feat: added expire_time and ttl fields to Secret (#201)

PiperOrigin-RevId: 352563582

Source-Author: Google APIs <noreply@google.com>
Source-Date: Tue Jan 19 07:29:20 2021 -0800
Source-Repo: googleapis/googleapis
Source-Sha: 9ecdacc9a00e1dd443b11bf10215d6e7648db8a7
Source-Link: googleapis/googleapis@9ecdacc

packages/google-cloud-secretmanager/protos/google/cloud/secretmanager/v1/resources.proto

@@ -18,6 +18,7 @@ package google.cloud.secretmanager.v1;
 
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
+import "google/protobuf/duration.proto";
 import "google/protobuf/timestamp.proto";
 import "google/api/annotations.proto";
 
@@ -68,6 +69,23 @@ message Secret {
   //
   // No more than 64 labels can be assigned to a given resource.
   map<string, string> labels = 4;
+
+  // Expiration policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. If specified the [Secret][google.cloud.secretmanager.v1.Secret]
+  // and all [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] will be automatically deleted at
+  // expiration. Expired secrets are irreversibly deleted.
+  //
+  // Expiration is *not* the recommended way to set time-based permissions. [IAM
+  // Conditions](https://cloud.google.com/secret-manager/docs/access-control#conditions)
+  // is recommended for granting time-based permissions because the operation
+  // can be reversed.
+  oneof expiration {
+    // Optional. Timestamp in UTC when the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to expire. This is
+    // always provided on output, regardless of what was sent on input.
+    google.protobuf.Timestamp expire_time = 6 [(google.api.field_behavior) = OPTIONAL];
+
+    // Input only. The TTL for the [Secret][google.cloud.secretmanager.v1.Secret].
+    google.protobuf.Duration ttl = 7 [(google.api.field_behavior) = INPUT_ONLY];
+  }
 }
 
 // A secret version resource in the Secret Manager API.