« prev ^ index » next coverage.py v7.3.1, created at 2023-09-25 06:37 +0000
1# -*- coding: utf-8 -*-
2# Copyright 2023 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from collections import OrderedDict
17import os
18import re
19from typing import (
20 Dict,
21 Mapping,
22 MutableMapping,
23 MutableSequence,
24 Optional,
25 Sequence,
26 Tuple,
27 Type,
28 Union,
29 cast,
30)
32from google.api_core import client_options as client_options_lib
33from google.api_core import exceptions as core_exceptions
34from google.api_core import gapic_v1
35from google.api_core import retry as retries
36from google.auth import credentials as ga_credentials # type: ignore
37from google.auth.exceptions import MutualTLSChannelError # type: ignore
38from google.auth.transport import mtls # type: ignore
39from google.auth.transport.grpc import SslCredentials # type: ignore
40from google.oauth2 import service_account # type: ignore
42from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
44try:
45 OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault]
46except AttributeError: # pragma: NO COVER
47 OptionalRetry = Union[retries.Retry, object] # type: ignore
49from google.iam.v1 import iam_policy_pb2 # type: ignore
50from google.iam.v1 import policy_pb2 # type: ignore
51from google.protobuf import field_mask_pb2 # type: ignore
52from google.protobuf import timestamp_pb2 # type: ignore
54from google.cloud.secretmanager_v1beta1.services.secret_manager_service import pagers
55from google.cloud.secretmanager_v1beta1.types import resources, service
57from .transports.base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
58from .transports.grpc import SecretManagerServiceGrpcTransport
59from .transports.grpc_asyncio import SecretManagerServiceGrpcAsyncIOTransport
60from .transports.rest import SecretManagerServiceRestTransport
63class SecretManagerServiceClientMeta(type):
64 """Metaclass for the SecretManagerService client.
66 This provides class-level methods for building and retrieving
67 support objects (e.g. transport) without polluting the client instance
68 objects.
69 """
71 _transport_registry = (
72 OrderedDict()
73 ) # type: Dict[str, Type[SecretManagerServiceTransport]]
74 _transport_registry["grpc"] = SecretManagerServiceGrpcTransport
75 _transport_registry["grpc_asyncio"] = SecretManagerServiceGrpcAsyncIOTransport
76 _transport_registry["rest"] = SecretManagerServiceRestTransport
78 def get_transport_class(
79 cls,
80 label: Optional[str] = None,
81 ) -> Type[SecretManagerServiceTransport]:
82 """Returns an appropriate transport class.
84 Args:
85 label: The name of the desired transport. If none is
86 provided, then the first transport in the registry is used.
88 Returns:
89 The transport class to use.
90 """
91 # If a specific transport is requested, return that one.
92 if label:
93 return cls._transport_registry[label]
95 # No transport is requested; return the default (that is, the first one
96 # in the dictionary).
97 return next(iter(cls._transport_registry.values()))
100class SecretManagerServiceClient(metaclass=SecretManagerServiceClientMeta):
101 """Secret Manager Service
103 Manages secrets and operations using those secrets. Implements a
104 REST model with the following objects:
106 - [Secret][google.cloud.secrets.v1beta1.Secret]
107 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
108 """
110 @staticmethod
111 def _get_default_mtls_endpoint(api_endpoint):
112 """Converts api endpoint to mTLS endpoint.
114 Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
115 "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
116 Args:
117 api_endpoint (Optional[str]): the api endpoint to convert.
118 Returns:
119 str: converted mTLS api endpoint.
120 """
121 if not api_endpoint:
122 return api_endpoint
124 mtls_endpoint_re = re.compile(
125 r"(?P<name>[^.]+)(?P<mtls>\.mtls)?(?P<sandbox>\.sandbox)?(?P<googledomain>\.googleapis\.com)?"
126 )
128 m = mtls_endpoint_re.match(api_endpoint)
129 name, mtls, sandbox, googledomain = m.groups()
130 if mtls or not googledomain:
131 return api_endpoint
133 if sandbox:
134 return api_endpoint.replace(
135 "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
136 )
138 return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
140 DEFAULT_ENDPOINT = "secretmanager.googleapis.com"
141 DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore
142 DEFAULT_ENDPOINT
143 )
145 @classmethod
146 def from_service_account_info(cls, info: dict, *args, **kwargs):
147 """Creates an instance of this client using the provided credentials
148 info.
150 Args:
151 info (dict): The service account private key info.
152 args: Additional arguments to pass to the constructor.
153 kwargs: Additional arguments to pass to the constructor.
155 Returns:
156 SecretManagerServiceClient: The constructed client.
157 """
158 credentials = service_account.Credentials.from_service_account_info(info)
159 kwargs["credentials"] = credentials
160 return cls(*args, **kwargs)
162 @classmethod
163 def from_service_account_file(cls, filename: str, *args, **kwargs):
164 """Creates an instance of this client using the provided credentials
165 file.
167 Args:
168 filename (str): The path to the service account private key json
169 file.
170 args: Additional arguments to pass to the constructor.
171 kwargs: Additional arguments to pass to the constructor.
173 Returns:
174 SecretManagerServiceClient: The constructed client.
175 """
176 credentials = service_account.Credentials.from_service_account_file(filename)
177 kwargs["credentials"] = credentials
178 return cls(*args, **kwargs)
180 from_service_account_json = from_service_account_file
182 @property
183 def transport(self) -> SecretManagerServiceTransport:
184 """Returns the transport used by the client instance.
186 Returns:
187 SecretManagerServiceTransport: The transport used by the client
188 instance.
189 """
190 return self._transport
192 @staticmethod
193 def secret_path(
194 project: str,
195 secret: str,
196 ) -> str:
197 """Returns a fully-qualified secret string."""
198 return "projects/{project}/secrets/{secret}".format(
199 project=project,
200 secret=secret,
201 )
203 @staticmethod
204 def parse_secret_path(path: str) -> Dict[str, str]:
205 """Parses a secret path into its component segments."""
206 m = re.match(r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)$", path)
207 return m.groupdict() if m else {}
209 @staticmethod
210 def secret_version_path(
211 project: str,
212 secret: str,
213 secret_version: str,
214 ) -> str:
215 """Returns a fully-qualified secret_version string."""
216 return "projects/{project}/secrets/{secret}/versions/{secret_version}".format(
217 project=project,
218 secret=secret,
219 secret_version=secret_version,
220 )
222 @staticmethod
223 def parse_secret_version_path(path: str) -> Dict[str, str]:
224 """Parses a secret_version path into its component segments."""
225 m = re.match(
226 r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)/versions/(?P<secret_version>.+?)$",
227 path,
228 )
229 return m.groupdict() if m else {}
231 @staticmethod
232 def common_billing_account_path(
233 billing_account: str,
234 ) -> str:
235 """Returns a fully-qualified billing_account string."""
236 return "billingAccounts/{billing_account}".format(
237 billing_account=billing_account,
238 )
240 @staticmethod
241 def parse_common_billing_account_path(path: str) -> Dict[str, str]:
242 """Parse a billing_account path into its component segments."""
243 m = re.match(r"^billingAccounts/(?P<billing_account>.+?)$", path)
244 return m.groupdict() if m else {}
246 @staticmethod
247 def common_folder_path(
248 folder: str,
249 ) -> str:
250 """Returns a fully-qualified folder string."""
251 return "folders/{folder}".format(
252 folder=folder,
253 )
255 @staticmethod
256 def parse_common_folder_path(path: str) -> Dict[str, str]:
257 """Parse a folder path into its component segments."""
258 m = re.match(r"^folders/(?P<folder>.+?)$", path)
259 return m.groupdict() if m else {}
261 @staticmethod
262 def common_organization_path(
263 organization: str,
264 ) -> str:
265 """Returns a fully-qualified organization string."""
266 return "organizations/{organization}".format(
267 organization=organization,
268 )
270 @staticmethod
271 def parse_common_organization_path(path: str) -> Dict[str, str]:
272 """Parse a organization path into its component segments."""
273 m = re.match(r"^organizations/(?P<organization>.+?)$", path)
274 return m.groupdict() if m else {}
276 @staticmethod
277 def common_project_path(
278 project: str,
279 ) -> str:
280 """Returns a fully-qualified project string."""
281 return "projects/{project}".format(
282 project=project,
283 )
285 @staticmethod
286 def parse_common_project_path(path: str) -> Dict[str, str]:
287 """Parse a project path into its component segments."""
288 m = re.match(r"^projects/(?P<project>.+?)$", path)
289 return m.groupdict() if m else {}
291 @staticmethod
292 def common_location_path(
293 project: str,
294 location: str,
295 ) -> str:
296 """Returns a fully-qualified location string."""
297 return "projects/{project}/locations/{location}".format(
298 project=project,
299 location=location,
300 )
302 @staticmethod
303 def parse_common_location_path(path: str) -> Dict[str, str]:
304 """Parse a location path into its component segments."""
305 m = re.match(r"^projects/(?P<project>.+?)/locations/(?P<location>.+?)$", path)
306 return m.groupdict() if m else {}
308 @classmethod
309 def get_mtls_endpoint_and_cert_source(
310 cls, client_options: Optional[client_options_lib.ClientOptions] = None
311 ):
312 """Return the API endpoint and client cert source for mutual TLS.
314 The client cert source is determined in the following order:
315 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
316 client cert source is None.
317 (2) if `client_options.client_cert_source` is provided, use the provided one; if the
318 default client cert source exists, use the default one; otherwise the client cert
319 source is None.
321 The API endpoint is determined in the following order:
322 (1) if `client_options.api_endpoint` if provided, use the provided one.
323 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
324 default mTLS endpoint; if the environment variable is "never", use the default API
325 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
326 use the default API endpoint.
328 More details can be found at https://google.aip.dev/auth/4114.
330 Args:
331 client_options (google.api_core.client_options.ClientOptions): Custom options for the
332 client. Only the `api_endpoint` and `client_cert_source` properties may be used
333 in this method.
335 Returns:
336 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
337 client cert source to use.
339 Raises:
340 google.auth.exceptions.MutualTLSChannelError: If any errors happen.
341 """
342 if client_options is None:
343 client_options = client_options_lib.ClientOptions()
344 use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
345 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
346 if use_client_cert not in ("true", "false"):
347 raise ValueError(
348 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
349 )
350 if use_mtls_endpoint not in ("auto", "never", "always"):
351 raise MutualTLSChannelError(
352 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
353 )
355 # Figure out the client cert source to use.
356 client_cert_source = None
357 if use_client_cert == "true":
358 if client_options.client_cert_source:
359 client_cert_source = client_options.client_cert_source
360 elif mtls.has_default_client_cert_source():
361 client_cert_source = mtls.default_client_cert_source()
363 # Figure out which api endpoint to use.
364 if client_options.api_endpoint is not None:
365 api_endpoint = client_options.api_endpoint
366 elif use_mtls_endpoint == "always" or (
367 use_mtls_endpoint == "auto" and client_cert_source
368 ):
369 api_endpoint = cls.DEFAULT_MTLS_ENDPOINT
370 else:
371 api_endpoint = cls.DEFAULT_ENDPOINT
373 return api_endpoint, client_cert_source
375 def __init__(
376 self,
377 *,
378 credentials: Optional[ga_credentials.Credentials] = None,
379 transport: Optional[Union[str, SecretManagerServiceTransport]] = None,
380 client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None,
381 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
382 ) -> None:
383 """Instantiates the secret manager service client.
385 Args:
386 credentials (Optional[google.auth.credentials.Credentials]): The
387 authorization credentials to attach to requests. These
388 credentials identify the application to the service; if none
389 are specified, the client will attempt to ascertain the
390 credentials from the environment.
391 transport (Union[str, SecretManagerServiceTransport]): The
392 transport to use. If set to None, a transport is chosen
393 automatically.
394 client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]): Custom options for the
395 client. It won't take effect if a ``transport`` instance is provided.
396 (1) The ``api_endpoint`` property can be used to override the
397 default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT
398 environment variable can also be used to override the endpoint:
399 "always" (always use the default mTLS endpoint), "never" (always
400 use the default regular endpoint) and "auto" (auto switch to the
401 default mTLS endpoint if client certificate is present, this is
402 the default value). However, the ``api_endpoint`` property takes
403 precedence if provided.
404 (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
405 is "true", then the ``client_cert_source`` property can be used
406 to provide client certificate for mutual TLS transport. If
407 not provided, the default SSL client certificate will be used if
408 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
409 set, no client certificate will be used.
410 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
411 The client info used to send a user-agent string along with
412 API requests. If ``None``, then default info will be used.
413 Generally, you only need to set this if you're developing
414 your own client library.
416 Raises:
417 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
418 creation failed for any reason.
419 """
420 if isinstance(client_options, dict):
421 client_options = client_options_lib.from_dict(client_options)
422 if client_options is None:
423 client_options = client_options_lib.ClientOptions()
424 client_options = cast(client_options_lib.ClientOptions, client_options)
426 api_endpoint, client_cert_source_func = self.get_mtls_endpoint_and_cert_source(
427 client_options
428 )
430 api_key_value = getattr(client_options, "api_key", None)
431 if api_key_value and credentials:
432 raise ValueError(
433 "client_options.api_key and credentials are mutually exclusive"
434 )
436 # Save or instantiate the transport.
437 # Ordinarily, we provide the transport, but allowing a custom transport
438 # instance provides an extensibility point for unusual situations.
439 if isinstance(transport, SecretManagerServiceTransport):
440 # transport is a SecretManagerServiceTransport instance.
441 if credentials or client_options.credentials_file or api_key_value:
442 raise ValueError(
443 "When providing a transport instance, "
444 "provide its credentials directly."
445 )
446 if client_options.scopes:
447 raise ValueError(
448 "When providing a transport instance, provide its scopes "
449 "directly."
450 )
451 self._transport = transport
452 else:
453 import google.auth._default # type: ignore
455 if api_key_value and hasattr(
456 google.auth._default, "get_api_key_credentials"
457 ):
458 credentials = google.auth._default.get_api_key_credentials(
459 api_key_value
460 )
462 Transport = type(self).get_transport_class(transport)
463 self._transport = Transport(
464 credentials=credentials,
465 credentials_file=client_options.credentials_file,
466 host=api_endpoint,
467 scopes=client_options.scopes,
468 client_cert_source_for_mtls=client_cert_source_func,
469 quota_project_id=client_options.quota_project_id,
470 client_info=client_info,
471 always_use_jwt_access=True,
472 api_audience=client_options.api_audience,
473 )
475 def list_secrets(
476 self,
477 request: Optional[Union[service.ListSecretsRequest, dict]] = None,
478 *,
479 parent: Optional[str] = None,
480 retry: OptionalRetry = gapic_v1.method.DEFAULT,
481 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
482 metadata: Sequence[Tuple[str, str]] = (),
483 ) -> pagers.ListSecretsPager:
484 r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
486 .. code-block:: python
488 # This snippet has been automatically generated and should be regarded as a
489 # code template only.
490 # It will require modifications to work:
491 # - It may require correct/in-range values for request initialization.
492 # - It may require specifying regional endpoints when creating the service
493 # client as shown in:
494 # https://googleapis.dev/python/google-api-core/latest/client_options.html
495 from google.cloud import secretmanager_v1beta1
497 def sample_list_secrets():
498 # Create a client
499 client = secretmanager_v1beta1.SecretManagerServiceClient()
501 # Initialize request argument(s)
502 request = secretmanager_v1beta1.ListSecretsRequest(
503 parent="parent_value",
504 )
506 # Make the request
507 page_result = client.list_secrets(request=request)
509 # Handle the response
510 for response in page_result:
511 print(response)
513 Args:
514 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]):
515 The request object. Request message for
516 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
517 parent (str):
518 Required. The resource name of the project associated
519 with the [Secrets][google.cloud.secrets.v1beta1.Secret],
520 in the format ``projects/*``.
522 This corresponds to the ``parent`` field
523 on the ``request`` instance; if ``request`` is provided, this
524 should not be set.
525 retry (google.api_core.retry.Retry): Designation of what errors, if any,
526 should be retried.
527 timeout (float): The timeout for this request.
528 metadata (Sequence[Tuple[str, str]]): Strings which should be
529 sent along with the request as metadata.
531 Returns:
532 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsPager:
533 Response message for
534 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
536 Iterating over this object will yield results and
537 resolve additional pages automatically.
539 """
540 # Create or coerce a protobuf request object.
541 # Quick check: If we got a request object, we should *not* have
542 # gotten any keyword arguments that map to the request.
543 has_flattened_params = any([parent])
544 if request is not None and has_flattened_params:
545 raise ValueError(
546 "If the `request` argument is set, then none of "
547 "the individual field arguments should be set."
548 )
550 # Minor optimization to avoid making a copy if the user passes
551 # in a service.ListSecretsRequest.
552 # There's no risk of modifying the input as we've already verified
553 # there are no flattened fields.
554 if not isinstance(request, service.ListSecretsRequest):
555 request = service.ListSecretsRequest(request)
556 # If we have keyword arguments corresponding to fields on the
557 # request, apply these.
558 if parent is not None:
559 request.parent = parent
561 # Wrap the RPC method; this adds retry and timeout information,
562 # and friendly error handling.
563 rpc = self._transport._wrapped_methods[self._transport.list_secrets]
565 # Certain fields should be provided within the metadata header;
566 # add these here.
567 metadata = tuple(metadata) + (
568 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
569 )
571 # Send the request.
572 response = rpc(
573 request,
574 retry=retry,
575 timeout=timeout,
576 metadata=metadata,
577 )
579 # This method is paged; wrap the response in a pager, which provides
580 # an `__iter__` convenience method.
581 response = pagers.ListSecretsPager(
582 method=rpc,
583 request=request,
584 response=response,
585 metadata=metadata,
586 )
588 # Done; return the response.
589 return response
591 def create_secret(
592 self,
593 request: Optional[Union[service.CreateSecretRequest, dict]] = None,
594 *,
595 parent: Optional[str] = None,
596 secret_id: Optional[str] = None,
597 secret: Optional[resources.Secret] = None,
598 retry: OptionalRetry = gapic_v1.method.DEFAULT,
599 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
600 metadata: Sequence[Tuple[str, str]] = (),
601 ) -> resources.Secret:
602 r"""Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
603 containing no
604 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
606 .. code-block:: python
608 # This snippet has been automatically generated and should be regarded as a
609 # code template only.
610 # It will require modifications to work:
611 # - It may require correct/in-range values for request initialization.
612 # - It may require specifying regional endpoints when creating the service
613 # client as shown in:
614 # https://googleapis.dev/python/google-api-core/latest/client_options.html
615 from google.cloud import secretmanager_v1beta1
617 def sample_create_secret():
618 # Create a client
619 client = secretmanager_v1beta1.SecretManagerServiceClient()
621 # Initialize request argument(s)
622 request = secretmanager_v1beta1.CreateSecretRequest(
623 parent="parent_value",
624 secret_id="secret_id_value",
625 )
627 # Make the request
628 response = client.create_secret(request=request)
630 # Handle the response
631 print(response)
633 Args:
634 request (Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]):
635 The request object. Request message for
636 [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret].
637 parent (str):
638 Required. The resource name of the project to associate
639 with the [Secret][google.cloud.secrets.v1beta1.Secret],
640 in the format ``projects/*``.
642 This corresponds to the ``parent`` field
643 on the ``request`` instance; if ``request`` is provided, this
644 should not be set.
645 secret_id (str):
646 Required. This must be unique within the project.
648 A secret ID is a string with a maximum length of 255
649 characters and can contain uppercase and lowercase
650 letters, numerals, and the hyphen (``-``) and underscore
651 (``_``) characters.
653 This corresponds to the ``secret_id`` field
654 on the ``request`` instance; if ``request`` is provided, this
655 should not be set.
656 secret (google.cloud.secretmanager_v1beta1.types.Secret):
657 Required. A
658 [Secret][google.cloud.secrets.v1beta1.Secret] with
659 initial field values.
661 This corresponds to the ``secret`` field
662 on the ``request`` instance; if ``request`` is provided, this
663 should not be set.
664 retry (google.api_core.retry.Retry): Designation of what errors, if any,
665 should be retried.
666 timeout (float): The timeout for this request.
667 metadata (Sequence[Tuple[str, str]]): Strings which should be
668 sent along with the request as metadata.
670 Returns:
671 google.cloud.secretmanager_v1beta1.types.Secret:
672 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
673 be accessed.
675 A [Secret][google.cloud.secrets.v1beta1.Secret] is
676 made up of zero or more
677 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
678 that represent the secret data.
680 """
681 # Create or coerce a protobuf request object.
682 # Quick check: If we got a request object, we should *not* have
683 # gotten any keyword arguments that map to the request.
684 has_flattened_params = any([parent, secret_id, secret])
685 if request is not None and has_flattened_params:
686 raise ValueError(
687 "If the `request` argument is set, then none of "
688 "the individual field arguments should be set."
689 )
691 # Minor optimization to avoid making a copy if the user passes
692 # in a service.CreateSecretRequest.
693 # There's no risk of modifying the input as we've already verified
694 # there are no flattened fields.
695 if not isinstance(request, service.CreateSecretRequest):
696 request = service.CreateSecretRequest(request)
697 # If we have keyword arguments corresponding to fields on the
698 # request, apply these.
699 if parent is not None:
700 request.parent = parent
701 if secret_id is not None:
702 request.secret_id = secret_id
703 if secret is not None:
704 request.secret = secret
706 # Wrap the RPC method; this adds retry and timeout information,
707 # and friendly error handling.
708 rpc = self._transport._wrapped_methods[self._transport.create_secret]
710 # Certain fields should be provided within the metadata header;
711 # add these here.
712 metadata = tuple(metadata) + (
713 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
714 )
716 # Send the request.
717 response = rpc(
718 request,
719 retry=retry,
720 timeout=timeout,
721 metadata=metadata,
722 )
724 # Done; return the response.
725 return response
727 def add_secret_version(
728 self,
729 request: Optional[Union[service.AddSecretVersionRequest, dict]] = None,
730 *,
731 parent: Optional[str] = None,
732 payload: Optional[resources.SecretPayload] = None,
733 retry: OptionalRetry = gapic_v1.method.DEFAULT,
734 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
735 metadata: Sequence[Tuple[str, str]] = (),
736 ) -> resources.SecretVersion:
737 r"""Creates a new
738 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
739 containing secret data and attaches it to an existing
740 [Secret][google.cloud.secrets.v1beta1.Secret].
742 .. code-block:: python
744 # This snippet has been automatically generated and should be regarded as a
745 # code template only.
746 # It will require modifications to work:
747 # - It may require correct/in-range values for request initialization.
748 # - It may require specifying regional endpoints when creating the service
749 # client as shown in:
750 # https://googleapis.dev/python/google-api-core/latest/client_options.html
751 from google.cloud import secretmanager_v1beta1
753 def sample_add_secret_version():
754 # Create a client
755 client = secretmanager_v1beta1.SecretManagerServiceClient()
757 # Initialize request argument(s)
758 request = secretmanager_v1beta1.AddSecretVersionRequest(
759 parent="parent_value",
760 )
762 # Make the request
763 response = client.add_secret_version(request=request)
765 # Handle the response
766 print(response)
768 Args:
769 request (Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]):
770 The request object. Request message for
771 [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion].
772 parent (str):
773 Required. The resource name of the
774 [Secret][google.cloud.secrets.v1beta1.Secret] to
775 associate with the
776 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
777 in the format ``projects/*/secrets/*``.
779 This corresponds to the ``parent`` field
780 on the ``request`` instance; if ``request`` is provided, this
781 should not be set.
782 payload (google.cloud.secretmanager_v1beta1.types.SecretPayload):
783 Required. The secret payload of the
784 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
786 This corresponds to the ``payload`` field
787 on the ``request`` instance; if ``request`` is provided, this
788 should not be set.
789 retry (google.api_core.retry.Retry): Designation of what errors, if any,
790 should be retried.
791 timeout (float): The timeout for this request.
792 metadata (Sequence[Tuple[str, str]]): Strings which should be
793 sent along with the request as metadata.
795 Returns:
796 google.cloud.secretmanager_v1beta1.types.SecretVersion:
797 A secret version resource in the
798 Secret Manager API.
800 """
801 # Create or coerce a protobuf request object.
802 # Quick check: If we got a request object, we should *not* have
803 # gotten any keyword arguments that map to the request.
804 has_flattened_params = any([parent, payload])
805 if request is not None and has_flattened_params:
806 raise ValueError(
807 "If the `request` argument is set, then none of "
808 "the individual field arguments should be set."
809 )
811 # Minor optimization to avoid making a copy if the user passes
812 # in a service.AddSecretVersionRequest.
813 # There's no risk of modifying the input as we've already verified
814 # there are no flattened fields.
815 if not isinstance(request, service.AddSecretVersionRequest):
816 request = service.AddSecretVersionRequest(request)
817 # If we have keyword arguments corresponding to fields on the
818 # request, apply these.
819 if parent is not None:
820 request.parent = parent
821 if payload is not None:
822 request.payload = payload
824 # Wrap the RPC method; this adds retry and timeout information,
825 # and friendly error handling.
826 rpc = self._transport._wrapped_methods[self._transport.add_secret_version]
828 # Certain fields should be provided within the metadata header;
829 # add these here.
830 metadata = tuple(metadata) + (
831 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
832 )
834 # Send the request.
835 response = rpc(
836 request,
837 retry=retry,
838 timeout=timeout,
839 metadata=metadata,
840 )
842 # Done; return the response.
843 return response
845 def get_secret(
846 self,
847 request: Optional[Union[service.GetSecretRequest, dict]] = None,
848 *,
849 name: Optional[str] = None,
850 retry: OptionalRetry = gapic_v1.method.DEFAULT,
851 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
852 metadata: Sequence[Tuple[str, str]] = (),
853 ) -> resources.Secret:
854 r"""Gets metadata for a given
855 [Secret][google.cloud.secrets.v1beta1.Secret].
857 .. code-block:: python
859 # This snippet has been automatically generated and should be regarded as a
860 # code template only.
861 # It will require modifications to work:
862 # - It may require correct/in-range values for request initialization.
863 # - It may require specifying regional endpoints when creating the service
864 # client as shown in:
865 # https://googleapis.dev/python/google-api-core/latest/client_options.html
866 from google.cloud import secretmanager_v1beta1
868 def sample_get_secret():
869 # Create a client
870 client = secretmanager_v1beta1.SecretManagerServiceClient()
872 # Initialize request argument(s)
873 request = secretmanager_v1beta1.GetSecretRequest(
874 name="name_value",
875 )
877 # Make the request
878 response = client.get_secret(request=request)
880 # Handle the response
881 print(response)
883 Args:
884 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]):
885 The request object. Request message for
886 [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret].
887 name (str):
888 Required. The resource name of the
889 [Secret][google.cloud.secrets.v1beta1.Secret], in the
890 format ``projects/*/secrets/*``.
892 This corresponds to the ``name`` field
893 on the ``request`` instance; if ``request`` is provided, this
894 should not be set.
895 retry (google.api_core.retry.Retry): Designation of what errors, if any,
896 should be retried.
897 timeout (float): The timeout for this request.
898 metadata (Sequence[Tuple[str, str]]): Strings which should be
899 sent along with the request as metadata.
901 Returns:
902 google.cloud.secretmanager_v1beta1.types.Secret:
903 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
904 be accessed.
906 A [Secret][google.cloud.secrets.v1beta1.Secret] is
907 made up of zero or more
908 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
909 that represent the secret data.
911 """
912 # Create or coerce a protobuf request object.
913 # Quick check: If we got a request object, we should *not* have
914 # gotten any keyword arguments that map to the request.
915 has_flattened_params = any([name])
916 if request is not None and has_flattened_params:
917 raise ValueError(
918 "If the `request` argument is set, then none of "
919 "the individual field arguments should be set."
920 )
922 # Minor optimization to avoid making a copy if the user passes
923 # in a service.GetSecretRequest.
924 # There's no risk of modifying the input as we've already verified
925 # there are no flattened fields.
926 if not isinstance(request, service.GetSecretRequest):
927 request = service.GetSecretRequest(request)
928 # If we have keyword arguments corresponding to fields on the
929 # request, apply these.
930 if name is not None:
931 request.name = name
933 # Wrap the RPC method; this adds retry and timeout information,
934 # and friendly error handling.
935 rpc = self._transport._wrapped_methods[self._transport.get_secret]
937 # Certain fields should be provided within the metadata header;
938 # add these here.
939 metadata = tuple(metadata) + (
940 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
941 )
943 # Send the request.
944 response = rpc(
945 request,
946 retry=retry,
947 timeout=timeout,
948 metadata=metadata,
949 )
951 # Done; return the response.
952 return response
954 def update_secret(
955 self,
956 request: Optional[Union[service.UpdateSecretRequest, dict]] = None,
957 *,
958 secret: Optional[resources.Secret] = None,
959 update_mask: Optional[field_mask_pb2.FieldMask] = None,
960 retry: OptionalRetry = gapic_v1.method.DEFAULT,
961 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
962 metadata: Sequence[Tuple[str, str]] = (),
963 ) -> resources.Secret:
964 r"""Updates metadata of an existing
965 [Secret][google.cloud.secrets.v1beta1.Secret].
967 .. code-block:: python
969 # This snippet has been automatically generated and should be regarded as a
970 # code template only.
971 # It will require modifications to work:
972 # - It may require correct/in-range values for request initialization.
973 # - It may require specifying regional endpoints when creating the service
974 # client as shown in:
975 # https://googleapis.dev/python/google-api-core/latest/client_options.html
976 from google.cloud import secretmanager_v1beta1
978 def sample_update_secret():
979 # Create a client
980 client = secretmanager_v1beta1.SecretManagerServiceClient()
982 # Initialize request argument(s)
983 request = secretmanager_v1beta1.UpdateSecretRequest(
984 )
986 # Make the request
987 response = client.update_secret(request=request)
989 # Handle the response
990 print(response)
992 Args:
993 request (Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]):
994 The request object. Request message for
995 [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret].
996 secret (google.cloud.secretmanager_v1beta1.types.Secret):
997 Required. [Secret][google.cloud.secrets.v1beta1.Secret]
998 with updated field values.
1000 This corresponds to the ``secret`` field
1001 on the ``request`` instance; if ``request`` is provided, this
1002 should not be set.
1003 update_mask (google.protobuf.field_mask_pb2.FieldMask):
1004 Required. Specifies the fields to be
1005 updated.
1007 This corresponds to the ``update_mask`` field
1008 on the ``request`` instance; if ``request`` is provided, this
1009 should not be set.
1010 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1011 should be retried.
1012 timeout (float): The timeout for this request.
1013 metadata (Sequence[Tuple[str, str]]): Strings which should be
1014 sent along with the request as metadata.
1016 Returns:
1017 google.cloud.secretmanager_v1beta1.types.Secret:
1018 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
1019 be accessed.
1021 A [Secret][google.cloud.secrets.v1beta1.Secret] is
1022 made up of zero or more
1023 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1024 that represent the secret data.
1026 """
1027 # Create or coerce a protobuf request object.
1028 # Quick check: If we got a request object, we should *not* have
1029 # gotten any keyword arguments that map to the request.
1030 has_flattened_params = any([secret, update_mask])
1031 if request is not None and has_flattened_params:
1032 raise ValueError(
1033 "If the `request` argument is set, then none of "
1034 "the individual field arguments should be set."
1035 )
1037 # Minor optimization to avoid making a copy if the user passes
1038 # in a service.UpdateSecretRequest.
1039 # There's no risk of modifying the input as we've already verified
1040 # there are no flattened fields.
1041 if not isinstance(request, service.UpdateSecretRequest):
1042 request = service.UpdateSecretRequest(request)
1043 # If we have keyword arguments corresponding to fields on the
1044 # request, apply these.
1045 if secret is not None:
1046 request.secret = secret
1047 if update_mask is not None:
1048 request.update_mask = update_mask
1050 # Wrap the RPC method; this adds retry and timeout information,
1051 # and friendly error handling.
1052 rpc = self._transport._wrapped_methods[self._transport.update_secret]
1054 # Certain fields should be provided within the metadata header;
1055 # add these here.
1056 metadata = tuple(metadata) + (
1057 gapic_v1.routing_header.to_grpc_metadata(
1058 (("secret.name", request.secret.name),)
1059 ),
1060 )
1062 # Send the request.
1063 response = rpc(
1064 request,
1065 retry=retry,
1066 timeout=timeout,
1067 metadata=metadata,
1068 )
1070 # Done; return the response.
1071 return response
1073 def delete_secret(
1074 self,
1075 request: Optional[Union[service.DeleteSecretRequest, dict]] = None,
1076 *,
1077 name: Optional[str] = None,
1078 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1079 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1080 metadata: Sequence[Tuple[str, str]] = (),
1081 ) -> None:
1082 r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
1084 .. code-block:: python
1086 # This snippet has been automatically generated and should be regarded as a
1087 # code template only.
1088 # It will require modifications to work:
1089 # - It may require correct/in-range values for request initialization.
1090 # - It may require specifying regional endpoints when creating the service
1091 # client as shown in:
1092 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1093 from google.cloud import secretmanager_v1beta1
1095 def sample_delete_secret():
1096 # Create a client
1097 client = secretmanager_v1beta1.SecretManagerServiceClient()
1099 # Initialize request argument(s)
1100 request = secretmanager_v1beta1.DeleteSecretRequest(
1101 name="name_value",
1102 )
1104 # Make the request
1105 client.delete_secret(request=request)
1107 Args:
1108 request (Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]):
1109 The request object. Request message for
1110 [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret].
1111 name (str):
1112 Required. The resource name of the
1113 [Secret][google.cloud.secrets.v1beta1.Secret] to delete
1114 in the format ``projects/*/secrets/*``.
1116 This corresponds to the ``name`` field
1117 on the ``request`` instance; if ``request`` is provided, this
1118 should not be set.
1119 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1120 should be retried.
1121 timeout (float): The timeout for this request.
1122 metadata (Sequence[Tuple[str, str]]): Strings which should be
1123 sent along with the request as metadata.
1124 """
1125 # Create or coerce a protobuf request object.
1126 # Quick check: If we got a request object, we should *not* have
1127 # gotten any keyword arguments that map to the request.
1128 has_flattened_params = any([name])
1129 if request is not None and has_flattened_params:
1130 raise ValueError(
1131 "If the `request` argument is set, then none of "
1132 "the individual field arguments should be set."
1133 )
1135 # Minor optimization to avoid making a copy if the user passes
1136 # in a service.DeleteSecretRequest.
1137 # There's no risk of modifying the input as we've already verified
1138 # there are no flattened fields.
1139 if not isinstance(request, service.DeleteSecretRequest):
1140 request = service.DeleteSecretRequest(request)
1141 # If we have keyword arguments corresponding to fields on the
1142 # request, apply these.
1143 if name is not None:
1144 request.name = name
1146 # Wrap the RPC method; this adds retry and timeout information,
1147 # and friendly error handling.
1148 rpc = self._transport._wrapped_methods[self._transport.delete_secret]
1150 # Certain fields should be provided within the metadata header;
1151 # add these here.
1152 metadata = tuple(metadata) + (
1153 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1154 )
1156 # Send the request.
1157 rpc(
1158 request,
1159 retry=retry,
1160 timeout=timeout,
1161 metadata=metadata,
1162 )
1164 def list_secret_versions(
1165 self,
1166 request: Optional[Union[service.ListSecretVersionsRequest, dict]] = None,
1167 *,
1168 parent: Optional[str] = None,
1169 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1170 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1171 metadata: Sequence[Tuple[str, str]] = (),
1172 ) -> pagers.ListSecretVersionsPager:
1173 r"""Lists
1174 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
1175 This call does not return secret data.
1177 .. code-block:: python
1179 # This snippet has been automatically generated and should be regarded as a
1180 # code template only.
1181 # It will require modifications to work:
1182 # - It may require correct/in-range values for request initialization.
1183 # - It may require specifying regional endpoints when creating the service
1184 # client as shown in:
1185 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1186 from google.cloud import secretmanager_v1beta1
1188 def sample_list_secret_versions():
1189 # Create a client
1190 client = secretmanager_v1beta1.SecretManagerServiceClient()
1192 # Initialize request argument(s)
1193 request = secretmanager_v1beta1.ListSecretVersionsRequest(
1194 parent="parent_value",
1195 )
1197 # Make the request
1198 page_result = client.list_secret_versions(request=request)
1200 # Handle the response
1201 for response in page_result:
1202 print(response)
1204 Args:
1205 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]):
1206 The request object. Request message for
1207 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1208 parent (str):
1209 Required. The resource name of the
1210 [Secret][google.cloud.secrets.v1beta1.Secret] associated
1211 with the
1212 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1213 to list, in the format ``projects/*/secrets/*``.
1215 This corresponds to the ``parent`` field
1216 on the ``request`` instance; if ``request`` is provided, this
1217 should not be set.
1218 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1219 should be retried.
1220 timeout (float): The timeout for this request.
1221 metadata (Sequence[Tuple[str, str]]): Strings which should be
1222 sent along with the request as metadata.
1224 Returns:
1225 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsPager:
1226 Response message for
1227 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1229 Iterating over this object will yield results and
1230 resolve additional pages automatically.
1232 """
1233 # Create or coerce a protobuf request object.
1234 # Quick check: If we got a request object, we should *not* have
1235 # gotten any keyword arguments that map to the request.
1236 has_flattened_params = any([parent])
1237 if request is not None and has_flattened_params:
1238 raise ValueError(
1239 "If the `request` argument is set, then none of "
1240 "the individual field arguments should be set."
1241 )
1243 # Minor optimization to avoid making a copy if the user passes
1244 # in a service.ListSecretVersionsRequest.
1245 # There's no risk of modifying the input as we've already verified
1246 # there are no flattened fields.
1247 if not isinstance(request, service.ListSecretVersionsRequest):
1248 request = service.ListSecretVersionsRequest(request)
1249 # If we have keyword arguments corresponding to fields on the
1250 # request, apply these.
1251 if parent is not None:
1252 request.parent = parent
1254 # Wrap the RPC method; this adds retry and timeout information,
1255 # and friendly error handling.
1256 rpc = self._transport._wrapped_methods[self._transport.list_secret_versions]
1258 # Certain fields should be provided within the metadata header;
1259 # add these here.
1260 metadata = tuple(metadata) + (
1261 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1262 )
1264 # Send the request.
1265 response = rpc(
1266 request,
1267 retry=retry,
1268 timeout=timeout,
1269 metadata=metadata,
1270 )
1272 # This method is paged; wrap the response in a pager, which provides
1273 # an `__iter__` convenience method.
1274 response = pagers.ListSecretVersionsPager(
1275 method=rpc,
1276 request=request,
1277 response=response,
1278 metadata=metadata,
1279 )
1281 # Done; return the response.
1282 return response
1284 def get_secret_version(
1285 self,
1286 request: Optional[Union[service.GetSecretVersionRequest, dict]] = None,
1287 *,
1288 name: Optional[str] = None,
1289 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1290 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1291 metadata: Sequence[Tuple[str, str]] = (),
1292 ) -> resources.SecretVersion:
1293 r"""Gets metadata for a
1294 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1296 ``projects/*/secrets/*/versions/latest`` is an alias to the
1297 ``latest``
1298 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1300 .. code-block:: python
1302 # This snippet has been automatically generated and should be regarded as a
1303 # code template only.
1304 # It will require modifications to work:
1305 # - It may require correct/in-range values for request initialization.
1306 # - It may require specifying regional endpoints when creating the service
1307 # client as shown in:
1308 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1309 from google.cloud import secretmanager_v1beta1
1311 def sample_get_secret_version():
1312 # Create a client
1313 client = secretmanager_v1beta1.SecretManagerServiceClient()
1315 # Initialize request argument(s)
1316 request = secretmanager_v1beta1.GetSecretVersionRequest(
1317 name="name_value",
1318 )
1320 # Make the request
1321 response = client.get_secret_version(request=request)
1323 # Handle the response
1324 print(response)
1326 Args:
1327 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]):
1328 The request object. Request message for
1329 [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion].
1330 name (str):
1331 Required. The resource name of the
1332 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1333 in the format ``projects/*/secrets/*/versions/*``.
1334 ``projects/*/secrets/*/versions/latest`` is an alias to
1335 the ``latest``
1336 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1338 This corresponds to the ``name`` field
1339 on the ``request`` instance; if ``request`` is provided, this
1340 should not be set.
1341 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1342 should be retried.
1343 timeout (float): The timeout for this request.
1344 metadata (Sequence[Tuple[str, str]]): Strings which should be
1345 sent along with the request as metadata.
1347 Returns:
1348 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1349 A secret version resource in the
1350 Secret Manager API.
1352 """
1353 # Create or coerce a protobuf request object.
1354 # Quick check: If we got a request object, we should *not* have
1355 # gotten any keyword arguments that map to the request.
1356 has_flattened_params = any([name])
1357 if request is not None and has_flattened_params:
1358 raise ValueError(
1359 "If the `request` argument is set, then none of "
1360 "the individual field arguments should be set."
1361 )
1363 # Minor optimization to avoid making a copy if the user passes
1364 # in a service.GetSecretVersionRequest.
1365 # There's no risk of modifying the input as we've already verified
1366 # there are no flattened fields.
1367 if not isinstance(request, service.GetSecretVersionRequest):
1368 request = service.GetSecretVersionRequest(request)
1369 # If we have keyword arguments corresponding to fields on the
1370 # request, apply these.
1371 if name is not None:
1372 request.name = name
1374 # Wrap the RPC method; this adds retry and timeout information,
1375 # and friendly error handling.
1376 rpc = self._transport._wrapped_methods[self._transport.get_secret_version]
1378 # Certain fields should be provided within the metadata header;
1379 # add these here.
1380 metadata = tuple(metadata) + (
1381 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1382 )
1384 # Send the request.
1385 response = rpc(
1386 request,
1387 retry=retry,
1388 timeout=timeout,
1389 metadata=metadata,
1390 )
1392 # Done; return the response.
1393 return response
1395 def access_secret_version(
1396 self,
1397 request: Optional[Union[service.AccessSecretVersionRequest, dict]] = None,
1398 *,
1399 name: Optional[str] = None,
1400 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1401 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1402 metadata: Sequence[Tuple[str, str]] = (),
1403 ) -> service.AccessSecretVersionResponse:
1404 r"""Accesses a
1405 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1406 This call returns the secret data.
1408 ``projects/*/secrets/*/versions/latest`` is an alias to the
1409 ``latest``
1410 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1412 .. code-block:: python
1414 # This snippet has been automatically generated and should be regarded as a
1415 # code template only.
1416 # It will require modifications to work:
1417 # - It may require correct/in-range values for request initialization.
1418 # - It may require specifying regional endpoints when creating the service
1419 # client as shown in:
1420 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1421 from google.cloud import secretmanager_v1beta1
1423 def sample_access_secret_version():
1424 # Create a client
1425 client = secretmanager_v1beta1.SecretManagerServiceClient()
1427 # Initialize request argument(s)
1428 request = secretmanager_v1beta1.AccessSecretVersionRequest(
1429 name="name_value",
1430 )
1432 # Make the request
1433 response = client.access_secret_version(request=request)
1435 # Handle the response
1436 print(response)
1438 Args:
1439 request (Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]):
1440 The request object. Request message for
1441 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1442 name (str):
1443 Required. The resource name of the
1444 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1445 in the format ``projects/*/secrets/*/versions/*``.
1447 This corresponds to the ``name`` field
1448 on the ``request`` instance; if ``request`` is provided, this
1449 should not be set.
1450 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1451 should be retried.
1452 timeout (float): The timeout for this request.
1453 metadata (Sequence[Tuple[str, str]]): Strings which should be
1454 sent along with the request as metadata.
1456 Returns:
1457 google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse:
1458 Response message for
1459 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1461 """
1462 # Create or coerce a protobuf request object.
1463 # Quick check: If we got a request object, we should *not* have
1464 # gotten any keyword arguments that map to the request.
1465 has_flattened_params = any([name])
1466 if request is not None and has_flattened_params:
1467 raise ValueError(
1468 "If the `request` argument is set, then none of "
1469 "the individual field arguments should be set."
1470 )
1472 # Minor optimization to avoid making a copy if the user passes
1473 # in a service.AccessSecretVersionRequest.
1474 # There's no risk of modifying the input as we've already verified
1475 # there are no flattened fields.
1476 if not isinstance(request, service.AccessSecretVersionRequest):
1477 request = service.AccessSecretVersionRequest(request)
1478 # If we have keyword arguments corresponding to fields on the
1479 # request, apply these.
1480 if name is not None:
1481 request.name = name
1483 # Wrap the RPC method; this adds retry and timeout information,
1484 # and friendly error handling.
1485 rpc = self._transport._wrapped_methods[self._transport.access_secret_version]
1487 # Certain fields should be provided within the metadata header;
1488 # add these here.
1489 metadata = tuple(metadata) + (
1490 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1491 )
1493 # Send the request.
1494 response = rpc(
1495 request,
1496 retry=retry,
1497 timeout=timeout,
1498 metadata=metadata,
1499 )
1501 # Done; return the response.
1502 return response
1504 def disable_secret_version(
1505 self,
1506 request: Optional[Union[service.DisableSecretVersionRequest, dict]] = None,
1507 *,
1508 name: Optional[str] = None,
1509 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1510 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1511 metadata: Sequence[Tuple[str, str]] = (),
1512 ) -> resources.SecretVersion:
1513 r"""Disables a
1514 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1516 Sets the
1517 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1518 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1519 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
1521 .. code-block:: python
1523 # This snippet has been automatically generated and should be regarded as a
1524 # code template only.
1525 # It will require modifications to work:
1526 # - It may require correct/in-range values for request initialization.
1527 # - It may require specifying regional endpoints when creating the service
1528 # client as shown in:
1529 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1530 from google.cloud import secretmanager_v1beta1
1532 def sample_disable_secret_version():
1533 # Create a client
1534 client = secretmanager_v1beta1.SecretManagerServiceClient()
1536 # Initialize request argument(s)
1537 request = secretmanager_v1beta1.DisableSecretVersionRequest(
1538 name="name_value",
1539 )
1541 # Make the request
1542 response = client.disable_secret_version(request=request)
1544 # Handle the response
1545 print(response)
1547 Args:
1548 request (Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]):
1549 The request object. Request message for
1550 [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion].
1551 name (str):
1552 Required. The resource name of the
1553 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1554 to disable in the format
1555 ``projects/*/secrets/*/versions/*``.
1557 This corresponds to the ``name`` field
1558 on the ``request`` instance; if ``request`` is provided, this
1559 should not be set.
1560 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1561 should be retried.
1562 timeout (float): The timeout for this request.
1563 metadata (Sequence[Tuple[str, str]]): Strings which should be
1564 sent along with the request as metadata.
1566 Returns:
1567 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1568 A secret version resource in the
1569 Secret Manager API.
1571 """
1572 # Create or coerce a protobuf request object.
1573 # Quick check: If we got a request object, we should *not* have
1574 # gotten any keyword arguments that map to the request.
1575 has_flattened_params = any([name])
1576 if request is not None and has_flattened_params:
1577 raise ValueError(
1578 "If the `request` argument is set, then none of "
1579 "the individual field arguments should be set."
1580 )
1582 # Minor optimization to avoid making a copy if the user passes
1583 # in a service.DisableSecretVersionRequest.
1584 # There's no risk of modifying the input as we've already verified
1585 # there are no flattened fields.
1586 if not isinstance(request, service.DisableSecretVersionRequest):
1587 request = service.DisableSecretVersionRequest(request)
1588 # If we have keyword arguments corresponding to fields on the
1589 # request, apply these.
1590 if name is not None:
1591 request.name = name
1593 # Wrap the RPC method; this adds retry and timeout information,
1594 # and friendly error handling.
1595 rpc = self._transport._wrapped_methods[self._transport.disable_secret_version]
1597 # Certain fields should be provided within the metadata header;
1598 # add these here.
1599 metadata = tuple(metadata) + (
1600 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1601 )
1603 # Send the request.
1604 response = rpc(
1605 request,
1606 retry=retry,
1607 timeout=timeout,
1608 metadata=metadata,
1609 )
1611 # Done; return the response.
1612 return response
1614 def enable_secret_version(
1615 self,
1616 request: Optional[Union[service.EnableSecretVersionRequest, dict]] = None,
1617 *,
1618 name: Optional[str] = None,
1619 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1620 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1621 metadata: Sequence[Tuple[str, str]] = (),
1622 ) -> resources.SecretVersion:
1623 r"""Enables a
1624 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1626 Sets the
1627 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1628 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1629 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
1631 .. code-block:: python
1633 # This snippet has been automatically generated and should be regarded as a
1634 # code template only.
1635 # It will require modifications to work:
1636 # - It may require correct/in-range values for request initialization.
1637 # - It may require specifying regional endpoints when creating the service
1638 # client as shown in:
1639 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1640 from google.cloud import secretmanager_v1beta1
1642 def sample_enable_secret_version():
1643 # Create a client
1644 client = secretmanager_v1beta1.SecretManagerServiceClient()
1646 # Initialize request argument(s)
1647 request = secretmanager_v1beta1.EnableSecretVersionRequest(
1648 name="name_value",
1649 )
1651 # Make the request
1652 response = client.enable_secret_version(request=request)
1654 # Handle the response
1655 print(response)
1657 Args:
1658 request (Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]):
1659 The request object. Request message for
1660 [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion].
1661 name (str):
1662 Required. The resource name of the
1663 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1664 to enable in the format
1665 ``projects/*/secrets/*/versions/*``.
1667 This corresponds to the ``name`` field
1668 on the ``request`` instance; if ``request`` is provided, this
1669 should not be set.
1670 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1671 should be retried.
1672 timeout (float): The timeout for this request.
1673 metadata (Sequence[Tuple[str, str]]): Strings which should be
1674 sent along with the request as metadata.
1676 Returns:
1677 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1678 A secret version resource in the
1679 Secret Manager API.
1681 """
1682 # Create or coerce a protobuf request object.
1683 # Quick check: If we got a request object, we should *not* have
1684 # gotten any keyword arguments that map to the request.
1685 has_flattened_params = any([name])
1686 if request is not None and has_flattened_params:
1687 raise ValueError(
1688 "If the `request` argument is set, then none of "
1689 "the individual field arguments should be set."
1690 )
1692 # Minor optimization to avoid making a copy if the user passes
1693 # in a service.EnableSecretVersionRequest.
1694 # There's no risk of modifying the input as we've already verified
1695 # there are no flattened fields.
1696 if not isinstance(request, service.EnableSecretVersionRequest):
1697 request = service.EnableSecretVersionRequest(request)
1698 # If we have keyword arguments corresponding to fields on the
1699 # request, apply these.
1700 if name is not None:
1701 request.name = name
1703 # Wrap the RPC method; this adds retry and timeout information,
1704 # and friendly error handling.
1705 rpc = self._transport._wrapped_methods[self._transport.enable_secret_version]
1707 # Certain fields should be provided within the metadata header;
1708 # add these here.
1709 metadata = tuple(metadata) + (
1710 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1711 )
1713 # Send the request.
1714 response = rpc(
1715 request,
1716 retry=retry,
1717 timeout=timeout,
1718 metadata=metadata,
1719 )
1721 # Done; return the response.
1722 return response
1724 def destroy_secret_version(
1725 self,
1726 request: Optional[Union[service.DestroySecretVersionRequest, dict]] = None,
1727 *,
1728 name: Optional[str] = None,
1729 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1730 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1731 metadata: Sequence[Tuple[str, str]] = (),
1732 ) -> resources.SecretVersion:
1733 r"""Destroys a
1734 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1736 Sets the
1737 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1738 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1739 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
1740 and irrevocably destroys the secret data.
1742 .. code-block:: python
1744 # This snippet has been automatically generated and should be regarded as a
1745 # code template only.
1746 # It will require modifications to work:
1747 # - It may require correct/in-range values for request initialization.
1748 # - It may require specifying regional endpoints when creating the service
1749 # client as shown in:
1750 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1751 from google.cloud import secretmanager_v1beta1
1753 def sample_destroy_secret_version():
1754 # Create a client
1755 client = secretmanager_v1beta1.SecretManagerServiceClient()
1757 # Initialize request argument(s)
1758 request = secretmanager_v1beta1.DestroySecretVersionRequest(
1759 name="name_value",
1760 )
1762 # Make the request
1763 response = client.destroy_secret_version(request=request)
1765 # Handle the response
1766 print(response)
1768 Args:
1769 request (Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]):
1770 The request object. Request message for
1771 [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion].
1772 name (str):
1773 Required. The resource name of the
1774 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1775 to destroy in the format
1776 ``projects/*/secrets/*/versions/*``.
1778 This corresponds to the ``name`` field
1779 on the ``request`` instance; if ``request`` is provided, this
1780 should not be set.
1781 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1782 should be retried.
1783 timeout (float): The timeout for this request.
1784 metadata (Sequence[Tuple[str, str]]): Strings which should be
1785 sent along with the request as metadata.
1787 Returns:
1788 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1789 A secret version resource in the
1790 Secret Manager API.
1792 """
1793 # Create or coerce a protobuf request object.
1794 # Quick check: If we got a request object, we should *not* have
1795 # gotten any keyword arguments that map to the request.
1796 has_flattened_params = any([name])
1797 if request is not None and has_flattened_params:
1798 raise ValueError(
1799 "If the `request` argument is set, then none of "
1800 "the individual field arguments should be set."
1801 )
1803 # Minor optimization to avoid making a copy if the user passes
1804 # in a service.DestroySecretVersionRequest.
1805 # There's no risk of modifying the input as we've already verified
1806 # there are no flattened fields.
1807 if not isinstance(request, service.DestroySecretVersionRequest):
1808 request = service.DestroySecretVersionRequest(request)
1809 # If we have keyword arguments corresponding to fields on the
1810 # request, apply these.
1811 if name is not None:
1812 request.name = name
1814 # Wrap the RPC method; this adds retry and timeout information,
1815 # and friendly error handling.
1816 rpc = self._transport._wrapped_methods[self._transport.destroy_secret_version]
1818 # Certain fields should be provided within the metadata header;
1819 # add these here.
1820 metadata = tuple(metadata) + (
1821 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1822 )
1824 # Send the request.
1825 response = rpc(
1826 request,
1827 retry=retry,
1828 timeout=timeout,
1829 metadata=metadata,
1830 )
1832 # Done; return the response.
1833 return response
1835 def set_iam_policy(
1836 self,
1837 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None,
1838 *,
1839 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1840 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1841 metadata: Sequence[Tuple[str, str]] = (),
1842 ) -> policy_pb2.Policy:
1843 r"""Sets the access control policy on the specified secret. Replaces
1844 any existing policy.
1846 Permissions on
1847 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
1848 enforced according to the policy set on the associated
1849 [Secret][google.cloud.secrets.v1beta1.Secret].
1851 .. code-block:: python
1853 # This snippet has been automatically generated and should be regarded as a
1854 # code template only.
1855 # It will require modifications to work:
1856 # - It may require correct/in-range values for request initialization.
1857 # - It may require specifying regional endpoints when creating the service
1858 # client as shown in:
1859 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1860 from google.cloud import secretmanager_v1beta1
1861 from google.iam.v1 import iam_policy_pb2 # type: ignore
1863 def sample_set_iam_policy():
1864 # Create a client
1865 client = secretmanager_v1beta1.SecretManagerServiceClient()
1867 # Initialize request argument(s)
1868 request = iam_policy_pb2.SetIamPolicyRequest(
1869 resource="resource_value",
1870 )
1872 # Make the request
1873 response = client.set_iam_policy(request=request)
1875 # Handle the response
1876 print(response)
1878 Args:
1879 request (Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]):
1880 The request object. Request message for ``SetIamPolicy`` method.
1881 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1882 should be retried.
1883 timeout (float): The timeout for this request.
1884 metadata (Sequence[Tuple[str, str]]): Strings which should be
1885 sent along with the request as metadata.
1887 Returns:
1888 google.iam.v1.policy_pb2.Policy:
1889 An Identity and Access Management (IAM) policy, which specifies access
1890 controls for Google Cloud resources.
1892 A Policy is a collection of bindings. A binding binds
1893 one or more members, or principals, to a single role.
1894 Principals can be user accounts, service accounts,
1895 Google groups, and domains (such as G Suite). A role
1896 is a named list of permissions; each role can be an
1897 IAM predefined role or a user-created custom role.
1899 For some types of Google Cloud resources, a binding
1900 can also specify a condition, which is a logical
1901 expression that allows access to a resource only if
1902 the expression evaluates to true. A condition can add
1903 constraints based on attributes of the request, the
1904 resource, or both. To learn which resources support
1905 conditions in their IAM policies, see the [IAM
1906 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
1908 **JSON example:**
1910 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
1912 **YAML example:**
1914 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
1916 For a description of IAM and its features, see the
1917 [IAM
1918 documentation](\ https://cloud.google.com/iam/docs/).
1920 """
1921 # Create or coerce a protobuf request object.
1922 if isinstance(request, dict):
1923 # The request isn't a proto-plus wrapped type,
1924 # so it must be constructed via keyword expansion.
1925 request = iam_policy_pb2.SetIamPolicyRequest(**request)
1926 elif not request:
1927 # Null request, just make one.
1928 request = iam_policy_pb2.SetIamPolicyRequest()
1930 # Wrap the RPC method; this adds retry and timeout information,
1931 # and friendly error handling.
1932 rpc = self._transport._wrapped_methods[self._transport.set_iam_policy]
1934 # Certain fields should be provided within the metadata header;
1935 # add these here.
1936 metadata = tuple(metadata) + (
1937 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
1938 )
1940 # Send the request.
1941 response = rpc(
1942 request,
1943 retry=retry,
1944 timeout=timeout,
1945 metadata=metadata,
1946 )
1948 # Done; return the response.
1949 return response
1951 def get_iam_policy(
1952 self,
1953 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None,
1954 *,
1955 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1956 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1957 metadata: Sequence[Tuple[str, str]] = (),
1958 ) -> policy_pb2.Policy:
1959 r"""Gets the access control policy for a secret.
1960 Returns empty policy if the secret exists and does not
1961 have a policy set.
1963 .. code-block:: python
1965 # This snippet has been automatically generated and should be regarded as a
1966 # code template only.
1967 # It will require modifications to work:
1968 # - It may require correct/in-range values for request initialization.
1969 # - It may require specifying regional endpoints when creating the service
1970 # client as shown in:
1971 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1972 from google.cloud import secretmanager_v1beta1
1973 from google.iam.v1 import iam_policy_pb2 # type: ignore
1975 def sample_get_iam_policy():
1976 # Create a client
1977 client = secretmanager_v1beta1.SecretManagerServiceClient()
1979 # Initialize request argument(s)
1980 request = iam_policy_pb2.GetIamPolicyRequest(
1981 resource="resource_value",
1982 )
1984 # Make the request
1985 response = client.get_iam_policy(request=request)
1987 # Handle the response
1988 print(response)
1990 Args:
1991 request (Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]):
1992 The request object. Request message for ``GetIamPolicy`` method.
1993 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1994 should be retried.
1995 timeout (float): The timeout for this request.
1996 metadata (Sequence[Tuple[str, str]]): Strings which should be
1997 sent along with the request as metadata.
1999 Returns:
2000 google.iam.v1.policy_pb2.Policy:
2001 An Identity and Access Management (IAM) policy, which specifies access
2002 controls for Google Cloud resources.
2004 A Policy is a collection of bindings. A binding binds
2005 one or more members, or principals, to a single role.
2006 Principals can be user accounts, service accounts,
2007 Google groups, and domains (such as G Suite). A role
2008 is a named list of permissions; each role can be an
2009 IAM predefined role or a user-created custom role.
2011 For some types of Google Cloud resources, a binding
2012 can also specify a condition, which is a logical
2013 expression that allows access to a resource only if
2014 the expression evaluates to true. A condition can add
2015 constraints based on attributes of the request, the
2016 resource, or both. To learn which resources support
2017 conditions in their IAM policies, see the [IAM
2018 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
2020 **JSON example:**
2022 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
2024 **YAML example:**
2026 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
2028 For a description of IAM and its features, see the
2029 [IAM
2030 documentation](\ https://cloud.google.com/iam/docs/).
2032 """
2033 # Create or coerce a protobuf request object.
2034 if isinstance(request, dict):
2035 # The request isn't a proto-plus wrapped type,
2036 # so it must be constructed via keyword expansion.
2037 request = iam_policy_pb2.GetIamPolicyRequest(**request)
2038 elif not request:
2039 # Null request, just make one.
2040 request = iam_policy_pb2.GetIamPolicyRequest()
2042 # Wrap the RPC method; this adds retry and timeout information,
2043 # and friendly error handling.
2044 rpc = self._transport._wrapped_methods[self._transport.get_iam_policy]
2046 # Certain fields should be provided within the metadata header;
2047 # add these here.
2048 metadata = tuple(metadata) + (
2049 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2050 )
2052 # Send the request.
2053 response = rpc(
2054 request,
2055 retry=retry,
2056 timeout=timeout,
2057 metadata=metadata,
2058 )
2060 # Done; return the response.
2061 return response
2063 def test_iam_permissions(
2064 self,
2065 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None,
2066 *,
2067 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2068 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2069 metadata: Sequence[Tuple[str, str]] = (),
2070 ) -> iam_policy_pb2.TestIamPermissionsResponse:
2071 r"""Returns permissions that a caller has for the specified secret.
2072 If the secret does not exist, this call returns an empty set of
2073 permissions, not a NOT_FOUND error.
2075 Note: This operation is designed to be used for building
2076 permission-aware UIs and command-line tools, not for
2077 authorization checking. This operation may "fail open" without
2078 warning.
2080 .. code-block:: python
2082 # This snippet has been automatically generated and should be regarded as a
2083 # code template only.
2084 # It will require modifications to work:
2085 # - It may require correct/in-range values for request initialization.
2086 # - It may require specifying regional endpoints when creating the service
2087 # client as shown in:
2088 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2089 from google.cloud import secretmanager_v1beta1
2090 from google.iam.v1 import iam_policy_pb2 # type: ignore
2092 def sample_test_iam_permissions():
2093 # Create a client
2094 client = secretmanager_v1beta1.SecretManagerServiceClient()
2096 # Initialize request argument(s)
2097 request = iam_policy_pb2.TestIamPermissionsRequest(
2098 resource="resource_value",
2099 permissions=['permissions_value1', 'permissions_value2'],
2100 )
2102 # Make the request
2103 response = client.test_iam_permissions(request=request)
2105 # Handle the response
2106 print(response)
2108 Args:
2109 request (Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]):
2110 The request object. Request message for ``TestIamPermissions`` method.
2111 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2112 should be retried.
2113 timeout (float): The timeout for this request.
2114 metadata (Sequence[Tuple[str, str]]): Strings which should be
2115 sent along with the request as metadata.
2117 Returns:
2118 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
2119 Response message for TestIamPermissions method.
2120 """
2121 # Create or coerce a protobuf request object.
2122 if isinstance(request, dict):
2123 # The request isn't a proto-plus wrapped type,
2124 # so it must be constructed via keyword expansion.
2125 request = iam_policy_pb2.TestIamPermissionsRequest(**request)
2126 elif not request:
2127 # Null request, just make one.
2128 request = iam_policy_pb2.TestIamPermissionsRequest()
2130 # Wrap the RPC method; this adds retry and timeout information,
2131 # and friendly error handling.
2132 rpc = self._transport._wrapped_methods[self._transport.test_iam_permissions]
2134 # Certain fields should be provided within the metadata header;
2135 # add these here.
2136 metadata = tuple(metadata) + (
2137 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2138 )
2140 # Send the request.
2141 response = rpc(
2142 request,
2143 retry=retry,
2144 timeout=timeout,
2145 metadata=metadata,
2146 )
2148 # Done; return the response.
2149 return response
2151 def __enter__(self) -> "SecretManagerServiceClient":
2152 return self
2154 def __exit__(self, type, value, traceback):
2155 """Releases underlying transport's resources.
2157 .. warning::
2158 ONLY use as a context manager if the transport is NOT shared
2159 with other clients! Exiting the with block will CLOSE the transport
2160 and may cause errors in other clients!
2161 """
2162 self.transport.close()
2165DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
2166 gapic_version=package_version.__version__
2167)
2170__all__ = ("SecretManagerServiceClient",)