Add defineJsonSecret API for structured secret configuration

[taeold]

Implements defineJsonSecret() to retrieve JSON objects in Cloud Secret Manager.

Useful for consolidating related secrets (e.g., API keys, webhooks, client IDs) into a single secret, reducing costs and improving organization.

defineJsonSecret is really just a string that the SDK will parse as JSON at runtime. If the value is undefined or not a valid JSON, the call to .value() will immediately throw.

This change also introduces a backward compatible wire protocol changes (backward compatible). A new annotation format will be set to json for json secrets, and CLI can use it to validate the user input as valid JSON at deploy time.

[gemini-code-assist]

Summary of Changes

Hello @taeold, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant enhancement to secret management by providing a dedicated API, defineJsonSecret, for handling JSON-formatted secrets. This allows for more structured and organized storage of configuration data in Cloud Secret Manager, with automatic parsing and validation at runtime. The change also includes a backward-compatible update to the wire protocol to support CLI-side validation of these new JSON secrets.

Highlights

• New API: defineJsonSecret: Introduced a new API, defineJsonSecret, to allow storing and retrieving structured JSON objects as secrets in Cloud Secret Manager.
• Runtime JSON Parsing: The defineJsonSecret API automatically parses the secret value as JSON at runtime, returning a JavaScript object. It throws an error if the value is undefined or not valid JSON.
• CLI Validation Support: A new format: "json" annotation has been added to the secret parameter specification, enabling the CLI to validate user input as valid JSON during deployment.
• Improved Secret Organization: This feature allows developers to consolidate related configuration values (e.g., API keys, webhooks) into a single secret, improving organization and potentially reducing costs.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new defineJsonSecret API for handling structured JSON secrets, which is a valuable addition. The implementation is well-tested and follows existing patterns in the codebase. My review includes suggestions to improve the new API's type safety by making it generic, which would enhance the developer experience. I've also recommended clarifying the documentation regarding error handling.

[taeold]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new defineJsonSecret API for handling structured JSON secrets, which is a great addition for managing complex configurations. The implementation is solid, with good documentation and comprehensive tests covering various scenarios. I have a couple of minor suggestions to improve debuggability and documentation consistency.

[jhuleatt]

is this the behavior we want? maybe we should error on empty JSON

[taeold]

Given that user would've have to store {} in SCM, I feel kinda okay not throwing.