1# -*- coding: utf-8 -*-
2# Copyright 2023 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
17import warnings
18
19from google.api_core import gapic_v1, grpc_helpers_async
20from google.auth import credentials as ga_credentials # type: ignore
21from google.auth.transport.grpc import SslCredentials # type: ignore
22from google.iam.v1 import iam_policy_pb2 # type: ignore
23from google.iam.v1 import policy_pb2 # type: ignore
24from google.protobuf import empty_pb2 # type: ignore
25import grpc # type: ignore
26from grpc.experimental import aio # type: ignore
27
28from google.cloud.secretmanager_v1beta1.types import resources, service
29
30from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
31from .grpc import SecretManagerServiceGrpcTransport
32
33
34class SecretManagerServiceGrpcAsyncIOTransport(SecretManagerServiceTransport):
35 """gRPC AsyncIO backend transport for SecretManagerService.
36
37 Secret Manager Service
38
39 Manages secrets and operations using those secrets. Implements a
40 REST model with the following objects:
41
42 - [Secret][google.cloud.secrets.v1beta1.Secret]
43 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
44
45 This class defines the same methods as the primary client, so the
46 primary client can load the underlying transport implementation
47 and call it.
48
49 It sends protocol buffers over the wire using gRPC (which is built on
50 top of HTTP/2); the ``grpcio`` package must be installed.
51 """
52
53 _grpc_channel: aio.Channel
54 _stubs: Dict[str, Callable] = {}
55
56 @classmethod
57 def create_channel(
58 cls,
59 host: str = "secretmanager.googleapis.com",
60 credentials: Optional[ga_credentials.Credentials] = None,
61 credentials_file: Optional[str] = None,
62 scopes: Optional[Sequence[str]] = None,
63 quota_project_id: Optional[str] = None,
64 **kwargs,
65 ) -> aio.Channel:
66 """Create and return a gRPC AsyncIO channel object.
67 Args:
68 host (Optional[str]): The host for the channel to use.
69 credentials (Optional[~.Credentials]): The
70 authorization credentials to attach to requests. These
71 credentials identify this application to the service. If
72 none are specified, the client will attempt to ascertain
73 the credentials from the environment.
74 credentials_file (Optional[str]): A file with credentials that can
75 be loaded with :func:`google.auth.load_credentials_from_file`.
76 This argument is ignored if ``channel`` is provided.
77 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
78 service. These are only used when credentials are not specified and
79 are passed to :func:`google.auth.default`.
80 quota_project_id (Optional[str]): An optional project to use for billing
81 and quota.
82 kwargs (Optional[dict]): Keyword arguments, which are passed to the
83 channel creation.
84 Returns:
85 aio.Channel: A gRPC AsyncIO channel object.
86 """
87
88 return grpc_helpers_async.create_channel(
89 host,
90 credentials=credentials,
91 credentials_file=credentials_file,
92 quota_project_id=quota_project_id,
93 default_scopes=cls.AUTH_SCOPES,
94 scopes=scopes,
95 default_host=cls.DEFAULT_HOST,
96 **kwargs,
97 )
98
99 def __init__(
100 self,
101 *,
102 host: str = "secretmanager.googleapis.com",
103 credentials: Optional[ga_credentials.Credentials] = None,
104 credentials_file: Optional[str] = None,
105 scopes: Optional[Sequence[str]] = None,
106 channel: Optional[aio.Channel] = None,
107 api_mtls_endpoint: Optional[str] = None,
108 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
109 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
110 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
111 quota_project_id: Optional[str] = None,
112 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
113 always_use_jwt_access: Optional[bool] = False,
114 api_audience: Optional[str] = None,
115 ) -> None:
116 """Instantiate the transport.
117
118 Args:
119 host (Optional[str]):
120 The hostname to connect to.
121 credentials (Optional[google.auth.credentials.Credentials]): The
122 authorization credentials to attach to requests. These
123 credentials identify the application to the service; if none
124 are specified, the client will attempt to ascertain the
125 credentials from the environment.
126 This argument is ignored if ``channel`` is provided.
127 credentials_file (Optional[str]): A file with credentials that can
128 be loaded with :func:`google.auth.load_credentials_from_file`.
129 This argument is ignored if ``channel`` is provided.
130 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
131 service. These are only used when credentials are not specified and
132 are passed to :func:`google.auth.default`.
133 channel (Optional[aio.Channel]): A ``Channel`` instance through
134 which to make calls.
135 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
136 If provided, it overrides the ``host`` argument and tries to create
137 a mutual TLS channel with client SSL credentials from
138 ``client_cert_source`` or application default SSL credentials.
139 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
140 Deprecated. A callback to provide client SSL certificate bytes and
141 private key bytes, both in PEM format. It is ignored if
142 ``api_mtls_endpoint`` is None.
143 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
144 for the grpc channel. It is ignored if ``channel`` is provided.
145 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
146 A callback to provide client certificate bytes and private key bytes,
147 both in PEM format. It is used to configure a mutual TLS channel. It is
148 ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
149 quota_project_id (Optional[str]): An optional project to use for billing
150 and quota.
151 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
152 The client info used to send a user-agent string along with
153 API requests. If ``None``, then default info will be used.
154 Generally, you only need to set this if you're developing
155 your own client library.
156 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
157 be used for service account credentials.
158
159 Raises:
160 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
161 creation failed for any reason.
162 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
163 and ``credentials_file`` are passed.
164 """
165 self._grpc_channel = None
166 self._ssl_channel_credentials = ssl_channel_credentials
167 self._stubs: Dict[str, Callable] = {}
168
169 if api_mtls_endpoint:
170 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
171 if client_cert_source:
172 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
173
174 if channel:
175 # Ignore credentials if a channel was passed.
176 credentials = False
177 # If a channel was explicitly provided, set it.
178 self._grpc_channel = channel
179 self._ssl_channel_credentials = None
180 else:
181 if api_mtls_endpoint:
182 host = api_mtls_endpoint
183
184 # Create SSL credentials with client_cert_source or application
185 # default SSL credentials.
186 if client_cert_source:
187 cert, key = client_cert_source()
188 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
189 certificate_chain=cert, private_key=key
190 )
191 else:
192 self._ssl_channel_credentials = SslCredentials().ssl_credentials
193
194 else:
195 if client_cert_source_for_mtls and not ssl_channel_credentials:
196 cert, key = client_cert_source_for_mtls()
197 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
198 certificate_chain=cert, private_key=key
199 )
200
201 # The base transport sets the host, credentials and scopes
202 super().__init__(
203 host=host,
204 credentials=credentials,
205 credentials_file=credentials_file,
206 scopes=scopes,
207 quota_project_id=quota_project_id,
208 client_info=client_info,
209 always_use_jwt_access=always_use_jwt_access,
210 api_audience=api_audience,
211 )
212
213 if not self._grpc_channel:
214 self._grpc_channel = type(self).create_channel(
215 self._host,
216 # use the credentials which are saved
217 credentials=self._credentials,
218 # Set ``credentials_file`` to ``None`` here as
219 # the credentials that we saved earlier should be used.
220 credentials_file=None,
221 scopes=self._scopes,
222 ssl_credentials=self._ssl_channel_credentials,
223 quota_project_id=quota_project_id,
224 options=[
225 ("grpc.max_send_message_length", -1),
226 ("grpc.max_receive_message_length", -1),
227 ],
228 )
229
230 # Wrap messages. This must be done after self._grpc_channel exists
231 self._prep_wrapped_messages(client_info)
232
233 @property
234 def grpc_channel(self) -> aio.Channel:
235 """Create the channel designed to connect to this service.
236
237 This property caches on the instance; repeated calls return
238 the same channel.
239 """
240 # Return the channel from cache.
241 return self._grpc_channel
242
243 @property
244 def list_secrets(
245 self,
246 ) -> Callable[[service.ListSecretsRequest], Awaitable[service.ListSecretsResponse]]:
247 r"""Return a callable for the list secrets method over gRPC.
248
249 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
250
251 Returns:
252 Callable[[~.ListSecretsRequest],
253 Awaitable[~.ListSecretsResponse]]:
254 A function that, when called, will call the underlying RPC
255 on the server.
256 """
257 # Generate a "stub function" on-the-fly which will actually make
258 # the request.
259 # gRPC handles serialization and deserialization, so we just need
260 # to pass in the functions for each.
261 if "list_secrets" not in self._stubs:
262 self._stubs["list_secrets"] = self.grpc_channel.unary_unary(
263 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
264 request_serializer=service.ListSecretsRequest.serialize,
265 response_deserializer=service.ListSecretsResponse.deserialize,
266 )
267 return self._stubs["list_secrets"]
268
269 @property
270 def create_secret(
271 self,
272 ) -> Callable[[service.CreateSecretRequest], Awaitable[resources.Secret]]:
273 r"""Return a callable for the create secret method over gRPC.
274
275 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
276 containing no
277 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
278
279 Returns:
280 Callable[[~.CreateSecretRequest],
281 Awaitable[~.Secret]]:
282 A function that, when called, will call the underlying RPC
283 on the server.
284 """
285 # Generate a "stub function" on-the-fly which will actually make
286 # the request.
287 # gRPC handles serialization and deserialization, so we just need
288 # to pass in the functions for each.
289 if "create_secret" not in self._stubs:
290 self._stubs["create_secret"] = self.grpc_channel.unary_unary(
291 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
292 request_serializer=service.CreateSecretRequest.serialize,
293 response_deserializer=resources.Secret.deserialize,
294 )
295 return self._stubs["create_secret"]
296
297 @property
298 def add_secret_version(
299 self,
300 ) -> Callable[
301 [service.AddSecretVersionRequest], Awaitable[resources.SecretVersion]
302 ]:
303 r"""Return a callable for the add secret version method over gRPC.
304
305 Creates a new
306 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
307 containing secret data and attaches it to an existing
308 [Secret][google.cloud.secrets.v1beta1.Secret].
309
310 Returns:
311 Callable[[~.AddSecretVersionRequest],
312 Awaitable[~.SecretVersion]]:
313 A function that, when called, will call the underlying RPC
314 on the server.
315 """
316 # Generate a "stub function" on-the-fly which will actually make
317 # the request.
318 # gRPC handles serialization and deserialization, so we just need
319 # to pass in the functions for each.
320 if "add_secret_version" not in self._stubs:
321 self._stubs["add_secret_version"] = self.grpc_channel.unary_unary(
322 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
323 request_serializer=service.AddSecretVersionRequest.serialize,
324 response_deserializer=resources.SecretVersion.deserialize,
325 )
326 return self._stubs["add_secret_version"]
327
328 @property
329 def get_secret(
330 self,
331 ) -> Callable[[service.GetSecretRequest], Awaitable[resources.Secret]]:
332 r"""Return a callable for the get secret method over gRPC.
333
334 Gets metadata for a given
335 [Secret][google.cloud.secrets.v1beta1.Secret].
336
337 Returns:
338 Callable[[~.GetSecretRequest],
339 Awaitable[~.Secret]]:
340 A function that, when called, will call the underlying RPC
341 on the server.
342 """
343 # Generate a "stub function" on-the-fly which will actually make
344 # the request.
345 # gRPC handles serialization and deserialization, so we just need
346 # to pass in the functions for each.
347 if "get_secret" not in self._stubs:
348 self._stubs["get_secret"] = self.grpc_channel.unary_unary(
349 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
350 request_serializer=service.GetSecretRequest.serialize,
351 response_deserializer=resources.Secret.deserialize,
352 )
353 return self._stubs["get_secret"]
354
355 @property
356 def update_secret(
357 self,
358 ) -> Callable[[service.UpdateSecretRequest], Awaitable[resources.Secret]]:
359 r"""Return a callable for the update secret method over gRPC.
360
361 Updates metadata of an existing
362 [Secret][google.cloud.secrets.v1beta1.Secret].
363
364 Returns:
365 Callable[[~.UpdateSecretRequest],
366 Awaitable[~.Secret]]:
367 A function that, when called, will call the underlying RPC
368 on the server.
369 """
370 # Generate a "stub function" on-the-fly which will actually make
371 # the request.
372 # gRPC handles serialization and deserialization, so we just need
373 # to pass in the functions for each.
374 if "update_secret" not in self._stubs:
375 self._stubs["update_secret"] = self.grpc_channel.unary_unary(
376 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
377 request_serializer=service.UpdateSecretRequest.serialize,
378 response_deserializer=resources.Secret.deserialize,
379 )
380 return self._stubs["update_secret"]
381
382 @property
383 def delete_secret(
384 self,
385 ) -> Callable[[service.DeleteSecretRequest], Awaitable[empty_pb2.Empty]]:
386 r"""Return a callable for the delete secret method over gRPC.
387
388 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
389
390 Returns:
391 Callable[[~.DeleteSecretRequest],
392 Awaitable[~.Empty]]:
393 A function that, when called, will call the underlying RPC
394 on the server.
395 """
396 # Generate a "stub function" on-the-fly which will actually make
397 # the request.
398 # gRPC handles serialization and deserialization, so we just need
399 # to pass in the functions for each.
400 if "delete_secret" not in self._stubs:
401 self._stubs["delete_secret"] = self.grpc_channel.unary_unary(
402 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
403 request_serializer=service.DeleteSecretRequest.serialize,
404 response_deserializer=empty_pb2.Empty.FromString,
405 )
406 return self._stubs["delete_secret"]
407
408 @property
409 def list_secret_versions(
410 self,
411 ) -> Callable[
412 [service.ListSecretVersionsRequest],
413 Awaitable[service.ListSecretVersionsResponse],
414 ]:
415 r"""Return a callable for the list secret versions method over gRPC.
416
417 Lists
418 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
419 This call does not return secret data.
420
421 Returns:
422 Callable[[~.ListSecretVersionsRequest],
423 Awaitable[~.ListSecretVersionsResponse]]:
424 A function that, when called, will call the underlying RPC
425 on the server.
426 """
427 # Generate a "stub function" on-the-fly which will actually make
428 # the request.
429 # gRPC handles serialization and deserialization, so we just need
430 # to pass in the functions for each.
431 if "list_secret_versions" not in self._stubs:
432 self._stubs["list_secret_versions"] = self.grpc_channel.unary_unary(
433 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
434 request_serializer=service.ListSecretVersionsRequest.serialize,
435 response_deserializer=service.ListSecretVersionsResponse.deserialize,
436 )
437 return self._stubs["list_secret_versions"]
438
439 @property
440 def get_secret_version(
441 self,
442 ) -> Callable[
443 [service.GetSecretVersionRequest], Awaitable[resources.SecretVersion]
444 ]:
445 r"""Return a callable for the get secret version method over gRPC.
446
447 Gets metadata for a
448 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
449
450 ``projects/*/secrets/*/versions/latest`` is an alias to the
451 ``latest``
452 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
453
454 Returns:
455 Callable[[~.GetSecretVersionRequest],
456 Awaitable[~.SecretVersion]]:
457 A function that, when called, will call the underlying RPC
458 on the server.
459 """
460 # Generate a "stub function" on-the-fly which will actually make
461 # the request.
462 # gRPC handles serialization and deserialization, so we just need
463 # to pass in the functions for each.
464 if "get_secret_version" not in self._stubs:
465 self._stubs["get_secret_version"] = self.grpc_channel.unary_unary(
466 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
467 request_serializer=service.GetSecretVersionRequest.serialize,
468 response_deserializer=resources.SecretVersion.deserialize,
469 )
470 return self._stubs["get_secret_version"]
471
472 @property
473 def access_secret_version(
474 self,
475 ) -> Callable[
476 [service.AccessSecretVersionRequest],
477 Awaitable[service.AccessSecretVersionResponse],
478 ]:
479 r"""Return a callable for the access secret version method over gRPC.
480
481 Accesses a
482 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
483 This call returns the secret data.
484
485 ``projects/*/secrets/*/versions/latest`` is an alias to the
486 ``latest``
487 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
488
489 Returns:
490 Callable[[~.AccessSecretVersionRequest],
491 Awaitable[~.AccessSecretVersionResponse]]:
492 A function that, when called, will call the underlying RPC
493 on the server.
494 """
495 # Generate a "stub function" on-the-fly which will actually make
496 # the request.
497 # gRPC handles serialization and deserialization, so we just need
498 # to pass in the functions for each.
499 if "access_secret_version" not in self._stubs:
500 self._stubs["access_secret_version"] = self.grpc_channel.unary_unary(
501 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
502 request_serializer=service.AccessSecretVersionRequest.serialize,
503 response_deserializer=service.AccessSecretVersionResponse.deserialize,
504 )
505 return self._stubs["access_secret_version"]
506
507 @property
508 def disable_secret_version(
509 self,
510 ) -> Callable[
511 [service.DisableSecretVersionRequest], Awaitable[resources.SecretVersion]
512 ]:
513 r"""Return a callable for the disable secret version method over gRPC.
514
515 Disables a
516 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
517
518 Sets the
519 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
520 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
521 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
522
523 Returns:
524 Callable[[~.DisableSecretVersionRequest],
525 Awaitable[~.SecretVersion]]:
526 A function that, when called, will call the underlying RPC
527 on the server.
528 """
529 # Generate a "stub function" on-the-fly which will actually make
530 # the request.
531 # gRPC handles serialization and deserialization, so we just need
532 # to pass in the functions for each.
533 if "disable_secret_version" not in self._stubs:
534 self._stubs["disable_secret_version"] = self.grpc_channel.unary_unary(
535 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
536 request_serializer=service.DisableSecretVersionRequest.serialize,
537 response_deserializer=resources.SecretVersion.deserialize,
538 )
539 return self._stubs["disable_secret_version"]
540
541 @property
542 def enable_secret_version(
543 self,
544 ) -> Callable[
545 [service.EnableSecretVersionRequest], Awaitable[resources.SecretVersion]
546 ]:
547 r"""Return a callable for the enable secret version method over gRPC.
548
549 Enables a
550 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
551
552 Sets the
553 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
554 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
555 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
556
557 Returns:
558 Callable[[~.EnableSecretVersionRequest],
559 Awaitable[~.SecretVersion]]:
560 A function that, when called, will call the underlying RPC
561 on the server.
562 """
563 # Generate a "stub function" on-the-fly which will actually make
564 # the request.
565 # gRPC handles serialization and deserialization, so we just need
566 # to pass in the functions for each.
567 if "enable_secret_version" not in self._stubs:
568 self._stubs["enable_secret_version"] = self.grpc_channel.unary_unary(
569 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
570 request_serializer=service.EnableSecretVersionRequest.serialize,
571 response_deserializer=resources.SecretVersion.deserialize,
572 )
573 return self._stubs["enable_secret_version"]
574
575 @property
576 def destroy_secret_version(
577 self,
578 ) -> Callable[
579 [service.DestroySecretVersionRequest], Awaitable[resources.SecretVersion]
580 ]:
581 r"""Return a callable for the destroy secret version method over gRPC.
582
583 Destroys a
584 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
585
586 Sets the
587 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
588 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
589 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
590 and irrevocably destroys the secret data.
591
592 Returns:
593 Callable[[~.DestroySecretVersionRequest],
594 Awaitable[~.SecretVersion]]:
595 A function that, when called, will call the underlying RPC
596 on the server.
597 """
598 # Generate a "stub function" on-the-fly which will actually make
599 # the request.
600 # gRPC handles serialization and deserialization, so we just need
601 # to pass in the functions for each.
602 if "destroy_secret_version" not in self._stubs:
603 self._stubs["destroy_secret_version"] = self.grpc_channel.unary_unary(
604 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
605 request_serializer=service.DestroySecretVersionRequest.serialize,
606 response_deserializer=resources.SecretVersion.deserialize,
607 )
608 return self._stubs["destroy_secret_version"]
609
610 @property
611 def set_iam_policy(
612 self,
613 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
614 r"""Return a callable for the set iam policy method over gRPC.
615
616 Sets the access control policy on the specified secret. Replaces
617 any existing policy.
618
619 Permissions on
620 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
621 enforced according to the policy set on the associated
622 [Secret][google.cloud.secrets.v1beta1.Secret].
623
624 Returns:
625 Callable[[~.SetIamPolicyRequest],
626 Awaitable[~.Policy]]:
627 A function that, when called, will call the underlying RPC
628 on the server.
629 """
630 # Generate a "stub function" on-the-fly which will actually make
631 # the request.
632 # gRPC handles serialization and deserialization, so we just need
633 # to pass in the functions for each.
634 if "set_iam_policy" not in self._stubs:
635 self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary(
636 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
637 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
638 response_deserializer=policy_pb2.Policy.FromString,
639 )
640 return self._stubs["set_iam_policy"]
641
642 @property
643 def get_iam_policy(
644 self,
645 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
646 r"""Return a callable for the get iam policy method over gRPC.
647
648 Gets the access control policy for a secret.
649 Returns empty policy if the secret exists and does not
650 have a policy set.
651
652 Returns:
653 Callable[[~.GetIamPolicyRequest],
654 Awaitable[~.Policy]]:
655 A function that, when called, will call the underlying RPC
656 on the server.
657 """
658 # Generate a "stub function" on-the-fly which will actually make
659 # the request.
660 # gRPC handles serialization and deserialization, so we just need
661 # to pass in the functions for each.
662 if "get_iam_policy" not in self._stubs:
663 self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary(
664 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
665 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
666 response_deserializer=policy_pb2.Policy.FromString,
667 )
668 return self._stubs["get_iam_policy"]
669
670 @property
671 def test_iam_permissions(
672 self,
673 ) -> Callable[
674 [iam_policy_pb2.TestIamPermissionsRequest],
675 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
676 ]:
677 r"""Return a callable for the test iam permissions method over gRPC.
678
679 Returns permissions that a caller has for the specified secret.
680 If the secret does not exist, this call returns an empty set of
681 permissions, not a NOT_FOUND error.
682
683 Note: This operation is designed to be used for building
684 permission-aware UIs and command-line tools, not for
685 authorization checking. This operation may "fail open" without
686 warning.
687
688 Returns:
689 Callable[[~.TestIamPermissionsRequest],
690 Awaitable[~.TestIamPermissionsResponse]]:
691 A function that, when called, will call the underlying RPC
692 on the server.
693 """
694 # Generate a "stub function" on-the-fly which will actually make
695 # the request.
696 # gRPC handles serialization and deserialization, so we just need
697 # to pass in the functions for each.
698 if "test_iam_permissions" not in self._stubs:
699 self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary(
700 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
701 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
702 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
703 )
704 return self._stubs["test_iam_permissions"]
705
706 def close(self):
707 return self.grpc_channel.close()
708
709
710__all__ = ("SecretManagerServiceGrpcAsyncIOTransport",)