Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
17import warnings
19from google.api_core import exceptions as core_exceptions
20from google.api_core import gapic_v1, grpc_helpers_async
21from google.api_core import retry_async as retries
22from google.auth import credentials as ga_credentials # type: ignore
23from google.auth.transport.grpc import SslCredentials # type: ignore
24from google.iam.v1 import iam_policy_pb2 # type: ignore
25from google.iam.v1 import policy_pb2 # type: ignore
26from google.protobuf import empty_pb2 # type: ignore
27import grpc # type: ignore
28from grpc.experimental import aio # type: ignore
30from google.cloud.secretmanager_v1beta1.types import resources, service
32from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
33from .grpc import SecretManagerServiceGrpcTransport
36class SecretManagerServiceGrpcAsyncIOTransport(SecretManagerServiceTransport):
37 """gRPC AsyncIO backend transport for SecretManagerService.
39 Secret Manager Service
41 Manages secrets and operations using those secrets. Implements a
42 REST model with the following objects:
44 - [Secret][google.cloud.secrets.v1beta1.Secret]
45 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
47 This class defines the same methods as the primary client, so the
48 primary client can load the underlying transport implementation
49 and call it.
51 It sends protocol buffers over the wire using gRPC (which is built on
52 top of HTTP/2); the ``grpcio`` package must be installed.
53 """
55 _grpc_channel: aio.Channel
56 _stubs: Dict[str, Callable] = {}
58 @classmethod
59 def create_channel(
60 cls,
61 host: str = "secretmanager.googleapis.com",
62 credentials: Optional[ga_credentials.Credentials] = None,
63 credentials_file: Optional[str] = None,
64 scopes: Optional[Sequence[str]] = None,
65 quota_project_id: Optional[str] = None,
66 **kwargs,
67 ) -> aio.Channel:
68 """Create and return a gRPC AsyncIO channel object.
69 Args:
70 host (Optional[str]): The host for the channel to use.
71 credentials (Optional[~.Credentials]): The
72 authorization credentials to attach to requests. These
73 credentials identify this application to the service. If
74 none are specified, the client will attempt to ascertain
75 the credentials from the environment.
76 credentials_file (Optional[str]): A file with credentials that can
77 be loaded with :func:`google.auth.load_credentials_from_file`.
78 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
79 service. These are only used when credentials are not specified and
80 are passed to :func:`google.auth.default`.
81 quota_project_id (Optional[str]): An optional project to use for billing
82 and quota.
83 kwargs (Optional[dict]): Keyword arguments, which are passed to the
84 channel creation.
85 Returns:
86 aio.Channel: A gRPC AsyncIO channel object.
87 """
89 return grpc_helpers_async.create_channel(
90 host,
91 credentials=credentials,
92 credentials_file=credentials_file,
93 quota_project_id=quota_project_id,
94 default_scopes=cls.AUTH_SCOPES,
95 scopes=scopes,
96 default_host=cls.DEFAULT_HOST,
97 **kwargs,
98 )
100 def __init__(
101 self,
102 *,
103 host: str = "secretmanager.googleapis.com",
104 credentials: Optional[ga_credentials.Credentials] = None,
105 credentials_file: Optional[str] = None,
106 scopes: Optional[Sequence[str]] = None,
107 channel: Optional[Union[aio.Channel, Callable[..., aio.Channel]]] = None,
108 api_mtls_endpoint: Optional[str] = None,
109 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
110 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
111 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
112 quota_project_id: Optional[str] = None,
113 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
114 always_use_jwt_access: Optional[bool] = False,
115 api_audience: Optional[str] = None,
116 ) -> None:
117 """Instantiate the transport.
119 Args:
120 host (Optional[str]):
121 The hostname to connect to (default: 'secretmanager.googleapis.com').
122 credentials (Optional[google.auth.credentials.Credentials]): The
123 authorization credentials to attach to requests. These
124 credentials identify the application to the service; if none
125 are specified, the client will attempt to ascertain the
126 credentials from the environment.
127 This argument is ignored if a ``channel`` instance is provided.
128 credentials_file (Optional[str]): A file with credentials that can
129 be loaded with :func:`google.auth.load_credentials_from_file`.
130 This argument is ignored if a ``channel`` instance is provided.
131 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
132 service. These are only used when credentials are not specified and
133 are passed to :func:`google.auth.default`.
134 channel (Optional[Union[aio.Channel, Callable[..., aio.Channel]]]):
135 A ``Channel`` instance through which to make calls, or a Callable
136 that constructs and returns one. If set to None, ``self.create_channel``
137 is used to create the channel. If a Callable is given, it will be called
138 with the same arguments as used in ``self.create_channel``.
139 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
140 If provided, it overrides the ``host`` argument and tries to create
141 a mutual TLS channel with client SSL credentials from
142 ``client_cert_source`` or application default SSL credentials.
143 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
144 Deprecated. A callback to provide client SSL certificate bytes and
145 private key bytes, both in PEM format. It is ignored if
146 ``api_mtls_endpoint`` is None.
147 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
148 for the grpc channel. It is ignored if a ``channel`` instance is provided.
149 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
150 A callback to provide client certificate bytes and private key bytes,
151 both in PEM format. It is used to configure a mutual TLS channel. It is
152 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
153 quota_project_id (Optional[str]): An optional project to use for billing
154 and quota.
155 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
156 The client info used to send a user-agent string along with
157 API requests. If ``None``, then default info will be used.
158 Generally, you only need to set this if you're developing
159 your own client library.
160 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
161 be used for service account credentials.
163 Raises:
164 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
165 creation failed for any reason.
166 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
167 and ``credentials_file`` are passed.
168 """
169 self._grpc_channel = None
170 self._ssl_channel_credentials = ssl_channel_credentials
171 self._stubs: Dict[str, Callable] = {}
173 if api_mtls_endpoint:
174 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
175 if client_cert_source:
176 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
178 if isinstance(channel, aio.Channel):
179 # Ignore credentials if a channel was passed.
180 credentials = False
181 # If a channel was explicitly provided, set it.
182 self._grpc_channel = channel
183 self._ssl_channel_credentials = None
184 else:
185 if api_mtls_endpoint:
186 host = api_mtls_endpoint
188 # Create SSL credentials with client_cert_source or application
189 # default SSL credentials.
190 if client_cert_source:
191 cert, key = client_cert_source()
192 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
193 certificate_chain=cert, private_key=key
194 )
195 else:
196 self._ssl_channel_credentials = SslCredentials().ssl_credentials
198 else:
199 if client_cert_source_for_mtls and not ssl_channel_credentials:
200 cert, key = client_cert_source_for_mtls()
201 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
202 certificate_chain=cert, private_key=key
203 )
205 # The base transport sets the host, credentials and scopes
206 super().__init__(
207 host=host,
208 credentials=credentials,
209 credentials_file=credentials_file,
210 scopes=scopes,
211 quota_project_id=quota_project_id,
212 client_info=client_info,
213 always_use_jwt_access=always_use_jwt_access,
214 api_audience=api_audience,
215 )
217 if not self._grpc_channel:
218 # initialize with the provided callable or the default channel
219 channel_init = channel or type(self).create_channel
220 self._grpc_channel = channel_init(
221 self._host,
222 # use the credentials which are saved
223 credentials=self._credentials,
224 # Set ``credentials_file`` to ``None`` here as
225 # the credentials that we saved earlier should be used.
226 credentials_file=None,
227 scopes=self._scopes,
228 ssl_credentials=self._ssl_channel_credentials,
229 quota_project_id=quota_project_id,
230 options=[
231 ("grpc.max_send_message_length", -1),
232 ("grpc.max_receive_message_length", -1),
233 ],
234 )
236 # Wrap messages. This must be done after self._grpc_channel exists
237 self._prep_wrapped_messages(client_info)
239 @property
240 def grpc_channel(self) -> aio.Channel:
241 """Create the channel designed to connect to this service.
243 This property caches on the instance; repeated calls return
244 the same channel.
245 """
246 # Return the channel from cache.
247 return self._grpc_channel
249 @property
250 def list_secrets(
251 self,
252 ) -> Callable[[service.ListSecretsRequest], Awaitable[service.ListSecretsResponse]]:
253 r"""Return a callable for the list secrets method over gRPC.
255 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
257 Returns:
258 Callable[[~.ListSecretsRequest],
259 Awaitable[~.ListSecretsResponse]]:
260 A function that, when called, will call the underlying RPC
261 on the server.
262 """
263 # Generate a "stub function" on-the-fly which will actually make
264 # the request.
265 # gRPC handles serialization and deserialization, so we just need
266 # to pass in the functions for each.
267 if "list_secrets" not in self._stubs:
268 self._stubs["list_secrets"] = self.grpc_channel.unary_unary(
269 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
270 request_serializer=service.ListSecretsRequest.serialize,
271 response_deserializer=service.ListSecretsResponse.deserialize,
272 )
273 return self._stubs["list_secrets"]
275 @property
276 def create_secret(
277 self,
278 ) -> Callable[[service.CreateSecretRequest], Awaitable[resources.Secret]]:
279 r"""Return a callable for the create secret method over gRPC.
281 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
282 containing no
283 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
285 Returns:
286 Callable[[~.CreateSecretRequest],
287 Awaitable[~.Secret]]:
288 A function that, when called, will call the underlying RPC
289 on the server.
290 """
291 # Generate a "stub function" on-the-fly which will actually make
292 # the request.
293 # gRPC handles serialization and deserialization, so we just need
294 # to pass in the functions for each.
295 if "create_secret" not in self._stubs:
296 self._stubs["create_secret"] = self.grpc_channel.unary_unary(
297 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
298 request_serializer=service.CreateSecretRequest.serialize,
299 response_deserializer=resources.Secret.deserialize,
300 )
301 return self._stubs["create_secret"]
303 @property
304 def add_secret_version(
305 self,
306 ) -> Callable[
307 [service.AddSecretVersionRequest], Awaitable[resources.SecretVersion]
308 ]:
309 r"""Return a callable for the add secret version method over gRPC.
311 Creates a new
312 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
313 containing secret data and attaches it to an existing
314 [Secret][google.cloud.secrets.v1beta1.Secret].
316 Returns:
317 Callable[[~.AddSecretVersionRequest],
318 Awaitable[~.SecretVersion]]:
319 A function that, when called, will call the underlying RPC
320 on the server.
321 """
322 # Generate a "stub function" on-the-fly which will actually make
323 # the request.
324 # gRPC handles serialization and deserialization, so we just need
325 # to pass in the functions for each.
326 if "add_secret_version" not in self._stubs:
327 self._stubs["add_secret_version"] = self.grpc_channel.unary_unary(
328 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
329 request_serializer=service.AddSecretVersionRequest.serialize,
330 response_deserializer=resources.SecretVersion.deserialize,
331 )
332 return self._stubs["add_secret_version"]
334 @property
335 def get_secret(
336 self,
337 ) -> Callable[[service.GetSecretRequest], Awaitable[resources.Secret]]:
338 r"""Return a callable for the get secret method over gRPC.
340 Gets metadata for a given
341 [Secret][google.cloud.secrets.v1beta1.Secret].
343 Returns:
344 Callable[[~.GetSecretRequest],
345 Awaitable[~.Secret]]:
346 A function that, when called, will call the underlying RPC
347 on the server.
348 """
349 # Generate a "stub function" on-the-fly which will actually make
350 # the request.
351 # gRPC handles serialization and deserialization, so we just need
352 # to pass in the functions for each.
353 if "get_secret" not in self._stubs:
354 self._stubs["get_secret"] = self.grpc_channel.unary_unary(
355 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
356 request_serializer=service.GetSecretRequest.serialize,
357 response_deserializer=resources.Secret.deserialize,
358 )
359 return self._stubs["get_secret"]
361 @property
362 def update_secret(
363 self,
364 ) -> Callable[[service.UpdateSecretRequest], Awaitable[resources.Secret]]:
365 r"""Return a callable for the update secret method over gRPC.
367 Updates metadata of an existing
368 [Secret][google.cloud.secrets.v1beta1.Secret].
370 Returns:
371 Callable[[~.UpdateSecretRequest],
372 Awaitable[~.Secret]]:
373 A function that, when called, will call the underlying RPC
374 on the server.
375 """
376 # Generate a "stub function" on-the-fly which will actually make
377 # the request.
378 # gRPC handles serialization and deserialization, so we just need
379 # to pass in the functions for each.
380 if "update_secret" not in self._stubs:
381 self._stubs["update_secret"] = self.grpc_channel.unary_unary(
382 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
383 request_serializer=service.UpdateSecretRequest.serialize,
384 response_deserializer=resources.Secret.deserialize,
385 )
386 return self._stubs["update_secret"]
388 @property
389 def delete_secret(
390 self,
391 ) -> Callable[[service.DeleteSecretRequest], Awaitable[empty_pb2.Empty]]:
392 r"""Return a callable for the delete secret method over gRPC.
394 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
396 Returns:
397 Callable[[~.DeleteSecretRequest],
398 Awaitable[~.Empty]]:
399 A function that, when called, will call the underlying RPC
400 on the server.
401 """
402 # Generate a "stub function" on-the-fly which will actually make
403 # the request.
404 # gRPC handles serialization and deserialization, so we just need
405 # to pass in the functions for each.
406 if "delete_secret" not in self._stubs:
407 self._stubs["delete_secret"] = self.grpc_channel.unary_unary(
408 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
409 request_serializer=service.DeleteSecretRequest.serialize,
410 response_deserializer=empty_pb2.Empty.FromString,
411 )
412 return self._stubs["delete_secret"]
414 @property
415 def list_secret_versions(
416 self,
417 ) -> Callable[
418 [service.ListSecretVersionsRequest],
419 Awaitable[service.ListSecretVersionsResponse],
420 ]:
421 r"""Return a callable for the list secret versions method over gRPC.
423 Lists
424 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
425 This call does not return secret data.
427 Returns:
428 Callable[[~.ListSecretVersionsRequest],
429 Awaitable[~.ListSecretVersionsResponse]]:
430 A function that, when called, will call the underlying RPC
431 on the server.
432 """
433 # Generate a "stub function" on-the-fly which will actually make
434 # the request.
435 # gRPC handles serialization and deserialization, so we just need
436 # to pass in the functions for each.
437 if "list_secret_versions" not in self._stubs:
438 self._stubs["list_secret_versions"] = self.grpc_channel.unary_unary(
439 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
440 request_serializer=service.ListSecretVersionsRequest.serialize,
441 response_deserializer=service.ListSecretVersionsResponse.deserialize,
442 )
443 return self._stubs["list_secret_versions"]
445 @property
446 def get_secret_version(
447 self,
448 ) -> Callable[
449 [service.GetSecretVersionRequest], Awaitable[resources.SecretVersion]
450 ]:
451 r"""Return a callable for the get secret version method over gRPC.
453 Gets metadata for a
454 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
456 ``projects/*/secrets/*/versions/latest`` is an alias to the
457 ``latest``
458 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
460 Returns:
461 Callable[[~.GetSecretVersionRequest],
462 Awaitable[~.SecretVersion]]:
463 A function that, when called, will call the underlying RPC
464 on the server.
465 """
466 # Generate a "stub function" on-the-fly which will actually make
467 # the request.
468 # gRPC handles serialization and deserialization, so we just need
469 # to pass in the functions for each.
470 if "get_secret_version" not in self._stubs:
471 self._stubs["get_secret_version"] = self.grpc_channel.unary_unary(
472 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
473 request_serializer=service.GetSecretVersionRequest.serialize,
474 response_deserializer=resources.SecretVersion.deserialize,
475 )
476 return self._stubs["get_secret_version"]
478 @property
479 def access_secret_version(
480 self,
481 ) -> Callable[
482 [service.AccessSecretVersionRequest],
483 Awaitable[service.AccessSecretVersionResponse],
484 ]:
485 r"""Return a callable for the access secret version method over gRPC.
487 Accesses a
488 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
489 This call returns the secret data.
491 ``projects/*/secrets/*/versions/latest`` is an alias to the
492 ``latest``
493 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
495 Returns:
496 Callable[[~.AccessSecretVersionRequest],
497 Awaitable[~.AccessSecretVersionResponse]]:
498 A function that, when called, will call the underlying RPC
499 on the server.
500 """
501 # Generate a "stub function" on-the-fly which will actually make
502 # the request.
503 # gRPC handles serialization and deserialization, so we just need
504 # to pass in the functions for each.
505 if "access_secret_version" not in self._stubs:
506 self._stubs["access_secret_version"] = self.grpc_channel.unary_unary(
507 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
508 request_serializer=service.AccessSecretVersionRequest.serialize,
509 response_deserializer=service.AccessSecretVersionResponse.deserialize,
510 )
511 return self._stubs["access_secret_version"]
513 @property
514 def disable_secret_version(
515 self,
516 ) -> Callable[
517 [service.DisableSecretVersionRequest], Awaitable[resources.SecretVersion]
518 ]:
519 r"""Return a callable for the disable secret version method over gRPC.
521 Disables a
522 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
524 Sets the
525 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
526 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
527 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
529 Returns:
530 Callable[[~.DisableSecretVersionRequest],
531 Awaitable[~.SecretVersion]]:
532 A function that, when called, will call the underlying RPC
533 on the server.
534 """
535 # Generate a "stub function" on-the-fly which will actually make
536 # the request.
537 # gRPC handles serialization and deserialization, so we just need
538 # to pass in the functions for each.
539 if "disable_secret_version" not in self._stubs:
540 self._stubs["disable_secret_version"] = self.grpc_channel.unary_unary(
541 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
542 request_serializer=service.DisableSecretVersionRequest.serialize,
543 response_deserializer=resources.SecretVersion.deserialize,
544 )
545 return self._stubs["disable_secret_version"]
547 @property
548 def enable_secret_version(
549 self,
550 ) -> Callable[
551 [service.EnableSecretVersionRequest], Awaitable[resources.SecretVersion]
552 ]:
553 r"""Return a callable for the enable secret version method over gRPC.
555 Enables a
556 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
558 Sets the
559 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
560 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
561 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
563 Returns:
564 Callable[[~.EnableSecretVersionRequest],
565 Awaitable[~.SecretVersion]]:
566 A function that, when called, will call the underlying RPC
567 on the server.
568 """
569 # Generate a "stub function" on-the-fly which will actually make
570 # the request.
571 # gRPC handles serialization and deserialization, so we just need
572 # to pass in the functions for each.
573 if "enable_secret_version" not in self._stubs:
574 self._stubs["enable_secret_version"] = self.grpc_channel.unary_unary(
575 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
576 request_serializer=service.EnableSecretVersionRequest.serialize,
577 response_deserializer=resources.SecretVersion.deserialize,
578 )
579 return self._stubs["enable_secret_version"]
581 @property
582 def destroy_secret_version(
583 self,
584 ) -> Callable[
585 [service.DestroySecretVersionRequest], Awaitable[resources.SecretVersion]
586 ]:
587 r"""Return a callable for the destroy secret version method over gRPC.
589 Destroys a
590 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
592 Sets the
593 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
594 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
595 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
596 and irrevocably destroys the secret data.
598 Returns:
599 Callable[[~.DestroySecretVersionRequest],
600 Awaitable[~.SecretVersion]]:
601 A function that, when called, will call the underlying RPC
602 on the server.
603 """
604 # Generate a "stub function" on-the-fly which will actually make
605 # the request.
606 # gRPC handles serialization and deserialization, so we just need
607 # to pass in the functions for each.
608 if "destroy_secret_version" not in self._stubs:
609 self._stubs["destroy_secret_version"] = self.grpc_channel.unary_unary(
610 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
611 request_serializer=service.DestroySecretVersionRequest.serialize,
612 response_deserializer=resources.SecretVersion.deserialize,
613 )
614 return self._stubs["destroy_secret_version"]
616 @property
617 def set_iam_policy(
618 self,
619 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
620 r"""Return a callable for the set iam policy method over gRPC.
622 Sets the access control policy on the specified secret. Replaces
623 any existing policy.
625 Permissions on
626 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
627 enforced according to the policy set on the associated
628 [Secret][google.cloud.secrets.v1beta1.Secret].
630 Returns:
631 Callable[[~.SetIamPolicyRequest],
632 Awaitable[~.Policy]]:
633 A function that, when called, will call the underlying RPC
634 on the server.
635 """
636 # Generate a "stub function" on-the-fly which will actually make
637 # the request.
638 # gRPC handles serialization and deserialization, so we just need
639 # to pass in the functions for each.
640 if "set_iam_policy" not in self._stubs:
641 self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary(
642 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
643 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
644 response_deserializer=policy_pb2.Policy.FromString,
645 )
646 return self._stubs["set_iam_policy"]
648 @property
649 def get_iam_policy(
650 self,
651 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
652 r"""Return a callable for the get iam policy method over gRPC.
654 Gets the access control policy for a secret.
655 Returns empty policy if the secret exists and does not
656 have a policy set.
658 Returns:
659 Callable[[~.GetIamPolicyRequest],
660 Awaitable[~.Policy]]:
661 A function that, when called, will call the underlying RPC
662 on the server.
663 """
664 # Generate a "stub function" on-the-fly which will actually make
665 # the request.
666 # gRPC handles serialization and deserialization, so we just need
667 # to pass in the functions for each.
668 if "get_iam_policy" not in self._stubs:
669 self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary(
670 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
671 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
672 response_deserializer=policy_pb2.Policy.FromString,
673 )
674 return self._stubs["get_iam_policy"]
676 @property
677 def test_iam_permissions(
678 self,
679 ) -> Callable[
680 [iam_policy_pb2.TestIamPermissionsRequest],
681 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
682 ]:
683 r"""Return a callable for the test iam permissions method over gRPC.
685 Returns permissions that a caller has for the specified secret.
686 If the secret does not exist, this call returns an empty set of
687 permissions, not a NOT_FOUND error.
689 Note: This operation is designed to be used for building
690 permission-aware UIs and command-line tools, not for
691 authorization checking. This operation may "fail open" without
692 warning.
694 Returns:
695 Callable[[~.TestIamPermissionsRequest],
696 Awaitable[~.TestIamPermissionsResponse]]:
697 A function that, when called, will call the underlying RPC
698 on the server.
699 """
700 # Generate a "stub function" on-the-fly which will actually make
701 # the request.
702 # gRPC handles serialization and deserialization, so we just need
703 # to pass in the functions for each.
704 if "test_iam_permissions" not in self._stubs:
705 self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary(
706 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
707 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
708 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
709 )
710 return self._stubs["test_iam_permissions"]
712 def _prep_wrapped_messages(self, client_info):
713 """Precompute the wrapped methods, overriding the base class method to use async wrappers."""
714 self._wrapped_methods = {
715 self.list_secrets: gapic_v1.method_async.wrap_method(
716 self.list_secrets,
717 default_timeout=60.0,
718 client_info=client_info,
719 ),
720 self.create_secret: gapic_v1.method_async.wrap_method(
721 self.create_secret,
722 default_timeout=60.0,
723 client_info=client_info,
724 ),
725 self.add_secret_version: gapic_v1.method_async.wrap_method(
726 self.add_secret_version,
727 default_timeout=60.0,
728 client_info=client_info,
729 ),
730 self.get_secret: gapic_v1.method_async.wrap_method(
731 self.get_secret,
732 default_timeout=60.0,
733 client_info=client_info,
734 ),
735 self.update_secret: gapic_v1.method_async.wrap_method(
736 self.update_secret,
737 default_timeout=60.0,
738 client_info=client_info,
739 ),
740 self.delete_secret: gapic_v1.method_async.wrap_method(
741 self.delete_secret,
742 default_timeout=60.0,
743 client_info=client_info,
744 ),
745 self.list_secret_versions: gapic_v1.method_async.wrap_method(
746 self.list_secret_versions,
747 default_timeout=60.0,
748 client_info=client_info,
749 ),
750 self.get_secret_version: gapic_v1.method_async.wrap_method(
751 self.get_secret_version,
752 default_timeout=60.0,
753 client_info=client_info,
754 ),
755 self.access_secret_version: gapic_v1.method_async.wrap_method(
756 self.access_secret_version,
757 default_retry=retries.AsyncRetry(
758 initial=1.0,
759 maximum=60.0,
760 multiplier=1.3,
761 predicate=retries.if_exception_type(
762 core_exceptions.ServiceUnavailable,
763 core_exceptions.Unknown,
764 ),
765 deadline=60.0,
766 ),
767 default_timeout=60.0,
768 client_info=client_info,
769 ),
770 self.disable_secret_version: gapic_v1.method_async.wrap_method(
771 self.disable_secret_version,
772 default_timeout=60.0,
773 client_info=client_info,
774 ),
775 self.enable_secret_version: gapic_v1.method_async.wrap_method(
776 self.enable_secret_version,
777 default_timeout=60.0,
778 client_info=client_info,
779 ),
780 self.destroy_secret_version: gapic_v1.method_async.wrap_method(
781 self.destroy_secret_version,
782 default_timeout=60.0,
783 client_info=client_info,
784 ),
785 self.set_iam_policy: gapic_v1.method_async.wrap_method(
786 self.set_iam_policy,
787 default_timeout=60.0,
788 client_info=client_info,
789 ),
790 self.get_iam_policy: gapic_v1.method_async.wrap_method(
791 self.get_iam_policy,
792 default_timeout=60.0,
793 client_info=client_info,
794 ),
795 self.test_iam_permissions: gapic_v1.method_async.wrap_method(
796 self.test_iam_permissions,
797 default_timeout=60.0,
798 client_info=client_info,
799 ),
800 }
802 def close(self):
803 return self.grpc_channel.close()
806__all__ = ("SecretManagerServiceGrpcAsyncIOTransport",)