feat(secretmanager): Added samples for tags field #13484
Conversation
product-auto-label
bot
added
api: secretmanager
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @durgesh-ninave-crest, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request enhances the Google Cloud Secret Manager Python samples by adding new code examples that demonstrate the use of tags. The new samples cover two primary use cases: creating secrets with tags and binding tags to existing secrets, providing examples for both global and regional API interactions. This update also includes necessary test infrastructure and dependency changes to support the new functionalities.
Highlights
- New Secret Manager Samples: Introduced new Python samples for the Google Cloud Secret Manager API, focusing on the recently added tags feature.
- Create Secret With Tags: Added samples demonstrating how to create a new secret and assign tags to it during the creation process, for both global and regional Secret Manager API endpoints.
- Bind Tags to Secret: Included samples that show how to bind existing tags to a secret after it has been created, utilizing both global and regional Secret Manager and Resource Manager APIs.
- Testing and Dependencies: Updated existing test suites to include new integration tests for the tag-related functionalities and updated
requirements.txtto include thegoogle_cloud_resource_managerlibrary and a newer version ofgoogle-cloud-secret-manager.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request introduces new samples for using tags with Google Cloud Secret Manager, covering both global and regional APIs. The changes are well-structured, with new sample files and corresponding tests.
My review has identified a critical issue in one of the new regional samples that would cause it to fail at runtime. Additionally, there are several instances of incorrect type hints in both the sample code and test files, which impacts code correctness and developer experience. I've also included some suggestions to improve docstrings and code style for better maintainability.
Once these issues are addressed, this will be a valuable addition to the Secret Manager samples.
| request={ | ||
| "parent": parent, | ||
| "secret_id": secret_id, | ||
| } |
There was a problem hiding this comment.
The create_secret request is missing the required secret field. For a regional secret with default settings, an empty secret object should be provided. Without this, the API call will fail.
request={
"parent": parent,
"secret_id": secret_id,
"secret": {},
}| def retry_client_delete_tag_value( | ||
| tag_values_client: resourcemanager_v3.TagValuesClient, | ||
| request: Optional[Union[resourcemanager_v3.DeleteTagValueRequest, dict]], | ||
| ) -> None: |
There was a problem hiding this comment.
The function's return type hint is None, but it returns response.name (a string) on line 201. Please update the type hint to str to match the returned value.
| ) -> None: | |
| ) -> str: |
| def retry_client_delete_tag_value( | ||
| tag_values_client: resourcemanager_v3.TagValuesClient, | ||
| request: Union[resourcemanager_v3.DeleteTagValueRequest, dict], | ||
| ) -> None: |
There was a problem hiding this comment.
The function's return type hint is None, but it returns response.name (a string) on line 195. Please update the type hint to str to match the returned value.
| ) -> None: | |
| ) -> str: |
| location_id: str, | ||
| secret_id: str, | ||
| tag_value: str, | ||
| ) -> secretmanager.Secret: |
There was a problem hiding this comment.
The function's return type hint is secretmanager.Secret, but it actually returns a resourcemanager_v3.TagBinding object on line 87. Please update the type hint to match the returned value.
| ) -> secretmanager.Secret: | |
| ) -> resourcemanager_v3.TagBinding: |
| def retry_client_delete_tag_key( | ||
| tag_keys_client: resourcemanager_v3.TagKeysClient, | ||
| request: Optional[Union[resourcemanager_v3.DeleteTagKeyRequest, dict]], | ||
| ) -> None: |
There was a problem hiding this comment.
The function's return type hint is None, but it returns response.name (a string) on line 212. Please update the type hint to str to match the returned value.
| ) -> None: | |
| ) -> str: |
| """ | ||
| Create a new secret with the given name. A secret is a logical wrapper | ||
| around a collection of secret versions. Secret versions hold the actual | ||
| secret material. | ||
| """ |
There was a problem hiding this comment.
The docstring is a bit generic. It should be updated to mention that the secret is created with tags for better clarity.
| """ | |
| Create a new secret with the given name. A secret is a logical wrapper | |
| around a collection of secret versions. Secret versions hold the actual | |
| secret material. | |
| """ | |
| """ | |
| Create a new regional secret with the given name and associated tags. A | |
| secret is a logical wrapper around a collection of secret versions. Secret | |
| versions hold the actual secret material. | |
| """ |
| request={ | ||
| "tag_key": { | ||
| "parent": f"projects/{project_id}", | ||
| "short_name": f"{short_key_name}" |
There was a problem hiding this comment.
The f-string is redundant here. You can use the variable short_key_name directly.
| "short_name": f"{short_key_name}" | |
| "short_name": short_key_name |
| """ | ||
| Create a new secret with the given name. A secret is a logical wrapper | ||
| around a collection of secret versions. Secret versions hold the actual | ||
| secret material. | ||
| """ |
There was a problem hiding this comment.
The docstring seems to be copied from another sample and only describes creating a secret. This function also binds a tag to the newly created secret. The docstring should be updated to accurately describe the function's full behavior.
| """ | |
| Create a new secret with the given name. A secret is a logical wrapper | |
| around a collection of secret versions. Secret versions hold the actual | |
| secret material. | |
| """ | |
| """ | |
| Create a new regional secret with the given name, and then bind an existing | |
| tag to it. A secret is a logical wrapper around a collection of secret | |
| versions. Secret versions hold the actual secret material. | |
| """ |
| request={ | ||
| "tag_key": { | ||
| "parent": f"projects/{project_id}", | ||
| "short_name": f"{short_key_name}" |
There was a problem hiding this comment.
The f-string is redundant here. You can use the variable short_key_name directly.
| "short_name": f"{short_key_name}" | |
| "short_name": short_key_name |
| request={ | ||
| "tag_value": { | ||
| "parent": f"{tag_key}", | ||
| "short_name": f"{short_value_name}", |
There was a problem hiding this comment.
The f-string is redundant here. You can use the variable short_value_name directly.
| "short_name": f"{short_value_name}", | |
| "short_name": short_value_name, |
|
Here is the summary of changes. You are about to add 4 region tags.
This comment is generated by snippet-bot.
|
Description
Created samples for Global and Regional Secret Manager API
Samples (Global, Regional)
Ref: https://cloud.google.com/secret-manager/docs/create-and-manage-tags
Checklist
nox -s py-3.9(see Test Environment Setup)nox -s lint(see Test Environment Setup)