From a9639a0a9854fd6e1be08bba1ac3897f4f16cb2f Mon Sep 17 00:00:00 2001 From: Google APIs Date: Wed, 19 Feb 2020 09:12:24 -0800 Subject: [PATCH] Add secretmanager.googleapis.com v1 protos PiperOrigin-RevId: 295983266 --- google/cloud/secretmanager/v1/resources.proto | 157 +++++++ .../v1/secretmanager_grpc_service_config.json | 83 ++++ .../secretmanager/v1/secretmanager_v1.yaml | 25 ++ google/cloud/secretmanager/v1/service.proto | 417 ++++++++++++++++++ 4 files changed, 682 insertions(+) create mode 100644 google/cloud/secretmanager/v1/resources.proto create mode 100644 google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json create mode 100644 google/cloud/secretmanager/v1/secretmanager_v1.yaml create mode 100644 google/cloud/secretmanager/v1/service.proto diff --git a/google/cloud/secretmanager/v1/resources.proto b/google/cloud/secretmanager/v1/resources.proto new file mode 100644 index 00000000..2b150957 --- /dev/null +++ b/google/cloud/secretmanager/v1/resources.proto @@ -0,0 +1,157 @@ +// Copyright 2019 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.secretmanager.v1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/timestamp.proto"; +import "google/api/annotations.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.SecretManager.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/secretmanager/v1;secretmanager"; +option java_multiple_files = true; +option java_outer_classname = "ResourcesProto"; +option java_package = "com.google.cloud.secretmanager.v1"; +option objc_class_prefix = "GSM"; +option php_namespace = "Google\\Cloud\\SecretManager\\V1"; +option ruby_package = "Google::Cloud::SecretManager::V1"; + +// A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can +// be accessed. +// +// A [Secret][google.cloud.secretmanager.v1.Secret] is made up of zero or more [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] that +// represent the secret data. +message Secret { + option (google.api.resource) = { + type: "secretmanager.googleapis.com/Secret" + pattern: "projects/{project}/secrets/{secret}" + }; + + // Output only. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] in the format `projects/*/secrets/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Required. Immutable. The replication policy of the secret data attached to the [Secret][google.cloud.secretmanager.v1.Secret]. + // + // The replication policy cannot be changed after the Secret has been created. + Replication replication = 2 [ + (google.api.field_behavior) = IMMUTABLE, + (google.api.field_behavior) = REQUIRED + ]; + + // Output only. The time at which the [Secret][google.cloud.secretmanager.v1.Secret] was created. + google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // The labels assigned to this Secret. + // + // Label keys must be between 1 and 63 characters long, have a UTF-8 encoding + // of maximum 128 bytes, and must conform to the following PCRE regular + // expression: `[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}` + // + // Label values must be between 0 and 63 characters long, have a UTF-8 + // encoding of maximum 128 bytes, and must conform to the following PCRE + // regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` + // + // No more than 64 labels can be assigned to a given resource. + map labels = 4; +} + +// A secret version resource in the Secret Manager API. +message SecretVersion { + option (google.api.resource) = { + type: "secretmanager.googleapis.com/SecretVersion" + pattern: "projects/{project}/secrets/{secret}/versions/{secret_version}" + }; + + // The state of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion], indicating if it can be accessed. + enum State { + // Not specified. This value is unused and invalid. + STATE_UNSPECIFIED = 0; + + // The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] may be accessed. + ENABLED = 1; + + // The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] may not be accessed, but the secret data + // is still available and can be placed back into the [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED] + // state. + DISABLED = 2; + + // The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] is destroyed and the secret data is no longer + // stored. A version may not leave this state once entered. + DESTROYED = 3; + } + + // Output only. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the + // format `projects/*/secrets/*/versions/*`. + // + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] IDs in a [Secret][google.cloud.secretmanager.v1.Secret] start at 1 and + // are incremented for each subsequent version of the secret. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was created. + google.protobuf.Timestamp create_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was destroyed. + // Only present if [state][google.cloud.secretmanager.v1.SecretVersion.state] is + // [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED]. + google.protobuf.Timestamp destroy_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The current state of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A policy that defines the replication configuration of data. +message Replication { + // A replication policy that replicates the [Secret][google.cloud.secretmanager.v1.Secret] payload without any + // restrictions. + message Automatic { + + } + + // A replication policy that replicates the [Secret][google.cloud.secretmanager.v1.Secret] payload into the + // locations specified in [Secret.replication.user_managed.replicas][] + message UserManaged { + // Represents a Replica for this [Secret][google.cloud.secretmanager.v1.Secret]. + message Replica { + // The canonical IDs of the location to replicate data. + // For example: `"us-east1"`. + string location = 1; + } + + // Required. The list of Replicas for this [Secret][google.cloud.secretmanager.v1.Secret]. + // + // Cannot be empty. + repeated Replica replicas = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // The replication policy for this secret. + oneof replication { + // The [Secret][google.cloud.secretmanager.v1.Secret] will automatically be replicated without any restrictions. + Automatic automatic = 1; + + // The [Secret][google.cloud.secretmanager.v1.Secret] will only be replicated into the locations specified. + UserManaged user_managed = 2; + } +} + +// A secret payload resource in the Secret Manager API. This contains the +// sensitive secret data that is associated with a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. +message SecretPayload { + // The secret data. Must be no larger than 64KiB. + bytes data = 1; +} diff --git a/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json b/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json new file mode 100644 index 00000000..5574d48f --- /dev/null +++ b/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json @@ -0,0 +1,83 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "ListSecrets" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "CreateSecret" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "AddSecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "GetSecret" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "UpdateSecret" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "DeleteSecret" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "ListSecretVersions" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "GetSecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "DisableSecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "EnableSecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "DestroySecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "SetIamPolicy" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "GetIamPolicy" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "TestIamPermissions" + } + ], + "timeout": "60s" + }, + { + "name": [ + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "AccessSecretVersion" + } + ], + "timeout": "60s", + "retryPolicy": { + "initialBackoff": "1s", + "maxBackoff": "60s", + "backoffMultiplier": 1.3, + "retryableStatusCodes": [ + "UNAVAILABLE", + "UNKNOWN" + ] + } + } + ] +} diff --git a/google/cloud/secretmanager/v1/secretmanager_v1.yaml b/google/cloud/secretmanager/v1/secretmanager_v1.yaml new file mode 100644 index 00000000..c8bf3631 --- /dev/null +++ b/google/cloud/secretmanager/v1/secretmanager_v1.yaml @@ -0,0 +1,25 @@ +type: google.api.Service +config_version: 3 +name: secretmanager.googleapis.com +title: Secret Manager API + +apis: +- name: google.cloud.secretmanager.v1.SecretManagerService + +documentation: + summary: |- + Stores and manages access to application secrets. Provides convenience + while improving security. + overview: Secret Manager Overview + +backend: + rules: + - selector: 'google.cloud.secretmanager.v1.SecretManagerService.*' + deadline: 10.0 + +authentication: + rules: + - selector: 'google.cloud.secretmanager.v1.SecretManagerService.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/google/cloud/secretmanager/v1/service.proto b/google/cloud/secretmanager/v1/service.proto new file mode 100644 index 00000000..0dc89d6f --- /dev/null +++ b/google/cloud/secretmanager/v1/service.proto @@ -0,0 +1,417 @@ +// Copyright 2019 Google LLC. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package google.cloud.secretmanager.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/secretmanager/v1/resources.proto"; +import "google/iam/v1/iam_policy.proto"; +import "google/iam/v1/policy.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/field_mask.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.SecretManager.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/secretmanager/v1;secretmanager"; +option java_multiple_files = true; +option java_outer_classname = "ServiceProto"; +option java_package = "com.google.cloud.secretmanager.v1"; +option objc_class_prefix = "GSM"; +option php_namespace = "Google\\Cloud\\SecretManager\\V1"; +option ruby_package = "Google::Cloud::SecretManager::V1"; + +// `projects/*/secrets/*/versions/latest` is an alias to the `latest` +// [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + +// Secret Manager Service +// +// Manages secrets and operations using those secrets. Implements a REST +// model with the following objects: +// +// * [Secret][google.cloud.secretmanager.v1.Secret] +// * [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] +service SecretManagerService { + option (google.api.default_host) = "secretmanager.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Lists [Secrets][google.cloud.secretmanager.v1.Secret]. + rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*}/secrets" + }; + option (google.api.method_signature) = "parent"; + } + + // Creates a new [Secret][google.cloud.secretmanager.v1.Secret] containing no [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + rpc CreateSecret(CreateSecretRequest) returns (Secret) { + option (google.api.http) = { + post: "/v1/{parent=projects/*}/secrets" + body: "secret" + }; + option (google.api.method_signature) = "parent,secret_id,secret"; + } + + // Creates a new [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] containing secret data and attaches + // it to an existing [Secret][google.cloud.secretmanager.v1.Secret]. + rpc AddSecretVersion(AddSecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/secrets/*}:addVersion" + body: "*" + }; + option (google.api.method_signature) = "parent,payload"; + } + + // Gets metadata for a given [Secret][google.cloud.secretmanager.v1.Secret]. + rpc GetSecret(GetSecretRequest) returns (Secret) { + option (google.api.http) = { + get: "/v1/{name=projects/*/secrets/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Updates metadata of an existing [Secret][google.cloud.secretmanager.v1.Secret]. + rpc UpdateSecret(UpdateSecretRequest) returns (Secret) { + option (google.api.http) = { + patch: "/v1/{secret.name=projects/*/secrets/*}" + body: "secret" + }; + option (google.api.method_signature) = "secret,update_mask"; + } + + // Deletes a [Secret][google.cloud.secretmanager.v1.Secret]. + rpc DeleteSecret(DeleteSecretRequest) returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1/{name=projects/*/secrets/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Lists [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. This call does not return secret + // data. + rpc ListSecretVersions(ListSecretVersionsRequest) returns (ListSecretVersionsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/secrets/*}/versions" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets metadata for a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + // + // `projects/*/secrets/*/versions/latest` is an alias to the `latest` + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + rpc GetSecretVersion(GetSecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + get: "/v1/{name=projects/*/secrets/*/versions/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Accesses a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. This call returns the secret data. + // + // `projects/*/secrets/*/versions/latest` is an alias to the `latest` + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + rpc AccessSecretVersion(AccessSecretVersionRequest) returns (AccessSecretVersionResponse) { + option (google.api.http) = { + get: "/v1/{name=projects/*/secrets/*/versions/*}:access" + }; + option (google.api.method_signature) = "name"; + } + + // Disables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + // + // Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to + // [DISABLED][google.cloud.secretmanager.v1.SecretVersion.State.DISABLED]. + rpc DisableSecretVersion(DisableSecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/secrets/*/versions/*}:disable" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Enables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + // + // Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to + // [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED]. + rpc EnableSecretVersion(EnableSecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/secrets/*/versions/*}:enable" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Destroys a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + // + // Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to + // [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED] and irrevocably destroys the + // secret data. + rpc DestroySecretVersion(DestroySecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/secrets/*/versions/*}:destroy" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Sets the access control policy on the specified secret. Replaces any + // existing policy. + // + // Permissions on [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] are enforced according + // to the policy set on the associated [Secret][google.cloud.secretmanager.v1.Secret]. + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/secrets/*}:setIamPolicy" + body: "*" + }; + } + + // Gets the access control policy for a secret. + // Returns empty policy if the secret exists and does not have a policy set. + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + get: "/v1/{resource=projects/*/secrets/*}:getIamPolicy" + }; + } + + // Returns permissions that a caller has for the specified secret. + // If the secret does not exist, this call returns an empty set of + // permissions, not a NOT_FOUND error. + // + // Note: This operation is designed to be used for building permission-aware + // UIs and command-line tools, not for authorization checking. This operation + // may "fail open" without warning. + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/secrets/*}:testIamPermissions" + body: "*" + }; + } +} + +// Request message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. +message ListSecretsRequest { + // Required. The resource name of the project associated with the + // [Secrets][google.cloud.secretmanager.v1.Secret], in the format `projects/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } + ]; + + // Optional. The maximum number of results to be returned in a single page. If + // set to 0, the server decides the number of results to return. If the + // number is greater than 25000, it is capped at 25000. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Pagination token, returned earlier via + // [ListSecretsResponse.next_page_token][google.cloud.secretmanager.v1.ListSecretsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. +message ListSecretsResponse { + // The list of [Secrets][google.cloud.secretmanager.v1.Secret] sorted in reverse by create_time (newest + // first). + repeated Secret secrets = 1; + + // A token to retrieve the next page of results. Pass this value in + // [ListSecretsRequest.page_token][google.cloud.secretmanager.v1.ListSecretsRequest.page_token] to retrieve the next page. + string next_page_token = 2; + + // The total number of [Secrets][google.cloud.secretmanager.v1.Secret]. + int32 total_size = 3; +} + +// Request message for [SecretManagerService.CreateSecret][google.cloud.secretmanager.v1.SecretManagerService.CreateSecret]. +message CreateSecretRequest { + // Required. The resource name of the project to associate with the + // [Secret][google.cloud.secretmanager.v1.Secret], in the format `projects/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } + ]; + + // Required. This must be unique within the project. + string secret_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. A [Secret][google.cloud.secretmanager.v1.Secret] with initial field values. + Secret secret = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion]. +message AddSecretVersionRequest { + // Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to associate with the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format `projects/*/secrets/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/Secret" + } + ]; + + // Required. The secret payload of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + SecretPayload payload = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for [SecretManagerService.GetSecret][google.cloud.secretmanager.v1.SecretManagerService.GetSecret]. +message GetSecretRequest { + // Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret], in the format `projects/*/secrets/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/Secret" + } + ]; +} + +// Request message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. +message ListSecretVersionsRequest { + // Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] associated with the + // [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] to list, in the format + // `projects/*/secrets/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/Secret" + } + ]; + + // Optional. The maximum number of results to be returned in a single page. If + // set to 0, the server decides the number of results to return. If the + // number is greater than 25000, it is capped at 25000. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Pagination token, returned earlier via + // ListSecretVersionsResponse.next_page_token][]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. +message ListSecretVersionsResponse { + // The list of [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] sorted in reverse by + // create_time (newest first). + repeated SecretVersion versions = 1; + + // A token to retrieve the next page of results. Pass this value in + // [ListSecretVersionsRequest.page_token][google.cloud.secretmanager.v1.ListSecretVersionsRequest.page_token] to retrieve the next page. + string next_page_token = 2; + + // The total number of [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + int32 total_size = 3; +} + +// Request message for [SecretManagerService.GetSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.GetSecretVersion]. +message GetSecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format + // `projects/*/secrets/*/versions/*`. + // `projects/*/secrets/*/versions/latest` is an alias to the `latest` + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; +} + +// Request message for [SecretManagerService.UpdateSecret][google.cloud.secretmanager.v1.SecretManagerService.UpdateSecret]. +message UpdateSecretRequest { + // Required. [Secret][google.cloud.secretmanager.v1.Secret] with updated field values. + Secret secret = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. Specifies the fields to be updated. + google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion]. +message AccessSecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; +} + +// Response message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion]. +message AccessSecretVersionResponse { + // The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [(google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + }]; + + // Secret payload + SecretPayload payload = 2; +} + +// Request message for [SecretManagerService.DeleteSecret][google.cloud.secretmanager.v1.SecretManagerService.DeleteSecret]. +message DeleteSecretRequest { + // Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to delete in the format + // `projects/*/secrets/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/Secret" + } + ]; +} + +// Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DisableSecretVersion]. +message DisableSecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to disable in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; +} + +// Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.EnableSecretVersion]. +message EnableSecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to enable in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; +} + +// Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DestroySecretVersion]. +message DestroySecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to destroy in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; +}