Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from typing import Callable, Dict, Optional, Sequence, Tuple, Union
17import warnings
19from google.api_core import gapic_v1, grpc_helpers
20import google.auth # type: ignore
21from google.auth import credentials as ga_credentials # type: ignore
22from google.auth.transport.grpc import SslCredentials # type: ignore
23from google.iam.v1 import iam_policy_pb2 # type: ignore
24from google.iam.v1 import policy_pb2 # type: ignore
25from google.protobuf import empty_pb2 # type: ignore
26import grpc # type: ignore
28from google.cloud.secretmanager_v1beta1.types import resources, service
30from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
33class SecretManagerServiceGrpcTransport(SecretManagerServiceTransport):
34 """gRPC backend transport for SecretManagerService.
36 Secret Manager Service
38 Manages secrets and operations using those secrets. Implements a
39 REST model with the following objects:
41 - [Secret][google.cloud.secrets.v1beta1.Secret]
42 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
44 This class defines the same methods as the primary client, so the
45 primary client can load the underlying transport implementation
46 and call it.
48 It sends protocol buffers over the wire using gRPC (which is built on
49 top of HTTP/2); the ``grpcio`` package must be installed.
50 """
52 _stubs: Dict[str, Callable]
54 def __init__(
55 self,
56 *,
57 host: str = "secretmanager.googleapis.com",
58 credentials: Optional[ga_credentials.Credentials] = None,
59 credentials_file: Optional[str] = None,
60 scopes: Optional[Sequence[str]] = None,
61 channel: Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]] = None,
62 api_mtls_endpoint: Optional[str] = None,
63 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
64 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
65 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
66 quota_project_id: Optional[str] = None,
67 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
68 always_use_jwt_access: Optional[bool] = False,
69 api_audience: Optional[str] = None,
70 ) -> None:
71 """Instantiate the transport.
73 Args:
74 host (Optional[str]):
75 The hostname to connect to (default: 'secretmanager.googleapis.com').
76 credentials (Optional[google.auth.credentials.Credentials]): The
77 authorization credentials to attach to requests. These
78 credentials identify the application to the service; if none
79 are specified, the client will attempt to ascertain the
80 credentials from the environment.
81 This argument is ignored if a ``channel`` instance is provided.
82 credentials_file (Optional[str]): A file with credentials that can
83 be loaded with :func:`google.auth.load_credentials_from_file`.
84 This argument is ignored if a ``channel`` instance is provided.
85 scopes (Optional(Sequence[str])): A list of scopes. This argument is
86 ignored if a ``channel`` instance is provided.
87 channel (Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]]):
88 A ``Channel`` instance through which to make calls, or a Callable
89 that constructs and returns one. If set to None, ``self.create_channel``
90 is used to create the channel. If a Callable is given, it will be called
91 with the same arguments as used in ``self.create_channel``.
92 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
93 If provided, it overrides the ``host`` argument and tries to create
94 a mutual TLS channel with client SSL credentials from
95 ``client_cert_source`` or application default SSL credentials.
96 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
97 Deprecated. A callback to provide client SSL certificate bytes and
98 private key bytes, both in PEM format. It is ignored if
99 ``api_mtls_endpoint`` is None.
100 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
101 for the grpc channel. It is ignored if a ``channel`` instance is provided.
102 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
103 A callback to provide client certificate bytes and private key bytes,
104 both in PEM format. It is used to configure a mutual TLS channel. It is
105 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
106 quota_project_id (Optional[str]): An optional project to use for billing
107 and quota.
108 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
109 The client info used to send a user-agent string along with
110 API requests. If ``None``, then default info will be used.
111 Generally, you only need to set this if you're developing
112 your own client library.
113 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
114 be used for service account credentials.
116 Raises:
117 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
118 creation failed for any reason.
119 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
120 and ``credentials_file`` are passed.
121 """
122 self._grpc_channel = None
123 self._ssl_channel_credentials = ssl_channel_credentials
124 self._stubs: Dict[str, Callable] = {}
126 if api_mtls_endpoint:
127 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
128 if client_cert_source:
129 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
131 if isinstance(channel, grpc.Channel):
132 # Ignore credentials if a channel was passed.
133 credentials = False
134 # If a channel was explicitly provided, set it.
135 self._grpc_channel = channel
136 self._ssl_channel_credentials = None
138 else:
139 if api_mtls_endpoint:
140 host = api_mtls_endpoint
142 # Create SSL credentials with client_cert_source or application
143 # default SSL credentials.
144 if client_cert_source:
145 cert, key = client_cert_source()
146 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
147 certificate_chain=cert, private_key=key
148 )
149 else:
150 self._ssl_channel_credentials = SslCredentials().ssl_credentials
152 else:
153 if client_cert_source_for_mtls and not ssl_channel_credentials:
154 cert, key = client_cert_source_for_mtls()
155 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
156 certificate_chain=cert, private_key=key
157 )
159 # The base transport sets the host, credentials and scopes
160 super().__init__(
161 host=host,
162 credentials=credentials,
163 credentials_file=credentials_file,
164 scopes=scopes,
165 quota_project_id=quota_project_id,
166 client_info=client_info,
167 always_use_jwt_access=always_use_jwt_access,
168 api_audience=api_audience,
169 )
171 if not self._grpc_channel:
172 # initialize with the provided callable or the default channel
173 channel_init = channel or type(self).create_channel
174 self._grpc_channel = channel_init(
175 self._host,
176 # use the credentials which are saved
177 credentials=self._credentials,
178 # Set ``credentials_file`` to ``None`` here as
179 # the credentials that we saved earlier should be used.
180 credentials_file=None,
181 scopes=self._scopes,
182 ssl_credentials=self._ssl_channel_credentials,
183 quota_project_id=quota_project_id,
184 options=[
185 ("grpc.max_send_message_length", -1),
186 ("grpc.max_receive_message_length", -1),
187 ],
188 )
190 # Wrap messages. This must be done after self._grpc_channel exists
191 self._prep_wrapped_messages(client_info)
193 @classmethod
194 def create_channel(
195 cls,
196 host: str = "secretmanager.googleapis.com",
197 credentials: Optional[ga_credentials.Credentials] = None,
198 credentials_file: Optional[str] = None,
199 scopes: Optional[Sequence[str]] = None,
200 quota_project_id: Optional[str] = None,
201 **kwargs,
202 ) -> grpc.Channel:
203 """Create and return a gRPC channel object.
204 Args:
205 host (Optional[str]): The host for the channel to use.
206 credentials (Optional[~.Credentials]): The
207 authorization credentials to attach to requests. These
208 credentials identify this application to the service. If
209 none are specified, the client will attempt to ascertain
210 the credentials from the environment.
211 credentials_file (Optional[str]): A file with credentials that can
212 be loaded with :func:`google.auth.load_credentials_from_file`.
213 This argument is mutually exclusive with credentials.
214 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
215 service. These are only used when credentials are not specified and
216 are passed to :func:`google.auth.default`.
217 quota_project_id (Optional[str]): An optional project to use for billing
218 and quota.
219 kwargs (Optional[dict]): Keyword arguments, which are passed to the
220 channel creation.
221 Returns:
222 grpc.Channel: A gRPC channel object.
224 Raises:
225 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
226 and ``credentials_file`` are passed.
227 """
229 return grpc_helpers.create_channel(
230 host,
231 credentials=credentials,
232 credentials_file=credentials_file,
233 quota_project_id=quota_project_id,
234 default_scopes=cls.AUTH_SCOPES,
235 scopes=scopes,
236 default_host=cls.DEFAULT_HOST,
237 **kwargs,
238 )
240 @property
241 def grpc_channel(self) -> grpc.Channel:
242 """Return the channel designed to connect to this service."""
243 return self._grpc_channel
245 @property
246 def list_secrets(
247 self,
248 ) -> Callable[[service.ListSecretsRequest], service.ListSecretsResponse]:
249 r"""Return a callable for the list secrets method over gRPC.
251 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
253 Returns:
254 Callable[[~.ListSecretsRequest],
255 ~.ListSecretsResponse]:
256 A function that, when called, will call the underlying RPC
257 on the server.
258 """
259 # Generate a "stub function" on-the-fly which will actually make
260 # the request.
261 # gRPC handles serialization and deserialization, so we just need
262 # to pass in the functions for each.
263 if "list_secrets" not in self._stubs:
264 self._stubs["list_secrets"] = self.grpc_channel.unary_unary(
265 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
266 request_serializer=service.ListSecretsRequest.serialize,
267 response_deserializer=service.ListSecretsResponse.deserialize,
268 )
269 return self._stubs["list_secrets"]
271 @property
272 def create_secret(
273 self,
274 ) -> Callable[[service.CreateSecretRequest], resources.Secret]:
275 r"""Return a callable for the create secret method over gRPC.
277 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
278 containing no
279 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
281 Returns:
282 Callable[[~.CreateSecretRequest],
283 ~.Secret]:
284 A function that, when called, will call the underlying RPC
285 on the server.
286 """
287 # Generate a "stub function" on-the-fly which will actually make
288 # the request.
289 # gRPC handles serialization and deserialization, so we just need
290 # to pass in the functions for each.
291 if "create_secret" not in self._stubs:
292 self._stubs["create_secret"] = self.grpc_channel.unary_unary(
293 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
294 request_serializer=service.CreateSecretRequest.serialize,
295 response_deserializer=resources.Secret.deserialize,
296 )
297 return self._stubs["create_secret"]
299 @property
300 def add_secret_version(
301 self,
302 ) -> Callable[[service.AddSecretVersionRequest], resources.SecretVersion]:
303 r"""Return a callable for the add secret version method over gRPC.
305 Creates a new
306 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
307 containing secret data and attaches it to an existing
308 [Secret][google.cloud.secrets.v1beta1.Secret].
310 Returns:
311 Callable[[~.AddSecretVersionRequest],
312 ~.SecretVersion]:
313 A function that, when called, will call the underlying RPC
314 on the server.
315 """
316 # Generate a "stub function" on-the-fly which will actually make
317 # the request.
318 # gRPC handles serialization and deserialization, so we just need
319 # to pass in the functions for each.
320 if "add_secret_version" not in self._stubs:
321 self._stubs["add_secret_version"] = self.grpc_channel.unary_unary(
322 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
323 request_serializer=service.AddSecretVersionRequest.serialize,
324 response_deserializer=resources.SecretVersion.deserialize,
325 )
326 return self._stubs["add_secret_version"]
328 @property
329 def get_secret(self) -> Callable[[service.GetSecretRequest], resources.Secret]:
330 r"""Return a callable for the get secret method over gRPC.
332 Gets metadata for a given
333 [Secret][google.cloud.secrets.v1beta1.Secret].
335 Returns:
336 Callable[[~.GetSecretRequest],
337 ~.Secret]:
338 A function that, when called, will call the underlying RPC
339 on the server.
340 """
341 # Generate a "stub function" on-the-fly which will actually make
342 # the request.
343 # gRPC handles serialization and deserialization, so we just need
344 # to pass in the functions for each.
345 if "get_secret" not in self._stubs:
346 self._stubs["get_secret"] = self.grpc_channel.unary_unary(
347 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
348 request_serializer=service.GetSecretRequest.serialize,
349 response_deserializer=resources.Secret.deserialize,
350 )
351 return self._stubs["get_secret"]
353 @property
354 def update_secret(
355 self,
356 ) -> Callable[[service.UpdateSecretRequest], resources.Secret]:
357 r"""Return a callable for the update secret method over gRPC.
359 Updates metadata of an existing
360 [Secret][google.cloud.secrets.v1beta1.Secret].
362 Returns:
363 Callable[[~.UpdateSecretRequest],
364 ~.Secret]:
365 A function that, when called, will call the underlying RPC
366 on the server.
367 """
368 # Generate a "stub function" on-the-fly which will actually make
369 # the request.
370 # gRPC handles serialization and deserialization, so we just need
371 # to pass in the functions for each.
372 if "update_secret" not in self._stubs:
373 self._stubs["update_secret"] = self.grpc_channel.unary_unary(
374 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
375 request_serializer=service.UpdateSecretRequest.serialize,
376 response_deserializer=resources.Secret.deserialize,
377 )
378 return self._stubs["update_secret"]
380 @property
381 def delete_secret(self) -> Callable[[service.DeleteSecretRequest], empty_pb2.Empty]:
382 r"""Return a callable for the delete secret method over gRPC.
384 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
386 Returns:
387 Callable[[~.DeleteSecretRequest],
388 ~.Empty]:
389 A function that, when called, will call the underlying RPC
390 on the server.
391 """
392 # Generate a "stub function" on-the-fly which will actually make
393 # the request.
394 # gRPC handles serialization and deserialization, so we just need
395 # to pass in the functions for each.
396 if "delete_secret" not in self._stubs:
397 self._stubs["delete_secret"] = self.grpc_channel.unary_unary(
398 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
399 request_serializer=service.DeleteSecretRequest.serialize,
400 response_deserializer=empty_pb2.Empty.FromString,
401 )
402 return self._stubs["delete_secret"]
404 @property
405 def list_secret_versions(
406 self,
407 ) -> Callable[
408 [service.ListSecretVersionsRequest], service.ListSecretVersionsResponse
409 ]:
410 r"""Return a callable for the list secret versions method over gRPC.
412 Lists
413 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
414 This call does not return secret data.
416 Returns:
417 Callable[[~.ListSecretVersionsRequest],
418 ~.ListSecretVersionsResponse]:
419 A function that, when called, will call the underlying RPC
420 on the server.
421 """
422 # Generate a "stub function" on-the-fly which will actually make
423 # the request.
424 # gRPC handles serialization and deserialization, so we just need
425 # to pass in the functions for each.
426 if "list_secret_versions" not in self._stubs:
427 self._stubs["list_secret_versions"] = self.grpc_channel.unary_unary(
428 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
429 request_serializer=service.ListSecretVersionsRequest.serialize,
430 response_deserializer=service.ListSecretVersionsResponse.deserialize,
431 )
432 return self._stubs["list_secret_versions"]
434 @property
435 def get_secret_version(
436 self,
437 ) -> Callable[[service.GetSecretVersionRequest], resources.SecretVersion]:
438 r"""Return a callable for the get secret version method over gRPC.
440 Gets metadata for a
441 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
443 ``projects/*/secrets/*/versions/latest`` is an alias to the
444 ``latest``
445 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
447 Returns:
448 Callable[[~.GetSecretVersionRequest],
449 ~.SecretVersion]:
450 A function that, when called, will call the underlying RPC
451 on the server.
452 """
453 # Generate a "stub function" on-the-fly which will actually make
454 # the request.
455 # gRPC handles serialization and deserialization, so we just need
456 # to pass in the functions for each.
457 if "get_secret_version" not in self._stubs:
458 self._stubs["get_secret_version"] = self.grpc_channel.unary_unary(
459 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
460 request_serializer=service.GetSecretVersionRequest.serialize,
461 response_deserializer=resources.SecretVersion.deserialize,
462 )
463 return self._stubs["get_secret_version"]
465 @property
466 def access_secret_version(
467 self,
468 ) -> Callable[
469 [service.AccessSecretVersionRequest], service.AccessSecretVersionResponse
470 ]:
471 r"""Return a callable for the access secret version method over gRPC.
473 Accesses a
474 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
475 This call returns the secret data.
477 ``projects/*/secrets/*/versions/latest`` is an alias to the
478 ``latest``
479 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
481 Returns:
482 Callable[[~.AccessSecretVersionRequest],
483 ~.AccessSecretVersionResponse]:
484 A function that, when called, will call the underlying RPC
485 on the server.
486 """
487 # Generate a "stub function" on-the-fly which will actually make
488 # the request.
489 # gRPC handles serialization and deserialization, so we just need
490 # to pass in the functions for each.
491 if "access_secret_version" not in self._stubs:
492 self._stubs["access_secret_version"] = self.grpc_channel.unary_unary(
493 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
494 request_serializer=service.AccessSecretVersionRequest.serialize,
495 response_deserializer=service.AccessSecretVersionResponse.deserialize,
496 )
497 return self._stubs["access_secret_version"]
499 @property
500 def disable_secret_version(
501 self,
502 ) -> Callable[[service.DisableSecretVersionRequest], resources.SecretVersion]:
503 r"""Return a callable for the disable secret version method over gRPC.
505 Disables a
506 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
508 Sets the
509 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
510 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
511 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
513 Returns:
514 Callable[[~.DisableSecretVersionRequest],
515 ~.SecretVersion]:
516 A function that, when called, will call the underlying RPC
517 on the server.
518 """
519 # Generate a "stub function" on-the-fly which will actually make
520 # the request.
521 # gRPC handles serialization and deserialization, so we just need
522 # to pass in the functions for each.
523 if "disable_secret_version" not in self._stubs:
524 self._stubs["disable_secret_version"] = self.grpc_channel.unary_unary(
525 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
526 request_serializer=service.DisableSecretVersionRequest.serialize,
527 response_deserializer=resources.SecretVersion.deserialize,
528 )
529 return self._stubs["disable_secret_version"]
531 @property
532 def enable_secret_version(
533 self,
534 ) -> Callable[[service.EnableSecretVersionRequest], resources.SecretVersion]:
535 r"""Return a callable for the enable secret version method over gRPC.
537 Enables a
538 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
540 Sets the
541 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
542 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
543 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
545 Returns:
546 Callable[[~.EnableSecretVersionRequest],
547 ~.SecretVersion]:
548 A function that, when called, will call the underlying RPC
549 on the server.
550 """
551 # Generate a "stub function" on-the-fly which will actually make
552 # the request.
553 # gRPC handles serialization and deserialization, so we just need
554 # to pass in the functions for each.
555 if "enable_secret_version" not in self._stubs:
556 self._stubs["enable_secret_version"] = self.grpc_channel.unary_unary(
557 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
558 request_serializer=service.EnableSecretVersionRequest.serialize,
559 response_deserializer=resources.SecretVersion.deserialize,
560 )
561 return self._stubs["enable_secret_version"]
563 @property
564 def destroy_secret_version(
565 self,
566 ) -> Callable[[service.DestroySecretVersionRequest], resources.SecretVersion]:
567 r"""Return a callable for the destroy secret version method over gRPC.
569 Destroys a
570 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
572 Sets the
573 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
574 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
575 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
576 and irrevocably destroys the secret data.
578 Returns:
579 Callable[[~.DestroySecretVersionRequest],
580 ~.SecretVersion]:
581 A function that, when called, will call the underlying RPC
582 on the server.
583 """
584 # Generate a "stub function" on-the-fly which will actually make
585 # the request.
586 # gRPC handles serialization and deserialization, so we just need
587 # to pass in the functions for each.
588 if "destroy_secret_version" not in self._stubs:
589 self._stubs["destroy_secret_version"] = self.grpc_channel.unary_unary(
590 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
591 request_serializer=service.DestroySecretVersionRequest.serialize,
592 response_deserializer=resources.SecretVersion.deserialize,
593 )
594 return self._stubs["destroy_secret_version"]
596 @property
597 def set_iam_policy(
598 self,
599 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]:
600 r"""Return a callable for the set iam policy method over gRPC.
602 Sets the access control policy on the specified secret. Replaces
603 any existing policy.
605 Permissions on
606 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
607 enforced according to the policy set on the associated
608 [Secret][google.cloud.secrets.v1beta1.Secret].
610 Returns:
611 Callable[[~.SetIamPolicyRequest],
612 ~.Policy]:
613 A function that, when called, will call the underlying RPC
614 on the server.
615 """
616 # Generate a "stub function" on-the-fly which will actually make
617 # the request.
618 # gRPC handles serialization and deserialization, so we just need
619 # to pass in the functions for each.
620 if "set_iam_policy" not in self._stubs:
621 self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary(
622 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
623 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
624 response_deserializer=policy_pb2.Policy.FromString,
625 )
626 return self._stubs["set_iam_policy"]
628 @property
629 def get_iam_policy(
630 self,
631 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]:
632 r"""Return a callable for the get iam policy method over gRPC.
634 Gets the access control policy for a secret.
635 Returns empty policy if the secret exists and does not
636 have a policy set.
638 Returns:
639 Callable[[~.GetIamPolicyRequest],
640 ~.Policy]:
641 A function that, when called, will call the underlying RPC
642 on the server.
643 """
644 # Generate a "stub function" on-the-fly which will actually make
645 # the request.
646 # gRPC handles serialization and deserialization, so we just need
647 # to pass in the functions for each.
648 if "get_iam_policy" not in self._stubs:
649 self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary(
650 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
651 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
652 response_deserializer=policy_pb2.Policy.FromString,
653 )
654 return self._stubs["get_iam_policy"]
656 @property
657 def test_iam_permissions(
658 self,
659 ) -> Callable[
660 [iam_policy_pb2.TestIamPermissionsRequest],
661 iam_policy_pb2.TestIamPermissionsResponse,
662 ]:
663 r"""Return a callable for the test iam permissions method over gRPC.
665 Returns permissions that a caller has for the specified secret.
666 If the secret does not exist, this call returns an empty set of
667 permissions, not a NOT_FOUND error.
669 Note: This operation is designed to be used for building
670 permission-aware UIs and command-line tools, not for
671 authorization checking. This operation may "fail open" without
672 warning.
674 Returns:
675 Callable[[~.TestIamPermissionsRequest],
676 ~.TestIamPermissionsResponse]:
677 A function that, when called, will call the underlying RPC
678 on the server.
679 """
680 # Generate a "stub function" on-the-fly which will actually make
681 # the request.
682 # gRPC handles serialization and deserialization, so we just need
683 # to pass in the functions for each.
684 if "test_iam_permissions" not in self._stubs:
685 self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary(
686 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
687 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
688 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
689 )
690 return self._stubs["test_iam_permissions"]
692 def close(self):
693 self.grpc_channel.close()
695 @property
696 def kind(self) -> str:
697 return "grpc"
700__all__ = ("SecretManagerServiceGrpcTransport",)