diff --git a/secretmanager/README.md b/secretmanager/README.md index b4d04ebfe3..278ff9da1c 100644 --- a/secretmanager/README.md +++ b/secretmanager/README.md @@ -14,7 +14,13 @@ This simple command-line application demonstrates how to invoke 1. **Enable APIs** - [Enable the Secret Manager API](https://console.cloud.google.com/flows/enableapi?apiid=secretmanager.googleapis.com) - and create a new project or select an existing project. + and create a new project or select an existing project. To run the rotation tests, you will need to [Create a Pub/Sub topic](https://cloud.google.com/pubsub/docs/create-topic). CMEK related test cases need separate [KMS key](https://cloud.google.com/kms/docs/create-key) for global and regional tests. + + Set the following environment variables: + + - GOOGLE_CLOUD_PUBSUB_TOPIC - Full name of topic (projects/{project}/topics/{topic}). + - GOOGLE_CLOUD_KMS_KEY - Full name of global KMS key (projects/{project}/locations/global/keyRings/{keyring}/cryptoKeys/{key}). + - GOOGLE_CLOUD_REGIONAL_KMS_KEY - Full name of regional KMS key (projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}). 1. **Download The Credentials** - Click "Go to credentials" after enabling the APIs. Click "New Credentials" and select "Service Account Key". Create a new diff --git a/secretmanager/src/create_regional_secret_with_cmek.php b/secretmanager/src/create_regional_secret_with_cmek.php new file mode 100644 index 0000000000..4d07d464ea --- /dev/null +++ b/secretmanager/src/create_regional_secret_with_cmek.php @@ -0,0 +1,67 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $parent = $client->locationName($projectId, $locationId); + + $cmek = new CustomerManagedEncryption([ + 'kms_key_name' => $kmsKeyName, + ]); + + $secret = new Secret([ + 'customer_managed_encryption' => $cmek + ]); + + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + $created = $client->createSecret($request); + + printf('Created secret %s with CMEK %s%s', $created->getName(), $kmsKeyName, PHP_EOL); +} +// [END secretmanager_create_regional_secret_with_cmek] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_regional_secret_with_expiration.php b/secretmanager/src/create_regional_secret_with_expiration.php new file mode 100644 index 0000000000..241698d6f9 --- /dev/null +++ b/secretmanager/src/create_regional_secret_with_expiration.php @@ -0,0 +1,69 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the parent project. + $parent = $client->locationName($projectId, $locationId); + + $duration = new Duration(); + $duration->setSeconds(3600); // 1 hour TTL in seconds + + $secret = new Secret(); + $secret->setTtl($duration); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $newSecret = $client->createSecret($request); + + // Print the new secret name. + printf('Created secret: %s%s', $newSecret->getName(), PHP_EOL); +} +// [END secretmanager_create_regional_secret_with_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_regional_secret_with_topic.php b/secretmanager/src/create_regional_secret_with_topic.php new file mode 100644 index 0000000000..cd2d9d0775 --- /dev/null +++ b/secretmanager/src/create_regional_secret_with_topic.php @@ -0,0 +1,65 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $parent = $client->locationName($projectId, $locationId); + + $secret = new Secret([ + 'topics' => [new Topic(['name' => $topicName])], + ]); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $created = $client->createSecret($request); + + printf('Created secret %s with topic %s%s', $created->getName(), $topicName, PHP_EOL); +} +// [END secretmanager_create_regional_secret_with_topic] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_secret_with_cmek.php b/secretmanager/src/create_secret_with_cmek.php new file mode 100644 index 0000000000..2338291774 --- /dev/null +++ b/secretmanager/src/create_secret_with_cmek.php @@ -0,0 +1,71 @@ +projectName($projectId); + + $cmek = new CustomerManagedEncryption([ + 'kms_key_name' => $kmsKeyName, + ]); + + $secret = new Secret([ + 'replication' => new Replication([ + 'automatic' => new Automatic([ + 'customer_managed_encryption' => $cmek, + ]), + ]), + ]); + + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + $created = $client->createSecret($request); + + printf('Created secret %s with CMEK %s%s', $created->getName(), $kmsKeyName, PHP_EOL); +} +// [END secretmanager_create_secret_with_cmek] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_secret_with_expiration.php b/secretmanager/src/create_secret_with_expiration.php new file mode 100644 index 0000000000..0a12dd7a02 --- /dev/null +++ b/secretmanager/src/create_secret_with_expiration.php @@ -0,0 +1,74 @@ +projectName($projectId); + + $secret = new Secret([ + 'replication' => new Replication([ + 'automatic' => new Automatic(), + ]), + ]); + + $duration = new Duration(); + $duration->setSeconds(3600); // 1 hour TTL in seconds + + $secret->setTtl($duration); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $newSecret = $client->createSecret($request); + + // Print the new secret name. + printf('Created secret: %s%s', $newSecret->getName(), PHP_EOL); +} +// [END secretmanager_create_secret_with_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_secret_with_topic.php b/secretmanager/src/create_secret_with_topic.php new file mode 100644 index 0000000000..9a84239637 --- /dev/null +++ b/secretmanager/src/create_secret_with_topic.php @@ -0,0 +1,68 @@ +projectName($projectId); + + $secret = new Secret([ + 'replication' => new Replication([ + 'automatic' => new Automatic(), + ]), + 'topics' => [new Topic(['name' => $topicName])], + ]); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $created = $client->createSecret($request); + + printf('Created secret %s with topic %s%s', $created->getName(), $topicName, PHP_EOL); +} +// [END secretmanager_create_secret_with_topic] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/delete_regional_secret_expiration.php b/secretmanager/src/delete_regional_secret_expiration.php new file mode 100644 index 0000000000..d07339c04d --- /dev/null +++ b/secretmanager/src/delete_regional_secret_expiration.php @@ -0,0 +1,74 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Build the secret with only the name — leaving ttl unset clears it when used with an update mask. + $secret = new Secret([ + 'name' => $name, + ]); + + // Set the field mask to clear the ttl field. + $fieldMask = new FieldMask(); + $fieldMask->setPaths(['ttl']); + + // Build the request. + $request = new UpdateSecretRequest(); + $request->setSecret($secret); + $request->setUpdateMask($fieldMask); + + // Update the secret. + $newSecret = $client->updateSecret($request); + + // Print the new secret name. + printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL); +} +// [END secretmanager_delete_regional_secret_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/delete_regional_secret_using_etag.php b/secretmanager/src/delete_regional_secret_using_etag.php new file mode 100644 index 0000000000..fb3a8c4b84 --- /dev/null +++ b/secretmanager/src/delete_regional_secret_using_etag.php @@ -0,0 +1,67 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Get the current secret to read the etag. + $getRequest = GetSecretRequest::build($name); + $current = $client->getSecret($getRequest); + + $etag = $current->getEtag(); + + // Build the delete request with the etag. + $deleteRequest = (new DeleteSecretRequest()) + ->setName($name) + ->setEtag($etag); + + // Delete the secret. + $client->deleteSecret($deleteRequest); + + printf('Deleted secret %s' . PHP_EOL, $secretId); +} +// [END secretmanager_delete_regional_secret_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/delete_secret_expiration.php b/secretmanager/src/delete_secret_expiration.php new file mode 100644 index 0000000000..18be08d38b --- /dev/null +++ b/secretmanager/src/delete_secret_expiration.php @@ -0,0 +1,72 @@ +secretName($projectId, $secretId); + + // Build the secret with only the name — leaving ttl unset clears it when used with an update mask. + $secret = new Secret([ + 'name' => $name, + ]); + + // Set the field mask to clear the ttl field. + $fieldMask = new FieldMask(); + $fieldMask->setPaths(['ttl']); + + // Build the request. + $request = new UpdateSecretRequest(); + $request->setSecret($secret); + $request->setUpdateMask($fieldMask); + + // Update the secret. + $newSecret = $client->updateSecret($request); + + // Print the new secret name. + printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL); +} +// [END secretmanager_delete_secret_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/delete_secret_using_etag.php b/secretmanager/src/delete_secret_using_etag.php new file mode 100644 index 0000000000..2f845625cf --- /dev/null +++ b/secretmanager/src/delete_secret_using_etag.php @@ -0,0 +1,65 @@ +secretName($projectId, $secretId); + + // Get the current secret to read the etag. + $getRequest = GetSecretRequest::build($name); + $current = $client->getSecret($getRequest); + + $etag = $current->getEtag(); + + // Build the delete request with the etag. + $deleteRequest = (new DeleteSecretRequest()) + ->setName($name) + ->setEtag($etag); + + // Delete the secret. + $client->deleteSecret($deleteRequest); + + printf('Deleted secret %s' . PHP_EOL, $secretId); +} +// [END secretmanager_delete_secret_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/destroy_regional_secret_version_using_etag.php b/secretmanager/src/destroy_regional_secret_version_using_etag.php new file mode 100644 index 0000000000..457490e72e --- /dev/null +++ b/secretmanager/src/destroy_regional_secret_version_using_etag.php @@ -0,0 +1,63 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = DestroySecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->destroySecretVersion($request); + + printf('Destroyed secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_destroy_regional_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/destroy_secret_version_using_etag.php b/secretmanager/src/destroy_secret_version_using_etag.php new file mode 100644 index 0000000000..a8b31d3230 --- /dev/null +++ b/secretmanager/src/destroy_secret_version_using_etag.php @@ -0,0 +1,61 @@ +secretVersionName($projectId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = DestroySecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->destroySecretVersion($request); + + printf('Destroyed secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_destroy_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/disable_regional_secret_version_using_etag.php b/secretmanager/src/disable_regional_secret_version_using_etag.php new file mode 100644 index 0000000000..ffb5a3c6e4 --- /dev/null +++ b/secretmanager/src/disable_regional_secret_version_using_etag.php @@ -0,0 +1,63 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = DisableSecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->disableSecretVersion($request); + + printf('Disabled secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_disable_regional_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/disable_secret_version_using_etag.php b/secretmanager/src/disable_secret_version_using_etag.php new file mode 100644 index 0000000000..44240b44f8 --- /dev/null +++ b/secretmanager/src/disable_secret_version_using_etag.php @@ -0,0 +1,61 @@ +secretVersionName($projectId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = DisableSecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->disableSecretVersion($request); + + printf('Disabled secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_disable_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/enable_regional_secret_version_using_etag.php b/secretmanager/src/enable_regional_secret_version_using_etag.php new file mode 100644 index 0000000000..df423f5413 --- /dev/null +++ b/secretmanager/src/enable_regional_secret_version_using_etag.php @@ -0,0 +1,63 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = EnableSecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->enableSecretVersion($request); + + printf('Enabled secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_enable_regional_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/enable_secret_version_using_etag.php b/secretmanager/src/enable_secret_version_using_etag.php new file mode 100644 index 0000000000..82668c8832 --- /dev/null +++ b/secretmanager/src/enable_secret_version_using_etag.php @@ -0,0 +1,61 @@ +secretVersionName($projectId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = EnableSecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->enableSecretVersion($request); + + printf('Enabled secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_enable_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_regional_secret_versions_with_filter.php b/secretmanager/src/list_regional_secret_versions_with_filter.php new file mode 100644 index 0000000000..c86bb03a71 --- /dev/null +++ b/secretmanager/src/list_regional_secret_versions_with_filter.php @@ -0,0 +1,57 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $parent = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + $request = ListSecretVersionsRequest::build($parent)->setFilter($filter); + + foreach ($client->listSecretVersions($request) as $version) { + printf('Found secret version %s' . PHP_EOL, $version->getName()); + } +} +// [END secretmanager_list_regional_secret_versions_with_filter] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_regional_secrets_with_filter.php b/secretmanager/src/list_regional_secrets_with_filter.php new file mode 100644 index 0000000000..9f83f7fcb9 --- /dev/null +++ b/secretmanager/src/list_regional_secrets_with_filter.php @@ -0,0 +1,56 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $parent = $client->locationName($projectId, $locationId); + + $request = ListSecretsRequest::build($parent)->setFilter($filter); + + foreach ($client->listSecrets($request) as $secret) { + printf('Found secret %s' . PHP_EOL, $secret->getName()); + } +} +// [END secretmanager_list_regional_secrets_with_filter] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_secret_versions_with_filter.php b/secretmanager/src/list_secret_versions_with_filter.php new file mode 100644 index 0000000000..d6fb6c2866 --- /dev/null +++ b/secretmanager/src/list_secret_versions_with_filter.php @@ -0,0 +1,55 @@ +secretName($projectId, $secretId); + + $request = ListSecretVersionsRequest::build($parent)->setFilter($filter); + + foreach ($client->listSecretVersions($request) as $version) { + printf('Found secret version %s' . PHP_EOL, $version->getName()); + } +} +// [END secretmanager_list_secret_versions_with_filter] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_secrets_with_filter.php b/secretmanager/src/list_secrets_with_filter.php new file mode 100644 index 0000000000..2d07bed0d2 --- /dev/null +++ b/secretmanager/src/list_secrets_with_filter.php @@ -0,0 +1,54 @@ +projectName($projectId); + + $request = ListSecretsRequest::build($parent)->setFilter($filter); + + foreach ($client->listSecrets($request) as $secret) { + printf('Found secret %s' . PHP_EOL, $secret->getName()); + } +} +// [END secretmanager_list_secrets_with_filter] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_regional_secret_using_etag.php b/secretmanager/src/update_regional_secret_using_etag.php new file mode 100644 index 0000000000..5566c1c9dc --- /dev/null +++ b/secretmanager/src/update_regional_secret_using_etag.php @@ -0,0 +1,80 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + $getRequest = GetSecretRequest::build($name); + $current = $client->getSecret($getRequest); + + $etag = $current->getEtag(); + + // Prepare the secret with the updated labels and the stored etag. + $secret = (new Secret()) + ->setName($name) + ->setLabels([$labelKey => $labelValue]) + ->setEtag($etag); + + // Only update the labels field. + $updateMask = (new FieldMask())->setPaths(['labels']); + + // Build and send the update request. + $request = UpdateSecretRequest::build($secret, $updateMask); + + $response = $client->updateSecret($request); + + printf('Updated secret using etag: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_update_regional_secret_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_regional_secret_with_expiration.php b/secretmanager/src/update_regional_secret_with_expiration.php new file mode 100644 index 0000000000..dde51e4e41 --- /dev/null +++ b/secretmanager/src/update_regional_secret_with_expiration.php @@ -0,0 +1,78 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Build the secret with the new TTL. + $secret = new Secret([ + 'name' => $name, + 'ttl' => new Duration([ + 'seconds' => 7200, // Set TTL to 2 hours. + ]) + ]); + + // Set the field mask to update only the ttl field. + $fieldMask = new FieldMask(); + $fieldMask->setPaths(['ttl']); + + // Build the request. + $request = new UpdateSecretRequest(); + $request->setSecret($secret); + $request->setUpdateMask($fieldMask); + + // Update the secret. + $newSecret = $client->updateSecret($request); + + // Print the new secret name. + printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL); +} +// [END secretmanager_update_regional_secret_with_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_secret_using_etag.php b/secretmanager/src/update_secret_using_etag.php new file mode 100644 index 0000000000..7a1ca198fe --- /dev/null +++ b/secretmanager/src/update_secret_using_etag.php @@ -0,0 +1,81 @@ +secretName($projectId, $secretId); + + // Get the current secret to read the etag. + $getRequest = GetSecretRequest::build($name); + $current = $client->getSecret($getRequest); + + $etag = $current->getEtag(); + + // Prepare the secret with the updated labels and the stored etag. + $secret = (new Secret()) + ->setName($name) + ->setLabels([$labelKey => $labelValue]) + ->setEtag($etag); + + // Only update the labels field. + $updateMask = (new FieldMask())->setPaths(['labels']); + + // Build and send the update request. + $request = UpdateSecretRequest::build($secret, $updateMask); + + $response = $client->updateSecret($request); + + printf('Updated secret using etag: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_update_secret_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_secret_with_expiration.php b/secretmanager/src/update_secret_with_expiration.php new file mode 100644 index 0000000000..b6f34961cd --- /dev/null +++ b/secretmanager/src/update_secret_with_expiration.php @@ -0,0 +1,77 @@ +secretName($projectId, $secretId); + + // Build the secret with the new TTL. + $secret = new Secret([ + 'name' => $name, + 'ttl' => new Duration([ + 'seconds' => 7200, // Set TTL to 2 hours. + ]) + ]); + + // Set the field mask to update only the ttl field. + $fieldMask = new FieldMask(); + $fieldMask->setPaths(['ttl']); + + // Build the request. + $request = new UpdateSecretRequest(); + $request->setSecret($secret); + $request->setUpdateMask($fieldMask); + + // Update the secret. + $newSecret = $client->updateSecret($request); + + // Print the new secret name. + printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL); +} +// [END secretmanager_update_secret_with_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php index 18c9c97ac5..345d126210 100644 --- a/secretmanager/test/regionalsecretmanagerTest.php +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -56,11 +56,17 @@ class regionalsecretmanagerTest extends TestCase private static $testSecretVersionToDestroy; private static $testSecretVersionToDisable; private static $testSecretVersionToEnable; + private static $testSecretVersionToDestroyWithETag; + private static $testSecretVersionToDisableWithETag; + private static $testSecretVersionToEnableWithETag; private static $testSecretWithTagToCreateName; private static $testSecretBindTagToCreateName; private static $testSecretWithLabelsToCreateName; private static $testSecretWithAnnotationsToCreateName; private static $testSecretWithDelayedDestroyToCreateName; + private static $testSecretWithExpirationToCreateName; + private static $testSecretWithCMEKToCreateName; + private static $testSecretWithTopicToCreateName; private static $iamUser = 'user:kapishsingh@google.com'; private static $locationId = 'us-central1'; @@ -75,6 +81,9 @@ class regionalsecretmanagerTest extends TestCase private static $testTagKey; private static $testTagValue; + private static $skipRotationTests = false; + private static $testRotationTopic; + public static function setUpBeforeClass(): void { $options = ['apiEndpoint' => 'secretmanager.' . self::$locationId . '.rep.googleapis.com' ]; @@ -86,19 +95,36 @@ public static function setUpBeforeClass(): void self::$testSecretToDelete = self::createSecret(); self::$testSecretWithVersions = self::createSecret(); self::$testSecretToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); - self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); - self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); - self::$testSecretVersionToDisable = self::addSecretVersion(self::$testSecretWithVersions); - self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretWithTagToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretBindTagToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithLabelsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithAnnotationsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithDelayedDestroyToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + self::$testSecretWithExpirationToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + self::$testSecretWithCMEKToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + self::$testSecretWithTopicToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + + self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDisable = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions); self::disableSecretVersion(self::$testSecretVersionToEnable); + self::$testSecretVersionToDestroyWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDisableWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToEnableWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::disableSecretVersion(self::$testSecretVersionToEnableWithETag); self::$testTagKey = self::createTagKey(self::randomSecretId()); self::$testTagValue = self::createTagValue(self::randomSecretId()); + + // GOOGLE_CLOUD_PUBSUB_TOPIC (projects/{project}/topics/{topic}). + $envTopic = getenv('GOOGLE_CLOUD_PUBSUB_TOPIC'); + if ($envTopic === false || $envTopic === '') { + self::$skipRotationTests = true; + printf('Skipping tests dependent on GOOGLE_CLOUD_PUBSUB_TOPIC as it is not set.%s', PHP_EOL); + } else { + self::$testRotationTopic = $envTopic; + } } public static function tearDownAfterClass(): void @@ -115,6 +141,9 @@ public static function tearDownAfterClass(): void self::deleteSecret(self::$testSecretWithLabelsToCreateName); self::deleteSecret(self::$testSecretWithAnnotationsToCreateName); self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName); + self::deleteSecret(self::$testSecretWithExpirationToCreateName); + self::deleteSecret(self::$testSecretWithCMEKToCreateName); + self::deleteSecret(self::$testSecretWithTopicToCreateName); sleep(15); // Added a sleep to wait for the tag unbinding self::deleteTagValue(); self::deleteTagKey(); @@ -294,6 +323,20 @@ public function testCreateSecret() $this->assertStringContainsString('Created secret', $output); } + public function testDeleteSecretUsingEtag() + { + $secret = self::createSecret(); + $name = self::$client->parseName($secret->getName()); + + $output = $this->runFunctionSnippet('delete_regional_secret_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Deleted secret', $output); + } + public function testDeleteSecret() { $name = self::$client->parseName(self::$testSecretToDelete->getName()); @@ -307,6 +350,20 @@ public function testDeleteSecret() $this->assertStringContainsString('Deleted secret', $output); } + public function testDestroySecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToDestroyWithETag->getName()); + + $output = $this->runFunctionSnippet('destroy_regional_secret_version_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Destroyed secret version', $output); + } + public function testDestroySecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToDestroy->getName()); @@ -321,6 +378,20 @@ public function testDestroySecretVersion() $this->assertStringContainsString('Destroyed secret version', $output); } + public function testDisableSecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToDisableWithETag->getName()); + + $output = $this->runFunctionSnippet('disable_regional_secret_version_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Disabled secret version', $output); + } + public function testDisableSecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToDisable->getName()); @@ -335,6 +406,20 @@ public function testDisableSecretVersion() $this->assertStringContainsString('Disabled secret version', $output); } + public function testEnableSecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToEnableWithETag->getName()); + + $output = $this->runFunctionSnippet('enable_regional_secret_version_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Enabled secret version', $output); + } + public function testEnableSecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToEnable->getName()); @@ -405,6 +490,23 @@ public function testIamRevokeAccess() $this->assertStringContainsString('Updated IAM policy', $output); } + public function testListSecretVersionsWithFilter() + { + $name = self::$client->parseName(self::$testSecretWithVersions->getName()); + + // Filter for enabled versions. + $filter = 'state = ENABLED'; + + $output = $this->runFunctionSnippet('list_regional_secret_versions_with_filter', [ + $name['project'], + $name['location'], + $name['secret'], + $filter, + ]); + + $this->assertStringContainsString('Found secret version', $output); + } + public function testListSecretVersions() { $name = self::$client->parseName(self::$testSecretWithVersions->getName()); @@ -418,6 +520,21 @@ public function testListSecretVersions() $this->assertStringContainsString('secret version', $output); } + public function testListSecretsWithFilter() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $filter = 'name:' . $name['secret']; + + $output = $this->runFunctionSnippet('list_regional_secrets_with_filter', [ + $name['project'], + $name['location'], + $filter, + ]); + + $this->assertStringContainsString('Found secret', $output); + } + public function testListSecrets() { $name = self::$client->parseName(self::$testSecret->getName()); @@ -431,6 +548,21 @@ public function testListSecrets() $this->assertStringContainsString($name['secret'], $output); } + public function testUpdateSecretUsingEtag() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('update_regional_secret_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + 'etaglabel', + 'etagvalue', + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + public function testUpdateSecret() { $name = self::$client->parseName(self::$testSecret->getName()); @@ -649,4 +781,82 @@ public function testUpdateSecretWithDelayedDestroyed() $secret = self::getSecret($name['project'], $name['location'], $name['secret']); $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds()); } + + public function testCreateSecretWithExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('create_regional_secret_with_expiration', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testUpdateSecretWithExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('update_regional_secret_with_expiration', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + + public function testDeleteSecretExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('delete_regional_secret_expiration', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + + public function testCreateSecretWithCmek() + { + $kmsKey = getenv('GOOGLE_CLOUD_REGIONAL_KMS_KEY'); + if ($kmsKey === false || $kmsKey === '') { + $this->markTestSkipped('GOOGLE_CLOUD_REGIONAL_KMS_KEY not set'); + printf('Skipping testCreateSecretWithCmek dependent on GOOGLE_CLOUD_REGIONAL_KMS_KEY%s', PHP_EOL); + } + + $name = self::$client->parseName(self::$testSecretWithCMEKToCreateName); + + $output = $this->runFunctionSnippet('create_regional_secret_with_cmek', [ + $name['project'], + $name['location'], + $name['secret'], + $kmsKey, + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testCreateSecretWithTopic() + { + if (self::$skipRotationTests) { + $this->markTestSkipped('GOOGLE_CLOUD_PUBSUB_TOPIC not set'); + printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_PUBSUB_TOPIC%s', PHP_EOL); + } + + $name = self::$client->parseName(self::$testSecretWithTopicToCreateName); + + $output = $this->runFunctionSnippet('create_regional_secret_with_topic', [ + $name['project'], + $name['location'], + $name['secret'], + self::$testRotationTopic, + ]); + + $this->assertStringContainsString('Created secret', $output); + } } diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php index 11b9dd3bd6..fc7f3026bd 100644 --- a/secretmanager/test/secretmanagerTest.php +++ b/secretmanager/test/secretmanagerTest.php @@ -59,11 +59,17 @@ class secretmanagerTest extends TestCase private static $testSecretVersionToDestroy; private static $testSecretVersionToDisable; private static $testSecretVersionToEnable; + private static $testSecretVersionToDestroyWithETag; + private static $testSecretVersionToDisableWithETag; + private static $testSecretVersionToEnableWithETag; private static $testSecretWithTagToCreateName; private static $testSecretBindTagToCreateName; private static $testSecretWithLabelsToCreateName; private static $testSecretWithAnnotationsToCreateName; private static $testSecretWithDelayedDestroyToCreateName; + private static $testSecretWithExpirationToCreateName; + private static $testSecretWithCMEKToCreateName; + private static $testSecretWithTopicToCreateName; private static $iamUser = 'user:sethvargo@google.com'; private static $testLabelKey = 'test-label-key'; @@ -77,6 +83,9 @@ class secretmanagerTest extends TestCase private static $testTagKey; private static $testTagValue; + private static $skipRotationTests = false; + private static $testRotationTopic; + public static function setUpBeforeClass(): void { self::$client = new SecretManagerServiceClient(); @@ -93,6 +102,9 @@ public static function setUpBeforeClass(): void self::$testSecretWithLabelsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretWithAnnotationsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretWithDelayedDestroyToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); + self::$testSecretWithExpirationToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); + self::$testSecretWithCMEKToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); + self::$testSecretWithTopicToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); @@ -100,8 +112,22 @@ public static function setUpBeforeClass(): void self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions); self::disableSecretVersion(self::$testSecretVersionToEnable); + self::$testSecretVersionToDestroyWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDisableWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToEnableWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::disableSecretVersion(self::$testSecretVersionToEnableWithETag); + self::$testTagKey = self::createTagKey(self::randomSecretId()); self::$testTagValue = self::createTagValue(self::randomSecretId()); + + // GOOGLE_CLOUD_PUBSUB_TOPIC (projects/{project}/topics/{topic}). + $envTopic = getenv('GOOGLE_CLOUD_PUBSUB_TOPIC'); + if ($envTopic === false || $envTopic === '') { + self::$skipRotationTests = true; + printf('Skipping tests dependent on GOOGLE_CLOUD_PUBSUB_TOPIC as it is not set.%s', PHP_EOL); + } else { + self::$testRotationTopic = $envTopic; + } } public static function tearDownAfterClass(): void @@ -116,6 +142,9 @@ public static function tearDownAfterClass(): void self::deleteSecret(self::$testSecretWithLabelsToCreateName); self::deleteSecret(self::$testSecretWithAnnotationsToCreateName); self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName); + self::deleteSecret(self::$testSecretWithExpirationToCreateName); + self::deleteSecret(self::$testSecretWithCMEKToCreateName); + self::deleteSecret(self::$testSecretWithTopicToCreateName); sleep(15); // Added a sleep to wait for the tag unbinding self::deleteTagValue(); self::deleteTagKey(); @@ -310,6 +339,20 @@ public function testCreateSecretWithUserManagedReplication() $this->assertStringContainsString('Created secret', $output); } + public function testDeleteSecretUsingEtag() + { + // Create a fresh secret to delete with etag. + $secret = self::createSecret(); + $name = self::$client->parseName($secret->getName()); + + $output = $this->runFunctionSnippet('delete_secret_using_etag', [ + $name['project'], + $name['secret'], + ]); + + $this->assertStringContainsString('Deleted secret', $output); + } + public function testDeleteSecret() { $name = self::$client->parseName(self::$testSecretToDelete->getName()); @@ -322,6 +365,19 @@ public function testDeleteSecret() $this->assertStringContainsString('Deleted secret', $output); } + public function testDestroySecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToDestroyWithETag->getName()); + + $output = $this->runFunctionSnippet('destroy_secret_version_using_etag', [ + $name['project'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Destroyed secret version', $output); + } + public function testDestroySecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToDestroy->getName()); @@ -335,6 +391,19 @@ public function testDestroySecretVersion() $this->assertStringContainsString('Destroyed secret version', $output); } + public function testDisableSecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToDisableWithETag->getName()); + + $output = $this->runFunctionSnippet('disable_secret_version_using_etag', [ + $name['project'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Disabled secret version', $output); + } + public function testDisableSecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToDisable->getName()); @@ -348,6 +417,19 @@ public function testDisableSecretVersion() $this->assertStringContainsString('Disabled secret version', $output); } + public function testEnableSecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToEnableWithETag->getName()); + + $output = $this->runFunctionSnippet('enable_secret_version_using_etag', [ + $name['project'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Enabled secret version', $output); + } + public function testEnableSecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToEnable->getName()); @@ -414,6 +496,22 @@ public function testIamRevokeAccess() $this->assertStringContainsString('Updated IAM policy', $output); } + public function testListSecretVersionsWithFilter() + { + $name = self::$client->parseName(self::$testSecretWithVersions->getName()); + + // Filter for enabled versions. + $filter = 'state = ENABLED'; + + $output = $this->runFunctionSnippet('list_secret_versions_with_filter', [ + $name['project'], + $name['secret'], + $filter, + ]); + + $this->assertStringContainsString('Found secret version', $output); + } + public function testListSecretVersions() { $name = self::$client->parseName(self::$testSecretWithVersions->getName()); @@ -426,6 +524,20 @@ public function testListSecretVersions() $this->assertStringContainsString('secret version', $output); } + public function testListSecretsWithFilter() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $filter = 'name:' . $name['secret']; + + $output = $this->runFunctionSnippet('list_secrets_with_filter', [ + $name['project'], + $filter, + ]); + + $this->assertStringContainsString('Found secret', $output); + } + public function testListSecrets() { $name = self::$client->parseName(self::$testSecret->getName()); @@ -438,6 +550,20 @@ public function testListSecrets() $this->assertStringContainsString($name['secret'], $output); } + public function testUpdateSecretUsingEtag() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('update_secret_using_etag', [ + $name['project'], + $name['secret'], + 'etaglabel', + 'etagvalue', + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + public function testUpdateSecret() { $name = self::$client->parseName(self::$testSecret->getName()); @@ -642,4 +768,77 @@ public function testUpdateSecretWithDelayedDestroyed() $secret = self::getSecret($name['project'], $name['secret']); $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds()); } + + public function testCreateSecretWithExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('create_secret_with_expiration', [ + $name['project'], + $name['secret'], + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testUpdateSecretWithExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('update_secret_with_expiration', [ + $name['project'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + + public function testDeleteSecretExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('delete_secret_expiration', [ + $name['project'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + + public function testCreateSecretWithCmek() + { + $kmsKey = getenv('GOOGLE_CLOUD_KMS_KEY'); + if ($kmsKey === false || $kmsKey === '') { + $this->markTestSkipped('GOOGLE_CLOUD_KMS_KEY not set'); + printf('Skipping testCreateSecretWithCmek dependent on GOOGLE_CLOUD_KMS_KEY%s', PHP_EOL); + } + + $name = self::$client->parseName(self::$testSecretWithCMEKToCreateName); + + $output = $this->runFunctionSnippet('create_secret_with_cmek', [ + $name['project'], + $name['secret'], + $kmsKey, + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testCreateSecretWithTopic() + { + if (self::$skipRotationTests) { + $this->markTestSkipped('GOOGLE_CLOUD_PUBSUB_TOPIC not set'); + printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_PUBSUB_TOPIC%s', PHP_EOL); + } + + $name = self::$client->parseName(self::$testSecretWithTopicToCreateName); + + $output = $this->runFunctionSnippet('create_secret_with_topic', [ + $name['project'], + $name['secret'], + self::$testRotationTopic, + ]); + + $this->assertStringContainsString('Created secret', $output); + } }