Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/google/cloud/secretmanager_v1beta1/services/secret_manager_service/transports/grpc.py: 89%

126 statements  

« prev     ^ index     » next       coverage.py v7.3.1, created at 2023-09-25 06:37 +0000

1# -*- coding: utf-8 -*- 

2# Copyright 2023 Google LLC 

3# 

4# Licensed under the Apache License, Version 2.0 (the "License"); 

5# you may not use this file except in compliance with the License. 

6# You may obtain a copy of the License at 

7# 

8# http://www.apache.org/licenses/LICENSE-2.0 

9# 

10# Unless required by applicable law or agreed to in writing, software 

11# distributed under the License is distributed on an "AS IS" BASIS, 

12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

13# See the License for the specific language governing permissions and 

14# limitations under the License. 

15# 

16from typing import Callable, Dict, Optional, Sequence, Tuple, Union 

17import warnings 

18 

19from google.api_core import gapic_v1, grpc_helpers 

20import google.auth # type: ignore 

21from google.auth import credentials as ga_credentials # type: ignore 

22from google.auth.transport.grpc import SslCredentials # type: ignore 

23from google.iam.v1 import iam_policy_pb2 # type: ignore 

24from google.iam.v1 import policy_pb2 # type: ignore 

25from google.protobuf import empty_pb2 # type: ignore 

26import grpc # type: ignore 

27 

28from google.cloud.secretmanager_v1beta1.types import resources, service 

29 

30from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport 

31 

32 

33class SecretManagerServiceGrpcTransport(SecretManagerServiceTransport): 

34 """gRPC backend transport for SecretManagerService. 

35 

36 Secret Manager Service 

37 

38 Manages secrets and operations using those secrets. Implements a 

39 REST model with the following objects: 

40 

41 - [Secret][google.cloud.secrets.v1beta1.Secret] 

42 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

43 

44 This class defines the same methods as the primary client, so the 

45 primary client can load the underlying transport implementation 

46 and call it. 

47 

48 It sends protocol buffers over the wire using gRPC (which is built on 

49 top of HTTP/2); the ``grpcio`` package must be installed. 

50 """ 

51 

52 _stubs: Dict[str, Callable] 

53 

54 def __init__( 

55 self, 

56 *, 

57 host: str = "secretmanager.googleapis.com", 

58 credentials: Optional[ga_credentials.Credentials] = None, 

59 credentials_file: Optional[str] = None, 

60 scopes: Optional[Sequence[str]] = None, 

61 channel: Optional[grpc.Channel] = None, 

62 api_mtls_endpoint: Optional[str] = None, 

63 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None, 

64 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None, 

65 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None, 

66 quota_project_id: Optional[str] = None, 

67 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, 

68 always_use_jwt_access: Optional[bool] = False, 

69 api_audience: Optional[str] = None, 

70 ) -> None: 

71 """Instantiate the transport. 

72 

73 Args: 

74 host (Optional[str]): 

75 The hostname to connect to. 

76 credentials (Optional[google.auth.credentials.Credentials]): The 

77 authorization credentials to attach to requests. These 

78 credentials identify the application to the service; if none 

79 are specified, the client will attempt to ascertain the 

80 credentials from the environment. 

81 This argument is ignored if ``channel`` is provided. 

82 credentials_file (Optional[str]): A file with credentials that can 

83 be loaded with :func:`google.auth.load_credentials_from_file`. 

84 This argument is ignored if ``channel`` is provided. 

85 scopes (Optional(Sequence[str])): A list of scopes. This argument is 

86 ignored if ``channel`` is provided. 

87 channel (Optional[grpc.Channel]): A ``Channel`` instance through 

88 which to make calls. 

89 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. 

90 If provided, it overrides the ``host`` argument and tries to create 

91 a mutual TLS channel with client SSL credentials from 

92 ``client_cert_source`` or application default SSL credentials. 

93 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): 

94 Deprecated. A callback to provide client SSL certificate bytes and 

95 private key bytes, both in PEM format. It is ignored if 

96 ``api_mtls_endpoint`` is None. 

97 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials 

98 for the grpc channel. It is ignored if ``channel`` is provided. 

99 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): 

100 A callback to provide client certificate bytes and private key bytes, 

101 both in PEM format. It is used to configure a mutual TLS channel. It is 

102 ignored if ``channel`` or ``ssl_channel_credentials`` is provided. 

103 quota_project_id (Optional[str]): An optional project to use for billing 

104 and quota. 

105 client_info (google.api_core.gapic_v1.client_info.ClientInfo): 

106 The client info used to send a user-agent string along with 

107 API requests. If ``None``, then default info will be used. 

108 Generally, you only need to set this if you're developing 

109 your own client library. 

110 always_use_jwt_access (Optional[bool]): Whether self signed JWT should 

111 be used for service account credentials. 

112 

113 Raises: 

114 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport 

115 creation failed for any reason. 

116 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` 

117 and ``credentials_file`` are passed. 

118 """ 

119 self._grpc_channel = None 

120 self._ssl_channel_credentials = ssl_channel_credentials 

121 self._stubs: Dict[str, Callable] = {} 

122 

123 if api_mtls_endpoint: 

124 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) 

125 if client_cert_source: 

126 warnings.warn("client_cert_source is deprecated", DeprecationWarning) 

127 

128 if channel: 

129 # Ignore credentials if a channel was passed. 

130 credentials = False 

131 # If a channel was explicitly provided, set it. 

132 self._grpc_channel = channel 

133 self._ssl_channel_credentials = None 

134 

135 else: 

136 if api_mtls_endpoint: 

137 host = api_mtls_endpoint 

138 

139 # Create SSL credentials with client_cert_source or application 

140 # default SSL credentials. 

141 if client_cert_source: 

142 cert, key = client_cert_source() 

143 self._ssl_channel_credentials = grpc.ssl_channel_credentials( 

144 certificate_chain=cert, private_key=key 

145 ) 

146 else: 

147 self._ssl_channel_credentials = SslCredentials().ssl_credentials 

148 

149 else: 

150 if client_cert_source_for_mtls and not ssl_channel_credentials: 

151 cert, key = client_cert_source_for_mtls() 

152 self._ssl_channel_credentials = grpc.ssl_channel_credentials( 

153 certificate_chain=cert, private_key=key 

154 ) 

155 

156 # The base transport sets the host, credentials and scopes 

157 super().__init__( 

158 host=host, 

159 credentials=credentials, 

160 credentials_file=credentials_file, 

161 scopes=scopes, 

162 quota_project_id=quota_project_id, 

163 client_info=client_info, 

164 always_use_jwt_access=always_use_jwt_access, 

165 api_audience=api_audience, 

166 ) 

167 

168 if not self._grpc_channel: 

169 self._grpc_channel = type(self).create_channel( 

170 self._host, 

171 # use the credentials which are saved 

172 credentials=self._credentials, 

173 # Set ``credentials_file`` to ``None`` here as 

174 # the credentials that we saved earlier should be used. 

175 credentials_file=None, 

176 scopes=self._scopes, 

177 ssl_credentials=self._ssl_channel_credentials, 

178 quota_project_id=quota_project_id, 

179 options=[ 

180 ("grpc.max_send_message_length", -1), 

181 ("grpc.max_receive_message_length", -1), 

182 ], 

183 ) 

184 

185 # Wrap messages. This must be done after self._grpc_channel exists 

186 self._prep_wrapped_messages(client_info) 

187 

188 @classmethod 

189 def create_channel( 

190 cls, 

191 host: str = "secretmanager.googleapis.com", 

192 credentials: Optional[ga_credentials.Credentials] = None, 

193 credentials_file: Optional[str] = None, 

194 scopes: Optional[Sequence[str]] = None, 

195 quota_project_id: Optional[str] = None, 

196 **kwargs, 

197 ) -> grpc.Channel: 

198 """Create and return a gRPC channel object. 

199 Args: 

200 host (Optional[str]): The host for the channel to use. 

201 credentials (Optional[~.Credentials]): The 

202 authorization credentials to attach to requests. These 

203 credentials identify this application to the service. If 

204 none are specified, the client will attempt to ascertain 

205 the credentials from the environment. 

206 credentials_file (Optional[str]): A file with credentials that can 

207 be loaded with :func:`google.auth.load_credentials_from_file`. 

208 This argument is mutually exclusive with credentials. 

209 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this 

210 service. These are only used when credentials are not specified and 

211 are passed to :func:`google.auth.default`. 

212 quota_project_id (Optional[str]): An optional project to use for billing 

213 and quota. 

214 kwargs (Optional[dict]): Keyword arguments, which are passed to the 

215 channel creation. 

216 Returns: 

217 grpc.Channel: A gRPC channel object. 

218 

219 Raises: 

220 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` 

221 and ``credentials_file`` are passed. 

222 """ 

223 

224 return grpc_helpers.create_channel( 

225 host, 

226 credentials=credentials, 

227 credentials_file=credentials_file, 

228 quota_project_id=quota_project_id, 

229 default_scopes=cls.AUTH_SCOPES, 

230 scopes=scopes, 

231 default_host=cls.DEFAULT_HOST, 

232 **kwargs, 

233 ) 

234 

235 @property 

236 def grpc_channel(self) -> grpc.Channel: 

237 """Return the channel designed to connect to this service.""" 

238 return self._grpc_channel 

239 

240 @property 

241 def list_secrets( 

242 self, 

243 ) -> Callable[[service.ListSecretsRequest], service.ListSecretsResponse]: 

244 r"""Return a callable for the list secrets method over gRPC. 

245 

246 Lists [Secrets][google.cloud.secrets.v1beta1.Secret]. 

247 

248 Returns: 

249 Callable[[~.ListSecretsRequest], 

250 ~.ListSecretsResponse]: 

251 A function that, when called, will call the underlying RPC 

252 on the server. 

253 """ 

254 # Generate a "stub function" on-the-fly which will actually make 

255 # the request. 

256 # gRPC handles serialization and deserialization, so we just need 

257 # to pass in the functions for each. 

258 if "list_secrets" not in self._stubs: 

259 self._stubs["list_secrets"] = self.grpc_channel.unary_unary( 

260 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets", 

261 request_serializer=service.ListSecretsRequest.serialize, 

262 response_deserializer=service.ListSecretsResponse.deserialize, 

263 ) 

264 return self._stubs["list_secrets"] 

265 

266 @property 

267 def create_secret( 

268 self, 

269 ) -> Callable[[service.CreateSecretRequest], resources.Secret]: 

270 r"""Return a callable for the create secret method over gRPC. 

271 

272 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret] 

273 containing no 

274 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]. 

275 

276 Returns: 

277 Callable[[~.CreateSecretRequest], 

278 ~.Secret]: 

279 A function that, when called, will call the underlying RPC 

280 on the server. 

281 """ 

282 # Generate a "stub function" on-the-fly which will actually make 

283 # the request. 

284 # gRPC handles serialization and deserialization, so we just need 

285 # to pass in the functions for each. 

286 if "create_secret" not in self._stubs: 

287 self._stubs["create_secret"] = self.grpc_channel.unary_unary( 

288 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret", 

289 request_serializer=service.CreateSecretRequest.serialize, 

290 response_deserializer=resources.Secret.deserialize, 

291 ) 

292 return self._stubs["create_secret"] 

293 

294 @property 

295 def add_secret_version( 

296 self, 

297 ) -> Callable[[service.AddSecretVersionRequest], resources.SecretVersion]: 

298 r"""Return a callable for the add secret version method over gRPC. 

299 

300 Creates a new 

301 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

302 containing secret data and attaches it to an existing 

303 [Secret][google.cloud.secrets.v1beta1.Secret]. 

304 

305 Returns: 

306 Callable[[~.AddSecretVersionRequest], 

307 ~.SecretVersion]: 

308 A function that, when called, will call the underlying RPC 

309 on the server. 

310 """ 

311 # Generate a "stub function" on-the-fly which will actually make 

312 # the request. 

313 # gRPC handles serialization and deserialization, so we just need 

314 # to pass in the functions for each. 

315 if "add_secret_version" not in self._stubs: 

316 self._stubs["add_secret_version"] = self.grpc_channel.unary_unary( 

317 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion", 

318 request_serializer=service.AddSecretVersionRequest.serialize, 

319 response_deserializer=resources.SecretVersion.deserialize, 

320 ) 

321 return self._stubs["add_secret_version"] 

322 

323 @property 

324 def get_secret(self) -> Callable[[service.GetSecretRequest], resources.Secret]: 

325 r"""Return a callable for the get secret method over gRPC. 

326 

327 Gets metadata for a given 

328 [Secret][google.cloud.secrets.v1beta1.Secret]. 

329 

330 Returns: 

331 Callable[[~.GetSecretRequest], 

332 ~.Secret]: 

333 A function that, when called, will call the underlying RPC 

334 on the server. 

335 """ 

336 # Generate a "stub function" on-the-fly which will actually make 

337 # the request. 

338 # gRPC handles serialization and deserialization, so we just need 

339 # to pass in the functions for each. 

340 if "get_secret" not in self._stubs: 

341 self._stubs["get_secret"] = self.grpc_channel.unary_unary( 

342 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret", 

343 request_serializer=service.GetSecretRequest.serialize, 

344 response_deserializer=resources.Secret.deserialize, 

345 ) 

346 return self._stubs["get_secret"] 

347 

348 @property 

349 def update_secret( 

350 self, 

351 ) -> Callable[[service.UpdateSecretRequest], resources.Secret]: 

352 r"""Return a callable for the update secret method over gRPC. 

353 

354 Updates metadata of an existing 

355 [Secret][google.cloud.secrets.v1beta1.Secret]. 

356 

357 Returns: 

358 Callable[[~.UpdateSecretRequest], 

359 ~.Secret]: 

360 A function that, when called, will call the underlying RPC 

361 on the server. 

362 """ 

363 # Generate a "stub function" on-the-fly which will actually make 

364 # the request. 

365 # gRPC handles serialization and deserialization, so we just need 

366 # to pass in the functions for each. 

367 if "update_secret" not in self._stubs: 

368 self._stubs["update_secret"] = self.grpc_channel.unary_unary( 

369 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret", 

370 request_serializer=service.UpdateSecretRequest.serialize, 

371 response_deserializer=resources.Secret.deserialize, 

372 ) 

373 return self._stubs["update_secret"] 

374 

375 @property 

376 def delete_secret(self) -> Callable[[service.DeleteSecretRequest], empty_pb2.Empty]: 

377 r"""Return a callable for the delete secret method over gRPC. 

378 

379 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret]. 

380 

381 Returns: 

382 Callable[[~.DeleteSecretRequest], 

383 ~.Empty]: 

384 A function that, when called, will call the underlying RPC 

385 on the server. 

386 """ 

387 # Generate a "stub function" on-the-fly which will actually make 

388 # the request. 

389 # gRPC handles serialization and deserialization, so we just need 

390 # to pass in the functions for each. 

391 if "delete_secret" not in self._stubs: 

392 self._stubs["delete_secret"] = self.grpc_channel.unary_unary( 

393 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret", 

394 request_serializer=service.DeleteSecretRequest.serialize, 

395 response_deserializer=empty_pb2.Empty.FromString, 

396 ) 

397 return self._stubs["delete_secret"] 

398 

399 @property 

400 def list_secret_versions( 

401 self, 

402 ) -> Callable[ 

403 [service.ListSecretVersionsRequest], service.ListSecretVersionsResponse 

404 ]: 

405 r"""Return a callable for the list secret versions method over gRPC. 

406 

407 Lists 

408 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]. 

409 This call does not return secret data. 

410 

411 Returns: 

412 Callable[[~.ListSecretVersionsRequest], 

413 ~.ListSecretVersionsResponse]: 

414 A function that, when called, will call the underlying RPC 

415 on the server. 

416 """ 

417 # Generate a "stub function" on-the-fly which will actually make 

418 # the request. 

419 # gRPC handles serialization and deserialization, so we just need 

420 # to pass in the functions for each. 

421 if "list_secret_versions" not in self._stubs: 

422 self._stubs["list_secret_versions"] = self.grpc_channel.unary_unary( 

423 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions", 

424 request_serializer=service.ListSecretVersionsRequest.serialize, 

425 response_deserializer=service.ListSecretVersionsResponse.deserialize, 

426 ) 

427 return self._stubs["list_secret_versions"] 

428 

429 @property 

430 def get_secret_version( 

431 self, 

432 ) -> Callable[[service.GetSecretVersionRequest], resources.SecretVersion]: 

433 r"""Return a callable for the get secret version method over gRPC. 

434 

435 Gets metadata for a 

436 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

437 

438 ``projects/*/secrets/*/versions/latest`` is an alias to the 

439 ``latest`` 

440 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

441 

442 Returns: 

443 Callable[[~.GetSecretVersionRequest], 

444 ~.SecretVersion]: 

445 A function that, when called, will call the underlying RPC 

446 on the server. 

447 """ 

448 # Generate a "stub function" on-the-fly which will actually make 

449 # the request. 

450 # gRPC handles serialization and deserialization, so we just need 

451 # to pass in the functions for each. 

452 if "get_secret_version" not in self._stubs: 

453 self._stubs["get_secret_version"] = self.grpc_channel.unary_unary( 

454 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion", 

455 request_serializer=service.GetSecretVersionRequest.serialize, 

456 response_deserializer=resources.SecretVersion.deserialize, 

457 ) 

458 return self._stubs["get_secret_version"] 

459 

460 @property 

461 def access_secret_version( 

462 self, 

463 ) -> Callable[ 

464 [service.AccessSecretVersionRequest], service.AccessSecretVersionResponse 

465 ]: 

466 r"""Return a callable for the access secret version method over gRPC. 

467 

468 Accesses a 

469 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

470 This call returns the secret data. 

471 

472 ``projects/*/secrets/*/versions/latest`` is an alias to the 

473 ``latest`` 

474 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

475 

476 Returns: 

477 Callable[[~.AccessSecretVersionRequest], 

478 ~.AccessSecretVersionResponse]: 

479 A function that, when called, will call the underlying RPC 

480 on the server. 

481 """ 

482 # Generate a "stub function" on-the-fly which will actually make 

483 # the request. 

484 # gRPC handles serialization and deserialization, so we just need 

485 # to pass in the functions for each. 

486 if "access_secret_version" not in self._stubs: 

487 self._stubs["access_secret_version"] = self.grpc_channel.unary_unary( 

488 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion", 

489 request_serializer=service.AccessSecretVersionRequest.serialize, 

490 response_deserializer=service.AccessSecretVersionResponse.deserialize, 

491 ) 

492 return self._stubs["access_secret_version"] 

493 

494 @property 

495 def disable_secret_version( 

496 self, 

497 ) -> Callable[[service.DisableSecretVersionRequest], resources.SecretVersion]: 

498 r"""Return a callable for the disable secret version method over gRPC. 

499 

500 Disables a 

501 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

502 

503 Sets the 

504 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the 

505 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to 

506 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED]. 

507 

508 Returns: 

509 Callable[[~.DisableSecretVersionRequest], 

510 ~.SecretVersion]: 

511 A function that, when called, will call the underlying RPC 

512 on the server. 

513 """ 

514 # Generate a "stub function" on-the-fly which will actually make 

515 # the request. 

516 # gRPC handles serialization and deserialization, so we just need 

517 # to pass in the functions for each. 

518 if "disable_secret_version" not in self._stubs: 

519 self._stubs["disable_secret_version"] = self.grpc_channel.unary_unary( 

520 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion", 

521 request_serializer=service.DisableSecretVersionRequest.serialize, 

522 response_deserializer=resources.SecretVersion.deserialize, 

523 ) 

524 return self._stubs["disable_secret_version"] 

525 

526 @property 

527 def enable_secret_version( 

528 self, 

529 ) -> Callable[[service.EnableSecretVersionRequest], resources.SecretVersion]: 

530 r"""Return a callable for the enable secret version method over gRPC. 

531 

532 Enables a 

533 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

534 

535 Sets the 

536 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the 

537 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to 

538 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED]. 

539 

540 Returns: 

541 Callable[[~.EnableSecretVersionRequest], 

542 ~.SecretVersion]: 

543 A function that, when called, will call the underlying RPC 

544 on the server. 

545 """ 

546 # Generate a "stub function" on-the-fly which will actually make 

547 # the request. 

548 # gRPC handles serialization and deserialization, so we just need 

549 # to pass in the functions for each. 

550 if "enable_secret_version" not in self._stubs: 

551 self._stubs["enable_secret_version"] = self.grpc_channel.unary_unary( 

552 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion", 

553 request_serializer=service.EnableSecretVersionRequest.serialize, 

554 response_deserializer=resources.SecretVersion.deserialize, 

555 ) 

556 return self._stubs["enable_secret_version"] 

557 

558 @property 

559 def destroy_secret_version( 

560 self, 

561 ) -> Callable[[service.DestroySecretVersionRequest], resources.SecretVersion]: 

562 r"""Return a callable for the destroy secret version method over gRPC. 

563 

564 Destroys a 

565 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

566 

567 Sets the 

568 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the 

569 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to 

570 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED] 

571 and irrevocably destroys the secret data. 

572 

573 Returns: 

574 Callable[[~.DestroySecretVersionRequest], 

575 ~.SecretVersion]: 

576 A function that, when called, will call the underlying RPC 

577 on the server. 

578 """ 

579 # Generate a "stub function" on-the-fly which will actually make 

580 # the request. 

581 # gRPC handles serialization and deserialization, so we just need 

582 # to pass in the functions for each. 

583 if "destroy_secret_version" not in self._stubs: 

584 self._stubs["destroy_secret_version"] = self.grpc_channel.unary_unary( 

585 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion", 

586 request_serializer=service.DestroySecretVersionRequest.serialize, 

587 response_deserializer=resources.SecretVersion.deserialize, 

588 ) 

589 return self._stubs["destroy_secret_version"] 

590 

591 @property 

592 def set_iam_policy( 

593 self, 

594 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]: 

595 r"""Return a callable for the set iam policy method over gRPC. 

596 

597 Sets the access control policy on the specified secret. Replaces 

598 any existing policy. 

599 

600 Permissions on 

601 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are 

602 enforced according to the policy set on the associated 

603 [Secret][google.cloud.secrets.v1beta1.Secret]. 

604 

605 Returns: 

606 Callable[[~.SetIamPolicyRequest], 

607 ~.Policy]: 

608 A function that, when called, will call the underlying RPC 

609 on the server. 

610 """ 

611 # Generate a "stub function" on-the-fly which will actually make 

612 # the request. 

613 # gRPC handles serialization and deserialization, so we just need 

614 # to pass in the functions for each. 

615 if "set_iam_policy" not in self._stubs: 

616 self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary( 

617 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy", 

618 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString, 

619 response_deserializer=policy_pb2.Policy.FromString, 

620 ) 

621 return self._stubs["set_iam_policy"] 

622 

623 @property 

624 def get_iam_policy( 

625 self, 

626 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]: 

627 r"""Return a callable for the get iam policy method over gRPC. 

628 

629 Gets the access control policy for a secret. 

630 Returns empty policy if the secret exists and does not 

631 have a policy set. 

632 

633 Returns: 

634 Callable[[~.GetIamPolicyRequest], 

635 ~.Policy]: 

636 A function that, when called, will call the underlying RPC 

637 on the server. 

638 """ 

639 # Generate a "stub function" on-the-fly which will actually make 

640 # the request. 

641 # gRPC handles serialization and deserialization, so we just need 

642 # to pass in the functions for each. 

643 if "get_iam_policy" not in self._stubs: 

644 self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary( 

645 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy", 

646 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString, 

647 response_deserializer=policy_pb2.Policy.FromString, 

648 ) 

649 return self._stubs["get_iam_policy"] 

650 

651 @property 

652 def test_iam_permissions( 

653 self, 

654 ) -> Callable[ 

655 [iam_policy_pb2.TestIamPermissionsRequest], 

656 iam_policy_pb2.TestIamPermissionsResponse, 

657 ]: 

658 r"""Return a callable for the test iam permissions method over gRPC. 

659 

660 Returns permissions that a caller has for the specified secret. 

661 If the secret does not exist, this call returns an empty set of 

662 permissions, not a NOT_FOUND error. 

663 

664 Note: This operation is designed to be used for building 

665 permission-aware UIs and command-line tools, not for 

666 authorization checking. This operation may "fail open" without 

667 warning. 

668 

669 Returns: 

670 Callable[[~.TestIamPermissionsRequest], 

671 ~.TestIamPermissionsResponse]: 

672 A function that, when called, will call the underlying RPC 

673 on the server. 

674 """ 

675 # Generate a "stub function" on-the-fly which will actually make 

676 # the request. 

677 # gRPC handles serialization and deserialization, so we just need 

678 # to pass in the functions for each. 

679 if "test_iam_permissions" not in self._stubs: 

680 self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary( 

681 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions", 

682 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString, 

683 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString, 

684 ) 

685 return self._stubs["test_iam_permissions"] 

686 

687 def close(self): 

688 self.grpc_channel.close() 

689 

690 @property 

691 def kind(self) -> str: 

692 return "grpc" 

693 

694 

695__all__ = ("SecretManagerServiceGrpcTransport",)