feat: added topic field to Secret (#207)

PiperOrigin-RevId: 359285402 Source-Author: Google APIs <noreply@google.com> Source-Date: Wed Feb 24 07:59:50 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 8b3d36daaf5561496b7d4075fba4f2c52d18ca1c Source-Link: googleapis/googleapis@8b3d36d
googleapis · Mar 2, 2021 · 60940bf · 60940bf
1 parent 718a354
commit 60940bf
Show file tree

Hide file tree

Showing 8 changed files with 463 additions and 5 deletions.
diff --git a/packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/resources.proto b/packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/resources.proto
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -70,6 +70,10 @@ message Secret {
   // No more than 64 labels can be assigned to a given resource.
   map<string, string> labels = 4;
 
+  // Optional. A list of up to 10 Pub/Sub topics to which messages are published when
+  // control plane operations are called on the secret or its versions.
+  repeated Topic topics = 5 [(google.api.field_behavior) = OPTIONAL];
+
   // Expiration policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. If specified the [Secret][google.cloud.secretmanager.v1.Secret]
   // and all [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] will be automatically deleted at
   // expiration. Expired secrets are irreversibly deleted.
@@ -260,6 +264,20 @@ message CustomerManagedEncryptionStatus {
   string kms_key_version_name = 1 [(google.api.field_behavior) = REQUIRED];
 }
 
+// A Pub/Sub topic which Secret Manager will publish to when control plane
+// events occur on this secret.
+message Topic {
+  option (google.api.resource) = {
+    type: "pubsub.googleapis.com/Topic"
+    pattern: "projects/{project}/topics/{topic}"
+  };
+
+  // Required. The resource name of the Pub/Sub topic that will be published to, in the
+  // following format: `projects/*/topics/*`. For publication to succeed, the
+  // Secret Manager P4SA must have `pubsub.publisher` permissions on the topic.
+  string name = 1 [(google.api.field_behavior) = REQUIRED];
+}
+
 // A secret payload resource in the Secret Manager API. This contains the
 // sensitive secret payload that is associated with a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
 message SecretPayload {

diff --git a/packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/service.proto b/packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/service.proto
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

diff --git a/packages/google-cloud-secretmanager/protos/protos.d.ts b/packages/google-cloud-secretmanager/protos/protos.d.ts