From 3dff2dfce681aef551313c01bc08dd03516edf61 Mon Sep 17 00:00:00 2001 From: Julie Qiu Date: Fri, 1 Nov 2024 20:59:39 -0400 Subject: [PATCH 1/2] impl: devtools/cmd/generate,testdata: add command to run protoc-gen --- generator/README.md | 6 + generator/devtools/cmd/generate/main.go | 72 +++ generator/internal/genclient/genclient.go | 5 +- .../testdata/google/api/annotations.proto | 31 ++ generator/testdata/google/api/client.proto | 427 ++++++++++++++++ .../testdata/google/api/field_behavior.proto | 104 ++++ generator/testdata/google/api/http.proto | 379 +++++++++++++++ .../testdata/google/api/launch_stage.proto | 72 +++ generator/testdata/google/api/resource.proto | 238 +++++++++ .../google/cloud/secretmanager/BUILD.bazel | 40 ++ .../secretmanager/logging/v1/BUILD.bazel | 161 +++++++ .../logging/v1/secret_event.proto | 71 +++ .../google/cloud/secretmanager/v1/BUILD.bazel | 388 +++++++++++++++ .../cloud/secretmanager/v1/resources.proto | 446 +++++++++++++++++ .../v1/secretmanager_grpc_service_config.json | 84 ++++ .../secretmanager/v1/secretmanager_v1.yaml | 50 ++ .../cloud/secretmanager/v1/service.proto | 455 ++++++++++++++++++ .../testdata/google/iam/v1/iam_policy.proto | 155 ++++++ .../testdata/google/iam/v1/options.proto | 48 ++ generator/testdata/google/iam/v1/policy.proto | 410 ++++++++++++++++ generator/testdata/google/type/expr.proto | 73 +++ 21 files changed, 3711 insertions(+), 4 deletions(-) create mode 100644 generator/devtools/cmd/generate/main.go create mode 100644 generator/testdata/google/api/annotations.proto create mode 100644 generator/testdata/google/api/client.proto create mode 100644 generator/testdata/google/api/field_behavior.proto create mode 100644 generator/testdata/google/api/http.proto create mode 100644 generator/testdata/google/api/launch_stage.proto create mode 100644 generator/testdata/google/api/resource.proto create mode 100644 generator/testdata/google/cloud/secretmanager/BUILD.bazel create mode 100644 generator/testdata/google/cloud/secretmanager/logging/v1/BUILD.bazel create mode 100644 generator/testdata/google/cloud/secretmanager/logging/v1/secret_event.proto create mode 100644 generator/testdata/google/cloud/secretmanager/v1/BUILD.bazel create mode 100644 generator/testdata/google/cloud/secretmanager/v1/resources.proto create mode 100644 generator/testdata/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json create mode 100644 generator/testdata/google/cloud/secretmanager/v1/secretmanager_v1.yaml create mode 100644 generator/testdata/google/cloud/secretmanager/v1/service.proto create mode 100644 generator/testdata/google/iam/v1/iam_policy.proto create mode 100644 generator/testdata/google/iam/v1/options.proto create mode 100644 generator/testdata/google/iam/v1/policy.proto create mode 100644 generator/testdata/google/type/expr.proto diff --git a/generator/README.md b/generator/README.md index 0e905a77f..75e97a35d 100644 --- a/generator/README.md +++ b/generator/README.md @@ -6,6 +6,12 @@ A tool for generating client libraries. Run the following command from the generator directory: +```bash +go run ./devtools/cmd/generate -language=rust +``` + +Alternatively, you can run the protoc command directly: + ```bash go install github.com/googleapis/google-cloud-rust/generator/cmd/protoc-gen-gclient protoc -I cmd/protoc-gen-gclient/testdata/smprotos \ diff --git a/generator/devtools/cmd/generate/main.go b/generator/devtools/cmd/generate/main.go new file mode 100644 index 000000000..f849ec093 --- /dev/null +++ b/generator/devtools/cmd/generate/main.go @@ -0,0 +1,72 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "flag" + "fmt" + "log" + "log/slog" + "os" + "os/exec" + "path/filepath" +) + +var ( + input = flag.String("input", "testdata/google/cloud/secretmanager/v1/", "path to protos to generate from") + output = flag.String("out", "output", "the path to the output directory") + language = flag.String("language", "", "the generated language") + testdata = flag.String("testdata", "testdata/", "path to testdata directory") +) + +func main() { + flag.Parse() + if *language == "" { + log.Fatalf("language must be provided") + } + if err := run(*language, *testdata, *input, *output); err != nil { + log.Fatal(err) + } +} + +func run(language, testdata, input, output string) error { + var files []string + err := filepath.Walk(input, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if filepath.Ext(path) == ".proto" { + files = append(files, path) + } + return nil + }) + if err != nil { + return err + } + + args := []string{ + "-I", testdata, + fmt.Sprintf("--gclient_out=%s", output), + fmt.Sprintf("--gclient_opt=language=%s", language), + } + args = append(args, files...) + + cmd := exec.Command("protoc", args...) + slog.Info(cmd.String()) + + cmd.Stdout = os.Stdout // or any other io.Writer + cmd.Stderr = os.Stderr // or any other io.Writer + return cmd.Run() +} diff --git a/generator/internal/genclient/genclient.go b/generator/internal/genclient/genclient.go index ac762836e..6d01b60b9 100644 --- a/generator/internal/genclient/genclient.go +++ b/generator/internal/genclient/genclient.go @@ -122,10 +122,7 @@ func Generate(req *GenerateRequest) (*Output, error) { return err } fn := filepath.Join(req.outDir(), filepath.Dir(strings.TrimPrefix(path, root)), strings.TrimSuffix(d.Name(), ".mustache")) - if err := os.WriteFile(fn, []byte(s), os.ModePerm); err != nil { - return err - } - return nil + return os.WriteFile(fn, []byte(s), os.ModePerm) }) if err != nil { slog.Error("error walking templates", "err", err.Error()) diff --git a/generator/testdata/google/api/annotations.proto b/generator/testdata/google/api/annotations.proto new file mode 100644 index 000000000..efdab3db6 --- /dev/null +++ b/generator/testdata/google/api/annotations.proto @@ -0,0 +1,31 @@ +// Copyright 2015 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.api; + +import "google/api/http.proto"; +import "google/protobuf/descriptor.proto"; + +option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations"; +option java_multiple_files = true; +option java_outer_classname = "AnnotationsProto"; +option java_package = "com.google.api"; +option objc_class_prefix = "GAPI"; + +extend google.protobuf.MethodOptions { + // See `HttpRule`. + HttpRule http = 72295728; +} diff --git a/generator/testdata/google/api/client.proto b/generator/testdata/google/api/client.proto new file mode 100644 index 000000000..0952e8373 --- /dev/null +++ b/generator/testdata/google/api/client.proto @@ -0,0 +1,427 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.api; + +import "google/api/launch_stage.proto"; +import "google/protobuf/descriptor.proto"; +import "google/protobuf/duration.proto"; + +option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations"; +option java_multiple_files = true; +option java_outer_classname = "ClientProto"; +option java_package = "com.google.api"; +option objc_class_prefix = "GAPI"; + +extend google.protobuf.MethodOptions { + // A definition of a client library method signature. + // + // In client libraries, each proto RPC corresponds to one or more methods + // which the end user is able to call, and calls the underlying RPC. + // Normally, this method receives a single argument (a struct or instance + // corresponding to the RPC request object). Defining this field will + // add one or more overloads providing flattened or simpler method signatures + // in some languages. + // + // The fields on the method signature are provided as a comma-separated + // string. + // + // For example, the proto RPC and annotation: + // + // rpc CreateSubscription(CreateSubscriptionRequest) + // returns (Subscription) { + // option (google.api.method_signature) = "name,topic"; + // } + // + // Would add the following Java overload (in addition to the method accepting + // the request object): + // + // public final Subscription createSubscription(String name, String topic) + // + // The following backwards-compatibility guidelines apply: + // + // * Adding this annotation to an unannotated method is backwards + // compatible. + // * Adding this annotation to a method which already has existing + // method signature annotations is backwards compatible if and only if + // the new method signature annotation is last in the sequence. + // * Modifying or removing an existing method signature annotation is + // a breaking change. + // * Re-ordering existing method signature annotations is a breaking + // change. + repeated string method_signature = 1051; +} + +extend google.protobuf.ServiceOptions { + // The hostname for this service. + // This should be specified with no prefix or protocol. + // + // Example: + // + // service Foo { + // option (google.api.default_host) = "foo.googleapi.com"; + // ... + // } + string default_host = 1049; + + // OAuth scopes needed for the client. + // + // Example: + // + // service Foo { + // option (google.api.oauth_scopes) = \ + // "https://www.googleapis.com/auth/cloud-platform"; + // ... + // } + // + // If there is more than one scope, use a comma-separated string: + // + // Example: + // + // service Foo { + // option (google.api.oauth_scopes) = \ + // "https://www.googleapis.com/auth/cloud-platform," + // "https://www.googleapis.com/auth/monitoring"; + // ... + // } + string oauth_scopes = 1050; + + // The API version of this service, which should be sent by version-aware + // clients to the service. This allows services to abide by the schema and + // behavior of the service at the time this API version was deployed. + // The format of the API version must be treated as opaque by clients. + // Services may use a format with an apparent structure, but clients must + // not rely on this to determine components within an API version, or attempt + // to construct other valid API versions. Note that this is for upcoming + // functionality and may not be implemented for all services. + // + // Example: + // + // service Foo { + // option (google.api.api_version) = "v1_20230821_preview"; + // } + string api_version = 525000001; +} + +// Required information for every language. +message CommonLanguageSettings { + // Link to automatically generated reference documentation. Example: + // https://cloud.google.com/nodejs/docs/reference/asset/latest + string reference_docs_uri = 1 [deprecated = true]; + + // The destination where API teams want this client library to be published. + repeated ClientLibraryDestination destinations = 2; +} + +// Details about how and where to publish client libraries. +message ClientLibrarySettings { + // Version of the API to apply these settings to. This is the full protobuf + // package for the API, ending in the version element. + // Examples: "google.cloud.speech.v1" and "google.spanner.admin.database.v1". + string version = 1; + + // Launch stage of this version of the API. + LaunchStage launch_stage = 2; + + // When using transport=rest, the client request will encode enums as + // numbers rather than strings. + bool rest_numeric_enums = 3; + + // Settings for legacy Java features, supported in the Service YAML. + JavaSettings java_settings = 21; + + // Settings for C++ client libraries. + CppSettings cpp_settings = 22; + + // Settings for PHP client libraries. + PhpSettings php_settings = 23; + + // Settings for Python client libraries. + PythonSettings python_settings = 24; + + // Settings for Node client libraries. + NodeSettings node_settings = 25; + + // Settings for .NET client libraries. + DotnetSettings dotnet_settings = 26; + + // Settings for Ruby client libraries. + RubySettings ruby_settings = 27; + + // Settings for Go client libraries. + GoSettings go_settings = 28; +} + +// This message configures the settings for publishing [Google Cloud Client +// libraries](https://cloud.google.com/apis/docs/cloud-client-libraries) +// generated from the service config. +message Publishing { + // A list of API method settings, e.g. the behavior for methods that use the + // long-running operation pattern. + repeated MethodSettings method_settings = 2; + + // Link to a *public* URI where users can report issues. Example: + // https://issuetracker.google.com/issues/new?component=190865&template=1161103 + string new_issue_uri = 101; + + // Link to product home page. Example: + // https://cloud.google.com/asset-inventory/docs/overview + string documentation_uri = 102; + + // Used as a tracking tag when collecting data about the APIs developer + // relations artifacts like docs, packages delivered to package managers, + // etc. Example: "speech". + string api_short_name = 103; + + // GitHub label to apply to issues and pull requests opened for this API. + string github_label = 104; + + // GitHub teams to be added to CODEOWNERS in the directory in GitHub + // containing source code for the client libraries for this API. + repeated string codeowner_github_teams = 105; + + // A prefix used in sample code when demarking regions to be included in + // documentation. + string doc_tag_prefix = 106; + + // For whom the client library is being published. + ClientLibraryOrganization organization = 107; + + // Client library settings. If the same version string appears multiple + // times in this list, then the last one wins. Settings from earlier + // settings with the same version string are discarded. + repeated ClientLibrarySettings library_settings = 109; + + // Optional link to proto reference documentation. Example: + // https://cloud.google.com/pubsub/lite/docs/reference/rpc + string proto_reference_documentation_uri = 110; + + // Optional link to REST reference documentation. Example: + // https://cloud.google.com/pubsub/lite/docs/reference/rest + string rest_reference_documentation_uri = 111; +} + +// Settings for Java client libraries. +message JavaSettings { + // The package name to use in Java. Clobbers the java_package option + // set in the protobuf. This should be used **only** by APIs + // who have already set the language_settings.java.package_name" field + // in gapic.yaml. API teams should use the protobuf java_package option + // where possible. + // + // Example of a YAML configuration:: + // + // publishing: + // java_settings: + // library_package: com.google.cloud.pubsub.v1 + string library_package = 1; + + // Configure the Java class name to use instead of the service's for its + // corresponding generated GAPIC client. Keys are fully-qualified + // service names as they appear in the protobuf (including the full + // the language_settings.java.interface_names" field in gapic.yaml. API + // teams should otherwise use the service name as it appears in the + // protobuf. + // + // Example of a YAML configuration:: + // + // publishing: + // java_settings: + // service_class_names: + // - google.pubsub.v1.Publisher: TopicAdmin + // - google.pubsub.v1.Subscriber: SubscriptionAdmin + map service_class_names = 2; + + // Some settings. + CommonLanguageSettings common = 3; +} + +// Settings for C++ client libraries. +message CppSettings { + // Some settings. + CommonLanguageSettings common = 1; +} + +// Settings for Php client libraries. +message PhpSettings { + // Some settings. + CommonLanguageSettings common = 1; +} + +// Settings for Python client libraries. +message PythonSettings { + // Some settings. + CommonLanguageSettings common = 1; +} + +// Settings for Node client libraries. +message NodeSettings { + // Some settings. + CommonLanguageSettings common = 1; +} + +// Settings for Dotnet client libraries. +message DotnetSettings { + // Some settings. + CommonLanguageSettings common = 1; + + // Map from original service names to renamed versions. + // This is used when the default generated types + // would cause a naming conflict. (Neither name is + // fully-qualified.) + // Example: Subscriber to SubscriberServiceApi. + map renamed_services = 2; + + // Map from full resource types to the effective short name + // for the resource. This is used when otherwise resource + // named from different services would cause naming collisions. + // Example entry: + // "datalabeling.googleapis.com/Dataset": "DataLabelingDataset" + map renamed_resources = 3; + + // List of full resource types to ignore during generation. + // This is typically used for API-specific Location resources, + // which should be handled by the generator as if they were actually + // the common Location resources. + // Example entry: "documentai.googleapis.com/Location" + repeated string ignored_resources = 4; + + // Namespaces which must be aliased in snippets due to + // a known (but non-generator-predictable) naming collision + repeated string forced_namespace_aliases = 5; + + // Method signatures (in the form "service.method(signature)") + // which are provided separately, so shouldn't be generated. + // Snippets *calling* these methods are still generated, however. + repeated string handwritten_signatures = 6; +} + +// Settings for Ruby client libraries. +message RubySettings { + // Some settings. + CommonLanguageSettings common = 1; +} + +// Settings for Go client libraries. +message GoSettings { + // Some settings. + CommonLanguageSettings common = 1; +} + +// Describes the generator configuration for a method. +message MethodSettings { + // Describes settings to use when generating API methods that use the + // long-running operation pattern. + // All default values below are from those used in the client library + // generators (e.g. + // [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)). + message LongRunning { + // Initial delay after which the first poll request will be made. + // Default value: 5 seconds. + google.protobuf.Duration initial_poll_delay = 1; + + // Multiplier to gradually increase delay between subsequent polls until it + // reaches max_poll_delay. + // Default value: 1.5. + float poll_delay_multiplier = 2; + + // Maximum time between two subsequent poll requests. + // Default value: 45 seconds. + google.protobuf.Duration max_poll_delay = 3; + + // Total polling timeout. + // Default value: 5 minutes. + google.protobuf.Duration total_poll_timeout = 4; + } + + // The fully qualified name of the method, for which the options below apply. + // This is used to find the method to apply the options. + string selector = 1; + + // Describes settings to use for long-running operations when generating + // API methods for RPCs. Complements RPCs that use the annotations in + // google/longrunning/operations.proto. + // + // Example of a YAML configuration:: + // + // publishing: + // method_settings: + // - selector: google.cloud.speech.v2.Speech.BatchRecognize + // long_running: + // initial_poll_delay: + // seconds: 60 # 1 minute + // poll_delay_multiplier: 1.5 + // max_poll_delay: + // seconds: 360 # 6 minutes + // total_poll_timeout: + // seconds: 54000 # 90 minutes + LongRunning long_running = 2; + + // List of top-level fields of the request message, that should be + // automatically populated by the client libraries based on their + // (google.api.field_info).format. Currently supported format: UUID4. + // + // Example of a YAML configuration: + // + // publishing: + // method_settings: + // - selector: google.example.v1.ExampleService.CreateExample + // auto_populated_fields: + // - request_id + repeated string auto_populated_fields = 3; +} + +// The organization for which the client libraries are being published. +// Affects the url where generated docs are published, etc. +enum ClientLibraryOrganization { + // Not useful. + CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED = 0; + + // Google Cloud Platform Org. + CLOUD = 1; + + // Ads (Advertising) Org. + ADS = 2; + + // Photos Org. + PHOTOS = 3; + + // Street View Org. + STREET_VIEW = 4; + + // Shopping Org. + SHOPPING = 5; + + // Geo Org. + GEO = 6; + + // Generative AI - https://developers.generativeai.google + GENERATIVE_AI = 7; +} + +// To where should client libraries be published? +enum ClientLibraryDestination { + // Client libraries will neither be generated nor published to package + // managers. + CLIENT_LIBRARY_DESTINATION_UNSPECIFIED = 0; + + // Generate the client library in a repo under github.com/googleapis, + // but don't publish it to package managers. + GITHUB = 10; + + // Publish the library to package managers like nuget.org and npmjs.com. + PACKAGE_MANAGER = 20; +} diff --git a/generator/testdata/google/api/field_behavior.proto b/generator/testdata/google/api/field_behavior.proto new file mode 100644 index 000000000..21895bf55 --- /dev/null +++ b/generator/testdata/google/api/field_behavior.proto @@ -0,0 +1,104 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.api; + +import "google/protobuf/descriptor.proto"; + +option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations"; +option java_multiple_files = true; +option java_outer_classname = "FieldBehaviorProto"; +option java_package = "com.google.api"; +option objc_class_prefix = "GAPI"; + +extend google.protobuf.FieldOptions { + // A designation of a specific field behavior (required, output only, etc.) + // in protobuf messages. + // + // Examples: + // + // string name = 1 [(google.api.field_behavior) = REQUIRED]; + // State state = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + // google.protobuf.Duration ttl = 1 + // [(google.api.field_behavior) = INPUT_ONLY]; + // google.protobuf.Timestamp expire_time = 1 + // [(google.api.field_behavior) = OUTPUT_ONLY, + // (google.api.field_behavior) = IMMUTABLE]; + repeated google.api.FieldBehavior field_behavior = 1052 [packed = false]; +} + +// An indicator of the behavior of a given field (for example, that a field +// is required in requests, or given as output but ignored as input). +// This **does not** change the behavior in protocol buffers itself; it only +// denotes the behavior and may affect how API tooling handles the field. +// +// Note: This enum **may** receive new values in the future. +enum FieldBehavior { + // Conventional default for enums. Do not use this. + FIELD_BEHAVIOR_UNSPECIFIED = 0; + + // Specifically denotes a field as optional. + // While all fields in protocol buffers are optional, this may be specified + // for emphasis if appropriate. + OPTIONAL = 1; + + // Denotes a field as required. + // This indicates that the field **must** be provided as part of the request, + // and failure to do so will cause an error (usually `INVALID_ARGUMENT`). + REQUIRED = 2; + + // Denotes a field as output only. + // This indicates that the field is provided in responses, but including the + // field in a request does nothing (the server *must* ignore it and + // *must not* throw an error as a result of the field's presence). + OUTPUT_ONLY = 3; + + // Denotes a field as input only. + // This indicates that the field is provided in requests, and the + // corresponding field is not included in output. + INPUT_ONLY = 4; + + // Denotes a field as immutable. + // This indicates that the field may be set once in a request to create a + // resource, but may not be changed thereafter. + IMMUTABLE = 5; + + // Denotes that a (repeated) field is an unordered list. + // This indicates that the service may provide the elements of the list + // in any arbitrary order, rather than the order the user originally + // provided. Additionally, the list's order may or may not be stable. + UNORDERED_LIST = 6; + + // Denotes that this field returns a non-empty default value if not set. + // This indicates that if the user provides the empty value in a request, + // a non-empty value will be returned. The user will not be aware of what + // non-empty value to expect. + NON_EMPTY_DEFAULT = 7; + + // Denotes that the field in a resource (a message annotated with + // google.api.resource) is used in the resource name to uniquely identify the + // resource. For AIP-compliant APIs, this should only be applied to the + // `name` field on the resource. + // + // This behavior should not be applied to references to other resources within + // the message. + // + // The identifier field of resources often have different field behavior + // depending on the request it is embedded in (e.g. for Create methods name + // is optional and unused, while for Update methods it is required). Instead + // of method-specific annotations, only `IDENTIFIER` is required. + IDENTIFIER = 8; +} diff --git a/generator/testdata/google/api/http.proto b/generator/testdata/google/api/http.proto new file mode 100644 index 000000000..31d867a27 --- /dev/null +++ b/generator/testdata/google/api/http.proto @@ -0,0 +1,379 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.api; + +option cc_enable_arenas = true; +option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations"; +option java_multiple_files = true; +option java_outer_classname = "HttpProto"; +option java_package = "com.google.api"; +option objc_class_prefix = "GAPI"; + +// Defines the HTTP configuration for an API service. It contains a list of +// [HttpRule][google.api.HttpRule], each specifying the mapping of an RPC method +// to one or more HTTP REST API methods. +message Http { + // A list of HTTP configuration rules that apply to individual API methods. + // + // **NOTE:** All service configuration rules follow "last one wins" order. + repeated HttpRule rules = 1; + + // When set to true, URL path parameters will be fully URI-decoded except in + // cases of single segment matches in reserved expansion, where "%2F" will be + // left encoded. + // + // The default behavior is to not decode RFC 6570 reserved characters in multi + // segment matches. + bool fully_decode_reserved_expansion = 2; +} + +// # gRPC Transcoding +// +// gRPC Transcoding is a feature for mapping between a gRPC method and one or +// more HTTP REST endpoints. It allows developers to build a single API service +// that supports both gRPC APIs and REST APIs. Many systems, including [Google +// APIs](https://github.com/googleapis/googleapis), +// [Cloud Endpoints](https://cloud.google.com/endpoints), [gRPC +// Gateway](https://github.com/grpc-ecosystem/grpc-gateway), +// and [Envoy](https://github.com/envoyproxy/envoy) proxy support this feature +// and use it for large scale production services. +// +// `HttpRule` defines the schema of the gRPC/REST mapping. The mapping specifies +// how different portions of the gRPC request message are mapped to the URL +// path, URL query parameters, and HTTP request body. It also controls how the +// gRPC response message is mapped to the HTTP response body. `HttpRule` is +// typically specified as an `google.api.http` annotation on the gRPC method. +// +// Each mapping specifies a URL path template and an HTTP method. The path +// template may refer to one or more fields in the gRPC request message, as long +// as each field is a non-repeated field with a primitive (non-message) type. +// The path template controls how fields of the request message are mapped to +// the URL path. +// +// Example: +// +// service Messaging { +// rpc GetMessage(GetMessageRequest) returns (Message) { +// option (google.api.http) = { +// get: "/v1/{name=messages/*}" +// }; +// } +// } +// message GetMessageRequest { +// string name = 1; // Mapped to URL path. +// } +// message Message { +// string text = 1; // The resource content. +// } +// +// This enables an HTTP REST to gRPC mapping as below: +// +// HTTP | gRPC +// -----|----- +// `GET /v1/messages/123456` | `GetMessage(name: "messages/123456")` +// +// Any fields in the request message which are not bound by the path template +// automatically become HTTP query parameters if there is no HTTP request body. +// For example: +// +// service Messaging { +// rpc GetMessage(GetMessageRequest) returns (Message) { +// option (google.api.http) = { +// get:"/v1/messages/{message_id}" +// }; +// } +// } +// message GetMessageRequest { +// message SubMessage { +// string subfield = 1; +// } +// string message_id = 1; // Mapped to URL path. +// int64 revision = 2; // Mapped to URL query parameter `revision`. +// SubMessage sub = 3; // Mapped to URL query parameter `sub.subfield`. +// } +// +// This enables a HTTP JSON to RPC mapping as below: +// +// HTTP | gRPC +// -----|----- +// `GET /v1/messages/123456?revision=2&sub.subfield=foo` | +// `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield: +// "foo"))` +// +// Note that fields which are mapped to URL query parameters must have a +// primitive type or a repeated primitive type or a non-repeated message type. +// In the case of a repeated type, the parameter can be repeated in the URL +// as `...?param=A¶m=B`. In the case of a message type, each field of the +// message is mapped to a separate parameter, such as +// `...?foo.a=A&foo.b=B&foo.c=C`. +// +// For HTTP methods that allow a request body, the `body` field +// specifies the mapping. Consider a REST update method on the +// message resource collection: +// +// service Messaging { +// rpc UpdateMessage(UpdateMessageRequest) returns (Message) { +// option (google.api.http) = { +// patch: "/v1/messages/{message_id}" +// body: "message" +// }; +// } +// } +// message UpdateMessageRequest { +// string message_id = 1; // mapped to the URL +// Message message = 2; // mapped to the body +// } +// +// The following HTTP JSON to RPC mapping is enabled, where the +// representation of the JSON in the request body is determined by +// protos JSON encoding: +// +// HTTP | gRPC +// -----|----- +// `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id: +// "123456" message { text: "Hi!" })` +// +// The special name `*` can be used in the body mapping to define that +// every field not bound by the path template should be mapped to the +// request body. This enables the following alternative definition of +// the update method: +// +// service Messaging { +// rpc UpdateMessage(Message) returns (Message) { +// option (google.api.http) = { +// patch: "/v1/messages/{message_id}" +// body: "*" +// }; +// } +// } +// message Message { +// string message_id = 1; +// string text = 2; +// } +// +// +// The following HTTP JSON to RPC mapping is enabled: +// +// HTTP | gRPC +// -----|----- +// `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id: +// "123456" text: "Hi!")` +// +// Note that when using `*` in the body mapping, it is not possible to +// have HTTP parameters, as all fields not bound by the path end in +// the body. This makes this option more rarely used in practice when +// defining REST APIs. The common usage of `*` is in custom methods +// which don't use the URL at all for transferring data. +// +// It is possible to define multiple HTTP methods for one RPC by using +// the `additional_bindings` option. Example: +// +// service Messaging { +// rpc GetMessage(GetMessageRequest) returns (Message) { +// option (google.api.http) = { +// get: "/v1/messages/{message_id}" +// additional_bindings { +// get: "/v1/users/{user_id}/messages/{message_id}" +// } +// }; +// } +// } +// message GetMessageRequest { +// string message_id = 1; +// string user_id = 2; +// } +// +// This enables the following two alternative HTTP JSON to RPC mappings: +// +// HTTP | gRPC +// -----|----- +// `GET /v1/messages/123456` | `GetMessage(message_id: "123456")` +// `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id: +// "123456")` +// +// ## Rules for HTTP mapping +// +// 1. Leaf request fields (recursive expansion nested messages in the request +// message) are classified into three categories: +// - Fields referred by the path template. They are passed via the URL path. +// - Fields referred by the [HttpRule.body][google.api.HttpRule.body]. They +// are passed via the HTTP +// request body. +// - All other fields are passed via the URL query parameters, and the +// parameter name is the field path in the request message. A repeated +// field can be represented as multiple query parameters under the same +// name. +// 2. If [HttpRule.body][google.api.HttpRule.body] is "*", there is no URL +// query parameter, all fields +// are passed via URL path and HTTP request body. +// 3. If [HttpRule.body][google.api.HttpRule.body] is omitted, there is no HTTP +// request body, all +// fields are passed via URL path and URL query parameters. +// +// ### Path template syntax +// +// Template = "/" Segments [ Verb ] ; +// Segments = Segment { "/" Segment } ; +// Segment = "*" | "**" | LITERAL | Variable ; +// Variable = "{" FieldPath [ "=" Segments ] "}" ; +// FieldPath = IDENT { "." IDENT } ; +// Verb = ":" LITERAL ; +// +// The syntax `*` matches a single URL path segment. The syntax `**` matches +// zero or more URL path segments, which must be the last part of the URL path +// except the `Verb`. +// +// The syntax `Variable` matches part of the URL path as specified by its +// template. A variable template must not contain other variables. If a variable +// matches a single path segment, its template may be omitted, e.g. `{var}` +// is equivalent to `{var=*}`. +// +// The syntax `LITERAL` matches literal text in the URL path. If the `LITERAL` +// contains any reserved character, such characters should be percent-encoded +// before the matching. +// +// If a variable contains exactly one path segment, such as `"{var}"` or +// `"{var=*}"`, when such a variable is expanded into a URL path on the client +// side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The +// server side does the reverse decoding. Such variables show up in the +// [Discovery +// Document](https://developers.google.com/discovery/v1/reference/apis) as +// `{var}`. +// +// If a variable contains multiple path segments, such as `"{var=foo/*}"` +// or `"{var=**}"`, when such a variable is expanded into a URL path on the +// client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded. +// The server side does the reverse decoding, except "%2F" and "%2f" are left +// unchanged. Such variables show up in the +// [Discovery +// Document](https://developers.google.com/discovery/v1/reference/apis) as +// `{+var}`. +// +// ## Using gRPC API Service Configuration +// +// gRPC API Service Configuration (service config) is a configuration language +// for configuring a gRPC service to become a user-facing product. The +// service config is simply the YAML representation of the `google.api.Service` +// proto message. +// +// As an alternative to annotating your proto file, you can configure gRPC +// transcoding in your service config YAML files. You do this by specifying a +// `HttpRule` that maps the gRPC method to a REST endpoint, achieving the same +// effect as the proto annotation. This can be particularly useful if you +// have a proto that is reused in multiple services. Note that any transcoding +// specified in the service config will override any matching transcoding +// configuration in the proto. +// +// Example: +// +// http: +// rules: +// # Selects a gRPC method and applies HttpRule to it. +// - selector: example.v1.Messaging.GetMessage +// get: /v1/messages/{message_id}/{sub.subfield} +// +// ## Special notes +// +// When gRPC Transcoding is used to map a gRPC to JSON REST endpoints, the +// proto to JSON conversion must follow the [proto3 +// specification](https://developers.google.com/protocol-buffers/docs/proto3#json). +// +// While the single segment variable follows the semantics of +// [RFC 6570](https://tools.ietf.org/html/rfc6570) Section 3.2.2 Simple String +// Expansion, the multi segment variable **does not** follow RFC 6570 Section +// 3.2.3 Reserved Expansion. The reason is that the Reserved Expansion +// does not expand special characters like `?` and `#`, which would lead +// to invalid URLs. As the result, gRPC Transcoding uses a custom encoding +// for multi segment variables. +// +// The path variables **must not** refer to any repeated or mapped field, +// because client libraries are not capable of handling such variable expansion. +// +// The path variables **must not** capture the leading "/" character. The reason +// is that the most common use case "{var}" does not capture the leading "/" +// character. For consistency, all path variables must share the same behavior. +// +// Repeated message fields must not be mapped to URL query parameters, because +// no client library can support such complicated mapping. +// +// If an API needs to use a JSON array for request or response body, it can map +// the request or response body to a repeated field. However, some gRPC +// Transcoding implementations may not support this feature. +message HttpRule { + // Selects a method to which this rule applies. + // + // Refer to [selector][google.api.DocumentationRule.selector] for syntax + // details. + string selector = 1; + + // Determines the URL pattern is matched by this rules. This pattern can be + // used with any of the {get|put|post|delete|patch} methods. A custom method + // can be defined using the 'custom' field. + oneof pattern { + // Maps to HTTP GET. Used for listing and getting information about + // resources. + string get = 2; + + // Maps to HTTP PUT. Used for replacing a resource. + string put = 3; + + // Maps to HTTP POST. Used for creating a resource or performing an action. + string post = 4; + + // Maps to HTTP DELETE. Used for deleting a resource. + string delete = 5; + + // Maps to HTTP PATCH. Used for updating a resource. + string patch = 6; + + // The custom pattern is used for specifying an HTTP method that is not + // included in the `pattern` field, such as HEAD, or "*" to leave the + // HTTP method unspecified for this rule. The wild-card rule is useful + // for services that provide content to Web (HTML) clients. + CustomHttpPattern custom = 8; + } + + // The name of the request field whose value is mapped to the HTTP request + // body, or `*` for mapping all request fields not captured by the path + // pattern to the HTTP body, or omitted for not having any HTTP request body. + // + // NOTE: the referred field must be present at the top-level of the request + // message type. + string body = 7; + + // Optional. The name of the response field whose value is mapped to the HTTP + // response body. When omitted, the entire response message will be used + // as the HTTP response body. + // + // NOTE: The referred field must be present at the top-level of the response + // message type. + string response_body = 12; + + // Additional HTTP bindings for the selector. Nested bindings must + // not contain an `additional_bindings` field themselves (that is, + // the nesting may only be one level deep). + repeated HttpRule additional_bindings = 11; +} + +// A custom pattern is used for defining custom HTTP verb. +message CustomHttpPattern { + // The name of this custom HTTP verb. + string kind = 1; + + // The path matched by this custom verb. + string path = 2; +} diff --git a/generator/testdata/google/api/launch_stage.proto b/generator/testdata/google/api/launch_stage.proto new file mode 100644 index 000000000..9802de795 --- /dev/null +++ b/generator/testdata/google/api/launch_stage.proto @@ -0,0 +1,72 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.api; + +option go_package = "google.golang.org/genproto/googleapis/api;api"; +option java_multiple_files = true; +option java_outer_classname = "LaunchStageProto"; +option java_package = "com.google.api"; +option objc_class_prefix = "GAPI"; + +// The launch stage as defined by [Google Cloud Platform +// Launch Stages](https://cloud.google.com/terms/launch-stages). +enum LaunchStage { + // Do not use this default value. + LAUNCH_STAGE_UNSPECIFIED = 0; + + // The feature is not yet implemented. Users can not use it. + UNIMPLEMENTED = 6; + + // Prelaunch features are hidden from users and are only visible internally. + PRELAUNCH = 7; + + // Early Access features are limited to a closed group of testers. To use + // these features, you must sign up in advance and sign a Trusted Tester + // agreement (which includes confidentiality provisions). These features may + // be unstable, changed in backward-incompatible ways, and are not + // guaranteed to be released. + EARLY_ACCESS = 1; + + // Alpha is a limited availability test for releases before they are cleared + // for widespread use. By Alpha, all significant design issues are resolved + // and we are in the process of verifying functionality. Alpha customers + // need to apply for access, agree to applicable terms, and have their + // projects allowlisted. Alpha releases don't have to be feature complete, + // no SLAs are provided, and there are no technical support obligations, but + // they will be far enough along that customers can actually use them in + // test environments or for limited-use tests -- just like they would in + // normal production cases. + ALPHA = 2; + + // Beta is the point at which we are ready to open a release for any + // customer to use. There are no SLA or technical support obligations in a + // Beta release. Products will be complete from a feature perspective, but + // may have some open outstanding issues. Beta releases are suitable for + // limited production use cases. + BETA = 3; + + // GA features are open to all developers and are considered stable and + // fully qualified for production use. + GA = 4; + + // Deprecated features are scheduled to be shut down and removed. For more + // information, see the "Deprecation Policy" section of our [Terms of + // Service](https://cloud.google.com/terms/) + // and the [Google Cloud Platform Subject to the Deprecation + // Policy](https://cloud.google.com/terms/deprecation) documentation. + DEPRECATED = 5; +} diff --git a/generator/testdata/google/api/resource.proto b/generator/testdata/google/api/resource.proto new file mode 100644 index 000000000..bf0cbec5d --- /dev/null +++ b/generator/testdata/google/api/resource.proto @@ -0,0 +1,238 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.api; + +import "google/protobuf/descriptor.proto"; + +option cc_enable_arenas = true; +option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations"; +option java_multiple_files = true; +option java_outer_classname = "ResourceProto"; +option java_package = "com.google.api"; +option objc_class_prefix = "GAPI"; + +extend google.protobuf.FieldOptions { + // An annotation that describes a resource reference, see + // [ResourceReference][]. + google.api.ResourceReference resource_reference = 1055; +} + +extend google.protobuf.FileOptions { + // An annotation that describes a resource definition without a corresponding + // message; see [ResourceDescriptor][]. + repeated google.api.ResourceDescriptor resource_definition = 1053; +} + +extend google.protobuf.MessageOptions { + // An annotation that describes a resource definition, see + // [ResourceDescriptor][]. + google.api.ResourceDescriptor resource = 1053; +} + +// A simple descriptor of a resource type. +// +// ResourceDescriptor annotates a resource message (either by means of a +// protobuf annotation or use in the service config), and associates the +// resource's schema, the resource type, and the pattern of the resource name. +// +// Example: +// +// message Topic { +// // Indicates this message defines a resource schema. +// // Declares the resource type in the format of {service}/{kind}. +// // For Kubernetes resources, the format is {api group}/{kind}. +// option (google.api.resource) = { +// type: "pubsub.googleapis.com/Topic" +// pattern: "projects/{project}/topics/{topic}" +// }; +// } +// +// The ResourceDescriptor Yaml config will look like: +// +// resources: +// - type: "pubsub.googleapis.com/Topic" +// pattern: "projects/{project}/topics/{topic}" +// +// Sometimes, resources have multiple patterns, typically because they can +// live under multiple parents. +// +// Example: +// +// message LogEntry { +// option (google.api.resource) = { +// type: "logging.googleapis.com/LogEntry" +// pattern: "projects/{project}/logs/{log}" +// pattern: "folders/{folder}/logs/{log}" +// pattern: "organizations/{organization}/logs/{log}" +// pattern: "billingAccounts/{billing_account}/logs/{log}" +// }; +// } +// +// The ResourceDescriptor Yaml config will look like: +// +// resources: +// - type: 'logging.googleapis.com/LogEntry' +// pattern: "projects/{project}/logs/{log}" +// pattern: "folders/{folder}/logs/{log}" +// pattern: "organizations/{organization}/logs/{log}" +// pattern: "billingAccounts/{billing_account}/logs/{log}" +message ResourceDescriptor { + // A description of the historical or future-looking state of the + // resource pattern. + enum History { + // The "unset" value. + HISTORY_UNSPECIFIED = 0; + + // The resource originally had one pattern and launched as such, and + // additional patterns were added later. + ORIGINALLY_SINGLE_PATTERN = 1; + + // The resource has one pattern, but the API owner expects to add more + // later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents + // that from being necessary once there are multiple patterns.) + FUTURE_MULTI_PATTERN = 2; + } + + // A flag representing a specific style that a resource claims to conform to. + enum Style { + // The unspecified value. Do not use. + STYLE_UNSPECIFIED = 0; + + // This resource is intended to be "declarative-friendly". + // + // Declarative-friendly resources must be more strictly consistent, and + // setting this to true communicates to tools that this resource should + // adhere to declarative-friendly expectations. + // + // Note: This is used by the API linter (linter.aip.dev) to enable + // additional checks. + DECLARATIVE_FRIENDLY = 1; + } + + // The resource type. It must be in the format of + // {service_name}/{resource_type_kind}. The `resource_type_kind` must be + // singular and must not include version numbers. + // + // Example: `storage.googleapis.com/Bucket` + // + // The value of the resource_type_kind must follow the regular expression + // /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and + // should use PascalCase (UpperCamelCase). The maximum number of + // characters allowed for the `resource_type_kind` is 100. + string type = 1; + + // Optional. The relative resource name pattern associated with this resource + // type. The DNS prefix of the full resource name shouldn't be specified here. + // + // The path pattern must follow the syntax, which aligns with HTTP binding + // syntax: + // + // Template = Segment { "/" Segment } ; + // Segment = LITERAL | Variable ; + // Variable = "{" LITERAL "}" ; + // + // Examples: + // + // - "projects/{project}/topics/{topic}" + // - "projects/{project}/knowledgeBases/{knowledge_base}" + // + // The components in braces correspond to the IDs for each resource in the + // hierarchy. It is expected that, if multiple patterns are provided, + // the same component name (e.g. "project") refers to IDs of the same + // type of resource. + repeated string pattern = 2; + + // Optional. The field on the resource that designates the resource name + // field. If omitted, this is assumed to be "name". + string name_field = 3; + + // Optional. The historical or future-looking state of the resource pattern. + // + // Example: + // + // // The InspectTemplate message originally only supported resource + // // names with organization, and project was added later. + // message InspectTemplate { + // option (google.api.resource) = { + // type: "dlp.googleapis.com/InspectTemplate" + // pattern: + // "organizations/{organization}/inspectTemplates/{inspect_template}" + // pattern: "projects/{project}/inspectTemplates/{inspect_template}" + // history: ORIGINALLY_SINGLE_PATTERN + // }; + // } + History history = 4; + + // The plural name used in the resource name and permission names, such as + // 'projects' for the resource name of 'projects/{project}' and the permission + // name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same + // concept of the `plural` field in k8s CRD spec + // https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/ + // + // Note: The plural form is required even for singleton resources. See + // https://aip.dev/156 + string plural = 5; + + // The same concept of the `singular` field in k8s CRD spec + // https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/ + // Such as "project" for the `resourcemanager.googleapis.com/Project` type. + string singular = 6; + + // Style flag(s) for this resource. + // These indicate that a resource is expected to conform to a given + // style. See the specific style flags for additional information. + repeated Style style = 10; +} + +// Defines a proto annotation that describes a string field that refers to +// an API resource. +message ResourceReference { + // The resource type that the annotated field references. + // + // Example: + // + // message Subscription { + // string topic = 2 [(google.api.resource_reference) = { + // type: "pubsub.googleapis.com/Topic" + // }]; + // } + // + // Occasionally, a field may reference an arbitrary resource. In this case, + // APIs use the special value * in their resource reference. + // + // Example: + // + // message GetIamPolicyRequest { + // string resource = 2 [(google.api.resource_reference) = { + // type: "*" + // }]; + // } + string type = 1; + + // The resource type of a child collection that the annotated field + // references. This is useful for annotating the `parent` field that + // doesn't have a fixed resource type. + // + // Example: + // + // message ListLogEntriesRequest { + // string parent = 1 [(google.api.resource_reference) = { + // child_type: "logging.googleapis.com/LogEntry" + // }; + // } + string child_type = 2; +} diff --git a/generator/testdata/google/cloud/secretmanager/BUILD.bazel b/generator/testdata/google/cloud/secretmanager/BUILD.bazel new file mode 100644 index 000000000..d0c1ab5ec --- /dev/null +++ b/generator/testdata/google/cloud/secretmanager/BUILD.bazel @@ -0,0 +1,40 @@ +# This build file includes a target for the Ruby wrapper library for +# google-cloud-secret_manager. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +# Export yaml configs. +exports_files(glob(["*.yaml"])) + +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", +) + +# Generates a Ruby wrapper client for secretmanager. +# Ruby wrapper clients are versionless, but are generated from source protos +# for a particular service version, v1 in this case. +ruby_cloud_gapic_library( + name = "secretmanager_ruby_wrapper", + srcs = ["//google/cloud/secretmanager/v1:secretmanager_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-gem-name=google-cloud-secret_manager", + "ruby-cloud-env-prefix=SECRET_MANAGER", + "ruby-cloud-wrapper-of=v1:0.19;v1beta1:0.3", + "ruby-cloud-product-url=https://cloud.google.com/secret-manager", + "ruby-cloud-api-id=secretmanager.googleapis.com", + "ruby-cloud-api-shortname=secretmanager", + ], + ruby_cloud_description = "Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.", + ruby_cloud_title = "Secret Manager", +) + +# Open Source package. +ruby_gapic_assembly_pkg( + name = "google-cloud-secretmanager-ruby", + deps = [ + ":secretmanager_ruby_wrapper", + ], +) diff --git a/generator/testdata/google/cloud/secretmanager/logging/v1/BUILD.bazel b/generator/testdata/google/cloud/secretmanager/logging/v1/BUILD.bazel new file mode 100644 index 000000000..36453edab --- /dev/null +++ b/generator/testdata/google/cloud/secretmanager/logging/v1/BUILD.bazel @@ -0,0 +1,161 @@ +# This file was automatically generated by BuildFileGenerator + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") + +proto_library( + name = "logging_proto", + srcs = [ + "secret_event.proto", + ], + deps = [ + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "logging_java_proto", + deps = [":logging_proto"], +) + +java_grpc_library( + name = "logging_java_grpc", + srcs = [":logging_proto"], + deps = [":logging_java_proto"], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_proto_library", +) + +go_proto_library( + name = "logging_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "cloud.google.com/go/secretmanager/logging/apiv1/loggingpb", + protos = [":logging_proto"], + deps = [ + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "moved_proto_library", + "py_grpc_library", + "py_proto_library", +) + +moved_proto_library( + name = "logging_moved_proto", + srcs = [":logging_proto"], + deps = [ + ], +) + +py_proto_library( + name = "logging_py_proto", + deps = [":logging_moved_proto"], +) + +py_grpc_library( + name = "logging_py_grpc", + srcs = [":logging_moved_proto"], + deps = [":logging_py_proto"], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_proto_library", +) + +php_proto_library( + name = "logging_php_proto", + deps = [":logging_proto"], +) + +############################################################################## +# Node.js +############################################################################## + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "logging_ruby_proto", + deps = [":logging_proto"], +) + +ruby_grpc_library( + name = "logging_ruby_grpc", + srcs = [":logging_proto"], + deps = [":logging_ruby_proto"], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "logging_csharp_proto", + deps = [":logging_proto"], +) + +csharp_grpc_library( + name = "logging_csharp_grpc", + srcs = [":logging_proto"], + deps = [":logging_csharp_proto"], +) + +############################################################################## +# C++ +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "cc_grpc_library", + "cc_proto_library", +) + +cc_proto_library( + name = "logging_cc_proto", + deps = [":logging_proto"], +) + +cc_grpc_library( + name = "logging_cc_grpc", + srcs = [":logging_proto"], + grpc_only = True, + deps = [":logging_cc_proto"], +) diff --git a/generator/testdata/google/cloud/secretmanager/logging/v1/secret_event.proto b/generator/testdata/google/cloud/secretmanager/logging/v1/secret_event.proto new file mode 100644 index 000000000..c7dfd8c43 --- /dev/null +++ b/generator/testdata/google/cloud/secretmanager/logging/v1/secret_event.proto @@ -0,0 +1,71 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.secretmanager.logging.v1; + +option go_package = "cloud.google.com/go/secretmanager/logging/apiv1/loggingpb;loggingpb"; +option java_multiple_files = true; +option java_outer_classname = "SecretEventProto"; +option java_package = "com.google.cloud.secretmanager.logging.v1"; +option csharp_namespace = "Google.Cloud.SecretManager.Logging.V1"; +option php_namespace = "Google\\Cloud\\SecretManager\\Logging\\V1"; +option ruby_package = "Google::Cloud::SecretManager::Logging::V1"; + +// Logged event relating to a specific secret +message SecretEvent { + // Describes the type of event that is being logged. All logs have exactly one + // EventType. + enum EventType { + // An unrecognized event type. Should never be used. + EVENT_TYPE_UNSPECIFIED = 0; + + // The secret is scheduled to expire in 30 days. + EXPIRES_IN_30_DAYS = 1; + + // The secret is scheduled to expire in 7 days. + EXPIRES_IN_7_DAYS = 2; + + // The secret is scheduled to expire in 1 day. + EXPIRES_IN_1_DAY = 3; + + // The secret is scheduled to expire in 6 hours. + EXPIRES_IN_6_HOURS = 4; + + // The secret is scheduled to expire in 1 hour. + EXPIRES_IN_1_HOUR = 5; + + // The secret's expire-time has passed and it has expired. + EXPIRED = 6; + + // A Pub/Sub topic configured on the secret could not be found. + TOPIC_NOT_FOUND = 7; + + // A Pub/Sub topic configured on the secret does not have the needed + // permissions. The Secret Manager P4SA must be granted + // 'pubsub.topic.publish' permission (or 'roles/pubsub.publisher') on the + // topic. + TOPIC_PERMISSION_DENIED = 8; + } + + // Resource name of the secret in the format `projects/*/secrets/*` + string name = 1; + + // Type of event that is being logged for the secret + EventType type = 2; + + // Human readable message describing the event + string log_message = 3; +} diff --git a/generator/testdata/google/cloud/secretmanager/v1/BUILD.bazel b/generator/testdata/google/cloud/secretmanager/v1/BUILD.bazel new file mode 100644 index 000000000..96e89cf11 --- /dev/null +++ b/generator/testdata/google/cloud/secretmanager/v1/BUILD.bazel @@ -0,0 +1,388 @@ +# This file was automatically generated by BuildFileGenerator +# https://github.com/googleapis/rules_gapic/tree/master/bazel + +# Most of the manual changes to this file will be overwritten. +# It's **only** allowed to change the following rule attribute values: +# - names of *_gapic_assembly_* rules +# - certain parameters of *_gapic_library rules, including but not limited to: +# * extra_protoc_parameters +# * extra_protoc_file_parameters +# The complete list of preserved parameters can be found in the source code. + +# This is an API workspace, having public visibility by default makes perfect sense. +package(default_visibility = ["//visibility:public"]) + +############################################################################## +# Common +############################################################################## +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "secretmanager_proto", + srcs = [ + "resources.proto", + "service.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/iam/v1:iam_policy_proto", + "//google/iam/v1:policy_proto", + "@com_google_protobuf//:duration_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library_with_info( + name = "secretmanager_proto_with_info", + deps = [ + ":secretmanager_proto", + "//google/cloud:common_resources_proto", + ], +) + +############################################################################## +# Java +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "java_gapic_assembly_gradle_pkg", + "java_gapic_library", + "java_gapic_test", + "java_grpc_library", + "java_proto_library", +) + +java_proto_library( + name = "secretmanager_java_proto", + deps = [":secretmanager_proto"], +) + +java_grpc_library( + name = "secretmanager_java_grpc", + srcs = [":secretmanager_proto"], + deps = [":secretmanager_java_proto"], +) + +java_gapic_library( + name = "secretmanager_java_gapic", + srcs = [":secretmanager_proto_with_info"], + grpc_service_config = "secretmanager_grpc_service_config.json", + rest_numeric_enums = True, + service_yaml = "secretmanager_v1.yaml", + test_deps = [ + ":secretmanager_java_grpc", + "//google/iam/v1:iam_java_grpc", + ], + transport = "grpc+rest", + deps = [ + ":secretmanager_java_proto", + "//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "secretmanager_java_gapic_test_suite", + test_classes = [ + "com.google.cloud.secretmanager.v1.SecretManagerServiceClientHttpJsonTest", + "com.google.cloud.secretmanager.v1.SecretManagerServiceClientTest", + ], + runtime_deps = [":secretmanager_java_gapic_test"], +) + +# Open Source Packages +java_gapic_assembly_gradle_pkg( + name = "google-cloud-secretmanager-v1-java", + include_samples = True, + transport = "grpc+rest", + deps = [ + ":secretmanager_java_gapic", + ":secretmanager_java_grpc", + ":secretmanager_java_proto", + ":secretmanager_proto", + ], +) + +############################################################################## +# Go +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "go_gapic_assembly_pkg", + "go_gapic_library", + "go_proto_library", +) + +go_proto_library( + name = "secretmanager_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb", + protos = [":secretmanager_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/iam/v1:iam_go_proto", + ], +) + +go_gapic_library( + name = "secretmanager_go_gapic", + srcs = [":secretmanager_proto_with_info"], + grpc_service_config = "secretmanager_grpc_service_config.json", + importpath = "cloud.google.com/go/secretmanager/apiv1;secretmanager", + metadata = True, + release_level = "ga", + rest_numeric_enums = True, + service_yaml = "secretmanager_v1.yaml", + transport = "grpc+rest", + deps = [ + ":secretmanager_go_proto", + "//google/iam/v1:iam_go_proto", + "@io_bazel_rules_go//proto/wkt:duration_go_proto", + ], +) + +# Open Source Packages +go_gapic_assembly_pkg( + name = "gapi-cloud-secretmanager-v1-go", + deps = [ + ":secretmanager_go_gapic", + ":secretmanager_go_gapic_srcjar-metadata.srcjar", + ":secretmanager_go_gapic_srcjar-snippets.srcjar", + ":secretmanager_go_gapic_srcjar-test.srcjar", + ":secretmanager_go_proto", + ], +) + +############################################################################## +# Python +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "py_gapic_assembly_pkg", + "py_gapic_library", + "py_test", +) + +py_gapic_library( + name = "secretmanager_py_gapic", + srcs = [":secretmanager_proto"], + grpc_service_config = "secretmanager_grpc_service_config.json", + opt_args = [ + "warehouse-package-name=google-cloud-secret-manager", + ], + rest_numeric_enums = True, + service_yaml = "secretmanager_v1.yaml", + transport = "grpc+rest", + deps = [ + "//google/iam/v1:iam_policy_py_proto", + ], +) + +py_test( + name = "secretmanager_py_gapic_test", + srcs = [ + "secretmanager_py_gapic_pytest.py", + "secretmanager_py_gapic_test.py", + ], + legacy_create_init = False, + deps = [":secretmanager_py_gapic"], +) + +# Open Source Packages +py_gapic_assembly_pkg( + name = "secretmanager-v1-py", + deps = [ + ":secretmanager_py_gapic", + ], +) + +############################################################################## +# PHP +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "php_gapic_assembly_pkg", + "php_gapic_library", + "php_proto_library", +) + +php_proto_library( + name = "secretmanager_php_proto", + deps = [":secretmanager_proto"], +) + +php_gapic_library( + name = "secretmanager_php_gapic", + srcs = [":secretmanager_proto_with_info"], + grpc_service_config = "secretmanager_grpc_service_config.json", + migration_mode = "MIGRATING", + rest_numeric_enums = True, + service_yaml = "secretmanager_v1.yaml", + transport = "grpc+rest", + deps = [":secretmanager_php_proto"], +) + +# Open Source Packages +php_gapic_assembly_pkg( + name = "google-cloud-secretmanager-v1-php", + deps = [ + ":secretmanager_php_gapic", + ":secretmanager_php_proto", + ], +) + +############################################################################## +# Node.js +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "nodejs_gapic_assembly_pkg", + "nodejs_gapic_library", +) + +nodejs_gapic_library( + name = "secretmanager_nodejs_gapic", + package_name = "@google-cloud/secret-manager", + src = ":secretmanager_proto_with_info", + extra_protoc_parameters = ["metadata"], + grpc_service_config = "secretmanager_grpc_service_config.json", + package = "google.cloud.secretmanager.v1", + rest_numeric_enums = True, + service_yaml = "secretmanager_v1.yaml", + transport = "grpc+rest", + deps = [], +) + +nodejs_gapic_assembly_pkg( + name = "secretmanager-v1-nodejs", + deps = [ + ":secretmanager_nodejs_gapic", + ":secretmanager_proto", + ], +) + +############################################################################## +# Ruby +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "ruby_cloud_gapic_library", + "ruby_gapic_assembly_pkg", + "ruby_grpc_library", + "ruby_proto_library", +) + +ruby_proto_library( + name = "secretmanager_ruby_proto", + deps = [":secretmanager_proto"], +) + +ruby_grpc_library( + name = "secretmanager_ruby_grpc", + srcs = [":secretmanager_proto"], + deps = [":secretmanager_ruby_proto"], +) + +ruby_cloud_gapic_library( + name = "secretmanager_ruby_gapic", + srcs = [":secretmanager_proto_with_info"], + extra_protoc_parameters = [ + "ruby-cloud-api-id=secretmanager.googleapis.com", + "ruby-cloud-api-shortname=secretmanager", + "ruby-cloud-env-prefix=SECRET_MANAGER", + "ruby-cloud-gem-name=google-cloud-secret_manager-v1", + "ruby-cloud-product-url=https://cloud.google.com/secret-manager", + ], + grpc_service_config = "secretmanager_grpc_service_config.json", + rest_numeric_enums = True, + ruby_cloud_description = "Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.", + ruby_cloud_title = "Secret Manager V1", + service_yaml = "secretmanager_v1.yaml", + transport = "grpc+rest", + deps = [ + ":secretmanager_ruby_grpc", + ":secretmanager_ruby_proto", + ], +) + +# Open Source Packages +ruby_gapic_assembly_pkg( + name = "google-cloud-secretmanager-v1-ruby", + deps = [ + ":secretmanager_ruby_gapic", + ":secretmanager_ruby_grpc", + ":secretmanager_ruby_proto", + ], +) + +############################################################################## +# C# +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "csharp_gapic_assembly_pkg", + "csharp_gapic_library", + "csharp_grpc_library", + "csharp_proto_library", +) + +csharp_proto_library( + name = "secretmanager_csharp_proto", + deps = [":secretmanager_proto"], +) + +csharp_grpc_library( + name = "secretmanager_csharp_grpc", + srcs = [":secretmanager_proto"], + deps = [":secretmanager_csharp_proto"], +) + +csharp_gapic_library( + name = "secretmanager_csharp_gapic", + srcs = [":secretmanager_proto_with_info"], + common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", + grpc_service_config = "secretmanager_grpc_service_config.json", + rest_numeric_enums = True, + service_yaml = "secretmanager_v1.yaml", + transport = "grpc+rest", + deps = [ + ":secretmanager_csharp_grpc", + ":secretmanager_csharp_proto", + ], +) + +# Open Source Packages +csharp_gapic_assembly_pkg( + name = "google-cloud-secretmanager-v1-csharp", + deps = [ + ":secretmanager_csharp_gapic", + ":secretmanager_csharp_grpc", + ":secretmanager_csharp_proto", + ], +) + +############################################################################## +# C++ +############################################################################## +load( + "@com_google_googleapis_imports//:imports.bzl", + "cc_grpc_library", + "cc_proto_library", +) + +cc_proto_library( + name = "secretmanager_cc_proto", + deps = [":secretmanager_proto"], +) + +cc_grpc_library( + name = "secretmanager_cc_grpc", + srcs = [":secretmanager_proto"], + grpc_only = True, + deps = [":secretmanager_cc_proto"], +) diff --git a/generator/testdata/google/cloud/secretmanager/v1/resources.proto b/generator/testdata/google/cloud/secretmanager/v1/resources.proto new file mode 100644 index 000000000..0be89098c --- /dev/null +++ b/generator/testdata/google/cloud/secretmanager/v1/resources.proto @@ -0,0 +1,446 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.secretmanager.v1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/timestamp.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.SecretManager.V1"; +option go_package = "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb;secretmanagerpb"; +option java_multiple_files = true; +option java_outer_classname = "ResourcesProto"; +option java_package = "com.google.cloud.secretmanager.v1"; +option objc_class_prefix = "GSM"; +option php_namespace = "Google\\Cloud\\SecretManager\\V1"; +option ruby_package = "Google::Cloud::SecretManager::V1"; + +// A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose +// value and versions can be accessed. +// +// A [Secret][google.cloud.secretmanager.v1.Secret] is made up of zero or more +// [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] that represent +// the secret data. +message Secret { + option (google.api.resource) = { + type: "secretmanager.googleapis.com/Secret" + pattern: "projects/{project}/secrets/{secret}" + }; + + // Output only. The resource name of the + // [Secret][google.cloud.secretmanager.v1.Secret] in the format + // `projects/*/secrets/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Required. Immutable. The replication policy of the secret data attached to + // the [Secret][google.cloud.secretmanager.v1.Secret]. + // + // The replication policy cannot be changed after the Secret has been created. + Replication replication = 2 [ + (google.api.field_behavior) = IMMUTABLE, + (google.api.field_behavior) = REQUIRED + ]; + + // Output only. The time at which the + // [Secret][google.cloud.secretmanager.v1.Secret] was created. + google.protobuf.Timestamp create_time = 3 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // The labels assigned to this Secret. + // + // Label keys must be between 1 and 63 characters long, have a UTF-8 encoding + // of maximum 128 bytes, and must conform to the following PCRE regular + // expression: `[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}` + // + // Label values must be between 0 and 63 characters long, have a UTF-8 + // encoding of maximum 128 bytes, and must conform to the following PCRE + // regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` + // + // No more than 64 labels can be assigned to a given resource. + map labels = 4; + + // Optional. A list of up to 10 Pub/Sub topics to which messages are published + // when control plane operations are called on the secret or its versions. + repeated Topic topics = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Expiration policy attached to the + // [Secret][google.cloud.secretmanager.v1.Secret]. If specified the + // [Secret][google.cloud.secretmanager.v1.Secret] and all + // [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] will be + // automatically deleted at expiration. Expired secrets are irreversibly + // deleted. + // + // Expiration is *not* the recommended way to set time-based permissions. [IAM + // Conditions](https://cloud.google.com/secret-manager/docs/access-control#conditions) + // is recommended for granting time-based permissions because the operation + // can be reversed. + oneof expiration { + // Optional. Timestamp in UTC when the + // [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to expire. + // This is always provided on output, regardless of what was sent on input. + google.protobuf.Timestamp expire_time = 6 + [(google.api.field_behavior) = OPTIONAL]; + + // Input only. The TTL for the + // [Secret][google.cloud.secretmanager.v1.Secret]. + google.protobuf.Duration ttl = 7 [(google.api.field_behavior) = INPUT_ONLY]; + } + + // Optional. Etag of the currently stored + // [Secret][google.cloud.secretmanager.v1.Secret]. + string etag = 8 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Rotation policy attached to the + // [Secret][google.cloud.secretmanager.v1.Secret]. May be excluded if there is + // no rotation policy. + Rotation rotation = 9 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Mapping from version alias to version name. + // + // A version alias is a string with a maximum length of 63 characters and can + // contain uppercase and lowercase letters, numerals, and the hyphen (`-`) + // and underscore ('_') characters. An alias string must start with a + // letter and cannot be the string 'latest' or 'NEW'. + // No more than 50 aliases can be assigned to a given secret. + // + // Version-Alias pairs will be viewable via GetSecret and modifiable via + // UpdateSecret. At launch access by alias will only be supported on + // GetSecretVersion and AccessSecretVersion. + map version_aliases = 11 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Custom metadata about the secret. + // + // Annotations are distinct from various forms of labels. + // Annotations exist to allow client tools to store their own state + // information without requiring a database. + // + // Annotation keys must be between 1 and 63 characters long, have a UTF-8 + // encoding of maximum 128 bytes, begin and end with an alphanumeric character + // ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and + // alphanumerics in between these symbols. + // + // The total size of annotation keys and values must be less than 16KiB. + map annotations = 13 [(google.api.field_behavior) = OPTIONAL]; +} + +// A secret version resource in the Secret Manager API. +message SecretVersion { + option (google.api.resource) = { + type: "secretmanager.googleapis.com/SecretVersion" + pattern: "projects/{project}/secrets/{secret}/versions/{secret_version}" + }; + + // The state of a + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion], indicating if + // it can be accessed. + enum State { + // Not specified. This value is unused and invalid. + STATE_UNSPECIFIED = 0; + + // The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] may be + // accessed. + ENABLED = 1; + + // The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] may not + // be accessed, but the secret data is still available and can be placed + // back into the + // [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED] + // state. + DISABLED = 2; + + // The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] is + // destroyed and the secret data is no longer stored. A version may not + // leave this state once entered. + DESTROYED = 3; + } + + // Output only. The resource name of the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format + // `projects/*/secrets/*/versions/*`. + // + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] IDs in a + // [Secret][google.cloud.secretmanager.v1.Secret] start at 1 and are + // incremented for each subsequent version of the secret. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was created. + google.protobuf.Timestamp create_time = 2 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was destroyed. + // Only present if [state][google.cloud.secretmanager.v1.SecretVersion.state] + // is + // [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED]. + google.protobuf.Timestamp destroy_time = 3 + [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The current state of the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + State state = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // The replication status of the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + ReplicationStatus replication_status = 5; + + // Output only. Etag of the currently stored + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + string etag = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. True if payload checksum specified in + // [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] object has + // been received by + // [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] + // on + // [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion]. + bool client_specified_payload_checksum = 7 + [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A policy that defines the replication and encryption configuration of data. +message Replication { + // A replication policy that replicates the + // [Secret][google.cloud.secretmanager.v1.Secret] payload without any + // restrictions. + message Automatic { + // Optional. The customer-managed encryption configuration of the + // [Secret][google.cloud.secretmanager.v1.Secret]. If no configuration is + // provided, Google-managed default encryption is used. + // + // Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption + // configuration only apply to + // [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added + // afterwards. They do not apply retroactively to existing + // [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + CustomerManagedEncryption customer_managed_encryption = 1 + [(google.api.field_behavior) = OPTIONAL]; + } + + // A replication policy that replicates the + // [Secret][google.cloud.secretmanager.v1.Secret] payload into the locations + // specified in [Secret.replication.user_managed.replicas][] + message UserManaged { + // Represents a Replica for this + // [Secret][google.cloud.secretmanager.v1.Secret]. + message Replica { + // The canonical IDs of the location to replicate data. + // For example: `"us-east1"`. + string location = 1; + + // Optional. The customer-managed encryption configuration of the + // [User-Managed Replica][Replication.UserManaged.Replica]. If no + // configuration is provided, Google-managed default encryption is used. + // + // Updates to the [Secret][google.cloud.secretmanager.v1.Secret] + // encryption configuration only apply to + // [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added + // afterwards. They do not apply retroactively to existing + // [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + CustomerManagedEncryption customer_managed_encryption = 2 + [(google.api.field_behavior) = OPTIONAL]; + } + + // Required. The list of Replicas for this + // [Secret][google.cloud.secretmanager.v1.Secret]. + // + // Cannot be empty. + repeated Replica replicas = 1 [(google.api.field_behavior) = REQUIRED]; + } + + // The replication policy for this secret. + oneof replication { + // The [Secret][google.cloud.secretmanager.v1.Secret] will automatically be + // replicated without any restrictions. + Automatic automatic = 1; + + // The [Secret][google.cloud.secretmanager.v1.Secret] will only be + // replicated into the locations specified. + UserManaged user_managed = 2; + } +} + +// Configuration for encrypting secret payloads using customer-managed +// encryption keys (CMEK). +message CustomerManagedEncryption { + // Required. The resource name of the Cloud KMS CryptoKey used to encrypt + // secret payloads. + // + // For secrets using the + // [UserManaged][google.cloud.secretmanager.v1.Replication.UserManaged] + // replication policy type, Cloud KMS CryptoKeys must reside in the same + // location as the [replica location][Secret.UserManaged.Replica.location]. + // + // For secrets using the + // [Automatic][google.cloud.secretmanager.v1.Replication.Automatic] + // replication policy type, Cloud KMS CryptoKeys must reside in `global`. + // + // The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + string kms_key_name = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// The replication status of a +// [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. +message ReplicationStatus { + // The replication status of a + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] using + // automatic replication. + // + // Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] + // has an automatic replication policy. + message AutomaticStatus { + // Output only. The customer-managed encryption status of the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only + // populated if customer-managed encryption is used. + CustomerManagedEncryptionStatus customer_managed_encryption = 1 + [(google.api.field_behavior) = OUTPUT_ONLY]; + } + + // The replication status of a + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] using + // user-managed replication. + // + // Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] + // has a user-managed replication policy. + message UserManagedStatus { + // Describes the status of a user-managed replica for the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + message ReplicaStatus { + // Output only. The canonical ID of the replica location. + // For example: `"us-east1"`. + string location = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The customer-managed encryption status of the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only + // populated if customer-managed encryption is used. + CustomerManagedEncryptionStatus customer_managed_encryption = 2 + [(google.api.field_behavior) = OUTPUT_ONLY]; + } + + // Output only. The list of replica statuses for the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + repeated ReplicaStatus replicas = 1 + [(google.api.field_behavior) = OUTPUT_ONLY]; + } + + // The replication status of the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + oneof replication_status { + // Describes the replication status of a + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with + // automatic replication. + // + // Only populated if the parent + // [Secret][google.cloud.secretmanager.v1.Secret] has an automatic + // replication policy. + AutomaticStatus automatic = 1; + + // Describes the replication status of a + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with + // user-managed replication. + // + // Only populated if the parent + // [Secret][google.cloud.secretmanager.v1.Secret] has a user-managed + // replication policy. + UserManagedStatus user_managed = 2; + } +} + +// Describes the status of customer-managed encryption. +message CustomerManagedEncryptionStatus { + // Required. The resource name of the Cloud KMS CryptoKeyVersion used to + // encrypt the secret payload, in the following format: + // `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`. + string kms_key_version_name = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// A Pub/Sub topic which Secret Manager will publish to when control plane +// events occur on this secret. +message Topic { + option (google.api.resource) = { + type: "pubsub.googleapis.com/Topic" + pattern: "projects/{project}/topics/{topic}" + }; + + // Required. The resource name of the Pub/Sub topic that will be published to, + // in the following format: `projects/*/topics/*`. For publication to succeed, + // the Secret Manager P4SA must have `pubsub.publisher` permissions on the + // topic. + string name = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// The rotation time and period for a +// [Secret][google.cloud.secretmanager.v1.Secret]. At next_rotation_time, Secret +// Manager will send a Pub/Sub notification to the topics configured on the +// Secret. [Secret.topics][google.cloud.secretmanager.v1.Secret.topics] must be +// set to configure rotation. +message Rotation { + // Optional. Timestamp in UTC at which the + // [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to rotate. + // Cannot be set to less than 300s (5 min) in the future and at most + // 3153600000s (100 years). + // + // [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + // MUST be set if + // [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] + // is set. + google.protobuf.Timestamp next_rotation_time = 1 + [(google.api.field_behavior) = OPTIONAL]; + + // Input only. The Duration between rotation notifications. Must be in seconds + // and at least 3600s (1h) and at most 3153600000s (100 years). + // + // If + // [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] + // is set, + // [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + // must be set. + // [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + // will be advanced by this period when the service automatically sends + // rotation notifications. + google.protobuf.Duration rotation_period = 2 + [(google.api.field_behavior) = INPUT_ONLY]; +} + +// A secret payload resource in the Secret Manager API. This contains the +// sensitive secret payload that is associated with a +// [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. +message SecretPayload { + // The secret data. Must be no larger than 64KiB. + bytes data = 1; + + // Optional. If specified, + // [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] + // will verify the integrity of the received + // [data][google.cloud.secretmanager.v1.SecretPayload.data] on + // [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] + // calls using the crc32c checksum and store it to include in future + // [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion] + // responses. If a checksum is not provided in the + // [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] + // request, the + // [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] + // will generate and store one for you. + // + // The CRC32C value is encoded as a Int64 for compatibility, and can be + // safely downconverted to uint32 in languages that support this type. + // https://cloud.google.com/apis/design/design_patterns#integer_types + optional int64 data_crc32c = 2 [(google.api.field_behavior) = OPTIONAL]; +} diff --git a/generator/testdata/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json b/generator/testdata/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json new file mode 100644 index 000000000..7d86ab0b8 --- /dev/null +++ b/generator/testdata/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json @@ -0,0 +1,84 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "ListSecrets" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "CreateSecret" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "AddSecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "GetSecret" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "UpdateSecret" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "DeleteSecret" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "ListSecretVersions" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "GetSecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "DisableSecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "EnableSecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "DestroySecretVersion" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "SetIamPolicy" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "GetIamPolicy" + }, + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "TestIamPermissions" + } + ], + "timeout": "60s" + }, + { + "name": [ + { + "service": "google.cloud.secretmanager.v1.SecretManagerService", + "method": "AccessSecretVersion" + } + ], + "timeout": "60s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "2s", + "maxBackoff": "60s", + "backoffMultiplier": 2.0, + "retryableStatusCodes": [ + "UNAVAILABLE", + "RESOURCE_EXHAUSTED" + ] + } + } + ] +} diff --git a/generator/testdata/google/cloud/secretmanager/v1/secretmanager_v1.yaml b/generator/testdata/google/cloud/secretmanager/v1/secretmanager_v1.yaml new file mode 100644 index 000000000..b269b2981 --- /dev/null +++ b/generator/testdata/google/cloud/secretmanager/v1/secretmanager_v1.yaml @@ -0,0 +1,50 @@ +type: google.api.Service +config_version: 3 +name: secretmanager.googleapis.com +title: Secret Manager API + +apis: +- name: google.cloud.secretmanager.v1.SecretManagerService + +documentation: + summary: |- + Stores sensitive data such as API keys, passwords, and certificates. + Provides convenience while improving security. + overview: Secret Manager Overview + rules: + - selector: google.cloud.location.Locations.GetLocation + description: Gets information about a location. + + - selector: google.cloud.location.Locations.ListLocations + description: Lists information about the supported locations for this service. + +backend: + rules: + - selector: google.cloud.location.Locations.GetLocation + deadline: 60.0 + - selector: google.cloud.location.Locations.ListLocations + deadline: 60.0 + - selector: 'google.cloud.secretmanager.v1.SecretManagerService.*' + deadline: 60.0 + +http: + rules: + - selector: google.cloud.location.Locations.GetLocation + get: '/v1/{name=projects/*/locations/*}' + - selector: google.cloud.location.Locations.ListLocations + get: '/v1/{name=projects/*}/locations' + +authentication: + rules: + - selector: google.cloud.location.Locations.GetLocation + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: google.cloud.location.Locations.ListLocations + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform + - selector: 'google.cloud.secretmanager.v1.SecretManagerService.*' + oauth: + canonical_scopes: |- + https://www.googleapis.com/auth/cloud-platform diff --git a/generator/testdata/google/cloud/secretmanager/v1/service.proto b/generator/testdata/google/cloud/secretmanager/v1/service.proto new file mode 100644 index 000000000..029d38f4a --- /dev/null +++ b/generator/testdata/google/cloud/secretmanager/v1/service.proto @@ -0,0 +1,455 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.secretmanager.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/cloud/secretmanager/v1/resources.proto"; +import "google/iam/v1/iam_policy.proto"; +import "google/iam/v1/policy.proto"; +import "google/protobuf/empty.proto"; +import "google/protobuf/field_mask.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.SecretManager.V1"; +option go_package = "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb;secretmanagerpb"; +option java_multiple_files = true; +option java_outer_classname = "ServiceProto"; +option java_package = "com.google.cloud.secretmanager.v1"; +option objc_class_prefix = "GSM"; +option php_namespace = "Google\\Cloud\\SecretManager\\V1"; +option ruby_package = "Google::Cloud::SecretManager::V1"; + +// Secret Manager Service +// +// Manages secrets and operations using those secrets. Implements a REST +// model with the following objects: +// +// * [Secret][google.cloud.secretmanager.v1.Secret] +// * [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] +service SecretManagerService { + option (google.api.default_host) = "secretmanager.googleapis.com"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; + + // Lists [Secrets][google.cloud.secretmanager.v1.Secret]. + rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*}/secrets" + }; + option (google.api.method_signature) = "parent"; + } + + // Creates a new [Secret][google.cloud.secretmanager.v1.Secret] containing no [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + rpc CreateSecret(CreateSecretRequest) returns (Secret) { + option (google.api.http) = { + post: "/v1/{parent=projects/*}/secrets" + body: "secret" + }; + option (google.api.method_signature) = "parent,secret_id,secret"; + } + + // Creates a new [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] containing secret data and attaches + // it to an existing [Secret][google.cloud.secretmanager.v1.Secret]. + rpc AddSecretVersion(AddSecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/secrets/*}:addVersion" + body: "*" + }; + option (google.api.method_signature) = "parent,payload"; + } + + // Gets metadata for a given [Secret][google.cloud.secretmanager.v1.Secret]. + rpc GetSecret(GetSecretRequest) returns (Secret) { + option (google.api.http) = { + get: "/v1/{name=projects/*/secrets/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Updates metadata of an existing [Secret][google.cloud.secretmanager.v1.Secret]. + rpc UpdateSecret(UpdateSecretRequest) returns (Secret) { + option (google.api.http) = { + patch: "/v1/{secret.name=projects/*/secrets/*}" + body: "secret" + }; + option (google.api.method_signature) = "secret,update_mask"; + } + + // Deletes a [Secret][google.cloud.secretmanager.v1.Secret]. + rpc DeleteSecret(DeleteSecretRequest) returns (google.protobuf.Empty) { + option (google.api.http) = { + delete: "/v1/{name=projects/*/secrets/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Lists [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. This call does not return secret + // data. + rpc ListSecretVersions(ListSecretVersionsRequest) returns (ListSecretVersionsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/secrets/*}/versions" + }; + option (google.api.method_signature) = "parent"; + } + + // Gets metadata for a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + // + // `projects/*/secrets/*/versions/latest` is an alias to the most recently + // created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + rpc GetSecretVersion(GetSecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + get: "/v1/{name=projects/*/secrets/*/versions/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Accesses a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. This call returns the secret data. + // + // `projects/*/secrets/*/versions/latest` is an alias to the most recently + // created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + rpc AccessSecretVersion(AccessSecretVersionRequest) returns (AccessSecretVersionResponse) { + option (google.api.http) = { + get: "/v1/{name=projects/*/secrets/*/versions/*}:access" + }; + option (google.api.method_signature) = "name"; + } + + // Disables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + // + // Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to + // [DISABLED][google.cloud.secretmanager.v1.SecretVersion.State.DISABLED]. + rpc DisableSecretVersion(DisableSecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/secrets/*/versions/*}:disable" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Enables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + // + // Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to + // [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED]. + rpc EnableSecretVersion(EnableSecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/secrets/*/versions/*}:enable" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Destroys a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + // + // Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to + // [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED] and irrevocably destroys the + // secret data. + rpc DestroySecretVersion(DestroySecretVersionRequest) returns (SecretVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/secrets/*/versions/*}:destroy" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Sets the access control policy on the specified secret. Replaces any + // existing policy. + // + // Permissions on [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] are enforced according + // to the policy set on the associated [Secret][google.cloud.secretmanager.v1.Secret]. + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/secrets/*}:setIamPolicy" + body: "*" + }; + } + + // Gets the access control policy for a secret. + // Returns empty policy if the secret exists and does not have a policy set. + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { + option (google.api.http) = { + get: "/v1/{resource=projects/*/secrets/*}:getIamPolicy" + }; + } + + // Returns permissions that a caller has for the specified secret. + // If the secret does not exist, this call returns an empty set of + // permissions, not a NOT_FOUND error. + // + // Note: This operation is designed to be used for building permission-aware + // UIs and command-line tools, not for authorization checking. This operation + // may "fail open" without warning. + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { + option (google.api.http) = { + post: "/v1/{resource=projects/*/secrets/*}:testIamPermissions" + body: "*" + }; + } +} + +// Request message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. +message ListSecretsRequest { + // Required. The resource name of the project associated with the + // [Secrets][google.cloud.secretmanager.v1.Secret], in the format `projects/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } + ]; + + // Optional. The maximum number of results to be returned in a single page. If + // set to 0, the server decides the number of results to return. If the + // number is greater than 25000, it is capped at 25000. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Pagination token, returned earlier via + // [ListSecretsResponse.next_page_token][google.cloud.secretmanager.v1.ListSecretsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Filter string, adhering to the rules in + // [List-operation + // filtering](https://cloud.google.com/secret-manager/docs/filtering). List + // only secrets matching the filter. If filter is empty, all secrets are + // listed. + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. +message ListSecretsResponse { + // The list of [Secrets][google.cloud.secretmanager.v1.Secret] sorted in reverse by create_time (newest + // first). + repeated Secret secrets = 1; + + // A token to retrieve the next page of results. Pass this value in + // [ListSecretsRequest.page_token][google.cloud.secretmanager.v1.ListSecretsRequest.page_token] to retrieve the next page. + string next_page_token = 2; + + // The total number of [Secrets][google.cloud.secretmanager.v1.Secret]. + int32 total_size = 3; +} + +// Request message for [SecretManagerService.CreateSecret][google.cloud.secretmanager.v1.SecretManagerService.CreateSecret]. +message CreateSecretRequest { + // Required. The resource name of the project to associate with the + // [Secret][google.cloud.secretmanager.v1.Secret], in the format `projects/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } + ]; + + // Required. This must be unique within the project. + // + // A secret ID is a string with a maximum length of 255 characters and can + // contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and + // underscore (`_`) characters. + string secret_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. A [Secret][google.cloud.secretmanager.v1.Secret] with initial field values. + Secret secret = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion]. +message AddSecretVersionRequest { + // Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to associate with the + // [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format `projects/*/secrets/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/Secret" + } + ]; + + // Required. The secret payload of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + SecretPayload payload = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for [SecretManagerService.GetSecret][google.cloud.secretmanager.v1.SecretManagerService.GetSecret]. +message GetSecretRequest { + // Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret], in the format `projects/*/secrets/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/Secret" + } + ]; +} + +// Request message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. +message ListSecretVersionsRequest { + // Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] associated with the + // [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] to list, in the format + // `projects/*/secrets/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/Secret" + } + ]; + + // Optional. The maximum number of results to be returned in a single page. If + // set to 0, the server decides the number of results to return. If the + // number is greater than 25000, it is capped at 25000. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Pagination token, returned earlier via + // ListSecretVersionsResponse.next_page_token][]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Filter string, adhering to the rules in + // [List-operation + // filtering](https://cloud.google.com/secret-manager/docs/filtering). List + // only secret versions matching the filter. If filter is empty, all secret + // versions are listed. + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. +message ListSecretVersionsResponse { + // The list of [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] sorted in reverse by + // create_time (newest first). + repeated SecretVersion versions = 1; + + // A token to retrieve the next page of results. Pass this value in + // [ListSecretVersionsRequest.page_token][google.cloud.secretmanager.v1.ListSecretVersionsRequest.page_token] to retrieve the next page. + string next_page_token = 2; + + // The total number of [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + int32 total_size = 3; +} + +// Request message for [SecretManagerService.GetSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.GetSecretVersion]. +message GetSecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format + // `projects/*/secrets/*/versions/*`. + // + // `projects/*/secrets/*/versions/latest` is an alias to the most recently + // created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; +} + +// Request message for [SecretManagerService.UpdateSecret][google.cloud.secretmanager.v1.SecretManagerService.UpdateSecret]. +message UpdateSecretRequest { + // Required. [Secret][google.cloud.secretmanager.v1.Secret] with updated field values. + Secret secret = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. Specifies the fields to be updated. + google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion]. +message AccessSecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format + // `projects/*/secrets/*/versions/*`. + // + // `projects/*/secrets/*/versions/latest` is an alias to the most recently + // created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; +} + +// Response message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion]. +message AccessSecretVersionResponse { + // The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [(google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + }]; + + // Secret payload + SecretPayload payload = 2; +} + +// Request message for [SecretManagerService.DeleteSecret][google.cloud.secretmanager.v1.SecretManagerService.DeleteSecret]. +message DeleteSecretRequest { + // Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to delete in the format + // `projects/*/secrets/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/Secret" + } + ]; + + // Optional. Etag of the [Secret][google.cloud.secretmanager.v1.Secret]. The request succeeds if it matches + // the etag of the currently stored secret object. If the etag is omitted, + // the request succeeds. + string etag = 2 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DisableSecretVersion]. +message DisableSecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to disable in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; + + // Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches + // the etag of the currently stored secret version object. If the etag is + // omitted, the request succeeds. + string etag = 2 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.EnableSecretVersion]. +message EnableSecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to enable in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; + + // Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches + // the etag of the currently stored secret version object. If the etag is + // omitted, the request succeeds. + string etag = 2 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DestroySecretVersion]. +message DestroySecretVersionRequest { + // Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to destroy in the format + // `projects/*/secrets/*/versions/*`. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "secretmanager.googleapis.com/SecretVersion" + } + ]; + + // Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches + // the etag of the currently stored secret version object. If the etag is + // omitted, the request succeeds. + string etag = 2 [(google.api.field_behavior) = OPTIONAL]; +} diff --git a/generator/testdata/google/iam/v1/iam_policy.proto b/generator/testdata/google/iam/v1/iam_policy.proto new file mode 100644 index 000000000..10c65f968 --- /dev/null +++ b/generator/testdata/google/iam/v1/iam_policy.proto @@ -0,0 +1,155 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.iam.v1; + +import "google/api/annotations.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/iam/v1/options.proto"; +import "google/iam/v1/policy.proto"; +import "google/protobuf/field_mask.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Iam.V1"; +option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb"; +option java_multiple_files = true; +option java_outer_classname = "IamPolicyProto"; +option java_package = "com.google.iam.v1"; +option php_namespace = "Google\\Cloud\\Iam\\V1"; + +// API Overview +// +// +// Manages Identity and Access Management (IAM) policies. +// +// Any implementation of an API that offers access control features +// implements the google.iam.v1.IAMPolicy interface. +// +// ## Data model +// +// Access control is applied when a principal (user or service account), takes +// some action on a resource exposed by a service. Resources, identified by +// URI-like names, are the unit of access control specification. Service +// implementations can choose the granularity of access control and the +// supported permissions for their resources. +// For example one database service may allow access control to be +// specified only at the Table level, whereas another might allow access control +// to also be specified at the Column level. +// +// ## Policy Structure +// +// See google.iam.v1.Policy +// +// This is intentionally not a CRUD style API because access control policies +// are created and deleted implicitly with the resources to which they are +// attached. +service IAMPolicy { + option (google.api.default_host) = "iam-meta-api.googleapis.com"; + + // Sets the access control policy on the specified resource. Replaces any + // existing policy. + // + // Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. + rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy) { + option (google.api.http) = { + post: "/v1/{resource=**}:setIamPolicy" + body: "*" + }; + } + + // Gets the access control policy for a resource. + // Returns an empty policy if the resource exists and does not have a policy + // set. + rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy) { + option (google.api.http) = { + post: "/v1/{resource=**}:getIamPolicy" + body: "*" + }; + } + + // Returns permissions that a caller has on the specified resource. + // If the resource does not exist, this will return an empty set of + // permissions, not a `NOT_FOUND` error. + // + // Note: This operation is designed to be used for building permission-aware + // UIs and command-line tools, not for authorization checking. This operation + // may "fail open" without warning. + rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse) { + option (google.api.http) = { + post: "/v1/{resource=**}:testIamPermissions" + body: "*" + }; + } +} + +// Request message for `SetIamPolicy` method. +message SetIamPolicyRequest { + // REQUIRED: The resource for which the policy is being specified. + // See the operation documentation for the appropriate value for this field. + string resource = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference).type = "*"]; + + // REQUIRED: The complete policy to be applied to the `resource`. The size of + // the policy is limited to a few 10s of KB. An empty policy is a + // valid policy but certain Cloud Platform services (such as Projects) + // might reject them. + Policy policy = 2 [(google.api.field_behavior) = REQUIRED]; + + // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only + // the fields in the mask will be modified. If no mask is provided, the + // following default mask is used: + // + // `paths: "bindings, etag"` + google.protobuf.FieldMask update_mask = 3; +} + +// Request message for `GetIamPolicy` method. +message GetIamPolicyRequest { + // REQUIRED: The resource for which the policy is being requested. + // See the operation documentation for the appropriate value for this field. + string resource = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference).type = "*"]; + + // OPTIONAL: A `GetPolicyOptions` object for specifying options to + // `GetIamPolicy`. + GetPolicyOptions options = 2; +} + +// Request message for `TestIamPermissions` method. +message TestIamPermissionsRequest { + // REQUIRED: The resource for which the policy detail is being requested. + // See the operation documentation for the appropriate value for this field. + string resource = 1[ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference).type = "*"]; + + // The set of permissions to check for the `resource`. Permissions with + // wildcards (such as '*' or 'storage.*') are not allowed. For more + // information see + // [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). + repeated string permissions = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Response message for `TestIamPermissions` method. +message TestIamPermissionsResponse { + // A subset of `TestPermissionsRequest.permissions` that the caller is + // allowed. + repeated string permissions = 1; +} diff --git a/generator/testdata/google/iam/v1/options.proto b/generator/testdata/google/iam/v1/options.proto new file mode 100644 index 000000000..84e9c4736 --- /dev/null +++ b/generator/testdata/google/iam/v1/options.proto @@ -0,0 +1,48 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.iam.v1; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Iam.V1"; +option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb"; +option java_multiple_files = true; +option java_outer_classname = "OptionsProto"; +option java_package = "com.google.iam.v1"; +option php_namespace = "Google\\Cloud\\Iam\\V1"; + +// Encapsulates settings provided to GetIamPolicy. +message GetPolicyOptions { + // Optional. The maximum policy version that will be used to format the + // policy. + // + // Valid values are 0, 1, and 3. Requests specifying an invalid value will be + // rejected. + // + // Requests for policies with any conditional role bindings must specify + // version 3. Policies with no conditional role bindings may specify any valid + // value or leave the field unset. + // + // The policy in the response might use the policy version that you specified, + // or it might use a lower policy version. For example, if you specify version + // 3, but the policy has no conditional role bindings, the response uses + // version 1. + // + // To learn which resources support conditions in their IAM policies, see the + // [IAM + // documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + int32 requested_policy_version = 1; +} diff --git a/generator/testdata/google/iam/v1/policy.proto b/generator/testdata/google/iam/v1/policy.proto new file mode 100644 index 000000000..2386563b3 --- /dev/null +++ b/generator/testdata/google/iam/v1/policy.proto @@ -0,0 +1,410 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.iam.v1; + +import "google/type/expr.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Iam.V1"; +option go_package = "cloud.google.com/go/iam/apiv1/iampb;iampb"; +option java_multiple_files = true; +option java_outer_classname = "PolicyProto"; +option java_package = "com.google.iam.v1"; +option php_namespace = "Google\\Cloud\\Iam\\V1"; + +// An Identity and Access Management (IAM) policy, which specifies access +// controls for Google Cloud resources. +// +// +// A `Policy` is a collection of `bindings`. A `binding` binds one or more +// `members`, or principals, to a single `role`. Principals can be user +// accounts, service accounts, Google groups, and domains (such as G Suite). A +// `role` is a named list of permissions; each `role` can be an IAM predefined +// role or a user-created custom role. +// +// For some types of Google Cloud resources, a `binding` can also specify a +// `condition`, which is a logical expression that allows access to a resource +// only if the expression evaluates to `true`. A condition can add constraints +// based on attributes of the request, the resource, or both. To learn which +// resources support conditions in their IAM policies, see the +// [IAM +// documentation](https://cloud.google.com/iam/help/conditions/resource-policies). +// +// **JSON example:** +// +// ``` +// { +// "bindings": [ +// { +// "role": "roles/resourcemanager.organizationAdmin", +// "members": [ +// "user:mike@example.com", +// "group:admins@example.com", +// "domain:google.com", +// "serviceAccount:my-project-id@appspot.gserviceaccount.com" +// ] +// }, +// { +// "role": "roles/resourcemanager.organizationViewer", +// "members": [ +// "user:eve@example.com" +// ], +// "condition": { +// "title": "expirable access", +// "description": "Does not grant access after Sep 2020", +// "expression": "request.time < +// timestamp('2020-10-01T00:00:00.000Z')", +// } +// } +// ], +// "etag": "BwWWja0YfJA=", +// "version": 3 +// } +// ``` +// +// **YAML example:** +// +// ``` +// bindings: +// - members: +// - user:mike@example.com +// - group:admins@example.com +// - domain:google.com +// - serviceAccount:my-project-id@appspot.gserviceaccount.com +// role: roles/resourcemanager.organizationAdmin +// - members: +// - user:eve@example.com +// role: roles/resourcemanager.organizationViewer +// condition: +// title: expirable access +// description: Does not grant access after Sep 2020 +// expression: request.time < timestamp('2020-10-01T00:00:00.000Z') +// etag: BwWWja0YfJA= +// version: 3 +// ``` +// +// For a description of IAM and its features, see the +// [IAM documentation](https://cloud.google.com/iam/docs/). +message Policy { + // Specifies the format of the policy. + // + // Valid values are `0`, `1`, and `3`. Requests that specify an invalid value + // are rejected. + // + // Any operation that affects conditional role bindings must specify version + // `3`. This requirement applies to the following operations: + // + // * Getting a policy that includes a conditional role binding + // * Adding a conditional role binding to a policy + // * Changing a conditional role binding in a policy + // * Removing any role binding, with or without a condition, from a policy + // that includes conditions + // + // **Important:** If you use IAM Conditions, you must include the `etag` field + // whenever you call `setIamPolicy`. If you omit this field, then IAM allows + // you to overwrite a version `3` policy with a version `1` policy, and all of + // the conditions in the version `3` policy are lost. + // + // If a policy does not include any conditions, operations on that policy may + // specify any valid version or leave the field unset. + // + // To learn which resources support conditions in their IAM policies, see the + // [IAM + // documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + int32 version = 1; + + // Associates a list of `members`, or principals, with a `role`. Optionally, + // may specify a `condition` that determines how and when the `bindings` are + // applied. Each of the `bindings` must contain at least one principal. + // + // The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 + // of these principals can be Google groups. Each occurrence of a principal + // counts towards these limits. For example, if the `bindings` grant 50 + // different roles to `user:alice@example.com`, and not to any other + // principal, then you can add another 1,450 principals to the `bindings` in + // the `Policy`. + repeated Binding bindings = 4; + + // Specifies cloud audit logging configuration for this policy. + repeated AuditConfig audit_configs = 6; + + // `etag` is used for optimistic concurrency control as a way to help + // prevent simultaneous updates of a policy from overwriting each other. + // It is strongly suggested that systems make use of the `etag` in the + // read-modify-write cycle to perform policy updates in order to avoid race + // conditions: An `etag` is returned in the response to `getIamPolicy`, and + // systems are expected to put that etag in the request to `setIamPolicy` to + // ensure that their change will be applied to the same version of the policy. + // + // **Important:** If you use IAM Conditions, you must include the `etag` field + // whenever you call `setIamPolicy`. If you omit this field, then IAM allows + // you to overwrite a version `3` policy with a version `1` policy, and all of + // the conditions in the version `3` policy are lost. + bytes etag = 3; +} + +// Associates `members`, or principals, with a `role`. +message Binding { + // Role that is assigned to the list of `members`, or principals. + // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + string role = 1; + + // Specifies the principals requesting access for a Google Cloud resource. + // `members` can have the following values: + // + // * `allUsers`: A special identifier that represents anyone who is + // on the internet; with or without a Google account. + // + // * `allAuthenticatedUsers`: A special identifier that represents anyone + // who is authenticated with a Google account or a service account. + // + // * `user:{emailid}`: An email address that represents a specific Google + // account. For example, `alice@example.com` . + // + // + // * `serviceAccount:{emailid}`: An email address that represents a service + // account. For example, `my-other-app@appspot.gserviceaccount.com`. + // + // * `group:{emailid}`: An email address that represents a Google group. + // For example, `admins@example.com`. + // + // * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique + // identifier) representing a user that has been recently deleted. For + // example, `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered user + // retains the role in the binding. + // + // * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus + // unique identifier) representing a service account that has been recently + // deleted. For example, + // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. + // If the service account is undeleted, this value reverts to + // `serviceAccount:{emailid}` and the undeleted service account retains the + // role in the binding. + // + // * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique + // identifier) representing a Google group that has been recently + // deleted. For example, `admins@example.com?uid=123456789012345678901`. If + // the group is recovered, this value reverts to `group:{emailid}` and the + // recovered group retains the role in the binding. + // + // + // * `domain:{domain}`: The G Suite domain (primary) that represents all the + // users of that domain. For example, `google.com` or `example.com`. + // + // + repeated string members = 2; + + // The condition that is associated with this binding. + // + // If the condition evaluates to `true`, then this binding applies to the + // current request. + // + // If the condition evaluates to `false`, then this binding does not apply to + // the current request. However, a different role binding might grant the same + // role to one or more of the principals in this binding. + // + // To learn which resources support conditions in their IAM policies, see the + // [IAM + // documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + google.type.Expr condition = 3; +} + +// Specifies the audit configuration for a service. +// The configuration determines which permission types are logged, and what +// identities, if any, are exempted from logging. +// An AuditConfig must have one or more AuditLogConfigs. +// +// If there are AuditConfigs for both `allServices` and a specific service, +// the union of the two AuditConfigs is used for that service: the log_types +// specified in each AuditConfig are enabled, and the exempted_members in each +// AuditLogConfig are exempted. +// +// Example Policy with multiple AuditConfigs: +// +// { +// "audit_configs": [ +// { +// "service": "allServices", +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// "exempted_members": [ +// "user:jose@example.com" +// ] +// }, +// { +// "log_type": "DATA_WRITE" +// }, +// { +// "log_type": "ADMIN_READ" +// } +// ] +// }, +// { +// "service": "sampleservice.googleapis.com", +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ" +// }, +// { +// "log_type": "DATA_WRITE", +// "exempted_members": [ +// "user:aliya@example.com" +// ] +// } +// ] +// } +// ] +// } +// +// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ +// logging. It also exempts `jose@example.com` from DATA_READ logging, and +// `aliya@example.com` from DATA_WRITE logging. +message AuditConfig { + // Specifies a service that will be enabled for audit logging. + // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. + // `allServices` is a special value that covers all services. + string service = 1; + + // The configuration for logging of each type of permission. + repeated AuditLogConfig audit_log_configs = 3; +} + +// Provides the configuration for logging a type of permissions. +// Example: +// +// { +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// "exempted_members": [ +// "user:jose@example.com" +// ] +// }, +// { +// "log_type": "DATA_WRITE" +// } +// ] +// } +// +// This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting +// jose@example.com from DATA_READ logging. +message AuditLogConfig { + // The list of valid permission types for which logging can be configured. + // Admin writes are always logged, and are not configurable. + enum LogType { + // Default case. Should never be this. + LOG_TYPE_UNSPECIFIED = 0; + + // Admin reads. Example: CloudIAM getIamPolicy + ADMIN_READ = 1; + + // Data writes. Example: CloudSQL Users create + DATA_WRITE = 2; + + // Data reads. Example: CloudSQL Users list + DATA_READ = 3; + } + + // The log type that this config enables. + LogType log_type = 1; + + // Specifies the identities that do not cause logging for this type of + // permission. + // Follows the same format of + // [Binding.members][google.iam.v1.Binding.members]. + repeated string exempted_members = 2; +} + +// The difference delta between two policies. +message PolicyDelta { + // The delta for Bindings between two policies. + repeated BindingDelta binding_deltas = 1; + + // The delta for AuditConfigs between two policies. + repeated AuditConfigDelta audit_config_deltas = 2; +} + +// One delta entry for Binding. Each individual change (only one member in each +// entry) to a binding will be a separate entry. +message BindingDelta { + // The type of action performed on a Binding in a policy. + enum Action { + // Unspecified. + ACTION_UNSPECIFIED = 0; + + // Addition of a Binding. + ADD = 1; + + // Removal of a Binding. + REMOVE = 2; + } + + // The action that was performed on a Binding. + // Required + Action action = 1; + + // Role that is assigned to `members`. + // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + // Required + string role = 2; + + // A single identity requesting access for a Google Cloud resource. + // Follows the same format of Binding.members. + // Required + string member = 3; + + // The condition that is associated with this binding. + google.type.Expr condition = 4; +} + +// One delta entry for AuditConfig. Each individual change (only one +// exempted_member in each entry) to a AuditConfig will be a separate entry. +message AuditConfigDelta { + // The type of action performed on an audit configuration in a policy. + enum Action { + // Unspecified. + ACTION_UNSPECIFIED = 0; + + // Addition of an audit configuration. + ADD = 1; + + // Removal of an audit configuration. + REMOVE = 2; + } + + // The action that was performed on an audit configuration in a policy. + // Required + Action action = 1; + + // Specifies a service that was configured for Cloud Audit Logging. + // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. + // `allServices` is a special value that covers all services. + // Required + string service = 2; + + // A single identity that is exempted from "data access" audit + // logging for the `service` specified above. + // Follows the same format of Binding.members. + string exempted_member = 3; + + // Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always + // enabled, and cannot be configured. + // Required + string log_type = 4; +} diff --git a/generator/testdata/google/type/expr.proto b/generator/testdata/google/type/expr.proto new file mode 100644 index 000000000..af0778cf9 --- /dev/null +++ b/generator/testdata/google/type/expr.proto @@ -0,0 +1,73 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.type; + +option go_package = "google.golang.org/genproto/googleapis/type/expr;expr"; +option java_multiple_files = true; +option java_outer_classname = "ExprProto"; +option java_package = "com.google.type"; +option objc_class_prefix = "GTP"; + +// Represents a textual expression in the Common Expression Language (CEL) +// syntax. CEL is a C-like expression language. The syntax and semantics of CEL +// are documented at https://github.com/google/cel-spec. +// +// Example (Comparison): +// +// title: "Summary size limit" +// description: "Determines if a summary is less than 100 chars" +// expression: "document.summary.size() < 100" +// +// Example (Equality): +// +// title: "Requestor is owner" +// description: "Determines if requestor is the document owner" +// expression: "document.owner == request.auth.claims.email" +// +// Example (Logic): +// +// title: "Public documents" +// description: "Determine whether the document should be publicly visible" +// expression: "document.type != 'private' && document.type != 'internal'" +// +// Example (Data Manipulation): +// +// title: "Notification string" +// description: "Create a notification string with a timestamp." +// expression: "'New message received at ' + string(document.create_time)" +// +// The exact variables and functions that may be referenced within an expression +// are determined by the service that evaluates it. See the service +// documentation for additional information. +message Expr { + // Textual representation of an expression in Common Expression Language + // syntax. + string expression = 1; + + // Optional. Title for the expression, i.e. a short string describing + // its purpose. This can be used e.g. in UIs which allow to enter the + // expression. + string title = 2; + + // Optional. Description of the expression. This is a longer text which + // describes the expression, e.g. when hovered over it in a UI. + string description = 3; + + // Optional. String indicating the location of the expression for error + // reporting, e.g. a file name and a position in the file. + string location = 4; +} From bab7e184160c0f0040bcbe6b5ed7c3b4d46bfb0e Mon Sep 17 00:00:00 2001 From: Julie Qiu Date: Sat, 2 Nov 2024 20:47:10 -0400 Subject: [PATCH 2/2] address code review --- .../google/cloud/secretmanager/BUILD.bazel | 40 -- .../secretmanager/logging/v1/BUILD.bazel | 161 -------- .../logging/v1/secret_event.proto | 71 ---- .../google/cloud/secretmanager/v1/BUILD.bazel | 388 ------------------ .../v1/secretmanager_grpc_service_config.json | 84 ---- .../secretmanager/v1/secretmanager_v1.yaml | 14 + 6 files changed, 14 insertions(+), 744 deletions(-) delete mode 100644 generator/testdata/google/cloud/secretmanager/BUILD.bazel delete mode 100644 generator/testdata/google/cloud/secretmanager/logging/v1/BUILD.bazel delete mode 100644 generator/testdata/google/cloud/secretmanager/logging/v1/secret_event.proto delete mode 100644 generator/testdata/google/cloud/secretmanager/v1/BUILD.bazel delete mode 100644 generator/testdata/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json diff --git a/generator/testdata/google/cloud/secretmanager/BUILD.bazel b/generator/testdata/google/cloud/secretmanager/BUILD.bazel deleted file mode 100644 index d0c1ab5ec..000000000 --- a/generator/testdata/google/cloud/secretmanager/BUILD.bazel +++ /dev/null @@ -1,40 +0,0 @@ -# This build file includes a target for the Ruby wrapper library for -# google-cloud-secret_manager. - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -# Export yaml configs. -exports_files(glob(["*.yaml"])) - -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_cloud_gapic_library", - "ruby_gapic_assembly_pkg", -) - -# Generates a Ruby wrapper client for secretmanager. -# Ruby wrapper clients are versionless, but are generated from source protos -# for a particular service version, v1 in this case. -ruby_cloud_gapic_library( - name = "secretmanager_ruby_wrapper", - srcs = ["//google/cloud/secretmanager/v1:secretmanager_proto_with_info"], - extra_protoc_parameters = [ - "ruby-cloud-gem-name=google-cloud-secret_manager", - "ruby-cloud-env-prefix=SECRET_MANAGER", - "ruby-cloud-wrapper-of=v1:0.19;v1beta1:0.3", - "ruby-cloud-product-url=https://cloud.google.com/secret-manager", - "ruby-cloud-api-id=secretmanager.googleapis.com", - "ruby-cloud-api-shortname=secretmanager", - ], - ruby_cloud_description = "Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.", - ruby_cloud_title = "Secret Manager", -) - -# Open Source package. -ruby_gapic_assembly_pkg( - name = "google-cloud-secretmanager-ruby", - deps = [ - ":secretmanager_ruby_wrapper", - ], -) diff --git a/generator/testdata/google/cloud/secretmanager/logging/v1/BUILD.bazel b/generator/testdata/google/cloud/secretmanager/logging/v1/BUILD.bazel deleted file mode 100644 index 36453edab..000000000 --- a/generator/testdata/google/cloud/secretmanager/logging/v1/BUILD.bazel +++ /dev/null @@ -1,161 +0,0 @@ -# This file was automatically generated by BuildFileGenerator - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -############################################################################## -# Common -############################################################################## -load("@rules_proto//proto:defs.bzl", "proto_library") - -proto_library( - name = "logging_proto", - srcs = [ - "secret_event.proto", - ], - deps = [ - ], -) - -############################################################################## -# Java -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "java_grpc_library", - "java_proto_library", -) - -java_proto_library( - name = "logging_java_proto", - deps = [":logging_proto"], -) - -java_grpc_library( - name = "logging_java_grpc", - srcs = [":logging_proto"], - deps = [":logging_java_proto"], -) - -############################################################################## -# Go -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "go_proto_library", -) - -go_proto_library( - name = "logging_go_proto", - compilers = ["@io_bazel_rules_go//proto:go_grpc"], - importpath = "cloud.google.com/go/secretmanager/logging/apiv1/loggingpb", - protos = [":logging_proto"], - deps = [ - ], -) - -############################################################################## -# Python -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "moved_proto_library", - "py_grpc_library", - "py_proto_library", -) - -moved_proto_library( - name = "logging_moved_proto", - srcs = [":logging_proto"], - deps = [ - ], -) - -py_proto_library( - name = "logging_py_proto", - deps = [":logging_moved_proto"], -) - -py_grpc_library( - name = "logging_py_grpc", - srcs = [":logging_moved_proto"], - deps = [":logging_py_proto"], -) - -############################################################################## -# PHP -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "php_proto_library", -) - -php_proto_library( - name = "logging_php_proto", - deps = [":logging_proto"], -) - -############################################################################## -# Node.js -############################################################################## - -############################################################################## -# Ruby -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_grpc_library", - "ruby_proto_library", -) - -ruby_proto_library( - name = "logging_ruby_proto", - deps = [":logging_proto"], -) - -ruby_grpc_library( - name = "logging_ruby_grpc", - srcs = [":logging_proto"], - deps = [":logging_ruby_proto"], -) - -############################################################################## -# C# -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "csharp_grpc_library", - "csharp_proto_library", -) - -csharp_proto_library( - name = "logging_csharp_proto", - deps = [":logging_proto"], -) - -csharp_grpc_library( - name = "logging_csharp_grpc", - srcs = [":logging_proto"], - deps = [":logging_csharp_proto"], -) - -############################################################################## -# C++ -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "cc_grpc_library", - "cc_proto_library", -) - -cc_proto_library( - name = "logging_cc_proto", - deps = [":logging_proto"], -) - -cc_grpc_library( - name = "logging_cc_grpc", - srcs = [":logging_proto"], - grpc_only = True, - deps = [":logging_cc_proto"], -) diff --git a/generator/testdata/google/cloud/secretmanager/logging/v1/secret_event.proto b/generator/testdata/google/cloud/secretmanager/logging/v1/secret_event.proto deleted file mode 100644 index c7dfd8c43..000000000 --- a/generator/testdata/google/cloud/secretmanager/logging/v1/secret_event.proto +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.secretmanager.logging.v1; - -option go_package = "cloud.google.com/go/secretmanager/logging/apiv1/loggingpb;loggingpb"; -option java_multiple_files = true; -option java_outer_classname = "SecretEventProto"; -option java_package = "com.google.cloud.secretmanager.logging.v1"; -option csharp_namespace = "Google.Cloud.SecretManager.Logging.V1"; -option php_namespace = "Google\\Cloud\\SecretManager\\Logging\\V1"; -option ruby_package = "Google::Cloud::SecretManager::Logging::V1"; - -// Logged event relating to a specific secret -message SecretEvent { - // Describes the type of event that is being logged. All logs have exactly one - // EventType. - enum EventType { - // An unrecognized event type. Should never be used. - EVENT_TYPE_UNSPECIFIED = 0; - - // The secret is scheduled to expire in 30 days. - EXPIRES_IN_30_DAYS = 1; - - // The secret is scheduled to expire in 7 days. - EXPIRES_IN_7_DAYS = 2; - - // The secret is scheduled to expire in 1 day. - EXPIRES_IN_1_DAY = 3; - - // The secret is scheduled to expire in 6 hours. - EXPIRES_IN_6_HOURS = 4; - - // The secret is scheduled to expire in 1 hour. - EXPIRES_IN_1_HOUR = 5; - - // The secret's expire-time has passed and it has expired. - EXPIRED = 6; - - // A Pub/Sub topic configured on the secret could not be found. - TOPIC_NOT_FOUND = 7; - - // A Pub/Sub topic configured on the secret does not have the needed - // permissions. The Secret Manager P4SA must be granted - // 'pubsub.topic.publish' permission (or 'roles/pubsub.publisher') on the - // topic. - TOPIC_PERMISSION_DENIED = 8; - } - - // Resource name of the secret in the format `projects/*/secrets/*` - string name = 1; - - // Type of event that is being logged for the secret - EventType type = 2; - - // Human readable message describing the event - string log_message = 3; -} diff --git a/generator/testdata/google/cloud/secretmanager/v1/BUILD.bazel b/generator/testdata/google/cloud/secretmanager/v1/BUILD.bazel deleted file mode 100644 index 96e89cf11..000000000 --- a/generator/testdata/google/cloud/secretmanager/v1/BUILD.bazel +++ /dev/null @@ -1,388 +0,0 @@ -# This file was automatically generated by BuildFileGenerator -# https://github.com/googleapis/rules_gapic/tree/master/bazel - -# Most of the manual changes to this file will be overwritten. -# It's **only** allowed to change the following rule attribute values: -# - names of *_gapic_assembly_* rules -# - certain parameters of *_gapic_library rules, including but not limited to: -# * extra_protoc_parameters -# * extra_protoc_file_parameters -# The complete list of preserved parameters can be found in the source code. - -# This is an API workspace, having public visibility by default makes perfect sense. -package(default_visibility = ["//visibility:public"]) - -############################################################################## -# Common -############################################################################## -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - -proto_library( - name = "secretmanager_proto", - srcs = [ - "resources.proto", - "service.proto", - ], - deps = [ - "//google/api:annotations_proto", - "//google/api:client_proto", - "//google/api:field_behavior_proto", - "//google/api:resource_proto", - "//google/iam/v1:iam_policy_proto", - "//google/iam/v1:policy_proto", - "@com_google_protobuf//:duration_proto", - "@com_google_protobuf//:empty_proto", - "@com_google_protobuf//:field_mask_proto", - "@com_google_protobuf//:timestamp_proto", - ], -) - -proto_library_with_info( - name = "secretmanager_proto_with_info", - deps = [ - ":secretmanager_proto", - "//google/cloud:common_resources_proto", - ], -) - -############################################################################## -# Java -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "java_gapic_assembly_gradle_pkg", - "java_gapic_library", - "java_gapic_test", - "java_grpc_library", - "java_proto_library", -) - -java_proto_library( - name = "secretmanager_java_proto", - deps = [":secretmanager_proto"], -) - -java_grpc_library( - name = "secretmanager_java_grpc", - srcs = [":secretmanager_proto"], - deps = [":secretmanager_java_proto"], -) - -java_gapic_library( - name = "secretmanager_java_gapic", - srcs = [":secretmanager_proto_with_info"], - grpc_service_config = "secretmanager_grpc_service_config.json", - rest_numeric_enums = True, - service_yaml = "secretmanager_v1.yaml", - test_deps = [ - ":secretmanager_java_grpc", - "//google/iam/v1:iam_java_grpc", - ], - transport = "grpc+rest", - deps = [ - ":secretmanager_java_proto", - "//google/iam/v1:iam_java_proto", - ], -) - -java_gapic_test( - name = "secretmanager_java_gapic_test_suite", - test_classes = [ - "com.google.cloud.secretmanager.v1.SecretManagerServiceClientHttpJsonTest", - "com.google.cloud.secretmanager.v1.SecretManagerServiceClientTest", - ], - runtime_deps = [":secretmanager_java_gapic_test"], -) - -# Open Source Packages -java_gapic_assembly_gradle_pkg( - name = "google-cloud-secretmanager-v1-java", - include_samples = True, - transport = "grpc+rest", - deps = [ - ":secretmanager_java_gapic", - ":secretmanager_java_grpc", - ":secretmanager_java_proto", - ":secretmanager_proto", - ], -) - -############################################################################## -# Go -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "go_gapic_assembly_pkg", - "go_gapic_library", - "go_proto_library", -) - -go_proto_library( - name = "secretmanager_go_proto", - compilers = ["@io_bazel_rules_go//proto:go_grpc"], - importpath = "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb", - protos = [":secretmanager_proto"], - deps = [ - "//google/api:annotations_go_proto", - "//google/iam/v1:iam_go_proto", - ], -) - -go_gapic_library( - name = "secretmanager_go_gapic", - srcs = [":secretmanager_proto_with_info"], - grpc_service_config = "secretmanager_grpc_service_config.json", - importpath = "cloud.google.com/go/secretmanager/apiv1;secretmanager", - metadata = True, - release_level = "ga", - rest_numeric_enums = True, - service_yaml = "secretmanager_v1.yaml", - transport = "grpc+rest", - deps = [ - ":secretmanager_go_proto", - "//google/iam/v1:iam_go_proto", - "@io_bazel_rules_go//proto/wkt:duration_go_proto", - ], -) - -# Open Source Packages -go_gapic_assembly_pkg( - name = "gapi-cloud-secretmanager-v1-go", - deps = [ - ":secretmanager_go_gapic", - ":secretmanager_go_gapic_srcjar-metadata.srcjar", - ":secretmanager_go_gapic_srcjar-snippets.srcjar", - ":secretmanager_go_gapic_srcjar-test.srcjar", - ":secretmanager_go_proto", - ], -) - -############################################################################## -# Python -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "py_gapic_assembly_pkg", - "py_gapic_library", - "py_test", -) - -py_gapic_library( - name = "secretmanager_py_gapic", - srcs = [":secretmanager_proto"], - grpc_service_config = "secretmanager_grpc_service_config.json", - opt_args = [ - "warehouse-package-name=google-cloud-secret-manager", - ], - rest_numeric_enums = True, - service_yaml = "secretmanager_v1.yaml", - transport = "grpc+rest", - deps = [ - "//google/iam/v1:iam_policy_py_proto", - ], -) - -py_test( - name = "secretmanager_py_gapic_test", - srcs = [ - "secretmanager_py_gapic_pytest.py", - "secretmanager_py_gapic_test.py", - ], - legacy_create_init = False, - deps = [":secretmanager_py_gapic"], -) - -# Open Source Packages -py_gapic_assembly_pkg( - name = "secretmanager-v1-py", - deps = [ - ":secretmanager_py_gapic", - ], -) - -############################################################################## -# PHP -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "php_gapic_assembly_pkg", - "php_gapic_library", - "php_proto_library", -) - -php_proto_library( - name = "secretmanager_php_proto", - deps = [":secretmanager_proto"], -) - -php_gapic_library( - name = "secretmanager_php_gapic", - srcs = [":secretmanager_proto_with_info"], - grpc_service_config = "secretmanager_grpc_service_config.json", - migration_mode = "MIGRATING", - rest_numeric_enums = True, - service_yaml = "secretmanager_v1.yaml", - transport = "grpc+rest", - deps = [":secretmanager_php_proto"], -) - -# Open Source Packages -php_gapic_assembly_pkg( - name = "google-cloud-secretmanager-v1-php", - deps = [ - ":secretmanager_php_gapic", - ":secretmanager_php_proto", - ], -) - -############################################################################## -# Node.js -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "nodejs_gapic_assembly_pkg", - "nodejs_gapic_library", -) - -nodejs_gapic_library( - name = "secretmanager_nodejs_gapic", - package_name = "@google-cloud/secret-manager", - src = ":secretmanager_proto_with_info", - extra_protoc_parameters = ["metadata"], - grpc_service_config = "secretmanager_grpc_service_config.json", - package = "google.cloud.secretmanager.v1", - rest_numeric_enums = True, - service_yaml = "secretmanager_v1.yaml", - transport = "grpc+rest", - deps = [], -) - -nodejs_gapic_assembly_pkg( - name = "secretmanager-v1-nodejs", - deps = [ - ":secretmanager_nodejs_gapic", - ":secretmanager_proto", - ], -) - -############################################################################## -# Ruby -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "ruby_cloud_gapic_library", - "ruby_gapic_assembly_pkg", - "ruby_grpc_library", - "ruby_proto_library", -) - -ruby_proto_library( - name = "secretmanager_ruby_proto", - deps = [":secretmanager_proto"], -) - -ruby_grpc_library( - name = "secretmanager_ruby_grpc", - srcs = [":secretmanager_proto"], - deps = [":secretmanager_ruby_proto"], -) - -ruby_cloud_gapic_library( - name = "secretmanager_ruby_gapic", - srcs = [":secretmanager_proto_with_info"], - extra_protoc_parameters = [ - "ruby-cloud-api-id=secretmanager.googleapis.com", - "ruby-cloud-api-shortname=secretmanager", - "ruby-cloud-env-prefix=SECRET_MANAGER", - "ruby-cloud-gem-name=google-cloud-secret_manager-v1", - "ruby-cloud-product-url=https://cloud.google.com/secret-manager", - ], - grpc_service_config = "secretmanager_grpc_service_config.json", - rest_numeric_enums = True, - ruby_cloud_description = "Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.", - ruby_cloud_title = "Secret Manager V1", - service_yaml = "secretmanager_v1.yaml", - transport = "grpc+rest", - deps = [ - ":secretmanager_ruby_grpc", - ":secretmanager_ruby_proto", - ], -) - -# Open Source Packages -ruby_gapic_assembly_pkg( - name = "google-cloud-secretmanager-v1-ruby", - deps = [ - ":secretmanager_ruby_gapic", - ":secretmanager_ruby_grpc", - ":secretmanager_ruby_proto", - ], -) - -############################################################################## -# C# -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "csharp_gapic_assembly_pkg", - "csharp_gapic_library", - "csharp_grpc_library", - "csharp_proto_library", -) - -csharp_proto_library( - name = "secretmanager_csharp_proto", - deps = [":secretmanager_proto"], -) - -csharp_grpc_library( - name = "secretmanager_csharp_grpc", - srcs = [":secretmanager_proto"], - deps = [":secretmanager_csharp_proto"], -) - -csharp_gapic_library( - name = "secretmanager_csharp_gapic", - srcs = [":secretmanager_proto_with_info"], - common_resources_config = "@gax_dotnet//:Google.Api.Gax/ResourceNames/CommonResourcesConfig.json", - grpc_service_config = "secretmanager_grpc_service_config.json", - rest_numeric_enums = True, - service_yaml = "secretmanager_v1.yaml", - transport = "grpc+rest", - deps = [ - ":secretmanager_csharp_grpc", - ":secretmanager_csharp_proto", - ], -) - -# Open Source Packages -csharp_gapic_assembly_pkg( - name = "google-cloud-secretmanager-v1-csharp", - deps = [ - ":secretmanager_csharp_gapic", - ":secretmanager_csharp_grpc", - ":secretmanager_csharp_proto", - ], -) - -############################################################################## -# C++ -############################################################################## -load( - "@com_google_googleapis_imports//:imports.bzl", - "cc_grpc_library", - "cc_proto_library", -) - -cc_proto_library( - name = "secretmanager_cc_proto", - deps = [":secretmanager_proto"], -) - -cc_grpc_library( - name = "secretmanager_cc_grpc", - srcs = [":secretmanager_proto"], - grpc_only = True, - deps = [":secretmanager_cc_proto"], -) diff --git a/generator/testdata/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json b/generator/testdata/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json deleted file mode 100644 index 7d86ab0b8..000000000 --- a/generator/testdata/google/cloud/secretmanager/v1/secretmanager_grpc_service_config.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "methodConfig": [ - { - "name": [ - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "ListSecrets" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "CreateSecret" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "AddSecretVersion" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "GetSecret" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "UpdateSecret" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "DeleteSecret" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "ListSecretVersions" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "GetSecretVersion" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "DisableSecretVersion" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "EnableSecretVersion" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "DestroySecretVersion" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "SetIamPolicy" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "GetIamPolicy" - }, - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "TestIamPermissions" - } - ], - "timeout": "60s" - }, - { - "name": [ - { - "service": "google.cloud.secretmanager.v1.SecretManagerService", - "method": "AccessSecretVersion" - } - ], - "timeout": "60s", - "retryPolicy": { - "maxAttempts": 5, - "initialBackoff": "2s", - "maxBackoff": "60s", - "backoffMultiplier": 2.0, - "retryableStatusCodes": [ - "UNAVAILABLE", - "RESOURCE_EXHAUSTED" - ] - } - } - ] -} diff --git a/generator/testdata/google/cloud/secretmanager/v1/secretmanager_v1.yaml b/generator/testdata/google/cloud/secretmanager/v1/secretmanager_v1.yaml index b269b2981..fdd789070 100644 --- a/generator/testdata/google/cloud/secretmanager/v1/secretmanager_v1.yaml +++ b/generator/testdata/google/cloud/secretmanager/v1/secretmanager_v1.yaml @@ -1,3 +1,17 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + type: google.api.Service config_version: 3 name: secretmanager.googleapis.com