google-cloud-secret_manager-v1 0.5.1 → 0.10.0

data/lib/google/cloud/secret_manager/v1/secret_manager_service/client.rb

@@ -66,7 +66,7 @@ module Google
                 parent_config = while namespace.any?
                                   parent_name = namespace.join "::"
                                   parent_const = const_get parent_name
-                                  break parent_const.configure if parent_const&.respond_to? :configure
+                                  break parent_const.configure if parent_const.respond_to? :configure
                                   namespace.pop
                                 end
                 default_config = Client::Configuration.new parent_config
@@ -90,9 +90,9 @@ module Google
                 default_config.rpcs.access_secret_version.timeout = 60.0
                 default_config.rpcs.access_secret_version.retry_policy = {
                   initial_delay: 1.0,
-                  max_delay:     60.0,
-                  multiplier:    1.3,
-                  retry_codes:   [14, 2]
+                  max_delay: 60.0,
+                  multiplier: 1.3,
+                  retry_codes: [14, 2]
                 }
 
                 default_config.rpcs.disable_secret_version.timeout = 60.0
@@ -168,7 +168,13 @@ module Google
 
               # Create credentials
               credentials = @config.credentials
-              credentials ||= Credentials.default scope: @config.scope
+              # Use self-signed JWT if the scope and endpoint are unchanged from default,
+              # but only if the default endpoint does not have a region prefix.
+              enable_self_signed_jwt = @config.scope == Client.configure.scope &&
+                                       @config.endpoint == Client.configure.endpoint &&
+                                       !@config.endpoint.split(".").first.include?("-")
+              credentials ||= Credentials.default scope: @config.scope,
+                                                  enable_self_signed_jwt: enable_self_signed_jwt
               if credentials.is_a?(String) || credentials.is_a?(Hash)
                 credentials = Credentials.new credentials, scope: @config.scope
               end
@@ -553,7 +559,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload delete_secret(name: nil)
+            # @overload delete_secret(name: nil, etag: nil)
             #   Pass arguments to `delete_secret` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -561,6 +567,10 @@ module Google
             #   @param name [::String]
             #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::Secret Secret} to delete in the format
             #     `projects/*/secrets/*`.
+            #   @param etag [::String]
+            #     Optional. Etag of the {::Google::Cloud::SecretManager::V1::Secret Secret}. The request succeeds if it matches
+            #     the etag of the currently stored secret object. If the etag is omitted,
+            #     the request succeeds.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Protobuf::Empty]
@@ -687,8 +697,8 @@ module Google
             ##
             # Gets metadata for a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
             #
-            # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
-            # {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+            # `projects/*/secrets/*/versions/latest` is an alias to the most recently
+            # created {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
             #
             # @overload get_secret_version(request, options = nil)
             #   Pass arguments to `get_secret_version` via a request object, either of type
@@ -708,8 +718,9 @@ module Google
             #   @param name [::String]
             #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} in the format
             #     `projects/*/secrets/*/versions/*`.
-            #     `projects/*/secrets/*/versions/latest` is an alias to the `latest`
-            #     {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+            #
+            #     `projects/*/secrets/*/versions/latest` is an alias to the most recently
+            #     created {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecretManager::V1::SecretVersion]
@@ -759,8 +770,8 @@ module Google
             ##
             # Accesses a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. This call returns the secret data.
             #
-            # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
-            # {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+            # `projects/*/secrets/*/versions/latest` is an alias to the most recently
+            # created {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
             #
             # @overload access_secret_version(request, options = nil)
             #   Pass arguments to `access_secret_version` via a request object, either of type
@@ -781,6 +792,9 @@ module Google
             #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} in the format
             #     `projects/*/secrets/*/versions/*`.
             #
+            #     `projects/*/secrets/*/versions/latest` is an alias to the most recently
+            #     created {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+            #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecretManager::V1::AccessSecretVersionResponse]
             # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -842,7 +856,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload disable_secret_version(name: nil)
+            # @overload disable_secret_version(name: nil, etag: nil)
             #   Pass arguments to `disable_secret_version` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -850,6 +864,10 @@ module Google
             #   @param name [::String]
             #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} to disable in the format
             #     `projects/*/secrets/*/versions/*`.
+            #   @param etag [::String]
+            #     Optional. Etag of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. The request succeeds if it matches
+            #     the etag of the currently stored secret version object. If the etag is
+            #     omitted, the request succeeds.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecretManager::V1::SecretVersion]
@@ -912,7 +930,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload enable_secret_version(name: nil)
+            # @overload enable_secret_version(name: nil, etag: nil)
             #   Pass arguments to `enable_secret_version` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -920,6 +938,10 @@ module Google
             #   @param name [::String]
             #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} to enable in the format
             #     `projects/*/secrets/*/versions/*`.
+            #   @param etag [::String]
+            #     Optional. Etag of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. The request succeeds if it matches
+            #     the etag of the currently stored secret version object. If the etag is
+            #     omitted, the request succeeds.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecretManager::V1::SecretVersion]
@@ -983,7 +1005,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload destroy_secret_version(name: nil)
+            # @overload destroy_secret_version(name: nil, etag: nil)
             #   Pass arguments to `destroy_secret_version` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -991,6 +1013,10 @@ module Google
             #   @param name [::String]
             #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} to destroy in the format
             #     `projects/*/secrets/*/versions/*`.
+            #   @param etag [::String]
+            #     Optional. Etag of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. The request succeeds if it matches
+            #     the etag of the currently stored secret version object. If the etag is
+            #     omitted, the request succeeds.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::SecretManager::V1::SecretVersion]
@@ -1354,7 +1380,7 @@ module Google
               config_attr :scope,         nil, ::String, ::Array, nil
               config_attr :lib_name,      nil, ::String, nil
               config_attr :lib_version,   nil, ::String, nil
-              config_attr(:channel_args,  { "grpc.service_config_disable_resolution"=>1 }, ::Hash, nil)
+              config_attr(:channel_args,  { "grpc.service_config_disable_resolution" => 1 }, ::Hash, nil)
               config_attr :interceptors,  nil, ::Array, nil
               config_attr :timeout,       nil, ::Numeric, nil
               config_attr :metadata,      nil, ::Hash, nil
@@ -1375,7 +1401,7 @@ module Google
               def rpcs
                 @rpcs ||= begin
                   parent_rpcs = nil
-                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config&.respond_to?(:rpcs)
+                  parent_rpcs = @parent_config.rpcs if defined?(@parent_config) && @parent_config.respond_to?(:rpcs)
                   Rpcs.new parent_rpcs
                 end
               end
@@ -1476,35 +1502,35 @@ module Google
 
                 # @private
                 def initialize parent_rpcs = nil
-                  list_secrets_config = parent_rpcs&.list_secrets if parent_rpcs&.respond_to? :list_secrets
+                  list_secrets_config = parent_rpcs.list_secrets if parent_rpcs.respond_to? :list_secrets
                   @list_secrets = ::Gapic::Config::Method.new list_secrets_config
-                  create_secret_config = parent_rpcs&.create_secret if parent_rpcs&.respond_to? :create_secret
+                  create_secret_config = parent_rpcs.create_secret if parent_rpcs.respond_to? :create_secret
                   @create_secret = ::Gapic::Config::Method.new create_secret_config
-                  add_secret_version_config = parent_rpcs&.add_secret_version if parent_rpcs&.respond_to? :add_secret_version
+                  add_secret_version_config = parent_rpcs.add_secret_version if parent_rpcs.respond_to? :add_secret_version
                   @add_secret_version = ::Gapic::Config::Method.new add_secret_version_config
-                  get_secret_config = parent_rpcs&.get_secret if parent_rpcs&.respond_to? :get_secret
+                  get_secret_config = parent_rpcs.get_secret if parent_rpcs.respond_to? :get_secret
                   @get_secret = ::Gapic::Config::Method.new get_secret_config
-                  update_secret_config = parent_rpcs&.update_secret if parent_rpcs&.respond_to? :update_secret
+                  update_secret_config = parent_rpcs.update_secret if parent_rpcs.respond_to? :update_secret
                   @update_secret = ::Gapic::Config::Method.new update_secret_config
-                  delete_secret_config = parent_rpcs&.delete_secret if parent_rpcs&.respond_to? :delete_secret
+                  delete_secret_config = parent_rpcs.delete_secret if parent_rpcs.respond_to? :delete_secret
                   @delete_secret = ::Gapic::Config::Method.new delete_secret_config
-                  list_secret_versions_config = parent_rpcs&.list_secret_versions if parent_rpcs&.respond_to? :list_secret_versions
+                  list_secret_versions_config = parent_rpcs.list_secret_versions if parent_rpcs.respond_to? :list_secret_versions
                   @list_secret_versions = ::Gapic::Config::Method.new list_secret_versions_config
-                  get_secret_version_config = parent_rpcs&.get_secret_version if parent_rpcs&.respond_to? :get_secret_version
+                  get_secret_version_config = parent_rpcs.get_secret_version if parent_rpcs.respond_to? :get_secret_version
                   @get_secret_version = ::Gapic::Config::Method.new get_secret_version_config
-                  access_secret_version_config = parent_rpcs&.access_secret_version if parent_rpcs&.respond_to? :access_secret_version
+                  access_secret_version_config = parent_rpcs.access_secret_version if parent_rpcs.respond_to? :access_secret_version
                   @access_secret_version = ::Gapic::Config::Method.new access_secret_version_config
-                  disable_secret_version_config = parent_rpcs&.disable_secret_version if parent_rpcs&.respond_to? :disable_secret_version
+                  disable_secret_version_config = parent_rpcs.disable_secret_version if parent_rpcs.respond_to? :disable_secret_version
                   @disable_secret_version = ::Gapic::Config::Method.new disable_secret_version_config
-                  enable_secret_version_config = parent_rpcs&.enable_secret_version if parent_rpcs&.respond_to? :enable_secret_version
+                  enable_secret_version_config = parent_rpcs.enable_secret_version if parent_rpcs.respond_to? :enable_secret_version
                   @enable_secret_version = ::Gapic::Config::Method.new enable_secret_version_config
-                  destroy_secret_version_config = parent_rpcs&.destroy_secret_version if parent_rpcs&.respond_to? :destroy_secret_version
+                  destroy_secret_version_config = parent_rpcs.destroy_secret_version if parent_rpcs.respond_to? :destroy_secret_version
                   @destroy_secret_version = ::Gapic::Config::Method.new destroy_secret_version_config
-                  set_iam_policy_config = parent_rpcs&.set_iam_policy if parent_rpcs&.respond_to? :set_iam_policy
+                  set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
                   @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
-                  get_iam_policy_config = parent_rpcs&.get_iam_policy if parent_rpcs&.respond_to? :get_iam_policy
+                  get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
                   @get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
-                  test_iam_permissions_config = parent_rpcs&.test_iam_permissions if parent_rpcs&.respond_to? :test_iam_permissions
+                  test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
                   @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
 
                   yield self if block_given?

data/lib/google/cloud/secret_manager/v1/secret_manager_service/paths.rb

@@ -74,6 +74,23 @@ module Google
               "projects/#{project}/secrets/#{secret}/versions/#{secret_version}"
             end
 
+            ##
+            # Create a fully-qualified Topic resource string.
+            #
+            # The resource will be in the following format:
+            #
+            # `projects/{project}/topics/{topic}`
+            #
+            # @param project [String]
+            # @param topic [String]
+            #
+            # @return [::String]
+            def topic_path project:, topic:
+              raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
+
+              "projects/#{project}/topics/#{topic}"
+            end
+
             extend self
           end
         end

data/lib/google/cloud/secret_manager/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module SecretManager
       module V1
-        VERSION = "0.5.1"
+        VERSION = "0.10.0"
       end
     end
   end

data/lib/google/cloud/secretmanager/v1/resources_pb.rb

@@ -5,6 +5,7 @@ require 'google/protobuf'
 
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
+require 'google/protobuf/duration_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/api/annotations_pb'
 Google::Protobuf::DescriptorPool.generated_pool.build do
@@ -14,6 +15,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :replication, :message, 2, "google.cloud.secretmanager.v1.Replication"
       optional :create_time, :message, 3, "google.protobuf.Timestamp"
       map :labels, :string, :string, 4
+      repeated :topics, :message, 5, "google.cloud.secretmanager.v1.Topic"
+      optional :etag, :string, 8
+      optional :rotation, :message, 9, "google.cloud.secretmanager.v1.Rotation"
+      oneof :expiration do
+        optional :expire_time, :message, 6, "google.protobuf.Timestamp"
+        optional :ttl, :message, 7, "google.protobuf.Duration"
+      end
     end
     add_message "google.cloud.secretmanager.v1.SecretVersion" do
       optional :name, :string, 1
@@ -21,6 +29,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :destroy_time, :message, 3, "google.protobuf.Timestamp"
       optional :state, :enum, 4, "google.cloud.secretmanager.v1.SecretVersion.State"
       optional :replication_status, :message, 5, "google.cloud.secretmanager.v1.ReplicationStatus"
+      optional :etag, :string, 6
     end
     add_enum "google.cloud.secretmanager.v1.SecretVersion.State" do
       value :STATE_UNSPECIFIED, 0
@@ -66,6 +75,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus" do
       optional :kms_key_version_name, :string, 1
     end
+    add_message "google.cloud.secretmanager.v1.Topic" do
+      optional :name, :string, 1
+    end
+    add_message "google.cloud.secretmanager.v1.Rotation" do
+      optional :next_rotation_time, :message, 1, "google.protobuf.Timestamp"
+      optional :rotation_period, :message, 2, "google.protobuf.Duration"
+    end
     add_message "google.cloud.secretmanager.v1.SecretPayload" do
       optional :data, :bytes, 1
     end
@@ -89,6 +105,8 @@ module Google
         ReplicationStatus::UserManagedStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus").msgclass
         ReplicationStatus::UserManagedStatus::ReplicaStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus").msgclass
         CustomerManagedEncryptionStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus").msgclass
+        Topic = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Topic").msgclass
+        Rotation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Rotation").msgclass
         SecretPayload = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.SecretPayload").msgclass
       end
     end

data/lib/google/cloud/secretmanager/v1/service_pb.rb

@@ -62,15 +62,19 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     end
     add_message "google.cloud.secretmanager.v1.DeleteSecretRequest" do
       optional :name, :string, 1
+      optional :etag, :string, 2
     end
     add_message "google.cloud.secretmanager.v1.DisableSecretVersionRequest" do
       optional :name, :string, 1
+      optional :etag, :string, 2
     end
     add_message "google.cloud.secretmanager.v1.EnableSecretVersionRequest" do
       optional :name, :string, 1
+      optional :etag, :string, 2
     end
     add_message "google.cloud.secretmanager.v1.DestroySecretVersionRequest" do
       optional :name, :string, 1
+      optional :etag, :string, 2
     end
   end
 end

data/lib/google/cloud/secretmanager/v1/service_services_pb.rb

@@ -33,7 +33,7 @@ module Google
           # * [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
           class Service
 
-            include GRPC::GenericService
+            include ::GRPC::GenericService
 
             self.marshal_class_method = :encode
             self.unmarshal_class_method = :decode
@@ -57,13 +57,13 @@ module Google
             rpc :ListSecretVersions, ::Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, ::Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
             # Gets metadata for a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
-            # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
-            # [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+            # `projects/*/secrets/*/versions/latest` is an alias to the most recently
+            # created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             rpc :GetSecretVersion, ::Google::Cloud::SecretManager::V1::GetSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Accesses a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. This call returns the secret data.
             #
-            # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
-            # [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+            # `projects/*/secrets/*/versions/latest` is an alias to the most recently
+            # created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             rpc :AccessSecretVersion, ::Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, ::Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
             # Disables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #

data/proto_docs/google/api/field_behavior.rb

@@ -54,6 +54,12 @@ module Google
       # This indicates that the field may be set once in a request to create a
       # resource, but may not be changed thereafter.
       IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
     end
   end
 end

data/proto_docs/google/cloud/secretmanager/v1/resources.rb

@@ -50,6 +50,24 @@ module Google
         #     regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
         #
         #     No more than 64 labels can be assigned to a given resource.
+        # @!attribute [rw] topics
+        #   @return [::Array<::Google::Cloud::SecretManager::V1::Topic>]
+        #     Optional. A list of up to 10 Pub/Sub topics to which messages are published when
+        #     control plane operations are called on the secret or its versions.
+        # @!attribute [rw] expire_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Optional. Timestamp in UTC when the {::Google::Cloud::SecretManager::V1::Secret Secret} is scheduled to expire. This is
+        #     always provided on output, regardless of what was sent on input.
+        # @!attribute [rw] ttl
+        #   @return [::Google::Protobuf::Duration]
+        #     Input only. The TTL for the {::Google::Cloud::SecretManager::V1::Secret Secret}.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     Optional. Etag of the currently stored {::Google::Cloud::SecretManager::V1::Secret Secret}.
+        # @!attribute [rw] rotation
+        #   @return [::Google::Cloud::SecretManager::V1::Rotation]
+        #     Optional. Rotation policy attached to the {::Google::Cloud::SecretManager::V1::Secret Secret}. May be excluded if there is no
+        #     rotation policy.
         class Secret
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -86,6 +104,9 @@ module Google
         # @!attribute [rw] replication_status
         #   @return [::Google::Cloud::SecretManager::V1::ReplicationStatus]
         #     The replication status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+        # @!attribute [r] etag
+        #   @return [::String]
+        #     Output only. Etag of the currently stored {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
         class SecretVersion
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -258,6 +279,41 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # A Pub/Sub topic which Secret Manager will publish to when control plane
+        # events occur on this secret.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The resource name of the Pub/Sub topic that will be published to, in the
+        #     following format: `projects/*/topics/*`. For publication to succeed, the
+        #     Secret Manager P4SA must have `pubsub.publisher` permissions on the topic.
+        class Topic
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The rotation time and period for a {::Google::Cloud::SecretManager::V1::Secret Secret}. At next_rotation_time, Secret
+        # Manager will send a Pub/Sub notification to the topics configured on the
+        # Secret. {::Google::Cloud::SecretManager::V1::Secret#topics Secret.topics} must be set to configure rotation.
+        # @!attribute [rw] next_rotation_time
+        #   @return [::Google::Protobuf::Timestamp]
+        #     Optional. Timestamp in UTC at which the {::Google::Cloud::SecretManager::V1::Secret Secret} is scheduled to rotate. Cannot be
+        #     set to less than 300s (5 min) in the future and at most 3153600000s (100
+        #     years).
+        #
+        #     {::Google::Cloud::SecretManager::V1::Rotation#next_rotation_time next_rotation_time} MUST  be set if {::Google::Cloud::SecretManager::V1::Rotation#rotation_period rotation_period} is set.
+        # @!attribute [rw] rotation_period
+        #   @return [::Google::Protobuf::Duration]
+        #     Input only. The Duration between rotation notifications. Must be in seconds
+        #     and at least 3600s (1h) and at most 3153600000s (100 years).
+        #
+        #     If {::Google::Cloud::SecretManager::V1::Rotation#rotation_period rotation_period} is set, {::Google::Cloud::SecretManager::V1::Rotation#next_rotation_time next_rotation_time} must be set.
+        #     {::Google::Cloud::SecretManager::V1::Rotation#next_rotation_time next_rotation_time} will be advanced by this period when the service
+        #     automatically sends rotation notifications.
+        class Rotation
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # A secret payload resource in the Secret Manager API. This contains the
         # sensitive secret payload that is associated with a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
         # @!attribute [rw] data

data/proto_docs/google/cloud/secretmanager/v1/service.rb

@@ -141,8 +141,9 @@ module Google
         #   @return [::String]
         #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} in the format
         #     `projects/*/secrets/*/versions/*`.
-        #     `projects/*/secrets/*/versions/latest` is an alias to the `latest`
-        #     {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+        #
+        #     `projects/*/secrets/*/versions/latest` is an alias to the most recently
+        #     created {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
         class GetSecretVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -165,6 +166,9 @@ module Google
         #   @return [::String]
         #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} in the format
         #     `projects/*/secrets/*/versions/*`.
+        #
+        #     `projects/*/secrets/*/versions/latest` is an alias to the most recently
+        #     created {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
         class AccessSecretVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -188,6 +192,11 @@ module Google
         #   @return [::String]
         #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::Secret Secret} to delete in the format
         #     `projects/*/secrets/*`.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     Optional. Etag of the {::Google::Cloud::SecretManager::V1::Secret Secret}. The request succeeds if it matches
+        #     the etag of the currently stored secret object. If the etag is omitted,
+        #     the request succeeds.
         class DeleteSecretRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -198,6 +207,11 @@ module Google
         #   @return [::String]
         #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} to disable in the format
         #     `projects/*/secrets/*/versions/*`.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     Optional. Etag of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. The request succeeds if it matches
+        #     the etag of the currently stored secret version object. If the etag is
+        #     omitted, the request succeeds.
         class DisableSecretVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -208,6 +222,11 @@ module Google
         #   @return [::String]
         #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} to enable in the format
         #     `projects/*/secrets/*/versions/*`.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     Optional. Etag of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. The request succeeds if it matches
+        #     the etag of the currently stored secret version object. If the etag is
+        #     omitted, the request succeeds.
         class EnableSecretVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -218,6 +237,11 @@ module Google
         #   @return [::String]
         #     Required. The resource name of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} to destroy in the format
         #     `projects/*/secrets/*/versions/*`.
+        # @!attribute [rw] etag
+        #   @return [::String]
+        #     Optional. Etag of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. The request succeeds if it matches
+        #     the etag of the currently stored secret version object. If the etag is
+        #     omitted, the request succeeds.
         class DestroySecretVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods