feat: Etags in Secret Manager (#116)

* feat: Etags in Secret Manager Users can now use etags for optimistic concurrency control when modifying Secret or SecretVersion. PiperOrigin-RevId: 373836373 Source-Link: googleapis/googleapis@bff8074 Source-Link: googleapis/googleapis-gen@174c036 * 🦉 Updates from OwlBot Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
googleapis · May 14, 2021 · 6ec898e · 6ec898e
1 parent 2d45c56
commit 6ec898e
Show file tree

Hide file tree

Showing 8 changed files with 133 additions and 40 deletions.
diff --git a/google/cloud/secretmanager_v1/services/secret_manager_service/async_client.py b/google/cloud/secretmanager_v1/services/secret_manager_service/async_client.py
@@ -783,8 +783,8 @@ async def get_secret_version(
         r"""Gets metadata for a
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
-        ``projects/*/secrets/*/versions/latest`` is an alias to the
-        ``latest``
+        ``projects/*/secrets/*/versions/latest`` is an alias to the most
+        recently created
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
         Args:
@@ -795,8 +795,9 @@ async def get_secret_version(
                 Required. The resource name of the
                 [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
                 in the format ``projects/*/secrets/*/versions/*``.
+
                 ``projects/*/secrets/*/versions/latest`` is an alias to
-                the ``latest``
+                the most recently created
                 [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
                 This corresponds to the ``name`` field
@@ -864,8 +865,8 @@ async def access_secret_version(
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
         This call returns the secret data.
 
-        ``projects/*/secrets/*/versions/latest`` is an alias to the
-        ``latest``
+        ``projects/*/secrets/*/versions/latest`` is an alias to the most
+        recently created
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
         Args:
@@ -877,6 +878,10 @@ async def access_secret_version(
                 [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
                 in the format ``projects/*/secrets/*/versions/*``.
 
+                ``projects/*/secrets/*/versions/latest`` is an alias to
+                the most recently created
+                [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+
                 This corresponds to the ``name`` field
                 on the ``request`` instance; if ``request`` is provided, this
                 should not be set.

diff --git a/google/cloud/secretmanager_v1/services/secret_manager_service/client.py b/google/cloud/secretmanager_v1/services/secret_manager_service/client.py
@@ -987,8 +987,8 @@ def get_secret_version(
         r"""Gets metadata for a
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
-        ``projects/*/secrets/*/versions/latest`` is an alias to the
-        ``latest``
+        ``projects/*/secrets/*/versions/latest`` is an alias to the most
+        recently created
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
         Args:
@@ -999,8 +999,9 @@ def get_secret_version(
                 Required. The resource name of the
                 [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
                 in the format ``projects/*/secrets/*/versions/*``.
+
                 ``projects/*/secrets/*/versions/latest`` is an alias to
-                the ``latest``
+                the most recently created
                 [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
                 This corresponds to the ``name`` field
@@ -1068,8 +1069,8 @@ def access_secret_version(
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
         This call returns the secret data.
 
-        ``projects/*/secrets/*/versions/latest`` is an alias to the
-        ``latest``
+        ``projects/*/secrets/*/versions/latest`` is an alias to the most
+        recently created
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
         Args:
@@ -1081,6 +1082,10 @@ def access_secret_version(
                 [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
                 in the format ``projects/*/secrets/*/versions/*``.
 
+                ``projects/*/secrets/*/versions/latest`` is an alias to
+                the most recently created
+                [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+
                 This corresponds to the ``name`` field
                 on the ``request`` instance; if ``request`` is provided, this
                 should not be set.

diff --git a/google/cloud/secretmanager_v1/services/secret_manager_service/transports/grpc.py b/google/cloud/secretmanager_v1/services/secret_manager_service/transports/grpc.py
@@ -429,8 +429,8 @@ def get_secret_version(
         Gets metadata for a
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
-        ``projects/*/secrets/*/versions/latest`` is an alias to the
-        ``latest``
+        ``projects/*/secrets/*/versions/latest`` is an alias to the most
+        recently created
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
         Returns:
@@ -463,8 +463,8 @@ def access_secret_version(
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
         This call returns the secret data.
 
-        ``projects/*/secrets/*/versions/latest`` is an alias to the
-        ``latest``
+        ``projects/*/secrets/*/versions/latest`` is an alias to the most
+        recently created
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
         Returns:

diff --git a/google/cloud/secretmanager_v1/services/secret_manager_service/transports/grpc_asyncio.py b/google/cloud/secretmanager_v1/services/secret_manager_service/transports/grpc_asyncio.py
@@ -441,8 +441,8 @@ def get_secret_version(
         Gets metadata for a
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
-        ``projects/*/secrets/*/versions/latest`` is an alias to the
-        ``latest``
+        ``projects/*/secrets/*/versions/latest`` is an alias to the most
+        recently created
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
         Returns:
@@ -476,8 +476,8 @@ def access_secret_version(
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
         This call returns the secret data.
 
-        ``projects/*/secrets/*/versions/latest`` is an alias to the
-        ``latest``
+        ``projects/*/secrets/*/versions/latest`` is an alias to the most
+        recently created
         [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 
         Returns:

diff --git a/google/cloud/secretmanager_v1/types/resources.py b/google/cloud/secretmanager_v1/types/resources.py
@@ -86,6 +86,9 @@ class Secret(proto.Message):
         ttl (google.protobuf.duration_pb2.Duration):
             Input only. The TTL for the
             [Secret][google.cloud.secretmanager.v1.Secret].
+        etag (str):
+            Optional. Etag of the currently stored
+            [Secret][google.cloud.secretmanager.v1.Secret].
         rotation (google.cloud.secretmanager_v1.types.Rotation):
             Optional. Rotation policy attached to the
             [Secret][google.cloud.secretmanager.v1.Secret]. May be
@@ -103,6 +106,7 @@ class Secret(proto.Message):
     ttl = proto.Field(
         proto.MESSAGE, number=7, oneof="expiration", message=duration_pb2.Duration,
     )
+    etag = proto.Field(proto.STRING, number=8,)
     rotation = proto.Field(proto.MESSAGE, number=9, message="Rotation",)
 
 
@@ -135,6 +139,9 @@ class SecretVersion(proto.Message):
         replication_status (google.cloud.secretmanager_v1.types.ReplicationStatus):
             The replication status of the
             [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+        etag (str):
+            Output only. Etag of the currently stored
+            [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
     """
 
     class State(proto.Enum):
@@ -156,6 +163,7 @@ class State(proto.Enum):
     replication_status = proto.Field(
         proto.MESSAGE, number=5, message="ReplicationStatus",
     )
+    etag = proto.Field(proto.STRING, number=6,)
 
 
 class Replication(proto.Message):
@@ -408,7 +416,8 @@ class Rotation(proto.Message):
         next_rotation_time (google.protobuf.timestamp_pb2.Timestamp):
             Optional. Timestamp in UTC at which the
             [Secret][google.cloud.secretmanager.v1.Secret] is scheduled
-            to rotate.
+            to rotate. Cannot be set to less than 300s (5 min) in the
+            future and at most 3153600000s (100 years).
 
             [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time]
             MUST be set if

diff --git a/google/cloud/secretmanager_v1/types/service.py b/google/cloud/secretmanager_v1/types/service.py
@@ -219,8 +219,9 @@ class GetSecretVersionRequest(proto.Message):
             Required. The resource name of the
             [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
             in the format ``projects/*/secrets/*/versions/*``.
+
             ``projects/*/secrets/*/versions/latest`` is an alias to the
-            ``latest``
+            most recently created
             [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
     """
 
@@ -254,6 +255,10 @@ class AccessSecretVersionRequest(proto.Message):
             Required. The resource name of the
             [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
             in the format ``projects/*/secrets/*/versions/*``.
+
+            ``projects/*/secrets/*/versions/latest`` is an alias to the
+            most recently created
+            [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
     """
 
     name = proto.Field(proto.STRING, number=1,)
@@ -285,9 +290,15 @@ class DeleteSecretRequest(proto.Message):
             Required. The resource name of the
             [Secret][google.cloud.secretmanager.v1.Secret] to delete in
             the format ``projects/*/secrets/*``.
+        etag (str):
+            Optional. Etag of the
+            [Secret][google.cloud.secretmanager.v1.Secret]. The request
+            succeeds if it matches the etag of the currently stored
+            secret object. If the etag is omitted, the request succeeds.
     """
 
     name = proto.Field(proto.STRING, number=1,)
+    etag = proto.Field(proto.STRING, number=2,)
 
 
 class DisableSecretVersionRequest(proto.Message):
@@ -300,9 +311,16 @@ class DisableSecretVersionRequest(proto.Message):
             [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
             to disable in the format
             ``projects/*/secrets/*/versions/*``.
+        etag (str):
+            Optional. Etag of the
+            [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+            The request succeeds if it matches the etag of the currently
+            stored secret version object. If the etag is omitted, the
+            request succeeds.
     """
 
     name = proto.Field(proto.STRING, number=1,)
+    etag = proto.Field(proto.STRING, number=2,)
 
 
 class EnableSecretVersionRequest(proto.Message):
@@ -314,9 +332,16 @@ class EnableSecretVersionRequest(proto.Message):
             Required. The resource name of the
             [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
             to enable in the format ``projects/*/secrets/*/versions/*``.
+        etag (str):
+            Optional. Etag of the
+            [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+            The request succeeds if it matches the etag of the currently
+            stored secret version object. If the etag is omitted, the
+            request succeeds.
     """
 
     name = proto.Field(proto.STRING, number=1,)
+    etag = proto.Field(proto.STRING, number=2,)
 
 
 class DestroySecretVersionRequest(proto.Message):
@@ -329,9 +354,16 @@ class DestroySecretVersionRequest(proto.Message):
             [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]
             to destroy in the format
             ``projects/*/secrets/*/versions/*``.
+        etag (str):
+            Optional. Etag of the
+            [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+            The request succeeds if it matches the etag of the currently
+            stored secret version object. If the etag is omitted, the
+            request succeeds.
     """
 
     name = proto.Field(proto.STRING, number=1,)
+    etag = proto.Field(proto.STRING, number=2,)
 
 
 __all__ = tuple(sorted(__protobuf__.manifest))
diff --git a/scripts/fixup_secretmanager_v1_keywords.py b/scripts/fixup_secretmanager_v1_keywords.py
@@ -42,10 +42,10 @@ class secretmanagerCallTransformer(cst.CSTTransformer):
           'access_secret_version': ('name', ),
           'add_secret_version': ('parent', 'payload', ),
           'create_secret': ('parent', 'secret_id', 'secret', ),
-          'delete_secret': ('name', ),
-          'destroy_secret_version': ('name', ),
-          'disable_secret_version': ('name', ),
-          'enable_secret_version': ('name', ),
+          'delete_secret': ('name', 'etag', ),
+          'destroy_secret_version': ('name', 'etag', ),
+          'disable_secret_version': ('name', 'etag', ),
+          'enable_secret_version': ('name', 'etag', ),
           'get_iam_policy': ('resource', 'options', ),
           'get_secret': ('name', ),
           'get_secret_version': ('name', ),