From c8129acbf2cad15339c6e0ebfc3714975df7784e Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Thu, 21 Nov 2024 13:15:41 -0800 Subject: [PATCH 1/3] feat: update apikey sample for client option support (#2061) --- auth/src/auth_cloud_apikey.php | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/auth/src/auth_cloud_apikey.php b/auth/src/auth_cloud_apikey.php index 02fe09ca3..70ce4351d 100644 --- a/auth/src/auth_cloud_apikey.php +++ b/auth/src/auth_cloud_apikey.php @@ -20,11 +20,10 @@ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/auth/README.md */ -# [START auth_cloud_apikey] +# [START apikeys_authenticate_api_key] namespace Google\Cloud\Samples\Auth; use Google\ApiCore\ApiException; -use Google\ApiCore\InsecureCredentialsWrapper; use Google\ApiCore\PagedListResponse; use Google\Cloud\Vision\V1\Client\ProductSearchClient; use Google\Cloud\Vision\V1\ListProductsRequest; @@ -44,8 +43,7 @@ function auth_cloud_apikey(string $projectId, string $location, string $apiKey): // Create a client. $productSearchClient = new ProductSearchClient([ - // STEP 1: Use an insecure credentials wrapper to bypass the application default credentials. - 'credentials' => new InsecureCredentialsWrapper(), + 'apiKey' => $apiKey, ]); // Prepare the request message. @@ -55,10 +53,7 @@ function auth_cloud_apikey(string $projectId, string $location, string $apiKey): // Call the API and handle any network failures. try { /** @var PagedListResponse $response */ - $response = $productSearchClient->listProducts($request, [ - // STEP 2: Pass in the API key with each RPC call as a "Call Option" - 'headers' => ['x-goog-api-key' => [$apiKey]], - ]); + $response = $productSearchClient->listProducts($request); /** @var Product $element */ foreach ($response as $element) { @@ -68,7 +63,7 @@ function auth_cloud_apikey(string $projectId, string $location, string $apiKey): printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage()); } } -# [END auth_cloud_apikey] +# [END apikeys_authenticate_api_key] // The following 2 lines are only needed to run the samples require_once __DIR__ . '/../../testing/sample_helpers.php'; From 24055232f74807023db981fcedb7b097c26b688f Mon Sep 17 00:00:00 2001 From: Archana Kumari <78868726+archana-9430@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:19:46 +0530 Subject: [PATCH 2/3] feat:Add secretmanager team to code owner (#2063) --- CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/CODEOWNERS b/CODEOWNERS index d51342f6a..934665f8f 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -24,6 +24,7 @@ /firestore/**/*.php @GoogleCloudPlatform/cloud-native-db-dpes @GoogleCloudPlatform/php-samples-reviewers /storage/ @GoogleCloudPlatform/cloud-storage-dpe @GoogleCloudPlatform/php-samples-reviewers /spanner/ @GoogleCloudPlatform/api-spanner @GoogleCloudPlatform/php-samples-reviewers +/secretmanager/ @GoogleCloudPlatform/php-samples-reviewers @GoogleCloudPlatform/cloud-secrets-team # Serverless, Orchestration, DevOps From 0a13650144ca77ae8cea8e2f7844a58e10fc0303 Mon Sep 17 00:00:00 2001 From: Kapish Date: Thu, 12 Dec 2024 21:11:01 +0530 Subject: [PATCH 3/3] feat(secretmanager): add regional secrets samples (#2065) --- secretmanager/composer.json | 2 +- .../src/access_regional_secret_version.php | 71 ++++ .../src/add_regional_secret_version.php | 66 ++++ secretmanager/src/create_regional_secret.php | 65 ++++ ...e_secret_with_user_managed_replication.php | 7 +- secretmanager/src/delete_regional_secret.php | 60 ++++ .../src/destroy_regional_secret_version.php | 67 ++++ .../src/disable_regional_secret_version.php | 67 ++++ .../src/enable_regional_secret_version.php | 67 ++++ secretmanager/src/get_regional_secret.php | 62 ++++ .../src/get_regional_secret_version.php | 71 ++++ .../src/list_regional_secret_versions.php | 61 ++++ secretmanager/src/list_regional_secrets.php | 60 ++++ .../src/regional_iam_grant_access.php | 80 +++++ .../src/regional_iam_revoke_access.php | 83 +++++ secretmanager/src/update_regional_secret.php | 71 ++++ .../src/update_regional_secret_with_alias.php | 71 ++++ .../test/regionalsecretmanagerTest.php | 327 ++++++++++++++++++ 18 files changed, 1355 insertions(+), 3 deletions(-) create mode 100644 secretmanager/src/access_regional_secret_version.php create mode 100644 secretmanager/src/add_regional_secret_version.php create mode 100644 secretmanager/src/create_regional_secret.php create mode 100644 secretmanager/src/delete_regional_secret.php create mode 100644 secretmanager/src/destroy_regional_secret_version.php create mode 100644 secretmanager/src/disable_regional_secret_version.php create mode 100644 secretmanager/src/enable_regional_secret_version.php create mode 100644 secretmanager/src/get_regional_secret.php create mode 100644 secretmanager/src/get_regional_secret_version.php create mode 100644 secretmanager/src/list_regional_secret_versions.php create mode 100644 secretmanager/src/list_regional_secrets.php create mode 100644 secretmanager/src/regional_iam_grant_access.php create mode 100644 secretmanager/src/regional_iam_revoke_access.php create mode 100644 secretmanager/src/update_regional_secret.php create mode 100644 secretmanager/src/update_regional_secret_with_alias.php create mode 100644 secretmanager/test/regionalsecretmanagerTest.php diff --git a/secretmanager/composer.json b/secretmanager/composer.json index c52bc1c5b..ad1f41e13 100644 --- a/secretmanager/composer.json +++ b/secretmanager/composer.json @@ -1,5 +1,5 @@ { "require": { - "google/cloud-secret-manager": "^1.13" + "google/cloud-secret-manager": "^1.15.2" } } diff --git a/secretmanager/src/access_regional_secret_version.php b/secretmanager/src/access_regional_secret_version.php new file mode 100644 index 000000000..93e8a1d03 --- /dev/null +++ b/secretmanager/src/access_regional_secret_version.php @@ -0,0 +1,71 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret version. + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Build the request. + $request = AccessSecretVersionRequest::build($name); + + // Access the secret version. + $response = $client->accessSecretVersion($request); + + // Print the secret payload. + // + // WARNING: Do not print the secret in a production environment - this + // snippet is showing how to access the secret material. + $payload = $response->getPayload()->getData(); + printf('Plaintext: %s', $payload); +} +// [END secretmanager_access_regional_secret_version] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/add_regional_secret_version.php b/secretmanager/src/add_regional_secret_version.php new file mode 100644 index 000000000..54edf72fc --- /dev/null +++ b/secretmanager/src/add_regional_secret_version.php @@ -0,0 +1,66 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the parent secret and the payload. + $parent = $client->projectLocationSecretName($projectId, $locationId, $secretId); + $secretPayload = new SecretPayload([ + 'data' => 'my super secret data', + ]); + + // Build the request. + $request = AddSecretVersionRequest::build($parent, $secretPayload); + + // Access the secret version. + $response = $client->addSecretVersion($request); + + // Print the new secret version name. + printf('Added secret version: %s', $response->getName()); +} +// [END secretmanager_add_regional_secret_version] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_regional_secret.php b/secretmanager/src/create_regional_secret.php new file mode 100644 index 000000000..450667354 --- /dev/null +++ b/secretmanager/src/create_regional_secret.php @@ -0,0 +1,65 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the parent project. + $parent = $client->locationName($projectId, $locationId); + + $secret = new Secret(); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $newSecret = $client->createSecret($request); + + // Print the new secret name. + printf('Created secret: %s', $newSecret->getName()); +} +// [END secretmanager_create_regional_secret] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_secret_with_user_managed_replication.php b/secretmanager/src/create_secret_with_user_managed_replication.php index 9985caccc..bda990f97 100644 --- a/secretmanager/src/create_secret_with_user_managed_replication.php +++ b/secretmanager/src/create_secret_with_user_managed_replication.php @@ -38,8 +38,11 @@ * @param string $secretId Your secret ID (e.g. 'my-secret') * @param array $locations Replication locations (e.g. array('us-east1', 'us-east4')) */ -function create_secret_with_user_managed_replication(string $projectId, string $secretId, array $locations): void -{ +function create_secret_with_user_managed_replication( + string $projectId, + string $secretId, + array $locations +): void { // Create the Secret Manager client. $client = new SecretManagerServiceClient(); diff --git a/secretmanager/src/delete_regional_secret.php b/secretmanager/src/delete_regional_secret.php new file mode 100644 index 000000000..47bbcfdfa --- /dev/null +++ b/secretmanager/src/delete_regional_secret.php @@ -0,0 +1,60 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Build the request. + $request = DeleteSecretRequest::build($name); + + // Delete the secret. + $client->deleteSecret($request); + printf('Deleted secret %s', $secretId); +} +// [END secretmanager_delete_regional_secret] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/destroy_regional_secret_version.php b/secretmanager/src/destroy_regional_secret_version.php new file mode 100644 index 000000000..7fcdc9bd3 --- /dev/null +++ b/secretmanager/src/destroy_regional_secret_version.php @@ -0,0 +1,67 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret version. + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Build the request. + $request = DestroySecretVersionRequest::build($name); + + // Destroy the secret version. + $response = $client->destroySecretVersion($request); + + // Print a success message. + printf('Destroyed secret version: %s', $response->getName()); +} +// [END secretmanager_destroy_regional_secret_version] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/disable_regional_secret_version.php b/secretmanager/src/disable_regional_secret_version.php new file mode 100644 index 000000000..a34f0d7a9 --- /dev/null +++ b/secretmanager/src/disable_regional_secret_version.php @@ -0,0 +1,67 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret version. + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Build the request. + $request = DisableSecretVersionRequest::build($name); + + // Disable the secret version. + $response = $client->disableSecretVersion($request); + + // Print a success message. + printf('Disabled secret version: %s', $response->getName()); +} +// [END secretmanager_disable_regional_secret_version] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/enable_regional_secret_version.php b/secretmanager/src/enable_regional_secret_version.php new file mode 100644 index 000000000..d237d1280 --- /dev/null +++ b/secretmanager/src/enable_regional_secret_version.php @@ -0,0 +1,67 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret version. + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Build the request. + $request = EnableSecretVersionRequest::build($name); + + // Enable the secret version. + $response = $client->enableSecretVersion($request); + + // Print a success message. + printf('Enabled secret version: %s', $response->getName()); +} +// [END secretmanager_enable_regional_secret_version] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/get_regional_secret.php b/secretmanager/src/get_regional_secret.php new file mode 100644 index 000000000..ad0014ad1 --- /dev/null +++ b/secretmanager/src/get_regional_secret.php @@ -0,0 +1,62 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Build the request. + $request = GetSecretRequest::build($name); + + // Get the secret. + $secret = $client->getSecret($request); + + // Print data about the secret. + printf('Got secret %s ', $secret->getName()); +} +// [END secretmanager_get_regional_secret] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/get_regional_secret_version.php b/secretmanager/src/get_regional_secret_version.php new file mode 100644 index 000000000..0e50e2410 --- /dev/null +++ b/secretmanager/src/get_regional_secret_version.php @@ -0,0 +1,71 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret version. + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Build the request. + $request = GetSecretVersionRequest::build($name); + + // Access the secret version. + $response = $client->getSecretVersion($request); + + // Get the state string from the enum. + $state = State::name($response->getState()); + + // Print a success message. + printf('Got secret version %s with state %s', $response->getName(), $state); +} +// [END secretmanager_get_regional_secret_version] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_regional_secret_versions.php b/secretmanager/src/list_regional_secret_versions.php new file mode 100644 index 000000000..3e403ede9 --- /dev/null +++ b/secretmanager/src/list_regional_secret_versions.php @@ -0,0 +1,61 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the parent secret. + $parent = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Build the request. + $request = ListSecretVersionsRequest::build($parent); + + // List all secret versions. + foreach ($client->listSecretVersions($request) as $version) { + printf('Found secret version %s', $version->getName()); + } +} +// [END secretmanager_list_regional_secret_versions] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_regional_secrets.php b/secretmanager/src/list_regional_secrets.php new file mode 100644 index 000000000..b81d9342e --- /dev/null +++ b/secretmanager/src/list_regional_secrets.php @@ -0,0 +1,60 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the parent secret. + $parent = $client->locationName($projectId, $locationId); + + // Build the request. + $request = ListSecretsRequest::build($parent); + + // List all secrets. + foreach ($client->listSecrets($request) as $secret) { + printf('Found secret %s', $secret->getName()); + } +} +// [END secretmanager_list_regional_secrets] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/regional_iam_grant_access.php b/secretmanager/src/regional_iam_grant_access.php new file mode 100644 index 000000000..7142c4cac --- /dev/null +++ b/secretmanager/src/regional_iam_grant_access.php @@ -0,0 +1,80 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Get the current IAM policy. + $policy = $client->getIamPolicy((new GetIamPolicyRequest)->setResource($name)); + + // Update the bindings to include the new member. + $bindings = $policy->getBindings(); + $bindings[] = new Binding([ + 'members' => [$member], + 'role' => 'roles/secretmanager.secretAccessor', + ]); + $policy->setBindings($bindings); + + // Build the request. + $request = (new SetIamPolicyRequest) + ->setResource($name) + ->setPolicy($policy); + + // Save the updated policy to the server. + $client->setIamPolicy($request); + + // Print out a success message. + printf('Updated IAM policy for %s', $secretId); +} +// [END secretmanager_regional_iam_grant_access] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/regional_iam_revoke_access.php b/secretmanager/src/regional_iam_revoke_access.php new file mode 100644 index 000000000..8cfffc9da --- /dev/null +++ b/secretmanager/src/regional_iam_revoke_access.php @@ -0,0 +1,83 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Get the current IAM policy. + $policy = $client->getIamPolicy((new GetIamPolicyRequest)->setResource($name)); + + // Remove the member from the list of bindings. + foreach ($policy->getBindings() as $binding) { + if ($binding->getRole() == 'roles/secretmanager.secretAccessor') { + $members = $binding->getMembers(); + foreach ($members as $i => $existingMember) { + if ($member == $existingMember) { + unset($members[$i]); + $binding->setMembers($members); + break; + } + } + } + } + + // Build the request. + $request = (new SetIamPolicyRequest) + ->setResource($name) + ->setPolicy($policy); + + // Save the updated policy to the server. + $client->setIamPolicy($request); + + // Print out a success message. + printf('Updated IAM policy for %s', $secretId); +} +// [END secretmanager_regional_iam_revoke_access] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_regional_secret.php b/secretmanager/src/update_regional_secret.php new file mode 100644 index 000000000..1e605261a --- /dev/null +++ b/secretmanager/src/update_regional_secret.php @@ -0,0 +1,71 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Update the secret. + $secret = (new Secret()) + ->setName($name) + ->setLabels(['secretmanager' => 'rocks']); + + $updateMask = (new FieldMask()) + ->setPaths(['labels']); + + // Build the request. + $request = UpdateSecretRequest::build($secret, $updateMask); + + $response = $client->updateSecret($request); + + // Print the upated secret. + printf('Updated secret: %s', $response->getName()); +} +// [END secretmanager_update_regional_secret] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_regional_secret_with_alias.php b/secretmanager/src/update_regional_secret_with_alias.php new file mode 100644 index 000000000..b86f0185f --- /dev/null +++ b/secretmanager/src/update_regional_secret_with_alias.php @@ -0,0 +1,71 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + + // Create the Secret Manager client. + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Update the secret. + $secret = (new Secret()) + ->setName($name) + ->setVersionAliases(['test' => '1']); + + $updateMask = (new FieldMask()) + ->setPaths(['version_aliases']); + + // Build the request. + $request = UpdateSecretRequest::build($secret, $updateMask); + + $response = $client->updateSecret($request); + + // Print the upated secret. + printf('Updated secret: %s', $response->getName()); +} +// [END secretmanager_update_regional_secret_with_alias] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php new file mode 100644 index 000000000..80c694620 --- /dev/null +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -0,0 +1,327 @@ + 'secretmanager.' . self::$locationId . '.rep.googleapis.com' ]; + self::$client = new SecretManagerServiceClient($options); + + self::$testSecret = self::createSecret(); + self::$testSecretToDelete = self::createSecret(); + self::$testSecretWithVersions = self::createSecret(); + self::$testSecretToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDisable = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions); + self::disableSecretVersion(self::$testSecretVersionToEnable); + } + + public static function tearDownAfterClass(): void + { + $options = ['apiEndpoint' => 'secretmanager.' . self::$locationId . '.rep.googleapis.com' ]; + self::$client = new SecretManagerServiceClient($options); + + self::deleteSecret(self::$testSecret->getName()); + self::deleteSecret(self::$testSecretToDelete->getName()); + self::deleteSecret(self::$testSecretWithVersions->getName()); + self::deleteSecret(self::$testSecretToCreateName); + } + + private static function randomSecretId(): string + { + return uniqid('php-snippets-'); + } + + private static function createSecret(): Secret + { + $parent = self::$client->locationName(self::$projectId, self::$locationId); + $secretId = self::randomSecretId(); + $createSecretRequest = (new CreateSecretRequest()) + ->setParent($parent) + ->setSecretId($secretId) + ->setSecret(new Secret()); + + return self::$client->createSecret($createSecretRequest); + } + + private static function addSecretVersion(Secret $secret): SecretVersion + { + $addSecretVersionRequest = (new AddSecretVersionRequest()) + ->setParent($secret->getName()) + ->setPayload(new SecretPayload([ + 'data' => 'my super secret data', + ])); + return self::$client->addSecretVersion($addSecretVersionRequest); + } + + private static function disableSecretVersion(SecretVersion $version): SecretVersion + { + $disableSecretVersionRequest = (new DisableSecretVersionRequest()) + ->setName($version->getName()); + return self::$client->disableSecretVersion($disableSecretVersionRequest); + } + + private static function deleteSecret(string $name) + { + try { + $deleteSecretRequest = (new DeleteSecretRequest()) + ->setName($name); + self::$client->deleteSecret($deleteSecretRequest); + } catch (GaxApiException $e) { + if ($e->getStatus() != 'NOT_FOUND') { + throw $e; + } + } + } + + public function testAccessSecretVersion() + { + $name = self::$client->parseName(self::$testSecretVersion->getName()); + + $output = $this->runFunctionSnippet('access_regional_secret_version', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('my super secret data', $output); + } + + public function testAddSecretVersion() + { + $name = self::$client->parseName(self::$testSecretWithVersions->getName()); + + $output = $this->runFunctionSnippet('add_regional_secret_version', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Added secret version', $output); + } + + public function testCreateSecret() + { + $name = self::$client->parseName(self::$testSecretToCreateName); + + $output = $this->runFunctionSnippet('create_regional_secret', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testDeleteSecret() + { + $name = self::$client->parseName(self::$testSecretToDelete->getName()); + + $output = $this->runFunctionSnippet('delete_regional_secret', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Deleted secret', $output); + } + + public function testDestroySecretVersion() + { + $name = self::$client->parseName(self::$testSecretVersionToDestroy->getName()); + + $output = $this->runFunctionSnippet('destroy_regional_secret_version', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Destroyed secret version', $output); + } + + public function testDisableSecretVersion() + { + $name = self::$client->parseName(self::$testSecretVersionToDisable->getName()); + + $output = $this->runFunctionSnippet('disable_regional_secret_version', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Disabled secret version', $output); + } + + public function testEnableSecretVersion() + { + $name = self::$client->parseName(self::$testSecretVersionToEnable->getName()); + + $output = $this->runFunctionSnippet('enable_regional_secret_version', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Enabled secret version', $output); + } + + public function testGetSecretVersion() + { + $name = self::$client->parseName(self::$testSecretVersion->getName()); + + $output = $this->runFunctionSnippet('get_regional_secret_version', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Got secret version', $output); + $this->assertStringContainsString('state ENABLED', $output); + } + + public function testGetSecret() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('get_regional_secret', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('secret', $output); + } + + public function testIamGrantAccess() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('regional_iam_grant_access', [ + $name['project'], + $name['location'], + $name['secret'], + self::$iamUser, + ]); + + $this->assertStringContainsString('Updated IAM policy', $output); + } + + public function testIamRevokeAccess() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('regional_iam_revoke_access', [ + $name['project'], + $name['location'], + $name['secret'], + self::$iamUser, + ]); + + $this->assertStringContainsString('Updated IAM policy', $output); + } + + public function testListSecretVersions() + { + $name = self::$client->parseName(self::$testSecretWithVersions->getName()); + + $output = $this->runFunctionSnippet('list_regional_secret_versions', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('secret version', $output); + } + + public function testListSecrets() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('list_regional_secrets', [ + $name['project'], + $name['location'], + ]); + + $this->assertStringContainsString('secret', $output); + $this->assertStringContainsString($name['secret'], $output); + } + + public function testUpdateSecret() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('update_regional_secret', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + + public function testUpdateSecretWithAlias() + { + $name = self::$client->parseName(self::$testSecretWithVersions->getName()); + + $output = $this->runFunctionSnippet('update_regional_secret_with_alias', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } +}