From 316de2d68283e4c1da7f4fdc24fc7e6d65adbfd0 Mon Sep 17 00:00:00 2001
From: gwhitehawk <gwhitehawk@gmail.com>
Date: Mon, 8 Nov 2021 04:21:31 -0500
Subject: [PATCH] docs(samples): Add filtered listing samples (#209)

* docs(samples): Add filtered listing samples

* remove unused import

* remove unused import

* ci: opt in to use multiple projects

Co-authored-by: Miroslava Sotakova <mirka@google.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
---
 .../list_secret_versions_with_filter.py       | 47 +++++++++++++++++++
 samples/snippets/list_secrets_with_filter.py  | 45 ++++++++++++++++++
 samples/snippets/noxfile_config.py            | 38 +++++++++++++++
 samples/snippets/snippets_test.py             | 41 ++++++++++++++--
 4 files changed, 168 insertions(+), 3 deletions(-)
 create mode 100644 samples/snippets/list_secret_versions_with_filter.py
 create mode 100644 samples/snippets/list_secrets_with_filter.py
 create mode 100644 samples/snippets/noxfile_config.py

diff --git a/samples/snippets/list_secret_versions_with_filter.py b/samples/snippets/list_secret_versions_with_filter.py
new file mode 100644
index 0000000..f1a9cf6
--- /dev/null
+++ b/samples/snippets/list_secret_versions_with_filter.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+"""
+command line application and sample code for listing secret versions of a
+secret.
+"""
+
+
+# [START secretmanager_list_secret_versions_with_filter]
+def list_secret_versions_with_filter(project_id, secret_id, filter_str="state:ENABLED"):
+    """
+    List all secret versions in the given secret and their metadata.
+
+    Args:
+      project_id: Parent project id
+      secret_id: Parent secret id
+      filter_str: Secret version filter, constructing according to
+                  https://cloud.google.com/secret-manager/docs/filtering
+    """
+
+    # Import the Secret Manager client library.
+    from google.cloud import secretmanager
+
+    # Create the Secret Manager client.
+    client = secretmanager.SecretManagerServiceClient()
+
+    # Build the resource name of the parent secret.
+    parent = client.secret_path(project_id, secret_id)
+
+    # List all secret versions.
+    for version in client.list_secret_versions(request={"parent": parent, "filter": filter_str}):
+        print("Found secret version: {}".format(version.name))
+
+
+# [END secretmanager_list_secret_versions_with_filter]
diff --git a/samples/snippets/list_secrets_with_filter.py b/samples/snippets/list_secrets_with_filter.py
new file mode 100644
index 0000000..a58ab47
--- /dev/null
+++ b/samples/snippets/list_secrets_with_filter.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+"""
+command line application and sample code for listing secrets in a project.
+"""
+
+
+# [START secretmanager_list_secrets_with_filter]
+def list_secrets_with_filter(project_id, filter_str):
+    """
+    List all secrets in the given project.
+
+    Args:
+      project_id: Parent project id
+      filter_str: Secret filter, constructing according to
+                  https://cloud.google.com/secret-manager/docs/filtering
+    """
+
+    # Import the Secret Manager client library.
+    from google.cloud import secretmanager
+
+    # Create the Secret Manager client.
+    client = secretmanager.SecretManagerServiceClient()
+
+    # Build the resource name of the parent project.
+    parent = f"projects/{project_id}"
+
+    # List all secrets.
+    for secret in client.list_secrets(request={"parent": parent, "filter": filter_str}):
+        print("Found secret: {}".format(secret.name))
+
+
+# [END secretmanager_list_secrets_with_filter]
diff --git a/samples/snippets/noxfile_config.py b/samples/snippets/noxfile_config.py
new file mode 100644
index 0000000..839dee3
--- /dev/null
+++ b/samples/snippets/noxfile_config.py
@@ -0,0 +1,38 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default TEST_CONFIG_OVERRIDE for python repos.
+
+# You can copy this file into your directory, then it will be inported from
+# the noxfile.py.
+
+# The source of truth:
+# https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/noxfile_config.py
+
+TEST_CONFIG_OVERRIDE = {
+    # You can opt out from the test for specific Python versions.
+    "ignored_versions": ["2.7"],
+    # Old samples are opted out of enforcing Python type hints
+    # All new samples should feature them
+    "enforce_type_hints": False,
+    # An envvar key for determining the project id to use. Change it
+    # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a
+    # build specific Cloud project. You can also use your own string
+    # to use your own Cloud project.
+    # "gcloud_project_env": "GOOGLE_CLOUD_PROJECT",
+    "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT",
+    # A dictionary you want to inject into your test. Don't put any
+    # secrets here. These values will override predefined values.
+    "envs": {},
+}
diff --git a/samples/snippets/snippets_test.py b/samples/snippets/snippets_test.py
index ed23fd6..0e8f5dd 100644
--- a/samples/snippets/snippets_test.py
+++ b/samples/snippets/snippets_test.py
@@ -36,7 +36,9 @@
 from iam_grant_access import iam_grant_access
 from iam_revoke_access import iam_revoke_access
 from list_secret_versions import list_secret_versions
+from list_secret_versions_with_filter import list_secret_versions_with_filter
 from list_secrets import list_secrets
+from list_secrets_with_filter import list_secrets_with_filter
 from quickstart import quickstart
 from update_secret import update_secret
 from update_secret_with_etag import update_secret_with_etag
@@ -219,21 +221,54 @@ def test_iam_revoke_access(client, secret, iam_user):
 
 def test_list_secret_versions(capsys, secret_version, another_secret_version):
     project_id, secret_id, version_id, _ = secret_version
+    version_1 = get_secret_version(project_id, secret_id, version_id)
     _, _, another_version_id, _ = another_secret_version
+    version_2 = get_secret_version(project_id, secret_id, another_version_id)
     list_secret_versions(project_id, secret_id)
 
     out, _ = capsys.readouterr()
     assert secret_id in out
-    assert version_id in out
-    assert another_version_id in out
+    assert "Found secret version: {}".format(version_1.name) in out
+    assert "Found secret version: {}".format(version_2.name) in out
+
+
+def test_list_secret_versions_with_filter(capsys, secret_version, another_secret_version):
+    project_id, secret_id, version_id, _ = secret_version
+    enabled = get_secret_version(project_id, secret_id, version_id)
+    _, _, another_version_id, _ = another_secret_version
+    disabled = disable_secret_version(project_id, secret_id, another_version_id)
+    assert disabled.state == secretmanager.SecretVersion.State.DISABLED
+    list_secret_versions_with_filter(project_id, secret_id, "state:ENABLED")
+
+    out, _ = capsys.readouterr()
+    assert secret_id in out
+    assert "Found secret version: {}".format(enabled.name) in out
+    assert "Found secret version: {}".format(disabled.name) not in out
 
 
 def test_list_secrets(capsys, secret):
     project_id, secret_id, _ = secret
+    secret = get_secret(project_id, secret_id)
     list_secrets(project_id)
 
     out, _ = capsys.readouterr()
-    assert secret_id in out
+    assert "Found secret: {}".format(secret.name) in out
+
+
+def test_list_secrets_with_filter(capsys, secret):
+    project_id, secret_id, _ = secret
+    unlabeled = get_secret(project_id, secret_id)
+    list_secrets_with_filter(project_id, "labels.secretmanager:rocks")
+
+    out, _ = capsys.readouterr()
+    assert "Found secret: {}".format(unlabeled.name) not in out
+
+    labeled = update_secret(project_id, secret_id)
+    assert labeled.labels["secretmanager"] == "rocks"
+    list_secrets_with_filter(project_id, "labels.secretmanager:rocks")
+
+    out, _ = capsys.readouterr()
+    assert "Found secret: {}".format(labeled.name) in out
 
 
 def test_update_secret(secret):