1# -*- coding: utf-8 -*-
2# Copyright 2023 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from typing import Callable, Dict, Optional, Sequence, Tuple, Union
17import warnings
18
19from google.api_core import gapic_v1, grpc_helpers
20import google.auth # type: ignore
21from google.auth import credentials as ga_credentials # type: ignore
22from google.auth.transport.grpc import SslCredentials # type: ignore
23from google.iam.v1 import iam_policy_pb2 # type: ignore
24from google.iam.v1 import policy_pb2 # type: ignore
25from google.protobuf import empty_pb2 # type: ignore
26import grpc # type: ignore
27
28from google.cloud.secretmanager_v1beta1.types import resources, service
29
30from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
31
32
33class SecretManagerServiceGrpcTransport(SecretManagerServiceTransport):
34 """gRPC backend transport for SecretManagerService.
35
36 Secret Manager Service
37
38 Manages secrets and operations using those secrets. Implements a
39 REST model with the following objects:
40
41 - [Secret][google.cloud.secrets.v1beta1.Secret]
42 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
43
44 This class defines the same methods as the primary client, so the
45 primary client can load the underlying transport implementation
46 and call it.
47
48 It sends protocol buffers over the wire using gRPC (which is built on
49 top of HTTP/2); the ``grpcio`` package must be installed.
50 """
51
52 _stubs: Dict[str, Callable]
53
54 def __init__(
55 self,
56 *,
57 host: str = "secretmanager.googleapis.com",
58 credentials: Optional[ga_credentials.Credentials] = None,
59 credentials_file: Optional[str] = None,
60 scopes: Optional[Sequence[str]] = None,
61 channel: Optional[grpc.Channel] = None,
62 api_mtls_endpoint: Optional[str] = None,
63 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
64 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
65 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
66 quota_project_id: Optional[str] = None,
67 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
68 always_use_jwt_access: Optional[bool] = False,
69 api_audience: Optional[str] = None,
70 ) -> None:
71 """Instantiate the transport.
72
73 Args:
74 host (Optional[str]):
75 The hostname to connect to.
76 credentials (Optional[google.auth.credentials.Credentials]): The
77 authorization credentials to attach to requests. These
78 credentials identify the application to the service; if none
79 are specified, the client will attempt to ascertain the
80 credentials from the environment.
81 This argument is ignored if ``channel`` is provided.
82 credentials_file (Optional[str]): A file with credentials that can
83 be loaded with :func:`google.auth.load_credentials_from_file`.
84 This argument is ignored if ``channel`` is provided.
85 scopes (Optional(Sequence[str])): A list of scopes. This argument is
86 ignored if ``channel`` is provided.
87 channel (Optional[grpc.Channel]): A ``Channel`` instance through
88 which to make calls.
89 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
90 If provided, it overrides the ``host`` argument and tries to create
91 a mutual TLS channel with client SSL credentials from
92 ``client_cert_source`` or application default SSL credentials.
93 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
94 Deprecated. A callback to provide client SSL certificate bytes and
95 private key bytes, both in PEM format. It is ignored if
96 ``api_mtls_endpoint`` is None.
97 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
98 for the grpc channel. It is ignored if ``channel`` is provided.
99 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
100 A callback to provide client certificate bytes and private key bytes,
101 both in PEM format. It is used to configure a mutual TLS channel. It is
102 ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
103 quota_project_id (Optional[str]): An optional project to use for billing
104 and quota.
105 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
106 The client info used to send a user-agent string along with
107 API requests. If ``None``, then default info will be used.
108 Generally, you only need to set this if you're developing
109 your own client library.
110 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
111 be used for service account credentials.
112
113 Raises:
114 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
115 creation failed for any reason.
116 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
117 and ``credentials_file`` are passed.
118 """
119 self._grpc_channel = None
120 self._ssl_channel_credentials = ssl_channel_credentials
121 self._stubs: Dict[str, Callable] = {}
122
123 if api_mtls_endpoint:
124 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
125 if client_cert_source:
126 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
127
128 if channel:
129 # Ignore credentials if a channel was passed.
130 credentials = False
131 # If a channel was explicitly provided, set it.
132 self._grpc_channel = channel
133 self._ssl_channel_credentials = None
134
135 else:
136 if api_mtls_endpoint:
137 host = api_mtls_endpoint
138
139 # Create SSL credentials with client_cert_source or application
140 # default SSL credentials.
141 if client_cert_source:
142 cert, key = client_cert_source()
143 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
144 certificate_chain=cert, private_key=key
145 )
146 else:
147 self._ssl_channel_credentials = SslCredentials().ssl_credentials
148
149 else:
150 if client_cert_source_for_mtls and not ssl_channel_credentials:
151 cert, key = client_cert_source_for_mtls()
152 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
153 certificate_chain=cert, private_key=key
154 )
155
156 # The base transport sets the host, credentials and scopes
157 super().__init__(
158 host=host,
159 credentials=credentials,
160 credentials_file=credentials_file,
161 scopes=scopes,
162 quota_project_id=quota_project_id,
163 client_info=client_info,
164 always_use_jwt_access=always_use_jwt_access,
165 api_audience=api_audience,
166 )
167
168 if not self._grpc_channel:
169 self._grpc_channel = type(self).create_channel(
170 self._host,
171 # use the credentials which are saved
172 credentials=self._credentials,
173 # Set ``credentials_file`` to ``None`` here as
174 # the credentials that we saved earlier should be used.
175 credentials_file=None,
176 scopes=self._scopes,
177 ssl_credentials=self._ssl_channel_credentials,
178 quota_project_id=quota_project_id,
179 options=[
180 ("grpc.max_send_message_length", -1),
181 ("grpc.max_receive_message_length", -1),
182 ],
183 )
184
185 # Wrap messages. This must be done after self._grpc_channel exists
186 self._prep_wrapped_messages(client_info)
187
188 @classmethod
189 def create_channel(
190 cls,
191 host: str = "secretmanager.googleapis.com",
192 credentials: Optional[ga_credentials.Credentials] = None,
193 credentials_file: Optional[str] = None,
194 scopes: Optional[Sequence[str]] = None,
195 quota_project_id: Optional[str] = None,
196 **kwargs,
197 ) -> grpc.Channel:
198 """Create and return a gRPC channel object.
199 Args:
200 host (Optional[str]): The host for the channel to use.
201 credentials (Optional[~.Credentials]): The
202 authorization credentials to attach to requests. These
203 credentials identify this application to the service. If
204 none are specified, the client will attempt to ascertain
205 the credentials from the environment.
206 credentials_file (Optional[str]): A file with credentials that can
207 be loaded with :func:`google.auth.load_credentials_from_file`.
208 This argument is mutually exclusive with credentials.
209 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
210 service. These are only used when credentials are not specified and
211 are passed to :func:`google.auth.default`.
212 quota_project_id (Optional[str]): An optional project to use for billing
213 and quota.
214 kwargs (Optional[dict]): Keyword arguments, which are passed to the
215 channel creation.
216 Returns:
217 grpc.Channel: A gRPC channel object.
218
219 Raises:
220 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
221 and ``credentials_file`` are passed.
222 """
223
224 return grpc_helpers.create_channel(
225 host,
226 credentials=credentials,
227 credentials_file=credentials_file,
228 quota_project_id=quota_project_id,
229 default_scopes=cls.AUTH_SCOPES,
230 scopes=scopes,
231 default_host=cls.DEFAULT_HOST,
232 **kwargs,
233 )
234
235 @property
236 def grpc_channel(self) -> grpc.Channel:
237 """Return the channel designed to connect to this service."""
238 return self._grpc_channel
239
240 @property
241 def list_secrets(
242 self,
243 ) -> Callable[[service.ListSecretsRequest], service.ListSecretsResponse]:
244 r"""Return a callable for the list secrets method over gRPC.
245
246 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
247
248 Returns:
249 Callable[[~.ListSecretsRequest],
250 ~.ListSecretsResponse]:
251 A function that, when called, will call the underlying RPC
252 on the server.
253 """
254 # Generate a "stub function" on-the-fly which will actually make
255 # the request.
256 # gRPC handles serialization and deserialization, so we just need
257 # to pass in the functions for each.
258 if "list_secrets" not in self._stubs:
259 self._stubs["list_secrets"] = self.grpc_channel.unary_unary(
260 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
261 request_serializer=service.ListSecretsRequest.serialize,
262 response_deserializer=service.ListSecretsResponse.deserialize,
263 )
264 return self._stubs["list_secrets"]
265
266 @property
267 def create_secret(
268 self,
269 ) -> Callable[[service.CreateSecretRequest], resources.Secret]:
270 r"""Return a callable for the create secret method over gRPC.
271
272 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
273 containing no
274 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
275
276 Returns:
277 Callable[[~.CreateSecretRequest],
278 ~.Secret]:
279 A function that, when called, will call the underlying RPC
280 on the server.
281 """
282 # Generate a "stub function" on-the-fly which will actually make
283 # the request.
284 # gRPC handles serialization and deserialization, so we just need
285 # to pass in the functions for each.
286 if "create_secret" not in self._stubs:
287 self._stubs["create_secret"] = self.grpc_channel.unary_unary(
288 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
289 request_serializer=service.CreateSecretRequest.serialize,
290 response_deserializer=resources.Secret.deserialize,
291 )
292 return self._stubs["create_secret"]
293
294 @property
295 def add_secret_version(
296 self,
297 ) -> Callable[[service.AddSecretVersionRequest], resources.SecretVersion]:
298 r"""Return a callable for the add secret version method over gRPC.
299
300 Creates a new
301 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
302 containing secret data and attaches it to an existing
303 [Secret][google.cloud.secrets.v1beta1.Secret].
304
305 Returns:
306 Callable[[~.AddSecretVersionRequest],
307 ~.SecretVersion]:
308 A function that, when called, will call the underlying RPC
309 on the server.
310 """
311 # Generate a "stub function" on-the-fly which will actually make
312 # the request.
313 # gRPC handles serialization and deserialization, so we just need
314 # to pass in the functions for each.
315 if "add_secret_version" not in self._stubs:
316 self._stubs["add_secret_version"] = self.grpc_channel.unary_unary(
317 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
318 request_serializer=service.AddSecretVersionRequest.serialize,
319 response_deserializer=resources.SecretVersion.deserialize,
320 )
321 return self._stubs["add_secret_version"]
322
323 @property
324 def get_secret(self) -> Callable[[service.GetSecretRequest], resources.Secret]:
325 r"""Return a callable for the get secret method over gRPC.
326
327 Gets metadata for a given
328 [Secret][google.cloud.secrets.v1beta1.Secret].
329
330 Returns:
331 Callable[[~.GetSecretRequest],
332 ~.Secret]:
333 A function that, when called, will call the underlying RPC
334 on the server.
335 """
336 # Generate a "stub function" on-the-fly which will actually make
337 # the request.
338 # gRPC handles serialization and deserialization, so we just need
339 # to pass in the functions for each.
340 if "get_secret" not in self._stubs:
341 self._stubs["get_secret"] = self.grpc_channel.unary_unary(
342 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
343 request_serializer=service.GetSecretRequest.serialize,
344 response_deserializer=resources.Secret.deserialize,
345 )
346 return self._stubs["get_secret"]
347
348 @property
349 def update_secret(
350 self,
351 ) -> Callable[[service.UpdateSecretRequest], resources.Secret]:
352 r"""Return a callable for the update secret method over gRPC.
353
354 Updates metadata of an existing
355 [Secret][google.cloud.secrets.v1beta1.Secret].
356
357 Returns:
358 Callable[[~.UpdateSecretRequest],
359 ~.Secret]:
360 A function that, when called, will call the underlying RPC
361 on the server.
362 """
363 # Generate a "stub function" on-the-fly which will actually make
364 # the request.
365 # gRPC handles serialization and deserialization, so we just need
366 # to pass in the functions for each.
367 if "update_secret" not in self._stubs:
368 self._stubs["update_secret"] = self.grpc_channel.unary_unary(
369 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
370 request_serializer=service.UpdateSecretRequest.serialize,
371 response_deserializer=resources.Secret.deserialize,
372 )
373 return self._stubs["update_secret"]
374
375 @property
376 def delete_secret(self) -> Callable[[service.DeleteSecretRequest], empty_pb2.Empty]:
377 r"""Return a callable for the delete secret method over gRPC.
378
379 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
380
381 Returns:
382 Callable[[~.DeleteSecretRequest],
383 ~.Empty]:
384 A function that, when called, will call the underlying RPC
385 on the server.
386 """
387 # Generate a "stub function" on-the-fly which will actually make
388 # the request.
389 # gRPC handles serialization and deserialization, so we just need
390 # to pass in the functions for each.
391 if "delete_secret" not in self._stubs:
392 self._stubs["delete_secret"] = self.grpc_channel.unary_unary(
393 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
394 request_serializer=service.DeleteSecretRequest.serialize,
395 response_deserializer=empty_pb2.Empty.FromString,
396 )
397 return self._stubs["delete_secret"]
398
399 @property
400 def list_secret_versions(
401 self,
402 ) -> Callable[
403 [service.ListSecretVersionsRequest], service.ListSecretVersionsResponse
404 ]:
405 r"""Return a callable for the list secret versions method over gRPC.
406
407 Lists
408 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
409 This call does not return secret data.
410
411 Returns:
412 Callable[[~.ListSecretVersionsRequest],
413 ~.ListSecretVersionsResponse]:
414 A function that, when called, will call the underlying RPC
415 on the server.
416 """
417 # Generate a "stub function" on-the-fly which will actually make
418 # the request.
419 # gRPC handles serialization and deserialization, so we just need
420 # to pass in the functions for each.
421 if "list_secret_versions" not in self._stubs:
422 self._stubs["list_secret_versions"] = self.grpc_channel.unary_unary(
423 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
424 request_serializer=service.ListSecretVersionsRequest.serialize,
425 response_deserializer=service.ListSecretVersionsResponse.deserialize,
426 )
427 return self._stubs["list_secret_versions"]
428
429 @property
430 def get_secret_version(
431 self,
432 ) -> Callable[[service.GetSecretVersionRequest], resources.SecretVersion]:
433 r"""Return a callable for the get secret version method over gRPC.
434
435 Gets metadata for a
436 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
437
438 ``projects/*/secrets/*/versions/latest`` is an alias to the
439 ``latest``
440 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
441
442 Returns:
443 Callable[[~.GetSecretVersionRequest],
444 ~.SecretVersion]:
445 A function that, when called, will call the underlying RPC
446 on the server.
447 """
448 # Generate a "stub function" on-the-fly which will actually make
449 # the request.
450 # gRPC handles serialization and deserialization, so we just need
451 # to pass in the functions for each.
452 if "get_secret_version" not in self._stubs:
453 self._stubs["get_secret_version"] = self.grpc_channel.unary_unary(
454 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
455 request_serializer=service.GetSecretVersionRequest.serialize,
456 response_deserializer=resources.SecretVersion.deserialize,
457 )
458 return self._stubs["get_secret_version"]
459
460 @property
461 def access_secret_version(
462 self,
463 ) -> Callable[
464 [service.AccessSecretVersionRequest], service.AccessSecretVersionResponse
465 ]:
466 r"""Return a callable for the access secret version method over gRPC.
467
468 Accesses a
469 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
470 This call returns the secret data.
471
472 ``projects/*/secrets/*/versions/latest`` is an alias to the
473 ``latest``
474 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
475
476 Returns:
477 Callable[[~.AccessSecretVersionRequest],
478 ~.AccessSecretVersionResponse]:
479 A function that, when called, will call the underlying RPC
480 on the server.
481 """
482 # Generate a "stub function" on-the-fly which will actually make
483 # the request.
484 # gRPC handles serialization and deserialization, so we just need
485 # to pass in the functions for each.
486 if "access_secret_version" not in self._stubs:
487 self._stubs["access_secret_version"] = self.grpc_channel.unary_unary(
488 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
489 request_serializer=service.AccessSecretVersionRequest.serialize,
490 response_deserializer=service.AccessSecretVersionResponse.deserialize,
491 )
492 return self._stubs["access_secret_version"]
493
494 @property
495 def disable_secret_version(
496 self,
497 ) -> Callable[[service.DisableSecretVersionRequest], resources.SecretVersion]:
498 r"""Return a callable for the disable secret version method over gRPC.
499
500 Disables a
501 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
502
503 Sets the
504 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
505 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
506 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
507
508 Returns:
509 Callable[[~.DisableSecretVersionRequest],
510 ~.SecretVersion]:
511 A function that, when called, will call the underlying RPC
512 on the server.
513 """
514 # Generate a "stub function" on-the-fly which will actually make
515 # the request.
516 # gRPC handles serialization and deserialization, so we just need
517 # to pass in the functions for each.
518 if "disable_secret_version" not in self._stubs:
519 self._stubs["disable_secret_version"] = self.grpc_channel.unary_unary(
520 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
521 request_serializer=service.DisableSecretVersionRequest.serialize,
522 response_deserializer=resources.SecretVersion.deserialize,
523 )
524 return self._stubs["disable_secret_version"]
525
526 @property
527 def enable_secret_version(
528 self,
529 ) -> Callable[[service.EnableSecretVersionRequest], resources.SecretVersion]:
530 r"""Return a callable for the enable secret version method over gRPC.
531
532 Enables a
533 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
534
535 Sets the
536 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
537 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
538 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
539
540 Returns:
541 Callable[[~.EnableSecretVersionRequest],
542 ~.SecretVersion]:
543 A function that, when called, will call the underlying RPC
544 on the server.
545 """
546 # Generate a "stub function" on-the-fly which will actually make
547 # the request.
548 # gRPC handles serialization and deserialization, so we just need
549 # to pass in the functions for each.
550 if "enable_secret_version" not in self._stubs:
551 self._stubs["enable_secret_version"] = self.grpc_channel.unary_unary(
552 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
553 request_serializer=service.EnableSecretVersionRequest.serialize,
554 response_deserializer=resources.SecretVersion.deserialize,
555 )
556 return self._stubs["enable_secret_version"]
557
558 @property
559 def destroy_secret_version(
560 self,
561 ) -> Callable[[service.DestroySecretVersionRequest], resources.SecretVersion]:
562 r"""Return a callable for the destroy secret version method over gRPC.
563
564 Destroys a
565 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
566
567 Sets the
568 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
569 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
570 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
571 and irrevocably destroys the secret data.
572
573 Returns:
574 Callable[[~.DestroySecretVersionRequest],
575 ~.SecretVersion]:
576 A function that, when called, will call the underlying RPC
577 on the server.
578 """
579 # Generate a "stub function" on-the-fly which will actually make
580 # the request.
581 # gRPC handles serialization and deserialization, so we just need
582 # to pass in the functions for each.
583 if "destroy_secret_version" not in self._stubs:
584 self._stubs["destroy_secret_version"] = self.grpc_channel.unary_unary(
585 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
586 request_serializer=service.DestroySecretVersionRequest.serialize,
587 response_deserializer=resources.SecretVersion.deserialize,
588 )
589 return self._stubs["destroy_secret_version"]
590
591 @property
592 def set_iam_policy(
593 self,
594 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]:
595 r"""Return a callable for the set iam policy method over gRPC.
596
597 Sets the access control policy on the specified secret. Replaces
598 any existing policy.
599
600 Permissions on
601 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
602 enforced according to the policy set on the associated
603 [Secret][google.cloud.secrets.v1beta1.Secret].
604
605 Returns:
606 Callable[[~.SetIamPolicyRequest],
607 ~.Policy]:
608 A function that, when called, will call the underlying RPC
609 on the server.
610 """
611 # Generate a "stub function" on-the-fly which will actually make
612 # the request.
613 # gRPC handles serialization and deserialization, so we just need
614 # to pass in the functions for each.
615 if "set_iam_policy" not in self._stubs:
616 self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary(
617 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
618 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
619 response_deserializer=policy_pb2.Policy.FromString,
620 )
621 return self._stubs["set_iam_policy"]
622
623 @property
624 def get_iam_policy(
625 self,
626 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]:
627 r"""Return a callable for the get iam policy method over gRPC.
628
629 Gets the access control policy for a secret.
630 Returns empty policy if the secret exists and does not
631 have a policy set.
632
633 Returns:
634 Callable[[~.GetIamPolicyRequest],
635 ~.Policy]:
636 A function that, when called, will call the underlying RPC
637 on the server.
638 """
639 # Generate a "stub function" on-the-fly which will actually make
640 # the request.
641 # gRPC handles serialization and deserialization, so we just need
642 # to pass in the functions for each.
643 if "get_iam_policy" not in self._stubs:
644 self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary(
645 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
646 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
647 response_deserializer=policy_pb2.Policy.FromString,
648 )
649 return self._stubs["get_iam_policy"]
650
651 @property
652 def test_iam_permissions(
653 self,
654 ) -> Callable[
655 [iam_policy_pb2.TestIamPermissionsRequest],
656 iam_policy_pb2.TestIamPermissionsResponse,
657 ]:
658 r"""Return a callable for the test iam permissions method over gRPC.
659
660 Returns permissions that a caller has for the specified secret.
661 If the secret does not exist, this call returns an empty set of
662 permissions, not a NOT_FOUND error.
663
664 Note: This operation is designed to be used for building
665 permission-aware UIs and command-line tools, not for
666 authorization checking. This operation may "fail open" without
667 warning.
668
669 Returns:
670 Callable[[~.TestIamPermissionsRequest],
671 ~.TestIamPermissionsResponse]:
672 A function that, when called, will call the underlying RPC
673 on the server.
674 """
675 # Generate a "stub function" on-the-fly which will actually make
676 # the request.
677 # gRPC handles serialization and deserialization, so we just need
678 # to pass in the functions for each.
679 if "test_iam_permissions" not in self._stubs:
680 self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary(
681 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
682 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
683 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
684 )
685 return self._stubs["test_iam_permissions"]
686
687 def close(self):
688 self.grpc_channel.close()
689
690 @property
691 def kind(self) -> str:
692 return "grpc"
693
694
695__all__ = ("SecretManagerServiceGrpcTransport",)