From 2d77187d39f35d524380df92393d0fef291b463c Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Mon, 28 Mar 2022 15:40:43 -0700
Subject: [PATCH] feat: [SecretManager] Checksums in Secret Manager (#5074)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: Checksums in Secret Manager

Users can now use checksums for data integrity assurance when adding and
accessing SecretVersions.

PiperOrigin-RevId: 425369494

Source-Link: https://github.com/googleapis/googleapis/commit/70d389ce893cc2b817ff6aeef5763922c9a9a9aa

Source-Link: https://github.com/googleapis/googleapis-gen/commit/cf9290568284d2f099b9a00cc82a2a133be6dfda
Copy-Tag: eyJwIjoiU2VjcmV0TWFuYWdlci8uT3dsQm90LnlhbWwiLCJoIjoiY2Y5MjkwNTY4Mjg0ZDJmMDk5YjlhMDBjYzgyYTJhMTMzYmU2ZGZkYSJ9

* 🦉 Updates from OwlBot

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
---
 SecretManager/metadata/V1/Resources.php       | Bin 3947 -> 4045 bytes
 SecretManager/src/V1/SecretPayload.php        |  76 ++++++++++++++++++
 SecretManager/src/V1/SecretVersion.php        |  42 ++++++++++
 .../V1/SecretManagerServiceClientTest.php     |  10 +++
 4 files changed, 128 insertions(+)

diff --git a/SecretManager/metadata/V1/Resources.php b/SecretManager/metadata/V1/Resources.php
index f77eb3e445133f4ef9147219a31c09a6dfdf61b6..357721f4da3ce625f4348555f5bdb32ba47966c7 100644
GIT binary patch
delta 187
zcmaDYcUFGG1;)ucm=q^3V3L@8f$_rRn@swQzb11s2Pnv==jW&Ar0ORYWa_77rskx?
zC#7a2mSyG_=@k^^m*h{5V2;^*i8+~xX%Wk2b2bY`Z6Q4_#pImK)Vz}T;)2xVOrWlm
z_=3dBoczR;_~eY#<m}?oTnTmsMh%Y5S?r717=0%5@yY57$#QY0B$gz`Cl@6f8zoCH
e0TnPiF+Xr*^kC><WOU-=;)zF+->l8&zz6_5n>)n-

delta 91
zcmV-h0HpuTAL|~l&;gSP0??D40u+-#0tA!L0U?vw0xtoWlL-S*lX?SN7#bXBZ*OO8
xWiMfHX)j@JZf|s9bZKvHbF<F_X#xWB1G72?I03Vw2c8B29g{&09kY!NKmpd*9_au8

diff --git a/SecretManager/src/V1/SecretPayload.php b/SecretManager/src/V1/SecretPayload.php
index 97c693f42e2..54e2d71de85 100644
--- a/SecretManager/src/V1/SecretPayload.php
+++ b/SecretManager/src/V1/SecretPayload.php
@@ -22,6 +22,20 @@ class SecretPayload extends \Google\Protobuf\Internal\Message
      * Generated from protobuf field <code>bytes data = 1;</code>
      */
     private $data = '';
+    /**
+     * Optional. If specified, [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will verify the integrity of the
+     * received [data][google.cloud.secretmanager.v1.SecretPayload.data] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] calls using
+     * the crc32c checksum and store it to include in future
+     * [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion] responses. If a checksum is
+     * not provided in the [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] request, the
+     * [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will generate and store one for you.
+     * The CRC32C value is encoded as a Int64 for compatibility, and can be
+     * safely downconverted to uint32 in languages that support this type.
+     * https://cloud.google.com/apis/design/design_patterns#integer_types
+     *
+     * Generated from protobuf field <code>optional int64 data_crc32c = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    private $data_crc32c = null;
 
     /**
      * Constructor.
@@ -31,6 +45,16 @@ class SecretPayload extends \Google\Protobuf\Internal\Message
      *
      *     @type string $data
      *           The secret data. Must be no larger than 64KiB.
+     *     @type int|string $data_crc32c
+     *           Optional. If specified, [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will verify the integrity of the
+     *           received [data][google.cloud.secretmanager.v1.SecretPayload.data] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] calls using
+     *           the crc32c checksum and store it to include in future
+     *           [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion] responses. If a checksum is
+     *           not provided in the [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] request, the
+     *           [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will generate and store one for you.
+     *           The CRC32C value is encoded as a Int64 for compatibility, and can be
+     *           safely downconverted to uint32 in languages that support this type.
+     *           https://cloud.google.com/apis/design/design_patterns#integer_types
      * }
      */
     public function __construct($data = NULL) {
@@ -64,5 +88,57 @@ public function setData($var)
         return $this;
     }
 
+    /**
+     * Optional. If specified, [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will verify the integrity of the
+     * received [data][google.cloud.secretmanager.v1.SecretPayload.data] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] calls using
+     * the crc32c checksum and store it to include in future
+     * [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion] responses. If a checksum is
+     * not provided in the [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] request, the
+     * [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will generate and store one for you.
+     * The CRC32C value is encoded as a Int64 for compatibility, and can be
+     * safely downconverted to uint32 in languages that support this type.
+     * https://cloud.google.com/apis/design/design_patterns#integer_types
+     *
+     * Generated from protobuf field <code>optional int64 data_crc32c = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     * @return int|string
+     */
+    public function getDataCrc32C()
+    {
+        return isset($this->data_crc32c) ? $this->data_crc32c : 0;
+    }
+
+    public function hasDataCrc32C()
+    {
+        return isset($this->data_crc32c);
+    }
+
+    public function clearDataCrc32C()
+    {
+        unset($this->data_crc32c);
+    }
+
+    /**
+     * Optional. If specified, [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will verify the integrity of the
+     * received [data][google.cloud.secretmanager.v1.SecretPayload.data] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] calls using
+     * the crc32c checksum and store it to include in future
+     * [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion] responses. If a checksum is
+     * not provided in the [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] request, the
+     * [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will generate and store one for you.
+     * The CRC32C value is encoded as a Int64 for compatibility, and can be
+     * safely downconverted to uint32 in languages that support this type.
+     * https://cloud.google.com/apis/design/design_patterns#integer_types
+     *
+     * Generated from protobuf field <code>optional int64 data_crc32c = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     * @param int|string $var
+     * @return $this
+     */
+    public function setDataCrc32C($var)
+    {
+        GPBUtil::checkInt64($var);
+        $this->data_crc32c = $var;
+
+        return $this;
+    }
+
 }
 
diff --git a/SecretManager/src/V1/SecretVersion.php b/SecretManager/src/V1/SecretVersion.php
index 49abe0769fb..8737c806eac 100644
--- a/SecretManager/src/V1/SecretVersion.php
+++ b/SecretManager/src/V1/SecretVersion.php
@@ -56,6 +56,14 @@ class SecretVersion extends \Google\Protobuf\Internal\Message
      * Generated from protobuf field <code>string etag = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
      */
     private $etag = '';
+    /**
+     * Output only. True if payload checksum specified in [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] object has been
+     * received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] on
+     * [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].
+     *
+     * Generated from protobuf field <code>bool client_specified_payload_checksum = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     */
+    private $client_specified_payload_checksum = false;
 
     /**
      * Constructor.
@@ -80,6 +88,10 @@ class SecretVersion extends \Google\Protobuf\Internal\Message
      *           The replication status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
      *     @type string $etag
      *           Output only. Etag of the currently stored [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
+     *     @type bool $client_specified_payload_checksum
+     *           Output only. True if payload checksum specified in [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] object has been
+     *           received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] on
+     *           [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].
      * }
      */
     public function __construct($data = NULL) {
@@ -283,5 +295,35 @@ public function setEtag($var)
         return $this;
     }
 
+    /**
+     * Output only. True if payload checksum specified in [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] object has been
+     * received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] on
+     * [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].
+     *
+     * Generated from protobuf field <code>bool client_specified_payload_checksum = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     * @return bool
+     */
+    public function getClientSpecifiedPayloadChecksum()
+    {
+        return $this->client_specified_payload_checksum;
+    }
+
+    /**
+     * Output only. True if payload checksum specified in [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] object has been
+     * received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] on
+     * [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].
+     *
+     * Generated from protobuf field <code>bool client_specified_payload_checksum = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     * @param bool $var
+     * @return $this
+     */
+    public function setClientSpecifiedPayloadChecksum($var)
+    {
+        GPBUtil::checkBool($var);
+        $this->client_specified_payload_checksum = $var;
+
+        return $this;
+    }
+
 }
 
diff --git a/SecretManager/tests/Unit/V1/SecretManagerServiceClientTest.php b/SecretManager/tests/Unit/V1/SecretManagerServiceClientTest.php
index d4f0dea217f..6f7e36baa59 100644
--- a/SecretManager/tests/Unit/V1/SecretManagerServiceClientTest.php
+++ b/SecretManager/tests/Unit/V1/SecretManagerServiceClientTest.php
@@ -154,9 +154,11 @@ public function addSecretVersionTest()
         // Mock response
         $name = 'name3373707';
         $etag = 'etag3123477';
+        $clientSpecifiedPayloadChecksum = false;
         $expectedResponse = new SecretVersion();
         $expectedResponse->setName($name);
         $expectedResponse->setEtag($etag);
+        $expectedResponse->setClientSpecifiedPayloadChecksum($clientSpecifiedPayloadChecksum);
         $transport->addResponse($expectedResponse);
         // Mock request
         $formattedParent = $client->secretName('[PROJECT]', '[SECRET]');
@@ -363,9 +365,11 @@ public function destroySecretVersionTest()
         // Mock response
         $name2 = 'name2-1052831874';
         $etag2 = 'etag2-1293302904';
+        $clientSpecifiedPayloadChecksum = false;
         $expectedResponse = new SecretVersion();
         $expectedResponse->setName($name2);
         $expectedResponse->setEtag($etag2);
+        $expectedResponse->setClientSpecifiedPayloadChecksum($clientSpecifiedPayloadChecksum);
         $transport->addResponse($expectedResponse);
         // Mock request
         $formattedName = $client->secretVersionName('[PROJECT]', '[SECRET]', '[SECRET_VERSION]');
@@ -429,9 +433,11 @@ public function disableSecretVersionTest()
         // Mock response
         $name2 = 'name2-1052831874';
         $etag2 = 'etag2-1293302904';
+        $clientSpecifiedPayloadChecksum = false;
         $expectedResponse = new SecretVersion();
         $expectedResponse->setName($name2);
         $expectedResponse->setEtag($etag2);
+        $expectedResponse->setClientSpecifiedPayloadChecksum($clientSpecifiedPayloadChecksum);
         $transport->addResponse($expectedResponse);
         // Mock request
         $formattedName = $client->secretVersionName('[PROJECT]', '[SECRET]', '[SECRET_VERSION]');
@@ -495,9 +501,11 @@ public function enableSecretVersionTest()
         // Mock response
         $name2 = 'name2-1052831874';
         $etag2 = 'etag2-1293302904';
+        $clientSpecifiedPayloadChecksum = false;
         $expectedResponse = new SecretVersion();
         $expectedResponse->setName($name2);
         $expectedResponse->setEtag($etag2);
+        $expectedResponse->setClientSpecifiedPayloadChecksum($clientSpecifiedPayloadChecksum);
         $transport->addResponse($expectedResponse);
         // Mock request
         $formattedName = $client->secretVersionName('[PROJECT]', '[SECRET]', '[SECRET_VERSION]');
@@ -693,9 +701,11 @@ public function getSecretVersionTest()
         // Mock response
         $name2 = 'name2-1052831874';
         $etag = 'etag3123477';
+        $clientSpecifiedPayloadChecksum = false;
         $expectedResponse = new SecretVersion();
         $expectedResponse->setName($name2);
         $expectedResponse->setEtag($etag);
+        $expectedResponse->setClientSpecifiedPayloadChecksum($clientSpecifiedPayloadChecksum);
         $transport->addResponse($expectedResponse);
         // Mock request
         $formattedName = $client->secretVersionName('[PROJECT]', '[SECRET]', '[SECRET_VERSION]');