feat: Checksums in Secret Manager (#335)

Users can now use checksums for data integrity assurance when adding and
accessing SecretVersions.
PiperOrigin-RevId: 425369494
Source-Link: googleapis/googleapis@70d389c
Source-Link: https://github.com/googleapis/googleapis-gen/commit/cf9290568284d2f099b9a00cc82a2a133be6dfda
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiY2Y5MjkwNTY4Mjg0ZDJmMDk5YjlhMDBjYzgyYTJhMTMzYmU2ZGZkYSJ9
See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md
Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

protos/google/cloud/secretmanager/v1/resources.proto

@@ -16,11 +16,11 @@ syntax = "proto3";
 
 package google.cloud.secretmanager.v1;
 
+import "google/api/annotations.proto";
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/timestamp.proto";
-import "google/api/annotations.proto";
 
 option cc_enable_arenas = true;
 option csharp_namespace = "Google.Cloud.SecretManager.V1";
@@ -147,6 +147,11 @@ message SecretVersion {
 
   // Output only. Etag of the currently stored [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
   string etag = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. True if payload checksum specified in [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] object has been
+  // received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] on
+  // [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].
+  bool client_specified_payload_checksum = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
 // A policy that defines the replication and encryption configuration of data.
@@ -313,4 +318,16 @@ message Rotation {
 message SecretPayload {
   // The secret data. Must be no larger than 64KiB.
   bytes data = 1;
+
+  // Optional. If specified, [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will verify the integrity of the
+  // received [data][google.cloud.secretmanager.v1.SecretPayload.data] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] calls using
+  // the crc32c checksum and store it to include in future
+  // [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion] responses. If a checksum is
+  // not provided in the [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] request, the
+  // [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will generate and store one for you.
+  //
+  // The CRC32C value is encoded as a Int64 for compatibility, and can be
+  // safely downconverted to uint32 in languages that support this type.
+  // https://cloud.google.com/apis/design/design_patterns#integer_types
+  optional int64 data_crc32c = 2 [(google.api.field_behavior) = OPTIONAL];
 }