Skip to content

[issue-9643 fix] added ttl to secrets tests and samples #11452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
irudykss merged 4 commits into from
Apr 23, 2024
Merged

[issue-9643 fix] added ttl to secrets tests and samples #11452

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1a31eb8
issue-9643 fix;added ttl to secrets tests and samples
irudykss Apr 15, 2024
cca204e
PR comments fix
irudykss Apr 23, 2024
4ef21ed
🦉 Updates from OwlBot post-processor
gcf-owl-bot[bot] Apr 23, 2024
8fe95e0
fix docstring for create secrets methods
irudykss Apr 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 25 additions & 3 deletions secretmanager/snippets/create_secret.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,37 @@
"""

import argparse
from typing import Optional

from google.cloud import secretmanager


# [START secretmanager_create_secret]
def create_secret(project_id: str, secret_id: str) -> secretmanager.CreateSecretRequest:
def create_secret(
project_id: str, secret_id: str, ttl: Optional[str] = None
) -> secretmanager.Secret:
"""
Create a new secret with the given name. A secret is a logical wrapper
around a collection of secret versions. Secret versions hold the actual
secret material.

Args:
project_id (str): The project ID where the secret is to be created.
secret_id (str): The ID to assign to the new secret. This ID must be unique within the project.
ttl (Optional[str]): An optional string that specifies the secret's time-to-live in seconds with
format (e.g., "900s" for 15 minutes). If specified, the secret
versions will be automatically deleted upon reaching the end of the TTL period.

Returns:
secretmanager.Secret: An object representing the newly created secret, containing details like the
secret's name, replication settings, and optionally its TTL.

Example:
# Create a secret with automatic replication and no TTL
new_secret = create_secret("my-project", "my-new-secret")

# Create a secret with a TTL of 30 days
new_secret_with_ttl = create_secret("my-project", "my-timed-secret", "7776000s")
"""

# Import the Secret Manager client library.
Expand All @@ -43,7 +64,7 @@ def create_secret(project_id: str, secret_id: str) -> secretmanager.CreateSecret
request={
"parent": parent,
"secret_id": secret_id,
"secret": {"replication": {"automatic": {}}},
"secret": {"replication": {"automatic": {}}, "ttl": ttl},
}
)

Expand All @@ -60,6 +81,7 @@ def create_secret(project_id: str, secret_id: str) -> secretmanager.CreateSecret
)
parser.add_argument("project_id", help="id of the GCP project")
parser.add_argument("secret_id", help="id of the secret to create")
parser.add_argument("ttl", help="time to live for secrets, f.e. '600s' ")
args = parser.parse_args()

create_secret(args.project_id, args.secret_id)
create_secret(args.project_id, args.secret_id, args.ttl)
35 changes: 32 additions & 3 deletions secretmanager/snippets/create_secret_with_user_managed_replication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,40 @@


def create_ummr_secret(
project_id: str, secret_id: str, locations: typing.List[str]
) -> secretmanager.CreateSecretRequest:
project_id: str,
secret_id: str,
locations: typing.List[str],
ttl: typing.Optional[str] = None,
) -> secretmanager.Secret:
"""
Create a new secret with the given name. A secret is a logical wrapper
Comment thread
irudykss marked this conversation as resolved.
around a collection of secret versions. Secret versions hold the actual
secret material.

Args:
project_id (str): The project ID where the secret is to be created.
secret_id (str): The unique identifier for the new secret within the project.
locations (List[str]): A list of Google Cloud locations where the secret should be replicated.
ttl (Optional[str]): An optional string that specifies the secret's time-to-live in seconds with
format (e.g., "900s" for 15 minutes). If specified, the secret versions will be
automatically deleted upon reaching the end of the TTL period.

Returns:
secretmanager.Secret: An object representing the newly created secret. This object includes information like the
secret's name and its replication configuration. If TTL is provided, it also configures how long
secret versions remain before being automatically deleted.

Example:
# Create a secret with user-managed replication across two locations without TTL
new_secret = create_ummr_secret("my-project", "my-new-secret", ["us-east1", "europe-west1"])

# Create a secret with a TTL of 30 days and user-managed replication across three locations
new_secret_with_ttl = create_ummr_secret("my-project", "my-timed-secret", ["us-east1", "us-west1"], "7776000s")

Note:
This function requires that the `secretmanager` API is enabled on the cloud project and that the caller has the
necessary permissions to create secrets. Ensure that `secretmanager.SecretManagerServiceClient` and the `secretmanager`
library are correctly configured and authenticated. The specified locations must be valid Google Cloud locations.
"""

# Import the Secret Manager client library.
Expand All @@ -49,7 +77,8 @@ def create_ummr_secret(
"secret": {
"replication": {
"user_managed": {"replicas": [{"location": x} for x in locations]}
}
},
"ttl": ttl,
},
}
)
Expand Down
26 changes: 20 additions & 6 deletions secretmanager/snippets/snippets_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,11 @@ def iam_user() -> str:
return "serviceAccount:" + os.environ["GCLOUD_SECRETS_SERVICE_ACCOUNT"]


@pytest.fixture()
def ttl() -> Optional[str]:
return "300s"


@retry.Retry()
def retry_client_create_secret(
client: secretmanager.SecretManagerServiceClient,
Expand Down Expand Up @@ -118,7 +123,10 @@ def secret_id(

@pytest.fixture()
def secret(
client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str
client: secretmanager.SecretManagerServiceClient,
project_id: str,
secret_id: str,
ttl: Optional[str],
) -> Iterator[Tuple[str, str, str]]:
print(f"creating secret {secret_id}")

Expand All @@ -129,7 +137,7 @@ def secret(
request={
"parent": parent,
"secret_id": secret_id,
"secret": {"replication": {"automatic": {}}},
"secret": {"replication": {"automatic": {}}, "ttl": ttl},
},
)

Expand Down Expand Up @@ -188,17 +196,23 @@ def test_add_secret_version(secret: Tuple[str, str, str]) -> None:


def test_create_secret(
client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str
client: secretmanager.SecretManagerServiceClient,
project_id: str,
secret_id: str,
ttl: Optional[str],
) -> None:
secret = create_secret(project_id, secret_id)
secret = create_secret(project_id, secret_id, ttl)
assert secret_id in secret.name


def test_create_secret_with_user_managed_replication(
client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str
client: secretmanager.SecretManagerServiceClient,
project_id: str,
secret_id: str,
ttl: Optional[str],
) -> None:
locations = ["us-east1", "us-east4", "us-west1"]
secret = create_ummr_secret(project_id, secret_id, locations)
secret = create_ummr_secret(project_id, secret_id, locations, ttl)
assert secret_id in secret.name


Expand Down