Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from collections import OrderedDict
17import os
18import re
19from typing import (
20 Callable,
21 Dict,
22 Mapping,
23 MutableMapping,
24 MutableSequence,
25 Optional,
26 Sequence,
27 Tuple,
28 Type,
29 Union,
30 cast,
31)
32import warnings
34from google.api_core import client_options as client_options_lib
35from google.api_core import exceptions as core_exceptions
36from google.api_core import gapic_v1
37from google.api_core import retry as retries
38from google.auth import credentials as ga_credentials # type: ignore
39from google.auth.exceptions import MutualTLSChannelError # type: ignore
40from google.auth.transport import mtls # type: ignore
41from google.auth.transport.grpc import SslCredentials # type: ignore
42from google.oauth2 import service_account # type: ignore
44from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
46try:
47 OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None]
48except AttributeError: # pragma: NO COVER
49 OptionalRetry = Union[retries.Retry, object, None] # type: ignore
51from google.iam.v1 import iam_policy_pb2 # type: ignore
52from google.iam.v1 import policy_pb2 # type: ignore
53from google.protobuf import field_mask_pb2 # type: ignore
54from google.protobuf import timestamp_pb2 # type: ignore
56from google.cloud.secretmanager_v1beta1.services.secret_manager_service import pagers
57from google.cloud.secretmanager_v1beta1.types import resources, service
59from .transports.base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
60from .transports.grpc import SecretManagerServiceGrpcTransport
61from .transports.grpc_asyncio import SecretManagerServiceGrpcAsyncIOTransport
62from .transports.rest import SecretManagerServiceRestTransport
65class SecretManagerServiceClientMeta(type):
66 """Metaclass for the SecretManagerService client.
68 This provides class-level methods for building and retrieving
69 support objects (e.g. transport) without polluting the client instance
70 objects.
71 """
73 _transport_registry = (
74 OrderedDict()
75 ) # type: Dict[str, Type[SecretManagerServiceTransport]]
76 _transport_registry["grpc"] = SecretManagerServiceGrpcTransport
77 _transport_registry["grpc_asyncio"] = SecretManagerServiceGrpcAsyncIOTransport
78 _transport_registry["rest"] = SecretManagerServiceRestTransport
80 def get_transport_class(
81 cls,
82 label: Optional[str] = None,
83 ) -> Type[SecretManagerServiceTransport]:
84 """Returns an appropriate transport class.
86 Args:
87 label: The name of the desired transport. If none is
88 provided, then the first transport in the registry is used.
90 Returns:
91 The transport class to use.
92 """
93 # If a specific transport is requested, return that one.
94 if label:
95 return cls._transport_registry[label]
97 # No transport is requested; return the default (that is, the first one
98 # in the dictionary).
99 return next(iter(cls._transport_registry.values()))
102class SecretManagerServiceClient(metaclass=SecretManagerServiceClientMeta):
103 """Secret Manager Service
105 Manages secrets and operations using those secrets. Implements a
106 REST model with the following objects:
108 - [Secret][google.cloud.secrets.v1beta1.Secret]
109 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
110 """
112 @staticmethod
113 def _get_default_mtls_endpoint(api_endpoint):
114 """Converts api endpoint to mTLS endpoint.
116 Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
117 "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
118 Args:
119 api_endpoint (Optional[str]): the api endpoint to convert.
120 Returns:
121 str: converted mTLS api endpoint.
122 """
123 if not api_endpoint:
124 return api_endpoint
126 mtls_endpoint_re = re.compile(
127 r"(?P<name>[^.]+)(?P<mtls>\.mtls)?(?P<sandbox>\.sandbox)?(?P<googledomain>\.googleapis\.com)?"
128 )
130 m = mtls_endpoint_re.match(api_endpoint)
131 name, mtls, sandbox, googledomain = m.groups()
132 if mtls or not googledomain:
133 return api_endpoint
135 if sandbox:
136 return api_endpoint.replace(
137 "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
138 )
140 return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
142 # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead.
143 DEFAULT_ENDPOINT = "secretmanager.googleapis.com"
144 DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore
145 DEFAULT_ENDPOINT
146 )
148 _DEFAULT_ENDPOINT_TEMPLATE = "secretmanager.{UNIVERSE_DOMAIN}"
149 _DEFAULT_UNIVERSE = "googleapis.com"
151 @classmethod
152 def from_service_account_info(cls, info: dict, *args, **kwargs):
153 """Creates an instance of this client using the provided credentials
154 info.
156 Args:
157 info (dict): The service account private key info.
158 args: Additional arguments to pass to the constructor.
159 kwargs: Additional arguments to pass to the constructor.
161 Returns:
162 SecretManagerServiceClient: The constructed client.
163 """
164 credentials = service_account.Credentials.from_service_account_info(info)
165 kwargs["credentials"] = credentials
166 return cls(*args, **kwargs)
168 @classmethod
169 def from_service_account_file(cls, filename: str, *args, **kwargs):
170 """Creates an instance of this client using the provided credentials
171 file.
173 Args:
174 filename (str): The path to the service account private key json
175 file.
176 args: Additional arguments to pass to the constructor.
177 kwargs: Additional arguments to pass to the constructor.
179 Returns:
180 SecretManagerServiceClient: The constructed client.
181 """
182 credentials = service_account.Credentials.from_service_account_file(filename)
183 kwargs["credentials"] = credentials
184 return cls(*args, **kwargs)
186 from_service_account_json = from_service_account_file
188 @property
189 def transport(self) -> SecretManagerServiceTransport:
190 """Returns the transport used by the client instance.
192 Returns:
193 SecretManagerServiceTransport: The transport used by the client
194 instance.
195 """
196 return self._transport
198 @staticmethod
199 def secret_path(
200 project: str,
201 secret: str,
202 ) -> str:
203 """Returns a fully-qualified secret string."""
204 return "projects/{project}/secrets/{secret}".format(
205 project=project,
206 secret=secret,
207 )
209 @staticmethod
210 def parse_secret_path(path: str) -> Dict[str, str]:
211 """Parses a secret path into its component segments."""
212 m = re.match(r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)$", path)
213 return m.groupdict() if m else {}
215 @staticmethod
216 def secret_version_path(
217 project: str,
218 secret: str,
219 secret_version: str,
220 ) -> str:
221 """Returns a fully-qualified secret_version string."""
222 return "projects/{project}/secrets/{secret}/versions/{secret_version}".format(
223 project=project,
224 secret=secret,
225 secret_version=secret_version,
226 )
228 @staticmethod
229 def parse_secret_version_path(path: str) -> Dict[str, str]:
230 """Parses a secret_version path into its component segments."""
231 m = re.match(
232 r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)/versions/(?P<secret_version>.+?)$",
233 path,
234 )
235 return m.groupdict() if m else {}
237 @staticmethod
238 def common_billing_account_path(
239 billing_account: str,
240 ) -> str:
241 """Returns a fully-qualified billing_account string."""
242 return "billingAccounts/{billing_account}".format(
243 billing_account=billing_account,
244 )
246 @staticmethod
247 def parse_common_billing_account_path(path: str) -> Dict[str, str]:
248 """Parse a billing_account path into its component segments."""
249 m = re.match(r"^billingAccounts/(?P<billing_account>.+?)$", path)
250 return m.groupdict() if m else {}
252 @staticmethod
253 def common_folder_path(
254 folder: str,
255 ) -> str:
256 """Returns a fully-qualified folder string."""
257 return "folders/{folder}".format(
258 folder=folder,
259 )
261 @staticmethod
262 def parse_common_folder_path(path: str) -> Dict[str, str]:
263 """Parse a folder path into its component segments."""
264 m = re.match(r"^folders/(?P<folder>.+?)$", path)
265 return m.groupdict() if m else {}
267 @staticmethod
268 def common_organization_path(
269 organization: str,
270 ) -> str:
271 """Returns a fully-qualified organization string."""
272 return "organizations/{organization}".format(
273 organization=organization,
274 )
276 @staticmethod
277 def parse_common_organization_path(path: str) -> Dict[str, str]:
278 """Parse a organization path into its component segments."""
279 m = re.match(r"^organizations/(?P<organization>.+?)$", path)
280 return m.groupdict() if m else {}
282 @staticmethod
283 def common_project_path(
284 project: str,
285 ) -> str:
286 """Returns a fully-qualified project string."""
287 return "projects/{project}".format(
288 project=project,
289 )
291 @staticmethod
292 def parse_common_project_path(path: str) -> Dict[str, str]:
293 """Parse a project path into its component segments."""
294 m = re.match(r"^projects/(?P<project>.+?)$", path)
295 return m.groupdict() if m else {}
297 @staticmethod
298 def common_location_path(
299 project: str,
300 location: str,
301 ) -> str:
302 """Returns a fully-qualified location string."""
303 return "projects/{project}/locations/{location}".format(
304 project=project,
305 location=location,
306 )
308 @staticmethod
309 def parse_common_location_path(path: str) -> Dict[str, str]:
310 """Parse a location path into its component segments."""
311 m = re.match(r"^projects/(?P<project>.+?)/locations/(?P<location>.+?)$", path)
312 return m.groupdict() if m else {}
314 @classmethod
315 def get_mtls_endpoint_and_cert_source(
316 cls, client_options: Optional[client_options_lib.ClientOptions] = None
317 ):
318 """Deprecated. Return the API endpoint and client cert source for mutual TLS.
320 The client cert source is determined in the following order:
321 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
322 client cert source is None.
323 (2) if `client_options.client_cert_source` is provided, use the provided one; if the
324 default client cert source exists, use the default one; otherwise the client cert
325 source is None.
327 The API endpoint is determined in the following order:
328 (1) if `client_options.api_endpoint` if provided, use the provided one.
329 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
330 default mTLS endpoint; if the environment variable is "never", use the default API
331 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
332 use the default API endpoint.
334 More details can be found at https://google.aip.dev/auth/4114.
336 Args:
337 client_options (google.api_core.client_options.ClientOptions): Custom options for the
338 client. Only the `api_endpoint` and `client_cert_source` properties may be used
339 in this method.
341 Returns:
342 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
343 client cert source to use.
345 Raises:
346 google.auth.exceptions.MutualTLSChannelError: If any errors happen.
347 """
349 warnings.warn(
350 "get_mtls_endpoint_and_cert_source is deprecated. Use the api_endpoint property instead.",
351 DeprecationWarning,
352 )
353 if client_options is None:
354 client_options = client_options_lib.ClientOptions()
355 use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
356 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
357 if use_client_cert not in ("true", "false"):
358 raise ValueError(
359 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
360 )
361 if use_mtls_endpoint not in ("auto", "never", "always"):
362 raise MutualTLSChannelError(
363 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
364 )
366 # Figure out the client cert source to use.
367 client_cert_source = None
368 if use_client_cert == "true":
369 if client_options.client_cert_source:
370 client_cert_source = client_options.client_cert_source
371 elif mtls.has_default_client_cert_source():
372 client_cert_source = mtls.default_client_cert_source()
374 # Figure out which api endpoint to use.
375 if client_options.api_endpoint is not None:
376 api_endpoint = client_options.api_endpoint
377 elif use_mtls_endpoint == "always" or (
378 use_mtls_endpoint == "auto" and client_cert_source
379 ):
380 api_endpoint = cls.DEFAULT_MTLS_ENDPOINT
381 else:
382 api_endpoint = cls.DEFAULT_ENDPOINT
384 return api_endpoint, client_cert_source
386 @staticmethod
387 def _read_environment_variables():
388 """Returns the environment variables used by the client.
390 Returns:
391 Tuple[bool, str, str]: returns the GOOGLE_API_USE_CLIENT_CERTIFICATE,
392 GOOGLE_API_USE_MTLS_ENDPOINT, and GOOGLE_CLOUD_UNIVERSE_DOMAIN environment variables.
394 Raises:
395 ValueError: If GOOGLE_API_USE_CLIENT_CERTIFICATE is not
396 any of ["true", "false"].
397 google.auth.exceptions.MutualTLSChannelError: If GOOGLE_API_USE_MTLS_ENDPOINT
398 is not any of ["auto", "never", "always"].
399 """
400 use_client_cert = os.getenv(
401 "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
402 ).lower()
403 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()
404 universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")
405 if use_client_cert not in ("true", "false"):
406 raise ValueError(
407 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
408 )
409 if use_mtls_endpoint not in ("auto", "never", "always"):
410 raise MutualTLSChannelError(
411 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
412 )
413 return use_client_cert == "true", use_mtls_endpoint, universe_domain_env
415 @staticmethod
416 def _get_client_cert_source(provided_cert_source, use_cert_flag):
417 """Return the client cert source to be used by the client.
419 Args:
420 provided_cert_source (bytes): The client certificate source provided.
421 use_cert_flag (bool): A flag indicating whether to use the client certificate.
423 Returns:
424 bytes or None: The client cert source to be used by the client.
425 """
426 client_cert_source = None
427 if use_cert_flag:
428 if provided_cert_source:
429 client_cert_source = provided_cert_source
430 elif mtls.has_default_client_cert_source():
431 client_cert_source = mtls.default_client_cert_source()
432 return client_cert_source
434 @staticmethod
435 def _get_api_endpoint(
436 api_override, client_cert_source, universe_domain, use_mtls_endpoint
437 ):
438 """Return the API endpoint used by the client.
440 Args:
441 api_override (str): The API endpoint override. If specified, this is always
442 the return value of this function and the other arguments are not used.
443 client_cert_source (bytes): The client certificate source used by the client.
444 universe_domain (str): The universe domain used by the client.
445 use_mtls_endpoint (str): How to use the mTLS endpoint, which depends also on the other parameters.
446 Possible values are "always", "auto", or "never".
448 Returns:
449 str: The API endpoint to be used by the client.
450 """
451 if api_override is not None:
452 api_endpoint = api_override
453 elif use_mtls_endpoint == "always" or (
454 use_mtls_endpoint == "auto" and client_cert_source
455 ):
456 _default_universe = SecretManagerServiceClient._DEFAULT_UNIVERSE
457 if universe_domain != _default_universe:
458 raise MutualTLSChannelError(
459 f"mTLS is not supported in any universe other than {_default_universe}."
460 )
461 api_endpoint = SecretManagerServiceClient.DEFAULT_MTLS_ENDPOINT
462 else:
463 api_endpoint = SecretManagerServiceClient._DEFAULT_ENDPOINT_TEMPLATE.format(
464 UNIVERSE_DOMAIN=universe_domain
465 )
466 return api_endpoint
468 @staticmethod
469 def _get_universe_domain(
470 client_universe_domain: Optional[str], universe_domain_env: Optional[str]
471 ) -> str:
472 """Return the universe domain used by the client.
474 Args:
475 client_universe_domain (Optional[str]): The universe domain configured via the client options.
476 universe_domain_env (Optional[str]): The universe domain configured via the "GOOGLE_CLOUD_UNIVERSE_DOMAIN" environment variable.
478 Returns:
479 str: The universe domain to be used by the client.
481 Raises:
482 ValueError: If the universe domain is an empty string.
483 """
484 universe_domain = SecretManagerServiceClient._DEFAULT_UNIVERSE
485 if client_universe_domain is not None:
486 universe_domain = client_universe_domain
487 elif universe_domain_env is not None:
488 universe_domain = universe_domain_env
489 if len(universe_domain.strip()) == 0:
490 raise ValueError("Universe Domain cannot be an empty string.")
491 return universe_domain
493 @staticmethod
494 def _compare_universes(
495 client_universe: str, credentials: ga_credentials.Credentials
496 ) -> bool:
497 """Returns True iff the universe domains used by the client and credentials match.
499 Args:
500 client_universe (str): The universe domain configured via the client options.
501 credentials (ga_credentials.Credentials): The credentials being used in the client.
503 Returns:
504 bool: True iff client_universe matches the universe in credentials.
506 Raises:
507 ValueError: when client_universe does not match the universe in credentials.
508 """
510 default_universe = SecretManagerServiceClient._DEFAULT_UNIVERSE
511 credentials_universe = getattr(credentials, "universe_domain", default_universe)
513 if client_universe != credentials_universe:
514 raise ValueError(
515 "The configured universe domain "
516 f"({client_universe}) does not match the universe domain "
517 f"found in the credentials ({credentials_universe}). "
518 "If you haven't configured the universe domain explicitly, "
519 f"`{default_universe}` is the default."
520 )
521 return True
523 def _validate_universe_domain(self):
524 """Validates client's and credentials' universe domains are consistent.
526 Returns:
527 bool: True iff the configured universe domain is valid.
529 Raises:
530 ValueError: If the configured universe domain is not valid.
531 """
532 self._is_universe_domain_valid = (
533 self._is_universe_domain_valid
534 or SecretManagerServiceClient._compare_universes(
535 self.universe_domain, self.transport._credentials
536 )
537 )
538 return self._is_universe_domain_valid
540 @property
541 def api_endpoint(self):
542 """Return the API endpoint used by the client instance.
544 Returns:
545 str: The API endpoint used by the client instance.
546 """
547 return self._api_endpoint
549 @property
550 def universe_domain(self) -> str:
551 """Return the universe domain used by the client instance.
553 Returns:
554 str: The universe domain used by the client instance.
555 """
556 return self._universe_domain
558 def __init__(
559 self,
560 *,
561 credentials: Optional[ga_credentials.Credentials] = None,
562 transport: Optional[
563 Union[
564 str,
565 SecretManagerServiceTransport,
566 Callable[..., SecretManagerServiceTransport],
567 ]
568 ] = None,
569 client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None,
570 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
571 ) -> None:
572 """Instantiates the secret manager service client.
574 Args:
575 credentials (Optional[google.auth.credentials.Credentials]): The
576 authorization credentials to attach to requests. These
577 credentials identify the application to the service; if none
578 are specified, the client will attempt to ascertain the
579 credentials from the environment.
580 transport (Optional[Union[str,SecretManagerServiceTransport,Callable[..., SecretManagerServiceTransport]]]):
581 The transport to use, or a Callable that constructs and returns a new transport.
582 If a Callable is given, it will be called with the same set of initialization
583 arguments as used in the SecretManagerServiceTransport constructor.
584 If set to None, a transport is chosen automatically.
585 client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]):
586 Custom options for the client.
588 1. The ``api_endpoint`` property can be used to override the
589 default endpoint provided by the client when ``transport`` is
590 not explicitly provided. Only if this property is not set and
591 ``transport`` was not explicitly provided, the endpoint is
592 determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment
593 variable, which have one of the following values:
594 "always" (always use the default mTLS endpoint), "never" (always
595 use the default regular endpoint) and "auto" (auto-switch to the
596 default mTLS endpoint if client certificate is present; this is
597 the default value).
599 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
600 is "true", then the ``client_cert_source`` property can be used
601 to provide a client certificate for mTLS transport. If
602 not provided, the default SSL client certificate will be used if
603 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
604 set, no client certificate will be used.
606 3. The ``universe_domain`` property can be used to override the
607 default "googleapis.com" universe. Note that the ``api_endpoint``
608 property still takes precedence; and ``universe_domain`` is
609 currently not supported for mTLS.
611 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
612 The client info used to send a user-agent string along with
613 API requests. If ``None``, then default info will be used.
614 Generally, you only need to set this if you're developing
615 your own client library.
617 Raises:
618 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
619 creation failed for any reason.
620 """
621 self._client_options = client_options
622 if isinstance(self._client_options, dict):
623 self._client_options = client_options_lib.from_dict(self._client_options)
624 if self._client_options is None:
625 self._client_options = client_options_lib.ClientOptions()
626 self._client_options = cast(
627 client_options_lib.ClientOptions, self._client_options
628 )
630 universe_domain_opt = getattr(self._client_options, "universe_domain", None)
632 (
633 self._use_client_cert,
634 self._use_mtls_endpoint,
635 self._universe_domain_env,
636 ) = SecretManagerServiceClient._read_environment_variables()
637 self._client_cert_source = SecretManagerServiceClient._get_client_cert_source(
638 self._client_options.client_cert_source, self._use_client_cert
639 )
640 self._universe_domain = SecretManagerServiceClient._get_universe_domain(
641 universe_domain_opt, self._universe_domain_env
642 )
643 self._api_endpoint = None # updated below, depending on `transport`
645 # Initialize the universe domain validation.
646 self._is_universe_domain_valid = False
648 api_key_value = getattr(self._client_options, "api_key", None)
649 if api_key_value and credentials:
650 raise ValueError(
651 "client_options.api_key and credentials are mutually exclusive"
652 )
654 # Save or instantiate the transport.
655 # Ordinarily, we provide the transport, but allowing a custom transport
656 # instance provides an extensibility point for unusual situations.
657 transport_provided = isinstance(transport, SecretManagerServiceTransport)
658 if transport_provided:
659 # transport is a SecretManagerServiceTransport instance.
660 if credentials or self._client_options.credentials_file or api_key_value:
661 raise ValueError(
662 "When providing a transport instance, "
663 "provide its credentials directly."
664 )
665 if self._client_options.scopes:
666 raise ValueError(
667 "When providing a transport instance, provide its scopes "
668 "directly."
669 )
670 self._transport = cast(SecretManagerServiceTransport, transport)
671 self._api_endpoint = self._transport.host
673 self._api_endpoint = (
674 self._api_endpoint
675 or SecretManagerServiceClient._get_api_endpoint(
676 self._client_options.api_endpoint,
677 self._client_cert_source,
678 self._universe_domain,
679 self._use_mtls_endpoint,
680 )
681 )
683 if not transport_provided:
684 import google.auth._default # type: ignore
686 if api_key_value and hasattr(
687 google.auth._default, "get_api_key_credentials"
688 ):
689 credentials = google.auth._default.get_api_key_credentials(
690 api_key_value
691 )
693 transport_init: Union[
694 Type[SecretManagerServiceTransport],
695 Callable[..., SecretManagerServiceTransport],
696 ] = (
697 type(self).get_transport_class(transport)
698 if isinstance(transport, str) or transport is None
699 else cast(Callable[..., SecretManagerServiceTransport], transport)
700 )
701 # initialize with the provided callable or the passed in class
702 self._transport = transport_init(
703 credentials=credentials,
704 credentials_file=self._client_options.credentials_file,
705 host=self._api_endpoint,
706 scopes=self._client_options.scopes,
707 client_cert_source_for_mtls=self._client_cert_source,
708 quota_project_id=self._client_options.quota_project_id,
709 client_info=client_info,
710 always_use_jwt_access=True,
711 api_audience=self._client_options.api_audience,
712 )
714 def list_secrets(
715 self,
716 request: Optional[Union[service.ListSecretsRequest, dict]] = None,
717 *,
718 parent: Optional[str] = None,
719 retry: OptionalRetry = gapic_v1.method.DEFAULT,
720 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
721 metadata: Sequence[Tuple[str, str]] = (),
722 ) -> pagers.ListSecretsPager:
723 r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
725 .. code-block:: python
727 # This snippet has been automatically generated and should be regarded as a
728 # code template only.
729 # It will require modifications to work:
730 # - It may require correct/in-range values for request initialization.
731 # - It may require specifying regional endpoints when creating the service
732 # client as shown in:
733 # https://googleapis.dev/python/google-api-core/latest/client_options.html
734 from google.cloud import secretmanager_v1beta1
736 def sample_list_secrets():
737 # Create a client
738 client = secretmanager_v1beta1.SecretManagerServiceClient()
740 # Initialize request argument(s)
741 request = secretmanager_v1beta1.ListSecretsRequest(
742 parent="parent_value",
743 )
745 # Make the request
746 page_result = client.list_secrets(request=request)
748 # Handle the response
749 for response in page_result:
750 print(response)
752 Args:
753 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]):
754 The request object. Request message for
755 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
756 parent (str):
757 Required. The resource name of the project associated
758 with the [Secrets][google.cloud.secrets.v1beta1.Secret],
759 in the format ``projects/*``.
761 This corresponds to the ``parent`` field
762 on the ``request`` instance; if ``request`` is provided, this
763 should not be set.
764 retry (google.api_core.retry.Retry): Designation of what errors, if any,
765 should be retried.
766 timeout (float): The timeout for this request.
767 metadata (Sequence[Tuple[str, str]]): Strings which should be
768 sent along with the request as metadata.
770 Returns:
771 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsPager:
772 Response message for
773 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
775 Iterating over this object will yield results and
776 resolve additional pages automatically.
778 """
779 # Create or coerce a protobuf request object.
780 # - Quick check: If we got a request object, we should *not* have
781 # gotten any keyword arguments that map to the request.
782 has_flattened_params = any([parent])
783 if request is not None and has_flattened_params:
784 raise ValueError(
785 "If the `request` argument is set, then none of "
786 "the individual field arguments should be set."
787 )
789 # - Use the request object if provided (there's no risk of modifying the input as
790 # there are no flattened fields), or create one.
791 if not isinstance(request, service.ListSecretsRequest):
792 request = service.ListSecretsRequest(request)
793 # If we have keyword arguments corresponding to fields on the
794 # request, apply these.
795 if parent is not None:
796 request.parent = parent
798 # Wrap the RPC method; this adds retry and timeout information,
799 # and friendly error handling.
800 rpc = self._transport._wrapped_methods[self._transport.list_secrets]
802 # Certain fields should be provided within the metadata header;
803 # add these here.
804 metadata = tuple(metadata) + (
805 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
806 )
808 # Validate the universe domain.
809 self._validate_universe_domain()
811 # Send the request.
812 response = rpc(
813 request,
814 retry=retry,
815 timeout=timeout,
816 metadata=metadata,
817 )
819 # This method is paged; wrap the response in a pager, which provides
820 # an `__iter__` convenience method.
821 response = pagers.ListSecretsPager(
822 method=rpc,
823 request=request,
824 response=response,
825 metadata=metadata,
826 )
828 # Done; return the response.
829 return response
831 def create_secret(
832 self,
833 request: Optional[Union[service.CreateSecretRequest, dict]] = None,
834 *,
835 parent: Optional[str] = None,
836 secret_id: Optional[str] = None,
837 secret: Optional[resources.Secret] = None,
838 retry: OptionalRetry = gapic_v1.method.DEFAULT,
839 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
840 metadata: Sequence[Tuple[str, str]] = (),
841 ) -> resources.Secret:
842 r"""Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
843 containing no
844 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
846 .. code-block:: python
848 # This snippet has been automatically generated and should be regarded as a
849 # code template only.
850 # It will require modifications to work:
851 # - It may require correct/in-range values for request initialization.
852 # - It may require specifying regional endpoints when creating the service
853 # client as shown in:
854 # https://googleapis.dev/python/google-api-core/latest/client_options.html
855 from google.cloud import secretmanager_v1beta1
857 def sample_create_secret():
858 # Create a client
859 client = secretmanager_v1beta1.SecretManagerServiceClient()
861 # Initialize request argument(s)
862 request = secretmanager_v1beta1.CreateSecretRequest(
863 parent="parent_value",
864 secret_id="secret_id_value",
865 )
867 # Make the request
868 response = client.create_secret(request=request)
870 # Handle the response
871 print(response)
873 Args:
874 request (Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]):
875 The request object. Request message for
876 [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret].
877 parent (str):
878 Required. The resource name of the project to associate
879 with the [Secret][google.cloud.secrets.v1beta1.Secret],
880 in the format ``projects/*``.
882 This corresponds to the ``parent`` field
883 on the ``request`` instance; if ``request`` is provided, this
884 should not be set.
885 secret_id (str):
886 Required. This must be unique within the project.
888 A secret ID is a string with a maximum length of 255
889 characters and can contain uppercase and lowercase
890 letters, numerals, and the hyphen (``-``) and underscore
891 (``_``) characters.
893 This corresponds to the ``secret_id`` field
894 on the ``request`` instance; if ``request`` is provided, this
895 should not be set.
896 secret (google.cloud.secretmanager_v1beta1.types.Secret):
897 Required. A
898 [Secret][google.cloud.secrets.v1beta1.Secret] with
899 initial field values.
901 This corresponds to the ``secret`` field
902 on the ``request`` instance; if ``request`` is provided, this
903 should not be set.
904 retry (google.api_core.retry.Retry): Designation of what errors, if any,
905 should be retried.
906 timeout (float): The timeout for this request.
907 metadata (Sequence[Tuple[str, str]]): Strings which should be
908 sent along with the request as metadata.
910 Returns:
911 google.cloud.secretmanager_v1beta1.types.Secret:
912 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
913 be accessed.
915 A [Secret][google.cloud.secrets.v1beta1.Secret] is
916 made up of zero or more
917 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
918 that represent the secret data.
920 """
921 # Create or coerce a protobuf request object.
922 # - Quick check: If we got a request object, we should *not* have
923 # gotten any keyword arguments that map to the request.
924 has_flattened_params = any([parent, secret_id, secret])
925 if request is not None and has_flattened_params:
926 raise ValueError(
927 "If the `request` argument is set, then none of "
928 "the individual field arguments should be set."
929 )
931 # - Use the request object if provided (there's no risk of modifying the input as
932 # there are no flattened fields), or create one.
933 if not isinstance(request, service.CreateSecretRequest):
934 request = service.CreateSecretRequest(request)
935 # If we have keyword arguments corresponding to fields on the
936 # request, apply these.
937 if parent is not None:
938 request.parent = parent
939 if secret_id is not None:
940 request.secret_id = secret_id
941 if secret is not None:
942 request.secret = secret
944 # Wrap the RPC method; this adds retry and timeout information,
945 # and friendly error handling.
946 rpc = self._transport._wrapped_methods[self._transport.create_secret]
948 # Certain fields should be provided within the metadata header;
949 # add these here.
950 metadata = tuple(metadata) + (
951 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
952 )
954 # Validate the universe domain.
955 self._validate_universe_domain()
957 # Send the request.
958 response = rpc(
959 request,
960 retry=retry,
961 timeout=timeout,
962 metadata=metadata,
963 )
965 # Done; return the response.
966 return response
968 def add_secret_version(
969 self,
970 request: Optional[Union[service.AddSecretVersionRequest, dict]] = None,
971 *,
972 parent: Optional[str] = None,
973 payload: Optional[resources.SecretPayload] = None,
974 retry: OptionalRetry = gapic_v1.method.DEFAULT,
975 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
976 metadata: Sequence[Tuple[str, str]] = (),
977 ) -> resources.SecretVersion:
978 r"""Creates a new
979 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
980 containing secret data and attaches it to an existing
981 [Secret][google.cloud.secrets.v1beta1.Secret].
983 .. code-block:: python
985 # This snippet has been automatically generated and should be regarded as a
986 # code template only.
987 # It will require modifications to work:
988 # - It may require correct/in-range values for request initialization.
989 # - It may require specifying regional endpoints when creating the service
990 # client as shown in:
991 # https://googleapis.dev/python/google-api-core/latest/client_options.html
992 from google.cloud import secretmanager_v1beta1
994 def sample_add_secret_version():
995 # Create a client
996 client = secretmanager_v1beta1.SecretManagerServiceClient()
998 # Initialize request argument(s)
999 request = secretmanager_v1beta1.AddSecretVersionRequest(
1000 parent="parent_value",
1001 )
1003 # Make the request
1004 response = client.add_secret_version(request=request)
1006 # Handle the response
1007 print(response)
1009 Args:
1010 request (Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]):
1011 The request object. Request message for
1012 [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion].
1013 parent (str):
1014 Required. The resource name of the
1015 [Secret][google.cloud.secrets.v1beta1.Secret] to
1016 associate with the
1017 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1018 in the format ``projects/*/secrets/*``.
1020 This corresponds to the ``parent`` field
1021 on the ``request`` instance; if ``request`` is provided, this
1022 should not be set.
1023 payload (google.cloud.secretmanager_v1beta1.types.SecretPayload):
1024 Required. The secret payload of the
1025 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1027 This corresponds to the ``payload`` field
1028 on the ``request`` instance; if ``request`` is provided, this
1029 should not be set.
1030 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1031 should be retried.
1032 timeout (float): The timeout for this request.
1033 metadata (Sequence[Tuple[str, str]]): Strings which should be
1034 sent along with the request as metadata.
1036 Returns:
1037 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1038 A secret version resource in the
1039 Secret Manager API.
1041 """
1042 # Create or coerce a protobuf request object.
1043 # - Quick check: If we got a request object, we should *not* have
1044 # gotten any keyword arguments that map to the request.
1045 has_flattened_params = any([parent, payload])
1046 if request is not None and has_flattened_params:
1047 raise ValueError(
1048 "If the `request` argument is set, then none of "
1049 "the individual field arguments should be set."
1050 )
1052 # - Use the request object if provided (there's no risk of modifying the input as
1053 # there are no flattened fields), or create one.
1054 if not isinstance(request, service.AddSecretVersionRequest):
1055 request = service.AddSecretVersionRequest(request)
1056 # If we have keyword arguments corresponding to fields on the
1057 # request, apply these.
1058 if parent is not None:
1059 request.parent = parent
1060 if payload is not None:
1061 request.payload = payload
1063 # Wrap the RPC method; this adds retry and timeout information,
1064 # and friendly error handling.
1065 rpc = self._transport._wrapped_methods[self._transport.add_secret_version]
1067 # Certain fields should be provided within the metadata header;
1068 # add these here.
1069 metadata = tuple(metadata) + (
1070 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1071 )
1073 # Validate the universe domain.
1074 self._validate_universe_domain()
1076 # Send the request.
1077 response = rpc(
1078 request,
1079 retry=retry,
1080 timeout=timeout,
1081 metadata=metadata,
1082 )
1084 # Done; return the response.
1085 return response
1087 def get_secret(
1088 self,
1089 request: Optional[Union[service.GetSecretRequest, dict]] = None,
1090 *,
1091 name: Optional[str] = None,
1092 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1093 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1094 metadata: Sequence[Tuple[str, str]] = (),
1095 ) -> resources.Secret:
1096 r"""Gets metadata for a given
1097 [Secret][google.cloud.secrets.v1beta1.Secret].
1099 .. code-block:: python
1101 # This snippet has been automatically generated and should be regarded as a
1102 # code template only.
1103 # It will require modifications to work:
1104 # - It may require correct/in-range values for request initialization.
1105 # - It may require specifying regional endpoints when creating the service
1106 # client as shown in:
1107 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1108 from google.cloud import secretmanager_v1beta1
1110 def sample_get_secret():
1111 # Create a client
1112 client = secretmanager_v1beta1.SecretManagerServiceClient()
1114 # Initialize request argument(s)
1115 request = secretmanager_v1beta1.GetSecretRequest(
1116 name="name_value",
1117 )
1119 # Make the request
1120 response = client.get_secret(request=request)
1122 # Handle the response
1123 print(response)
1125 Args:
1126 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]):
1127 The request object. Request message for
1128 [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret].
1129 name (str):
1130 Required. The resource name of the
1131 [Secret][google.cloud.secrets.v1beta1.Secret], in the
1132 format ``projects/*/secrets/*``.
1134 This corresponds to the ``name`` field
1135 on the ``request`` instance; if ``request`` is provided, this
1136 should not be set.
1137 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1138 should be retried.
1139 timeout (float): The timeout for this request.
1140 metadata (Sequence[Tuple[str, str]]): Strings which should be
1141 sent along with the request as metadata.
1143 Returns:
1144 google.cloud.secretmanager_v1beta1.types.Secret:
1145 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
1146 be accessed.
1148 A [Secret][google.cloud.secrets.v1beta1.Secret] is
1149 made up of zero or more
1150 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1151 that represent the secret data.
1153 """
1154 # Create or coerce a protobuf request object.
1155 # - Quick check: If we got a request object, we should *not* have
1156 # gotten any keyword arguments that map to the request.
1157 has_flattened_params = any([name])
1158 if request is not None and has_flattened_params:
1159 raise ValueError(
1160 "If the `request` argument is set, then none of "
1161 "the individual field arguments should be set."
1162 )
1164 # - Use the request object if provided (there's no risk of modifying the input as
1165 # there are no flattened fields), or create one.
1166 if not isinstance(request, service.GetSecretRequest):
1167 request = service.GetSecretRequest(request)
1168 # If we have keyword arguments corresponding to fields on the
1169 # request, apply these.
1170 if name is not None:
1171 request.name = name
1173 # Wrap the RPC method; this adds retry and timeout information,
1174 # and friendly error handling.
1175 rpc = self._transport._wrapped_methods[self._transport.get_secret]
1177 # Certain fields should be provided within the metadata header;
1178 # add these here.
1179 metadata = tuple(metadata) + (
1180 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1181 )
1183 # Validate the universe domain.
1184 self._validate_universe_domain()
1186 # Send the request.
1187 response = rpc(
1188 request,
1189 retry=retry,
1190 timeout=timeout,
1191 metadata=metadata,
1192 )
1194 # Done; return the response.
1195 return response
1197 def update_secret(
1198 self,
1199 request: Optional[Union[service.UpdateSecretRequest, dict]] = None,
1200 *,
1201 secret: Optional[resources.Secret] = None,
1202 update_mask: Optional[field_mask_pb2.FieldMask] = None,
1203 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1204 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1205 metadata: Sequence[Tuple[str, str]] = (),
1206 ) -> resources.Secret:
1207 r"""Updates metadata of an existing
1208 [Secret][google.cloud.secrets.v1beta1.Secret].
1210 .. code-block:: python
1212 # This snippet has been automatically generated and should be regarded as a
1213 # code template only.
1214 # It will require modifications to work:
1215 # - It may require correct/in-range values for request initialization.
1216 # - It may require specifying regional endpoints when creating the service
1217 # client as shown in:
1218 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1219 from google.cloud import secretmanager_v1beta1
1221 def sample_update_secret():
1222 # Create a client
1223 client = secretmanager_v1beta1.SecretManagerServiceClient()
1225 # Initialize request argument(s)
1226 request = secretmanager_v1beta1.UpdateSecretRequest(
1227 )
1229 # Make the request
1230 response = client.update_secret(request=request)
1232 # Handle the response
1233 print(response)
1235 Args:
1236 request (Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]):
1237 The request object. Request message for
1238 [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret].
1239 secret (google.cloud.secretmanager_v1beta1.types.Secret):
1240 Required. [Secret][google.cloud.secrets.v1beta1.Secret]
1241 with updated field values.
1243 This corresponds to the ``secret`` field
1244 on the ``request`` instance; if ``request`` is provided, this
1245 should not be set.
1246 update_mask (google.protobuf.field_mask_pb2.FieldMask):
1247 Required. Specifies the fields to be
1248 updated.
1250 This corresponds to the ``update_mask`` field
1251 on the ``request`` instance; if ``request`` is provided, this
1252 should not be set.
1253 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1254 should be retried.
1255 timeout (float): The timeout for this request.
1256 metadata (Sequence[Tuple[str, str]]): Strings which should be
1257 sent along with the request as metadata.
1259 Returns:
1260 google.cloud.secretmanager_v1beta1.types.Secret:
1261 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
1262 be accessed.
1264 A [Secret][google.cloud.secrets.v1beta1.Secret] is
1265 made up of zero or more
1266 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1267 that represent the secret data.
1269 """
1270 # Create or coerce a protobuf request object.
1271 # - Quick check: If we got a request object, we should *not* have
1272 # gotten any keyword arguments that map to the request.
1273 has_flattened_params = any([secret, update_mask])
1274 if request is not None and has_flattened_params:
1275 raise ValueError(
1276 "If the `request` argument is set, then none of "
1277 "the individual field arguments should be set."
1278 )
1280 # - Use the request object if provided (there's no risk of modifying the input as
1281 # there are no flattened fields), or create one.
1282 if not isinstance(request, service.UpdateSecretRequest):
1283 request = service.UpdateSecretRequest(request)
1284 # If we have keyword arguments corresponding to fields on the
1285 # request, apply these.
1286 if secret is not None:
1287 request.secret = secret
1288 if update_mask is not None:
1289 request.update_mask = update_mask
1291 # Wrap the RPC method; this adds retry and timeout information,
1292 # and friendly error handling.
1293 rpc = self._transport._wrapped_methods[self._transport.update_secret]
1295 # Certain fields should be provided within the metadata header;
1296 # add these here.
1297 metadata = tuple(metadata) + (
1298 gapic_v1.routing_header.to_grpc_metadata(
1299 (("secret.name", request.secret.name),)
1300 ),
1301 )
1303 # Validate the universe domain.
1304 self._validate_universe_domain()
1306 # Send the request.
1307 response = rpc(
1308 request,
1309 retry=retry,
1310 timeout=timeout,
1311 metadata=metadata,
1312 )
1314 # Done; return the response.
1315 return response
1317 def delete_secret(
1318 self,
1319 request: Optional[Union[service.DeleteSecretRequest, dict]] = None,
1320 *,
1321 name: Optional[str] = None,
1322 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1323 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1324 metadata: Sequence[Tuple[str, str]] = (),
1325 ) -> None:
1326 r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
1328 .. code-block:: python
1330 # This snippet has been automatically generated and should be regarded as a
1331 # code template only.
1332 # It will require modifications to work:
1333 # - It may require correct/in-range values for request initialization.
1334 # - It may require specifying regional endpoints when creating the service
1335 # client as shown in:
1336 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1337 from google.cloud import secretmanager_v1beta1
1339 def sample_delete_secret():
1340 # Create a client
1341 client = secretmanager_v1beta1.SecretManagerServiceClient()
1343 # Initialize request argument(s)
1344 request = secretmanager_v1beta1.DeleteSecretRequest(
1345 name="name_value",
1346 )
1348 # Make the request
1349 client.delete_secret(request=request)
1351 Args:
1352 request (Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]):
1353 The request object. Request message for
1354 [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret].
1355 name (str):
1356 Required. The resource name of the
1357 [Secret][google.cloud.secrets.v1beta1.Secret] to delete
1358 in the format ``projects/*/secrets/*``.
1360 This corresponds to the ``name`` field
1361 on the ``request`` instance; if ``request`` is provided, this
1362 should not be set.
1363 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1364 should be retried.
1365 timeout (float): The timeout for this request.
1366 metadata (Sequence[Tuple[str, str]]): Strings which should be
1367 sent along with the request as metadata.
1368 """
1369 # Create or coerce a protobuf request object.
1370 # - Quick check: If we got a request object, we should *not* have
1371 # gotten any keyword arguments that map to the request.
1372 has_flattened_params = any([name])
1373 if request is not None and has_flattened_params:
1374 raise ValueError(
1375 "If the `request` argument is set, then none of "
1376 "the individual field arguments should be set."
1377 )
1379 # - Use the request object if provided (there's no risk of modifying the input as
1380 # there are no flattened fields), or create one.
1381 if not isinstance(request, service.DeleteSecretRequest):
1382 request = service.DeleteSecretRequest(request)
1383 # If we have keyword arguments corresponding to fields on the
1384 # request, apply these.
1385 if name is not None:
1386 request.name = name
1388 # Wrap the RPC method; this adds retry and timeout information,
1389 # and friendly error handling.
1390 rpc = self._transport._wrapped_methods[self._transport.delete_secret]
1392 # Certain fields should be provided within the metadata header;
1393 # add these here.
1394 metadata = tuple(metadata) + (
1395 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1396 )
1398 # Validate the universe domain.
1399 self._validate_universe_domain()
1401 # Send the request.
1402 rpc(
1403 request,
1404 retry=retry,
1405 timeout=timeout,
1406 metadata=metadata,
1407 )
1409 def list_secret_versions(
1410 self,
1411 request: Optional[Union[service.ListSecretVersionsRequest, dict]] = None,
1412 *,
1413 parent: Optional[str] = None,
1414 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1415 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1416 metadata: Sequence[Tuple[str, str]] = (),
1417 ) -> pagers.ListSecretVersionsPager:
1418 r"""Lists
1419 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
1420 This call does not return secret data.
1422 .. code-block:: python
1424 # This snippet has been automatically generated and should be regarded as a
1425 # code template only.
1426 # It will require modifications to work:
1427 # - It may require correct/in-range values for request initialization.
1428 # - It may require specifying regional endpoints when creating the service
1429 # client as shown in:
1430 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1431 from google.cloud import secretmanager_v1beta1
1433 def sample_list_secret_versions():
1434 # Create a client
1435 client = secretmanager_v1beta1.SecretManagerServiceClient()
1437 # Initialize request argument(s)
1438 request = secretmanager_v1beta1.ListSecretVersionsRequest(
1439 parent="parent_value",
1440 )
1442 # Make the request
1443 page_result = client.list_secret_versions(request=request)
1445 # Handle the response
1446 for response in page_result:
1447 print(response)
1449 Args:
1450 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]):
1451 The request object. Request message for
1452 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1453 parent (str):
1454 Required. The resource name of the
1455 [Secret][google.cloud.secrets.v1beta1.Secret] associated
1456 with the
1457 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1458 to list, in the format ``projects/*/secrets/*``.
1460 This corresponds to the ``parent`` field
1461 on the ``request`` instance; if ``request`` is provided, this
1462 should not be set.
1463 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1464 should be retried.
1465 timeout (float): The timeout for this request.
1466 metadata (Sequence[Tuple[str, str]]): Strings which should be
1467 sent along with the request as metadata.
1469 Returns:
1470 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsPager:
1471 Response message for
1472 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1474 Iterating over this object will yield results and
1475 resolve additional pages automatically.
1477 """
1478 # Create or coerce a protobuf request object.
1479 # - Quick check: If we got a request object, we should *not* have
1480 # gotten any keyword arguments that map to the request.
1481 has_flattened_params = any([parent])
1482 if request is not None and has_flattened_params:
1483 raise ValueError(
1484 "If the `request` argument is set, then none of "
1485 "the individual field arguments should be set."
1486 )
1488 # - Use the request object if provided (there's no risk of modifying the input as
1489 # there are no flattened fields), or create one.
1490 if not isinstance(request, service.ListSecretVersionsRequest):
1491 request = service.ListSecretVersionsRequest(request)
1492 # If we have keyword arguments corresponding to fields on the
1493 # request, apply these.
1494 if parent is not None:
1495 request.parent = parent
1497 # Wrap the RPC method; this adds retry and timeout information,
1498 # and friendly error handling.
1499 rpc = self._transport._wrapped_methods[self._transport.list_secret_versions]
1501 # Certain fields should be provided within the metadata header;
1502 # add these here.
1503 metadata = tuple(metadata) + (
1504 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1505 )
1507 # Validate the universe domain.
1508 self._validate_universe_domain()
1510 # Send the request.
1511 response = rpc(
1512 request,
1513 retry=retry,
1514 timeout=timeout,
1515 metadata=metadata,
1516 )
1518 # This method is paged; wrap the response in a pager, which provides
1519 # an `__iter__` convenience method.
1520 response = pagers.ListSecretVersionsPager(
1521 method=rpc,
1522 request=request,
1523 response=response,
1524 metadata=metadata,
1525 )
1527 # Done; return the response.
1528 return response
1530 def get_secret_version(
1531 self,
1532 request: Optional[Union[service.GetSecretVersionRequest, dict]] = None,
1533 *,
1534 name: Optional[str] = None,
1535 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1536 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1537 metadata: Sequence[Tuple[str, str]] = (),
1538 ) -> resources.SecretVersion:
1539 r"""Gets metadata for a
1540 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1542 ``projects/*/secrets/*/versions/latest`` is an alias to the
1543 ``latest``
1544 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1546 .. code-block:: python
1548 # This snippet has been automatically generated and should be regarded as a
1549 # code template only.
1550 # It will require modifications to work:
1551 # - It may require correct/in-range values for request initialization.
1552 # - It may require specifying regional endpoints when creating the service
1553 # client as shown in:
1554 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1555 from google.cloud import secretmanager_v1beta1
1557 def sample_get_secret_version():
1558 # Create a client
1559 client = secretmanager_v1beta1.SecretManagerServiceClient()
1561 # Initialize request argument(s)
1562 request = secretmanager_v1beta1.GetSecretVersionRequest(
1563 name="name_value",
1564 )
1566 # Make the request
1567 response = client.get_secret_version(request=request)
1569 # Handle the response
1570 print(response)
1572 Args:
1573 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]):
1574 The request object. Request message for
1575 [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion].
1576 name (str):
1577 Required. The resource name of the
1578 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1579 in the format ``projects/*/secrets/*/versions/*``.
1580 ``projects/*/secrets/*/versions/latest`` is an alias to
1581 the ``latest``
1582 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1584 This corresponds to the ``name`` field
1585 on the ``request`` instance; if ``request`` is provided, this
1586 should not be set.
1587 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1588 should be retried.
1589 timeout (float): The timeout for this request.
1590 metadata (Sequence[Tuple[str, str]]): Strings which should be
1591 sent along with the request as metadata.
1593 Returns:
1594 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1595 A secret version resource in the
1596 Secret Manager API.
1598 """
1599 # Create or coerce a protobuf request object.
1600 # - Quick check: If we got a request object, we should *not* have
1601 # gotten any keyword arguments that map to the request.
1602 has_flattened_params = any([name])
1603 if request is not None and has_flattened_params:
1604 raise ValueError(
1605 "If the `request` argument is set, then none of "
1606 "the individual field arguments should be set."
1607 )
1609 # - Use the request object if provided (there's no risk of modifying the input as
1610 # there are no flattened fields), or create one.
1611 if not isinstance(request, service.GetSecretVersionRequest):
1612 request = service.GetSecretVersionRequest(request)
1613 # If we have keyword arguments corresponding to fields on the
1614 # request, apply these.
1615 if name is not None:
1616 request.name = name
1618 # Wrap the RPC method; this adds retry and timeout information,
1619 # and friendly error handling.
1620 rpc = self._transport._wrapped_methods[self._transport.get_secret_version]
1622 # Certain fields should be provided within the metadata header;
1623 # add these here.
1624 metadata = tuple(metadata) + (
1625 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1626 )
1628 # Validate the universe domain.
1629 self._validate_universe_domain()
1631 # Send the request.
1632 response = rpc(
1633 request,
1634 retry=retry,
1635 timeout=timeout,
1636 metadata=metadata,
1637 )
1639 # Done; return the response.
1640 return response
1642 def access_secret_version(
1643 self,
1644 request: Optional[Union[service.AccessSecretVersionRequest, dict]] = None,
1645 *,
1646 name: Optional[str] = None,
1647 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1648 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1649 metadata: Sequence[Tuple[str, str]] = (),
1650 ) -> service.AccessSecretVersionResponse:
1651 r"""Accesses a
1652 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1653 This call returns the secret data.
1655 ``projects/*/secrets/*/versions/latest`` is an alias to the
1656 ``latest``
1657 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1659 .. code-block:: python
1661 # This snippet has been automatically generated and should be regarded as a
1662 # code template only.
1663 # It will require modifications to work:
1664 # - It may require correct/in-range values for request initialization.
1665 # - It may require specifying regional endpoints when creating the service
1666 # client as shown in:
1667 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1668 from google.cloud import secretmanager_v1beta1
1670 def sample_access_secret_version():
1671 # Create a client
1672 client = secretmanager_v1beta1.SecretManagerServiceClient()
1674 # Initialize request argument(s)
1675 request = secretmanager_v1beta1.AccessSecretVersionRequest(
1676 name="name_value",
1677 )
1679 # Make the request
1680 response = client.access_secret_version(request=request)
1682 # Handle the response
1683 print(response)
1685 Args:
1686 request (Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]):
1687 The request object. Request message for
1688 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1689 name (str):
1690 Required. The resource name of the
1691 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1692 in the format ``projects/*/secrets/*/versions/*``.
1694 This corresponds to the ``name`` field
1695 on the ``request`` instance; if ``request`` is provided, this
1696 should not be set.
1697 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1698 should be retried.
1699 timeout (float): The timeout for this request.
1700 metadata (Sequence[Tuple[str, str]]): Strings which should be
1701 sent along with the request as metadata.
1703 Returns:
1704 google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse:
1705 Response message for
1706 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1708 """
1709 # Create or coerce a protobuf request object.
1710 # - Quick check: If we got a request object, we should *not* have
1711 # gotten any keyword arguments that map to the request.
1712 has_flattened_params = any([name])
1713 if request is not None and has_flattened_params:
1714 raise ValueError(
1715 "If the `request` argument is set, then none of "
1716 "the individual field arguments should be set."
1717 )
1719 # - Use the request object if provided (there's no risk of modifying the input as
1720 # there are no flattened fields), or create one.
1721 if not isinstance(request, service.AccessSecretVersionRequest):
1722 request = service.AccessSecretVersionRequest(request)
1723 # If we have keyword arguments corresponding to fields on the
1724 # request, apply these.
1725 if name is not None:
1726 request.name = name
1728 # Wrap the RPC method; this adds retry and timeout information,
1729 # and friendly error handling.
1730 rpc = self._transport._wrapped_methods[self._transport.access_secret_version]
1732 # Certain fields should be provided within the metadata header;
1733 # add these here.
1734 metadata = tuple(metadata) + (
1735 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1736 )
1738 # Validate the universe domain.
1739 self._validate_universe_domain()
1741 # Send the request.
1742 response = rpc(
1743 request,
1744 retry=retry,
1745 timeout=timeout,
1746 metadata=metadata,
1747 )
1749 # Done; return the response.
1750 return response
1752 def disable_secret_version(
1753 self,
1754 request: Optional[Union[service.DisableSecretVersionRequest, dict]] = None,
1755 *,
1756 name: Optional[str] = None,
1757 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1758 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1759 metadata: Sequence[Tuple[str, str]] = (),
1760 ) -> resources.SecretVersion:
1761 r"""Disables a
1762 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1764 Sets the
1765 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1766 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1767 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
1769 .. code-block:: python
1771 # This snippet has been automatically generated and should be regarded as a
1772 # code template only.
1773 # It will require modifications to work:
1774 # - It may require correct/in-range values for request initialization.
1775 # - It may require specifying regional endpoints when creating the service
1776 # client as shown in:
1777 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1778 from google.cloud import secretmanager_v1beta1
1780 def sample_disable_secret_version():
1781 # Create a client
1782 client = secretmanager_v1beta1.SecretManagerServiceClient()
1784 # Initialize request argument(s)
1785 request = secretmanager_v1beta1.DisableSecretVersionRequest(
1786 name="name_value",
1787 )
1789 # Make the request
1790 response = client.disable_secret_version(request=request)
1792 # Handle the response
1793 print(response)
1795 Args:
1796 request (Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]):
1797 The request object. Request message for
1798 [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion].
1799 name (str):
1800 Required. The resource name of the
1801 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1802 to disable in the format
1803 ``projects/*/secrets/*/versions/*``.
1805 This corresponds to the ``name`` field
1806 on the ``request`` instance; if ``request`` is provided, this
1807 should not be set.
1808 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1809 should be retried.
1810 timeout (float): The timeout for this request.
1811 metadata (Sequence[Tuple[str, str]]): Strings which should be
1812 sent along with the request as metadata.
1814 Returns:
1815 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1816 A secret version resource in the
1817 Secret Manager API.
1819 """
1820 # Create or coerce a protobuf request object.
1821 # - Quick check: If we got a request object, we should *not* have
1822 # gotten any keyword arguments that map to the request.
1823 has_flattened_params = any([name])
1824 if request is not None and has_flattened_params:
1825 raise ValueError(
1826 "If the `request` argument is set, then none of "
1827 "the individual field arguments should be set."
1828 )
1830 # - Use the request object if provided (there's no risk of modifying the input as
1831 # there are no flattened fields), or create one.
1832 if not isinstance(request, service.DisableSecretVersionRequest):
1833 request = service.DisableSecretVersionRequest(request)
1834 # If we have keyword arguments corresponding to fields on the
1835 # request, apply these.
1836 if name is not None:
1837 request.name = name
1839 # Wrap the RPC method; this adds retry and timeout information,
1840 # and friendly error handling.
1841 rpc = self._transport._wrapped_methods[self._transport.disable_secret_version]
1843 # Certain fields should be provided within the metadata header;
1844 # add these here.
1845 metadata = tuple(metadata) + (
1846 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1847 )
1849 # Validate the universe domain.
1850 self._validate_universe_domain()
1852 # Send the request.
1853 response = rpc(
1854 request,
1855 retry=retry,
1856 timeout=timeout,
1857 metadata=metadata,
1858 )
1860 # Done; return the response.
1861 return response
1863 def enable_secret_version(
1864 self,
1865 request: Optional[Union[service.EnableSecretVersionRequest, dict]] = None,
1866 *,
1867 name: Optional[str] = None,
1868 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1869 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1870 metadata: Sequence[Tuple[str, str]] = (),
1871 ) -> resources.SecretVersion:
1872 r"""Enables a
1873 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1875 Sets the
1876 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1877 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1878 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
1880 .. code-block:: python
1882 # This snippet has been automatically generated and should be regarded as a
1883 # code template only.
1884 # It will require modifications to work:
1885 # - It may require correct/in-range values for request initialization.
1886 # - It may require specifying regional endpoints when creating the service
1887 # client as shown in:
1888 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1889 from google.cloud import secretmanager_v1beta1
1891 def sample_enable_secret_version():
1892 # Create a client
1893 client = secretmanager_v1beta1.SecretManagerServiceClient()
1895 # Initialize request argument(s)
1896 request = secretmanager_v1beta1.EnableSecretVersionRequest(
1897 name="name_value",
1898 )
1900 # Make the request
1901 response = client.enable_secret_version(request=request)
1903 # Handle the response
1904 print(response)
1906 Args:
1907 request (Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]):
1908 The request object. Request message for
1909 [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion].
1910 name (str):
1911 Required. The resource name of the
1912 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1913 to enable in the format
1914 ``projects/*/secrets/*/versions/*``.
1916 This corresponds to the ``name`` field
1917 on the ``request`` instance; if ``request`` is provided, this
1918 should not be set.
1919 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1920 should be retried.
1921 timeout (float): The timeout for this request.
1922 metadata (Sequence[Tuple[str, str]]): Strings which should be
1923 sent along with the request as metadata.
1925 Returns:
1926 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1927 A secret version resource in the
1928 Secret Manager API.
1930 """
1931 # Create or coerce a protobuf request object.
1932 # - Quick check: If we got a request object, we should *not* have
1933 # gotten any keyword arguments that map to the request.
1934 has_flattened_params = any([name])
1935 if request is not None and has_flattened_params:
1936 raise ValueError(
1937 "If the `request` argument is set, then none of "
1938 "the individual field arguments should be set."
1939 )
1941 # - Use the request object if provided (there's no risk of modifying the input as
1942 # there are no flattened fields), or create one.
1943 if not isinstance(request, service.EnableSecretVersionRequest):
1944 request = service.EnableSecretVersionRequest(request)
1945 # If we have keyword arguments corresponding to fields on the
1946 # request, apply these.
1947 if name is not None:
1948 request.name = name
1950 # Wrap the RPC method; this adds retry and timeout information,
1951 # and friendly error handling.
1952 rpc = self._transport._wrapped_methods[self._transport.enable_secret_version]
1954 # Certain fields should be provided within the metadata header;
1955 # add these here.
1956 metadata = tuple(metadata) + (
1957 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1958 )
1960 # Validate the universe domain.
1961 self._validate_universe_domain()
1963 # Send the request.
1964 response = rpc(
1965 request,
1966 retry=retry,
1967 timeout=timeout,
1968 metadata=metadata,
1969 )
1971 # Done; return the response.
1972 return response
1974 def destroy_secret_version(
1975 self,
1976 request: Optional[Union[service.DestroySecretVersionRequest, dict]] = None,
1977 *,
1978 name: Optional[str] = None,
1979 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1980 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1981 metadata: Sequence[Tuple[str, str]] = (),
1982 ) -> resources.SecretVersion:
1983 r"""Destroys a
1984 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1986 Sets the
1987 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1988 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1989 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
1990 and irrevocably destroys the secret data.
1992 .. code-block:: python
1994 # This snippet has been automatically generated and should be regarded as a
1995 # code template only.
1996 # It will require modifications to work:
1997 # - It may require correct/in-range values for request initialization.
1998 # - It may require specifying regional endpoints when creating the service
1999 # client as shown in:
2000 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2001 from google.cloud import secretmanager_v1beta1
2003 def sample_destroy_secret_version():
2004 # Create a client
2005 client = secretmanager_v1beta1.SecretManagerServiceClient()
2007 # Initialize request argument(s)
2008 request = secretmanager_v1beta1.DestroySecretVersionRequest(
2009 name="name_value",
2010 )
2012 # Make the request
2013 response = client.destroy_secret_version(request=request)
2015 # Handle the response
2016 print(response)
2018 Args:
2019 request (Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]):
2020 The request object. Request message for
2021 [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion].
2022 name (str):
2023 Required. The resource name of the
2024 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
2025 to destroy in the format
2026 ``projects/*/secrets/*/versions/*``.
2028 This corresponds to the ``name`` field
2029 on the ``request`` instance; if ``request`` is provided, this
2030 should not be set.
2031 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2032 should be retried.
2033 timeout (float): The timeout for this request.
2034 metadata (Sequence[Tuple[str, str]]): Strings which should be
2035 sent along with the request as metadata.
2037 Returns:
2038 google.cloud.secretmanager_v1beta1.types.SecretVersion:
2039 A secret version resource in the
2040 Secret Manager API.
2042 """
2043 # Create or coerce a protobuf request object.
2044 # - Quick check: If we got a request object, we should *not* have
2045 # gotten any keyword arguments that map to the request.
2046 has_flattened_params = any([name])
2047 if request is not None and has_flattened_params:
2048 raise ValueError(
2049 "If the `request` argument is set, then none of "
2050 "the individual field arguments should be set."
2051 )
2053 # - Use the request object if provided (there's no risk of modifying the input as
2054 # there are no flattened fields), or create one.
2055 if not isinstance(request, service.DestroySecretVersionRequest):
2056 request = service.DestroySecretVersionRequest(request)
2057 # If we have keyword arguments corresponding to fields on the
2058 # request, apply these.
2059 if name is not None:
2060 request.name = name
2062 # Wrap the RPC method; this adds retry and timeout information,
2063 # and friendly error handling.
2064 rpc = self._transport._wrapped_methods[self._transport.destroy_secret_version]
2066 # Certain fields should be provided within the metadata header;
2067 # add these here.
2068 metadata = tuple(metadata) + (
2069 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
2070 )
2072 # Validate the universe domain.
2073 self._validate_universe_domain()
2075 # Send the request.
2076 response = rpc(
2077 request,
2078 retry=retry,
2079 timeout=timeout,
2080 metadata=metadata,
2081 )
2083 # Done; return the response.
2084 return response
2086 def set_iam_policy(
2087 self,
2088 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None,
2089 *,
2090 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2091 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2092 metadata: Sequence[Tuple[str, str]] = (),
2093 ) -> policy_pb2.Policy:
2094 r"""Sets the access control policy on the specified secret. Replaces
2095 any existing policy.
2097 Permissions on
2098 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
2099 enforced according to the policy set on the associated
2100 [Secret][google.cloud.secrets.v1beta1.Secret].
2102 .. code-block:: python
2104 # This snippet has been automatically generated and should be regarded as a
2105 # code template only.
2106 # It will require modifications to work:
2107 # - It may require correct/in-range values for request initialization.
2108 # - It may require specifying regional endpoints when creating the service
2109 # client as shown in:
2110 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2111 from google.cloud import secretmanager_v1beta1
2112 from google.iam.v1 import iam_policy_pb2 # type: ignore
2114 def sample_set_iam_policy():
2115 # Create a client
2116 client = secretmanager_v1beta1.SecretManagerServiceClient()
2118 # Initialize request argument(s)
2119 request = iam_policy_pb2.SetIamPolicyRequest(
2120 resource="resource_value",
2121 )
2123 # Make the request
2124 response = client.set_iam_policy(request=request)
2126 # Handle the response
2127 print(response)
2129 Args:
2130 request (Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]):
2131 The request object. Request message for ``SetIamPolicy`` method.
2132 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2133 should be retried.
2134 timeout (float): The timeout for this request.
2135 metadata (Sequence[Tuple[str, str]]): Strings which should be
2136 sent along with the request as metadata.
2138 Returns:
2139 google.iam.v1.policy_pb2.Policy:
2140 An Identity and Access Management (IAM) policy, which specifies access
2141 controls for Google Cloud resources.
2143 A Policy is a collection of bindings. A binding binds
2144 one or more members, or principals, to a single role.
2145 Principals can be user accounts, service accounts,
2146 Google groups, and domains (such as G Suite). A role
2147 is a named list of permissions; each role can be an
2148 IAM predefined role or a user-created custom role.
2150 For some types of Google Cloud resources, a binding
2151 can also specify a condition, which is a logical
2152 expression that allows access to a resource only if
2153 the expression evaluates to true. A condition can add
2154 constraints based on attributes of the request, the
2155 resource, or both. To learn which resources support
2156 conditions in their IAM policies, see the [IAM
2157 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
2159 **JSON example:**
2161 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
2163 **YAML example:**
2165 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
2167 For a description of IAM and its features, see the
2168 [IAM
2169 documentation](\ https://cloud.google.com/iam/docs/).
2171 """
2172 # Create or coerce a protobuf request object.
2173 if isinstance(request, dict):
2174 # - The request isn't a proto-plus wrapped type,
2175 # so it must be constructed via keyword expansion.
2176 request = iam_policy_pb2.SetIamPolicyRequest(**request)
2177 elif not request:
2178 # Null request, just make one.
2179 request = iam_policy_pb2.SetIamPolicyRequest()
2181 # Wrap the RPC method; this adds retry and timeout information,
2182 # and friendly error handling.
2183 rpc = self._transport._wrapped_methods[self._transport.set_iam_policy]
2185 # Certain fields should be provided within the metadata header;
2186 # add these here.
2187 metadata = tuple(metadata) + (
2188 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2189 )
2191 # Validate the universe domain.
2192 self._validate_universe_domain()
2194 # Send the request.
2195 response = rpc(
2196 request,
2197 retry=retry,
2198 timeout=timeout,
2199 metadata=metadata,
2200 )
2202 # Done; return the response.
2203 return response
2205 def get_iam_policy(
2206 self,
2207 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None,
2208 *,
2209 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2210 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2211 metadata: Sequence[Tuple[str, str]] = (),
2212 ) -> policy_pb2.Policy:
2213 r"""Gets the access control policy for a secret.
2214 Returns empty policy if the secret exists and does not
2215 have a policy set.
2217 .. code-block:: python
2219 # This snippet has been automatically generated and should be regarded as a
2220 # code template only.
2221 # It will require modifications to work:
2222 # - It may require correct/in-range values for request initialization.
2223 # - It may require specifying regional endpoints when creating the service
2224 # client as shown in:
2225 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2226 from google.cloud import secretmanager_v1beta1
2227 from google.iam.v1 import iam_policy_pb2 # type: ignore
2229 def sample_get_iam_policy():
2230 # Create a client
2231 client = secretmanager_v1beta1.SecretManagerServiceClient()
2233 # Initialize request argument(s)
2234 request = iam_policy_pb2.GetIamPolicyRequest(
2235 resource="resource_value",
2236 )
2238 # Make the request
2239 response = client.get_iam_policy(request=request)
2241 # Handle the response
2242 print(response)
2244 Args:
2245 request (Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]):
2246 The request object. Request message for ``GetIamPolicy`` method.
2247 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2248 should be retried.
2249 timeout (float): The timeout for this request.
2250 metadata (Sequence[Tuple[str, str]]): Strings which should be
2251 sent along with the request as metadata.
2253 Returns:
2254 google.iam.v1.policy_pb2.Policy:
2255 An Identity and Access Management (IAM) policy, which specifies access
2256 controls for Google Cloud resources.
2258 A Policy is a collection of bindings. A binding binds
2259 one or more members, or principals, to a single role.
2260 Principals can be user accounts, service accounts,
2261 Google groups, and domains (such as G Suite). A role
2262 is a named list of permissions; each role can be an
2263 IAM predefined role or a user-created custom role.
2265 For some types of Google Cloud resources, a binding
2266 can also specify a condition, which is a logical
2267 expression that allows access to a resource only if
2268 the expression evaluates to true. A condition can add
2269 constraints based on attributes of the request, the
2270 resource, or both. To learn which resources support
2271 conditions in their IAM policies, see the [IAM
2272 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
2274 **JSON example:**
2276 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
2278 **YAML example:**
2280 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
2282 For a description of IAM and its features, see the
2283 [IAM
2284 documentation](\ https://cloud.google.com/iam/docs/).
2286 """
2287 # Create or coerce a protobuf request object.
2288 if isinstance(request, dict):
2289 # - The request isn't a proto-plus wrapped type,
2290 # so it must be constructed via keyword expansion.
2291 request = iam_policy_pb2.GetIamPolicyRequest(**request)
2292 elif not request:
2293 # Null request, just make one.
2294 request = iam_policy_pb2.GetIamPolicyRequest()
2296 # Wrap the RPC method; this adds retry and timeout information,
2297 # and friendly error handling.
2298 rpc = self._transport._wrapped_methods[self._transport.get_iam_policy]
2300 # Certain fields should be provided within the metadata header;
2301 # add these here.
2302 metadata = tuple(metadata) + (
2303 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2304 )
2306 # Validate the universe domain.
2307 self._validate_universe_domain()
2309 # Send the request.
2310 response = rpc(
2311 request,
2312 retry=retry,
2313 timeout=timeout,
2314 metadata=metadata,
2315 )
2317 # Done; return the response.
2318 return response
2320 def test_iam_permissions(
2321 self,
2322 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None,
2323 *,
2324 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2325 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2326 metadata: Sequence[Tuple[str, str]] = (),
2327 ) -> iam_policy_pb2.TestIamPermissionsResponse:
2328 r"""Returns permissions that a caller has for the specified secret.
2329 If the secret does not exist, this call returns an empty set of
2330 permissions, not a NOT_FOUND error.
2332 Note: This operation is designed to be used for building
2333 permission-aware UIs and command-line tools, not for
2334 authorization checking. This operation may "fail open" without
2335 warning.
2337 .. code-block:: python
2339 # This snippet has been automatically generated and should be regarded as a
2340 # code template only.
2341 # It will require modifications to work:
2342 # - It may require correct/in-range values for request initialization.
2343 # - It may require specifying regional endpoints when creating the service
2344 # client as shown in:
2345 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2346 from google.cloud import secretmanager_v1beta1
2347 from google.iam.v1 import iam_policy_pb2 # type: ignore
2349 def sample_test_iam_permissions():
2350 # Create a client
2351 client = secretmanager_v1beta1.SecretManagerServiceClient()
2353 # Initialize request argument(s)
2354 request = iam_policy_pb2.TestIamPermissionsRequest(
2355 resource="resource_value",
2356 permissions=['permissions_value1', 'permissions_value2'],
2357 )
2359 # Make the request
2360 response = client.test_iam_permissions(request=request)
2362 # Handle the response
2363 print(response)
2365 Args:
2366 request (Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]):
2367 The request object. Request message for ``TestIamPermissions`` method.
2368 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2369 should be retried.
2370 timeout (float): The timeout for this request.
2371 metadata (Sequence[Tuple[str, str]]): Strings which should be
2372 sent along with the request as metadata.
2374 Returns:
2375 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
2376 Response message for TestIamPermissions method.
2377 """
2378 # Create or coerce a protobuf request object.
2379 if isinstance(request, dict):
2380 # - The request isn't a proto-plus wrapped type,
2381 # so it must be constructed via keyword expansion.
2382 request = iam_policy_pb2.TestIamPermissionsRequest(**request)
2383 elif not request:
2384 # Null request, just make one.
2385 request = iam_policy_pb2.TestIamPermissionsRequest()
2387 # Wrap the RPC method; this adds retry and timeout information,
2388 # and friendly error handling.
2389 rpc = self._transport._wrapped_methods[self._transport.test_iam_permissions]
2391 # Certain fields should be provided within the metadata header;
2392 # add these here.
2393 metadata = tuple(metadata) + (
2394 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2395 )
2397 # Validate the universe domain.
2398 self._validate_universe_domain()
2400 # Send the request.
2401 response = rpc(
2402 request,
2403 retry=retry,
2404 timeout=timeout,
2405 metadata=metadata,
2406 )
2408 # Done; return the response.
2409 return response
2411 def __enter__(self) -> "SecretManagerServiceClient":
2412 return self
2414 def __exit__(self, type, value, traceback):
2415 """Releases underlying transport's resources.
2417 .. warning::
2418 ONLY use as a context manager if the transport is NOT shared
2419 with other clients! Exiting the with block will CLOSE the transport
2420 and may cause errors in other clients!
2421 """
2422 self.transport.close()
2425DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
2426 gapic_version=package_version.__version__
2427)
2430__all__ = ("SecretManagerServiceClient",)