From 2095a04e73f2437cc4ccbaa272b1998422d18fe3 Mon Sep 17 00:00:00 2001
From: gwhitehawk <gwhitehawk@gmail.com>
Date: Sun, 13 Mar 2022 15:52:20 -0400
Subject: [PATCH] docs(samples): add checksum snippets (#255)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* docs(samples): add checksum snippets

Source-Link: https://github.com/googleapis/synthtool/commit/571ee2c3b26182429eddcf115122ee545d7d3787
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:660abdf857d3ab9aabcd967c163c70e657fcc5653595c709263af5f3fa23ef67

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* lint

* lint

* lint

* remove extra blank line

* lint

* Fix  `google-crc32c` pin in samples/snippets/requirements.txt

Co-authored-by: gcf-owl-bot[bot] <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
---
 samples/snippets/access_secret_version.py |  9 +++++++++
 samples/snippets/add_secret_version.py    | 12 +++++++++++-
 samples/snippets/requirements.txt         |  3 ++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/samples/snippets/access_secret_version.py b/samples/snippets/access_secret_version.py
index a8e2837..0939efe 100644
--- a/samples/snippets/access_secret_version.py
+++ b/samples/snippets/access_secret_version.py
@@ -18,6 +18,8 @@
 
 import argparse
 
+import google_crc32c
+
 
 # [START secretmanager_access_secret_version]
 def access_secret_version(project_id, secret_id, version_id):
@@ -38,6 +40,13 @@ def access_secret_version(project_id, secret_id, version_id):
     # Access the secret version.
     response = client.access_secret_version(request={"name": name})
 
+    # Verify payload checksum.
+    crc32c = google_crc32c.Checksum()
+    crc32c.update(response.payload.data)
+    if response.payload.data_crc32c != int(crc32c.hexdigest(), 16):
+        print("Data corruption detected.")
+        return response
+
     # Print the secret payload.
     #
     # WARNING: Do not print the secret in a production environment - this
diff --git a/samples/snippets/add_secret_version.py b/samples/snippets/add_secret_version.py
index 442b12e..4481259 100644
--- a/samples/snippets/add_secret_version.py
+++ b/samples/snippets/add_secret_version.py
@@ -19,6 +19,8 @@
 
 import argparse
 
+import google_crc32c
+
 
 # [START secretmanager_add_secret_version]
 def add_secret_version(project_id, secret_id, payload):
@@ -39,9 +41,17 @@ def add_secret_version(project_id, secret_id, payload):
     # pass in bytes instead of a str for the payload argument.
     payload = payload.encode("UTF-8")
 
+    # Calculate payload checksum. Passing a checksum in add-version request
+    # is optional.
+    crc32c = google_crc32c.Checksum()
+    crc32c.update(payload)
+
     # Add the secret version.
     response = client.add_secret_version(
-        request={"parent": parent, "payload": {"data": payload}}
+        request={
+            "parent": parent,
+            "payload": {"data": payload, "data_crc32c": int(crc32c.hexdigest(), 16)},
+        }
     )
 
     # Print the new secret version name.
diff --git a/samples/snippets/requirements.txt b/samples/snippets/requirements.txt
index 5777fd4..a39470b 100644
--- a/samples/snippets/requirements.txt
+++ b/samples/snippets/requirements.txt
@@ -1 +1,2 @@
-google-cloud-secret-manager==2.9.1
\ No newline at end of file
+google-cloud-secret-manager==2.9.1
+google-crc32c==1.3.0
\ No newline at end of file