feat: Rotation for Secrets (#95)

Users can now configure rotation schedules for their secrets. Secret Manager sends messages to PubSub topics configured on the secret based on the provided rotation frequency and rotation time.

Committer: @rlingutla
PiperOrigin-RevId: 365574085

Source-Author: Google APIs <[email protected]>
Source-Date: Mon Mar 29 07:58:13 2021 -0700
Source-Repo: googleapis/googleapis
Source-Sha: 6c7693680fe320b4705dd8500c255843749eb58a
Source-Link: googleapis/googleapis@6c76936

Author: yoshi-automation

packages/google-cloud-secret-manager/google/cloud/secretmanager/__init__.py

@@ -27,6 +27,7 @@
 )
 from google.cloud.secretmanager_v1.types.resources import Replication
 from google.cloud.secretmanager_v1.types.resources import ReplicationStatus
+from google.cloud.secretmanager_v1.types.resources import Rotation
 from google.cloud.secretmanager_v1.types.resources import Secret
 from google.cloud.secretmanager_v1.types.resources import SecretPayload
 from google.cloud.secretmanager_v1.types.resources import SecretVersion
@@ -66,6 +67,7 @@
     "ListSecretsResponse",
     "Replication",
     "ReplicationStatus",
+    "Rotation",
     "Secret",
     "SecretManagerServiceAsyncClient",
     "SecretManagerServiceClient",

packages/google-cloud-secret-manager/google/cloud/secretmanager_v1/__init__.py

@@ -20,6 +20,7 @@
 from .types.resources import CustomerManagedEncryptionStatus
 from .types.resources import Replication
 from .types.resources import ReplicationStatus
+from .types.resources import Rotation
 from .types.resources import Secret
 from .types.resources import SecretPayload
 from .types.resources import SecretVersion
@@ -60,6 +61,7 @@
     "ListSecretsResponse",
     "Replication",
     "ReplicationStatus",
+    "Rotation",
     "Secret",
     "SecretPayload",
     "SecretVersion",

packages/google-cloud-secret-manager/google/cloud/secretmanager_v1/types/__init__.py

@@ -20,6 +20,7 @@
     CustomerManagedEncryptionStatus,
     Replication,
     ReplicationStatus,
+    Rotation,
     Secret,
     SecretPayload,
     SecretVersion,
@@ -48,6 +49,7 @@
     "CustomerManagedEncryptionStatus",
     "Replication",
     "ReplicationStatus",
+    "Rotation",
     "Secret",
     "SecretPayload",
     "SecretVersion",

packages/google-cloud-secret-manager/google/cloud/secretmanager_v1/types/resources.py

@@ -32,6 +32,7 @@
         "ReplicationStatus",
         "CustomerManagedEncryptionStatus",
         "Topic",
+        "Rotation",
         "SecretPayload",
     },
 )
@@ -88,6 +89,10 @@ class Secret(proto.Message):
         ttl (google.protobuf.duration_pb2.Duration):
             Input only. The TTL for the
             [Secret][google.cloud.secretmanager.v1.Secret].
+        rotation (google.cloud.secretmanager_v1.types.Rotation):
+            Optional. Rotation policy attached to the
+            [Secret][google.cloud.secretmanager.v1.Secret]. May be
+            excluded if there is no rotation policy.
     """
 
     name = proto.Field(proto.STRING, number=1)
@@ -108,6 +113,8 @@ class Secret(proto.Message):
         proto.MESSAGE, number=7, oneof="expiration", message=duration.Duration,
     )
 
+    rotation = proto.Field(proto.MESSAGE, number=9, message="Rotation",)
+
 
 class SecretVersion(proto.Message):
     r"""A secret version resource in the Secret Manager API.
@@ -407,6 +414,46 @@ class Topic(proto.Message):
     name = proto.Field(proto.STRING, number=1)
 
 
+class Rotation(proto.Message):
+    r"""The rotation time and period for a
+    [Secret][google.cloud.secretmanager.v1.Secret]. At
+    next_rotation_time, Secret Manager will send a Pub/Sub notification
+    to the topics configured on the Secret.
+    [Secret.topics][google.cloud.secretmanager.v1.Secret.topics] must be
+    set to configure rotation.
+
+    Attributes:
+        next_rotation_time (google.protobuf.timestamp_pb2.Timestamp):
+            Optional. Timestamp in UTC at which the
+            [Secret][google.cloud.secretmanager.v1.Secret] is scheduled
+            to rotate.
+
+            [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time]
+            MUST be set if
+            [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period]
+            is set.
+        rotation_period (google.protobuf.duration_pb2.Duration):
+            Input only. The Duration between rotation notifications.
+            Must be in seconds and at least 3600s (1h) and at most
+            3153600000s (100 years).
+
+            If
+            [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period]
+            is set,
+            [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time]
+            must be set.
+            [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time]
+            will be advanced by this period when the service
+            automatically sends rotation notifications.
+    """
+
+    next_rotation_time = proto.Field(
+        proto.MESSAGE, number=1, message=timestamp.Timestamp,
+    )
+
+    rotation_period = proto.Field(proto.MESSAGE, number=2, message=duration.Duration,)
+
+
 class SecretPayload(proto.Message):
     r"""A secret payload resource in the Secret Manager API. This contains
     the sensitive secret payload that is associated with a

packages/google-cloud-secret-manager/synth.metadata

@@ -4,15 +4,15 @@
       "git": {
         "name": ".",
         "remote": "https://github.com/googleapis/python-secret-manager.git",
-        "sha": "0006fbaf97f1e02217d127d45c85efd4f47cc14a"
+        "sha": "c862bbe5ab67903aa6669fd4a75acf5de1be6f98"
       }
     },
     {
       "git": {
         "name": "googleapis",
         "remote": "https://github.com/googleapis/googleapis.git",
-        "sha": "2124b6251e56e2ec8dd5c47e7d3815d7d5841880",
-        "internalRef": "364422694"
+        "sha": "6c7693680fe320b4705dd8500c255843749eb58a",
+        "internalRef": "365574085"
       }
     },
     {