chore(secretmanager): add optional argument ttl to createSecret (#4894)

* chore(secretmanager): add optional argument ttl to createSecret and testing it with/without ttl

* chore(secretmanager): add optional argument ttl to createSecret and testing it with/without ttl

* chore(secretmanager): add function/test for secret with ttl

* chore(secretmanager): add function/test for secret with ttl

---------

Co-authored-by: Jennifer Davis <[email protected]>
Co-authored-by: Eric Schmidt <[email protected]>

Author: 3 people

secretmanager/create_secret_ttl.go

@@ -0,0 +1,67 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package secretmanager
+
+// [START secretmanager_create_secret_with_ttl]
+import (
+	"context"
+	"fmt"
+	"io"
+	"time"
+
+	secretmanager "cloud.google.com/go/secretmanager/apiv1"
+	"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
+	"google.golang.org/protobuf/types/known/durationpb"
+)
+
+// createSecretWithTTL creates a new secret with the given name and ttl.
+func createSecretWithTTL(w io.Writer, parent, id string, d time.Duration) error {
+	// parent := "projects/my-project"
+	// id := "my-secret"
+
+	expiration := &secretmanagerpb.Secret_Ttl{Ttl: durationpb.New(d)}
+
+	// Create the client.
+	ctx := context.Background()
+	client, err := secretmanager.NewClient(ctx)
+	if err != nil {
+		return fmt.Errorf("failed to create secretmanager client: %w", err)
+	}
+	defer client.Close()
+
+	// Build the request.
+	req := &secretmanagerpb.CreateSecretRequest{
+		Parent:   parent,
+		SecretId: id,
+		Secret: &secretmanagerpb.Secret{
+			Replication: &secretmanagerpb.Replication{
+				Replication: &secretmanagerpb.Replication_Automatic_{
+					Automatic: &secretmanagerpb.Replication_Automatic{},
+				},
+			},
+			Expiration: expiration,
+		},
+	}
+
+	// Call the API.
+	result, err := client.CreateSecret(ctx, req)
+	if err != nil {
+		return fmt.Errorf("failed to create secret: %w", err)
+	}
+	fmt.Fprintf(w, "Created secret with ttl: %s\n", result.Name)
+	return nil
+}
+
+// [END secretmanager_create_secret_with_ttl]

secretmanager/go.mod

@@ -9,6 +9,7 @@ require (
 	google.golang.org/api v0.195.0
 	google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed
 	google.golang.org/grpc v1.66.0
+	google.golang.org/protobuf v1.34.2
 )
 
 require (
@@ -41,5 +42,4 @@ require (
 	golang.org/x/time v0.6.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
 )

secretmanager/secretmanager_test.go

@@ -21,6 +21,7 @@ import (
 	"os"
 	"reflect"
 	"strings"
+	"time"
 
 	"testing"
 
@@ -321,6 +322,26 @@ func TestCreateSecret(t *testing.T) {
 	}
 }
 
+func TestCreateSecretWithTTL(t *testing.T) {
+	tc := testutil.SystemTest(t)
+
+	secretID := "createSecretTTL"
+
+	parent := fmt.Sprintf("projects/%s", tc.ProjectID)
+
+	duration := time.Second * 70
+
+	var b bytes.Buffer
+	if err := createSecretWithTTL(&b, parent, secretID, duration); err != nil {
+		t.Fatal(err)
+	}
+	defer testCleanupSecret(t, fmt.Sprintf("projects/%s/secrets/%s", tc.ProjectID, secretID))
+
+	if got, want := b.String(), "Created secret with ttl:"; !strings.Contains(got, want) {
+		t.Errorf("createSecretWithTTL: expected %q to contain %q", got, want)
+	}
+}
+
 func TestCreateSecretWithLabels(t *testing.T) {
 	tc := testutil.SystemTest(t)