Skip to content
This repository has been archived by the owner on Sep 16, 2023. It is now read-only.

Commit

Permalink
feat: Checksums in Secret Manager (#687)
Browse files Browse the repository at this point in the history 
- [ ] Regenerate this pull request now.

Users can now use checksums for data integrity assurance when adding and
accessing SecretVersions.

PiperOrigin-RevId: 425369494

Source-Link: googleapis/googleapis@70d389c

Source-Link: googleapis/googleapis-gen@cf92905
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiY2Y5MjkwNTY4Mjg0ZDJmMDk5YjlhMDBjYzgyYTJhMTMzYmU2ZGZkYSJ9
  • Loading branch information
@gcf-owl-bot
gcf-owl-bot[bot] committed Feb 2, 2022
1 parent 161430c commit 4e5ee16
Show file tree
Hide file tree
Showing 7 changed files with 445 additions and 61 deletions.
10 changes: 10 additions & 0 deletions ...nager/src/test/java/com/google/cloud/secretmanager/v1/SecretManagerServiceClientTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,7 @@ public void addSecretVersionTest() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -334,6 +335,7 @@ public void addSecretVersionTest2() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -670,6 +672,7 @@ public void getSecretVersionTest() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -712,6 +715,7 @@ public void getSecretVersionTest2() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -832,6 +836,7 @@ public void disableSecretVersionTest() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -875,6 +880,7 @@ public void disableSecretVersionTest2() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -918,6 +924,7 @@ public void enableSecretVersionTest() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -960,6 +967,7 @@ public void enableSecretVersionTest2() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -1002,6 +1010,7 @@ public void destroySecretVersionTest() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down Expand Up @@ -1045,6 +1054,7 @@ public void destroySecretVersionTest2() throws Exception {
.setDestroyTime(Timestamp.newBuilder().build())
.setReplicationStatus(ReplicationStatus.newBuilder().build())
.setEtag("etag3123477")
.setClientSpecifiedPayloadChecksum(true)
.build();
mockSecretManagerService.addResponse(expectedResponse);

Expand Down
128 changes: 68 additions & 60 deletions ...loud-secretmanager-v1/src/main/java/com/google/cloud/secretmanager/v1/ResourcesProto.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,11 +101,11 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
static {
java.lang.String[] descriptorData = {
"\n-google/cloud/secretmanager/v1/resource"
+ "s.proto\022\035google.cloud.secretmanager.v1\032\037"
+ "google/api/field_behavior.proto\032\031google/"
+ "api/resource.proto\032\036google/protobuf/dura"
+ "tion.proto\032\037google/protobuf/timestamp.pr"
+ "oto\032\034google/api/annotations.proto\"\336\004\n\006Se"
+ "s.proto\022\035google.cloud.secretmanager.v1\032\034"
+ "google/api/annotations.proto\032\037google/api"
+ "/field_behavior.proto\032\031google/api/resour"
+ "ce.proto\032\036google/protobuf/duration.proto"
+ "\032\037google/protobuf/timestamp.proto\"\336\004\n\006Se"
+ "cret\022\021\n\004name\030\001 \001(\tB\003\340A\003\022G\n\013replication\030\002"
+ " \001(\0132*.google.cloud.secretmanager.v1.Rep"
+ "licationB\006\340A\005\340A\002\0224\n\013create_time\030\003 \001(\0132\032."
Expand All @@ -121,74 +121,76 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+ "\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001:M\352AJ\n#secr"
+ "etmanager.googleapis.com/Secret\022#project"
+ "s/{project}/secrets/{secret}B\014\n\nexpirati"
+ "on\"\362\003\n\rSecretVersion\022\021\n\004name\030\001 \001(\tB\003\340A\003\022"
+ "on\"\242\004\n\rSecretVersion\022\021\n\004name\030\001 \001(\tB\003\340A\003\022"
+ "4\n\013create_time\030\002 \001(\0132\032.google.protobuf.T"
+ "imestampB\003\340A\003\0225\n\014destroy_time\030\003 \001(\0132\032.go"
+ "ogle.protobuf.TimestampB\003\340A\003\022F\n\005state\030\004 "
+ "\001(\01622.google.cloud.secretmanager.v1.Secr"
+ "etVersion.StateB\003\340A\003\022L\n\022replication_stat"
+ "us\030\005 \001(\01320.google.cloud.secretmanager.v1"
+ ".ReplicationStatus\022\021\n\004etag\030\006 \001(\tB\003\340A\003\"H\n"
+ "\005State\022\025\n\021STATE_UNSPECIFIED\020\000\022\013\n\007ENABLED"
+ "\020\001\022\014\n\010DISABLED\020\002\022\r\n\tDESTROYED\020\003:n\352Ak\n*se"
+ "cretmanager.googleapis.com/SecretVersion"
+ "\022=projects/{project}/secrets/{secret}/ve"
+ "rsions/{secret_version}\"\220\004\n\013Replication\022"
+ "I\n\tautomatic\030\001 \001(\01324.google.cloud.secret"
+ "manager.v1.Replication.AutomaticH\000\022N\n\014us"
+ "er_managed\030\002 \001(\01326.google.cloud.secretma"
+ "nager.v1.Replication.UserManagedH\000\032o\n\tAu"
+ "tomatic\022b\n\033customer_managed_encryption\030\001"
+ ".ReplicationStatus\022\021\n\004etag\030\006 \001(\tB\003\340A\003\022.\n"
+ "!client_specified_payload_checksum\030\007 \001(\010"
+ "B\003\340A\003\"H\n\005State\022\025\n\021STATE_UNSPECIFIED\020\000\022\013\n"
+ "\007ENABLED\020\001\022\014\n\010DISABLED\020\002\022\r\n\tDESTROYED\020\003:"
+ "n\352Ak\n*secretmanager.googleapis.com/Secre"
+ "tVersion\022=projects/{project}/secrets/{se"
+ "cret}/versions/{secret_version}\"\220\004\n\013Repl"
+ "ication\022I\n\tautomatic\030\001 \001(\01324.google.clou"
+ "d.secretmanager.v1.Replication.Automatic"
+ "H\000\022N\n\014user_managed\030\002 \001(\01326.google.cloud."
+ "secretmanager.v1.Replication.UserManaged"
+ "H\000\032o\n\tAutomatic\022b\n\033customer_managed_encr"
+ "yption\030\001 \001(\01328.google.cloud.secretmanage"
+ "r.v1.CustomerManagedEncryptionB\003\340A\001\032\345\001\n\013"
+ "UserManaged\022U\n\010replicas\030\001 \003(\0132>.google.c"
+ "loud.secretmanager.v1.Replication.UserMa"
+ "naged.ReplicaB\003\340A\002\032\177\n\007Replica\022\020\n\010locatio"
+ "n\030\001 \001(\t\022b\n\033customer_managed_encryption\030\002"
+ " \001(\01328.google.cloud.secretmanager.v1.Cus"
+ "tomerManagedEncryptionB\003\340A\001\032\345\001\n\013UserMana"
+ "ged\022U\n\010replicas\030\001 \003(\0132>.google.cloud.sec"
+ "retmanager.v1.Replication.UserManaged.Re"
+ "plicaB\003\340A\002\032\177\n\007Replica\022\020\n\010location\030\001 \001(\t\022"
+ "b\n\033customer_managed_encryption\030\002 \001(\01328.g"
+ "oogle.cloud.secretmanager.v1.CustomerMan"
+ "agedEncryptionB\003\340A\001B\r\n\013replication\"6\n\031Cu"
+ "stomerManagedEncryption\022\031\n\014kms_key_name\030"
+ "\001 \001(\tB\003\340A\002\"\353\004\n\021ReplicationStatus\022U\n\tauto"
+ "matic\030\001 \001(\0132@.google.cloud.secretmanager"
+ ".v1.ReplicationStatus.AutomaticStatusH\000\022"
+ "Z\n\014user_managed\030\002 \001(\0132B.google.cloud.sec"
+ "retmanager.v1.ReplicationStatus.UserMana"
+ "gedStatusH\000\032{\n\017AutomaticStatus\022h\n\033custom"
+ "er_managed_encryption\030\001 \001(\0132>.google.clo"
+ "ud.secretmanager.v1.CustomerManagedEncry"
+ "ptionStatusB\003\340A\003\032\217\002\n\021UserManagedStatus\022g"
+ "\n\010replicas\030\001 \003(\0132P.google.cloud.secretma"
+ "nager.v1.ReplicationStatus.UserManagedSt"
+ "atus.ReplicaStatusB\003\340A\003\032\220\001\n\rReplicaStatu"
+ "s\022\025\n\010location\030\001 \001(\tB\003\340A\003\022h\n\033customer_man"
+ "aged_encryption\030\002 \001(\0132>.google.cloud.sec"
+ "retmanager.v1.CustomerManagedEncryptionS"
+ "tatusB\003\340A\003B\024\n\022replication_status\"D\n\037Cust"
+ "omerManagedEncryptionStatus\022!\n\024kms_key_v"
+ "ersion_name\030\001 \001(\tB\003\340A\002\"_\n\005Topic\022\021\n\004name\030"
+ "\001 \001(\tB\003\340A\002:C\352A@\n\033pubsub.googleapis.com/T"
+ "opic\022!projects/{project}/topics/{topic}\""
+ "\200\001\n\010Rotation\022;\n\022next_rotation_time\030\001 \001(\013"
+ "2\032.google.protobuf.TimestampB\003\340A\001\0227\n\017rot"
+ "ation_period\030\002 \001(\0132\031.google.protobuf.Dur"
+ "ationB\003\340A\004\"\035\n\rSecretPayload\022\014\n\004data\030\001 \001("
+ "\014B\355\001\n!com.google.cloud.secretmanager.v1B"
+ "\016ResourcesProtoP\001ZJgoogle.golang.org/gen"
+ "proto/googleapis/cloud/secretmanager/v1;"
+ "secretmanager\370\001\001\242\002\003GSM\252\002\035Google.Cloud.Se"
+ "cretManager.V1\312\002\035Google\\Cloud\\SecretMana"
+ "ger\\V1\352\002 Google::Cloud::SecretManager::V"
+ "1b\006proto3"
+ "tomerManagedEncryptionB\003\340A\001B\r\n\013replicati"
+ "on\"6\n\031CustomerManagedEncryption\022\031\n\014kms_k"
+ "ey_name\030\001 \001(\tB\003\340A\002\"\353\004\n\021ReplicationStatus"
+ "\022U\n\tautomatic\030\001 \001(\0132@.google.cloud.secre"
+ "tmanager.v1.ReplicationStatus.AutomaticS"
+ "tatusH\000\022Z\n\014user_managed\030\002 \001(\0132B.google.c"
+ "loud.secretmanager.v1.ReplicationStatus."
+ "UserManagedStatusH\000\032{\n\017AutomaticStatus\022h"
+ "\n\033customer_managed_encryption\030\001 \001(\0132>.go"
+ "ogle.cloud.secretmanager.v1.CustomerMana"
+ "gedEncryptionStatusB\003\340A\003\032\217\002\n\021UserManaged"
+ "Status\022g\n\010replicas\030\001 \003(\0132P.google.cloud."
+ "secretmanager.v1.ReplicationStatus.UserM"
+ "anagedStatus.ReplicaStatusB\003\340A\003\032\220\001\n\rRepl"
+ "icaStatus\022\025\n\010location\030\001 \001(\tB\003\340A\003\022h\n\033cust"
+ "omer_managed_encryption\030\002 \001(\0132>.google.c"
+ "loud.secretmanager.v1.CustomerManagedEnc"
+ "ryptionStatusB\003\340A\003B\024\n\022replication_status"
+ "\"D\n\037CustomerManagedEncryptionStatus\022!\n\024k"
+ "ms_key_version_name\030\001 \001(\tB\003\340A\002\"_\n\005Topic\022"
+ "\021\n\004name\030\001 \001(\tB\003\340A\002:C\352A@\n\033pubsub.googleap"
+ "is.com/Topic\022!projects/{project}/topics/"
+ "{topic}\"\200\001\n\010Rotation\022;\n\022next_rotation_ti"
+ "me\030\001 \001(\0132\032.google.protobuf.TimestampB\003\340A"
+ "\001\0227\n\017rotation_period\030\002 \001(\0132\031.google.prot"
+ "obuf.DurationB\003\340A\004\"L\n\rSecretPayload\022\014\n\004d"
+ "ata\030\001 \001(\014\022\035\n\013data_crc32c\030\002 \001(\003B\003\340A\001H\000\210\001\001"
+ "B\016\n\014_data_crc32cB\355\001\n!com.google.cloud.se"
+ "cretmanager.v1B\016ResourcesProtoP\001ZJgoogle"
+ ".golang.org/genproto/googleapis/cloud/se"
+ "cretmanager/v1;secretmanager\370\001\001\242\002\003GSM\252\002\035"
+ "Google.Cloud.SecretManager.V1\312\002\035Google\\C"
+ "loud\\SecretManager\\V1\352\002 Google::Cloud::S"
+ "ecretManager::V1b\006proto3"
};
descriptor =
com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
descriptorData,
new com.google.protobuf.Descriptors.FileDescriptor[] {
com.google.api.AnnotationsProto.getDescriptor(),
com.google.api.FieldBehaviorProto.getDescriptor(),
com.google.api.ResourceProto.getDescriptor(),
com.google.protobuf.DurationProto.getDescriptor(),
com.google.protobuf.TimestampProto.getDescriptor(),
com.google.api.AnnotationsProto.getDescriptor(),
});
internal_static_google_cloud_secretmanager_v1_Secret_descriptor =
getDescriptor().getMessageTypes().get(0);
Expand Down Expand Up @@ -221,7 +223,13 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
internal_static_google_cloud_secretmanager_v1_SecretVersion_descriptor,
new java.lang.String[] {
"Name", "CreateTime", "DestroyTime", "State", "ReplicationStatus", "Etag",
"Name",
"CreateTime",
"DestroyTime",
"State",
"ReplicationStatus",
"Etag",
"ClientSpecifiedPayloadChecksum",
});
internal_static_google_cloud_secretmanager_v1_Replication_descriptor =
getDescriptor().getMessageTypes().get(2);
Expand Down Expand Up @@ -337,19 +345,19 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
internal_static_google_cloud_secretmanager_v1_SecretPayload_descriptor,
new java.lang.String[] {
"Data",
"Data", "DataCrc32C", "DataCrc32C",
});
com.google.protobuf.ExtensionRegistry registry =
com.google.protobuf.ExtensionRegistry.newInstance();
registry.add(com.google.api.FieldBehaviorProto.fieldBehavior);
registry.add(com.google.api.ResourceProto.resource);
com.google.protobuf.Descriptors.FileDescriptor.internalUpdateFileDescriptor(
descriptor, registry);
com.google.api.AnnotationsProto.getDescriptor();
com.google.api.FieldBehaviorProto.getDescriptor();
com.google.api.ResourceProto.getDescriptor();
com.google.protobuf.DurationProto.getDescriptor();
com.google.protobuf.TimestampProto.getDescriptor();
com.google.api.AnnotationsProto.getDescriptor();
}

// @@protoc_insertion_point(outer_class_scope)
Expand Down

0 comments on commit 4e5ee16

Please sign in to comment.