google-cloud-secret_manager-v1 0.4.5 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE.md +188 -190
- data/README.md +66 -2
- data/lib/google/cloud/secret_manager/v1.rb +3 -0
- data/lib/google/cloud/secret_manager/v1/secret_manager_service/client.rb +29 -23
- data/lib/google/cloud/secret_manager/v1/secret_manager_service/paths.rb +17 -0
- data/lib/google/cloud/secret_manager/v1/version.rb +1 -1
- data/lib/google/cloud/secretmanager/v1/resources_pb.rb +41 -0
- data/lib/google/cloud/secretmanager/v1/service_services_pb.rb +15 -18
- data/proto_docs/google/api/field_behavior.rb +6 -0
- data/proto_docs/google/api/resource.rb +50 -14
- data/proto_docs/google/cloud/secretmanager/v1/resources.rb +135 -1
- data/proto_docs/google/protobuf/duration.rb +98 -0
- data/proto_docs/google/protobuf/timestamp.rb +10 -1
- metadata +10 -7
|
@@ -66,7 +66,7 @@ module Google
|
|
|
66
66
|
parent_config = while namespace.any?
|
|
67
67
|
parent_name = namespace.join "::"
|
|
68
68
|
parent_const = const_get parent_name
|
|
69
|
-
break parent_const.configure if parent_const
|
|
69
|
+
break parent_const.configure if parent_const.respond_to? :configure
|
|
70
70
|
namespace.pop
|
|
71
71
|
end
|
|
72
72
|
default_config = Client::Configuration.new parent_config
|
|
@@ -90,9 +90,9 @@ module Google
|
|
|
90
90
|
default_config.rpcs.access_secret_version.timeout = 60.0
|
|
91
91
|
default_config.rpcs.access_secret_version.retry_policy = {
|
|
92
92
|
initial_delay: 1.0,
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
93
|
+
max_delay: 60.0,
|
|
94
|
+
multiplier: 1.3,
|
|
95
|
+
retry_codes: [14, 2]
|
|
96
96
|
}
|
|
97
97
|
|
|
98
98
|
default_config.rpcs.disable_secret_version.timeout = 60.0
|
|
@@ -168,7 +168,13 @@ module Google
|
|
|
168
168
|
|
|
169
169
|
# Create credentials
|
|
170
170
|
credentials = @config.credentials
|
|
171
|
-
|
|
171
|
+
# Use self-signed JWT if the scope and endpoint are unchanged from default,
|
|
172
|
+
# but only if the default endpoint does not have a region prefix.
|
|
173
|
+
enable_self_signed_jwt = @config.scope == Client.configure.scope &&
|
|
174
|
+
@config.endpoint == Client.configure.endpoint &&
|
|
175
|
+
!@config.endpoint.split(".").first.include?("-")
|
|
176
|
+
credentials ||= Credentials.default scope: @config.scope,
|
|
177
|
+
enable_self_signed_jwt: enable_self_signed_jwt
|
|
172
178
|
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
|
173
179
|
credentials = Credentials.new credentials, scope: @config.scope
|
|
174
180
|
end
|
|
@@ -1354,7 +1360,7 @@ module Google
|
|
|
1354
1360
|
config_attr :scope, nil, ::String, ::Array, nil
|
|
1355
1361
|
config_attr :lib_name, nil, ::String, nil
|
|
1356
1362
|
config_attr :lib_version, nil, ::String, nil
|
|
1357
|
-
config_attr(:channel_args, { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
|
|
1363
|
+
config_attr(:channel_args, { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
|
|
1358
1364
|
config_attr :interceptors, nil, ::Array, nil
|
|
1359
1365
|
config_attr :timeout, nil, ::Numeric, nil
|
|
1360
1366
|
config_attr :metadata, nil, ::Hash, nil
|
|
@@ -1375,7 +1381,7 @@ module Google
|
|
|
1375
1381
|
def rpcs
|
|
1376
1382
|
@rpcs ||= begin
|
|
1377
1383
|
parent_rpcs = nil
|
|
1378
|
-
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config
|
|
1384
|
+
parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
|
|
1379
1385
|
Rpcs.new parent_rpcs
|
|
1380
1386
|
end
|
|
1381
1387
|
end
|
|
@@ -1387,7 +1393,7 @@ module Google
|
|
|
1387
1393
|
# Each configuration object is of type `Gapic::Config::Method` and includes
|
|
1388
1394
|
# the following configuration fields:
|
|
1389
1395
|
#
|
|
1390
|
-
# * `timeout` (*type:* `Numeric`) - The call timeout in
|
|
1396
|
+
# * `timeout` (*type:* `Numeric`) - The call timeout in seconds
|
|
1391
1397
|
# * `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
|
|
1392
1398
|
# * `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
|
|
1393
1399
|
# include the following keys:
|
|
@@ -1476,35 +1482,35 @@ module Google
|
|
|
1476
1482
|
|
|
1477
1483
|
# @private
|
|
1478
1484
|
def initialize parent_rpcs = nil
|
|
1479
|
-
list_secrets_config = parent_rpcs
|
|
1485
|
+
list_secrets_config = parent_rpcs.list_secrets if parent_rpcs.respond_to? :list_secrets
|
|
1480
1486
|
@list_secrets = ::Gapic::Config::Method.new list_secrets_config
|
|
1481
|
-
create_secret_config = parent_rpcs
|
|
1487
|
+
create_secret_config = parent_rpcs.create_secret if parent_rpcs.respond_to? :create_secret
|
|
1482
1488
|
@create_secret = ::Gapic::Config::Method.new create_secret_config
|
|
1483
|
-
add_secret_version_config = parent_rpcs
|
|
1489
|
+
add_secret_version_config = parent_rpcs.add_secret_version if parent_rpcs.respond_to? :add_secret_version
|
|
1484
1490
|
@add_secret_version = ::Gapic::Config::Method.new add_secret_version_config
|
|
1485
|
-
get_secret_config = parent_rpcs
|
|
1491
|
+
get_secret_config = parent_rpcs.get_secret if parent_rpcs.respond_to? :get_secret
|
|
1486
1492
|
@get_secret = ::Gapic::Config::Method.new get_secret_config
|
|
1487
|
-
update_secret_config = parent_rpcs
|
|
1493
|
+
update_secret_config = parent_rpcs.update_secret if parent_rpcs.respond_to? :update_secret
|
|
1488
1494
|
@update_secret = ::Gapic::Config::Method.new update_secret_config
|
|
1489
|
-
delete_secret_config = parent_rpcs
|
|
1495
|
+
delete_secret_config = parent_rpcs.delete_secret if parent_rpcs.respond_to? :delete_secret
|
|
1490
1496
|
@delete_secret = ::Gapic::Config::Method.new delete_secret_config
|
|
1491
|
-
list_secret_versions_config = parent_rpcs
|
|
1497
|
+
list_secret_versions_config = parent_rpcs.list_secret_versions if parent_rpcs.respond_to? :list_secret_versions
|
|
1492
1498
|
@list_secret_versions = ::Gapic::Config::Method.new list_secret_versions_config
|
|
1493
|
-
get_secret_version_config = parent_rpcs
|
|
1499
|
+
get_secret_version_config = parent_rpcs.get_secret_version if parent_rpcs.respond_to? :get_secret_version
|
|
1494
1500
|
@get_secret_version = ::Gapic::Config::Method.new get_secret_version_config
|
|
1495
|
-
access_secret_version_config = parent_rpcs
|
|
1501
|
+
access_secret_version_config = parent_rpcs.access_secret_version if parent_rpcs.respond_to? :access_secret_version
|
|
1496
1502
|
@access_secret_version = ::Gapic::Config::Method.new access_secret_version_config
|
|
1497
|
-
disable_secret_version_config = parent_rpcs
|
|
1503
|
+
disable_secret_version_config = parent_rpcs.disable_secret_version if parent_rpcs.respond_to? :disable_secret_version
|
|
1498
1504
|
@disable_secret_version = ::Gapic::Config::Method.new disable_secret_version_config
|
|
1499
|
-
enable_secret_version_config = parent_rpcs
|
|
1505
|
+
enable_secret_version_config = parent_rpcs.enable_secret_version if parent_rpcs.respond_to? :enable_secret_version
|
|
1500
1506
|
@enable_secret_version = ::Gapic::Config::Method.new enable_secret_version_config
|
|
1501
|
-
destroy_secret_version_config = parent_rpcs
|
|
1507
|
+
destroy_secret_version_config = parent_rpcs.destroy_secret_version if parent_rpcs.respond_to? :destroy_secret_version
|
|
1502
1508
|
@destroy_secret_version = ::Gapic::Config::Method.new destroy_secret_version_config
|
|
1503
|
-
set_iam_policy_config = parent_rpcs
|
|
1509
|
+
set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
|
|
1504
1510
|
@set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
|
|
1505
|
-
get_iam_policy_config = parent_rpcs
|
|
1511
|
+
get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
|
|
1506
1512
|
@get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
|
|
1507
|
-
test_iam_permissions_config = parent_rpcs
|
|
1513
|
+
test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
|
|
1508
1514
|
@test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
|
|
1509
1515
|
|
|
1510
1516
|
yield self if block_given?
|
|
@@ -74,6 +74,23 @@ module Google
|
|
|
74
74
|
"projects/#{project}/secrets/#{secret}/versions/#{secret_version}"
|
|
75
75
|
end
|
|
76
76
|
|
|
77
|
+
##
|
|
78
|
+
# Create a fully-qualified Topic resource string.
|
|
79
|
+
#
|
|
80
|
+
# The resource will be in the following format:
|
|
81
|
+
#
|
|
82
|
+
# `projects/{project}/topics/{topic}`
|
|
83
|
+
#
|
|
84
|
+
# @param project [String]
|
|
85
|
+
# @param topic [String]
|
|
86
|
+
#
|
|
87
|
+
# @return [::String]
|
|
88
|
+
def topic_path project:, topic:
|
|
89
|
+
raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
|
|
90
|
+
|
|
91
|
+
"projects/#{project}/topics/#{topic}"
|
|
92
|
+
end
|
|
93
|
+
|
|
77
94
|
extend self
|
|
78
95
|
end
|
|
79
96
|
end
|
|
@@ -5,6 +5,7 @@ require 'google/protobuf'
|
|
|
5
5
|
|
|
6
6
|
require 'google/api/field_behavior_pb'
|
|
7
7
|
require 'google/api/resource_pb'
|
|
8
|
+
require 'google/protobuf/duration_pb'
|
|
8
9
|
require 'google/protobuf/timestamp_pb'
|
|
9
10
|
require 'google/api/annotations_pb'
|
|
10
11
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
@@ -14,12 +15,18 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
14
15
|
optional :replication, :message, 2, "google.cloud.secretmanager.v1.Replication"
|
|
15
16
|
optional :create_time, :message, 3, "google.protobuf.Timestamp"
|
|
16
17
|
map :labels, :string, :string, 4
|
|
18
|
+
repeated :topics, :message, 5, "google.cloud.secretmanager.v1.Topic"
|
|
19
|
+
oneof :expiration do
|
|
20
|
+
optional :expire_time, :message, 6, "google.protobuf.Timestamp"
|
|
21
|
+
optional :ttl, :message, 7, "google.protobuf.Duration"
|
|
22
|
+
end
|
|
17
23
|
end
|
|
18
24
|
add_message "google.cloud.secretmanager.v1.SecretVersion" do
|
|
19
25
|
optional :name, :string, 1
|
|
20
26
|
optional :create_time, :message, 2, "google.protobuf.Timestamp"
|
|
21
27
|
optional :destroy_time, :message, 3, "google.protobuf.Timestamp"
|
|
22
28
|
optional :state, :enum, 4, "google.cloud.secretmanager.v1.SecretVersion.State"
|
|
29
|
+
optional :replication_status, :message, 5, "google.cloud.secretmanager.v1.ReplicationStatus"
|
|
23
30
|
end
|
|
24
31
|
add_enum "google.cloud.secretmanager.v1.SecretVersion.State" do
|
|
25
32
|
value :STATE_UNSPECIFIED, 0
|
|
@@ -34,12 +41,39 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
34
41
|
end
|
|
35
42
|
end
|
|
36
43
|
add_message "google.cloud.secretmanager.v1.Replication.Automatic" do
|
|
44
|
+
optional :customer_managed_encryption, :message, 1, "google.cloud.secretmanager.v1.CustomerManagedEncryption"
|
|
37
45
|
end
|
|
38
46
|
add_message "google.cloud.secretmanager.v1.Replication.UserManaged" do
|
|
39
47
|
repeated :replicas, :message, 1, "google.cloud.secretmanager.v1.Replication.UserManaged.Replica"
|
|
40
48
|
end
|
|
41
49
|
add_message "google.cloud.secretmanager.v1.Replication.UserManaged.Replica" do
|
|
42
50
|
optional :location, :string, 1
|
|
51
|
+
optional :customer_managed_encryption, :message, 2, "google.cloud.secretmanager.v1.CustomerManagedEncryption"
|
|
52
|
+
end
|
|
53
|
+
add_message "google.cloud.secretmanager.v1.CustomerManagedEncryption" do
|
|
54
|
+
optional :kms_key_name, :string, 1
|
|
55
|
+
end
|
|
56
|
+
add_message "google.cloud.secretmanager.v1.ReplicationStatus" do
|
|
57
|
+
oneof :replication_status do
|
|
58
|
+
optional :automatic, :message, 1, "google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus"
|
|
59
|
+
optional :user_managed, :message, 2, "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus"
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
add_message "google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus" do
|
|
63
|
+
optional :customer_managed_encryption, :message, 1, "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus"
|
|
64
|
+
end
|
|
65
|
+
add_message "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus" do
|
|
66
|
+
repeated :replicas, :message, 1, "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus"
|
|
67
|
+
end
|
|
68
|
+
add_message "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus" do
|
|
69
|
+
optional :location, :string, 1
|
|
70
|
+
optional :customer_managed_encryption, :message, 2, "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus"
|
|
71
|
+
end
|
|
72
|
+
add_message "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus" do
|
|
73
|
+
optional :kms_key_version_name, :string, 1
|
|
74
|
+
end
|
|
75
|
+
add_message "google.cloud.secretmanager.v1.Topic" do
|
|
76
|
+
optional :name, :string, 1
|
|
43
77
|
end
|
|
44
78
|
add_message "google.cloud.secretmanager.v1.SecretPayload" do
|
|
45
79
|
optional :data, :bytes, 1
|
|
@@ -58,6 +92,13 @@ module Google
|
|
|
58
92
|
Replication::Automatic = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.Automatic").msgclass
|
|
59
93
|
Replication::UserManaged = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.UserManaged").msgclass
|
|
60
94
|
Replication::UserManaged::Replica = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.UserManaged.Replica").msgclass
|
|
95
|
+
CustomerManagedEncryption = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryption").msgclass
|
|
96
|
+
ReplicationStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus").msgclass
|
|
97
|
+
ReplicationStatus::AutomaticStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus").msgclass
|
|
98
|
+
ReplicationStatus::UserManagedStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus").msgclass
|
|
99
|
+
ReplicationStatus::UserManagedStatus::ReplicaStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus").msgclass
|
|
100
|
+
CustomerManagedEncryptionStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus").msgclass
|
|
101
|
+
Topic = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Topic").msgclass
|
|
61
102
|
SecretPayload = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.SecretPayload").msgclass
|
|
62
103
|
end
|
|
63
104
|
end
|
|
@@ -24,9 +24,6 @@ module Google
|
|
|
24
24
|
module SecretManager
|
|
25
25
|
module V1
|
|
26
26
|
module SecretManagerService
|
|
27
|
-
# `projects/*/secrets/*/versions/latest` is an alias to the `latest`
|
|
28
|
-
# [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
|
29
|
-
#
|
|
30
27
|
# Secret Manager Service
|
|
31
28
|
#
|
|
32
29
|
# Manages secrets and operations using those secrets. Implements a REST
|
|
@@ -43,56 +40,56 @@ module Google
|
|
|
43
40
|
self.service_name = 'google.cloud.secretmanager.v1.SecretManagerService'
|
|
44
41
|
|
|
45
42
|
# Lists [Secrets][google.cloud.secretmanager.v1.Secret].
|
|
46
|
-
rpc :ListSecrets, Google::Cloud::SecretManager::V1::ListSecretsRequest, Google::Cloud::SecretManager::V1::ListSecretsResponse
|
|
43
|
+
rpc :ListSecrets, ::Google::Cloud::SecretManager::V1::ListSecretsRequest, ::Google::Cloud::SecretManager::V1::ListSecretsResponse
|
|
47
44
|
# Creates a new [Secret][google.cloud.secretmanager.v1.Secret] containing no [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].
|
|
48
|
-
rpc :CreateSecret, Google::Cloud::SecretManager::V1::CreateSecretRequest, Google::Cloud::SecretManager::V1::Secret
|
|
45
|
+
rpc :CreateSecret, ::Google::Cloud::SecretManager::V1::CreateSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
|
|
49
46
|
# Creates a new [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] containing secret data and attaches
|
|
50
47
|
# it to an existing [Secret][google.cloud.secretmanager.v1.Secret].
|
|
51
|
-
rpc :AddSecretVersion, Google::Cloud::SecretManager::V1::AddSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
|
48
|
+
rpc :AddSecretVersion, ::Google::Cloud::SecretManager::V1::AddSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
|
52
49
|
# Gets metadata for a given [Secret][google.cloud.secretmanager.v1.Secret].
|
|
53
|
-
rpc :GetSecret, Google::Cloud::SecretManager::V1::GetSecretRequest, Google::Cloud::SecretManager::V1::Secret
|
|
50
|
+
rpc :GetSecret, ::Google::Cloud::SecretManager::V1::GetSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
|
|
54
51
|
# Updates metadata of an existing [Secret][google.cloud.secretmanager.v1.Secret].
|
|
55
|
-
rpc :UpdateSecret, Google::Cloud::SecretManager::V1::UpdateSecretRequest, Google::Cloud::SecretManager::V1::Secret
|
|
52
|
+
rpc :UpdateSecret, ::Google::Cloud::SecretManager::V1::UpdateSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
|
|
56
53
|
# Deletes a [Secret][google.cloud.secretmanager.v1.Secret].
|
|
57
|
-
rpc :DeleteSecret, Google::Cloud::SecretManager::V1::DeleteSecretRequest, Google::Protobuf::Empty
|
|
54
|
+
rpc :DeleteSecret, ::Google::Cloud::SecretManager::V1::DeleteSecretRequest, ::Google::Protobuf::Empty
|
|
58
55
|
# Lists [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. This call does not return secret
|
|
59
56
|
# data.
|
|
60
|
-
rpc :ListSecretVersions, Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
|
|
57
|
+
rpc :ListSecretVersions, ::Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, ::Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
|
|
61
58
|
# Gets metadata for a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
|
62
59
|
#
|
|
63
60
|
# `projects/*/secrets/*/versions/latest` is an alias to the `latest`
|
|
64
61
|
# [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
|
65
|
-
rpc :GetSecretVersion, Google::Cloud::SecretManager::V1::GetSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
|
62
|
+
rpc :GetSecretVersion, ::Google::Cloud::SecretManager::V1::GetSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
|
66
63
|
# Accesses a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. This call returns the secret data.
|
|
67
64
|
#
|
|
68
65
|
# `projects/*/secrets/*/versions/latest` is an alias to the `latest`
|
|
69
66
|
# [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
|
70
|
-
rpc :AccessSecretVersion, Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
|
|
67
|
+
rpc :AccessSecretVersion, ::Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, ::Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
|
|
71
68
|
# Disables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
|
72
69
|
#
|
|
73
70
|
# Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
|
|
74
71
|
# [DISABLED][google.cloud.secretmanager.v1.SecretVersion.State.DISABLED].
|
|
75
|
-
rpc :DisableSecretVersion, Google::Cloud::SecretManager::V1::DisableSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
|
72
|
+
rpc :DisableSecretVersion, ::Google::Cloud::SecretManager::V1::DisableSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
|
76
73
|
# Enables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
|
77
74
|
#
|
|
78
75
|
# Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
|
|
79
76
|
# [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED].
|
|
80
|
-
rpc :EnableSecretVersion, Google::Cloud::SecretManager::V1::EnableSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
|
77
|
+
rpc :EnableSecretVersion, ::Google::Cloud::SecretManager::V1::EnableSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
|
81
78
|
# Destroys a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
|
|
82
79
|
#
|
|
83
80
|
# Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
|
|
84
81
|
# [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED] and irrevocably destroys the
|
|
85
82
|
# secret data.
|
|
86
|
-
rpc :DestroySecretVersion, Google::Cloud::SecretManager::V1::DestroySecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
|
|
83
|
+
rpc :DestroySecretVersion, ::Google::Cloud::SecretManager::V1::DestroySecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
|
|
87
84
|
# Sets the access control policy on the specified secret. Replaces any
|
|
88
85
|
# existing policy.
|
|
89
86
|
#
|
|
90
87
|
# Permissions on [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] are enforced according
|
|
91
88
|
# to the policy set on the associated [Secret][google.cloud.secretmanager.v1.Secret].
|
|
92
|
-
rpc :SetIamPolicy, Google::Iam::V1::SetIamPolicyRequest, Google::Iam::V1::Policy
|
|
89
|
+
rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
|
|
93
90
|
# Gets the access control policy for a secret.
|
|
94
91
|
# Returns empty policy if the secret exists and does not have a policy set.
|
|
95
|
-
rpc :GetIamPolicy, Google::Iam::V1::GetIamPolicyRequest, Google::Iam::V1::Policy
|
|
92
|
+
rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
|
|
96
93
|
# Returns permissions that a caller has for the specified secret.
|
|
97
94
|
# If the secret does not exist, this call returns an empty set of
|
|
98
95
|
# permissions, not a NOT_FOUND error.
|
|
@@ -100,7 +97,7 @@ module Google
|
|
|
100
97
|
# Note: This operation is designed to be used for building permission-aware
|
|
101
98
|
# UIs and command-line tools, not for authorization checking. This operation
|
|
102
99
|
# may "fail open" without warning.
|
|
103
|
-
rpc :TestIamPermissions, Google::Iam::V1::TestIamPermissionsRequest, Google::Iam::V1::TestIamPermissionsResponse
|
|
100
|
+
rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
|
|
104
101
|
end
|
|
105
102
|
|
|
106
103
|
Stub = Service.rpc_stub_class
|
|
@@ -54,6 +54,12 @@ module Google
|
|
|
54
54
|
# This indicates that the field may be set once in a request to create a
|
|
55
55
|
# resource, but may not be changed thereafter.
|
|
56
56
|
IMMUTABLE = 5
|
|
57
|
+
|
|
58
|
+
# Denotes that a (repeated) field is an unordered list.
|
|
59
|
+
# This indicates that the service may provide the elements of the list
|
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
|
61
|
+
# provided. Additionally, the list's order may or may not be stable.
|
|
62
|
+
UNORDERED_LIST = 6
|
|
57
63
|
end
|
|
58
64
|
end
|
|
59
65
|
end
|
|
@@ -43,12 +43,12 @@ module Google
|
|
|
43
43
|
#
|
|
44
44
|
# The ResourceDescriptor Yaml config will look like:
|
|
45
45
|
#
|
|
46
|
-
#
|
|
47
|
-
#
|
|
48
|
-
#
|
|
49
|
-
#
|
|
50
|
-
#
|
|
51
|
-
#
|
|
46
|
+
# resources:
|
|
47
|
+
# - type: "pubsub.googleapis.com/Topic"
|
|
48
|
+
# name_descriptor:
|
|
49
|
+
# - pattern: "projects/{project}/topics/{topic}"
|
|
50
|
+
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
51
|
+
# parent_name_extractor: "projects/{project}"
|
|
52
52
|
#
|
|
53
53
|
# Sometimes, resources have multiple patterns, typically because they can
|
|
54
54
|
# live under multiple parents.
|
|
@@ -183,15 +183,24 @@ module Google
|
|
|
183
183
|
# }
|
|
184
184
|
# @!attribute [rw] plural
|
|
185
185
|
# @return [::String]
|
|
186
|
-
# The plural name used in the resource name, such as
|
|
187
|
-
# the name of 'projects/\\{project}'
|
|
188
|
-
#
|
|
186
|
+
# The plural name used in the resource name and permission names, such as
|
|
187
|
+
# 'projects' for the resource name of 'projects/\\{project}' and the permission
|
|
188
|
+
# name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
|
|
189
|
+
# concept of the `plural` field in k8s CRD spec
|
|
189
190
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
|
191
|
+
#
|
|
192
|
+
# Note: The plural form is required even for singleton resources. See
|
|
193
|
+
# https://aip.dev/156
|
|
190
194
|
# @!attribute [rw] singular
|
|
191
195
|
# @return [::String]
|
|
192
196
|
# The same concept of the `singular` field in k8s CRD spec
|
|
193
197
|
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
|
|
194
198
|
# Such as "project" for the `resourcemanager.googleapis.com/Project` type.
|
|
199
|
+
# @!attribute [rw] style
|
|
200
|
+
# @return [::Array<::Google::Api::ResourceDescriptor::Style>]
|
|
201
|
+
# Style flag(s) for this resource.
|
|
202
|
+
# These indicate that a resource is expected to conform to a given
|
|
203
|
+
# style. See the specific style flags for additional information.
|
|
195
204
|
class ResourceDescriptor
|
|
196
205
|
include ::Google::Protobuf::MessageExts
|
|
197
206
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -211,6 +220,22 @@ module Google
|
|
|
211
220
|
# that from being necessary once there are multiple patterns.)
|
|
212
221
|
FUTURE_MULTI_PATTERN = 2
|
|
213
222
|
end
|
|
223
|
+
|
|
224
|
+
# A flag representing a specific style that a resource claims to conform to.
|
|
225
|
+
module Style
|
|
226
|
+
# The unspecified value. Do not use.
|
|
227
|
+
STYLE_UNSPECIFIED = 0
|
|
228
|
+
|
|
229
|
+
# This resource is intended to be "declarative-friendly".
|
|
230
|
+
#
|
|
231
|
+
# Declarative-friendly resources must be more strictly consistent, and
|
|
232
|
+
# setting this to true communicates to tools that this resource should
|
|
233
|
+
# adhere to declarative-friendly expectations.
|
|
234
|
+
#
|
|
235
|
+
# Note: This is used by the API linter (linter.aip.dev) to enable
|
|
236
|
+
# additional checks.
|
|
237
|
+
DECLARATIVE_FRIENDLY = 1
|
|
238
|
+
end
|
|
214
239
|
end
|
|
215
240
|
|
|
216
241
|
# Defines a proto annotation that describes a string field that refers to
|
|
@@ -226,6 +251,17 @@ module Google
|
|
|
226
251
|
# type: "pubsub.googleapis.com/Topic"
|
|
227
252
|
# }];
|
|
228
253
|
# }
|
|
254
|
+
#
|
|
255
|
+
# Occasionally, a field may reference an arbitrary resource. In this case,
|
|
256
|
+
# APIs use the special value * in their resource reference.
|
|
257
|
+
#
|
|
258
|
+
# Example:
|
|
259
|
+
#
|
|
260
|
+
# message GetIamPolicyRequest {
|
|
261
|
+
# string resource = 2 [(google.api.resource_reference) = {
|
|
262
|
+
# type: "*"
|
|
263
|
+
# }];
|
|
264
|
+
# }
|
|
229
265
|
# @!attribute [rw] child_type
|
|
230
266
|
# @return [::String]
|
|
231
267
|
# The resource type of a child collection that the annotated field
|
|
@@ -234,11 +270,11 @@ module Google
|
|
|
234
270
|
#
|
|
235
271
|
# Example:
|
|
236
272
|
#
|
|
237
|
-
#
|
|
238
|
-
#
|
|
239
|
-
#
|
|
240
|
-
#
|
|
241
|
-
#
|
|
273
|
+
# message ListLogEntriesRequest {
|
|
274
|
+
# string parent = 1 [(google.api.resource_reference) = {
|
|
275
|
+
# child_type: "logging.googleapis.com/LogEntry"
|
|
276
|
+
# };
|
|
277
|
+
# }
|
|
242
278
|
class ResourceReference
|
|
243
279
|
include ::Google::Protobuf::MessageExts
|
|
244
280
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -50,6 +50,17 @@ module Google
|
|
|
50
50
|
# regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
|
|
51
51
|
#
|
|
52
52
|
# No more than 64 labels can be assigned to a given resource.
|
|
53
|
+
# @!attribute [rw] topics
|
|
54
|
+
# @return [::Array<::Google::Cloud::SecretManager::V1::Topic>]
|
|
55
|
+
# Optional. A list of up to 10 Pub/Sub topics to which messages are published when
|
|
56
|
+
# control plane operations are called on the secret or its versions.
|
|
57
|
+
# @!attribute [rw] expire_time
|
|
58
|
+
# @return [::Google::Protobuf::Timestamp]
|
|
59
|
+
# Optional. Timestamp in UTC when the {::Google::Cloud::SecretManager::V1::Secret Secret} is scheduled to expire. This is
|
|
60
|
+
# always provided on output, regardless of what was sent on input.
|
|
61
|
+
# @!attribute [rw] ttl
|
|
62
|
+
# @return [::Google::Protobuf::Duration]
|
|
63
|
+
# Input only. The TTL for the {::Google::Cloud::SecretManager::V1::Secret Secret}.
|
|
53
64
|
class Secret
|
|
54
65
|
include ::Google::Protobuf::MessageExts
|
|
55
66
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -83,6 +94,9 @@ module Google
|
|
|
83
94
|
# @!attribute [r] state
|
|
84
95
|
# @return [::Google::Cloud::SecretManager::V1::SecretVersion::State]
|
|
85
96
|
# Output only. The current state of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
|
97
|
+
# @!attribute [rw] replication_status
|
|
98
|
+
# @return [::Google::Cloud::SecretManager::V1::ReplicationStatus]
|
|
99
|
+
# The replication status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
|
86
100
|
class SecretVersion
|
|
87
101
|
include ::Google::Protobuf::MessageExts
|
|
88
102
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -106,7 +120,7 @@ module Google
|
|
|
106
120
|
end
|
|
107
121
|
end
|
|
108
122
|
|
|
109
|
-
# A policy that defines the replication configuration of data.
|
|
123
|
+
# A policy that defines the replication and encryption configuration of data.
|
|
110
124
|
# @!attribute [rw] automatic
|
|
111
125
|
# @return [::Google::Cloud::SecretManager::V1::Replication::Automatic]
|
|
112
126
|
# The {::Google::Cloud::SecretManager::V1::Secret Secret} will automatically be replicated without any restrictions.
|
|
@@ -119,6 +133,14 @@ module Google
|
|
|
119
133
|
|
|
120
134
|
# A replication policy that replicates the {::Google::Cloud::SecretManager::V1::Secret Secret} payload without any
|
|
121
135
|
# restrictions.
|
|
136
|
+
# @!attribute [rw] customer_managed_encryption
|
|
137
|
+
# @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryption]
|
|
138
|
+
# Optional. The customer-managed encryption configuration of the {::Google::Cloud::SecretManager::V1::Secret Secret}. If no
|
|
139
|
+
# configuration is provided, Google-managed default encryption is used.
|
|
140
|
+
#
|
|
141
|
+
# Updates to the {::Google::Cloud::SecretManager::V1::Secret Secret} encryption configuration only apply to
|
|
142
|
+
# {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions} added afterwards. They do not apply
|
|
143
|
+
# retroactively to existing {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions}.
|
|
122
144
|
class Automatic
|
|
123
145
|
include ::Google::Protobuf::MessageExts
|
|
124
146
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -140,6 +162,15 @@ module Google
|
|
|
140
162
|
# @return [::String]
|
|
141
163
|
# The canonical IDs of the location to replicate data.
|
|
142
164
|
# For example: `"us-east1"`.
|
|
165
|
+
# @!attribute [rw] customer_managed_encryption
|
|
166
|
+
# @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryption]
|
|
167
|
+
# Optional. The customer-managed encryption configuration of the [User-Managed
|
|
168
|
+
# Replica][Replication.UserManaged.Replica]. If no configuration is
|
|
169
|
+
# provided, Google-managed default encryption is used.
|
|
170
|
+
#
|
|
171
|
+
# Updates to the {::Google::Cloud::SecretManager::V1::Secret Secret} encryption configuration only apply to
|
|
172
|
+
# {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions} added afterwards. They do not apply
|
|
173
|
+
# retroactively to existing {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions}.
|
|
143
174
|
class Replica
|
|
144
175
|
include ::Google::Protobuf::MessageExts
|
|
145
176
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -147,6 +178,109 @@ module Google
|
|
|
147
178
|
end
|
|
148
179
|
end
|
|
149
180
|
|
|
181
|
+
# Configuration for encrypting secret payloads using customer-managed
|
|
182
|
+
# encryption keys (CMEK).
|
|
183
|
+
# @!attribute [rw] kms_key_name
|
|
184
|
+
# @return [::String]
|
|
185
|
+
# Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret
|
|
186
|
+
# payloads.
|
|
187
|
+
#
|
|
188
|
+
# For secrets using the {::Google::Cloud::SecretManager::V1::Replication::UserManaged UserManaged} replication
|
|
189
|
+
# policy type, Cloud KMS CryptoKeys must reside in the same location as the
|
|
190
|
+
# [replica location][Secret.UserManaged.Replica.location].
|
|
191
|
+
#
|
|
192
|
+
# For secrets using the {::Google::Cloud::SecretManager::V1::Replication::Automatic Automatic} replication policy
|
|
193
|
+
# type, Cloud KMS CryptoKeys must reside in `global`.
|
|
194
|
+
#
|
|
195
|
+
# The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
|
|
196
|
+
class CustomerManagedEncryption
|
|
197
|
+
include ::Google::Protobuf::MessageExts
|
|
198
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
# The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
|
202
|
+
# @!attribute [rw] automatic
|
|
203
|
+
# @return [::Google::Cloud::SecretManager::V1::ReplicationStatus::AutomaticStatus]
|
|
204
|
+
# Describes the replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} with
|
|
205
|
+
# automatic replication.
|
|
206
|
+
#
|
|
207
|
+
# Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has an automatic replication
|
|
208
|
+
# policy.
|
|
209
|
+
# @!attribute [rw] user_managed
|
|
210
|
+
# @return [::Google::Cloud::SecretManager::V1::ReplicationStatus::UserManagedStatus]
|
|
211
|
+
# Describes the replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} with
|
|
212
|
+
# user-managed replication.
|
|
213
|
+
#
|
|
214
|
+
# Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has a user-managed replication
|
|
215
|
+
# policy.
|
|
216
|
+
class ReplicationStatus
|
|
217
|
+
include ::Google::Protobuf::MessageExts
|
|
218
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
219
|
+
|
|
220
|
+
# The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} using automatic replication.
|
|
221
|
+
#
|
|
222
|
+
# Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has an automatic replication
|
|
223
|
+
# policy.
|
|
224
|
+
# @!attribute [r] customer_managed_encryption
|
|
225
|
+
# @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryptionStatus]
|
|
226
|
+
# Output only. The customer-managed encryption status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. Only
|
|
227
|
+
# populated if customer-managed encryption is used.
|
|
228
|
+
class AutomaticStatus
|
|
229
|
+
include ::Google::Protobuf::MessageExts
|
|
230
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
# The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} using user-managed
|
|
234
|
+
# replication.
|
|
235
|
+
#
|
|
236
|
+
# Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has a user-managed replication
|
|
237
|
+
# policy.
|
|
238
|
+
# @!attribute [r] replicas
|
|
239
|
+
# @return [::Array<::Google::Cloud::SecretManager::V1::ReplicationStatus::UserManagedStatus::ReplicaStatus>]
|
|
240
|
+
# Output only. The list of replica statuses for the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
|
241
|
+
class UserManagedStatus
|
|
242
|
+
include ::Google::Protobuf::MessageExts
|
|
243
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
244
|
+
|
|
245
|
+
# Describes the status of a user-managed replica for the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
|
246
|
+
# @!attribute [r] location
|
|
247
|
+
# @return [::String]
|
|
248
|
+
# Output only. The canonical ID of the replica location.
|
|
249
|
+
# For example: `"us-east1"`.
|
|
250
|
+
# @!attribute [r] customer_managed_encryption
|
|
251
|
+
# @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryptionStatus]
|
|
252
|
+
# Output only. The customer-managed encryption status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. Only
|
|
253
|
+
# populated if customer-managed encryption is used.
|
|
254
|
+
class ReplicaStatus
|
|
255
|
+
include ::Google::Protobuf::MessageExts
|
|
256
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
257
|
+
end
|
|
258
|
+
end
|
|
259
|
+
end
|
|
260
|
+
|
|
261
|
+
# Describes the status of customer-managed encryption.
|
|
262
|
+
# @!attribute [rw] kms_key_version_name
|
|
263
|
+
# @return [::String]
|
|
264
|
+
# Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the
|
|
265
|
+
# secret payload, in the following format:
|
|
266
|
+
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
|
|
267
|
+
class CustomerManagedEncryptionStatus
|
|
268
|
+
include ::Google::Protobuf::MessageExts
|
|
269
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
270
|
+
end
|
|
271
|
+
|
|
272
|
+
# A Pub/Sub topic which Secret Manager will publish to when control plane
|
|
273
|
+
# events occur on this secret.
|
|
274
|
+
# @!attribute [rw] name
|
|
275
|
+
# @return [::String]
|
|
276
|
+
# Required. The resource name of the Pub/Sub topic that will be published to, in the
|
|
277
|
+
# following format: `projects/*/topics/*`. For publication to succeed, the
|
|
278
|
+
# Secret Manager P4SA must have `pubsub.publisher` permissions on the topic.
|
|
279
|
+
class Topic
|
|
280
|
+
include ::Google::Protobuf::MessageExts
|
|
281
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
282
|
+
end
|
|
283
|
+
|
|
150
284
|
# A secret payload resource in the Secret Manager API. This contains the
|
|
151
285
|
# sensitive secret payload that is associated with a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
|
|
152
286
|
# @!attribute [rw] data
|