« prev ^ index » next coverage.py v7.3.1, created at 2023-09-25 06:37 +0000
1# -*- coding: utf-8 -*-
2# Copyright 2023 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from typing import Callable, Dict, Optional, Sequence, Tuple, Union
17import warnings
19from google.api_core import gapic_v1, grpc_helpers
20import google.auth # type: ignore
21from google.auth import credentials as ga_credentials # type: ignore
22from google.auth.transport.grpc import SslCredentials # type: ignore
23from google.iam.v1 import iam_policy_pb2 # type: ignore
24from google.iam.v1 import policy_pb2 # type: ignore
25from google.protobuf import empty_pb2 # type: ignore
26import grpc # type: ignore
28from google.cloud.secretmanager_v1beta1.types import resources, service
30from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
33class SecretManagerServiceGrpcTransport(SecretManagerServiceTransport):
34 """gRPC backend transport for SecretManagerService.
36 Secret Manager Service
38 Manages secrets and operations using those secrets. Implements a
39 REST model with the following objects:
41 - [Secret][google.cloud.secrets.v1beta1.Secret]
42 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
44 This class defines the same methods as the primary client, so the
45 primary client can load the underlying transport implementation
46 and call it.
48 It sends protocol buffers over the wire using gRPC (which is built on
49 top of HTTP/2); the ``grpcio`` package must be installed.
50 """
52 _stubs: Dict[str, Callable]
54 def __init__(
55 self,
56 *,
57 host: str = "secretmanager.googleapis.com",
58 credentials: Optional[ga_credentials.Credentials] = None,
59 credentials_file: Optional[str] = None,
60 scopes: Optional[Sequence[str]] = None,
61 channel: Optional[grpc.Channel] = None,
62 api_mtls_endpoint: Optional[str] = None,
63 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
64 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
65 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
66 quota_project_id: Optional[str] = None,
67 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
68 always_use_jwt_access: Optional[bool] = False,
69 api_audience: Optional[str] = None,
70 ) -> None:
71 """Instantiate the transport.
73 Args:
74 host (Optional[str]):
75 The hostname to connect to.
76 credentials (Optional[google.auth.credentials.Credentials]): The
77 authorization credentials to attach to requests. These
78 credentials identify the application to the service; if none
79 are specified, the client will attempt to ascertain the
80 credentials from the environment.
81 This argument is ignored if ``channel`` is provided.
82 credentials_file (Optional[str]): A file with credentials that can
83 be loaded with :func:`google.auth.load_credentials_from_file`.
84 This argument is ignored if ``channel`` is provided.
85 scopes (Optional(Sequence[str])): A list of scopes. This argument is
86 ignored if ``channel`` is provided.
87 channel (Optional[grpc.Channel]): A ``Channel`` instance through
88 which to make calls.
89 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
90 If provided, it overrides the ``host`` argument and tries to create
91 a mutual TLS channel with client SSL credentials from
92 ``client_cert_source`` or application default SSL credentials.
93 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
94 Deprecated. A callback to provide client SSL certificate bytes and
95 private key bytes, both in PEM format. It is ignored if
96 ``api_mtls_endpoint`` is None.
97 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
98 for the grpc channel. It is ignored if ``channel`` is provided.
99 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
100 A callback to provide client certificate bytes and private key bytes,
101 both in PEM format. It is used to configure a mutual TLS channel. It is
102 ignored if ``channel`` or ``ssl_channel_credentials`` is provided.
103 quota_project_id (Optional[str]): An optional project to use for billing
104 and quota.
105 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
106 The client info used to send a user-agent string along with
107 API requests. If ``None``, then default info will be used.
108 Generally, you only need to set this if you're developing
109 your own client library.
110 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
111 be used for service account credentials.
113 Raises:
114 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
115 creation failed for any reason.
116 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
117 and ``credentials_file`` are passed.
118 """
119 self._grpc_channel = None
120 self._ssl_channel_credentials = ssl_channel_credentials
121 self._stubs: Dict[str, Callable] = {}
123 if api_mtls_endpoint:
124 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
125 if client_cert_source:
126 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
128 if channel:
129 # Ignore credentials if a channel was passed.
130 credentials = False
131 # If a channel was explicitly provided, set it.
132 self._grpc_channel = channel
133 self._ssl_channel_credentials = None
135 else:
136 if api_mtls_endpoint:
137 host = api_mtls_endpoint
139 # Create SSL credentials with client_cert_source or application
140 # default SSL credentials.
141 if client_cert_source:
142 cert, key = client_cert_source()
143 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
144 certificate_chain=cert, private_key=key
145 )
146 else:
147 self._ssl_channel_credentials = SslCredentials().ssl_credentials
149 else:
150 if client_cert_source_for_mtls and not ssl_channel_credentials:
151 cert, key = client_cert_source_for_mtls()
152 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
153 certificate_chain=cert, private_key=key
154 )
156 # The base transport sets the host, credentials and scopes
157 super().__init__(
158 host=host,
159 credentials=credentials,
160 credentials_file=credentials_file,
161 scopes=scopes,
162 quota_project_id=quota_project_id,
163 client_info=client_info,
164 always_use_jwt_access=always_use_jwt_access,
165 api_audience=api_audience,
166 )
168 if not self._grpc_channel:
169 self._grpc_channel = type(self).create_channel(
170 self._host,
171 # use the credentials which are saved
172 credentials=self._credentials,
173 # Set ``credentials_file`` to ``None`` here as
174 # the credentials that we saved earlier should be used.
175 credentials_file=None,
176 scopes=self._scopes,
177 ssl_credentials=self._ssl_channel_credentials,
178 quota_project_id=quota_project_id,
179 options=[
180 ("grpc.max_send_message_length", -1),
181 ("grpc.max_receive_message_length", -1),
182 ],
183 )
185 # Wrap messages. This must be done after self._grpc_channel exists
186 self._prep_wrapped_messages(client_info)
188 @classmethod
189 def create_channel(
190 cls,
191 host: str = "secretmanager.googleapis.com",
192 credentials: Optional[ga_credentials.Credentials] = None,
193 credentials_file: Optional[str] = None,
194 scopes: Optional[Sequence[str]] = None,
195 quota_project_id: Optional[str] = None,
196 **kwargs,
197 ) -> grpc.Channel:
198 """Create and return a gRPC channel object.
199 Args:
200 host (Optional[str]): The host for the channel to use.
201 credentials (Optional[~.Credentials]): The
202 authorization credentials to attach to requests. These
203 credentials identify this application to the service. If
204 none are specified, the client will attempt to ascertain
205 the credentials from the environment.
206 credentials_file (Optional[str]): A file with credentials that can
207 be loaded with :func:`google.auth.load_credentials_from_file`.
208 This argument is mutually exclusive with credentials.
209 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
210 service. These are only used when credentials are not specified and
211 are passed to :func:`google.auth.default`.
212 quota_project_id (Optional[str]): An optional project to use for billing
213 and quota.
214 kwargs (Optional[dict]): Keyword arguments, which are passed to the
215 channel creation.
216 Returns:
217 grpc.Channel: A gRPC channel object.
219 Raises:
220 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
221 and ``credentials_file`` are passed.
222 """
224 return grpc_helpers.create_channel(
225 host,
226 credentials=credentials,
227 credentials_file=credentials_file,
228 quota_project_id=quota_project_id,
229 default_scopes=cls.AUTH_SCOPES,
230 scopes=scopes,
231 default_host=cls.DEFAULT_HOST,
232 **kwargs,
233 )
235 @property
236 def grpc_channel(self) -> grpc.Channel:
237 """Return the channel designed to connect to this service."""
238 return self._grpc_channel
240 @property
241 def list_secrets(
242 self,
243 ) -> Callable[[service.ListSecretsRequest], service.ListSecretsResponse]:
244 r"""Return a callable for the list secrets method over gRPC.
246 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
248 Returns:
249 Callable[[~.ListSecretsRequest],
250 ~.ListSecretsResponse]:
251 A function that, when called, will call the underlying RPC
252 on the server.
253 """
254 # Generate a "stub function" on-the-fly which will actually make
255 # the request.
256 # gRPC handles serialization and deserialization, so we just need
257 # to pass in the functions for each.
258 if "list_secrets" not in self._stubs:
259 self._stubs["list_secrets"] = self.grpc_channel.unary_unary(
260 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
261 request_serializer=service.ListSecretsRequest.serialize,
262 response_deserializer=service.ListSecretsResponse.deserialize,
263 )
264 return self._stubs["list_secrets"]
266 @property
267 def create_secret(
268 self,
269 ) -> Callable[[service.CreateSecretRequest], resources.Secret]:
270 r"""Return a callable for the create secret method over gRPC.
272 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
273 containing no
274 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
276 Returns:
277 Callable[[~.CreateSecretRequest],
278 ~.Secret]:
279 A function that, when called, will call the underlying RPC
280 on the server.
281 """
282 # Generate a "stub function" on-the-fly which will actually make
283 # the request.
284 # gRPC handles serialization and deserialization, so we just need
285 # to pass in the functions for each.
286 if "create_secret" not in self._stubs:
287 self._stubs["create_secret"] = self.grpc_channel.unary_unary(
288 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
289 request_serializer=service.CreateSecretRequest.serialize,
290 response_deserializer=resources.Secret.deserialize,
291 )
292 return self._stubs["create_secret"]
294 @property
295 def add_secret_version(
296 self,
297 ) -> Callable[[service.AddSecretVersionRequest], resources.SecretVersion]:
298 r"""Return a callable for the add secret version method over gRPC.
300 Creates a new
301 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
302 containing secret data and attaches it to an existing
303 [Secret][google.cloud.secrets.v1beta1.Secret].
305 Returns:
306 Callable[[~.AddSecretVersionRequest],
307 ~.SecretVersion]:
308 A function that, when called, will call the underlying RPC
309 on the server.
310 """
311 # Generate a "stub function" on-the-fly which will actually make
312 # the request.
313 # gRPC handles serialization and deserialization, so we just need
314 # to pass in the functions for each.
315 if "add_secret_version" not in self._stubs:
316 self._stubs["add_secret_version"] = self.grpc_channel.unary_unary(
317 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
318 request_serializer=service.AddSecretVersionRequest.serialize,
319 response_deserializer=resources.SecretVersion.deserialize,
320 )
321 return self._stubs["add_secret_version"]
323 @property
324 def get_secret(self) -> Callable[[service.GetSecretRequest], resources.Secret]:
325 r"""Return a callable for the get secret method over gRPC.
327 Gets metadata for a given
328 [Secret][google.cloud.secrets.v1beta1.Secret].
330 Returns:
331 Callable[[~.GetSecretRequest],
332 ~.Secret]:
333 A function that, when called, will call the underlying RPC
334 on the server.
335 """
336 # Generate a "stub function" on-the-fly which will actually make
337 # the request.
338 # gRPC handles serialization and deserialization, so we just need
339 # to pass in the functions for each.
340 if "get_secret" not in self._stubs:
341 self._stubs["get_secret"] = self.grpc_channel.unary_unary(
342 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
343 request_serializer=service.GetSecretRequest.serialize,
344 response_deserializer=resources.Secret.deserialize,
345 )
346 return self._stubs["get_secret"]
348 @property
349 def update_secret(
350 self,
351 ) -> Callable[[service.UpdateSecretRequest], resources.Secret]:
352 r"""Return a callable for the update secret method over gRPC.
354 Updates metadata of an existing
355 [Secret][google.cloud.secrets.v1beta1.Secret].
357 Returns:
358 Callable[[~.UpdateSecretRequest],
359 ~.Secret]:
360 A function that, when called, will call the underlying RPC
361 on the server.
362 """
363 # Generate a "stub function" on-the-fly which will actually make
364 # the request.
365 # gRPC handles serialization and deserialization, so we just need
366 # to pass in the functions for each.
367 if "update_secret" not in self._stubs:
368 self._stubs["update_secret"] = self.grpc_channel.unary_unary(
369 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
370 request_serializer=service.UpdateSecretRequest.serialize,
371 response_deserializer=resources.Secret.deserialize,
372 )
373 return self._stubs["update_secret"]
375 @property
376 def delete_secret(self) -> Callable[[service.DeleteSecretRequest], empty_pb2.Empty]:
377 r"""Return a callable for the delete secret method over gRPC.
379 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
381 Returns:
382 Callable[[~.DeleteSecretRequest],
383 ~.Empty]:
384 A function that, when called, will call the underlying RPC
385 on the server.
386 """
387 # Generate a "stub function" on-the-fly which will actually make
388 # the request.
389 # gRPC handles serialization and deserialization, so we just need
390 # to pass in the functions for each.
391 if "delete_secret" not in self._stubs:
392 self._stubs["delete_secret"] = self.grpc_channel.unary_unary(
393 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
394 request_serializer=service.DeleteSecretRequest.serialize,
395 response_deserializer=empty_pb2.Empty.FromString,
396 )
397 return self._stubs["delete_secret"]
399 @property
400 def list_secret_versions(
401 self,
402 ) -> Callable[
403 [service.ListSecretVersionsRequest], service.ListSecretVersionsResponse
404 ]:
405 r"""Return a callable for the list secret versions method over gRPC.
407 Lists
408 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
409 This call does not return secret data.
411 Returns:
412 Callable[[~.ListSecretVersionsRequest],
413 ~.ListSecretVersionsResponse]:
414 A function that, when called, will call the underlying RPC
415 on the server.
416 """
417 # Generate a "stub function" on-the-fly which will actually make
418 # the request.
419 # gRPC handles serialization and deserialization, so we just need
420 # to pass in the functions for each.
421 if "list_secret_versions" not in self._stubs:
422 self._stubs["list_secret_versions"] = self.grpc_channel.unary_unary(
423 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
424 request_serializer=service.ListSecretVersionsRequest.serialize,
425 response_deserializer=service.ListSecretVersionsResponse.deserialize,
426 )
427 return self._stubs["list_secret_versions"]
429 @property
430 def get_secret_version(
431 self,
432 ) -> Callable[[service.GetSecretVersionRequest], resources.SecretVersion]:
433 r"""Return a callable for the get secret version method over gRPC.
435 Gets metadata for a
436 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
438 ``projects/*/secrets/*/versions/latest`` is an alias to the
439 ``latest``
440 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
442 Returns:
443 Callable[[~.GetSecretVersionRequest],
444 ~.SecretVersion]:
445 A function that, when called, will call the underlying RPC
446 on the server.
447 """
448 # Generate a "stub function" on-the-fly which will actually make
449 # the request.
450 # gRPC handles serialization and deserialization, so we just need
451 # to pass in the functions for each.
452 if "get_secret_version" not in self._stubs:
453 self._stubs["get_secret_version"] = self.grpc_channel.unary_unary(
454 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
455 request_serializer=service.GetSecretVersionRequest.serialize,
456 response_deserializer=resources.SecretVersion.deserialize,
457 )
458 return self._stubs["get_secret_version"]
460 @property
461 def access_secret_version(
462 self,
463 ) -> Callable[
464 [service.AccessSecretVersionRequest], service.AccessSecretVersionResponse
465 ]:
466 r"""Return a callable for the access secret version method over gRPC.
468 Accesses a
469 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
470 This call returns the secret data.
472 ``projects/*/secrets/*/versions/latest`` is an alias to the
473 ``latest``
474 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
476 Returns:
477 Callable[[~.AccessSecretVersionRequest],
478 ~.AccessSecretVersionResponse]:
479 A function that, when called, will call the underlying RPC
480 on the server.
481 """
482 # Generate a "stub function" on-the-fly which will actually make
483 # the request.
484 # gRPC handles serialization and deserialization, so we just need
485 # to pass in the functions for each.
486 if "access_secret_version" not in self._stubs:
487 self._stubs["access_secret_version"] = self.grpc_channel.unary_unary(
488 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
489 request_serializer=service.AccessSecretVersionRequest.serialize,
490 response_deserializer=service.AccessSecretVersionResponse.deserialize,
491 )
492 return self._stubs["access_secret_version"]
494 @property
495 def disable_secret_version(
496 self,
497 ) -> Callable[[service.DisableSecretVersionRequest], resources.SecretVersion]:
498 r"""Return a callable for the disable secret version method over gRPC.
500 Disables a
501 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
503 Sets the
504 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
505 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
506 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
508 Returns:
509 Callable[[~.DisableSecretVersionRequest],
510 ~.SecretVersion]:
511 A function that, when called, will call the underlying RPC
512 on the server.
513 """
514 # Generate a "stub function" on-the-fly which will actually make
515 # the request.
516 # gRPC handles serialization and deserialization, so we just need
517 # to pass in the functions for each.
518 if "disable_secret_version" not in self._stubs:
519 self._stubs["disable_secret_version"] = self.grpc_channel.unary_unary(
520 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
521 request_serializer=service.DisableSecretVersionRequest.serialize,
522 response_deserializer=resources.SecretVersion.deserialize,
523 )
524 return self._stubs["disable_secret_version"]
526 @property
527 def enable_secret_version(
528 self,
529 ) -> Callable[[service.EnableSecretVersionRequest], resources.SecretVersion]:
530 r"""Return a callable for the enable secret version method over gRPC.
532 Enables a
533 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
535 Sets the
536 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
537 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
538 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
540 Returns:
541 Callable[[~.EnableSecretVersionRequest],
542 ~.SecretVersion]:
543 A function that, when called, will call the underlying RPC
544 on the server.
545 """
546 # Generate a "stub function" on-the-fly which will actually make
547 # the request.
548 # gRPC handles serialization and deserialization, so we just need
549 # to pass in the functions for each.
550 if "enable_secret_version" not in self._stubs:
551 self._stubs["enable_secret_version"] = self.grpc_channel.unary_unary(
552 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
553 request_serializer=service.EnableSecretVersionRequest.serialize,
554 response_deserializer=resources.SecretVersion.deserialize,
555 )
556 return self._stubs["enable_secret_version"]
558 @property
559 def destroy_secret_version(
560 self,
561 ) -> Callable[[service.DestroySecretVersionRequest], resources.SecretVersion]:
562 r"""Return a callable for the destroy secret version method over gRPC.
564 Destroys a
565 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
567 Sets the
568 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
569 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
570 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
571 and irrevocably destroys the secret data.
573 Returns:
574 Callable[[~.DestroySecretVersionRequest],
575 ~.SecretVersion]:
576 A function that, when called, will call the underlying RPC
577 on the server.
578 """
579 # Generate a "stub function" on-the-fly which will actually make
580 # the request.
581 # gRPC handles serialization and deserialization, so we just need
582 # to pass in the functions for each.
583 if "destroy_secret_version" not in self._stubs:
584 self._stubs["destroy_secret_version"] = self.grpc_channel.unary_unary(
585 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
586 request_serializer=service.DestroySecretVersionRequest.serialize,
587 response_deserializer=resources.SecretVersion.deserialize,
588 )
589 return self._stubs["destroy_secret_version"]
591 @property
592 def set_iam_policy(
593 self,
594 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]:
595 r"""Return a callable for the set iam policy method over gRPC.
597 Sets the access control policy on the specified secret. Replaces
598 any existing policy.
600 Permissions on
601 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
602 enforced according to the policy set on the associated
603 [Secret][google.cloud.secrets.v1beta1.Secret].
605 Returns:
606 Callable[[~.SetIamPolicyRequest],
607 ~.Policy]:
608 A function that, when called, will call the underlying RPC
609 on the server.
610 """
611 # Generate a "stub function" on-the-fly which will actually make
612 # the request.
613 # gRPC handles serialization and deserialization, so we just need
614 # to pass in the functions for each.
615 if "set_iam_policy" not in self._stubs:
616 self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary(
617 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
618 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
619 response_deserializer=policy_pb2.Policy.FromString,
620 )
621 return self._stubs["set_iam_policy"]
623 @property
624 def get_iam_policy(
625 self,
626 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]:
627 r"""Return a callable for the get iam policy method over gRPC.
629 Gets the access control policy for a secret.
630 Returns empty policy if the secret exists and does not
631 have a policy set.
633 Returns:
634 Callable[[~.GetIamPolicyRequest],
635 ~.Policy]:
636 A function that, when called, will call the underlying RPC
637 on the server.
638 """
639 # Generate a "stub function" on-the-fly which will actually make
640 # the request.
641 # gRPC handles serialization and deserialization, so we just need
642 # to pass in the functions for each.
643 if "get_iam_policy" not in self._stubs:
644 self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary(
645 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
646 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
647 response_deserializer=policy_pb2.Policy.FromString,
648 )
649 return self._stubs["get_iam_policy"]
651 @property
652 def test_iam_permissions(
653 self,
654 ) -> Callable[
655 [iam_policy_pb2.TestIamPermissionsRequest],
656 iam_policy_pb2.TestIamPermissionsResponse,
657 ]:
658 r"""Return a callable for the test iam permissions method over gRPC.
660 Returns permissions that a caller has for the specified secret.
661 If the secret does not exist, this call returns an empty set of
662 permissions, not a NOT_FOUND error.
664 Note: This operation is designed to be used for building
665 permission-aware UIs and command-line tools, not for
666 authorization checking. This operation may "fail open" without
667 warning.
669 Returns:
670 Callable[[~.TestIamPermissionsRequest],
671 ~.TestIamPermissionsResponse]:
672 A function that, when called, will call the underlying RPC
673 on the server.
674 """
675 # Generate a "stub function" on-the-fly which will actually make
676 # the request.
677 # gRPC handles serialization and deserialization, so we just need
678 # to pass in the functions for each.
679 if "test_iam_permissions" not in self._stubs:
680 self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary(
681 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
682 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
683 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
684 )
685 return self._stubs["test_iam_permissions"]
687 def close(self):
688 self.grpc_channel.close()
690 @property
691 def kind(self) -> str:
692 return "grpc"
695__all__ = ("SecretManagerServiceGrpcTransport",)