Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
17import warnings
19from google.api_core import exceptions as core_exceptions
20from google.api_core import gapic_v1, grpc_helpers_async
21from google.api_core import retry_async as retries
22from google.auth import credentials as ga_credentials # type: ignore
23from google.auth.transport.grpc import SslCredentials # type: ignore
24from google.iam.v1 import iam_policy_pb2 # type: ignore
25from google.iam.v1 import policy_pb2 # type: ignore
26from google.protobuf import empty_pb2 # type: ignore
27import grpc # type: ignore
28from grpc.experimental import aio # type: ignore
30from google.cloud.secretmanager_v1beta1.types import resources, service
32from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
33from .grpc import SecretManagerServiceGrpcTransport
36class SecretManagerServiceGrpcAsyncIOTransport(SecretManagerServiceTransport):
37 """gRPC AsyncIO backend transport for SecretManagerService.
39 Secret Manager Service
41 Manages secrets and operations using those secrets. Implements a
42 REST model with the following objects:
44 - [Secret][google.cloud.secrets.v1beta1.Secret]
45 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
47 This class defines the same methods as the primary client, so the
48 primary client can load the underlying transport implementation
49 and call it.
51 It sends protocol buffers over the wire using gRPC (which is built on
52 top of HTTP/2); the ``grpcio`` package must be installed.
53 """
55 _grpc_channel: aio.Channel
56 _stubs: Dict[str, Callable] = {}
58 @classmethod
59 def create_channel(
60 cls,
61 host: str = "secretmanager.googleapis.com",
62 credentials: Optional[ga_credentials.Credentials] = None,
63 credentials_file: Optional[str] = None,
64 scopes: Optional[Sequence[str]] = None,
65 quota_project_id: Optional[str] = None,
66 **kwargs,
67 ) -> aio.Channel:
68 """Create and return a gRPC AsyncIO channel object.
69 Args:
70 host (Optional[str]): The host for the channel to use.
71 credentials (Optional[~.Credentials]): The
72 authorization credentials to attach to requests. These
73 credentials identify this application to the service. If
74 none are specified, the client will attempt to ascertain
75 the credentials from the environment.
76 credentials_file (Optional[str]): A file with credentials that can
77 be loaded with :func:`google.auth.load_credentials_from_file`.
78 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
79 service. These are only used when credentials are not specified and
80 are passed to :func:`google.auth.default`.
81 quota_project_id (Optional[str]): An optional project to use for billing
82 and quota.
83 kwargs (Optional[dict]): Keyword arguments, which are passed to the
84 channel creation.
85 Returns:
86 aio.Channel: A gRPC AsyncIO channel object.
87 """
89 return grpc_helpers_async.create_channel(
90 host,
91 credentials=credentials,
92 credentials_file=credentials_file,
93 quota_project_id=quota_project_id,
94 default_scopes=cls.AUTH_SCOPES,
95 scopes=scopes,
96 default_host=cls.DEFAULT_HOST,
97 **kwargs,
98 )
100 def __init__(
101 self,
102 *,
103 host: str = "secretmanager.googleapis.com",
104 credentials: Optional[ga_credentials.Credentials] = None,
105 credentials_file: Optional[str] = None,
106 scopes: Optional[Sequence[str]] = None,
107 channel: Optional[Union[aio.Channel, Callable[..., aio.Channel]]] = None,
108 api_mtls_endpoint: Optional[str] = None,
109 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
110 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
111 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
112 quota_project_id: Optional[str] = None,
113 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
114 always_use_jwt_access: Optional[bool] = False,
115 api_audience: Optional[str] = None,
116 ) -> None:
117 """Instantiate the transport.
119 Args:
120 host (Optional[str]):
121 The hostname to connect to (default: 'secretmanager.googleapis.com').
122 credentials (Optional[google.auth.credentials.Credentials]): The
123 authorization credentials to attach to requests. These
124 credentials identify the application to the service; if none
125 are specified, the client will attempt to ascertain the
126 credentials from the environment.
127 This argument is ignored if a ``channel`` instance is provided.
128 credentials_file (Optional[str]): A file with credentials that can
129 be loaded with :func:`google.auth.load_credentials_from_file`.
130 This argument is ignored if a ``channel`` instance is provided.
131 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
132 service. These are only used when credentials are not specified and
133 are passed to :func:`google.auth.default`.
134 channel (Optional[Union[aio.Channel, Callable[..., aio.Channel]]]):
135 A ``Channel`` instance through which to make calls, or a Callable
136 that constructs and returns one. If set to None, ``self.create_channel``
137 is used to create the channel. If a Callable is given, it will be called
138 with the same arguments as used in ``self.create_channel``.
139 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
140 If provided, it overrides the ``host`` argument and tries to create
141 a mutual TLS channel with client SSL credentials from
142 ``client_cert_source`` or application default SSL credentials.
143 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
144 Deprecated. A callback to provide client SSL certificate bytes and
145 private key bytes, both in PEM format. It is ignored if
146 ``api_mtls_endpoint`` is None.
147 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
148 for the grpc channel. It is ignored if a ``channel`` instance is provided.
149 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
150 A callback to provide client certificate bytes and private key bytes,
151 both in PEM format. It is used to configure a mutual TLS channel. It is
152 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
153 quota_project_id (Optional[str]): An optional project to use for billing
154 and quota.
155 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
156 The client info used to send a user-agent string along with
157 API requests. If ``None``, then default info will be used.
158 Generally, you only need to set this if you're developing
159 your own client library.
160 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
161 be used for service account credentials.
163 Raises:
164 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
165 creation failed for any reason.
166 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
167 and ``credentials_file`` are passed.
168 """
169 self._grpc_channel = None
170 self._ssl_channel_credentials = ssl_channel_credentials
171 self._stubs: Dict[str, Callable] = {}
173 if api_mtls_endpoint:
174 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
175 if client_cert_source:
176 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
178 if isinstance(channel, aio.Channel):
179 # Ignore credentials if a channel was passed.
180 credentials = None
181 self._ignore_credentials = True
182 # If a channel was explicitly provided, set it.
183 self._grpc_channel = channel
184 self._ssl_channel_credentials = None
185 else:
186 if api_mtls_endpoint:
187 host = api_mtls_endpoint
189 # Create SSL credentials with client_cert_source or application
190 # default SSL credentials.
191 if client_cert_source:
192 cert, key = client_cert_source()
193 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
194 certificate_chain=cert, private_key=key
195 )
196 else:
197 self._ssl_channel_credentials = SslCredentials().ssl_credentials
199 else:
200 if client_cert_source_for_mtls and not ssl_channel_credentials:
201 cert, key = client_cert_source_for_mtls()
202 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
203 certificate_chain=cert, private_key=key
204 )
206 # The base transport sets the host, credentials and scopes
207 super().__init__(
208 host=host,
209 credentials=credentials,
210 credentials_file=credentials_file,
211 scopes=scopes,
212 quota_project_id=quota_project_id,
213 client_info=client_info,
214 always_use_jwt_access=always_use_jwt_access,
215 api_audience=api_audience,
216 )
218 if not self._grpc_channel:
219 # initialize with the provided callable or the default channel
220 channel_init = channel or type(self).create_channel
221 self._grpc_channel = channel_init(
222 self._host,
223 # use the credentials which are saved
224 credentials=self._credentials,
225 # Set ``credentials_file`` to ``None`` here as
226 # the credentials that we saved earlier should be used.
227 credentials_file=None,
228 scopes=self._scopes,
229 ssl_credentials=self._ssl_channel_credentials,
230 quota_project_id=quota_project_id,
231 options=[
232 ("grpc.max_send_message_length", -1),
233 ("grpc.max_receive_message_length", -1),
234 ],
235 )
237 # Wrap messages. This must be done after self._grpc_channel exists
238 self._prep_wrapped_messages(client_info)
240 @property
241 def grpc_channel(self) -> aio.Channel:
242 """Create the channel designed to connect to this service.
244 This property caches on the instance; repeated calls return
245 the same channel.
246 """
247 # Return the channel from cache.
248 return self._grpc_channel
250 @property
251 def list_secrets(
252 self,
253 ) -> Callable[[service.ListSecretsRequest], Awaitable[service.ListSecretsResponse]]:
254 r"""Return a callable for the list secrets method over gRPC.
256 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
258 Returns:
259 Callable[[~.ListSecretsRequest],
260 Awaitable[~.ListSecretsResponse]]:
261 A function that, when called, will call the underlying RPC
262 on the server.
263 """
264 # Generate a "stub function" on-the-fly which will actually make
265 # the request.
266 # gRPC handles serialization and deserialization, so we just need
267 # to pass in the functions for each.
268 if "list_secrets" not in self._stubs:
269 self._stubs["list_secrets"] = self.grpc_channel.unary_unary(
270 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
271 request_serializer=service.ListSecretsRequest.serialize,
272 response_deserializer=service.ListSecretsResponse.deserialize,
273 )
274 return self._stubs["list_secrets"]
276 @property
277 def create_secret(
278 self,
279 ) -> Callable[[service.CreateSecretRequest], Awaitable[resources.Secret]]:
280 r"""Return a callable for the create secret method over gRPC.
282 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
283 containing no
284 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
286 Returns:
287 Callable[[~.CreateSecretRequest],
288 Awaitable[~.Secret]]:
289 A function that, when called, will call the underlying RPC
290 on the server.
291 """
292 # Generate a "stub function" on-the-fly which will actually make
293 # the request.
294 # gRPC handles serialization and deserialization, so we just need
295 # to pass in the functions for each.
296 if "create_secret" not in self._stubs:
297 self._stubs["create_secret"] = self.grpc_channel.unary_unary(
298 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
299 request_serializer=service.CreateSecretRequest.serialize,
300 response_deserializer=resources.Secret.deserialize,
301 )
302 return self._stubs["create_secret"]
304 @property
305 def add_secret_version(
306 self,
307 ) -> Callable[
308 [service.AddSecretVersionRequest], Awaitable[resources.SecretVersion]
309 ]:
310 r"""Return a callable for the add secret version method over gRPC.
312 Creates a new
313 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
314 containing secret data and attaches it to an existing
315 [Secret][google.cloud.secrets.v1beta1.Secret].
317 Returns:
318 Callable[[~.AddSecretVersionRequest],
319 Awaitable[~.SecretVersion]]:
320 A function that, when called, will call the underlying RPC
321 on the server.
322 """
323 # Generate a "stub function" on-the-fly which will actually make
324 # the request.
325 # gRPC handles serialization and deserialization, so we just need
326 # to pass in the functions for each.
327 if "add_secret_version" not in self._stubs:
328 self._stubs["add_secret_version"] = self.grpc_channel.unary_unary(
329 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
330 request_serializer=service.AddSecretVersionRequest.serialize,
331 response_deserializer=resources.SecretVersion.deserialize,
332 )
333 return self._stubs["add_secret_version"]
335 @property
336 def get_secret(
337 self,
338 ) -> Callable[[service.GetSecretRequest], Awaitable[resources.Secret]]:
339 r"""Return a callable for the get secret method over gRPC.
341 Gets metadata for a given
342 [Secret][google.cloud.secrets.v1beta1.Secret].
344 Returns:
345 Callable[[~.GetSecretRequest],
346 Awaitable[~.Secret]]:
347 A function that, when called, will call the underlying RPC
348 on the server.
349 """
350 # Generate a "stub function" on-the-fly which will actually make
351 # the request.
352 # gRPC handles serialization and deserialization, so we just need
353 # to pass in the functions for each.
354 if "get_secret" not in self._stubs:
355 self._stubs["get_secret"] = self.grpc_channel.unary_unary(
356 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
357 request_serializer=service.GetSecretRequest.serialize,
358 response_deserializer=resources.Secret.deserialize,
359 )
360 return self._stubs["get_secret"]
362 @property
363 def update_secret(
364 self,
365 ) -> Callable[[service.UpdateSecretRequest], Awaitable[resources.Secret]]:
366 r"""Return a callable for the update secret method over gRPC.
368 Updates metadata of an existing
369 [Secret][google.cloud.secrets.v1beta1.Secret].
371 Returns:
372 Callable[[~.UpdateSecretRequest],
373 Awaitable[~.Secret]]:
374 A function that, when called, will call the underlying RPC
375 on the server.
376 """
377 # Generate a "stub function" on-the-fly which will actually make
378 # the request.
379 # gRPC handles serialization and deserialization, so we just need
380 # to pass in the functions for each.
381 if "update_secret" not in self._stubs:
382 self._stubs["update_secret"] = self.grpc_channel.unary_unary(
383 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
384 request_serializer=service.UpdateSecretRequest.serialize,
385 response_deserializer=resources.Secret.deserialize,
386 )
387 return self._stubs["update_secret"]
389 @property
390 def delete_secret(
391 self,
392 ) -> Callable[[service.DeleteSecretRequest], Awaitable[empty_pb2.Empty]]:
393 r"""Return a callable for the delete secret method over gRPC.
395 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
397 Returns:
398 Callable[[~.DeleteSecretRequest],
399 Awaitable[~.Empty]]:
400 A function that, when called, will call the underlying RPC
401 on the server.
402 """
403 # Generate a "stub function" on-the-fly which will actually make
404 # the request.
405 # gRPC handles serialization and deserialization, so we just need
406 # to pass in the functions for each.
407 if "delete_secret" not in self._stubs:
408 self._stubs["delete_secret"] = self.grpc_channel.unary_unary(
409 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
410 request_serializer=service.DeleteSecretRequest.serialize,
411 response_deserializer=empty_pb2.Empty.FromString,
412 )
413 return self._stubs["delete_secret"]
415 @property
416 def list_secret_versions(
417 self,
418 ) -> Callable[
419 [service.ListSecretVersionsRequest],
420 Awaitable[service.ListSecretVersionsResponse],
421 ]:
422 r"""Return a callable for the list secret versions method over gRPC.
424 Lists
425 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
426 This call does not return secret data.
428 Returns:
429 Callable[[~.ListSecretVersionsRequest],
430 Awaitable[~.ListSecretVersionsResponse]]:
431 A function that, when called, will call the underlying RPC
432 on the server.
433 """
434 # Generate a "stub function" on-the-fly which will actually make
435 # the request.
436 # gRPC handles serialization and deserialization, so we just need
437 # to pass in the functions for each.
438 if "list_secret_versions" not in self._stubs:
439 self._stubs["list_secret_versions"] = self.grpc_channel.unary_unary(
440 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
441 request_serializer=service.ListSecretVersionsRequest.serialize,
442 response_deserializer=service.ListSecretVersionsResponse.deserialize,
443 )
444 return self._stubs["list_secret_versions"]
446 @property
447 def get_secret_version(
448 self,
449 ) -> Callable[
450 [service.GetSecretVersionRequest], Awaitable[resources.SecretVersion]
451 ]:
452 r"""Return a callable for the get secret version method over gRPC.
454 Gets metadata for a
455 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
457 ``projects/*/secrets/*/versions/latest`` is an alias to the
458 ``latest``
459 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
461 Returns:
462 Callable[[~.GetSecretVersionRequest],
463 Awaitable[~.SecretVersion]]:
464 A function that, when called, will call the underlying RPC
465 on the server.
466 """
467 # Generate a "stub function" on-the-fly which will actually make
468 # the request.
469 # gRPC handles serialization and deserialization, so we just need
470 # to pass in the functions for each.
471 if "get_secret_version" not in self._stubs:
472 self._stubs["get_secret_version"] = self.grpc_channel.unary_unary(
473 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
474 request_serializer=service.GetSecretVersionRequest.serialize,
475 response_deserializer=resources.SecretVersion.deserialize,
476 )
477 return self._stubs["get_secret_version"]
479 @property
480 def access_secret_version(
481 self,
482 ) -> Callable[
483 [service.AccessSecretVersionRequest],
484 Awaitable[service.AccessSecretVersionResponse],
485 ]:
486 r"""Return a callable for the access secret version method over gRPC.
488 Accesses a
489 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
490 This call returns the secret data.
492 ``projects/*/secrets/*/versions/latest`` is an alias to the
493 ``latest``
494 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
496 Returns:
497 Callable[[~.AccessSecretVersionRequest],
498 Awaitable[~.AccessSecretVersionResponse]]:
499 A function that, when called, will call the underlying RPC
500 on the server.
501 """
502 # Generate a "stub function" on-the-fly which will actually make
503 # the request.
504 # gRPC handles serialization and deserialization, so we just need
505 # to pass in the functions for each.
506 if "access_secret_version" not in self._stubs:
507 self._stubs["access_secret_version"] = self.grpc_channel.unary_unary(
508 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
509 request_serializer=service.AccessSecretVersionRequest.serialize,
510 response_deserializer=service.AccessSecretVersionResponse.deserialize,
511 )
512 return self._stubs["access_secret_version"]
514 @property
515 def disable_secret_version(
516 self,
517 ) -> Callable[
518 [service.DisableSecretVersionRequest], Awaitable[resources.SecretVersion]
519 ]:
520 r"""Return a callable for the disable secret version method over gRPC.
522 Disables a
523 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
525 Sets the
526 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
527 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
528 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
530 Returns:
531 Callable[[~.DisableSecretVersionRequest],
532 Awaitable[~.SecretVersion]]:
533 A function that, when called, will call the underlying RPC
534 on the server.
535 """
536 # Generate a "stub function" on-the-fly which will actually make
537 # the request.
538 # gRPC handles serialization and deserialization, so we just need
539 # to pass in the functions for each.
540 if "disable_secret_version" not in self._stubs:
541 self._stubs["disable_secret_version"] = self.grpc_channel.unary_unary(
542 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
543 request_serializer=service.DisableSecretVersionRequest.serialize,
544 response_deserializer=resources.SecretVersion.deserialize,
545 )
546 return self._stubs["disable_secret_version"]
548 @property
549 def enable_secret_version(
550 self,
551 ) -> Callable[
552 [service.EnableSecretVersionRequest], Awaitable[resources.SecretVersion]
553 ]:
554 r"""Return a callable for the enable secret version method over gRPC.
556 Enables a
557 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
559 Sets the
560 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
561 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
562 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
564 Returns:
565 Callable[[~.EnableSecretVersionRequest],
566 Awaitable[~.SecretVersion]]:
567 A function that, when called, will call the underlying RPC
568 on the server.
569 """
570 # Generate a "stub function" on-the-fly which will actually make
571 # the request.
572 # gRPC handles serialization and deserialization, so we just need
573 # to pass in the functions for each.
574 if "enable_secret_version" not in self._stubs:
575 self._stubs["enable_secret_version"] = self.grpc_channel.unary_unary(
576 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
577 request_serializer=service.EnableSecretVersionRequest.serialize,
578 response_deserializer=resources.SecretVersion.deserialize,
579 )
580 return self._stubs["enable_secret_version"]
582 @property
583 def destroy_secret_version(
584 self,
585 ) -> Callable[
586 [service.DestroySecretVersionRequest], Awaitable[resources.SecretVersion]
587 ]:
588 r"""Return a callable for the destroy secret version method over gRPC.
590 Destroys a
591 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
593 Sets the
594 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
595 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
596 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
597 and irrevocably destroys the secret data.
599 Returns:
600 Callable[[~.DestroySecretVersionRequest],
601 Awaitable[~.SecretVersion]]:
602 A function that, when called, will call the underlying RPC
603 on the server.
604 """
605 # Generate a "stub function" on-the-fly which will actually make
606 # the request.
607 # gRPC handles serialization and deserialization, so we just need
608 # to pass in the functions for each.
609 if "destroy_secret_version" not in self._stubs:
610 self._stubs["destroy_secret_version"] = self.grpc_channel.unary_unary(
611 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
612 request_serializer=service.DestroySecretVersionRequest.serialize,
613 response_deserializer=resources.SecretVersion.deserialize,
614 )
615 return self._stubs["destroy_secret_version"]
617 @property
618 def set_iam_policy(
619 self,
620 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
621 r"""Return a callable for the set iam policy method over gRPC.
623 Sets the access control policy on the specified secret. Replaces
624 any existing policy.
626 Permissions on
627 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
628 enforced according to the policy set on the associated
629 [Secret][google.cloud.secrets.v1beta1.Secret].
631 Returns:
632 Callable[[~.SetIamPolicyRequest],
633 Awaitable[~.Policy]]:
634 A function that, when called, will call the underlying RPC
635 on the server.
636 """
637 # Generate a "stub function" on-the-fly which will actually make
638 # the request.
639 # gRPC handles serialization and deserialization, so we just need
640 # to pass in the functions for each.
641 if "set_iam_policy" not in self._stubs:
642 self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary(
643 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
644 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
645 response_deserializer=policy_pb2.Policy.FromString,
646 )
647 return self._stubs["set_iam_policy"]
649 @property
650 def get_iam_policy(
651 self,
652 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
653 r"""Return a callable for the get iam policy method over gRPC.
655 Gets the access control policy for a secret.
656 Returns empty policy if the secret exists and does not
657 have a policy set.
659 Returns:
660 Callable[[~.GetIamPolicyRequest],
661 Awaitable[~.Policy]]:
662 A function that, when called, will call the underlying RPC
663 on the server.
664 """
665 # Generate a "stub function" on-the-fly which will actually make
666 # the request.
667 # gRPC handles serialization and deserialization, so we just need
668 # to pass in the functions for each.
669 if "get_iam_policy" not in self._stubs:
670 self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary(
671 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
672 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
673 response_deserializer=policy_pb2.Policy.FromString,
674 )
675 return self._stubs["get_iam_policy"]
677 @property
678 def test_iam_permissions(
679 self,
680 ) -> Callable[
681 [iam_policy_pb2.TestIamPermissionsRequest],
682 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
683 ]:
684 r"""Return a callable for the test iam permissions method over gRPC.
686 Returns permissions that a caller has for the specified secret.
687 If the secret does not exist, this call returns an empty set of
688 permissions, not a NOT_FOUND error.
690 Note: This operation is designed to be used for building
691 permission-aware UIs and command-line tools, not for
692 authorization checking. This operation may "fail open" without
693 warning.
695 Returns:
696 Callable[[~.TestIamPermissionsRequest],
697 Awaitable[~.TestIamPermissionsResponse]]:
698 A function that, when called, will call the underlying RPC
699 on the server.
700 """
701 # Generate a "stub function" on-the-fly which will actually make
702 # the request.
703 # gRPC handles serialization and deserialization, so we just need
704 # to pass in the functions for each.
705 if "test_iam_permissions" not in self._stubs:
706 self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary(
707 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
708 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
709 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
710 )
711 return self._stubs["test_iam_permissions"]
713 def _prep_wrapped_messages(self, client_info):
714 """Precompute the wrapped methods, overriding the base class method to use async wrappers."""
715 self._wrapped_methods = {
716 self.list_secrets: gapic_v1.method_async.wrap_method(
717 self.list_secrets,
718 default_timeout=60.0,
719 client_info=client_info,
720 ),
721 self.create_secret: gapic_v1.method_async.wrap_method(
722 self.create_secret,
723 default_timeout=60.0,
724 client_info=client_info,
725 ),
726 self.add_secret_version: gapic_v1.method_async.wrap_method(
727 self.add_secret_version,
728 default_timeout=60.0,
729 client_info=client_info,
730 ),
731 self.get_secret: gapic_v1.method_async.wrap_method(
732 self.get_secret,
733 default_timeout=60.0,
734 client_info=client_info,
735 ),
736 self.update_secret: gapic_v1.method_async.wrap_method(
737 self.update_secret,
738 default_timeout=60.0,
739 client_info=client_info,
740 ),
741 self.delete_secret: gapic_v1.method_async.wrap_method(
742 self.delete_secret,
743 default_timeout=60.0,
744 client_info=client_info,
745 ),
746 self.list_secret_versions: gapic_v1.method_async.wrap_method(
747 self.list_secret_versions,
748 default_timeout=60.0,
749 client_info=client_info,
750 ),
751 self.get_secret_version: gapic_v1.method_async.wrap_method(
752 self.get_secret_version,
753 default_timeout=60.0,
754 client_info=client_info,
755 ),
756 self.access_secret_version: gapic_v1.method_async.wrap_method(
757 self.access_secret_version,
758 default_retry=retries.AsyncRetry(
759 initial=1.0,
760 maximum=60.0,
761 multiplier=1.3,
762 predicate=retries.if_exception_type(
763 core_exceptions.ServiceUnavailable,
764 core_exceptions.Unknown,
765 ),
766 deadline=60.0,
767 ),
768 default_timeout=60.0,
769 client_info=client_info,
770 ),
771 self.disable_secret_version: gapic_v1.method_async.wrap_method(
772 self.disable_secret_version,
773 default_timeout=60.0,
774 client_info=client_info,
775 ),
776 self.enable_secret_version: gapic_v1.method_async.wrap_method(
777 self.enable_secret_version,
778 default_timeout=60.0,
779 client_info=client_info,
780 ),
781 self.destroy_secret_version: gapic_v1.method_async.wrap_method(
782 self.destroy_secret_version,
783 default_timeout=60.0,
784 client_info=client_info,
785 ),
786 self.set_iam_policy: gapic_v1.method_async.wrap_method(
787 self.set_iam_policy,
788 default_timeout=60.0,
789 client_info=client_info,
790 ),
791 self.get_iam_policy: gapic_v1.method_async.wrap_method(
792 self.get_iam_policy,
793 default_timeout=60.0,
794 client_info=client_info,
795 ),
796 self.test_iam_permissions: gapic_v1.method_async.wrap_method(
797 self.test_iam_permissions,
798 default_timeout=60.0,
799 client_info=client_info,
800 ),
801 }
803 def close(self):
804 return self.grpc_channel.close()
807__all__ = ("SecretManagerServiceGrpcAsyncIOTransport",)