From ac81cd038be8309c69116df8a06bd5e5387e1ced Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Tue, 27 Jan 2026 15:46:05 +0530 Subject: [PATCH 01/11] feat(secretmanager): Add samples for listing secrets and versions with filters --- ...t_regional_secret_versions_with_filter.php | 57 +++++++++++++++++++ .../src/list_regional_secrets_with_filter.php | 56 ++++++++++++++++++ .../src/list_secret_versions_with_filter.php | 55 ++++++++++++++++++ .../src/list_secrets_with_filter.php | 54 ++++++++++++++++++ .../test/regionalsecretmanagerTest.php | 32 +++++++++++ secretmanager/test/secretmanagerTest.php | 30 ++++++++++ 6 files changed, 284 insertions(+) create mode 100644 secretmanager/src/list_regional_secret_versions_with_filter.php create mode 100644 secretmanager/src/list_regional_secrets_with_filter.php create mode 100644 secretmanager/src/list_secret_versions_with_filter.php create mode 100644 secretmanager/src/list_secrets_with_filter.php diff --git a/secretmanager/src/list_regional_secret_versions_with_filter.php b/secretmanager/src/list_regional_secret_versions_with_filter.php new file mode 100644 index 0000000000..23c391b37f --- /dev/null +++ b/secretmanager/src/list_regional_secret_versions_with_filter.php @@ -0,0 +1,57 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $parent = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + $request = ListSecretVersionsRequest::build($parent)->setFilter($filter); + + foreach ($client->listSecretVersions($request) as $version) { + printf('Found secret version %s' . PHP_EOL, $version->getName()); + } +} +// [END secretmanager_list_regional_secret_versions_with_filter] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/list_regional_secrets_with_filter.php b/secretmanager/src/list_regional_secrets_with_filter.php new file mode 100644 index 0000000000..978816e902 --- /dev/null +++ b/secretmanager/src/list_regional_secrets_with_filter.php @@ -0,0 +1,56 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $parent = $client->locationName($projectId, $locationId); + + $request = ListSecretsRequest::build($parent)->setFilter($filter); + + foreach ($client->listSecrets($request) as $secret) { + printf('Found secret %s' . PHP_EOL, $secret->getName()); + } +} +// [END secretmanager_list_regional_secrets_with_filter] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/list_secret_versions_with_filter.php b/secretmanager/src/list_secret_versions_with_filter.php new file mode 100644 index 0000000000..17dac9544b --- /dev/null +++ b/secretmanager/src/list_secret_versions_with_filter.php @@ -0,0 +1,55 @@ +secretName($projectId, $secretId); + + $request = ListSecretVersionsRequest::build($parent)->setFilter($filter); + + foreach ($client->listSecretVersions($request) as $version) { + printf('Found secret version %s' . PHP_EOL, $version->getName()); + } +} +// [END secretmanager_list_secret_versions_with_filter] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/list_secrets_with_filter.php b/secretmanager/src/list_secrets_with_filter.php new file mode 100644 index 0000000000..6468c58001 --- /dev/null +++ b/secretmanager/src/list_secrets_with_filter.php @@ -0,0 +1,54 @@ +projectName($projectId); + + $request = ListSecretsRequest::build($parent)->setFilter($filter); + + foreach ($client->listSecrets($request) as $secret) { + printf('Found secret %s' . PHP_EOL, $secret->getName()); + } +} +// [END secretmanager_list_secrets_with_filter] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php index 18c9c97ac5..c85008eff1 100644 --- a/secretmanager/test/regionalsecretmanagerTest.php +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -405,6 +405,23 @@ public function testIamRevokeAccess() $this->assertStringContainsString('Updated IAM policy', $output); } + public function testListSecretVersionsWithFilter() + { + $name = self::$client->parseName(self::$testSecretWithVersions->getName()); + + // Filter for enabled versions. + $filter = 'state = ENABLED'; + + $output = $this->runFunctionSnippet('list_regional_secret_versions_with_filter', [ + $name['project'], + $name['location'], + $name['secret'], + $filter, + ]); + + $this->assertStringContainsString('Found secret version', $output); + } + public function testListSecretVersions() { $name = self::$client->parseName(self::$testSecretWithVersions->getName()); @@ -418,6 +435,21 @@ public function testListSecretVersions() $this->assertStringContainsString('secret version', $output); } + public function testListSecretsWithFilter() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $filter = 'name:' . $name['secret']; + + $output = $this->runFunctionSnippet('list_regional_secrets_with_filter', [ + $name['project'], + $name['location'], + $filter, + ]); + + $this->assertStringContainsString('Found secret', $output); + } + public function testListSecrets() { $name = self::$client->parseName(self::$testSecret->getName()); diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php index 11b9dd3bd6..c7826a91e6 100644 --- a/secretmanager/test/secretmanagerTest.php +++ b/secretmanager/test/secretmanagerTest.php @@ -414,6 +414,22 @@ public function testIamRevokeAccess() $this->assertStringContainsString('Updated IAM policy', $output); } + public function testListSecretVersionsWithFilter() + { + $name = self::$client->parseName(self::$testSecretWithVersions->getName()); + + // Filter for enabled versions. + $filter = 'state = ENABLED'; + + $output = $this->runFunctionSnippet('list_secret_versions_with_filter', [ + $name['project'], + $name['secret'], + $filter, + ]); + + $this->assertStringContainsString('Found secret version', $output); + } + public function testListSecretVersions() { $name = self::$client->parseName(self::$testSecretWithVersions->getName()); @@ -426,6 +442,20 @@ public function testListSecretVersions() $this->assertStringContainsString('secret version', $output); } + public function testListSecretsWithFilter() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $filter = 'name:' . $name['secret']; + + $output = $this->runFunctionSnippet('list_secrets_with_filter', [ + $name['project'], + $filter, + ]); + + $this->assertStringContainsString('Found secret', $output); + } + public function testListSecrets() { $name = self::$client->parseName(self::$testSecret->getName()); From d6f157282eeaa11bb9fe6c8b4ac63f0edfe338b1 Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Thu, 29 Jan 2026 12:18:01 +0530 Subject: [PATCH 02/11] Adding new line at end as per gemini in filter tests --- secretmanager/src/list_regional_secret_versions_with_filter.php | 2 +- secretmanager/src/list_regional_secrets_with_filter.php | 2 +- secretmanager/src/list_secret_versions_with_filter.php | 2 +- secretmanager/src/list_secrets_with_filter.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/secretmanager/src/list_regional_secret_versions_with_filter.php b/secretmanager/src/list_regional_secret_versions_with_filter.php index 23c391b37f..c86bb03a71 100644 --- a/secretmanager/src/list_regional_secret_versions_with_filter.php +++ b/secretmanager/src/list_regional_secret_versions_with_filter.php @@ -54,4 +54,4 @@ function list_regional_secret_versions_with_filter(string $projectId, string $lo // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_regional_secrets_with_filter.php b/secretmanager/src/list_regional_secrets_with_filter.php index 978816e902..9f83f7fcb9 100644 --- a/secretmanager/src/list_regional_secrets_with_filter.php +++ b/secretmanager/src/list_regional_secrets_with_filter.php @@ -53,4 +53,4 @@ function list_regional_secrets_with_filter(string $projectId, string $locationId // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_secret_versions_with_filter.php b/secretmanager/src/list_secret_versions_with_filter.php index 17dac9544b..d6fb6c2866 100644 --- a/secretmanager/src/list_secret_versions_with_filter.php +++ b/secretmanager/src/list_secret_versions_with_filter.php @@ -52,4 +52,4 @@ function list_secret_versions_with_filter(string $projectId, string $secretId, s // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/list_secrets_with_filter.php b/secretmanager/src/list_secrets_with_filter.php index 6468c58001..2d07bed0d2 100644 --- a/secretmanager/src/list_secrets_with_filter.php +++ b/secretmanager/src/list_secrets_with_filter.php @@ -51,4 +51,4 @@ function list_secrets_with_filter(string $projectId, string $filter): void // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); From 598200ec1eae63d8b0c1cd4fa6d011daea1e349c Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Tue, 27 Jan 2026 16:21:25 +0530 Subject: [PATCH 03/11] feat(secretmanager): Add samples for ETag-based secret and secret version operations --- .../src/delete_regional_secret_using_etag.php | 67 ++++++++++++++ .../src/delete_secret_using_etag.php | 65 ++++++++++++++ ...roy_regional_secret_version_using_etag.php | 63 +++++++++++++ .../src/destroy_secret_version_using_etag.php | 61 +++++++++++++ ...ble_regional_secret_version_using_etag.php | 63 +++++++++++++ .../src/disable_secret_version_using_etag.php | 61 +++++++++++++ ...ble_regional_secret_version_using_etag.php | 63 +++++++++++++ .../src/enable_secret_version_using_etag.php | 61 +++++++++++++ .../src/update_regional_secret_using_etag.php | 80 +++++++++++++++++ .../src/update_secret_using_etag.php | 81 +++++++++++++++++ .../test/regionalsecretmanagerTest.php | 89 +++++++++++++++++-- secretmanager/test/secretmanagerTest.php | 75 ++++++++++++++++ 12 files changed, 824 insertions(+), 5 deletions(-) create mode 100644 secretmanager/src/delete_regional_secret_using_etag.php create mode 100644 secretmanager/src/delete_secret_using_etag.php create mode 100644 secretmanager/src/destroy_regional_secret_version_using_etag.php create mode 100644 secretmanager/src/destroy_secret_version_using_etag.php create mode 100644 secretmanager/src/disable_regional_secret_version_using_etag.php create mode 100644 secretmanager/src/disable_secret_version_using_etag.php create mode 100644 secretmanager/src/enable_regional_secret_version_using_etag.php create mode 100644 secretmanager/src/enable_secret_version_using_etag.php create mode 100644 secretmanager/src/update_regional_secret_using_etag.php create mode 100644 secretmanager/src/update_secret_using_etag.php diff --git a/secretmanager/src/delete_regional_secret_using_etag.php b/secretmanager/src/delete_regional_secret_using_etag.php new file mode 100644 index 0000000000..5cfc4353cf --- /dev/null +++ b/secretmanager/src/delete_regional_secret_using_etag.php @@ -0,0 +1,67 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Get the current secret to read the etag. + $getRequest = GetSecretRequest::build($name); + $current = $client->getSecret($getRequest); + + $etag = $current->getEtag(); + + // Build the delete request with the etag. + $deleteRequest = (new DeleteSecretRequest()) + ->setName($name) + ->setEtag($etag); + + // Delete the secret. + $client->deleteSecret($deleteRequest); + + printf('Deleted secret %s' . PHP_EOL, $secretId); +} +// [END secretmanager_delete_regional_secret_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/delete_secret_using_etag.php b/secretmanager/src/delete_secret_using_etag.php new file mode 100644 index 0000000000..d720d7f550 --- /dev/null +++ b/secretmanager/src/delete_secret_using_etag.php @@ -0,0 +1,65 @@ +secretName($projectId, $secretId); + + // Get the current secret to read the etag. + $getRequest = GetSecretRequest::build($name); + $current = $client->getSecret($getRequest); + + $etag = $current->getEtag(); + + // Build the delete request with the etag. + $deleteRequest = (new DeleteSecretRequest()) + ->setName($name) + ->setEtag($etag); + + // Delete the secret. + $client->deleteSecret($deleteRequest); + + printf('Deleted secret %s' . PHP_EOL, $secretId); +} +// [END secretmanager_delete_secret_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/destroy_regional_secret_version_using_etag.php b/secretmanager/src/destroy_regional_secret_version_using_etag.php new file mode 100644 index 0000000000..1274b1395f --- /dev/null +++ b/secretmanager/src/destroy_regional_secret_version_using_etag.php @@ -0,0 +1,63 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = DestroySecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->destroySecretVersion($request); + + printf('Destroyed secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_destroy_regional_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/destroy_secret_version_using_etag.php b/secretmanager/src/destroy_secret_version_using_etag.php new file mode 100644 index 0000000000..e17eaf691a --- /dev/null +++ b/secretmanager/src/destroy_secret_version_using_etag.php @@ -0,0 +1,61 @@ +secretVersionName($projectId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = DestroySecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->destroySecretVersion($request); + + printf('Destroyed secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_destroy_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/disable_regional_secret_version_using_etag.php b/secretmanager/src/disable_regional_secret_version_using_etag.php new file mode 100644 index 0000000000..5f8d6e6856 --- /dev/null +++ b/secretmanager/src/disable_regional_secret_version_using_etag.php @@ -0,0 +1,63 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = DisableSecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->disableSecretVersion($request); + + printf('Disabled secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_disable_regional_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/disable_secret_version_using_etag.php b/secretmanager/src/disable_secret_version_using_etag.php new file mode 100644 index 0000000000..7dab2f4a48 --- /dev/null +++ b/secretmanager/src/disable_secret_version_using_etag.php @@ -0,0 +1,61 @@ +secretVersionName($projectId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = DisableSecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->disableSecretVersion($request); + + printf('Disabled secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_disable_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/enable_regional_secret_version_using_etag.php b/secretmanager/src/enable_regional_secret_version_using_etag.php new file mode 100644 index 0000000000..824f9d2482 --- /dev/null +++ b/secretmanager/src/enable_regional_secret_version_using_etag.php @@ -0,0 +1,63 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = EnableSecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->enableSecretVersion($request); + + printf('Enabled secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_enable_regional_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/enable_secret_version_using_etag.php b/secretmanager/src/enable_secret_version_using_etag.php new file mode 100644 index 0000000000..3726377e4b --- /dev/null +++ b/secretmanager/src/enable_secret_version_using_etag.php @@ -0,0 +1,61 @@ +secretVersionName($projectId, $secretId, $versionId); + + // Read current etag for the version. + $getRequest = GetSecretVersionRequest::build($name); + $current = $client->getSecretVersion($getRequest); + $etag = $current->getEtag(); + + $request = EnableSecretVersionRequest::build($name)->setEtag($etag); + + $response = $client->enableSecretVersion($request); + + printf('Enabled secret version: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_enable_secret_version_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/update_regional_secret_using_etag.php b/secretmanager/src/update_regional_secret_using_etag.php new file mode 100644 index 0000000000..349a8e955e --- /dev/null +++ b/secretmanager/src/update_regional_secret_using_etag.php @@ -0,0 +1,80 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + $getRequest = GetSecretRequest::build($name); + $current = $client->getSecret($getRequest); + + $etag = $current->getEtag(); + + // Prepare the secret with the updated labels and the stored etag. + $secret = (new Secret()) + ->setName($name) + ->setLabels([$labelKey => $labelValue]) + ->setEtag($etag); + + // Only update the labels field. + $updateMask = (new FieldMask())->setPaths(['labels']); + + // Build and send the update request. + $request = UpdateSecretRequest::build($secret, $updateMask); + + $response = $client->updateSecret($request); + + printf('Updated secret using etag: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_update_regional_secret_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/update_secret_using_etag.php b/secretmanager/src/update_secret_using_etag.php new file mode 100644 index 0000000000..1908e4fd04 --- /dev/null +++ b/secretmanager/src/update_secret_using_etag.php @@ -0,0 +1,81 @@ +secretName($projectId, $secretId); + + // Get the current secret to read the etag. + $getRequest = GetSecretRequest::build($name); + $current = $client->getSecret($getRequest); + + $etag = $current->getEtag(); + + // Prepare the secret with the updated labels and the stored etag. + $secret = (new Secret()) + ->setName($name) + ->setLabels([$labelKey => $labelValue]) + ->setEtag($etag); + + // Only update the labels field. + $updateMask = (new FieldMask())->setPaths(['labels']); + + // Build and send the update request. + $request = UpdateSecretRequest::build($secret, $updateMask); + + $response = $client->updateSecret($request); + + printf('Updated secret using etag: %s' . PHP_EOL, $response->getName()); +} +// [END secretmanager_update_secret_using_etag] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php index c85008eff1..f9242fe8c3 100644 --- a/secretmanager/test/regionalsecretmanagerTest.php +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -56,6 +56,9 @@ class regionalsecretmanagerTest extends TestCase private static $testSecretVersionToDestroy; private static $testSecretVersionToDisable; private static $testSecretVersionToEnable; + private static $testSecretVersionToDestroyWithETag; + private static $testSecretVersionToDisableWithETag; + private static $testSecretVersionToEnableWithETag; private static $testSecretWithTagToCreateName; private static $testSecretBindTagToCreateName; private static $testSecretWithLabelsToCreateName; @@ -86,17 +89,22 @@ public static function setUpBeforeClass(): void self::$testSecretToDelete = self::createSecret(); self::$testSecretWithVersions = self::createSecret(); self::$testSecretToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); - self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); - self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); - self::$testSecretVersionToDisable = self::addSecretVersion(self::$testSecretWithVersions); - self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretWithTagToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretBindTagToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithLabelsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithAnnotationsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithDelayedDestroyToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + + self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDisable = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions); self::disableSecretVersion(self::$testSecretVersionToEnable); - + self::$testSecretVersionToDestroyWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDisableWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToEnableWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::disableSecretVersion(self::$testSecretVersionToEnableWithETag); + self::$testTagKey = self::createTagKey(self::randomSecretId()); self::$testTagValue = self::createTagValue(self::randomSecretId()); } @@ -294,6 +302,20 @@ public function testCreateSecret() $this->assertStringContainsString('Created secret', $output); } + public function testDeleteSecretUsingEtag() + { + $secret = self::createSecret(); + $name = self::$client->parseName($secret->getName()); + + $output = $this->runFunctionSnippet('delete_regional_secret_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Deleted secret', $output); + } + public function testDeleteSecret() { $name = self::$client->parseName(self::$testSecretToDelete->getName()); @@ -307,6 +329,20 @@ public function testDeleteSecret() $this->assertStringContainsString('Deleted secret', $output); } + public function testDestroySecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToDestroyWithETag->getName()); + + $output = $this->runFunctionSnippet('destroy_regional_secret_version_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Destroyed secret version', $output); + } + public function testDestroySecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToDestroy->getName()); @@ -321,6 +357,20 @@ public function testDestroySecretVersion() $this->assertStringContainsString('Destroyed secret version', $output); } + public function testDisableSecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToDisableWithETag->getName()); + + $output = $this->runFunctionSnippet('disable_regional_secret_version_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Disabled secret version', $output); + } + public function testDisableSecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToDisable->getName()); @@ -335,6 +385,20 @@ public function testDisableSecretVersion() $this->assertStringContainsString('Disabled secret version', $output); } + public function testEnableSecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToEnableWithETag->getName()); + + $output = $this->runFunctionSnippet('enable_regional_secret_version_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Enabled secret version', $output); + } + public function testEnableSecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToEnable->getName()); @@ -463,6 +527,21 @@ public function testListSecrets() $this->assertStringContainsString($name['secret'], $output); } + public function testUpdateSecretUsingEtag() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('update_regional_secret_using_etag', [ + $name['project'], + $name['location'], + $name['secret'], + 'etaglabel', + 'etagvalue', + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + public function testUpdateSecret() { $name = self::$client->parseName(self::$testSecret->getName()); diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php index c7826a91e6..36330eedb9 100644 --- a/secretmanager/test/secretmanagerTest.php +++ b/secretmanager/test/secretmanagerTest.php @@ -59,6 +59,9 @@ class secretmanagerTest extends TestCase private static $testSecretVersionToDestroy; private static $testSecretVersionToDisable; private static $testSecretVersionToEnable; + private static $testSecretVersionToDestroyWithETag; + private static $testSecretVersionToDisableWithETag; + private static $testSecretVersionToEnableWithETag; private static $testSecretWithTagToCreateName; private static $testSecretBindTagToCreateName; private static $testSecretWithLabelsToCreateName; @@ -100,6 +103,11 @@ public static function setUpBeforeClass(): void self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions); self::disableSecretVersion(self::$testSecretVersionToEnable); + self::$testSecretVersionToDestroyWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToDisableWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::$testSecretVersionToEnableWithETag = self::addSecretVersion(self::$testSecretWithVersions); + self::disableSecretVersion(self::$testSecretVersionToEnableWithETag); + self::$testTagKey = self::createTagKey(self::randomSecretId()); self::$testTagValue = self::createTagValue(self::randomSecretId()); } @@ -310,6 +318,20 @@ public function testCreateSecretWithUserManagedReplication() $this->assertStringContainsString('Created secret', $output); } + public function testDeleteSecretUsingEtag() + { + // Create a fresh secret to delete with etag. + $secret = self::createSecret(); + $name = self::$client->parseName($secret->getName()); + + $output = $this->runFunctionSnippet('delete_secret_using_etag', [ + $name['project'], + $name['secret'], + ]); + + $this->assertStringContainsString('Deleted secret', $output); + } + public function testDeleteSecret() { $name = self::$client->parseName(self::$testSecretToDelete->getName()); @@ -322,6 +344,19 @@ public function testDeleteSecret() $this->assertStringContainsString('Deleted secret', $output); } + public function testDestroySecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToDestroyWithETag->getName()); + + $output = $this->runFunctionSnippet('destroy_secret_version_using_etag', [ + $name['project'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Destroyed secret version', $output); + } + public function testDestroySecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToDestroy->getName()); @@ -335,6 +370,19 @@ public function testDestroySecretVersion() $this->assertStringContainsString('Destroyed secret version', $output); } + public function testDisableSecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToDisableWithETag->getName()); + + $output = $this->runFunctionSnippet('disable_secret_version_using_etag', [ + $name['project'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Disabled secret version', $output); + } + public function testDisableSecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToDisable->getName()); @@ -348,6 +396,19 @@ public function testDisableSecretVersion() $this->assertStringContainsString('Disabled secret version', $output); } + public function testEnableSecretVersionUsingEtag() + { + $name = self::$client->parseName(self::$testSecretVersionToEnableWithETag->getName()); + + $output = $this->runFunctionSnippet('enable_secret_version_using_etag', [ + $name['project'], + $name['secret'], + $name['secret_version'], + ]); + + $this->assertStringContainsString('Enabled secret version', $output); + } + public function testEnableSecretVersion() { $name = self::$client->parseName(self::$testSecretVersionToEnable->getName()); @@ -468,6 +529,20 @@ public function testListSecrets() $this->assertStringContainsString($name['secret'], $output); } + public function testUpdateSecretUsingEtag() + { + $name = self::$client->parseName(self::$testSecret->getName()); + + $output = $this->runFunctionSnippet('update_secret_using_etag', [ + $name['project'], + $name['secret'], + 'etaglabel', + 'etagvalue', + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + public function testUpdateSecret() { $name = self::$client->parseName(self::$testSecret->getName()); From 503860f8fc5ccf0596da0896ff8902a54e90bd1b Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Thu, 29 Jan 2026 12:22:32 +0530 Subject: [PATCH 04/11] Add newline at end as per gemini suggestion in etag samples --- secretmanager/src/delete_regional_secret_using_etag.php | 2 +- secretmanager/src/delete_secret_using_etag.php | 2 +- .../src/destroy_regional_secret_version_using_etag.php | 2 +- secretmanager/src/destroy_secret_version_using_etag.php | 2 +- .../src/disable_regional_secret_version_using_etag.php | 2 +- secretmanager/src/disable_secret_version_using_etag.php | 2 +- secretmanager/src/enable_regional_secret_version_using_etag.php | 2 +- secretmanager/src/enable_secret_version_using_etag.php | 2 +- secretmanager/src/update_regional_secret_using_etag.php | 2 +- secretmanager/src/update_secret_using_etag.php | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/secretmanager/src/delete_regional_secret_using_etag.php b/secretmanager/src/delete_regional_secret_using_etag.php index 5cfc4353cf..fb3a8c4b84 100644 --- a/secretmanager/src/delete_regional_secret_using_etag.php +++ b/secretmanager/src/delete_regional_secret_using_etag.php @@ -64,4 +64,4 @@ function delete_regional_secret_using_etag(string $projectId, string $locationId // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/delete_secret_using_etag.php b/secretmanager/src/delete_secret_using_etag.php index d720d7f550..2f845625cf 100644 --- a/secretmanager/src/delete_secret_using_etag.php +++ b/secretmanager/src/delete_secret_using_etag.php @@ -62,4 +62,4 @@ function delete_secret_using_etag(string $projectId, string $secretId): void // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/destroy_regional_secret_version_using_etag.php b/secretmanager/src/destroy_regional_secret_version_using_etag.php index 1274b1395f..457490e72e 100644 --- a/secretmanager/src/destroy_regional_secret_version_using_etag.php +++ b/secretmanager/src/destroy_regional_secret_version_using_etag.php @@ -60,4 +60,4 @@ function destroy_regional_secret_version_using_etag(string $projectId, string $l // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/destroy_secret_version_using_etag.php b/secretmanager/src/destroy_secret_version_using_etag.php index e17eaf691a..a8b31d3230 100644 --- a/secretmanager/src/destroy_secret_version_using_etag.php +++ b/secretmanager/src/destroy_secret_version_using_etag.php @@ -58,4 +58,4 @@ function destroy_secret_version_using_etag(string $projectId, string $secretId, // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/disable_regional_secret_version_using_etag.php b/secretmanager/src/disable_regional_secret_version_using_etag.php index 5f8d6e6856..ffb5a3c6e4 100644 --- a/secretmanager/src/disable_regional_secret_version_using_etag.php +++ b/secretmanager/src/disable_regional_secret_version_using_etag.php @@ -60,4 +60,4 @@ function disable_regional_secret_version_using_etag(string $projectId, string $l // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/disable_secret_version_using_etag.php b/secretmanager/src/disable_secret_version_using_etag.php index 7dab2f4a48..44240b44f8 100644 --- a/secretmanager/src/disable_secret_version_using_etag.php +++ b/secretmanager/src/disable_secret_version_using_etag.php @@ -58,4 +58,4 @@ function disable_secret_version_using_etag(string $projectId, string $secretId, // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/enable_regional_secret_version_using_etag.php b/secretmanager/src/enable_regional_secret_version_using_etag.php index 824f9d2482..df423f5413 100644 --- a/secretmanager/src/enable_regional_secret_version_using_etag.php +++ b/secretmanager/src/enable_regional_secret_version_using_etag.php @@ -60,4 +60,4 @@ function enable_regional_secret_version_using_etag(string $projectId, string $lo // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/enable_secret_version_using_etag.php b/secretmanager/src/enable_secret_version_using_etag.php index 3726377e4b..82668c8832 100644 --- a/secretmanager/src/enable_secret_version_using_etag.php +++ b/secretmanager/src/enable_secret_version_using_etag.php @@ -58,4 +58,4 @@ function enable_secret_version_using_etag(string $projectId, string $secretId, s // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_regional_secret_using_etag.php b/secretmanager/src/update_regional_secret_using_etag.php index 349a8e955e..5566c1c9dc 100644 --- a/secretmanager/src/update_regional_secret_using_etag.php +++ b/secretmanager/src/update_regional_secret_using_etag.php @@ -77,4 +77,4 @@ function update_regional_secret_using_etag(string $projectId, string $locationId // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_secret_using_etag.php b/secretmanager/src/update_secret_using_etag.php index 1908e4fd04..7a1ca198fe 100644 --- a/secretmanager/src/update_secret_using_etag.php +++ b/secretmanager/src/update_secret_using_etag.php @@ -78,4 +78,4 @@ function update_secret_using_etag(string $projectId, string $secretId, string $l // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); From b06787f8d238e8509f0084da453828963b5ac3f6 Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Wed, 28 Jan 2026 11:38:21 +0530 Subject: [PATCH 05/11] feat(secretmanager): Added samples for creating and managing secrets with expiration TTL --- ...create_regional_secret_with_expiration.php | 69 ++++++++++++++++ .../src/create_secret_with_expiration.php | 74 ++++++++++++++++++ .../src/delete_regional_secret_expiration.php | 74 ++++++++++++++++++ .../src/delete_secret_expiration.php | 72 +++++++++++++++++ ...update_regional_secret_with_expiration.php | 78 +++++++++++++++++++ .../src/update_secret_with_expiration.php | 77 ++++++++++++++++++ .../test/regionalsecretmanagerTest.php | 44 ++++++++++- secretmanager/test/secretmanagerTest.php | 39 ++++++++++ 8 files changed, 526 insertions(+), 1 deletion(-) create mode 100644 secretmanager/src/create_regional_secret_with_expiration.php create mode 100644 secretmanager/src/create_secret_with_expiration.php create mode 100644 secretmanager/src/delete_regional_secret_expiration.php create mode 100644 secretmanager/src/delete_secret_expiration.php create mode 100644 secretmanager/src/update_regional_secret_with_expiration.php create mode 100644 secretmanager/src/update_secret_with_expiration.php diff --git a/secretmanager/src/create_regional_secret_with_expiration.php b/secretmanager/src/create_regional_secret_with_expiration.php new file mode 100644 index 0000000000..48f100ad1f --- /dev/null +++ b/secretmanager/src/create_regional_secret_with_expiration.php @@ -0,0 +1,69 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the parent project. + $parent = $client->locationName($projectId, $locationId); + + $duration = new Duration(); + $duration->setSeconds(3600); // 1 hour TTL in seconds + + $secret = new Secret(); + $secret->setTtl($duration); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $newSecret = $client->createSecret($request); + + // Print the new secret name. + printf('Created secret %s with expiration' . PHP_EOL, $newSecret->getName()); +} +// [END secretmanager_create_regional_secret_with_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/create_secret_with_expiration.php b/secretmanager/src/create_secret_with_expiration.php new file mode 100644 index 0000000000..5cd8b85d17 --- /dev/null +++ b/secretmanager/src/create_secret_with_expiration.php @@ -0,0 +1,74 @@ +projectName($projectId); + + $secret = new Secret([ + 'replication' => new Replication([ + 'automatic' => new Automatic(), + ]), + ]); + + $duration = new Duration(); + $duration->setSeconds(3600); // 1 hour TTL in seconds + + $secret->setTtl($duration); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $newSecret = $client->createSecret($request); + + // Print the new secret name. + printf('Created secret %s with expiration', $newSecret->getName()); +} +// [END secretmanager_create_secret_with_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/delete_regional_secret_expiration.php b/secretmanager/src/delete_regional_secret_expiration.php new file mode 100644 index 0000000000..89762a3ebd --- /dev/null +++ b/secretmanager/src/delete_regional_secret_expiration.php @@ -0,0 +1,74 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Build the secret with only the name — leaving ttl unset clears it when used with an update mask. + $secret = new Secret([ + 'name' => $name, + ]); + + // Set the field mask to clear the ttl field. + $fieldMask = new FieldMask(); + $fieldMask->setPaths(['ttl']); + + // Build the request. + $request = new UpdateSecretRequest(); + $request->setSecret($secret); + $request->setUpdateMask($fieldMask); + + // Update the secret. + $newSecret = $client->updateSecret($request); + + // Print the new secret name. + printf('Updated secret: %s', $newSecret->getName()); +} +// [END secretmanager_delete_regional_secret_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/delete_secret_expiration.php b/secretmanager/src/delete_secret_expiration.php new file mode 100644 index 0000000000..8fa6afa46e --- /dev/null +++ b/secretmanager/src/delete_secret_expiration.php @@ -0,0 +1,72 @@ +secretName($projectId, $secretId); + + // Build the secret with only the name — leaving ttl unset clears it when used with an update mask. + $secret = new Secret([ + 'name' => $name, + ]); + + // Set the field mask to clear the ttl field. + $fieldMask = new FieldMask(); + $fieldMask->setPaths(['ttl']); + + // Build the request. + $request = new UpdateSecretRequest(); + $request->setSecret($secret); + $request->setUpdateMask($fieldMask); + + // Update the secret. + $newSecret = $client->updateSecret($request); + + // Print the new secret name. + printf('Updated secret: %s', $newSecret->getName()); +} +// [END secretmanager_delete_secret_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/update_regional_secret_with_expiration.php b/secretmanager/src/update_regional_secret_with_expiration.php new file mode 100644 index 0000000000..910903b1a1 --- /dev/null +++ b/secretmanager/src/update_regional_secret_with_expiration.php @@ -0,0 +1,78 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + // Build the resource name of the secret. + $name = $client->projectLocationSecretName($projectId, $locationId, $secretId); + + // Build the secret with the new TTL. + $secret = new Secret([ + 'name' => $name, + 'ttl' => new Duration([ + 'seconds' => 7200, // Set TTL to 2 hours. + ]) + ]); + + // Set the field mask to update only the ttl field. + $fieldMask = new FieldMask(); + $fieldMask->setPaths(['ttl']); + + // Build the request. + $request = new UpdateSecretRequest(); + $request->setSecret($secret); + $request->setUpdateMask($fieldMask); + + // Update the secret. + $newSecret = $client->updateSecret($request); + + // Print the new secret name. + printf('Updated secret: %s', $newSecret->getName()); +} +// [END secretmanager_update_regional_secret_with_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/update_secret_with_expiration.php b/secretmanager/src/update_secret_with_expiration.php new file mode 100644 index 0000000000..3334c28a6e --- /dev/null +++ b/secretmanager/src/update_secret_with_expiration.php @@ -0,0 +1,77 @@ +secretName($projectId, $secretId); + + // Build the secret with the new TTL. + $secret = new Secret([ + 'name' => $name, + 'ttl' => new Duration([ + 'seconds' => 7200, // Set TTL to 2 hours. + ]) + ]); + + // Set the field mask to update only the ttl field. + $fieldMask = new FieldMask(); + $fieldMask->setPaths(['ttl']); + + // Build the request. + $request = new UpdateSecretRequest(); + $request->setSecret($secret); + $request->setUpdateMask($fieldMask); + + // Update the secret. + $newSecret = $client->updateSecret($request); + + // Print the new secret name. + printf('Updated secret: %s', $newSecret->getName()); +} +// [END secretmanager_update_secret_with_expiration] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php index f9242fe8c3..debce5b678 100644 --- a/secretmanager/test/regionalsecretmanagerTest.php +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -64,6 +64,7 @@ class regionalsecretmanagerTest extends TestCase private static $testSecretWithLabelsToCreateName; private static $testSecretWithAnnotationsToCreateName; private static $testSecretWithDelayedDestroyToCreateName; + private static $testSecretWithExpirationToCreateName; private static $iamUser = 'user:kapishsingh@google.com'; private static $locationId = 'us-central1'; @@ -94,7 +95,8 @@ public static function setUpBeforeClass(): void self::$testSecretWithLabelsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithAnnotationsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithDelayedDestroyToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); - + self::$testSecretWithExpirationToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretVersionToDisable = self::addSecretVersion(self::$testSecretWithVersions); @@ -123,6 +125,7 @@ public static function tearDownAfterClass(): void self::deleteSecret(self::$testSecretWithLabelsToCreateName); self::deleteSecret(self::$testSecretWithAnnotationsToCreateName); self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName); + self::deleteSecret(self::$testSecretWithExpirationToCreateName); sleep(15); // Added a sleep to wait for the tag unbinding self::deleteTagValue(); self::deleteTagKey(); @@ -760,4 +763,43 @@ public function testUpdateSecretWithDelayedDestroyed() $secret = self::getSecret($name['project'], $name['location'], $name['secret']); $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds()); } + + public function testCreateSecretWithExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('create_regional_secret_with_expiration', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testUpdateSecretWithExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('update_regional_secret_with_expiration', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + + public function testDeleteSecretExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('delete_regional_secret_expiration', [ + $name['project'], + $name['location'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } } diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php index 36330eedb9..b3affd5480 100644 --- a/secretmanager/test/secretmanagerTest.php +++ b/secretmanager/test/secretmanagerTest.php @@ -67,6 +67,7 @@ class secretmanagerTest extends TestCase private static $testSecretWithLabelsToCreateName; private static $testSecretWithAnnotationsToCreateName; private static $testSecretWithDelayedDestroyToCreateName; + private static $testSecretWithExpirationToCreateName; private static $iamUser = 'user:sethvargo@google.com'; private static $testLabelKey = 'test-label-key'; @@ -96,6 +97,7 @@ public static function setUpBeforeClass(): void self::$testSecretWithLabelsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretWithAnnotationsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretWithDelayedDestroyToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); + self::$testSecretWithExpirationToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); @@ -124,6 +126,7 @@ public static function tearDownAfterClass(): void self::deleteSecret(self::$testSecretWithLabelsToCreateName); self::deleteSecret(self::$testSecretWithAnnotationsToCreateName); self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName); + self::deleteSecret(self::$testSecretWithExpirationToCreateName); sleep(15); // Added a sleep to wait for the tag unbinding self::deleteTagValue(); self::deleteTagKey(); @@ -747,4 +750,40 @@ public function testUpdateSecretWithDelayedDestroyed() $secret = self::getSecret($name['project'], $name['secret']); $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds()); } + + public function testCreateSecretWithExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('create_secret_with_expiration', [ + $name['project'], + $name['secret'], + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testUpdateSecretWithExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('update_secret_with_expiration', [ + $name['project'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } + + public function testDeleteSecretExpiration() + { + $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName); + + $output = $this->runFunctionSnippet('delete_secret_expiration', [ + $name['project'], + $name['secret'], + ]); + + $this->assertStringContainsString('Updated secret', $output); + } } From b4b4021057958b00e2b6b87f8bda24e76a167d1a Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Wed, 28 Jan 2026 12:13:38 +0530 Subject: [PATCH 06/11] Resolving comments from gemini code review --- secretmanager/src/create_regional_secret_with_expiration.php | 2 +- secretmanager/src/create_secret_with_expiration.php | 2 +- secretmanager/src/delete_regional_secret_expiration.php | 2 +- secretmanager/src/delete_secret_expiration.php | 2 +- secretmanager/src/update_regional_secret_with_expiration.php | 2 +- secretmanager/src/update_secret_with_expiration.php | 2 +- secretmanager/test/regionalsecretmanagerTest.php | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/secretmanager/src/create_regional_secret_with_expiration.php b/secretmanager/src/create_regional_secret_with_expiration.php index 48f100ad1f..7acf2a8fbb 100644 --- a/secretmanager/src/create_regional_secret_with_expiration.php +++ b/secretmanager/src/create_regional_secret_with_expiration.php @@ -60,7 +60,7 @@ function create_regional_secret_with_expiration(string $projectId, string $locat $newSecret = $client->createSecret($request); // Print the new secret name. - printf('Created secret %s with expiration' . PHP_EOL, $newSecret->getName()); + printf('Created secret: %s%s', $newSecret->getName(), PHP_EOL); } // [END secretmanager_create_regional_secret_with_expiration] diff --git a/secretmanager/src/create_secret_with_expiration.php b/secretmanager/src/create_secret_with_expiration.php index 5cd8b85d17..11c7bd47fb 100644 --- a/secretmanager/src/create_secret_with_expiration.php +++ b/secretmanager/src/create_secret_with_expiration.php @@ -65,7 +65,7 @@ function create_secret_with_expiration(string $projectId, string $secretId): voi $newSecret = $client->createSecret($request); // Print the new secret name. - printf('Created secret %s with expiration', $newSecret->getName()); + printf('Created secret: %s%s', $newSecret->getName(), PHP_EOL); } // [END secretmanager_create_secret_with_expiration] diff --git a/secretmanager/src/delete_regional_secret_expiration.php b/secretmanager/src/delete_regional_secret_expiration.php index 89762a3ebd..743535076f 100644 --- a/secretmanager/src/delete_regional_secret_expiration.php +++ b/secretmanager/src/delete_regional_secret_expiration.php @@ -65,7 +65,7 @@ function delete_regional_secret_expiration(string $projectId, string $locationId $newSecret = $client->updateSecret($request); // Print the new secret name. - printf('Updated secret: %s', $newSecret->getName()); + printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL); } // [END secretmanager_delete_regional_secret_expiration] diff --git a/secretmanager/src/delete_secret_expiration.php b/secretmanager/src/delete_secret_expiration.php index 8fa6afa46e..b3f3364b5e 100644 --- a/secretmanager/src/delete_secret_expiration.php +++ b/secretmanager/src/delete_secret_expiration.php @@ -63,7 +63,7 @@ function delete_secret_expiration(string $projectId, string $secretId): void $newSecret = $client->updateSecret($request); // Print the new secret name. - printf('Updated secret: %s', $newSecret->getName()); + printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL); } // [END secretmanager_delete_secret_expiration] diff --git a/secretmanager/src/update_regional_secret_with_expiration.php b/secretmanager/src/update_regional_secret_with_expiration.php index 910903b1a1..16051caff2 100644 --- a/secretmanager/src/update_regional_secret_with_expiration.php +++ b/secretmanager/src/update_regional_secret_with_expiration.php @@ -69,7 +69,7 @@ function update_regional_secret_with_expiration(string $projectId, string $locat $newSecret = $client->updateSecret($request); // Print the new secret name. - printf('Updated secret: %s', $newSecret->getName()); + printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL); } // [END secretmanager_update_regional_secret_with_expiration] diff --git a/secretmanager/src/update_secret_with_expiration.php b/secretmanager/src/update_secret_with_expiration.php index 3334c28a6e..b8b2014cc1 100644 --- a/secretmanager/src/update_secret_with_expiration.php +++ b/secretmanager/src/update_secret_with_expiration.php @@ -68,7 +68,7 @@ function update_secret_with_expiration(string $projectId, string $secretId): voi $newSecret = $client->updateSecret($request); // Print the new secret name. - printf('Updated secret: %s', $newSecret->getName()); + printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL); } // [END secretmanager_update_secret_with_expiration] diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php index debce5b678..68e80e5567 100644 --- a/secretmanager/test/regionalsecretmanagerTest.php +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -106,7 +106,7 @@ public static function setUpBeforeClass(): void self::$testSecretVersionToDisableWithETag = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretVersionToEnableWithETag = self::addSecretVersion(self::$testSecretWithVersions); self::disableSecretVersion(self::$testSecretVersionToEnableWithETag); - + self::$testTagKey = self::createTagKey(self::randomSecretId()); self::$testTagValue = self::createTagValue(self::randomSecretId()); } From c583f7b3709c58b01a58357ac1b5b6cab1ca1194 Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Wed, 28 Jan 2026 16:02:59 +0530 Subject: [PATCH 07/11] Resolved gemini code review suggestions --- .../src/create_regional_secret_with_expiration.php | 2 +- secretmanager/src/create_secret_with_expiration.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/secretmanager/src/create_regional_secret_with_expiration.php b/secretmanager/src/create_regional_secret_with_expiration.php index 7acf2a8fbb..414220fb04 100644 --- a/secretmanager/src/create_regional_secret_with_expiration.php +++ b/secretmanager/src/create_regional_secret_with_expiration.php @@ -32,7 +32,7 @@ use Google\Protobuf\Duration; /** - * Create a regional secret with expiration TTL (as a Timestamp expiration). + * Create a regional secret with expiration TTL. * * @param string $projectId Google Cloud project id (e.g. 'my-project') * @param string $locationId Secret location (e.g. 'us-central1') diff --git a/secretmanager/src/create_secret_with_expiration.php b/secretmanager/src/create_secret_with_expiration.php index 11c7bd47fb..0c9f93940b 100644 --- a/secretmanager/src/create_secret_with_expiration.php +++ b/secretmanager/src/create_secret_with_expiration.php @@ -34,10 +34,10 @@ use Google\Protobuf\Duration; /** - * Create a secret with expiration TTL (as a Timestamp expiration). + * Create a secret with expiration TTL. * - * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project') - * @param string $secretId Your secret ID (e.g. 'my-secret') + * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project') + * @param string $secretId Your secret ID (e.g. 'my-secret') */ function create_secret_with_expiration(string $projectId, string $secretId): void { From 27e665dbf7c6da3d38c9abff587b3d567a07cfea Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Thu, 29 Jan 2026 12:25:04 +0530 Subject: [PATCH 08/11] Add newline at end as per gemini suggetions in expiration tests --- secretmanager/src/create_regional_secret_with_expiration.php | 2 +- secretmanager/src/create_secret_with_expiration.php | 2 +- secretmanager/src/delete_regional_secret_expiration.php | 2 +- secretmanager/src/delete_secret_expiration.php | 2 +- secretmanager/src/update_regional_secret_with_expiration.php | 2 +- secretmanager/src/update_secret_with_expiration.php | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/secretmanager/src/create_regional_secret_with_expiration.php b/secretmanager/src/create_regional_secret_with_expiration.php index 414220fb04..241698d6f9 100644 --- a/secretmanager/src/create_regional_secret_with_expiration.php +++ b/secretmanager/src/create_regional_secret_with_expiration.php @@ -66,4 +66,4 @@ function create_regional_secret_with_expiration(string $projectId, string $locat // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_secret_with_expiration.php b/secretmanager/src/create_secret_with_expiration.php index 0c9f93940b..0a12dd7a02 100644 --- a/secretmanager/src/create_secret_with_expiration.php +++ b/secretmanager/src/create_secret_with_expiration.php @@ -71,4 +71,4 @@ function create_secret_with_expiration(string $projectId, string $secretId): voi // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/delete_regional_secret_expiration.php b/secretmanager/src/delete_regional_secret_expiration.php index 743535076f..d07339c04d 100644 --- a/secretmanager/src/delete_regional_secret_expiration.php +++ b/secretmanager/src/delete_regional_secret_expiration.php @@ -71,4 +71,4 @@ function delete_regional_secret_expiration(string $projectId, string $locationId // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/delete_secret_expiration.php b/secretmanager/src/delete_secret_expiration.php index b3f3364b5e..18be08d38b 100644 --- a/secretmanager/src/delete_secret_expiration.php +++ b/secretmanager/src/delete_secret_expiration.php @@ -69,4 +69,4 @@ function delete_secret_expiration(string $projectId, string $secretId): void // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_regional_secret_with_expiration.php b/secretmanager/src/update_regional_secret_with_expiration.php index 16051caff2..dde51e4e41 100644 --- a/secretmanager/src/update_regional_secret_with_expiration.php +++ b/secretmanager/src/update_regional_secret_with_expiration.php @@ -75,4 +75,4 @@ function update_regional_secret_with_expiration(string $projectId, string $locat // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/update_secret_with_expiration.php b/secretmanager/src/update_secret_with_expiration.php index b8b2014cc1..b6f34961cd 100644 --- a/secretmanager/src/update_secret_with_expiration.php +++ b/secretmanager/src/update_secret_with_expiration.php @@ -74,4 +74,4 @@ function update_secret_with_expiration(string $projectId, string $secretId): voi // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); From 0d298856dc8e7690726928b6ea26d969c406367a Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Wed, 28 Jan 2026 15:37:17 +0530 Subject: [PATCH 09/11] feat(secretmanager): Add samples for creating secrets with CMEK and Pub/Sub topics --- secretmanager/README.md | 8 ++- .../src/create_regional_secret_with_cmek.php | 67 +++++++++++++++++ .../src/create_regional_secret_with_topic.php | 65 +++++++++++++++++ secretmanager/src/create_secret_with_cmek.php | 71 +++++++++++++++++++ .../src/create_secret_with_topic.php | 68 ++++++++++++++++++ .../test/regionalsecretmanagerTest.php | 57 +++++++++++++++ secretmanager/test/secretmanagerTest.php | 55 ++++++++++++++ 7 files changed, 390 insertions(+), 1 deletion(-) create mode 100644 secretmanager/src/create_regional_secret_with_cmek.php create mode 100644 secretmanager/src/create_regional_secret_with_topic.php create mode 100644 secretmanager/src/create_secret_with_cmek.php create mode 100644 secretmanager/src/create_secret_with_topic.php diff --git a/secretmanager/README.md b/secretmanager/README.md index b4d04ebfe3..89460bd319 100644 --- a/secretmanager/README.md +++ b/secretmanager/README.md @@ -14,7 +14,13 @@ This simple command-line application demonstrates how to invoke 1. **Enable APIs** - [Enable the Secret Manager API](https://console.cloud.google.com/flows/enableapi?apiid=secretmanager.googleapis.com) - and create a new project or select an existing project. + and create a new project or select an existing project. To run the rotation tests, you will need to [Create a Pub/Sub topic](https://cloud.google.com/pubsub/docs/create-topic). CMEK related test cases need separate [KMS key](https://cloud.google.com/kms/docs/create-key) for global and regional tests. + + Set the following environment variables: + + - GOOGLE_CLOUD_PUBSUB_TOPIC - Full name of topic (projects/{project}/topics/{topic}). + - GOOGLE_CLOUD_KMS_KEY - Full name of global KMS key (projects/{project}/locations/global/keyRings/{keyring}/cryptoKeys/{key}). + - GOOGLE_CLOUD_REGIONAL_KMS_KEY - Full name of regional KMS key (projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}). 1. **Download The Credentials** - Click "Go to credentials" after enabling the APIs. Click "New Credentials" and select "Service Account Key". Create a new diff --git a/secretmanager/src/create_regional_secret_with_cmek.php b/secretmanager/src/create_regional_secret_with_cmek.php new file mode 100644 index 0000000000..ff0c95f8e7 --- /dev/null +++ b/secretmanager/src/create_regional_secret_with_cmek.php @@ -0,0 +1,67 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $parent = $client->locationName($projectId, $locationId); + + $cmek = new CustomerManagedEncryption([ + 'kms_key_name' => $kmsKeyName, + ]); + + $secret = new Secret([ + 'customer_managed_encryption' => $cmek + ]); + + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + $created = $client->createSecret($request); + + printf('Created secret %s with CMEK %s%s', $created->getName(), $kmsKeyName, PHP_EOL); +} +// [END secretmanager_create_regional_secret_with_cmek] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/create_regional_secret_with_topic.php b/secretmanager/src/create_regional_secret_with_topic.php new file mode 100644 index 0000000000..fc4428dc49 --- /dev/null +++ b/secretmanager/src/create_regional_secret_with_topic.php @@ -0,0 +1,65 @@ + "secretmanager.$locationId.rep.googleapis.com"]; + $client = new SecretManagerServiceClient($options); + + $parent = $client->locationName($projectId, $locationId); + + $secret = new Secret([ + 'topics' => [new Topic(['name' => $topicName])], + ]); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $created = $client->createSecret($request); + + printf('Created secret %s with topic %s%s', $created->getName(), $topicName, PHP_EOL); +} +// [END secretmanager_create_regional_secret_with_topic] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/create_secret_with_cmek.php b/secretmanager/src/create_secret_with_cmek.php new file mode 100644 index 0000000000..0a77e74820 --- /dev/null +++ b/secretmanager/src/create_secret_with_cmek.php @@ -0,0 +1,71 @@ +projectName($projectId); + + $cmek = new CustomerManagedEncryption([ + 'kms_key_name' => $kmsKeyName, + ]); + + $secret = new Secret([ + 'replication' => new Replication([ + 'automatic' => new Automatic([ + 'customer_managed_encryption' => $cmek, + ]), + ]), + ]); + + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + $created = $client->createSecret($request); + + printf('Created secret %s with CMEK %s%s', $created->getName(), $kmsKeyName, PHP_EOL); +} +// [END secretmanager_create_secret_with_cmek] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/src/create_secret_with_topic.php b/secretmanager/src/create_secret_with_topic.php new file mode 100644 index 0000000000..164b18d4b5 --- /dev/null +++ b/secretmanager/src/create_secret_with_topic.php @@ -0,0 +1,68 @@ +projectName($projectId); + + $secret = new Secret([ + 'replication' => new Replication([ + 'automatic' => new Automatic(), + ]), + 'topics' => [new Topic(['name' => $topicName])], + ]); + + // Build the request. + $request = CreateSecretRequest::build($parent, $secretId, $secret); + + // Create the secret. + $created = $client->createSecret($request); + + printf('Created secret %s with topic %s%s', $created->getName(), $topicName, PHP_EOL); +} +// [END secretmanager_create_secret_with_topic] + +// The following 2 lines are only needed to execute the samples on the CLI +require_once __DIR__ . '/../../testing/sample_helpers.php'; +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php index 68e80e5567..09de871ac4 100644 --- a/secretmanager/test/regionalsecretmanagerTest.php +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -65,6 +65,8 @@ class regionalsecretmanagerTest extends TestCase private static $testSecretWithAnnotationsToCreateName; private static $testSecretWithDelayedDestroyToCreateName; private static $testSecretWithExpirationToCreateName; + private static $testSecretWithCMEKToCreateName; + private static $testSecretWithTopicToCreateName; private static $iamUser = 'user:kapishsingh@google.com'; private static $locationId = 'us-central1'; @@ -79,6 +81,9 @@ class regionalsecretmanagerTest extends TestCase private static $testTagKey; private static $testTagValue; + private static $skipRotationTests = false; + private static $testRotationTopic; + public static function setUpBeforeClass(): void { $options = ['apiEndpoint' => 'secretmanager.' . self::$locationId . '.rep.googleapis.com' ]; @@ -96,6 +101,8 @@ public static function setUpBeforeClass(): void self::$testSecretWithAnnotationsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithDelayedDestroyToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretWithExpirationToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + self::$testSecretWithCMEKToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); + self::$testSecretWithTopicToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId()); self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); @@ -109,6 +116,15 @@ public static function setUpBeforeClass(): void self::$testTagKey = self::createTagKey(self::randomSecretId()); self::$testTagValue = self::createTagValue(self::randomSecretId()); + + // GOOGLE_CLOUD_PUBSUB_TOPIC (projects/{project}/topics/{topic}). + $envTopic = getenv('GOOGLE_CLOUD_PUBSUB_TOPIC'); + if ($envTopic === false || $envTopic === '') { + self::$skipRotationTests = true; + printf('Skipping tests dependent on GOOGLE_CLOUD_PUBSUB_TOPIC as it is not set.%s', PHP_EOL); + } else { + self::$testRotationTopic = $envTopic; + } } public static function tearDownAfterClass(): void @@ -126,6 +142,8 @@ public static function tearDownAfterClass(): void self::deleteSecret(self::$testSecretWithAnnotationsToCreateName); self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName); self::deleteSecret(self::$testSecretWithExpirationToCreateName); + self::deleteSecret(self::$testSecretWithCMEKToCreateName); + self::deleteSecret(self::$testSecretWithTopicToCreateName); sleep(15); // Added a sleep to wait for the tag unbinding self::deleteTagValue(); self::deleteTagKey(); @@ -802,4 +820,43 @@ public function testDeleteSecretExpiration() $this->assertStringContainsString('Updated secret', $output); } + + public function testCreateSecretWithCmek() + { + $kmsKey = getenv('GOOGLE_CLOUD_REGIONAL_KMS_KEY'); + if ($kmsKey === false || $kmsKey === '') { + $this->markTestSkipped('GOOGLE_CLOUD_KMS_KEY not set'); + printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_KMS_KEY%s', PHP_EOL); + } + + $name = self::$client->parseName(self::$testSecretWithCMEKToCreateName); + + $output = $this->runFunctionSnippet('create_regional_secret_with_cmek', [ + $name['project'], + $name['location'], + $name['secret'], + $kmsKey, + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testCreateSecretWithTopic() + { + if (self::$skipRotationTests) { + $this->markTestSkipped('GOOGLE_CLOUD_PUBSUB_TOPIC not set'); + printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_PUBSUB_TOPIC%s', PHP_EOL); + } + + $name = self::$client->parseName(self::$testSecretWithTopicToCreateName); + + $output = $this->runFunctionSnippet('create_regional_secret_with_topic', [ + $name['project'], + $name['location'], + $name['secret'], + self::$testRotationTopic, + ]); + + $this->assertStringContainsString('Created secret', $output); + } } diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php index b3affd5480..2c40dfe0f5 100644 --- a/secretmanager/test/secretmanagerTest.php +++ b/secretmanager/test/secretmanagerTest.php @@ -68,6 +68,8 @@ class secretmanagerTest extends TestCase private static $testSecretWithAnnotationsToCreateName; private static $testSecretWithDelayedDestroyToCreateName; private static $testSecretWithExpirationToCreateName; + private static $testSecretWithCMEKToCreateName; + private static $testSecretWithTopicToCreateName; private static $iamUser = 'user:sethvargo@google.com'; private static $testLabelKey = 'test-label-key'; @@ -81,6 +83,9 @@ class secretmanagerTest extends TestCase private static $testTagKey; private static $testTagValue; + private static $skipRotationTests = false; + private static $testRotationTopic; + public static function setUpBeforeClass(): void { self::$client = new SecretManagerServiceClient(); @@ -98,6 +103,8 @@ public static function setUpBeforeClass(): void self::$testSecretWithAnnotationsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretWithDelayedDestroyToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretWithExpirationToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); + self::$testSecretWithCMEKToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); + self::$testSecretWithTopicToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId()); self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions); self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions); @@ -112,6 +119,15 @@ public static function setUpBeforeClass(): void self::$testTagKey = self::createTagKey(self::randomSecretId()); self::$testTagValue = self::createTagValue(self::randomSecretId()); + + // GOOGLE_CLOUD_PUBSUB_TOPIC (projects/{project}/topics/{topic}). + $envTopic = getenv('GOOGLE_CLOUD_PUBSUB_TOPIC'); + if ($envTopic === false || $envTopic === '') { + self::$skipRotationTests = true; + printf('Skipping tests dependent on GOOGLE_CLOUD_PUBSUB_TOPIC as it is not set.%s', PHP_EOL); + } else { + self::$testRotationTopic = $envTopic; + } } public static function tearDownAfterClass(): void @@ -127,6 +143,8 @@ public static function tearDownAfterClass(): void self::deleteSecret(self::$testSecretWithAnnotationsToCreateName); self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName); self::deleteSecret(self::$testSecretWithExpirationToCreateName); + self::deleteSecret(self::$testSecretWithCMEKToCreateName); + self::deleteSecret(self::$testSecretWithTopicToCreateName); sleep(15); // Added a sleep to wait for the tag unbinding self::deleteTagValue(); self::deleteTagKey(); @@ -786,4 +804,41 @@ public function testDeleteSecretExpiration() $this->assertStringContainsString('Updated secret', $output); } + + public function testCreateSecretWithCmek() + { + $kmsKey = getenv('GOOGLE_CLOUD_KMS_KEY'); + if ($kmsKey === false || $kmsKey === '') { + $this->markTestSkipped('GOOGLE_CLOUD_KMS_KEY not set'); + printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_KMS_KEY%s', PHP_EOL); + } + + $name = self::$client->parseName(self::$testSecretWithCMEKToCreateName); + + $output = $this->runFunctionSnippet('create_secret_with_cmek', [ + $name['project'], + $name['secret'], + $kmsKey, + ]); + + $this->assertStringContainsString('Created secret', $output); + } + + public function testCreateSecretWithTopic() + { + if (self::$skipRotationTests) { + $this->markTestSkipped('GOOGLE_CLOUD_PUBSUB_TOPIC not set'); + printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_PUBSUB_TOPIC%s', PHP_EOL); + } + + $name = self::$client->parseName(self::$testSecretWithTopicToCreateName); + + $output = $this->runFunctionSnippet('create_secret_with_topic', [ + $name['project'], + $name['secret'], + self::$testRotationTopic, + ]); + + $this->assertStringContainsString('Created secret', $output); + } } From 2b3d4b5b6c8ddb082b7768397a76bf1d12a8eb08 Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Wed, 28 Jan 2026 15:57:19 +0530 Subject: [PATCH 10/11] Resolving gemini comments --- secretmanager/README.md | 4 ++-- secretmanager/src/create_regional_secret_with_cmek.php | 2 +- secretmanager/test/regionalsecretmanagerTest.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/secretmanager/README.md b/secretmanager/README.md index 89460bd319..278ff9da1c 100644 --- a/secretmanager/README.md +++ b/secretmanager/README.md @@ -19,8 +19,8 @@ This simple command-line application demonstrates how to invoke Set the following environment variables: - GOOGLE_CLOUD_PUBSUB_TOPIC - Full name of topic (projects/{project}/topics/{topic}). - - GOOGLE_CLOUD_KMS_KEY - Full name of global KMS key (projects/{project}/locations/global/keyRings/{keyring}/cryptoKeys/{key}). - - GOOGLE_CLOUD_REGIONAL_KMS_KEY - Full name of regional KMS key (projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}). + - GOOGLE_CLOUD_KMS_KEY - Full name of global KMS key (projects/{project}/locations/global/keyRings/{keyring}/cryptoKeys/{key}). + - GOOGLE_CLOUD_REGIONAL_KMS_KEY - Full name of regional KMS key (projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}). 1. **Download The Credentials** - Click "Go to credentials" after enabling the APIs. Click "New Credentials" and select "Service Account Key". Create a new diff --git a/secretmanager/src/create_regional_secret_with_cmek.php b/secretmanager/src/create_regional_secret_with_cmek.php index ff0c95f8e7..530d76fe56 100644 --- a/secretmanager/src/create_regional_secret_with_cmek.php +++ b/secretmanager/src/create_regional_secret_with_cmek.php @@ -37,7 +37,7 @@ * @param string $projectId Google Cloud project id (e.g. 'my-project-id') * @param string $locationId Secret location (e.g. 'us-central1') * @param string $secretId Id for the new secret (e.g. 'my-secret-id') - * @param string $kmsKeyName Full KMS key resource name (e.g. 'projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key') + * @param string $kmsKeyName Full KMS key resource name (e.g. 'projects/my-project/locations/us-central1/keyRings/my-kr/cryptoKeys/my-key') */ function create_regional_secret_with_cmek(string $projectId, string $locationId, string $secretId, string $kmsKeyName): void { diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php index 09de871ac4..52d65c195e 100644 --- a/secretmanager/test/regionalsecretmanagerTest.php +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -825,8 +825,8 @@ public function testCreateSecretWithCmek() { $kmsKey = getenv('GOOGLE_CLOUD_REGIONAL_KMS_KEY'); if ($kmsKey === false || $kmsKey === '') { - $this->markTestSkipped('GOOGLE_CLOUD_KMS_KEY not set'); - printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_KMS_KEY%s', PHP_EOL); + $this->markTestSkipped('GOOGLE_CLOUD_REGIONAL_KMS_KEY not set'); + printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_REGIONAL_KMS_KEY%s', PHP_EOL); } $name = self::$client->parseName(self::$testSecretWithCMEKToCreateName); From bc6bb4ccabb0fdca5ed5629b113ba8a38341b59d Mon Sep 17 00:00:00 2001 From: Dhaval Bhensdadiya Date: Thu, 29 Jan 2026 12:27:57 +0530 Subject: [PATCH 11/11] Added newlines at end as per gemini suggestions in cmek and topic tests. Also fixed a typo in console message related to skipping cmek tests --- secretmanager/src/create_regional_secret_with_cmek.php | 2 +- secretmanager/src/create_regional_secret_with_topic.php | 2 +- secretmanager/src/create_secret_with_cmek.php | 2 +- secretmanager/src/create_secret_with_topic.php | 2 +- secretmanager/test/regionalsecretmanagerTest.php | 2 +- secretmanager/test/secretmanagerTest.php | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/secretmanager/src/create_regional_secret_with_cmek.php b/secretmanager/src/create_regional_secret_with_cmek.php index 530d76fe56..4d07d464ea 100644 --- a/secretmanager/src/create_regional_secret_with_cmek.php +++ b/secretmanager/src/create_regional_secret_with_cmek.php @@ -64,4 +64,4 @@ function create_regional_secret_with_cmek(string $projectId, string $locationId, // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_regional_secret_with_topic.php b/secretmanager/src/create_regional_secret_with_topic.php index fc4428dc49..cd2d9d0775 100644 --- a/secretmanager/src/create_regional_secret_with_topic.php +++ b/secretmanager/src/create_regional_secret_with_topic.php @@ -62,4 +62,4 @@ function create_regional_secret_with_topic(string $projectId, string $locationId // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_secret_with_cmek.php b/secretmanager/src/create_secret_with_cmek.php index 0a77e74820..2338291774 100644 --- a/secretmanager/src/create_secret_with_cmek.php +++ b/secretmanager/src/create_secret_with_cmek.php @@ -68,4 +68,4 @@ function create_secret_with_cmek(string $projectId, string $secretId, string $km // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/src/create_secret_with_topic.php b/secretmanager/src/create_secret_with_topic.php index 164b18d4b5..9a84239637 100644 --- a/secretmanager/src/create_secret_with_topic.php +++ b/secretmanager/src/create_secret_with_topic.php @@ -65,4 +65,4 @@ function create_secret_with_topic(string $projectId, string $secretId, string $t // The following 2 lines are only needed to execute the samples on the CLI require_once __DIR__ . '/../../testing/sample_helpers.php'; -\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); \ No newline at end of file +\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php index 52d65c195e..345d126210 100644 --- a/secretmanager/test/regionalsecretmanagerTest.php +++ b/secretmanager/test/regionalsecretmanagerTest.php @@ -826,7 +826,7 @@ public function testCreateSecretWithCmek() $kmsKey = getenv('GOOGLE_CLOUD_REGIONAL_KMS_KEY'); if ($kmsKey === false || $kmsKey === '') { $this->markTestSkipped('GOOGLE_CLOUD_REGIONAL_KMS_KEY not set'); - printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_REGIONAL_KMS_KEY%s', PHP_EOL); + printf('Skipping testCreateSecretWithCmek dependent on GOOGLE_CLOUD_REGIONAL_KMS_KEY%s', PHP_EOL); } $name = self::$client->parseName(self::$testSecretWithCMEKToCreateName); diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php index 2c40dfe0f5..fc7f3026bd 100644 --- a/secretmanager/test/secretmanagerTest.php +++ b/secretmanager/test/secretmanagerTest.php @@ -810,7 +810,7 @@ public function testCreateSecretWithCmek() $kmsKey = getenv('GOOGLE_CLOUD_KMS_KEY'); if ($kmsKey === false || $kmsKey === '') { $this->markTestSkipped('GOOGLE_CLOUD_KMS_KEY not set'); - printf('Skipping testCreateSecretWithTopic dependent on GOOGLE_CLOUD_KMS_KEY%s', PHP_EOL); + printf('Skipping testCreateSecretWithCmek dependent on GOOGLE_CLOUD_KMS_KEY%s', PHP_EOL); } $name = self::$client->parseName(self::$testSecretWithCMEKToCreateName);