feat(secretmanager): Adding secret rotation samples

[khilan-crest]

Adding secret rotation samples

Fixes #

Note: Before submitting a pull request, please open an issue for discussion if you are not associated with Google.

Checklist

• I have followed guidelines from CONTRIBUTING.MD and Samples Style Guide
• Tests pass: npm test (see Testing)
• Lint pass: npm run lint (see Style)
• Required CI tests pass (see CI testing)
• These samples need a new API enabled in testing projects to pass (let us know which ones)
• These samples need a new/updated env vars in testing projects set to pass (let us know which ones)
• This pull request is from a branch created directly off of GoogleCloudPlatform/nodejs-docs-samples. Not a fork.
• This sample adds a new sample directory, and I updated the CODEOWNERS file with the codeowners for this sample
• This sample adds a new sample directory, and I created GitHub Actions workflow for this sample
• This sample adds a new Product API, and I updated the Blunderbuss issue/PR auto-assigner with the codeowners for this sample
• Please merge this PR for me once it is approved

Note: Any check with (dev), (experimental), or (legacy) can be ignored and should not block your PR from merging (see CI testing).

[snippet-bot]

Here is the summary of changes.

You are about to add 25 region tags.

• secret-manager/createSecretWithCmek.js:18, tag secretmanager_create_secret_with_cmek
• secret-manager/createSecretWithExpiration.js:18, tag secretmanager_create_secret_with_expiration
• secret-manager/createSecretWithRotation.js:18, tag secretmanager_create_secret_with_rotation
• secret-manager/createSecretWithTopic.js:18, tag secretmanager_create_secret_with_topic
• secret-manager/createSecretWithUserManagedReplicationPolicy.js:18, tag secretmanager_create_ummr_secret
• secret-manager/deleteSecretExpiration.js:18, tag secretmanager_delete_secret_expiration
• secret-manager/deleteSecretRotation.js:18, tag secretmanager_delete_secret_rotation
• secret-manager/detachTagBinding.js:18, tag secretmanager_detach_tag_binding
• secret-manager/listSecretVersionsWithFilter.js:18, tag secretmanager_list_secret_versions_with_filter
• secret-manager/listSecretsWithFilter.js:18, tag secretmanager_list_secrets_with_filter
• secret-manager/listTagBindings.js:18, tag secretmanager_list_tag_bindings
• secret-manager/regional_samples/createRegionalSecretWithCmek.js:18, tag secretmanager_create_secret_with_cmek
• secret-manager/regional_samples/createRegionalSecretWithExpiration.js:18, tag secretmanager_create_regional_secret_with_expire_time
• secret-manager/regional_samples/createRegionalSecretWithRotation.js:18, tag secretmanager_create_regional_secret_with_rotation
• secret-manager/regional_samples/createRegionalSecretWithTopic.js:18, tag secretmanager_create_regional_secret_with_topic
• secret-manager/regional_samples/deleteRegionalSecretExpiration.js:18, tag secretmanager_delete_regional_secret_expiration
• secret-manager/regional_samples/deleteRegionalSecretRotation.js:18, tag secretmanager_delete_regional_secret_rotation
• secret-manager/regional_samples/detachRegionalTag.js:18, tag secretmanager_detach_regional_tag
• secret-manager/regional_samples/listRegionalSecretVersionsWithFilter.js:18, tag secretmanager_list_regional_secret_versions_with_filter
• secret-manager/regional_samples/listRegionalSecretsWithFilter.js:18, tag secretmanager_list_regional_secrets_with_filter
• secret-manager/regional_samples/listRegionalTagBindings.js:18, tag secretmanager_list_regional_secret_tag_bindings
• secret-manager/regional_samples/updateRegionalSecretExpiration.js:18, tag secretmanager_update_regional_secret_expiration
• secret-manager/regional_samples/updateRegionalSecretRotation.js:18, tag secretmanager_update_regional_secret_rotation_period
• secret-manager/updateSecretExpiration.js:18, tag secretmanager_update_secret_expiration
• secret-manager/updateSecretRotation.js:18, tag secretmanager_update_secret_rotation

---

This comment is generated by snippet-bot.
If you find problems with this result, please file an issue at:
https://github.com/googleapis/repo-automation-bots/issues.
To update this comment, add snippet-bot:force-run label or use the checkbox below:

• Refresh this comment

[gemini-code-assist]

Summary of Changes

Hello @khilan-crest, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands the Node.js samples for Google Cloud Secret Manager. It introduces a suite of new examples demonstrating advanced secret management capabilities, including the creation and management of secrets with Customer-Managed Encryption Keys (CMEK), expiration policies, and rotation schedules. Additionally, it provides samples for configuring Pub/Sub topics for secret notifications, managing tag bindings, and filtering secrets and their versions. A key addition is the inclusion of regional samples for all these features, offering developers practical guidance for deploying and managing secrets in specific Google Cloud regions.

Highlights

• New Secret Management Samples: Introduced a comprehensive set of new Node.js samples for Google Cloud Secret Manager, covering advanced features for secret creation and management.
• Advanced Secret Configuration: Added samples for creating secrets with Customer-Managed Encryption Keys (CMEK), defining expiration times, and configuring automatic rotation schedules.
• Secret Lifecycle Management: Included samples for updating and deleting secret expiration and rotation configurations, providing full lifecycle management examples.
• Filtering and Tagging Capabilities: New samples demonstrate how to list secrets and secret versions using filters, and how to manage (list and detach) tag bindings associated with secrets.
• Regional Secret Manager Support: All new secret management features are also demonstrated with dedicated regional samples, showcasing how to interact with regional Secret Manager deployments.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces new samples for managing secret rotation, expiration, CMEK, and tag bindings in Secret Manager, including regional variations. The new samples are well-structured and follow the existing patterns. However, there is a correctness issue in createSecretWithUserManagedReplicationPolicy.js where the ttl parameter, expected as a string like '900s', is directly assigned to a numeric seconds field, which will cause a runtime error. This also affects the corresponding test case. Addressing this type mismatch will ensure the samples function as intended.

[gemini-code-assist]

The ttl parameter is passed as a string (e.g., '7776000s') but the seconds field in the ttl object expects a numeric value. Directly assigning the string will lead to a type mismatch error at runtime. Please parse the ttl string to extract the numeric value for seconds.

Suggested change

	seconds: ttl,
	},
	seconds: parseInt(ttl.replace('s', ''), 10),

[khilan-crest]

Done updated

[gemini-code-assist]

The ttl parameter is passed as a string ('900s') to the createSecretWithUserManagedReplicationPolicy.js sample. As noted in the comment for that file, the sample expects a numeric value for the seconds field, which will cause a runtime error. The sample itself needs to be updated to parse this string into a number.

[khilan-crest]

Done