feat:added samples for labels, regional SM (#12687)

* feat:added samples for labels, regional SM

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* fix: updated function description

* fix: updated function description

* fix: resolved comments

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: vipul7499

secretmanager/snippets/regional_samples/create_regional_secret_with_labels.py

@@ -0,0 +1,85 @@
+#!/usr/bin/env python
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+"""
+command line application and sample code for creating a new secret with
+labels.
+"""
+
+# [START secretmanager_create_regional_secret_with_label]
+import argparse
+import typing
+
+# Import the Secret Manager client library.
+from google.cloud import secretmanager_v1
+
+
+def create_regional_secret_with_labels(
+    project_id: str,
+    location_id: str,
+    secret_id: str,
+    labels: typing.Dict[str, str],
+    ttl: typing.Optional[str] = None,
+) -> secretmanager_v1.Secret:
+    """
+    Create a new secret with the given name. A secret is a logical wrapper
+    around a collection of secret versions. Secret versions hold the actual
+    secret material.
+    """
+
+    # Endpoint to call the regional Secret Manager API.
+    api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com"
+
+    # Create the Secret Manager client.
+    client = secretmanager_v1.SecretManagerServiceClient(
+        client_options={"api_endpoint": api_endpoint},
+    )
+
+    # Build the resource name of the parent secret.
+    parent = f"projects/{project_id}/locations/{location_id}"
+
+    # Create the secret.
+    response = client.create_secret(
+        request={
+            "parent": parent,
+            "secret_id": secret_id,
+            "secret": {"ttl": ttl, "labels": labels},
+        }
+    )
+
+    # Print the new secret name.
+    print(f"Created secret: {response.name}")
+
+    return response
+
+
+# [END secretmanager_create_regional_secret_with_label]
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument(
+        "location_id", help="id of the location where secret is to be created"
+    )
+    parser.add_argument("secret_id", help="id of the secret to create")
+    parser.add_argument("label_key", help="key of the label you want to add")
+    parser.add_argument("label_value", help="value of the label you want to add")
+    args = parser.parse_args()
+
+    labels = {args.label_key, args.label_value}
+    create_regional_secret_with_labels(
+        args.project_id, args.location_id, args.secret_id, labels
+    )

secretmanager/snippets/regional_samples/delete_regional_secret_label.py

@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# [START secretmanager_delete_regional_secret_label]
+import argparse
+
+# Import the Secret Manager client library.
+from google.cloud import secretmanager_v1
+
+
+def delete_regional_secret_label(
+    project_id: str, location_id: str, secret_id: str, label_key: str
+) -> secretmanager_v1.UpdateSecretRequest:
+    """
+    Delete a label on an existing secret.
+    """
+
+    # Endpoint to call the regional Secret Manager API.
+    api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com"
+
+    # Create the Secret Manager client.
+    client = secretmanager_v1.SecretManagerServiceClient(
+        client_options={"api_endpoint": api_endpoint},
+    )
+
+    # Build the resource name of the parent secret.
+    name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}"
+
+    # Get the secret.
+    response = client.get_secret(request={"name": name})
+
+    labels = response.labels
+
+    # Delete the label
+    labels.pop(label_key, None)
+
+    # Update the secret.
+    secret = {"name": name, "labels": labels}
+    update_mask = {"paths": ["labels"]}
+    response = client.update_secret(
+        request={"secret": secret, "update_mask": update_mask}
+    )
+
+    # Print the new secret name.
+    print(f"Updated secret: {response.name}")
+
+    return response
+
+
+# [END secretmanager_delete_regional_secret_label]
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument(
+        "location_id", help="id of the location where secret is to be created"
+    )
+    parser.add_argument("secret_id", help="id of the secret to act on")
+    parser.add_argument("label_key", help="key of the label to be deleted")
+    args = parser.parse_args()
+
+    delete_regional_secret_label(
+        args.project_id, args.location_id, args.secret_id, args.label_key
+    )

secretmanager/snippets/regional_samples/edit_regional_secret_label.py

@@ -0,0 +1,83 @@
+#!/usr/bin/env python
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# [START secretmanager_edit_regional_secret_label]
+
+import argparse
+from typing import Dict
+
+# Import the Secret Manager client library.
+from google.cloud import secretmanager_v1
+
+
+def edit_regional_secret_label(
+    project_id: str, location_id: str, secret_id: str, new_labels: Dict[str, str]
+) -> secretmanager_v1.UpdateSecretRequest:
+    """
+    Create or update a label on an existing secret.
+    """
+
+    # Endpoint to call the regional Secret Manager API.
+    api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com"
+
+    # Create the Secret Manager client.
+    client = secretmanager_v1.SecretManagerServiceClient(
+        client_options={"api_endpoint": api_endpoint},
+    )
+
+    # Build the resource name of the parent secret.
+    name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}"
+
+    # Get the secret.
+    response = client.get_secret(request={"name": name})
+
+    labels = response.labels
+
+    # Update the labels
+    for label_key in new_labels:
+        labels[label_key] = new_labels[label_key]
+
+    # Update the secret.
+    secret = {"name": name, "labels": labels}
+    update_mask = {"paths": ["labels"]}
+    response = client.update_secret(
+        request={"secret": secret, "update_mask": update_mask}
+    )
+
+    # Print the new secret name.
+    print(f"Updated secret: {response.name}")
+
+    return response
+
+
+# [END secretmanager_edit_regional_secret_label]
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument(
+        "location_id", help="id of the location where secret is to be created"
+    )
+    parser.add_argument("secret_id", help="id of the secret to act on")
+    parser.add_argument("label_key", help="key of the label to be added/updated")
+    parser.add_argument("label_value", help="value of the label to be added/updated")
+    args = parser.parse_args()
+
+    labels = {args.label_key, args.label_value}
+    edit_regional_secret_label(
+        args.project_id, args.location_id, args.secret_id, labels
+    )

secretmanager/snippets/regional_samples/get_regional_secret.py

@@ -31,7 +31,7 @@ def get_regional_secret(
     the secret container, not any secret material.
     """
 
-    # Endpoint to call the regional secret manager sever
+    # Endpoint to call the regional Secret Manager API
     api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com"
 
     # Create the Secret Manager client.

secretmanager/snippets/regional_samples/snippets_test.py

@@ -23,12 +23,15 @@
 from regional_samples import access_regional_secret_version
 from regional_samples import add_regional_secret_version
 from regional_samples import create_regional_secret
+from regional_samples import create_regional_secret_with_labels
 from regional_samples import delete_regional_secret
+from regional_samples import delete_regional_secret_label
 from regional_samples import delete_regional_secret_with_etag
 from regional_samples import destroy_regional_secret_version
 from regional_samples import destroy_regional_secret_version_with_etag
 from regional_samples import disable_regional_secret_version
 from regional_samples import disable_regional_secret_version_with_etag
+from regional_samples import edit_regional_secret_label
 from regional_samples import enable_regional_secret_version
 from regional_samples import enable_regional_secret_version_with_etag
 from regional_samples import get_regional_secret
@@ -42,13 +45,24 @@
 from regional_samples import regional_quickstart
 from regional_samples import update_regional_secret
 from regional_samples import update_regional_secret_with_etag
+from regional_samples import view_regional_secret_labels
 
 
 @pytest.fixture()
 def location_id() -> str:
     return "us-east5"
 
 
+@pytest.fixture()
+def label_key() -> str:
+    return "googlecloud"
+
+
+@pytest.fixture()
+def label_value() -> str:
+    return "rocks"
+
+
 @pytest.fixture()
 def regional_client(location_id: str) -> secretmanager_v1.SecretManagerServiceClient:
     api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com"
@@ -148,6 +162,8 @@ def regional_secret(
     project_id: str,
     location_id: str,
     secret_id: str,
+    label_key: str,
+    label_value: str,
     ttl: str,
 ) -> Iterator[Tuple[str, str]]:
     print(f"creating secret {secret_id}")
@@ -159,7 +175,10 @@ def regional_secret(
         request={
             "parent": parent,
             "secret_id": secret_id,
-            "secret": {"ttl": ttl},
+            "secret": {
+                "ttl": ttl,
+                "labels": {label_key: label_value},
+            },
         },
     )
 
@@ -207,6 +226,40 @@ def test_create_regional_secret(
     assert secret_id in secret.name
 
 
+def test_create_regional_secret_with_label(
+    regional_client: secretmanager_v1.SecretManagerServiceClient,
+    project_id: str,
+    location_id: str,
+    secret_id: str,
+    label_key: str,
+    label_value: str,
+    ttl: str,
+) -> None:
+    labels = {label_key: label_value}
+    secret = create_regional_secret_with_labels.create_regional_secret_with_labels(
+        project_id, location_id, secret_id, labels, ttl
+    )
+    assert secret_id in secret.name
+
+
+def test_delete_regional_secret_labels(
+    regional_client: secretmanager_v1.SecretManagerServiceClient,
+    project_id: str,
+    location_id: str,
+    regional_secret: Tuple[str, str],
+    label_key: str,
+) -> None:
+    secret_id, _ = regional_secret
+    delete_regional_secret_label.delete_regional_secret_label(
+        project_id, location_id, secret_id, label_key
+    )
+    with pytest.raises(exceptions.NotFound):
+        name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}/versions/latest"
+        retry_client_access_regional_secret_version(
+            regional_client, request={"name": name}
+        )
+
+
 def test_delete_regional_secret_with_etag(
     regional_client: secretmanager_v1.SecretManagerServiceClient,
     regional_secret: Tuple[str, str],
@@ -457,6 +510,18 @@ def test_get_regional_secret(
     assert secret_id in snippet_regional_secret.name
 
 
+def test_edit_regional_secret_label(
+    project_id: str, location_id: str, regional_secret: Tuple[str, str], label_key: str
+) -> None:
+    secret_id, _ = regional_secret
+    updated_label_value = "updatedvalue"
+    labels = {label_key: updated_label_value}
+    updated_secret = edit_regional_secret_label.edit_regional_secret_label(
+        project_id, location_id, secret_id, labels
+    )
+    assert updated_secret.labels[label_key] == updated_label_value
+
+
 def test_update_regional_secret_with_etag(
     regional_secret: Tuple[str, str],
     project_id: str,
@@ -481,3 +546,19 @@ def test_update_regional_secret(
         project_id, location_id, secret_id
     )
     assert updated_regional_secret.labels["secretmanager"] == "rocks"
+
+
+def test_view_regional_secret_labels(
+    capsys: pytest.LogCaptureFixture,
+    project_id: str,
+    location_id: str,
+    regional_secret: Tuple[str, str],
+    label_key: str,
+) -> None:
+    secret_id, _ = regional_secret
+    view_regional_secret_labels.view_regional_secret_labels(
+        project_id, location_id, secret_id
+    )
+
+    out, _ = capsys.readouterr()
+    assert label_key in out