diff --git a/samples/snippets/README.rst b/samples/snippets/README.rst new file mode 100644 index 0000000..865cab4 --- /dev/null +++ b/samples/snippets/README.rst @@ -0,0 +1,395 @@ +.. This file is automatically generated. Do not edit this file directly. + +Google Secret Manager Python Samples +=============================================================================== + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/README.rst + + +This directory contains samples for Google Secret Manager. `Google Secret Manager` is a service that allows you to store, manage, and secure access to application secrets. + + + + +.. _Google Secret Manager: https://cloud.google.com/secret-manager + +Setup +------------------------------------------------------------------------------- + + +Authentication +++++++++++++++ + +This sample requires you to have authentication setup. Refer to the +`Authentication Getting Started Guide`_ for instructions on setting up +credentials for applications. + +.. _Authentication Getting Started Guide: + https://cloud.google.com/docs/authentication/getting-started + +Install Dependencies +++++++++++++++++++++ + +#. Clone python-docs-samples and change directory to the sample directory you want to use. + + .. code-block:: bash + + $ git clone https://github.com/GoogleCloudPlatform/python-docs-samples.git + +#. Install `pip`_ and `virtualenv`_ if you do not already have them. You may want to refer to the `Python Development Environment Setup Guide`_ for Google Cloud Platform for instructions. + + .. _Python Development Environment Setup Guide: + https://cloud.google.com/python/setup + +#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+. + + .. code-block:: bash + + $ virtualenv env + $ source env/bin/activate + +#. Install the dependencies needed to run the samples. + + .. code-block:: bash + + $ pip install -r requirements.txt + +.. _pip: https://pip.pypa.io/ +.. _virtualenv: https://virtualenv.pypa.io/ + +Samples +------------------------------------------------------------------------------- + +Quickstart ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/quickstart.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python quickstart.py + + +Access Secret Version ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/access_secret_version.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python access_secret_version.py + + usage: access_secret_version.py [-h] project_id secret_id version_id + + command line application and sample code for accessing a secret version. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret to access + version_id version to access + + optional arguments: + -h, --help show this help message and exit + + + +Add Secret Version ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/add_secret_version.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python add_secret_version.py + + usage: add_secret_version.py [-h] project_id secret_id payload + + command line application and sample code for adding a secret version with the + specified payload to an existing secret. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret in which to add + payload secret material payload + + optional arguments: + -h, --help show this help message and exit + + + +Create Secret ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/create_secret.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python create_secret.py + + usage: create_secret.py [-h] project_id secret_id + + command line application and sample code for creating a new secret. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret to create + + optional arguments: + -h, --help show this help message and exit + + + +Delete Secret ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/delete_secret.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python delete_secret.py + + usage: delete_secret.py [-h] project_id secret_id + + command line application and sample code for deleting an existing secret. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret to delete + + optional arguments: + -h, --help show this help message and exit + + + +Destroy Secret Version ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/destroy_secret_version.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python destroy_secret_version.py + + usage: destroy_secret_version.py [-h] project_id secret_id version_id + + command line application and sample code for destroying a secret verison. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret from which to act + version_id id of the version to destroy + + optional arguments: + -h, --help show this help message and exit + + + +Enable Secret Version ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/enable_secret_version.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python enable_secret_version.py + + usage: enable_secret_version.py [-h] project_id secret_id version_id + + command line application and sample code for enabling a secret version. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret from which to act + version_id id of the version to enable + + optional arguments: + -h, --help show this help message and exit + + + +Get Secret Version ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/get_secret_version.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python get_secret_version.py + + usage: get_secret_version.py [-h] project_id secret_id version_id + + command line application and sample code for getting metdata about a secret + version, but not the secret payload. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret from which to act + version_id id of the version to get + + optional arguments: + -h, --help show this help message and exit + + + +Get Secret ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/get_secret.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python get_secret.py + + usage: get_secret.py [-h] project_id secret_id + + command line application and sample code for getting metadata about a secret. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret to get + + optional arguments: + -h, --help show this help message and exit + + + +List Secret Versions ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/list_secret_versions.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python list_secret_versions.py + + usage: list_secret_versions.py [-h] project_id secret_id + + command line application and sample code for listing secret versions of a + secret. + + positional arguments: + project_id id of the GCP project + secret_id id of the secret in which to list + + optional arguments: + -h, --help show this help message and exit + + + +List Secrets ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/list_secrets.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python list_secrets.py + + usage: list_secrets.py [-h] project_id + + command line application and sample code for listing secrets in a project. + + positional arguments: + project_id id of the GCP project + + optional arguments: + -h, --help show this help message and exit + + + +Update Secret ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. image:: https://gstatic.com/cloudssh/images/open-btn.png + :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=secretmanager/api-client/update_secret.py,secretmanager/api-client/README.rst + + + + +To run this sample: + +.. code-block:: bash + + $ python update_secret.py + + usage: update_secret.py [-h] --secret-id SECRET_ID project_id + + positional arguments: + project_id id of the GCP project + + optional arguments: + -h, --help show this help message and exit + --secret-id SECRET_ID + + + + + +.. _Google Cloud SDK: https://cloud.google.com/sdk/ \ No newline at end of file diff --git a/samples/snippets/README.rst.in b/samples/snippets/README.rst.in new file mode 100644 index 0000000..0671857 --- /dev/null +++ b/samples/snippets/README.rst.in @@ -0,0 +1,52 @@ +# This file is used to generate README.rst + +product: + name: Google Secret Manager + short_name: Secret Manager + url: https://cloud.google.com/secret-manager + description: > + `Google Secret Manager` is a service that allows you to store, manage, + and secure access to application secrets. + +setup: +- auth +- install_deps + +samples: +- name: Quickstart + file: quickstart.py +- name: Access Secret Version + file: access_secret_version.py + show_help: True +- name: Add Secret Version + file: add_secret_version.py + show_help: True +- name: Create Secret + file: create_secret.py + show_help: True +- name: Delete Secret + file: delete_secret.py + show_help: True +- name: Destroy Secret Version + file: destroy_secret_version.py + show_help: True +- name: Enable Secret Version + file: enable_secret_version.py + show_help: True +- name: Get Secret Version + file: get_secret_version.py + show_help: True +- name: Get Secret + file: get_secret.py + show_help: True +- name: List Secret Versions + file: list_secret_versions.py + show_help: True +- name: List Secrets + file: list_secrets.py + show_help: True +- name: Update Secret + file: update_secret.py + show_help: True + +folder: secretmanager/api-client diff --git a/samples/snippets/access_secret_version.py b/samples/snippets/access_secret_version.py new file mode 100644 index 0000000..ceaa9b4 --- /dev/null +++ b/samples/snippets/access_secret_version.py @@ -0,0 +1,61 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for accessing a secret version. +""" + +import argparse + + +# [START secretmanager_access_secret_version] +def access_secret_version(project_id, secret_id, version_id): + """ + Access the payload for the given secret version if one exists. The version + can be a version number as a string (e.g. "5") or an alias (e.g. "latest"). + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the secret version. + name = client.secret_version_path(project_id, secret_id, version_id) + + # Access the secret version. + response = client.access_secret_version(name) + + # Print the secret payload. + # + # WARNING: Do not print the secret in a production environment - this + # snippet is showing how to access the secret material. + payload = response.payload.data.decode('UTF-8') + print('Plaintext: {}'.format(payload)) +# [END secretmanager_access_secret_version] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret to access') + parser.add_argument('version_id', help='version to access') + args = parser.parse_args() + + access_secret_version(args.project_id, args.secret_id, args.version_id) diff --git a/samples/snippets/add_secret_version.py b/samples/snippets/add_secret_version.py new file mode 100644 index 0000000..147e2c3 --- /dev/null +++ b/samples/snippets/add_secret_version.py @@ -0,0 +1,61 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for adding a secret version with the +specified payload to an existing secret. +""" + +import argparse + + +# [START secretmanager_add_secret_version] +def add_secret_version(project_id, secret_id, payload): + """ + Add a new secret version to the given secret with the provided payload. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the parent secret. + parent = client.secret_path(project_id, secret_id) + + # Convert the string payload into a bytes. This step can be omitted if you + # pass in bytes instead of a str for the payload argument. + payload = payload.encode('UTF-8') + + # Add the secret version. + response = client.add_secret_version(parent, {'data': payload}) + + # Print the new secret version name. + print('Added secret version: {}'.format(response.name)) +# [END secretmanager_add_secret_version] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret in which to add') + parser.add_argument('payload', help='secret material payload') + args = parser.parse_args() + + add_secret_version(args.project_id, args.secret_id, args.payload) diff --git a/samples/snippets/create_secret.py b/samples/snippets/create_secret.py new file mode 100644 index 0000000..06ec1d5 --- /dev/null +++ b/samples/snippets/create_secret.py @@ -0,0 +1,61 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for creating a new secret. +""" + +import argparse + + +# [START secretmanager_create_secret] +def create_secret(project_id, secret_id): + """ + Create a new secret with the given name. A secret is a logical wrapper + around a collection of secret versions. Secret versions hold the actual + secret material. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the parent project. + parent = client.project_path(project_id) + + # Create the secret. + response = client.create_secret(parent, secret_id, { + 'replication': { + 'automatic': {}, + }, + }) + + # Print the new secret name. + print('Created secret: {}'.format(response.name)) +# [END secretmanager_create_secret] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret to create') + args = parser.parse_args() + + create_secret(args.project_id, args.secret_id) diff --git a/samples/snippets/delete_secret.py b/samples/snippets/delete_secret.py new file mode 100644 index 0000000..d6c0fb8 --- /dev/null +++ b/samples/snippets/delete_secret.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for deleting an existing secret. +""" + +import argparse + + +# [START secretmanager_delete_secret] +def delete_secret(project_id, secret_id): + """ + Delete the secret with the given name and all of its versions. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the secret. + name = client.secret_path(project_id, secret_id) + + # Delete the secret. + client.delete_secret(name) +# [END secretmanager_delete_secret] + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret to delete') + args = parser.parse_args() + + delete_secret(args.project_id, args.secret_id) diff --git a/samples/snippets/destroy_secret_version.py b/samples/snippets/destroy_secret_version.py new file mode 100644 index 0000000..f705417 --- /dev/null +++ b/samples/snippets/destroy_secret_version.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for destroying a secret verison. +""" + +import argparse + + +# [START secretmanager_destroy_secret_version] +def destroy_secret_version(project_id, secret_id, version_id): + """ + Destroy the given secret version, making the payload irrecoverable. Other + secrets versions are unaffected. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the secret version + name = client.secret_version_path(project_id, secret_id, version_id) + + # Destroy the secret version. + response = client.destroy_secret_version(name) + + print('Destroyed secret version: {}'.format(response.name)) +# [END secretmanager_destroy_secret_version] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret from which to act') + parser.add_argument('version_id', help='id of the version to destroy') + args = parser.parse_args() + + destroy_secret_version(args.project_id, args.secret_id, args.version_id) diff --git a/samples/snippets/disable_secret_version.py b/samples/snippets/disable_secret_version.py new file mode 100644 index 0000000..a656331 --- /dev/null +++ b/samples/snippets/disable_secret_version.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for disabling a secret version. +""" + +import argparse + + +# [START secretmanager_disable_secret_version] +def disable_secret_version(project_id, secret_id, version_id): + """ + Disable the given secret version. Future requests will throw an error until + the secret version is enabled. Other secrets versions are unaffected. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the secret version + name = client.secret_version_path(project_id, secret_id, version_id) + + # Disable the secret version. + response = client.disable_secret_version(name) + + print('Disabled secret version: {}'.format(response.name)) +# [END secretmanager_disable_secret_version] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret from which to act') + parser.add_argument('version_id', help='id of the version to disable') + args = parser.parse_args() + + disable_secret_version(args.project_id, args.secret_id, args.version_id) diff --git a/samples/snippets/enable_secret_version.py b/samples/snippets/enable_secret_version.py new file mode 100644 index 0000000..472157c --- /dev/null +++ b/samples/snippets/enable_secret_version.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for enabling a secret version. +""" + +import argparse + + +# [START secretmanager_enable_secret_version] +def enable_secret_version(project_id, secret_id, version_id): + """ + Enable the given secret version, enabling it to be accessed after + previously being disabled. Other secrets versions are unaffected. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the secret version + name = client.secret_version_path(project_id, secret_id, version_id) + + # Disable the secret version. + response = client.enable_secret_version(name) + + print('Enabled secret version: {}'.format(response.name)) +# [END secretmanager_enable_secret_version] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret from which to act') + parser.add_argument('version_id', help='id of the version to enable') + args = parser.parse_args() + + enable_secret_version(args.project_id, args.secret_id, args.version_id) diff --git a/samples/snippets/get_secret.py b/samples/snippets/get_secret.py new file mode 100644 index 0000000..3d9bf49 --- /dev/null +++ b/samples/snippets/get_secret.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for getting metadata about a secret. +""" + +import argparse + + +# [START secretmanager_get_secret] +def get_secret(project_id, secret_id): + """ + Get information about the given secret. This only returns metadata about + the secret container, not any secret material. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the secret. + name = client.secret_path(project_id, secret_id) + + # Delete the secret. + response = client.get_secret(name) + + # Get the replication policy. + if response.replication.automatic: + replication = 'AUTOMATIC' + elif response.replication.user_managed: + replication = 'MANAGED' + else: + raise 'Unknown replication {}'.format(response.replication) + + # Print data about the secret. + print('Got secret {} with replication policy {}'.format( + response.name, replication)) +# [END secretmanager_get_secret] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret to get') + args = parser.parse_args() + + get_secret(args.project_id, args.secret_id) diff --git a/samples/snippets/get_secret_version.py b/samples/snippets/get_secret_version.py new file mode 100644 index 0000000..ed4dd89 --- /dev/null +++ b/samples/snippets/get_secret_version.py @@ -0,0 +1,59 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for getting metdata about a secret +version, but not the secret payload. +""" + +import argparse + + +# [START secretmanager_get_secret_version] +def get_secret_version(project_id, secret_id, version_id): + """ + Get information about the given secret version. It does not include the + payload data. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the secret version. + name = client.secret_version_path(project_id, secret_id, version_id) + + # Get the secret version. + response = client.get_secret_version(name) + + # Print information about the secret version. + state = response.State.Name(response.state) + print('Got secret version {} with state {}'.format(response.name, state)) +# [END secretmanager_get_secret_version] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret from which to act') + parser.add_argument('version_id', help='id of the version to get') + args = parser.parse_args() + + get_secret_version(args.project_id, args.secret_id, args.version_id) diff --git a/samples/snippets/list_secret_versions.py b/samples/snippets/list_secret_versions.py new file mode 100644 index 0000000..d727d3c --- /dev/null +++ b/samples/snippets/list_secret_versions.py @@ -0,0 +1,52 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for listing secret versions of a +secret. +""" + +import argparse + + +# [START secretmanager_list_secret_versions] +def list_secret_versions(project_id, secret_id): + """ + List all secret versions in the given secret and their metadata. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the parent secret. + parent = client.secret_path(project_id, secret_id) + + # List all secret versions. + for version in client.list_secret_versions(parent): + print('Found secret version: {}'.format(version.name)) +# [END secretmanager_list_secret_versions] + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('secret_id', help='id of the secret in which to list') + args = parser.parse_args() + + list_secret_versions(args.project_id, args.secret_id) diff --git a/samples/snippets/list_secrets.py b/samples/snippets/list_secrets.py new file mode 100644 index 0000000..1d6981e --- /dev/null +++ b/samples/snippets/list_secrets.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for listing secrets in a project. +""" + +import argparse + + +# [START secretmanager_list_secrets] +def list_secrets(project_id): + """ + List all secrets in the given project. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the parent project. + parent = client.project_path(project_id) + + # List all secrets. + for secret in client.list_secrets(parent): + print('Found secret: {}'.format(secret.name)) +# [END secretmanager_list_secrets] + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + args = parser.parse_args() + + list_secrets(args.project_id) diff --git a/samples/snippets/quickstart.py b/samples/snippets/quickstart.py new file mode 100644 index 0000000..5ebaba9 --- /dev/null +++ b/samples/snippets/quickstart.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +""" +command line application and sample code for creating an accessing a secret. +""" + + +def quickstart(_project_id=None, _secret_id=None): + # [START secretmanager_quickstart] + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # GCP project in which to store secrets in Secret Manager. + project_id = 'YOUR_PROJECT_ID' + + # ID of the secret to create. + secret_id = 'YOUR_SECRET_ID' + + # [END secretmanager_quickstart] + project_id = _project_id + secret_id = _secret_id + # [START secretmanager_quickstart] + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the parent name from the project. + parent = client.project_path(project_id) + + # Create the parent secret. + secret = client.create_secret(parent, secret_id, { + 'replication': { + 'automatic': {}, + }, + }) + + # Add the secret version. + version = client.add_secret_version(secret.name, {'data': b'hello world!'}) + + # Access the secret version. + response = client.access_secret_version(version.name) + + # Print the secret payload. + # + # WARNING: Do not print the secret in a production environment - this + # snippet is showing how to access the secret material. + payload = response.payload.data.decode('UTF-8') + print('Plaintext: {}'.format(payload)) + # [END secretmanager_quickstart] + + +if __name__ == '__main__': + quickstart() diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt new file mode 100644 index 0000000..b4de702 --- /dev/null +++ b/samples/snippets/requirements.txt @@ -0,0 +1 @@ +google-cloud-secret-manager==0.1.0 diff --git a/samples/snippets/snippets_test.py b/samples/snippets/snippets_test.py new file mode 100644 index 0000000..6269286 --- /dev/null +++ b/samples/snippets/snippets_test.py @@ -0,0 +1,172 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and + +import os +import pytest +import uuid + +from quickstart import quickstart +from access_secret_version import access_secret_version +from add_secret_version import add_secret_version +from create_secret import create_secret +from delete_secret import delete_secret +from destroy_secret_version import destroy_secret_version +from disable_secret_version import disable_secret_version +from enable_secret_version import enable_secret_version +from get_secret_version import get_secret_version +from get_secret import get_secret +from list_secret_versions import list_secret_versions +from list_secrets import list_secrets +from update_secret import update_secret + +from google.api_core import exceptions +from google.cloud import secretmanager_v1beta1 as secretmanager + + +@pytest.fixture() +def client(): + return secretmanager.SecretManagerServiceClient() + + +@pytest.fixture() +def project_id(): + return os.environ['GCLOUD_PROJECT'] + + +@pytest.fixture() +def secret(client, project_id): + parent = client.project_path(project_id) + secret_id = 'python-secret-{}'.format(uuid.uuid4()) + + print('creating secret {}'.format(secret_id)) + secret = client.create_secret(parent, secret_id, { + 'replication': { + 'automatic': {}, + }, + }) + + yield project_id, secret_id + + print('deleting secret {}'.format(secret_id)) + try: + client.delete_secret(secret.name) + except exceptions.NotFound: + # Secret was already deleted, probably in the test + pass + + +another_secret = secret + + +@pytest.fixture() +def secret_version(client, secret): + project_id, secret_id = secret + + print('adding secret version to {}'.format(secret_id)) + parent = client.secret_path(project_id, secret_id) + payload = 'hello world!'.encode('UTF-8') + version = client.add_secret_version(parent, {'data': payload}) + + yield project_id, secret_id, version.name.rsplit('/', 1)[-1] + + +another_secret_version = secret_version + + +def test_quickstart(project_id): + secret_id = 'python-secret-{}'.format(uuid.uuid4()) + quickstart(project_id, secret_id) + + +def test_access_secret_version(secret_version): + project_id, secret_id, version_id = secret_version + version = access_secret_version(project_id, secret_id, version_id) + assert version.payload.data == b'hello world!' + + +def test_add_secret_version(secret): + project_id, secret_id = secret + payload = 'test123' + version = add_secret_version(project_id, secret_id, payload) + assert secret_id in version.name + + +def test_create_secret(client, project_id): + secret_id = 'python-secret-{}'.format(uuid.uuid4()) + secret = create_secret(project_id, secret_id) + assert secret_id in secret.name + client.delete_secret(secret.name) + + +def test_delete_secret(client, secret): + project_id, secret_id = secret + delete_secret(project_id, secret_id) + with pytest.raises(exceptions.NotFound): + print('{}'.format(client)) + name = client.secret_version_path(project_id, secret_id, 'latest') + client.access_secret_version(name) + + +def test_destroy_secret_version(client, secret_version): + project_id, secret_id, version_id = secret_version + version = destroy_secret_version(project_id, secret_id, version_id) + assert version.destroy_time + + +def test_enable_disable_secret_version(client, secret_version): + project_id, secret_id, version_id = secret_version + version = disable_secret_version(project_id, secret_id, version_id) + assert version.state == secretmanager.enums.SecretVersion.State.DISABLED + + version = enable_secret_version(project_id, secret_id, version_id) + assert version.state == secretmanager.enums.SecretVersion.State.ENABLED + + +def test_get_secret_version(client, secret_version): + project_id, secret_id, version_id = secret_version + version = get_secret_version(project_id, secret_id, version_id) + assert secret_id in version.name + assert version_id in version.name + + +def test_get_secret(client, secret): + project_id, secret_id = secret + snippet_secret = get_secret(project_id, secret_id) + assert secret_id in snippet_secret.name + + +def test_list_secret_versions(capsys, secret_version, another_secret_version): + project_id, secret_id, version_id = secret_version + _, _, another_version_id = another_secret_version + list_secret_versions(project_id, secret_id) + + out, _ = capsys.readouterr() + assert secret_id in out + assert version_id in out + assert another_version_id in out + + +def test_list_secrets(capsys, secret, another_secret): + project_id, secret_id = secret + _, another_secret_id = another_secret + list_secrets(project_id) + + out, _ = capsys.readouterr() + assert secret_id in out + assert another_secret_id in out + + +def test_update_secret(secret): + project_id, secret_id = secret + secret = update_secret(project_id, secret_id) + assert secret.labels['secretmanager'] == 'rocks' diff --git a/samples/snippets/update_secret.py b/samples/snippets/update_secret.py new file mode 100644 index 0000000..10e3241 --- /dev/null +++ b/samples/snippets/update_secret.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and + +import argparse + + +# [START secretmanager_update_secret] +def update_secret(project_id, secret_id): + """ + Update the metadata about an existing secret. + """ + + # Import the Secret Manager client library. + from google.cloud import secretmanager_v1beta1 as secretmanager + + # Create the Secret Manager client. + client = secretmanager.SecretManagerServiceClient() + + # Build the resource name of the secret. + name = client.secret_path(project_id, secret_id) + + # Update the secret. + secret = {'name': name, 'labels': {'secretmanager': 'rocks'}} + update_mask = {'paths': ['labels']} + response = client.update_secret(secret, update_mask) + + # Print the new secret name. + print('Updated secret: {}'.format(response.name)) + # [END secretmanager_update_secret] + + return response + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description=__doc__, + formatter_class=argparse.RawDescriptionHelpFormatter) + parser.add_argument('project_id', help='id of the GCP project') + parser.add_argument('--secret-id', required=True) + args = parser.parse_args() + + update_secret(args.project_id, args.secret_id)