diff --git a/secret-manager/bindTagsToSecret.js b/secret-manager/bindTagsToSecret.js new file mode 100644 index 0000000000..60f98d5c43 --- /dev/null +++ b/secret-manager/bindTagsToSecret.js @@ -0,0 +1,63 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +async function main(projectId, secretId, tagValue) { + // [START secretmanager_bind_tags_to_secret] + /** + * TODO(developer): Uncomment these variables before running the sample. + */ + // const projectId = 'my-project'; + // const secretId = 'my-secret'; + // const tagValue = 'tagValues/281476592621530'; + const parent = `projects/${projectId}`; + + // Imports the library + const {SecretManagerServiceClient} = require('@google-cloud/secret-manager'); + const {TagBindingsClient} = require('@google-cloud/resource-manager').v3; + + // Instantiates a client + const client = new SecretManagerServiceClient(); + const resourcemanagerClient = new TagBindingsClient(); + + async function bindTagsToSecret() { + const [secret] = await client.createSecret({ + parent: parent, + secretId: secretId, + secret: { + replication: { + automatic: {}, + }, + }, + }); + + console.log(`Created secret ${secret.name}`); + + const [operation] = await resourcemanagerClient.createTagBinding({ + tagBinding: { + parent: `//secretmanager.googleapis.com/${secret.name}`, + tagValue: tagValue, + }, + }); + const [response] = await operation.promise(); + console.log('Created Tag Binding', response.name); + } + + bindTagsToSecret(); + // [END secretmanager_bind_tags_to_secret] +} + +const args = process.argv.slice(2); +main(...args).catch(console.error); diff --git a/secret-manager/createSecretWithTags.js b/secret-manager/createSecretWithTags.js new file mode 100644 index 0000000000..36ac38f32d --- /dev/null +++ b/secret-manager/createSecretWithTags.js @@ -0,0 +1,56 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +async function main(projectId, secretId, tagKey, tagValue) { + // [START secretmanager_create_secret_with_tags] + /** + * TODO(developer): Uncomment these variables before running the sample. + */ + // const projectId = 'my-project'; + // const secretId = 'my-secret'; + // const tagKey = 'tagKeys/281475012216835'; + // const tagValue = 'tagValues/281476592621530'; + const parent = `projects/${projectId}`; + + // Imports the library + const {SecretManagerServiceClient} = require('@google-cloud/secret-manager'); + + // Instantiates a client + const client = new SecretManagerServiceClient(); + + async function createSecretWithTags() { + const [secret] = await client.createSecret({ + parent: parent, + secretId: secretId, + secret: { + replication: { + automatic: {}, + }, + tags: { + [tagKey]: tagValue, + }, + }, + }); + + console.log(`Created secret ${secret.name}`); + } + + createSecretWithTags(); + // [END secretmanager_create_secret_with_tags] +} + +const args = process.argv.slice(2); +main(...args).catch(console.error); diff --git a/secret-manager/package.json b/secret-manager/package.json index c9a1b257d2..7d576c93b4 100644 --- a/secret-manager/package.json +++ b/secret-manager/package.json @@ -14,7 +14,8 @@ "test": "c8 mocha -p -j 2 --recursive test/ --timeout=800000" }, "dependencies": { - "@google-cloud/secret-manager": "^5.6.0" + "@google-cloud/secret-manager": "^6.1.0", + "@google-cloud/resource-manager": "^6.2.0" }, "devDependencies": { "c8": "^10.0.0", diff --git a/secret-manager/regional_samples/bindTagsToRegionalSecret.js b/secret-manager/regional_samples/bindTagsToRegionalSecret.js new file mode 100644 index 0000000000..deb254ed9e --- /dev/null +++ b/secret-manager/regional_samples/bindTagsToRegionalSecret.js @@ -0,0 +1,65 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +async function main(projectId, locationId, secretId, tagValue) { + // [START secretmanager_bind_tags_to_regional_secret] + /** + * TODO(developer): Uncomment these variables before running the sample. + */ + // const projectId = 'my-project'; + // const locationId = 'my-location'; + // const secretId = 'my-secret'; + // const tagValue = 'tagValues/281476592621530'; + const parent = `projects/${projectId}/locations/${locationId}`; + + // Imports the library + const {SecretManagerServiceClient} = require('@google-cloud/secret-manager'); + const {TagBindingsClient} = require('@google-cloud/resource-manager').v3; + + // Adding the endpoint to call the regional + const options = {}; + const bindingOptions = {}; + options.apiEndpoint = `secretmanager.${locationId}.rep.googleapis.com`; + bindingOptions.apiEndpoint = `${locationId}-cloudresourcemanager.googleapis.com`; + + // Instantiates a client + const client = new SecretManagerServiceClient(options); + const resourcemanagerClient = new TagBindingsClient(bindingOptions); + + async function bindTagsToRegionalSecret() { + const [secret] = await client.createSecret({ + parent: parent, + secretId: secretId, + }); + + console.log(`Created secret ${secret.name}`); + + const [operation] = await resourcemanagerClient.createTagBinding({ + tagBinding: { + parent: `//secretmanager.googleapis.com/${secret.name}`, + tagValue: tagValue, + }, + }); + const [response] = await operation.promise(); + console.log('Created Tag Binding', response.name); + } + + bindTagsToRegionalSecret(); + // [END secretmanager_bind_tags_to_regional_secret] +} + +const args = process.argv.slice(2); +main(...args).catch(console.error); diff --git a/secret-manager/regional_samples/createRegionalSecretWithTags.js b/secret-manager/regional_samples/createRegionalSecretWithTags.js new file mode 100644 index 0000000000..d9e683dc60 --- /dev/null +++ b/secret-manager/regional_samples/createRegionalSecretWithTags.js @@ -0,0 +1,58 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +'use strict'; + +async function main(projectId, locationId, secretId, tagKey, tagValue) { + // [START secretmanager_create_regional_secret_with_tags] + /** + * TODO(developer): Uncomment these variables before running the sample. + */ + // const projectId = 'my-project'; + // const locationId = 'my-location'; + // const secretId = 'my-secret'; + // const tagKey = 'tagKeys/281475012216835'; + // const tagValue = 'tagValues/281476592621530'; + const parent = `projects/${projectId}/locations/${locationId}`; + + // Imports the library + const {SecretManagerServiceClient} = require('@google-cloud/secret-manager'); + + // Adding the endpoint to call the regional secret manager sever + const options = {}; + options.apiEndpoint = `secretmanager.${locationId}.rep.googleapis.com`; + + // Instantiates a client + const client = new SecretManagerServiceClient(options); + + async function createRegionalSecretWithTags() { + const [secret] = await client.createSecret({ + parent: parent, + secretId: secretId, + secret: { + tags: { + [tagKey]: tagValue, + }, + }, + }); + + console.log(`Created secret ${secret.name}`); + } + + createRegionalSecretWithTags(); + // [END secretmanager_create_regional_secret_with_tags] +} + +const args = process.argv.slice(2); +main(...args).catch(console.error); diff --git a/secret-manager/test/secretmanager.test.js b/secret-manager/test/secretmanager.test.js index 145f27ccb5..3d60ddc191 100644 --- a/secret-manager/test/secretmanager.test.js +++ b/secret-manager/test/secretmanager.test.js @@ -19,7 +19,11 @@ const cp = require('child_process'); const {v4} = require('uuid'); const {SecretManagerServiceClient} = require('@google-cloud/secret-manager'); +const {TagKeysClient} = require('@google-cloud/resource-manager').v3; +const {TagValuesClient} = require('@google-cloud/resource-manager').v3; const client = new SecretManagerServiceClient(); +const resourcemanagerTagKeyClient = new TagKeysClient(); +const resourcemanagerTagValueClient = new TagValuesClient(); let projectId; const locationId = process.env.GCLOUD_LOCATION || 'us-central1'; @@ -40,6 +44,9 @@ let regionalSecret; let version; let regionalVersion; +let tagKey; +let tagValue; + const options = {}; options.apiEndpoint = `secretmanager.${locationId}.rep.googleapis.com`; @@ -95,6 +102,28 @@ describe('Secret Manager samples', () => { }, }); + // Create tag key + const [keyOperation] = await resourcemanagerTagKeyClient.createTagKey({ + tagKey: { + parent: `projects/${projectId}`, + shortName: v4(), + }, + }); + const [tagKeyResponse] = await keyOperation.promise(); + tagKey = tagKeyResponse.name; + + // Create tag value + const [valueOperation] = await resourcemanagerTagValueClient.createTagValue( + { + tagValue: { + parent: tagKey, + shortName: v4(), + }, + } + ); + const [tagValueResponse] = await valueOperation.promise(); + tagValue = tagValueResponse.name; + await regionalClient.createSecret({ parent: `projects/${projectId}/locations/${locationId}`, secretId: `${secretId}-3`, @@ -176,7 +205,22 @@ describe('Secret Manager samples', () => { await client.deleteSecret({ name: `${secret.name}-4`, }); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } + try { + await client.deleteSecret({ + name: `${secret.name}-7`, + }); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } + try { await regionalClient.deleteSecret({ name: `${regionalSecret.name}-3`, }); @@ -225,6 +269,82 @@ describe('Secret Manager samples', () => { throw err; } } + + try { + await regionalClient.deleteSecret({ + name: `${regionalSecret.name}-2-dd`, + }); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } + + try { + await client.deleteSecret({ + name: `${secret.name}-with-tags`, + }); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } + + try { + await regionalClient.deleteSecret({ + name: `${regionalSecret.name}-with-tags`, + }); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } + + try { + await client.deleteSecret({ + name: `${secret.name}-bind-tags`, + }); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } + + try { + await regionalClient.deleteSecret({ + name: `${regionalSecret.name}-bind-tags`, + }); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } + // Wait for 20 seconds before deleting the tag value + await new Promise(resolve => setTimeout(resolve, 20000)); + const [deleteValueOperation] = + await resourcemanagerTagValueClient.deleteTagValue({ + name: tagValue, + }); + try { + await deleteValueOperation.promise(); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } + + const [deleteKeyOperation] = await resourcemanagerTagKeyClient.deleteTagKey( + { + name: tagKey, + } + ); + try { + await deleteKeyOperation.promise(); + } catch (err) { + if (!err.message.includes('NOT_FOUND')) { + throw err; + } + } }); it('runs the quickstart', async () => { @@ -649,4 +769,40 @@ describe('Secret Manager samples', () => { name: `projects/${projectId}/locations/${locationId}/secrets/${secretId}-delayedDestroy`, }); }); + + it('creates secret with tags', async () => { + const output = cp.execSync( + `node createSecretWithTags.js ${projectId} ${secretId}-with-tags ${tagKey} ${tagValue}` + ); + assert.match(output, new RegExp(`Created secret ${secret.name}-with-tags`)); + }); + + it('creates regional secret with tags', async () => { + const output = cp.execSync( + `node regional_samples/createRegionalSecretWithTags.js ${projectId} ${locationId} ${secretId}-with-tags ${tagKey} ${tagValue}` + ); + assert.match( + output, + new RegExp(`Created secret ${regionalSecret.name}-with-tags`) + ); + }); + + it('bind tags to secret', async () => { + const output = cp.execSync( + `node bindTagsToSecret.js ${projectId} ${secretId}-bind-tags ${tagValue}` + ); + assert.match(output, new RegExp(`Created secret ${secret.name}-bind-tags`)); + assert.match(output, new RegExp('Created Tag Binding')); + }); + + it('bind tags to regional secret', async () => { + const output = cp.execSync( + `node regional_samples/bindTagsToRegionalSecret.js ${projectId} ${locationId} ${secretId}-bind-tags ${tagValue}` + ); + assert.match( + output, + new RegExp(`Created secret ${regionalSecret.name}-bind-tags`) + ); + assert.match(output, new RegExp('Created Tag Binding')); + }); });