Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import inspect
17import json
18import logging as std_logging
19import pickle
20from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
21import warnings
23from google.api_core import exceptions as core_exceptions
24from google.api_core import gapic_v1, grpc_helpers_async
25from google.api_core import retry_async as retries
26from google.auth import credentials as ga_credentials # type: ignore
27from google.auth.transport.grpc import SslCredentials # type: ignore
28from google.iam.v1 import iam_policy_pb2 # type: ignore
29from google.iam.v1 import policy_pb2 # type: ignore
30from google.protobuf import empty_pb2 # type: ignore
31from google.protobuf.json_format import MessageToJson
32import google.protobuf.message
33import grpc # type: ignore
34from grpc.experimental import aio # type: ignore
35import proto # type: ignore
37from google.cloud.secretmanager_v1beta1.types import resources, service
39from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
40from .grpc import SecretManagerServiceGrpcTransport
42try:
43 from google.api_core import client_logging # type: ignore
45 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
46except ImportError: # pragma: NO COVER
47 CLIENT_LOGGING_SUPPORTED = False
49_LOGGER = std_logging.getLogger(__name__)
52class _LoggingClientAIOInterceptor(
53 grpc.aio.UnaryUnaryClientInterceptor
54): # pragma: NO COVER
55 async def intercept_unary_unary(self, continuation, client_call_details, request):
56 logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
57 std_logging.DEBUG
58 )
59 if logging_enabled: # pragma: NO COVER
60 request_metadata = client_call_details.metadata
61 if isinstance(request, proto.Message):
62 request_payload = type(request).to_json(request)
63 elif isinstance(request, google.protobuf.message.Message):
64 request_payload = MessageToJson(request)
65 else:
66 request_payload = f"{type(request).__name__}: {pickle.dumps(request)}"
68 request_metadata = {
69 key: value.decode("utf-8") if isinstance(value, bytes) else value
70 for key, value in request_metadata
71 }
72 grpc_request = {
73 "payload": request_payload,
74 "requestMethod": "grpc",
75 "metadata": dict(request_metadata),
76 }
77 _LOGGER.debug(
78 f"Sending request for {client_call_details.method}",
79 extra={
80 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
81 "rpcName": str(client_call_details.method),
82 "request": grpc_request,
83 "metadata": grpc_request["metadata"],
84 },
85 )
86 response = await continuation(client_call_details, request)
87 if logging_enabled: # pragma: NO COVER
88 response_metadata = await response.trailing_metadata()
89 # Convert gRPC metadata `<class 'grpc.aio._metadata.Metadata'>` to list of tuples
90 metadata = (
91 dict([(k, str(v)) for k, v in response_metadata])
92 if response_metadata
93 else None
94 )
95 result = await response
96 if isinstance(result, proto.Message):
97 response_payload = type(result).to_json(result)
98 elif isinstance(result, google.protobuf.message.Message):
99 response_payload = MessageToJson(result)
100 else:
101 response_payload = f"{type(result).__name__}: {pickle.dumps(result)}"
102 grpc_response = {
103 "payload": response_payload,
104 "metadata": metadata,
105 "status": "OK",
106 }
107 _LOGGER.debug(
108 f"Received response to rpc {client_call_details.method}.",
109 extra={
110 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
111 "rpcName": str(client_call_details.method),
112 "response": grpc_response,
113 "metadata": grpc_response["metadata"],
114 },
115 )
116 return response
119class SecretManagerServiceGrpcAsyncIOTransport(SecretManagerServiceTransport):
120 """gRPC AsyncIO backend transport for SecretManagerService.
122 Secret Manager Service
124 Manages secrets and operations using those secrets. Implements a
125 REST model with the following objects:
127 - [Secret][google.cloud.secrets.v1beta1.Secret]
128 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
130 This class defines the same methods as the primary client, so the
131 primary client can load the underlying transport implementation
132 and call it.
134 It sends protocol buffers over the wire using gRPC (which is built on
135 top of HTTP/2); the ``grpcio`` package must be installed.
136 """
138 _grpc_channel: aio.Channel
139 _stubs: Dict[str, Callable] = {}
141 @classmethod
142 def create_channel(
143 cls,
144 host: str = "secretmanager.googleapis.com",
145 credentials: Optional[ga_credentials.Credentials] = None,
146 credentials_file: Optional[str] = None,
147 scopes: Optional[Sequence[str]] = None,
148 quota_project_id: Optional[str] = None,
149 **kwargs,
150 ) -> aio.Channel:
151 """Create and return a gRPC AsyncIO channel object.
152 Args:
153 host (Optional[str]): The host for the channel to use.
154 credentials (Optional[~.Credentials]): The
155 authorization credentials to attach to requests. These
156 credentials identify this application to the service. If
157 none are specified, the client will attempt to ascertain
158 the credentials from the environment.
159 credentials_file (Optional[str]): A file with credentials that can
160 be loaded with :func:`google.auth.load_credentials_from_file`.
161 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
162 service. These are only used when credentials are not specified and
163 are passed to :func:`google.auth.default`.
164 quota_project_id (Optional[str]): An optional project to use for billing
165 and quota.
166 kwargs (Optional[dict]): Keyword arguments, which are passed to the
167 channel creation.
168 Returns:
169 aio.Channel: A gRPC AsyncIO channel object.
170 """
172 return grpc_helpers_async.create_channel(
173 host,
174 credentials=credentials,
175 credentials_file=credentials_file,
176 quota_project_id=quota_project_id,
177 default_scopes=cls.AUTH_SCOPES,
178 scopes=scopes,
179 default_host=cls.DEFAULT_HOST,
180 **kwargs,
181 )
183 def __init__(
184 self,
185 *,
186 host: str = "secretmanager.googleapis.com",
187 credentials: Optional[ga_credentials.Credentials] = None,
188 credentials_file: Optional[str] = None,
189 scopes: Optional[Sequence[str]] = None,
190 channel: Optional[Union[aio.Channel, Callable[..., aio.Channel]]] = None,
191 api_mtls_endpoint: Optional[str] = None,
192 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
193 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
194 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
195 quota_project_id: Optional[str] = None,
196 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
197 always_use_jwt_access: Optional[bool] = False,
198 api_audience: Optional[str] = None,
199 ) -> None:
200 """Instantiate the transport.
202 Args:
203 host (Optional[str]):
204 The hostname to connect to (default: 'secretmanager.googleapis.com').
205 credentials (Optional[google.auth.credentials.Credentials]): The
206 authorization credentials to attach to requests. These
207 credentials identify the application to the service; if none
208 are specified, the client will attempt to ascertain the
209 credentials from the environment.
210 This argument is ignored if a ``channel`` instance is provided.
211 credentials_file (Optional[str]): A file with credentials that can
212 be loaded with :func:`google.auth.load_credentials_from_file`.
213 This argument is ignored if a ``channel`` instance is provided.
214 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
215 service. These are only used when credentials are not specified and
216 are passed to :func:`google.auth.default`.
217 channel (Optional[Union[aio.Channel, Callable[..., aio.Channel]]]):
218 A ``Channel`` instance through which to make calls, or a Callable
219 that constructs and returns one. If set to None, ``self.create_channel``
220 is used to create the channel. If a Callable is given, it will be called
221 with the same arguments as used in ``self.create_channel``.
222 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
223 If provided, it overrides the ``host`` argument and tries to create
224 a mutual TLS channel with client SSL credentials from
225 ``client_cert_source`` or application default SSL credentials.
226 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
227 Deprecated. A callback to provide client SSL certificate bytes and
228 private key bytes, both in PEM format. It is ignored if
229 ``api_mtls_endpoint`` is None.
230 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
231 for the grpc channel. It is ignored if a ``channel`` instance is provided.
232 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
233 A callback to provide client certificate bytes and private key bytes,
234 both in PEM format. It is used to configure a mutual TLS channel. It is
235 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
236 quota_project_id (Optional[str]): An optional project to use for billing
237 and quota.
238 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
239 The client info used to send a user-agent string along with
240 API requests. If ``None``, then default info will be used.
241 Generally, you only need to set this if you're developing
242 your own client library.
243 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
244 be used for service account credentials.
246 Raises:
247 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
248 creation failed for any reason.
249 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
250 and ``credentials_file`` are passed.
251 """
252 self._grpc_channel = None
253 self._ssl_channel_credentials = ssl_channel_credentials
254 self._stubs: Dict[str, Callable] = {}
256 if api_mtls_endpoint:
257 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
258 if client_cert_source:
259 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
261 if isinstance(channel, aio.Channel):
262 # Ignore credentials if a channel was passed.
263 credentials = None
264 self._ignore_credentials = True
265 # If a channel was explicitly provided, set it.
266 self._grpc_channel = channel
267 self._ssl_channel_credentials = None
268 else:
269 if api_mtls_endpoint:
270 host = api_mtls_endpoint
272 # Create SSL credentials with client_cert_source or application
273 # default SSL credentials.
274 if client_cert_source:
275 cert, key = client_cert_source()
276 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
277 certificate_chain=cert, private_key=key
278 )
279 else:
280 self._ssl_channel_credentials = SslCredentials().ssl_credentials
282 else:
283 if client_cert_source_for_mtls and not ssl_channel_credentials:
284 cert, key = client_cert_source_for_mtls()
285 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
286 certificate_chain=cert, private_key=key
287 )
289 # The base transport sets the host, credentials and scopes
290 super().__init__(
291 host=host,
292 credentials=credentials,
293 credentials_file=credentials_file,
294 scopes=scopes,
295 quota_project_id=quota_project_id,
296 client_info=client_info,
297 always_use_jwt_access=always_use_jwt_access,
298 api_audience=api_audience,
299 )
301 if not self._grpc_channel:
302 # initialize with the provided callable or the default channel
303 channel_init = channel or type(self).create_channel
304 self._grpc_channel = channel_init(
305 self._host,
306 # use the credentials which are saved
307 credentials=self._credentials,
308 # Set ``credentials_file`` to ``None`` here as
309 # the credentials that we saved earlier should be used.
310 credentials_file=None,
311 scopes=self._scopes,
312 ssl_credentials=self._ssl_channel_credentials,
313 quota_project_id=quota_project_id,
314 options=[
315 ("grpc.max_send_message_length", -1),
316 ("grpc.max_receive_message_length", -1),
317 ],
318 )
320 self._interceptor = _LoggingClientAIOInterceptor()
321 self._grpc_channel._unary_unary_interceptors.append(self._interceptor)
322 self._logged_channel = self._grpc_channel
323 self._wrap_with_kind = (
324 "kind" in inspect.signature(gapic_v1.method_async.wrap_method).parameters
325 )
326 # Wrap messages. This must be done after self._logged_channel exists
327 self._prep_wrapped_messages(client_info)
329 @property
330 def grpc_channel(self) -> aio.Channel:
331 """Create the channel designed to connect to this service.
333 This property caches on the instance; repeated calls return
334 the same channel.
335 """
336 # Return the channel from cache.
337 return self._grpc_channel
339 @property
340 def list_secrets(
341 self,
342 ) -> Callable[[service.ListSecretsRequest], Awaitable[service.ListSecretsResponse]]:
343 r"""Return a callable for the list secrets method over gRPC.
345 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
347 Returns:
348 Callable[[~.ListSecretsRequest],
349 Awaitable[~.ListSecretsResponse]]:
350 A function that, when called, will call the underlying RPC
351 on the server.
352 """
353 # Generate a "stub function" on-the-fly which will actually make
354 # the request.
355 # gRPC handles serialization and deserialization, so we just need
356 # to pass in the functions for each.
357 if "list_secrets" not in self._stubs:
358 self._stubs["list_secrets"] = self._logged_channel.unary_unary(
359 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
360 request_serializer=service.ListSecretsRequest.serialize,
361 response_deserializer=service.ListSecretsResponse.deserialize,
362 )
363 return self._stubs["list_secrets"]
365 @property
366 def create_secret(
367 self,
368 ) -> Callable[[service.CreateSecretRequest], Awaitable[resources.Secret]]:
369 r"""Return a callable for the create secret method over gRPC.
371 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
372 containing no
373 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
375 Returns:
376 Callable[[~.CreateSecretRequest],
377 Awaitable[~.Secret]]:
378 A function that, when called, will call the underlying RPC
379 on the server.
380 """
381 # Generate a "stub function" on-the-fly which will actually make
382 # the request.
383 # gRPC handles serialization and deserialization, so we just need
384 # to pass in the functions for each.
385 if "create_secret" not in self._stubs:
386 self._stubs["create_secret"] = self._logged_channel.unary_unary(
387 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
388 request_serializer=service.CreateSecretRequest.serialize,
389 response_deserializer=resources.Secret.deserialize,
390 )
391 return self._stubs["create_secret"]
393 @property
394 def add_secret_version(
395 self,
396 ) -> Callable[
397 [service.AddSecretVersionRequest], Awaitable[resources.SecretVersion]
398 ]:
399 r"""Return a callable for the add secret version method over gRPC.
401 Creates a new
402 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
403 containing secret data and attaches it to an existing
404 [Secret][google.cloud.secrets.v1beta1.Secret].
406 Returns:
407 Callable[[~.AddSecretVersionRequest],
408 Awaitable[~.SecretVersion]]:
409 A function that, when called, will call the underlying RPC
410 on the server.
411 """
412 # Generate a "stub function" on-the-fly which will actually make
413 # the request.
414 # gRPC handles serialization and deserialization, so we just need
415 # to pass in the functions for each.
416 if "add_secret_version" not in self._stubs:
417 self._stubs["add_secret_version"] = self._logged_channel.unary_unary(
418 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
419 request_serializer=service.AddSecretVersionRequest.serialize,
420 response_deserializer=resources.SecretVersion.deserialize,
421 )
422 return self._stubs["add_secret_version"]
424 @property
425 def get_secret(
426 self,
427 ) -> Callable[[service.GetSecretRequest], Awaitable[resources.Secret]]:
428 r"""Return a callable for the get secret method over gRPC.
430 Gets metadata for a given
431 [Secret][google.cloud.secrets.v1beta1.Secret].
433 Returns:
434 Callable[[~.GetSecretRequest],
435 Awaitable[~.Secret]]:
436 A function that, when called, will call the underlying RPC
437 on the server.
438 """
439 # Generate a "stub function" on-the-fly which will actually make
440 # the request.
441 # gRPC handles serialization and deserialization, so we just need
442 # to pass in the functions for each.
443 if "get_secret" not in self._stubs:
444 self._stubs["get_secret"] = self._logged_channel.unary_unary(
445 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
446 request_serializer=service.GetSecretRequest.serialize,
447 response_deserializer=resources.Secret.deserialize,
448 )
449 return self._stubs["get_secret"]
451 @property
452 def update_secret(
453 self,
454 ) -> Callable[[service.UpdateSecretRequest], Awaitable[resources.Secret]]:
455 r"""Return a callable for the update secret method over gRPC.
457 Updates metadata of an existing
458 [Secret][google.cloud.secrets.v1beta1.Secret].
460 Returns:
461 Callable[[~.UpdateSecretRequest],
462 Awaitable[~.Secret]]:
463 A function that, when called, will call the underlying RPC
464 on the server.
465 """
466 # Generate a "stub function" on-the-fly which will actually make
467 # the request.
468 # gRPC handles serialization and deserialization, so we just need
469 # to pass in the functions for each.
470 if "update_secret" not in self._stubs:
471 self._stubs["update_secret"] = self._logged_channel.unary_unary(
472 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
473 request_serializer=service.UpdateSecretRequest.serialize,
474 response_deserializer=resources.Secret.deserialize,
475 )
476 return self._stubs["update_secret"]
478 @property
479 def delete_secret(
480 self,
481 ) -> Callable[[service.DeleteSecretRequest], Awaitable[empty_pb2.Empty]]:
482 r"""Return a callable for the delete secret method over gRPC.
484 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
486 Returns:
487 Callable[[~.DeleteSecretRequest],
488 Awaitable[~.Empty]]:
489 A function that, when called, will call the underlying RPC
490 on the server.
491 """
492 # Generate a "stub function" on-the-fly which will actually make
493 # the request.
494 # gRPC handles serialization and deserialization, so we just need
495 # to pass in the functions for each.
496 if "delete_secret" not in self._stubs:
497 self._stubs["delete_secret"] = self._logged_channel.unary_unary(
498 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
499 request_serializer=service.DeleteSecretRequest.serialize,
500 response_deserializer=empty_pb2.Empty.FromString,
501 )
502 return self._stubs["delete_secret"]
504 @property
505 def list_secret_versions(
506 self,
507 ) -> Callable[
508 [service.ListSecretVersionsRequest],
509 Awaitable[service.ListSecretVersionsResponse],
510 ]:
511 r"""Return a callable for the list secret versions method over gRPC.
513 Lists
514 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
515 This call does not return secret data.
517 Returns:
518 Callable[[~.ListSecretVersionsRequest],
519 Awaitable[~.ListSecretVersionsResponse]]:
520 A function that, when called, will call the underlying RPC
521 on the server.
522 """
523 # Generate a "stub function" on-the-fly which will actually make
524 # the request.
525 # gRPC handles serialization and deserialization, so we just need
526 # to pass in the functions for each.
527 if "list_secret_versions" not in self._stubs:
528 self._stubs["list_secret_versions"] = self._logged_channel.unary_unary(
529 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
530 request_serializer=service.ListSecretVersionsRequest.serialize,
531 response_deserializer=service.ListSecretVersionsResponse.deserialize,
532 )
533 return self._stubs["list_secret_versions"]
535 @property
536 def get_secret_version(
537 self,
538 ) -> Callable[
539 [service.GetSecretVersionRequest], Awaitable[resources.SecretVersion]
540 ]:
541 r"""Return a callable for the get secret version method over gRPC.
543 Gets metadata for a
544 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
546 ``projects/*/secrets/*/versions/latest`` is an alias to the
547 ``latest``
548 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
550 Returns:
551 Callable[[~.GetSecretVersionRequest],
552 Awaitable[~.SecretVersion]]:
553 A function that, when called, will call the underlying RPC
554 on the server.
555 """
556 # Generate a "stub function" on-the-fly which will actually make
557 # the request.
558 # gRPC handles serialization and deserialization, so we just need
559 # to pass in the functions for each.
560 if "get_secret_version" not in self._stubs:
561 self._stubs["get_secret_version"] = self._logged_channel.unary_unary(
562 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
563 request_serializer=service.GetSecretVersionRequest.serialize,
564 response_deserializer=resources.SecretVersion.deserialize,
565 )
566 return self._stubs["get_secret_version"]
568 @property
569 def access_secret_version(
570 self,
571 ) -> Callable[
572 [service.AccessSecretVersionRequest],
573 Awaitable[service.AccessSecretVersionResponse],
574 ]:
575 r"""Return a callable for the access secret version method over gRPC.
577 Accesses a
578 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
579 This call returns the secret data.
581 ``projects/*/secrets/*/versions/latest`` is an alias to the
582 ``latest``
583 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
585 Returns:
586 Callable[[~.AccessSecretVersionRequest],
587 Awaitable[~.AccessSecretVersionResponse]]:
588 A function that, when called, will call the underlying RPC
589 on the server.
590 """
591 # Generate a "stub function" on-the-fly which will actually make
592 # the request.
593 # gRPC handles serialization and deserialization, so we just need
594 # to pass in the functions for each.
595 if "access_secret_version" not in self._stubs:
596 self._stubs["access_secret_version"] = self._logged_channel.unary_unary(
597 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
598 request_serializer=service.AccessSecretVersionRequest.serialize,
599 response_deserializer=service.AccessSecretVersionResponse.deserialize,
600 )
601 return self._stubs["access_secret_version"]
603 @property
604 def disable_secret_version(
605 self,
606 ) -> Callable[
607 [service.DisableSecretVersionRequest], Awaitable[resources.SecretVersion]
608 ]:
609 r"""Return a callable for the disable secret version method over gRPC.
611 Disables a
612 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
614 Sets the
615 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
616 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
617 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
619 Returns:
620 Callable[[~.DisableSecretVersionRequest],
621 Awaitable[~.SecretVersion]]:
622 A function that, when called, will call the underlying RPC
623 on the server.
624 """
625 # Generate a "stub function" on-the-fly which will actually make
626 # the request.
627 # gRPC handles serialization and deserialization, so we just need
628 # to pass in the functions for each.
629 if "disable_secret_version" not in self._stubs:
630 self._stubs["disable_secret_version"] = self._logged_channel.unary_unary(
631 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
632 request_serializer=service.DisableSecretVersionRequest.serialize,
633 response_deserializer=resources.SecretVersion.deserialize,
634 )
635 return self._stubs["disable_secret_version"]
637 @property
638 def enable_secret_version(
639 self,
640 ) -> Callable[
641 [service.EnableSecretVersionRequest], Awaitable[resources.SecretVersion]
642 ]:
643 r"""Return a callable for the enable secret version method over gRPC.
645 Enables a
646 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
648 Sets the
649 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
650 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
651 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
653 Returns:
654 Callable[[~.EnableSecretVersionRequest],
655 Awaitable[~.SecretVersion]]:
656 A function that, when called, will call the underlying RPC
657 on the server.
658 """
659 # Generate a "stub function" on-the-fly which will actually make
660 # the request.
661 # gRPC handles serialization and deserialization, so we just need
662 # to pass in the functions for each.
663 if "enable_secret_version" not in self._stubs:
664 self._stubs["enable_secret_version"] = self._logged_channel.unary_unary(
665 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
666 request_serializer=service.EnableSecretVersionRequest.serialize,
667 response_deserializer=resources.SecretVersion.deserialize,
668 )
669 return self._stubs["enable_secret_version"]
671 @property
672 def destroy_secret_version(
673 self,
674 ) -> Callable[
675 [service.DestroySecretVersionRequest], Awaitable[resources.SecretVersion]
676 ]:
677 r"""Return a callable for the destroy secret version method over gRPC.
679 Destroys a
680 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
682 Sets the
683 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
684 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
685 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
686 and irrevocably destroys the secret data.
688 Returns:
689 Callable[[~.DestroySecretVersionRequest],
690 Awaitable[~.SecretVersion]]:
691 A function that, when called, will call the underlying RPC
692 on the server.
693 """
694 # Generate a "stub function" on-the-fly which will actually make
695 # the request.
696 # gRPC handles serialization and deserialization, so we just need
697 # to pass in the functions for each.
698 if "destroy_secret_version" not in self._stubs:
699 self._stubs["destroy_secret_version"] = self._logged_channel.unary_unary(
700 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
701 request_serializer=service.DestroySecretVersionRequest.serialize,
702 response_deserializer=resources.SecretVersion.deserialize,
703 )
704 return self._stubs["destroy_secret_version"]
706 @property
707 def set_iam_policy(
708 self,
709 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
710 r"""Return a callable for the set iam policy method over gRPC.
712 Sets the access control policy on the specified secret. Replaces
713 any existing policy.
715 Permissions on
716 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
717 enforced according to the policy set on the associated
718 [Secret][google.cloud.secrets.v1beta1.Secret].
720 Returns:
721 Callable[[~.SetIamPolicyRequest],
722 Awaitable[~.Policy]]:
723 A function that, when called, will call the underlying RPC
724 on the server.
725 """
726 # Generate a "stub function" on-the-fly which will actually make
727 # the request.
728 # gRPC handles serialization and deserialization, so we just need
729 # to pass in the functions for each.
730 if "set_iam_policy" not in self._stubs:
731 self._stubs["set_iam_policy"] = self._logged_channel.unary_unary(
732 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
733 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
734 response_deserializer=policy_pb2.Policy.FromString,
735 )
736 return self._stubs["set_iam_policy"]
738 @property
739 def get_iam_policy(
740 self,
741 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
742 r"""Return a callable for the get iam policy method over gRPC.
744 Gets the access control policy for a secret.
745 Returns empty policy if the secret exists and does not
746 have a policy set.
748 Returns:
749 Callable[[~.GetIamPolicyRequest],
750 Awaitable[~.Policy]]:
751 A function that, when called, will call the underlying RPC
752 on the server.
753 """
754 # Generate a "stub function" on-the-fly which will actually make
755 # the request.
756 # gRPC handles serialization and deserialization, so we just need
757 # to pass in the functions for each.
758 if "get_iam_policy" not in self._stubs:
759 self._stubs["get_iam_policy"] = self._logged_channel.unary_unary(
760 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
761 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
762 response_deserializer=policy_pb2.Policy.FromString,
763 )
764 return self._stubs["get_iam_policy"]
766 @property
767 def test_iam_permissions(
768 self,
769 ) -> Callable[
770 [iam_policy_pb2.TestIamPermissionsRequest],
771 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
772 ]:
773 r"""Return a callable for the test iam permissions method over gRPC.
775 Returns permissions that a caller has for the specified secret.
776 If the secret does not exist, this call returns an empty set of
777 permissions, not a NOT_FOUND error.
779 Note: This operation is designed to be used for building
780 permission-aware UIs and command-line tools, not for
781 authorization checking. This operation may "fail open" without
782 warning.
784 Returns:
785 Callable[[~.TestIamPermissionsRequest],
786 Awaitable[~.TestIamPermissionsResponse]]:
787 A function that, when called, will call the underlying RPC
788 on the server.
789 """
790 # Generate a "stub function" on-the-fly which will actually make
791 # the request.
792 # gRPC handles serialization and deserialization, so we just need
793 # to pass in the functions for each.
794 if "test_iam_permissions" not in self._stubs:
795 self._stubs["test_iam_permissions"] = self._logged_channel.unary_unary(
796 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
797 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
798 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
799 )
800 return self._stubs["test_iam_permissions"]
802 def _prep_wrapped_messages(self, client_info):
803 """Precompute the wrapped methods, overriding the base class method to use async wrappers."""
804 self._wrapped_methods = {
805 self.list_secrets: self._wrap_method(
806 self.list_secrets,
807 default_timeout=60.0,
808 client_info=client_info,
809 ),
810 self.create_secret: self._wrap_method(
811 self.create_secret,
812 default_timeout=60.0,
813 client_info=client_info,
814 ),
815 self.add_secret_version: self._wrap_method(
816 self.add_secret_version,
817 default_timeout=60.0,
818 client_info=client_info,
819 ),
820 self.get_secret: self._wrap_method(
821 self.get_secret,
822 default_timeout=60.0,
823 client_info=client_info,
824 ),
825 self.update_secret: self._wrap_method(
826 self.update_secret,
827 default_timeout=60.0,
828 client_info=client_info,
829 ),
830 self.delete_secret: self._wrap_method(
831 self.delete_secret,
832 default_timeout=60.0,
833 client_info=client_info,
834 ),
835 self.list_secret_versions: self._wrap_method(
836 self.list_secret_versions,
837 default_timeout=60.0,
838 client_info=client_info,
839 ),
840 self.get_secret_version: self._wrap_method(
841 self.get_secret_version,
842 default_timeout=60.0,
843 client_info=client_info,
844 ),
845 self.access_secret_version: self._wrap_method(
846 self.access_secret_version,
847 default_retry=retries.AsyncRetry(
848 initial=1.0,
849 maximum=60.0,
850 multiplier=1.3,
851 predicate=retries.if_exception_type(
852 core_exceptions.ServiceUnavailable,
853 core_exceptions.Unknown,
854 ),
855 deadline=60.0,
856 ),
857 default_timeout=60.0,
858 client_info=client_info,
859 ),
860 self.disable_secret_version: self._wrap_method(
861 self.disable_secret_version,
862 default_timeout=60.0,
863 client_info=client_info,
864 ),
865 self.enable_secret_version: self._wrap_method(
866 self.enable_secret_version,
867 default_timeout=60.0,
868 client_info=client_info,
869 ),
870 self.destroy_secret_version: self._wrap_method(
871 self.destroy_secret_version,
872 default_timeout=60.0,
873 client_info=client_info,
874 ),
875 self.set_iam_policy: self._wrap_method(
876 self.set_iam_policy,
877 default_timeout=60.0,
878 client_info=client_info,
879 ),
880 self.get_iam_policy: self._wrap_method(
881 self.get_iam_policy,
882 default_timeout=60.0,
883 client_info=client_info,
884 ),
885 self.test_iam_permissions: self._wrap_method(
886 self.test_iam_permissions,
887 default_timeout=60.0,
888 client_info=client_info,
889 ),
890 }
892 def _wrap_method(self, func, *args, **kwargs):
893 if self._wrap_with_kind: # pragma: NO COVER
894 kwargs["kind"] = self.kind
895 return gapic_v1.method_async.wrap_method(func, *args, **kwargs)
897 def close(self):
898 return self._logged_channel.close()
900 @property
901 def kind(self) -> str:
902 return "grpc_asyncio"
905__all__ = ("SecretManagerServiceGrpcAsyncIOTransport",)