Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from typing import Callable, Dict, Optional, Sequence, Tuple, Union
17import warnings
19from google.api_core import gapic_v1, grpc_helpers
20import google.auth # type: ignore
21from google.auth import credentials as ga_credentials # type: ignore
22from google.auth.transport.grpc import SslCredentials # type: ignore
23from google.iam.v1 import iam_policy_pb2 # type: ignore
24from google.iam.v1 import policy_pb2 # type: ignore
25from google.protobuf import empty_pb2 # type: ignore
26import grpc # type: ignore
28from google.cloud.secretmanager_v1beta1.types import resources, service
30from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
33class SecretManagerServiceGrpcTransport(SecretManagerServiceTransport):
34 """gRPC backend transport for SecretManagerService.
36 Secret Manager Service
38 Manages secrets and operations using those secrets. Implements a
39 REST model with the following objects:
41 - [Secret][google.cloud.secrets.v1beta1.Secret]
42 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
44 This class defines the same methods as the primary client, so the
45 primary client can load the underlying transport implementation
46 and call it.
48 It sends protocol buffers over the wire using gRPC (which is built on
49 top of HTTP/2); the ``grpcio`` package must be installed.
50 """
52 _stubs: Dict[str, Callable]
54 def __init__(
55 self,
56 *,
57 host: str = "secretmanager.googleapis.com",
58 credentials: Optional[ga_credentials.Credentials] = None,
59 credentials_file: Optional[str] = None,
60 scopes: Optional[Sequence[str]] = None,
61 channel: Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]] = None,
62 api_mtls_endpoint: Optional[str] = None,
63 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
64 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
65 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
66 quota_project_id: Optional[str] = None,
67 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
68 always_use_jwt_access: Optional[bool] = False,
69 api_audience: Optional[str] = None,
70 ) -> None:
71 """Instantiate the transport.
73 Args:
74 host (Optional[str]):
75 The hostname to connect to (default: 'secretmanager.googleapis.com').
76 credentials (Optional[google.auth.credentials.Credentials]): The
77 authorization credentials to attach to requests. These
78 credentials identify the application to the service; if none
79 are specified, the client will attempt to ascertain the
80 credentials from the environment.
81 This argument is ignored if a ``channel`` instance is provided.
82 credentials_file (Optional[str]): A file with credentials that can
83 be loaded with :func:`google.auth.load_credentials_from_file`.
84 This argument is ignored if a ``channel`` instance is provided.
85 scopes (Optional(Sequence[str])): A list of scopes. This argument is
86 ignored if a ``channel`` instance is provided.
87 channel (Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]]):
88 A ``Channel`` instance through which to make calls, or a Callable
89 that constructs and returns one. If set to None, ``self.create_channel``
90 is used to create the channel. If a Callable is given, it will be called
91 with the same arguments as used in ``self.create_channel``.
92 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
93 If provided, it overrides the ``host`` argument and tries to create
94 a mutual TLS channel with client SSL credentials from
95 ``client_cert_source`` or application default SSL credentials.
96 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
97 Deprecated. A callback to provide client SSL certificate bytes and
98 private key bytes, both in PEM format. It is ignored if
99 ``api_mtls_endpoint`` is None.
100 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
101 for the grpc channel. It is ignored if a ``channel`` instance is provided.
102 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
103 A callback to provide client certificate bytes and private key bytes,
104 both in PEM format. It is used to configure a mutual TLS channel. It is
105 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
106 quota_project_id (Optional[str]): An optional project to use for billing
107 and quota.
108 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
109 The client info used to send a user-agent string along with
110 API requests. If ``None``, then default info will be used.
111 Generally, you only need to set this if you're developing
112 your own client library.
113 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
114 be used for service account credentials.
116 Raises:
117 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
118 creation failed for any reason.
119 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
120 and ``credentials_file`` are passed.
121 """
122 self._grpc_channel = None
123 self._ssl_channel_credentials = ssl_channel_credentials
124 self._stubs: Dict[str, Callable] = {}
126 if api_mtls_endpoint:
127 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
128 if client_cert_source:
129 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
131 if isinstance(channel, grpc.Channel):
132 # Ignore credentials if a channel was passed.
133 credentials = None
134 self._ignore_credentials = True
135 # If a channel was explicitly provided, set it.
136 self._grpc_channel = channel
137 self._ssl_channel_credentials = None
139 else:
140 if api_mtls_endpoint:
141 host = api_mtls_endpoint
143 # Create SSL credentials with client_cert_source or application
144 # default SSL credentials.
145 if client_cert_source:
146 cert, key = client_cert_source()
147 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
148 certificate_chain=cert, private_key=key
149 )
150 else:
151 self._ssl_channel_credentials = SslCredentials().ssl_credentials
153 else:
154 if client_cert_source_for_mtls and not ssl_channel_credentials:
155 cert, key = client_cert_source_for_mtls()
156 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
157 certificate_chain=cert, private_key=key
158 )
160 # The base transport sets the host, credentials and scopes
161 super().__init__(
162 host=host,
163 credentials=credentials,
164 credentials_file=credentials_file,
165 scopes=scopes,
166 quota_project_id=quota_project_id,
167 client_info=client_info,
168 always_use_jwt_access=always_use_jwt_access,
169 api_audience=api_audience,
170 )
172 if not self._grpc_channel:
173 # initialize with the provided callable or the default channel
174 channel_init = channel or type(self).create_channel
175 self._grpc_channel = channel_init(
176 self._host,
177 # use the credentials which are saved
178 credentials=self._credentials,
179 # Set ``credentials_file`` to ``None`` here as
180 # the credentials that we saved earlier should be used.
181 credentials_file=None,
182 scopes=self._scopes,
183 ssl_credentials=self._ssl_channel_credentials,
184 quota_project_id=quota_project_id,
185 options=[
186 ("grpc.max_send_message_length", -1),
187 ("grpc.max_receive_message_length", -1),
188 ],
189 )
191 # Wrap messages. This must be done after self._grpc_channel exists
192 self._prep_wrapped_messages(client_info)
194 @classmethod
195 def create_channel(
196 cls,
197 host: str = "secretmanager.googleapis.com",
198 credentials: Optional[ga_credentials.Credentials] = None,
199 credentials_file: Optional[str] = None,
200 scopes: Optional[Sequence[str]] = None,
201 quota_project_id: Optional[str] = None,
202 **kwargs,
203 ) -> grpc.Channel:
204 """Create and return a gRPC channel object.
205 Args:
206 host (Optional[str]): The host for the channel to use.
207 credentials (Optional[~.Credentials]): The
208 authorization credentials to attach to requests. These
209 credentials identify this application to the service. If
210 none are specified, the client will attempt to ascertain
211 the credentials from the environment.
212 credentials_file (Optional[str]): A file with credentials that can
213 be loaded with :func:`google.auth.load_credentials_from_file`.
214 This argument is mutually exclusive with credentials.
215 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
216 service. These are only used when credentials are not specified and
217 are passed to :func:`google.auth.default`.
218 quota_project_id (Optional[str]): An optional project to use for billing
219 and quota.
220 kwargs (Optional[dict]): Keyword arguments, which are passed to the
221 channel creation.
222 Returns:
223 grpc.Channel: A gRPC channel object.
225 Raises:
226 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
227 and ``credentials_file`` are passed.
228 """
230 return grpc_helpers.create_channel(
231 host,
232 credentials=credentials,
233 credentials_file=credentials_file,
234 quota_project_id=quota_project_id,
235 default_scopes=cls.AUTH_SCOPES,
236 scopes=scopes,
237 default_host=cls.DEFAULT_HOST,
238 **kwargs,
239 )
241 @property
242 def grpc_channel(self) -> grpc.Channel:
243 """Return the channel designed to connect to this service."""
244 return self._grpc_channel
246 @property
247 def list_secrets(
248 self,
249 ) -> Callable[[service.ListSecretsRequest], service.ListSecretsResponse]:
250 r"""Return a callable for the list secrets method over gRPC.
252 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
254 Returns:
255 Callable[[~.ListSecretsRequest],
256 ~.ListSecretsResponse]:
257 A function that, when called, will call the underlying RPC
258 on the server.
259 """
260 # Generate a "stub function" on-the-fly which will actually make
261 # the request.
262 # gRPC handles serialization and deserialization, so we just need
263 # to pass in the functions for each.
264 if "list_secrets" not in self._stubs:
265 self._stubs["list_secrets"] = self.grpc_channel.unary_unary(
266 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
267 request_serializer=service.ListSecretsRequest.serialize,
268 response_deserializer=service.ListSecretsResponse.deserialize,
269 )
270 return self._stubs["list_secrets"]
272 @property
273 def create_secret(
274 self,
275 ) -> Callable[[service.CreateSecretRequest], resources.Secret]:
276 r"""Return a callable for the create secret method over gRPC.
278 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
279 containing no
280 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
282 Returns:
283 Callable[[~.CreateSecretRequest],
284 ~.Secret]:
285 A function that, when called, will call the underlying RPC
286 on the server.
287 """
288 # Generate a "stub function" on-the-fly which will actually make
289 # the request.
290 # gRPC handles serialization and deserialization, so we just need
291 # to pass in the functions for each.
292 if "create_secret" not in self._stubs:
293 self._stubs["create_secret"] = self.grpc_channel.unary_unary(
294 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
295 request_serializer=service.CreateSecretRequest.serialize,
296 response_deserializer=resources.Secret.deserialize,
297 )
298 return self._stubs["create_secret"]
300 @property
301 def add_secret_version(
302 self,
303 ) -> Callable[[service.AddSecretVersionRequest], resources.SecretVersion]:
304 r"""Return a callable for the add secret version method over gRPC.
306 Creates a new
307 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
308 containing secret data and attaches it to an existing
309 [Secret][google.cloud.secrets.v1beta1.Secret].
311 Returns:
312 Callable[[~.AddSecretVersionRequest],
313 ~.SecretVersion]:
314 A function that, when called, will call the underlying RPC
315 on the server.
316 """
317 # Generate a "stub function" on-the-fly which will actually make
318 # the request.
319 # gRPC handles serialization and deserialization, so we just need
320 # to pass in the functions for each.
321 if "add_secret_version" not in self._stubs:
322 self._stubs["add_secret_version"] = self.grpc_channel.unary_unary(
323 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
324 request_serializer=service.AddSecretVersionRequest.serialize,
325 response_deserializer=resources.SecretVersion.deserialize,
326 )
327 return self._stubs["add_secret_version"]
329 @property
330 def get_secret(self) -> Callable[[service.GetSecretRequest], resources.Secret]:
331 r"""Return a callable for the get secret method over gRPC.
333 Gets metadata for a given
334 [Secret][google.cloud.secrets.v1beta1.Secret].
336 Returns:
337 Callable[[~.GetSecretRequest],
338 ~.Secret]:
339 A function that, when called, will call the underlying RPC
340 on the server.
341 """
342 # Generate a "stub function" on-the-fly which will actually make
343 # the request.
344 # gRPC handles serialization and deserialization, so we just need
345 # to pass in the functions for each.
346 if "get_secret" not in self._stubs:
347 self._stubs["get_secret"] = self.grpc_channel.unary_unary(
348 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
349 request_serializer=service.GetSecretRequest.serialize,
350 response_deserializer=resources.Secret.deserialize,
351 )
352 return self._stubs["get_secret"]
354 @property
355 def update_secret(
356 self,
357 ) -> Callable[[service.UpdateSecretRequest], resources.Secret]:
358 r"""Return a callable for the update secret method over gRPC.
360 Updates metadata of an existing
361 [Secret][google.cloud.secrets.v1beta1.Secret].
363 Returns:
364 Callable[[~.UpdateSecretRequest],
365 ~.Secret]:
366 A function that, when called, will call the underlying RPC
367 on the server.
368 """
369 # Generate a "stub function" on-the-fly which will actually make
370 # the request.
371 # gRPC handles serialization and deserialization, so we just need
372 # to pass in the functions for each.
373 if "update_secret" not in self._stubs:
374 self._stubs["update_secret"] = self.grpc_channel.unary_unary(
375 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
376 request_serializer=service.UpdateSecretRequest.serialize,
377 response_deserializer=resources.Secret.deserialize,
378 )
379 return self._stubs["update_secret"]
381 @property
382 def delete_secret(self) -> Callable[[service.DeleteSecretRequest], empty_pb2.Empty]:
383 r"""Return a callable for the delete secret method over gRPC.
385 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
387 Returns:
388 Callable[[~.DeleteSecretRequest],
389 ~.Empty]:
390 A function that, when called, will call the underlying RPC
391 on the server.
392 """
393 # Generate a "stub function" on-the-fly which will actually make
394 # the request.
395 # gRPC handles serialization and deserialization, so we just need
396 # to pass in the functions for each.
397 if "delete_secret" not in self._stubs:
398 self._stubs["delete_secret"] = self.grpc_channel.unary_unary(
399 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
400 request_serializer=service.DeleteSecretRequest.serialize,
401 response_deserializer=empty_pb2.Empty.FromString,
402 )
403 return self._stubs["delete_secret"]
405 @property
406 def list_secret_versions(
407 self,
408 ) -> Callable[
409 [service.ListSecretVersionsRequest], service.ListSecretVersionsResponse
410 ]:
411 r"""Return a callable for the list secret versions method over gRPC.
413 Lists
414 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
415 This call does not return secret data.
417 Returns:
418 Callable[[~.ListSecretVersionsRequest],
419 ~.ListSecretVersionsResponse]:
420 A function that, when called, will call the underlying RPC
421 on the server.
422 """
423 # Generate a "stub function" on-the-fly which will actually make
424 # the request.
425 # gRPC handles serialization and deserialization, so we just need
426 # to pass in the functions for each.
427 if "list_secret_versions" not in self._stubs:
428 self._stubs["list_secret_versions"] = self.grpc_channel.unary_unary(
429 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
430 request_serializer=service.ListSecretVersionsRequest.serialize,
431 response_deserializer=service.ListSecretVersionsResponse.deserialize,
432 )
433 return self._stubs["list_secret_versions"]
435 @property
436 def get_secret_version(
437 self,
438 ) -> Callable[[service.GetSecretVersionRequest], resources.SecretVersion]:
439 r"""Return a callable for the get secret version method over gRPC.
441 Gets metadata for a
442 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
444 ``projects/*/secrets/*/versions/latest`` is an alias to the
445 ``latest``
446 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
448 Returns:
449 Callable[[~.GetSecretVersionRequest],
450 ~.SecretVersion]:
451 A function that, when called, will call the underlying RPC
452 on the server.
453 """
454 # Generate a "stub function" on-the-fly which will actually make
455 # the request.
456 # gRPC handles serialization and deserialization, so we just need
457 # to pass in the functions for each.
458 if "get_secret_version" not in self._stubs:
459 self._stubs["get_secret_version"] = self.grpc_channel.unary_unary(
460 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
461 request_serializer=service.GetSecretVersionRequest.serialize,
462 response_deserializer=resources.SecretVersion.deserialize,
463 )
464 return self._stubs["get_secret_version"]
466 @property
467 def access_secret_version(
468 self,
469 ) -> Callable[
470 [service.AccessSecretVersionRequest], service.AccessSecretVersionResponse
471 ]:
472 r"""Return a callable for the access secret version method over gRPC.
474 Accesses a
475 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
476 This call returns the secret data.
478 ``projects/*/secrets/*/versions/latest`` is an alias to the
479 ``latest``
480 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
482 Returns:
483 Callable[[~.AccessSecretVersionRequest],
484 ~.AccessSecretVersionResponse]:
485 A function that, when called, will call the underlying RPC
486 on the server.
487 """
488 # Generate a "stub function" on-the-fly which will actually make
489 # the request.
490 # gRPC handles serialization and deserialization, so we just need
491 # to pass in the functions for each.
492 if "access_secret_version" not in self._stubs:
493 self._stubs["access_secret_version"] = self.grpc_channel.unary_unary(
494 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
495 request_serializer=service.AccessSecretVersionRequest.serialize,
496 response_deserializer=service.AccessSecretVersionResponse.deserialize,
497 )
498 return self._stubs["access_secret_version"]
500 @property
501 def disable_secret_version(
502 self,
503 ) -> Callable[[service.DisableSecretVersionRequest], resources.SecretVersion]:
504 r"""Return a callable for the disable secret version method over gRPC.
506 Disables a
507 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
509 Sets the
510 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
511 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
512 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
514 Returns:
515 Callable[[~.DisableSecretVersionRequest],
516 ~.SecretVersion]:
517 A function that, when called, will call the underlying RPC
518 on the server.
519 """
520 # Generate a "stub function" on-the-fly which will actually make
521 # the request.
522 # gRPC handles serialization and deserialization, so we just need
523 # to pass in the functions for each.
524 if "disable_secret_version" not in self._stubs:
525 self._stubs["disable_secret_version"] = self.grpc_channel.unary_unary(
526 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
527 request_serializer=service.DisableSecretVersionRequest.serialize,
528 response_deserializer=resources.SecretVersion.deserialize,
529 )
530 return self._stubs["disable_secret_version"]
532 @property
533 def enable_secret_version(
534 self,
535 ) -> Callable[[service.EnableSecretVersionRequest], resources.SecretVersion]:
536 r"""Return a callable for the enable secret version method over gRPC.
538 Enables a
539 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
541 Sets the
542 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
543 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
544 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
546 Returns:
547 Callable[[~.EnableSecretVersionRequest],
548 ~.SecretVersion]:
549 A function that, when called, will call the underlying RPC
550 on the server.
551 """
552 # Generate a "stub function" on-the-fly which will actually make
553 # the request.
554 # gRPC handles serialization and deserialization, so we just need
555 # to pass in the functions for each.
556 if "enable_secret_version" not in self._stubs:
557 self._stubs["enable_secret_version"] = self.grpc_channel.unary_unary(
558 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
559 request_serializer=service.EnableSecretVersionRequest.serialize,
560 response_deserializer=resources.SecretVersion.deserialize,
561 )
562 return self._stubs["enable_secret_version"]
564 @property
565 def destroy_secret_version(
566 self,
567 ) -> Callable[[service.DestroySecretVersionRequest], resources.SecretVersion]:
568 r"""Return a callable for the destroy secret version method over gRPC.
570 Destroys a
571 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
573 Sets the
574 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
575 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
576 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
577 and irrevocably destroys the secret data.
579 Returns:
580 Callable[[~.DestroySecretVersionRequest],
581 ~.SecretVersion]:
582 A function that, when called, will call the underlying RPC
583 on the server.
584 """
585 # Generate a "stub function" on-the-fly which will actually make
586 # the request.
587 # gRPC handles serialization and deserialization, so we just need
588 # to pass in the functions for each.
589 if "destroy_secret_version" not in self._stubs:
590 self._stubs["destroy_secret_version"] = self.grpc_channel.unary_unary(
591 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
592 request_serializer=service.DestroySecretVersionRequest.serialize,
593 response_deserializer=resources.SecretVersion.deserialize,
594 )
595 return self._stubs["destroy_secret_version"]
597 @property
598 def set_iam_policy(
599 self,
600 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]:
601 r"""Return a callable for the set iam policy method over gRPC.
603 Sets the access control policy on the specified secret. Replaces
604 any existing policy.
606 Permissions on
607 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
608 enforced according to the policy set on the associated
609 [Secret][google.cloud.secrets.v1beta1.Secret].
611 Returns:
612 Callable[[~.SetIamPolicyRequest],
613 ~.Policy]:
614 A function that, when called, will call the underlying RPC
615 on the server.
616 """
617 # Generate a "stub function" on-the-fly which will actually make
618 # the request.
619 # gRPC handles serialization and deserialization, so we just need
620 # to pass in the functions for each.
621 if "set_iam_policy" not in self._stubs:
622 self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary(
623 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
624 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
625 response_deserializer=policy_pb2.Policy.FromString,
626 )
627 return self._stubs["set_iam_policy"]
629 @property
630 def get_iam_policy(
631 self,
632 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]:
633 r"""Return a callable for the get iam policy method over gRPC.
635 Gets the access control policy for a secret.
636 Returns empty policy if the secret exists and does not
637 have a policy set.
639 Returns:
640 Callable[[~.GetIamPolicyRequest],
641 ~.Policy]:
642 A function that, when called, will call the underlying RPC
643 on the server.
644 """
645 # Generate a "stub function" on-the-fly which will actually make
646 # the request.
647 # gRPC handles serialization and deserialization, so we just need
648 # to pass in the functions for each.
649 if "get_iam_policy" not in self._stubs:
650 self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary(
651 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
652 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
653 response_deserializer=policy_pb2.Policy.FromString,
654 )
655 return self._stubs["get_iam_policy"]
657 @property
658 def test_iam_permissions(
659 self,
660 ) -> Callable[
661 [iam_policy_pb2.TestIamPermissionsRequest],
662 iam_policy_pb2.TestIamPermissionsResponse,
663 ]:
664 r"""Return a callable for the test iam permissions method over gRPC.
666 Returns permissions that a caller has for the specified secret.
667 If the secret does not exist, this call returns an empty set of
668 permissions, not a NOT_FOUND error.
670 Note: This operation is designed to be used for building
671 permission-aware UIs and command-line tools, not for
672 authorization checking. This operation may "fail open" without
673 warning.
675 Returns:
676 Callable[[~.TestIamPermissionsRequest],
677 ~.TestIamPermissionsResponse]:
678 A function that, when called, will call the underlying RPC
679 on the server.
680 """
681 # Generate a "stub function" on-the-fly which will actually make
682 # the request.
683 # gRPC handles serialization and deserialization, so we just need
684 # to pass in the functions for each.
685 if "test_iam_permissions" not in self._stubs:
686 self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary(
687 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
688 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
689 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
690 )
691 return self._stubs["test_iam_permissions"]
693 def close(self):
694 self.grpc_channel.close()
696 @property
697 def kind(self) -> str:
698 return "grpc"
701__all__ = ("SecretManagerServiceGrpcTransport",)