Skip to content
This repository was archived by the owner on Sep 16, 2023. It is now read-only.

Commit 4e5ee16

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
feat: Checksums in Secret Manager (#687)
- [ ] Regenerate this pull request now. Users can now use checksums for data integrity assurance when adding and accessing SecretVersions. PiperOrigin-RevId: 425369494 Source-Link: googleapis/googleapis@70d389c Source-Link: https://github.com/googleapis/googleapis-gen/commit/cf9290568284d2f099b9a00cc82a2a133be6dfda Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiY2Y5MjkwNTY4Mjg0ZDJmMDk5YjlhMDBjYzgyYTJhMTMzYmU2ZGZkYSJ9
1 parent 161430c commit 4e5ee16

7 files changed

Lines changed: 445 additions & 61 deletions

File tree

google-cloud-secretmanager/src/test/java/com/google/cloud/secretmanager/v1/SecretManagerServiceClientTest.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -289,6 +289,7 @@ public void addSecretVersionTest() throws Exception {
289289
.setDestroyTime(Timestamp.newBuilder().build())
290290
.setReplicationStatus(ReplicationStatus.newBuilder().build())
291291
.setEtag("etag3123477")
292+
.setClientSpecifiedPayloadChecksum(true)
292293
.build();
293294
mockSecretManagerService.addResponse(expectedResponse);
294295

@@ -334,6 +335,7 @@ public void addSecretVersionTest2() throws Exception {
334335
.setDestroyTime(Timestamp.newBuilder().build())
335336
.setReplicationStatus(ReplicationStatus.newBuilder().build())
336337
.setEtag("etag3123477")
338+
.setClientSpecifiedPayloadChecksum(true)
337339
.build();
338340
mockSecretManagerService.addResponse(expectedResponse);
339341

@@ -670,6 +672,7 @@ public void getSecretVersionTest() throws Exception {
670672
.setDestroyTime(Timestamp.newBuilder().build())
671673
.setReplicationStatus(ReplicationStatus.newBuilder().build())
672674
.setEtag("etag3123477")
675+
.setClientSpecifiedPayloadChecksum(true)
673676
.build();
674677
mockSecretManagerService.addResponse(expectedResponse);
675678

@@ -712,6 +715,7 @@ public void getSecretVersionTest2() throws Exception {
712715
.setDestroyTime(Timestamp.newBuilder().build())
713716
.setReplicationStatus(ReplicationStatus.newBuilder().build())
714717
.setEtag("etag3123477")
718+
.setClientSpecifiedPayloadChecksum(true)
715719
.build();
716720
mockSecretManagerService.addResponse(expectedResponse);
717721

@@ -832,6 +836,7 @@ public void disableSecretVersionTest() throws Exception {
832836
.setDestroyTime(Timestamp.newBuilder().build())
833837
.setReplicationStatus(ReplicationStatus.newBuilder().build())
834838
.setEtag("etag3123477")
839+
.setClientSpecifiedPayloadChecksum(true)
835840
.build();
836841
mockSecretManagerService.addResponse(expectedResponse);
837842

@@ -875,6 +880,7 @@ public void disableSecretVersionTest2() throws Exception {
875880
.setDestroyTime(Timestamp.newBuilder().build())
876881
.setReplicationStatus(ReplicationStatus.newBuilder().build())
877882
.setEtag("etag3123477")
883+
.setClientSpecifiedPayloadChecksum(true)
878884
.build();
879885
mockSecretManagerService.addResponse(expectedResponse);
880886

@@ -918,6 +924,7 @@ public void enableSecretVersionTest() throws Exception {
918924
.setDestroyTime(Timestamp.newBuilder().build())
919925
.setReplicationStatus(ReplicationStatus.newBuilder().build())
920926
.setEtag("etag3123477")
927+
.setClientSpecifiedPayloadChecksum(true)
921928
.build();
922929
mockSecretManagerService.addResponse(expectedResponse);
923930

@@ -960,6 +967,7 @@ public void enableSecretVersionTest2() throws Exception {
960967
.setDestroyTime(Timestamp.newBuilder().build())
961968
.setReplicationStatus(ReplicationStatus.newBuilder().build())
962969
.setEtag("etag3123477")
970+
.setClientSpecifiedPayloadChecksum(true)
963971
.build();
964972
mockSecretManagerService.addResponse(expectedResponse);
965973

@@ -1002,6 +1010,7 @@ public void destroySecretVersionTest() throws Exception {
10021010
.setDestroyTime(Timestamp.newBuilder().build())
10031011
.setReplicationStatus(ReplicationStatus.newBuilder().build())
10041012
.setEtag("etag3123477")
1013+
.setClientSpecifiedPayloadChecksum(true)
10051014
.build();
10061015
mockSecretManagerService.addResponse(expectedResponse);
10071016

@@ -1045,6 +1054,7 @@ public void destroySecretVersionTest2() throws Exception {
10451054
.setDestroyTime(Timestamp.newBuilder().build())
10461055
.setReplicationStatus(ReplicationStatus.newBuilder().build())
10471056
.setEtag("etag3123477")
1057+
.setClientSpecifiedPayloadChecksum(true)
10481058
.build();
10491059
mockSecretManagerService.addResponse(expectedResponse);
10501060

proto-google-cloud-secretmanager-v1/src/main/java/com/google/cloud/secretmanager/v1/ResourcesProto.java

Lines changed: 68 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -101,11 +101,11 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
101101
static {
102102
java.lang.String[] descriptorData = {
103103
"\n-google/cloud/secretmanager/v1/resource"
104-
+ "s.proto\022\035google.cloud.secretmanager.v1\032\037"
105-
+ "google/api/field_behavior.proto\032\031google/"
106-
+ "api/resource.proto\032\036google/protobuf/dura"
107-
+ "tion.proto\032\037google/protobuf/timestamp.pr"
108-
+ "oto\032\034google/api/annotations.proto\"\336\004\n\006Se"
104+
+ "s.proto\022\035google.cloud.secretmanager.v1\032\034"
105+
+ "google/api/annotations.proto\032\037google/api"
106+
+ "/field_behavior.proto\032\031google/api/resour"
107+
+ "ce.proto\032\036google/protobuf/duration.proto"
108+
+ "\032\037google/protobuf/timestamp.proto\"\336\004\n\006Se"
109109
+ "cret\022\021\n\004name\030\001 \001(\tB\003\340A\003\022G\n\013replication\030\002"
110110
+ " \001(\0132*.google.cloud.secretmanager.v1.Rep"
111111
+ "licationB\006\340A\005\340A\002\0224\n\013create_time\030\003 \001(\0132\032."
@@ -121,74 +121,76 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
121121
+ "\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001:M\352AJ\n#secr"
122122
+ "etmanager.googleapis.com/Secret\022#project"
123123
+ "s/{project}/secrets/{secret}B\014\n\nexpirati"
124-
+ "on\"\362\003\n\rSecretVersion\022\021\n\004name\030\001 \001(\tB\003\340A\003\022"
124+
+ "on\"\242\004\n\rSecretVersion\022\021\n\004name\030\001 \001(\tB\003\340A\003\022"
125125
+ "4\n\013create_time\030\002 \001(\0132\032.google.protobuf.T"
126126
+ "imestampB\003\340A\003\0225\n\014destroy_time\030\003 \001(\0132\032.go"
127127
+ "ogle.protobuf.TimestampB\003\340A\003\022F\n\005state\030\004 "
128128
+ "\001(\01622.google.cloud.secretmanager.v1.Secr"
129129
+ "etVersion.StateB\003\340A\003\022L\n\022replication_stat"
130130
+ "us\030\005 \001(\01320.google.cloud.secretmanager.v1"
131-
+ ".ReplicationStatus\022\021\n\004etag\030\006 \001(\tB\003\340A\003\"H\n"
132-
+ "\005State\022\025\n\021STATE_UNSPECIFIED\020\000\022\013\n\007ENABLED"
133-
+ "\020\001\022\014\n\010DISABLED\020\002\022\r\n\tDESTROYED\020\003:n\352Ak\n*se"
134-
+ "cretmanager.googleapis.com/SecretVersion"
135-
+ "\022=projects/{project}/secrets/{secret}/ve"
136-
+ "rsions/{secret_version}\"\220\004\n\013Replication\022"
137-
+ "I\n\tautomatic\030\001 \001(\01324.google.cloud.secret"
138-
+ "manager.v1.Replication.AutomaticH\000\022N\n\014us"
139-
+ "er_managed\030\002 \001(\01326.google.cloud.secretma"
140-
+ "nager.v1.Replication.UserManagedH\000\032o\n\tAu"
141-
+ "tomatic\022b\n\033customer_managed_encryption\030\001"
131+
+ ".ReplicationStatus\022\021\n\004etag\030\006 \001(\tB\003\340A\003\022.\n"
132+
+ "!client_specified_payload_checksum\030\007 \001(\010"
133+
+ "B\003\340A\003\"H\n\005State\022\025\n\021STATE_UNSPECIFIED\020\000\022\013\n"
134+
+ "\007ENABLED\020\001\022\014\n\010DISABLED\020\002\022\r\n\tDESTROYED\020\003:"
135+
+ "n\352Ak\n*secretmanager.googleapis.com/Secre"
136+
+ "tVersion\022=projects/{project}/secrets/{se"
137+
+ "cret}/versions/{secret_version}\"\220\004\n\013Repl"
138+
+ "ication\022I\n\tautomatic\030\001 \001(\01324.google.clou"
139+
+ "d.secretmanager.v1.Replication.Automatic"
140+
+ "H\000\022N\n\014user_managed\030\002 \001(\01326.google.cloud."
141+
+ "secretmanager.v1.Replication.UserManaged"
142+
+ "H\000\032o\n\tAutomatic\022b\n\033customer_managed_encr"
143+
+ "yption\030\001 \001(\01328.google.cloud.secretmanage"
144+
+ "r.v1.CustomerManagedEncryptionB\003\340A\001\032\345\001\n\013"
145+
+ "UserManaged\022U\n\010replicas\030\001 \003(\0132>.google.c"
146+
+ "loud.secretmanager.v1.Replication.UserMa"
147+
+ "naged.ReplicaB\003\340A\002\032\177\n\007Replica\022\020\n\010locatio"
148+
+ "n\030\001 \001(\t\022b\n\033customer_managed_encryption\030\002"
142149
+ " \001(\01328.google.cloud.secretmanager.v1.Cus"
143-
+ "tomerManagedEncryptionB\003\340A\001\032\345\001\n\013UserMana"
144-
+ "ged\022U\n\010replicas\030\001 \003(\0132>.google.cloud.sec"
145-
+ "retmanager.v1.Replication.UserManaged.Re"
146-
+ "plicaB\003\340A\002\032\177\n\007Replica\022\020\n\010location\030\001 \001(\t\022"
147-
+ "b\n\033customer_managed_encryption\030\002 \001(\01328.g"
148-
+ "oogle.cloud.secretmanager.v1.CustomerMan"
149-
+ "agedEncryptionB\003\340A\001B\r\n\013replication\"6\n\031Cu"
150-
+ "stomerManagedEncryption\022\031\n\014kms_key_name\030"
151-
+ "\001 \001(\tB\003\340A\002\"\353\004\n\021ReplicationStatus\022U\n\tauto"
152-
+ "matic\030\001 \001(\0132@.google.cloud.secretmanager"
153-
+ ".v1.ReplicationStatus.AutomaticStatusH\000\022"
154-
+ "Z\n\014user_managed\030\002 \001(\0132B.google.cloud.sec"
155-
+ "retmanager.v1.ReplicationStatus.UserMana"
156-
+ "gedStatusH\000\032{\n\017AutomaticStatus\022h\n\033custom"
157-
+ "er_managed_encryption\030\001 \001(\0132>.google.clo"
158-
+ "ud.secretmanager.v1.CustomerManagedEncry"
159-
+ "ptionStatusB\003\340A\003\032\217\002\n\021UserManagedStatus\022g"
160-
+ "\n\010replicas\030\001 \003(\0132P.google.cloud.secretma"
161-
+ "nager.v1.ReplicationStatus.UserManagedSt"
162-
+ "atus.ReplicaStatusB\003\340A\003\032\220\001\n\rReplicaStatu"
163-
+ "s\022\025\n\010location\030\001 \001(\tB\003\340A\003\022h\n\033customer_man"
164-
+ "aged_encryption\030\002 \001(\0132>.google.cloud.sec"
165-
+ "retmanager.v1.CustomerManagedEncryptionS"
166-
+ "tatusB\003\340A\003B\024\n\022replication_status\"D\n\037Cust"
167-
+ "omerManagedEncryptionStatus\022!\n\024kms_key_v"
168-
+ "ersion_name\030\001 \001(\tB\003\340A\002\"_\n\005Topic\022\021\n\004name\030"
169-
+ "\001 \001(\tB\003\340A\002:C\352A@\n\033pubsub.googleapis.com/T"
170-
+ "opic\022!projects/{project}/topics/{topic}\""
171-
+ "\200\001\n\010Rotation\022;\n\022next_rotation_time\030\001 \001(\013"
172-
+ "2\032.google.protobuf.TimestampB\003\340A\001\0227\n\017rot"
173-
+ "ation_period\030\002 \001(\0132\031.google.protobuf.Dur"
174-
+ "ationB\003\340A\004\"\035\n\rSecretPayload\022\014\n\004data\030\001 \001("
175-
+ "\014B\355\001\n!com.google.cloud.secretmanager.v1B"
176-
+ "\016ResourcesProtoP\001ZJgoogle.golang.org/gen"
177-
+ "proto/googleapis/cloud/secretmanager/v1;"
178-
+ "secretmanager\370\001\001\242\002\003GSM\252\002\035Google.Cloud.Se"
179-
+ "cretManager.V1\312\002\035Google\\Cloud\\SecretMana"
180-
+ "ger\\V1\352\002 Google::Cloud::SecretManager::V"
181-
+ "1b\006proto3"
150+
+ "tomerManagedEncryptionB\003\340A\001B\r\n\013replicati"
151+
+ "on\"6\n\031CustomerManagedEncryption\022\031\n\014kms_k"
152+
+ "ey_name\030\001 \001(\tB\003\340A\002\"\353\004\n\021ReplicationStatus"
153+
+ "\022U\n\tautomatic\030\001 \001(\0132@.google.cloud.secre"
154+
+ "tmanager.v1.ReplicationStatus.AutomaticS"
155+
+ "tatusH\000\022Z\n\014user_managed\030\002 \001(\0132B.google.c"
156+
+ "loud.secretmanager.v1.ReplicationStatus."
157+
+ "UserManagedStatusH\000\032{\n\017AutomaticStatus\022h"
158+
+ "\n\033customer_managed_encryption\030\001 \001(\0132>.go"
159+
+ "ogle.cloud.secretmanager.v1.CustomerMana"
160+
+ "gedEncryptionStatusB\003\340A\003\032\217\002\n\021UserManaged"
161+
+ "Status\022g\n\010replicas\030\001 \003(\0132P.google.cloud."
162+
+ "secretmanager.v1.ReplicationStatus.UserM"
163+
+ "anagedStatus.ReplicaStatusB\003\340A\003\032\220\001\n\rRepl"
164+
+ "icaStatus\022\025\n\010location\030\001 \001(\tB\003\340A\003\022h\n\033cust"
165+
+ "omer_managed_encryption\030\002 \001(\0132>.google.c"
166+
+ "loud.secretmanager.v1.CustomerManagedEnc"
167+
+ "ryptionStatusB\003\340A\003B\024\n\022replication_status"
168+
+ "\"D\n\037CustomerManagedEncryptionStatus\022!\n\024k"
169+
+ "ms_key_version_name\030\001 \001(\tB\003\340A\002\"_\n\005Topic\022"
170+
+ "\021\n\004name\030\001 \001(\tB\003\340A\002:C\352A@\n\033pubsub.googleap"
171+
+ "is.com/Topic\022!projects/{project}/topics/"
172+
+ "{topic}\"\200\001\n\010Rotation\022;\n\022next_rotation_ti"
173+
+ "me\030\001 \001(\0132\032.google.protobuf.TimestampB\003\340A"
174+
+ "\001\0227\n\017rotation_period\030\002 \001(\0132\031.google.prot"
175+
+ "obuf.DurationB\003\340A\004\"L\n\rSecretPayload\022\014\n\004d"
176+
+ "ata\030\001 \001(\014\022\035\n\013data_crc32c\030\002 \001(\003B\003\340A\001H\000\210\001\001"
177+
+ "B\016\n\014_data_crc32cB\355\001\n!com.google.cloud.se"
178+
+ "cretmanager.v1B\016ResourcesProtoP\001ZJgoogle"
179+
+ ".golang.org/genproto/googleapis/cloud/se"
180+
+ "cretmanager/v1;secretmanager\370\001\001\242\002\003GSM\252\002\035"
181+
+ "Google.Cloud.SecretManager.V1\312\002\035Google\\C"
182+
+ "loud\\SecretManager\\V1\352\002 Google::Cloud::S"
183+
+ "ecretManager::V1b\006proto3"
182184
};
183185
descriptor =
184186
com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
185187
descriptorData,
186188
new com.google.protobuf.Descriptors.FileDescriptor[] {
189+
com.google.api.AnnotationsProto.getDescriptor(),
187190
com.google.api.FieldBehaviorProto.getDescriptor(),
188191
com.google.api.ResourceProto.getDescriptor(),
189192
com.google.protobuf.DurationProto.getDescriptor(),
190193
com.google.protobuf.TimestampProto.getDescriptor(),
191-
com.google.api.AnnotationsProto.getDescriptor(),
192194
});
193195
internal_static_google_cloud_secretmanager_v1_Secret_descriptor =
194196
getDescriptor().getMessageTypes().get(0);
@@ -221,7 +223,13 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
221223
new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
222224
internal_static_google_cloud_secretmanager_v1_SecretVersion_descriptor,
223225
new java.lang.String[] {
224-
"Name", "CreateTime", "DestroyTime", "State", "ReplicationStatus", "Etag",
226+
"Name",
227+
"CreateTime",
228+
"DestroyTime",
229+
"State",
230+
"ReplicationStatus",
231+
"Etag",
232+
"ClientSpecifiedPayloadChecksum",
225233
});
226234
internal_static_google_cloud_secretmanager_v1_Replication_descriptor =
227235
getDescriptor().getMessageTypes().get(2);
@@ -337,19 +345,19 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
337345
new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
338346
internal_static_google_cloud_secretmanager_v1_SecretPayload_descriptor,
339347
new java.lang.String[] {
340-
"Data",
348+
"Data", "DataCrc32C", "DataCrc32C",
341349
});
342350
com.google.protobuf.ExtensionRegistry registry =
343351
com.google.protobuf.ExtensionRegistry.newInstance();
344352
registry.add(com.google.api.FieldBehaviorProto.fieldBehavior);
345353
registry.add(com.google.api.ResourceProto.resource);
346354
com.google.protobuf.Descriptors.FileDescriptor.internalUpdateFileDescriptor(
347355
descriptor, registry);
356+
com.google.api.AnnotationsProto.getDescriptor();
348357
com.google.api.FieldBehaviorProto.getDescriptor();
349358
com.google.api.ResourceProto.getDescriptor();
350359
com.google.protobuf.DurationProto.getDescriptor();
351360
com.google.protobuf.TimestampProto.getDescriptor();
352-
com.google.api.AnnotationsProto.getDescriptor();
353361
}
354362

355363
// @@protoc_insertion_point(outer_class_scope)

0 commit comments

Comments
 (0)