
|
+
# @return [::Google::Protobuf::Timestamp]
|
59
|
+
# Optional. Timestamp in UTC when the {::Google::Cloud::SecretManager::V1::Secret Secret} is scheduled to expire. This is
|
60
|
+
# always provided on output, regardless of what was sent on input.
|
61
|
+
# @!attribute [rw] ttl
|
62
|
+
# @return [::Google::Protobuf::Duration]
|
63
|
+
# Input only. The TTL for the {::Google::Cloud::SecretManager::V1::Secret Secret}.
|
53
64
|
class Secret
|
54
65
|
include ::Google::Protobuf::MessageExts
|
55
66
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -83,6 +94,9 @@ module Google
|
|
83
94
|
# @!attribute [r] state
|
84
95
|
# @return [::Google::Cloud::SecretManager::V1::SecretVersion::State]
|
85
96
|
# Output only. The current state of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
97
|
+
# @!attribute [rw] replication_status
|
98
|
+
# @return [::Google::Cloud::SecretManager::V1::ReplicationStatus]
|
99
|
+
# The replication status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
86
100
|
class SecretVersion
|
87
101
|
include ::Google::Protobuf::MessageExts
|
88
102
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -106,7 +120,7 @@ module Google
|
|
106
120
|
end
|
107
121
|
end
|
108
122
|
|
109
|
-
# A policy that defines the replication configuration of data.
|
123
|
+
# A policy that defines the replication and encryption configuration of data.
|
110
124
|
# @!attribute [rw] automatic
|
111
125
|
# @return [::Google::Cloud::SecretManager::V1::Replication::Automatic]
|
112
126
|
# The {::Google::Cloud::SecretManager::V1::Secret Secret} will automatically be replicated without any restrictions.
|
@@ -119,6 +133,14 @@ module Google
|
|
119
133
|
|
120
134
|
# A replication policy that replicates the {::Google::Cloud::SecretManager::V1::Secret Secret} payload without any
|
121
135
|
# restrictions.
|
136
|
+
# @!attribute [rw] customer_managed_encryption
|
137
|
+
# @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryption]
|
138
|
+
# Optional. The customer-managed encryption configuration of the {::Google::Cloud::SecretManager::V1::Secret Secret}. If no
|
139
|
+
# configuration is provided, Google-managed default encryption is used.
|
140
|
+
#
|
141
|
+
# Updates to the {::Google::Cloud::SecretManager::V1::Secret Secret} encryption configuration only apply to
|
142
|
+
# {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions} added afterwards. They do not apply
|
143
|
+
# retroactively to existing {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions}.
|
122
144
|
class Automatic
|
123
145
|
include ::Google::Protobuf::MessageExts
|
124
146
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -140,6 +162,15 @@ module Google
|
|
140
162
|
# @return [::String]
|
141
163
|
# The canonical IDs of the location to replicate data.
|
142
164
|
# For example: `"us-east1"`.
|
165
|
+
# @!attribute [rw] customer_managed_encryption
|
166
|
+
# @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryption]
|
167
|
+
# Optional. The customer-managed encryption configuration of the [User-Managed
|
168
|
+
# Replica][Replication.UserManaged.Replica]. If no configuration is
|
169
|
+
# provided, Google-managed default encryption is used.
|
170
|
+
#
|
171
|
+
# Updates to the {::Google::Cloud::SecretManager::V1::Secret Secret} encryption configuration only apply to
|
172
|
+
# {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions} added afterwards. They do not apply
|
173
|
+
# retroactively to existing {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions}.
|
143
174
|
class Replica
|
144
175
|
include ::Google::Protobuf::MessageExts
|
145
176
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -147,6 +178,109 @@ module Google
|
|
147
178
|
end
|
148
179
|
end
|
149
180
|
|
181
|
+
# Configuration for encrypting secret payloads using customer-managed
|
182
|
+
# encryption keys (CMEK).
|
183
|
+
# @!attribute [rw] kms_key_name
|
184
|
+
# @return [::String]
|
185
|
+
# Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret
|
186
|
+
# payloads.
|
187
|
+
#
|
188
|
+
# For secrets using the {::Google::Cloud::SecretManager::V1::Replication::UserManaged UserManaged} replication
|
189
|
+
# policy type, Cloud KMS CryptoKeys must reside in the same location as the
|
190
|
+
# [replica location][Secret.UserManaged.Replica.location].
|
191
|
+
#
|
192
|
+
# For secrets using the {::Google::Cloud::SecretManager::V1::Replication::Automatic Automatic} replication policy
|
193
|
+
# type, Cloud KMS CryptoKeys must reside in `global`.
|
194
|
+
#
|
195
|
+
# The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
|
196
|
+
class CustomerManagedEncryption
|
197
|
+
include ::Google::Protobuf::MessageExts
|
198
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
199
|
+
end
|
200
|
+
|
201
|
+
# The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
202
|
+
# @!attribute [rw] automatic
|
203
|
+
# @return [::Google::Cloud::SecretManager::V1::ReplicationStatus::AutomaticStatus]
|
204
|
+
# Describes the replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} with
|
205
|
+
# automatic replication.
|
206
|
+
#
|
207
|
+
# Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has an automatic replication
|
208
|
+
# policy.
|
209
|
+
# @!attribute [rw] user_managed
|
210
|
+
# @return [::Google::Cloud::SecretManager::V1::ReplicationStatus::UserManagedStatus]
|
211
|
+
# Describes the replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} with
|
212
|
+
# user-managed replication.
|
213
|
+
#
|
214
|
+
# Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has a user-managed replication
|
215
|
+
# policy.
|
216
|
+
class ReplicationStatus
|
217
|
+
include ::Google::Protobuf::MessageExts
|
218
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
219
|
+
|
220
|
+
# The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} using automatic replication.
|
221
|
+
#
|
222
|
+
# Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has an automatic replication
|
223
|
+
# policy.
|
224
|
+
# @!attribute [r] customer_managed_encryption
|
225
|
+
# @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryptionStatus]
|
226
|
+
# Output only. The customer-managed encryption status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. Only
|
227
|
+
# populated if customer-managed encryption is used.
|
228
|
+
class AutomaticStatus
|
229
|
+
include ::Google::Protobuf::MessageExts
|
230
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
231
|
+
end
|
232
|
+
|
233
|
+
# The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} using user-managed
|
234
|
+
# replication.
|
235
|
+
#
|
236
|
+
# Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has a user-managed replication
|
237
|
+
# policy.
|
238
|
+
# @!attribute [r] replicas
|
239
|
+
# @return [::Array<::Google::Cloud::SecretManager::V1::ReplicationStatus::UserManagedStatus::ReplicaStatus>]
|
240
|
+
# Output only. The list of replica statuses for the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
241
|
+
class UserManagedStatus
|
242
|
+
include ::Google::Protobuf::MessageExts
|
243
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
244
|
+
|
245
|
+
# Describes the status of a user-managed replica for the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
246
|
+
# @!attribute [r] location
|
247
|
+
# @return [::String]
|
248
|
+
# Output only. The canonical ID of the replica location.
|
249
|
+
# For example: `"us-east1"`.
|
250
|
+
# @!attribute [r] customer_managed_encryption
|
251
|
+
# @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryptionStatus]
|
252
|
+
# Output only. The customer-managed encryption status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. Only
|
253
|
+
# populated if customer-managed encryption is used.
|
254
|
+
class ReplicaStatus
|
255
|
+
include ::Google::Protobuf::MessageExts
|
256
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
257
|
+
end
|
258
|
+
end
|
259
|
+
end
|
260
|
+
|
261
|
+
# Describes the status of customer-managed encryption.
|
262
|
+
# @!attribute [rw] kms_key_version_name
|
263
|
+
# @return [::String]
|
264
|
+
# Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the
|
265
|
+
# secret payload, in the following format:
|
266
|
+
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
|
267
|
+
class CustomerManagedEncryptionStatus
|
268
|
+
include ::Google::Protobuf::MessageExts
|
269
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
270
|
+
end
|
271
|
+
|
272
|
+
# A Pub/Sub topic which Secret Manager will publish to when control plane
|
273
|
+
# events occur on this secret.
|
274
|
+
# @!attribute [rw] name
|
275
|
+
# @return [::String]
|
276
|
+
# Required. The resource name of the Pub/Sub topic that will be published to, in the
|
277
|
+
# following format: `projects/*/topics/*`. For publication to succeed, the
|
278
|
+
# Secret Manager P4SA must have `pubsub.publisher` permissions on the topic.
|
279
|
+
class Topic
|
280
|
+
include ::Google::Protobuf::MessageExts
|
281
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
282
|
+
end
|
283
|
+
|
150
284
|
# A secret payload resource in the Secret Manager API. This contains the
|
151
285
|
# sensitive secret payload that is associated with a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
152
286
|
# @!attribute [rw] data
|