From 1a31eb8e861fdd70b6e4c3877c483e8b8d9b83a0 Mon Sep 17 00:00:00 2001 From: Iurii Rudyk Date: Mon, 15 Apr 2024 15:07:29 +0300 Subject: [PATCH 1/4] issue-9643 fix;added ttl to secrets tests and samples --- secretmanager/snippets/create_secret.py | 8 +++++--- ...eate_secret_with_user_managed_replication.py | 5 +++-- secretmanager/snippets/snippets_test.py | 17 +++++++++++------ 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/secretmanager/snippets/create_secret.py b/secretmanager/snippets/create_secret.py index 582ce49cd16..8071d7cb206 100644 --- a/secretmanager/snippets/create_secret.py +++ b/secretmanager/snippets/create_secret.py @@ -17,12 +17,13 @@ """ import argparse +from typing import Optional from google.cloud import secretmanager # [START secretmanager_create_secret] -def create_secret(project_id: str, secret_id: str) -> secretmanager.CreateSecretRequest: +def create_secret(project_id: str, secret_id: str, ttl: Optional[str] = None) -> secretmanager.Secret: """ Create a new secret with the given name. A secret is a logical wrapper around a collection of secret versions. Secret versions hold the actual @@ -43,7 +44,7 @@ def create_secret(project_id: str, secret_id: str) -> secretmanager.CreateSecret request={ "parent": parent, "secret_id": secret_id, - "secret": {"replication": {"automatic": {}}}, + "secret": {"replication": {"automatic": {}}, "ttl": ttl}, } ) @@ -60,6 +61,7 @@ def create_secret(project_id: str, secret_id: str) -> secretmanager.CreateSecret ) parser.add_argument("project_id", help="id of the GCP project") parser.add_argument("secret_id", help="id of the secret to create") + parser.add_argument("ttl", help="time to live for secrets, f.e. '600s' ") args = parser.parse_args() - create_secret(args.project_id, args.secret_id) + create_secret(args.project_id, args.secret_id, args.ttl) diff --git a/secretmanager/snippets/create_secret_with_user_managed_replication.py b/secretmanager/snippets/create_secret_with_user_managed_replication.py index 6e1536c5a33..f5aea12730c 100644 --- a/secretmanager/snippets/create_secret_with_user_managed_replication.py +++ b/secretmanager/snippets/create_secret_with_user_managed_replication.py @@ -24,7 +24,7 @@ def create_ummr_secret( - project_id: str, secret_id: str, locations: typing.List[str] + project_id: str, secret_id: str, locations: typing.List[str], ttl: typing.Optional[str] = None ) -> secretmanager.CreateSecretRequest: """ Create a new secret with the given name. A secret is a logical wrapper @@ -49,7 +49,8 @@ def create_ummr_secret( "secret": { "replication": { "user_managed": {"replicas": [{"location": x} for x in locations]} - } + }, + "ttl": ttl, }, } ) diff --git a/secretmanager/snippets/snippets_test.py b/secretmanager/snippets/snippets_test.py index 2e0fe4d3c13..95fe73e649f 100644 --- a/secretmanager/snippets/snippets_test.py +++ b/secretmanager/snippets/snippets_test.py @@ -63,6 +63,11 @@ def iam_user() -> str: return "serviceAccount:" + os.environ["GCLOUD_SECRETS_SERVICE_ACCOUNT"] +@pytest.fixture() +def ttl() -> Optional[str]: + return "300s" + + @retry.Retry() def retry_client_create_secret( client: secretmanager.SecretManagerServiceClient, @@ -118,7 +123,7 @@ def secret_id( @pytest.fixture() def secret( - client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str + client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str, ttl: Optional[str] ) -> Iterator[Tuple[str, str, str]]: print(f"creating secret {secret_id}") @@ -129,7 +134,7 @@ def secret( request={ "parent": parent, "secret_id": secret_id, - "secret": {"replication": {"automatic": {}}}, + "secret": {"replication": {"automatic": {}}, "ttl": ttl}, }, ) @@ -188,17 +193,17 @@ def test_add_secret_version(secret: Tuple[str, str, str]) -> None: def test_create_secret( - client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str + client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str, ttl: Optional[str] ) -> None: - secret = create_secret(project_id, secret_id) + secret = create_secret(project_id, secret_id, ttl) assert secret_id in secret.name def test_create_secret_with_user_managed_replication( - client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str + client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str, ttl: Optional[str] ) -> None: locations = ["us-east1", "us-east4", "us-west1"] - secret = create_ummr_secret(project_id, secret_id, locations) + secret = create_ummr_secret(project_id, secret_id, locations, ttl) assert secret_id in secret.name From cca204e6c2d59ceb744859e2b8e43551abc47721 Mon Sep 17 00:00:00 2001 From: Iurii Rudyk Date: Tue, 23 Apr 2024 12:15:22 +0300 Subject: [PATCH 2/4] PR comments fix --- secretmanager/snippets/create_secret.py | 18 +++++++++++++ ...te_secret_with_user_managed_replication.py | 27 ++++++++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/secretmanager/snippets/create_secret.py b/secretmanager/snippets/create_secret.py index 8071d7cb206..24e50450986 100644 --- a/secretmanager/snippets/create_secret.py +++ b/secretmanager/snippets/create_secret.py @@ -28,6 +28,24 @@ def create_secret(project_id: str, secret_id: str, ttl: Optional[str] = None) -> Create a new secret with the given name. A secret is a logical wrapper around a collection of secret versions. Secret versions hold the actual secret material. + + Args: + project_id (str): The project ID where the secret is to be created. + secret_id (str): The ID to assign to the new secret. This ID must be unique within the project. + ttl (Optional[str]): An optional string that specifies the secret's time-to-live in seconds with + format (e.g., "900s" for 15 minutes). If specified, the secret + versions will be automatically deleted upon reaching the end of the TTL period. + + Returns: + secretmanager.Secret: An object representing the newly created secret, containing details like the + secret's name, replication settings, and optionally its TTL. + + Example: + # Create a secret with automatic replication and no TTL + new_secret = create_secret("my-project", "my-new-secret") + + # Create a secret with a TTL of 30 days + new_secret_with_ttl = create_secret("my-project", "my-timed-secret", "P30D") """ # Import the Secret Manager client library. diff --git a/secretmanager/snippets/create_secret_with_user_managed_replication.py b/secretmanager/snippets/create_secret_with_user_managed_replication.py index f5aea12730c..9583ff019a6 100644 --- a/secretmanager/snippets/create_secret_with_user_managed_replication.py +++ b/secretmanager/snippets/create_secret_with_user_managed_replication.py @@ -25,11 +25,36 @@ def create_ummr_secret( project_id: str, secret_id: str, locations: typing.List[str], ttl: typing.Optional[str] = None -) -> secretmanager.CreateSecretRequest: +) -> secretmanager.Secret: """ Create a new secret with the given name. A secret is a logical wrapper around a collection of secret versions. Secret versions hold the actual secret material. + + Args: + project_id (str): The project ID where the secret is to be created. + secret_id (str): The unique identifier for the new secret within the project. + locations (List[str]): A list of Google Cloud locations where the secret should be replicated. + ttl (Optional[str]): An optional string that specifies the secret's time-to-live in seconds with + format (e.g., "900s" for 15 minutes). If specified, the secret versions will be + automatically deleted upon reaching the end of the TTL period. + + Returns: + secretmanager.Secret: An object representing the newly created secret. This object includes information like the + secret's name and its replication configuration. If TTL is provided, it also configures how long + secret versions remain before being automatically deleted. + + Example: + # Create a secret with user-managed replication across two locations without TTL + new_secret = create_ummr_secret("my-project", "my-new-secret", ["us-east1", "europe-west1"]) + + # Create a secret with a TTL of 30 days and user-managed replication across three locations + new_secret_with_ttl = create_ummr_secret("my-project", "my-timed-secret", ["us-east1", "us-west1", "asia-east1"], "P30D") + + Note: + This function requires that the `secretmanager` API is enabled on the cloud project and that the caller has the + necessary permissions to create secrets. Ensure that `secretmanager.SecretManagerServiceClient` and the `secretmanager` + library are correctly configured and authenticated. The specified locations must be valid Google Cloud locations. """ # Import the Secret Manager client library. From 4ef21ed405c3049e88223ca08ecff30177e78c75 Mon Sep 17 00:00:00 2001 From: Owl Bot Date: Tue, 23 Apr 2024 09:17:43 +0000 Subject: [PATCH 3/4] =?UTF-8?q?=F0=9F=A6=89=20Updates=20from=20OwlBot=20po?= =?UTF-8?q?st-processor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --- secretmanager/snippets/create_secret.py | 4 +++- ...create_secret_with_user_managed_replication.py | 5 ++++- secretmanager/snippets/snippets_test.py | 15 ++++++++++++--- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/secretmanager/snippets/create_secret.py b/secretmanager/snippets/create_secret.py index 24e50450986..6d6152a6ba4 100644 --- a/secretmanager/snippets/create_secret.py +++ b/secretmanager/snippets/create_secret.py @@ -23,7 +23,9 @@ # [START secretmanager_create_secret] -def create_secret(project_id: str, secret_id: str, ttl: Optional[str] = None) -> secretmanager.Secret: +def create_secret( + project_id: str, secret_id: str, ttl: Optional[str] = None +) -> secretmanager.Secret: """ Create a new secret with the given name. A secret is a logical wrapper around a collection of secret versions. Secret versions hold the actual diff --git a/secretmanager/snippets/create_secret_with_user_managed_replication.py b/secretmanager/snippets/create_secret_with_user_managed_replication.py index 9583ff019a6..fa0399fed6d 100644 --- a/secretmanager/snippets/create_secret_with_user_managed_replication.py +++ b/secretmanager/snippets/create_secret_with_user_managed_replication.py @@ -24,7 +24,10 @@ def create_ummr_secret( - project_id: str, secret_id: str, locations: typing.List[str], ttl: typing.Optional[str] = None + project_id: str, + secret_id: str, + locations: typing.List[str], + ttl: typing.Optional[str] = None, ) -> secretmanager.Secret: """ Create a new secret with the given name. A secret is a logical wrapper diff --git a/secretmanager/snippets/snippets_test.py b/secretmanager/snippets/snippets_test.py index 95fe73e649f..c73f0bf5069 100644 --- a/secretmanager/snippets/snippets_test.py +++ b/secretmanager/snippets/snippets_test.py @@ -123,7 +123,10 @@ def secret_id( @pytest.fixture() def secret( - client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str, ttl: Optional[str] + client: secretmanager.SecretManagerServiceClient, + project_id: str, + secret_id: str, + ttl: Optional[str], ) -> Iterator[Tuple[str, str, str]]: print(f"creating secret {secret_id}") @@ -193,14 +196,20 @@ def test_add_secret_version(secret: Tuple[str, str, str]) -> None: def test_create_secret( - client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str, ttl: Optional[str] + client: secretmanager.SecretManagerServiceClient, + project_id: str, + secret_id: str, + ttl: Optional[str], ) -> None: secret = create_secret(project_id, secret_id, ttl) assert secret_id in secret.name def test_create_secret_with_user_managed_replication( - client: secretmanager.SecretManagerServiceClient, project_id: str, secret_id: str, ttl: Optional[str] + client: secretmanager.SecretManagerServiceClient, + project_id: str, + secret_id: str, + ttl: Optional[str], ) -> None: locations = ["us-east1", "us-east4", "us-west1"] secret = create_ummr_secret(project_id, secret_id, locations, ttl) From 8fe95e0d0758e9e36682da19e3a3b7f00ce1c2c1 Mon Sep 17 00:00:00 2001 From: Iurii Rudyk Date: Tue, 23 Apr 2024 14:42:16 +0300 Subject: [PATCH 4/4] fix docstring for create secrets methods --- secretmanager/snippets/create_secret.py | 2 +- .../snippets/create_secret_with_user_managed_replication.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/secretmanager/snippets/create_secret.py b/secretmanager/snippets/create_secret.py index 6d6152a6ba4..100d0e993a4 100644 --- a/secretmanager/snippets/create_secret.py +++ b/secretmanager/snippets/create_secret.py @@ -47,7 +47,7 @@ def create_secret( new_secret = create_secret("my-project", "my-new-secret") # Create a secret with a TTL of 30 days - new_secret_with_ttl = create_secret("my-project", "my-timed-secret", "P30D") + new_secret_with_ttl = create_secret("my-project", "my-timed-secret", "7776000s") """ # Import the Secret Manager client library. diff --git a/secretmanager/snippets/create_secret_with_user_managed_replication.py b/secretmanager/snippets/create_secret_with_user_managed_replication.py index fa0399fed6d..871e5a1857b 100644 --- a/secretmanager/snippets/create_secret_with_user_managed_replication.py +++ b/secretmanager/snippets/create_secret_with_user_managed_replication.py @@ -52,7 +52,7 @@ def create_ummr_secret( new_secret = create_ummr_secret("my-project", "my-new-secret", ["us-east1", "europe-west1"]) # Create a secret with a TTL of 30 days and user-managed replication across three locations - new_secret_with_ttl = create_ummr_secret("my-project", "my-timed-secret", ["us-east1", "us-west1", "asia-east1"], "P30D") + new_secret_with_ttl = create_ummr_secret("my-project", "my-timed-secret", ["us-east1", "us-west1"], "7776000s") Note: This function requires that the `secretmanager` API is enabled on the cloud project and that the caller has the