Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from collections import OrderedDict
17import logging as std_logging
18import re
19from typing import (
20 Callable,
21 Dict,
22 Mapping,
23 MutableMapping,
24 MutableSequence,
25 Optional,
26 Sequence,
27 Tuple,
28 Type,
29 Union,
30)
32from google.api_core import exceptions as core_exceptions
33from google.api_core import gapic_v1
34from google.api_core import retry_async as retries
35from google.api_core.client_options import ClientOptions
36from google.auth import credentials as ga_credentials # type: ignore
37from google.oauth2 import service_account # type: ignore
39from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
41try:
42 OptionalRetry = Union[retries.AsyncRetry, gapic_v1.method._MethodDefault, None]
43except AttributeError: # pragma: NO COVER
44 OptionalRetry = Union[retries.AsyncRetry, object, None] # type: ignore
46from google.iam.v1 import iam_policy_pb2 # type: ignore
47from google.iam.v1 import policy_pb2 # type: ignore
48from google.protobuf import field_mask_pb2 # type: ignore
49from google.protobuf import timestamp_pb2 # type: ignore
51from google.cloud.secretmanager_v1beta1.services.secret_manager_service import pagers
52from google.cloud.secretmanager_v1beta1.types import resources, service
54from .client import SecretManagerServiceClient
55from .transports.base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
56from .transports.grpc_asyncio import SecretManagerServiceGrpcAsyncIOTransport
58try:
59 from google.api_core import client_logging # type: ignore
61 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
62except ImportError: # pragma: NO COVER
63 CLIENT_LOGGING_SUPPORTED = False
65_LOGGER = std_logging.getLogger(__name__)
68class SecretManagerServiceAsyncClient:
69 """Secret Manager Service
71 Manages secrets and operations using those secrets. Implements a
72 REST model with the following objects:
74 - [Secret][google.cloud.secrets.v1beta1.Secret]
75 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
76 """
78 _client: SecretManagerServiceClient
80 # Copy defaults from the synchronous client for use here.
81 # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead.
82 DEFAULT_ENDPOINT = SecretManagerServiceClient.DEFAULT_ENDPOINT
83 DEFAULT_MTLS_ENDPOINT = SecretManagerServiceClient.DEFAULT_MTLS_ENDPOINT
84 _DEFAULT_ENDPOINT_TEMPLATE = SecretManagerServiceClient._DEFAULT_ENDPOINT_TEMPLATE
85 _DEFAULT_UNIVERSE = SecretManagerServiceClient._DEFAULT_UNIVERSE
87 secret_path = staticmethod(SecretManagerServiceClient.secret_path)
88 parse_secret_path = staticmethod(SecretManagerServiceClient.parse_secret_path)
89 secret_version_path = staticmethod(SecretManagerServiceClient.secret_version_path)
90 parse_secret_version_path = staticmethod(
91 SecretManagerServiceClient.parse_secret_version_path
92 )
93 common_billing_account_path = staticmethod(
94 SecretManagerServiceClient.common_billing_account_path
95 )
96 parse_common_billing_account_path = staticmethod(
97 SecretManagerServiceClient.parse_common_billing_account_path
98 )
99 common_folder_path = staticmethod(SecretManagerServiceClient.common_folder_path)
100 parse_common_folder_path = staticmethod(
101 SecretManagerServiceClient.parse_common_folder_path
102 )
103 common_organization_path = staticmethod(
104 SecretManagerServiceClient.common_organization_path
105 )
106 parse_common_organization_path = staticmethod(
107 SecretManagerServiceClient.parse_common_organization_path
108 )
109 common_project_path = staticmethod(SecretManagerServiceClient.common_project_path)
110 parse_common_project_path = staticmethod(
111 SecretManagerServiceClient.parse_common_project_path
112 )
113 common_location_path = staticmethod(SecretManagerServiceClient.common_location_path)
114 parse_common_location_path = staticmethod(
115 SecretManagerServiceClient.parse_common_location_path
116 )
118 @classmethod
119 def from_service_account_info(cls, info: dict, *args, **kwargs):
120 """Creates an instance of this client using the provided credentials
121 info.
123 Args:
124 info (dict): The service account private key info.
125 args: Additional arguments to pass to the constructor.
126 kwargs: Additional arguments to pass to the constructor.
128 Returns:
129 SecretManagerServiceAsyncClient: The constructed client.
130 """
131 return SecretManagerServiceClient.from_service_account_info.__func__(SecretManagerServiceAsyncClient, info, *args, **kwargs) # type: ignore
133 @classmethod
134 def from_service_account_file(cls, filename: str, *args, **kwargs):
135 """Creates an instance of this client using the provided credentials
136 file.
138 Args:
139 filename (str): The path to the service account private key json
140 file.
141 args: Additional arguments to pass to the constructor.
142 kwargs: Additional arguments to pass to the constructor.
144 Returns:
145 SecretManagerServiceAsyncClient: The constructed client.
146 """
147 return SecretManagerServiceClient.from_service_account_file.__func__(SecretManagerServiceAsyncClient, filename, *args, **kwargs) # type: ignore
149 from_service_account_json = from_service_account_file
151 @classmethod
152 def get_mtls_endpoint_and_cert_source(
153 cls, client_options: Optional[ClientOptions] = None
154 ):
155 """Return the API endpoint and client cert source for mutual TLS.
157 The client cert source is determined in the following order:
158 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
159 client cert source is None.
160 (2) if `client_options.client_cert_source` is provided, use the provided one; if the
161 default client cert source exists, use the default one; otherwise the client cert
162 source is None.
164 The API endpoint is determined in the following order:
165 (1) if `client_options.api_endpoint` if provided, use the provided one.
166 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
167 default mTLS endpoint; if the environment variable is "never", use the default API
168 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
169 use the default API endpoint.
171 More details can be found at https://google.aip.dev/auth/4114.
173 Args:
174 client_options (google.api_core.client_options.ClientOptions): Custom options for the
175 client. Only the `api_endpoint` and `client_cert_source` properties may be used
176 in this method.
178 Returns:
179 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
180 client cert source to use.
182 Raises:
183 google.auth.exceptions.MutualTLSChannelError: If any errors happen.
184 """
185 return SecretManagerServiceClient.get_mtls_endpoint_and_cert_source(client_options) # type: ignore
187 @property
188 def transport(self) -> SecretManagerServiceTransport:
189 """Returns the transport used by the client instance.
191 Returns:
192 SecretManagerServiceTransport: The transport used by the client instance.
193 """
194 return self._client.transport
196 @property
197 def api_endpoint(self):
198 """Return the API endpoint used by the client instance.
200 Returns:
201 str: The API endpoint used by the client instance.
202 """
203 return self._client._api_endpoint
205 @property
206 def universe_domain(self) -> str:
207 """Return the universe domain used by the client instance.
209 Returns:
210 str: The universe domain used
211 by the client instance.
212 """
213 return self._client._universe_domain
215 get_transport_class = SecretManagerServiceClient.get_transport_class
217 def __init__(
218 self,
219 *,
220 credentials: Optional[ga_credentials.Credentials] = None,
221 transport: Optional[
222 Union[
223 str,
224 SecretManagerServiceTransport,
225 Callable[..., SecretManagerServiceTransport],
226 ]
227 ] = "grpc_asyncio",
228 client_options: Optional[ClientOptions] = None,
229 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
230 ) -> None:
231 """Instantiates the secret manager service async client.
233 Args:
234 credentials (Optional[google.auth.credentials.Credentials]): The
235 authorization credentials to attach to requests. These
236 credentials identify the application to the service; if none
237 are specified, the client will attempt to ascertain the
238 credentials from the environment.
239 transport (Optional[Union[str,SecretManagerServiceTransport,Callable[..., SecretManagerServiceTransport]]]):
240 The transport to use, or a Callable that constructs and returns a new transport to use.
241 If a Callable is given, it will be called with the same set of initialization
242 arguments as used in the SecretManagerServiceTransport constructor.
243 If set to None, a transport is chosen automatically.
244 client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]):
245 Custom options for the client.
247 1. The ``api_endpoint`` property can be used to override the
248 default endpoint provided by the client when ``transport`` is
249 not explicitly provided. Only if this property is not set and
250 ``transport`` was not explicitly provided, the endpoint is
251 determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment
252 variable, which have one of the following values:
253 "always" (always use the default mTLS endpoint), "never" (always
254 use the default regular endpoint) and "auto" (auto-switch to the
255 default mTLS endpoint if client certificate is present; this is
256 the default value).
258 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
259 is "true", then the ``client_cert_source`` property can be used
260 to provide a client certificate for mTLS transport. If
261 not provided, the default SSL client certificate will be used if
262 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
263 set, no client certificate will be used.
265 3. The ``universe_domain`` property can be used to override the
266 default "googleapis.com" universe. Note that ``api_endpoint``
267 property still takes precedence; and ``universe_domain`` is
268 currently not supported for mTLS.
270 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
271 The client info used to send a user-agent string along with
272 API requests. If ``None``, then default info will be used.
273 Generally, you only need to set this if you're developing
274 your own client library.
276 Raises:
277 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
278 creation failed for any reason.
279 """
280 self._client = SecretManagerServiceClient(
281 credentials=credentials,
282 transport=transport,
283 client_options=client_options,
284 client_info=client_info,
285 )
287 if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
288 std_logging.DEBUG
289 ): # pragma: NO COVER
290 _LOGGER.debug(
291 "Created client `google.cloud.secrets_v1beta1.SecretManagerServiceAsyncClient`.",
292 extra={
293 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
294 "universeDomain": getattr(
295 self._client._transport._credentials, "universe_domain", ""
296 ),
297 "credentialsType": f"{type(self._client._transport._credentials).__module__}.{type(self._client._transport._credentials).__qualname__}",
298 "credentialsInfo": getattr(
299 self.transport._credentials, "get_cred_info", lambda: None
300 )(),
301 }
302 if hasattr(self._client._transport, "_credentials")
303 else {
304 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
305 "credentialsType": None,
306 },
307 )
309 async def list_secrets(
310 self,
311 request: Optional[Union[service.ListSecretsRequest, dict]] = None,
312 *,
313 parent: Optional[str] = None,
314 retry: OptionalRetry = gapic_v1.method.DEFAULT,
315 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
316 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
317 ) -> pagers.ListSecretsAsyncPager:
318 r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
320 .. code-block:: python
322 # This snippet has been automatically generated and should be regarded as a
323 # code template only.
324 # It will require modifications to work:
325 # - It may require correct/in-range values for request initialization.
326 # - It may require specifying regional endpoints when creating the service
327 # client as shown in:
328 # https://googleapis.dev/python/google-api-core/latest/client_options.html
329 from google.cloud import secretmanager_v1beta1
331 async def sample_list_secrets():
332 # Create a client
333 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
335 # Initialize request argument(s)
336 request = secretmanager_v1beta1.ListSecretsRequest(
337 parent="parent_value",
338 )
340 # Make the request
341 page_result = client.list_secrets(request=request)
343 # Handle the response
344 async for response in page_result:
345 print(response)
347 Args:
348 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]]):
349 The request object. Request message for
350 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
351 parent (:class:`str`):
352 Required. The resource name of the project associated
353 with the [Secrets][google.cloud.secrets.v1beta1.Secret],
354 in the format ``projects/*``.
356 This corresponds to the ``parent`` field
357 on the ``request`` instance; if ``request`` is provided, this
358 should not be set.
359 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
360 should be retried.
361 timeout (float): The timeout for this request.
362 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
363 sent along with the request as metadata. Normally, each value must be of type `str`,
364 but for metadata keys ending with the suffix `-bin`, the corresponding values must
365 be of type `bytes`.
367 Returns:
368 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsAsyncPager:
369 Response message for
370 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
372 Iterating over this object will yield results and
373 resolve additional pages automatically.
375 """
376 # Create or coerce a protobuf request object.
377 # - Quick check: If we got a request object, we should *not* have
378 # gotten any keyword arguments that map to the request.
379 has_flattened_params = any([parent])
380 if request is not None and has_flattened_params:
381 raise ValueError(
382 "If the `request` argument is set, then none of "
383 "the individual field arguments should be set."
384 )
386 # - Use the request object if provided (there's no risk of modifying the input as
387 # there are no flattened fields), or create one.
388 if not isinstance(request, service.ListSecretsRequest):
389 request = service.ListSecretsRequest(request)
391 # If we have keyword arguments corresponding to fields on the
392 # request, apply these.
393 if parent is not None:
394 request.parent = parent
396 # Wrap the RPC method; this adds retry and timeout information,
397 # and friendly error handling.
398 rpc = self._client._transport._wrapped_methods[
399 self._client._transport.list_secrets
400 ]
402 # Certain fields should be provided within the metadata header;
403 # add these here.
404 metadata = tuple(metadata) + (
405 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
406 )
408 # Validate the universe domain.
409 self._client._validate_universe_domain()
411 # Send the request.
412 response = await rpc(
413 request,
414 retry=retry,
415 timeout=timeout,
416 metadata=metadata,
417 )
419 # This method is paged; wrap the response in a pager, which provides
420 # an `__aiter__` convenience method.
421 response = pagers.ListSecretsAsyncPager(
422 method=rpc,
423 request=request,
424 response=response,
425 retry=retry,
426 timeout=timeout,
427 metadata=metadata,
428 )
430 # Done; return the response.
431 return response
433 async def create_secret(
434 self,
435 request: Optional[Union[service.CreateSecretRequest, dict]] = None,
436 *,
437 parent: Optional[str] = None,
438 secret_id: Optional[str] = None,
439 secret: Optional[resources.Secret] = None,
440 retry: OptionalRetry = gapic_v1.method.DEFAULT,
441 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
442 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
443 ) -> resources.Secret:
444 r"""Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
445 containing no
446 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
448 .. code-block:: python
450 # This snippet has been automatically generated and should be regarded as a
451 # code template only.
452 # It will require modifications to work:
453 # - It may require correct/in-range values for request initialization.
454 # - It may require specifying regional endpoints when creating the service
455 # client as shown in:
456 # https://googleapis.dev/python/google-api-core/latest/client_options.html
457 from google.cloud import secretmanager_v1beta1
459 async def sample_create_secret():
460 # Create a client
461 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
463 # Initialize request argument(s)
464 request = secretmanager_v1beta1.CreateSecretRequest(
465 parent="parent_value",
466 secret_id="secret_id_value",
467 )
469 # Make the request
470 response = await client.create_secret(request=request)
472 # Handle the response
473 print(response)
475 Args:
476 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]]):
477 The request object. Request message for
478 [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret].
479 parent (:class:`str`):
480 Required. The resource name of the project to associate
481 with the [Secret][google.cloud.secrets.v1beta1.Secret],
482 in the format ``projects/*``.
484 This corresponds to the ``parent`` field
485 on the ``request`` instance; if ``request`` is provided, this
486 should not be set.
487 secret_id (:class:`str`):
488 Required. This must be unique within the project.
490 A secret ID is a string with a maximum length of 255
491 characters and can contain uppercase and lowercase
492 letters, numerals, and the hyphen (``-``) and underscore
493 (``_``) characters.
495 This corresponds to the ``secret_id`` field
496 on the ``request`` instance; if ``request`` is provided, this
497 should not be set.
498 secret (:class:`google.cloud.secretmanager_v1beta1.types.Secret`):
499 Required. A
500 [Secret][google.cloud.secrets.v1beta1.Secret] with
501 initial field values.
503 This corresponds to the ``secret`` field
504 on the ``request`` instance; if ``request`` is provided, this
505 should not be set.
506 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
507 should be retried.
508 timeout (float): The timeout for this request.
509 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
510 sent along with the request as metadata. Normally, each value must be of type `str`,
511 but for metadata keys ending with the suffix `-bin`, the corresponding values must
512 be of type `bytes`.
514 Returns:
515 google.cloud.secretmanager_v1beta1.types.Secret:
516 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
517 be accessed.
519 A [Secret][google.cloud.secrets.v1beta1.Secret] is
520 made up of zero or more
521 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
522 that represent the secret data.
524 """
525 # Create or coerce a protobuf request object.
526 # - Quick check: If we got a request object, we should *not* have
527 # gotten any keyword arguments that map to the request.
528 has_flattened_params = any([parent, secret_id, secret])
529 if request is not None and has_flattened_params:
530 raise ValueError(
531 "If the `request` argument is set, then none of "
532 "the individual field arguments should be set."
533 )
535 # - Use the request object if provided (there's no risk of modifying the input as
536 # there are no flattened fields), or create one.
537 if not isinstance(request, service.CreateSecretRequest):
538 request = service.CreateSecretRequest(request)
540 # If we have keyword arguments corresponding to fields on the
541 # request, apply these.
542 if parent is not None:
543 request.parent = parent
544 if secret_id is not None:
545 request.secret_id = secret_id
546 if secret is not None:
547 request.secret = secret
549 # Wrap the RPC method; this adds retry and timeout information,
550 # and friendly error handling.
551 rpc = self._client._transport._wrapped_methods[
552 self._client._transport.create_secret
553 ]
555 # Certain fields should be provided within the metadata header;
556 # add these here.
557 metadata = tuple(metadata) + (
558 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
559 )
561 # Validate the universe domain.
562 self._client._validate_universe_domain()
564 # Send the request.
565 response = await rpc(
566 request,
567 retry=retry,
568 timeout=timeout,
569 metadata=metadata,
570 )
572 # Done; return the response.
573 return response
575 async def add_secret_version(
576 self,
577 request: Optional[Union[service.AddSecretVersionRequest, dict]] = None,
578 *,
579 parent: Optional[str] = None,
580 payload: Optional[resources.SecretPayload] = None,
581 retry: OptionalRetry = gapic_v1.method.DEFAULT,
582 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
583 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
584 ) -> resources.SecretVersion:
585 r"""Creates a new
586 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
587 containing secret data and attaches it to an existing
588 [Secret][google.cloud.secrets.v1beta1.Secret].
590 .. code-block:: python
592 # This snippet has been automatically generated and should be regarded as a
593 # code template only.
594 # It will require modifications to work:
595 # - It may require correct/in-range values for request initialization.
596 # - It may require specifying regional endpoints when creating the service
597 # client as shown in:
598 # https://googleapis.dev/python/google-api-core/latest/client_options.html
599 from google.cloud import secretmanager_v1beta1
601 async def sample_add_secret_version():
602 # Create a client
603 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
605 # Initialize request argument(s)
606 request = secretmanager_v1beta1.AddSecretVersionRequest(
607 parent="parent_value",
608 )
610 # Make the request
611 response = await client.add_secret_version(request=request)
613 # Handle the response
614 print(response)
616 Args:
617 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]]):
618 The request object. Request message for
619 [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion].
620 parent (:class:`str`):
621 Required. The resource name of the
622 [Secret][google.cloud.secrets.v1beta1.Secret] to
623 associate with the
624 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
625 in the format ``projects/*/secrets/*``.
627 This corresponds to the ``parent`` field
628 on the ``request`` instance; if ``request`` is provided, this
629 should not be set.
630 payload (:class:`google.cloud.secretmanager_v1beta1.types.SecretPayload`):
631 Required. The secret payload of the
632 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
634 This corresponds to the ``payload`` field
635 on the ``request`` instance; if ``request`` is provided, this
636 should not be set.
637 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
638 should be retried.
639 timeout (float): The timeout for this request.
640 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
641 sent along with the request as metadata. Normally, each value must be of type `str`,
642 but for metadata keys ending with the suffix `-bin`, the corresponding values must
643 be of type `bytes`.
645 Returns:
646 google.cloud.secretmanager_v1beta1.types.SecretVersion:
647 A secret version resource in the
648 Secret Manager API.
650 """
651 # Create or coerce a protobuf request object.
652 # - Quick check: If we got a request object, we should *not* have
653 # gotten any keyword arguments that map to the request.
654 has_flattened_params = any([parent, payload])
655 if request is not None and has_flattened_params:
656 raise ValueError(
657 "If the `request` argument is set, then none of "
658 "the individual field arguments should be set."
659 )
661 # - Use the request object if provided (there's no risk of modifying the input as
662 # there are no flattened fields), or create one.
663 if not isinstance(request, service.AddSecretVersionRequest):
664 request = service.AddSecretVersionRequest(request)
666 # If we have keyword arguments corresponding to fields on the
667 # request, apply these.
668 if parent is not None:
669 request.parent = parent
670 if payload is not None:
671 request.payload = payload
673 # Wrap the RPC method; this adds retry and timeout information,
674 # and friendly error handling.
675 rpc = self._client._transport._wrapped_methods[
676 self._client._transport.add_secret_version
677 ]
679 # Certain fields should be provided within the metadata header;
680 # add these here.
681 metadata = tuple(metadata) + (
682 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
683 )
685 # Validate the universe domain.
686 self._client._validate_universe_domain()
688 # Send the request.
689 response = await rpc(
690 request,
691 retry=retry,
692 timeout=timeout,
693 metadata=metadata,
694 )
696 # Done; return the response.
697 return response
699 async def get_secret(
700 self,
701 request: Optional[Union[service.GetSecretRequest, dict]] = None,
702 *,
703 name: Optional[str] = None,
704 retry: OptionalRetry = gapic_v1.method.DEFAULT,
705 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
706 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
707 ) -> resources.Secret:
708 r"""Gets metadata for a given
709 [Secret][google.cloud.secrets.v1beta1.Secret].
711 .. code-block:: python
713 # This snippet has been automatically generated and should be regarded as a
714 # code template only.
715 # It will require modifications to work:
716 # - It may require correct/in-range values for request initialization.
717 # - It may require specifying regional endpoints when creating the service
718 # client as shown in:
719 # https://googleapis.dev/python/google-api-core/latest/client_options.html
720 from google.cloud import secretmanager_v1beta1
722 async def sample_get_secret():
723 # Create a client
724 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
726 # Initialize request argument(s)
727 request = secretmanager_v1beta1.GetSecretRequest(
728 name="name_value",
729 )
731 # Make the request
732 response = await client.get_secret(request=request)
734 # Handle the response
735 print(response)
737 Args:
738 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]]):
739 The request object. Request message for
740 [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret].
741 name (:class:`str`):
742 Required. The resource name of the
743 [Secret][google.cloud.secrets.v1beta1.Secret], in the
744 format ``projects/*/secrets/*``.
746 This corresponds to the ``name`` field
747 on the ``request`` instance; if ``request`` is provided, this
748 should not be set.
749 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
750 should be retried.
751 timeout (float): The timeout for this request.
752 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
753 sent along with the request as metadata. Normally, each value must be of type `str`,
754 but for metadata keys ending with the suffix `-bin`, the corresponding values must
755 be of type `bytes`.
757 Returns:
758 google.cloud.secretmanager_v1beta1.types.Secret:
759 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
760 be accessed.
762 A [Secret][google.cloud.secrets.v1beta1.Secret] is
763 made up of zero or more
764 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
765 that represent the secret data.
767 """
768 # Create or coerce a protobuf request object.
769 # - Quick check: If we got a request object, we should *not* have
770 # gotten any keyword arguments that map to the request.
771 has_flattened_params = any([name])
772 if request is not None and has_flattened_params:
773 raise ValueError(
774 "If the `request` argument is set, then none of "
775 "the individual field arguments should be set."
776 )
778 # - Use the request object if provided (there's no risk of modifying the input as
779 # there are no flattened fields), or create one.
780 if not isinstance(request, service.GetSecretRequest):
781 request = service.GetSecretRequest(request)
783 # If we have keyword arguments corresponding to fields on the
784 # request, apply these.
785 if name is not None:
786 request.name = name
788 # Wrap the RPC method; this adds retry and timeout information,
789 # and friendly error handling.
790 rpc = self._client._transport._wrapped_methods[
791 self._client._transport.get_secret
792 ]
794 # Certain fields should be provided within the metadata header;
795 # add these here.
796 metadata = tuple(metadata) + (
797 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
798 )
800 # Validate the universe domain.
801 self._client._validate_universe_domain()
803 # Send the request.
804 response = await rpc(
805 request,
806 retry=retry,
807 timeout=timeout,
808 metadata=metadata,
809 )
811 # Done; return the response.
812 return response
814 async def update_secret(
815 self,
816 request: Optional[Union[service.UpdateSecretRequest, dict]] = None,
817 *,
818 secret: Optional[resources.Secret] = None,
819 update_mask: Optional[field_mask_pb2.FieldMask] = None,
820 retry: OptionalRetry = gapic_v1.method.DEFAULT,
821 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
822 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
823 ) -> resources.Secret:
824 r"""Updates metadata of an existing
825 [Secret][google.cloud.secrets.v1beta1.Secret].
827 .. code-block:: python
829 # This snippet has been automatically generated and should be regarded as a
830 # code template only.
831 # It will require modifications to work:
832 # - It may require correct/in-range values for request initialization.
833 # - It may require specifying regional endpoints when creating the service
834 # client as shown in:
835 # https://googleapis.dev/python/google-api-core/latest/client_options.html
836 from google.cloud import secretmanager_v1beta1
838 async def sample_update_secret():
839 # Create a client
840 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
842 # Initialize request argument(s)
843 request = secretmanager_v1beta1.UpdateSecretRequest(
844 )
846 # Make the request
847 response = await client.update_secret(request=request)
849 # Handle the response
850 print(response)
852 Args:
853 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]]):
854 The request object. Request message for
855 [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret].
856 secret (:class:`google.cloud.secretmanager_v1beta1.types.Secret`):
857 Required. [Secret][google.cloud.secrets.v1beta1.Secret]
858 with updated field values.
860 This corresponds to the ``secret`` field
861 on the ``request`` instance; if ``request`` is provided, this
862 should not be set.
863 update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
864 Required. Specifies the fields to be
865 updated.
867 This corresponds to the ``update_mask`` field
868 on the ``request`` instance; if ``request`` is provided, this
869 should not be set.
870 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
871 should be retried.
872 timeout (float): The timeout for this request.
873 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
874 sent along with the request as metadata. Normally, each value must be of type `str`,
875 but for metadata keys ending with the suffix `-bin`, the corresponding values must
876 be of type `bytes`.
878 Returns:
879 google.cloud.secretmanager_v1beta1.types.Secret:
880 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
881 be accessed.
883 A [Secret][google.cloud.secrets.v1beta1.Secret] is
884 made up of zero or more
885 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
886 that represent the secret data.
888 """
889 # Create or coerce a protobuf request object.
890 # - Quick check: If we got a request object, we should *not* have
891 # gotten any keyword arguments that map to the request.
892 has_flattened_params = any([secret, update_mask])
893 if request is not None and has_flattened_params:
894 raise ValueError(
895 "If the `request` argument is set, then none of "
896 "the individual field arguments should be set."
897 )
899 # - Use the request object if provided (there's no risk of modifying the input as
900 # there are no flattened fields), or create one.
901 if not isinstance(request, service.UpdateSecretRequest):
902 request = service.UpdateSecretRequest(request)
904 # If we have keyword arguments corresponding to fields on the
905 # request, apply these.
906 if secret is not None:
907 request.secret = secret
908 if update_mask is not None:
909 request.update_mask = update_mask
911 # Wrap the RPC method; this adds retry and timeout information,
912 # and friendly error handling.
913 rpc = self._client._transport._wrapped_methods[
914 self._client._transport.update_secret
915 ]
917 # Certain fields should be provided within the metadata header;
918 # add these here.
919 metadata = tuple(metadata) + (
920 gapic_v1.routing_header.to_grpc_metadata(
921 (("secret.name", request.secret.name),)
922 ),
923 )
925 # Validate the universe domain.
926 self._client._validate_universe_domain()
928 # Send the request.
929 response = await rpc(
930 request,
931 retry=retry,
932 timeout=timeout,
933 metadata=metadata,
934 )
936 # Done; return the response.
937 return response
939 async def delete_secret(
940 self,
941 request: Optional[Union[service.DeleteSecretRequest, dict]] = None,
942 *,
943 name: Optional[str] = None,
944 retry: OptionalRetry = gapic_v1.method.DEFAULT,
945 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
946 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
947 ) -> None:
948 r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
950 .. code-block:: python
952 # This snippet has been automatically generated and should be regarded as a
953 # code template only.
954 # It will require modifications to work:
955 # - It may require correct/in-range values for request initialization.
956 # - It may require specifying regional endpoints when creating the service
957 # client as shown in:
958 # https://googleapis.dev/python/google-api-core/latest/client_options.html
959 from google.cloud import secretmanager_v1beta1
961 async def sample_delete_secret():
962 # Create a client
963 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
965 # Initialize request argument(s)
966 request = secretmanager_v1beta1.DeleteSecretRequest(
967 name="name_value",
968 )
970 # Make the request
971 await client.delete_secret(request=request)
973 Args:
974 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]]):
975 The request object. Request message for
976 [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret].
977 name (:class:`str`):
978 Required. The resource name of the
979 [Secret][google.cloud.secrets.v1beta1.Secret] to delete
980 in the format ``projects/*/secrets/*``.
982 This corresponds to the ``name`` field
983 on the ``request`` instance; if ``request`` is provided, this
984 should not be set.
985 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
986 should be retried.
987 timeout (float): The timeout for this request.
988 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
989 sent along with the request as metadata. Normally, each value must be of type `str`,
990 but for metadata keys ending with the suffix `-bin`, the corresponding values must
991 be of type `bytes`.
992 """
993 # Create or coerce a protobuf request object.
994 # - Quick check: If we got a request object, we should *not* have
995 # gotten any keyword arguments that map to the request.
996 has_flattened_params = any([name])
997 if request is not None and has_flattened_params:
998 raise ValueError(
999 "If the `request` argument is set, then none of "
1000 "the individual field arguments should be set."
1001 )
1003 # - Use the request object if provided (there's no risk of modifying the input as
1004 # there are no flattened fields), or create one.
1005 if not isinstance(request, service.DeleteSecretRequest):
1006 request = service.DeleteSecretRequest(request)
1008 # If we have keyword arguments corresponding to fields on the
1009 # request, apply these.
1010 if name is not None:
1011 request.name = name
1013 # Wrap the RPC method; this adds retry and timeout information,
1014 # and friendly error handling.
1015 rpc = self._client._transport._wrapped_methods[
1016 self._client._transport.delete_secret
1017 ]
1019 # Certain fields should be provided within the metadata header;
1020 # add these here.
1021 metadata = tuple(metadata) + (
1022 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1023 )
1025 # Validate the universe domain.
1026 self._client._validate_universe_domain()
1028 # Send the request.
1029 await rpc(
1030 request,
1031 retry=retry,
1032 timeout=timeout,
1033 metadata=metadata,
1034 )
1036 async def list_secret_versions(
1037 self,
1038 request: Optional[Union[service.ListSecretVersionsRequest, dict]] = None,
1039 *,
1040 parent: Optional[str] = None,
1041 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1042 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1043 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1044 ) -> pagers.ListSecretVersionsAsyncPager:
1045 r"""Lists
1046 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
1047 This call does not return secret data.
1049 .. code-block:: python
1051 # This snippet has been automatically generated and should be regarded as a
1052 # code template only.
1053 # It will require modifications to work:
1054 # - It may require correct/in-range values for request initialization.
1055 # - It may require specifying regional endpoints when creating the service
1056 # client as shown in:
1057 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1058 from google.cloud import secretmanager_v1beta1
1060 async def sample_list_secret_versions():
1061 # Create a client
1062 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1064 # Initialize request argument(s)
1065 request = secretmanager_v1beta1.ListSecretVersionsRequest(
1066 parent="parent_value",
1067 )
1069 # Make the request
1070 page_result = client.list_secret_versions(request=request)
1072 # Handle the response
1073 async for response in page_result:
1074 print(response)
1076 Args:
1077 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]]):
1078 The request object. Request message for
1079 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1080 parent (:class:`str`):
1081 Required. The resource name of the
1082 [Secret][google.cloud.secrets.v1beta1.Secret] associated
1083 with the
1084 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1085 to list, in the format ``projects/*/secrets/*``.
1087 This corresponds to the ``parent`` field
1088 on the ``request`` instance; if ``request`` is provided, this
1089 should not be set.
1090 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1091 should be retried.
1092 timeout (float): The timeout for this request.
1093 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1094 sent along with the request as metadata. Normally, each value must be of type `str`,
1095 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1096 be of type `bytes`.
1098 Returns:
1099 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsAsyncPager:
1100 Response message for
1101 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1103 Iterating over this object will yield results and
1104 resolve additional pages automatically.
1106 """
1107 # Create or coerce a protobuf request object.
1108 # - Quick check: If we got a request object, we should *not* have
1109 # gotten any keyword arguments that map to the request.
1110 has_flattened_params = any([parent])
1111 if request is not None and has_flattened_params:
1112 raise ValueError(
1113 "If the `request` argument is set, then none of "
1114 "the individual field arguments should be set."
1115 )
1117 # - Use the request object if provided (there's no risk of modifying the input as
1118 # there are no flattened fields), or create one.
1119 if not isinstance(request, service.ListSecretVersionsRequest):
1120 request = service.ListSecretVersionsRequest(request)
1122 # If we have keyword arguments corresponding to fields on the
1123 # request, apply these.
1124 if parent is not None:
1125 request.parent = parent
1127 # Wrap the RPC method; this adds retry and timeout information,
1128 # and friendly error handling.
1129 rpc = self._client._transport._wrapped_methods[
1130 self._client._transport.list_secret_versions
1131 ]
1133 # Certain fields should be provided within the metadata header;
1134 # add these here.
1135 metadata = tuple(metadata) + (
1136 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1137 )
1139 # Validate the universe domain.
1140 self._client._validate_universe_domain()
1142 # Send the request.
1143 response = await rpc(
1144 request,
1145 retry=retry,
1146 timeout=timeout,
1147 metadata=metadata,
1148 )
1150 # This method is paged; wrap the response in a pager, which provides
1151 # an `__aiter__` convenience method.
1152 response = pagers.ListSecretVersionsAsyncPager(
1153 method=rpc,
1154 request=request,
1155 response=response,
1156 retry=retry,
1157 timeout=timeout,
1158 metadata=metadata,
1159 )
1161 # Done; return the response.
1162 return response
1164 async def get_secret_version(
1165 self,
1166 request: Optional[Union[service.GetSecretVersionRequest, dict]] = None,
1167 *,
1168 name: Optional[str] = None,
1169 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1170 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1171 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1172 ) -> resources.SecretVersion:
1173 r"""Gets metadata for a
1174 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1176 ``projects/*/secrets/*/versions/latest`` is an alias to the
1177 ``latest``
1178 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1180 .. code-block:: python
1182 # This snippet has been automatically generated and should be regarded as a
1183 # code template only.
1184 # It will require modifications to work:
1185 # - It may require correct/in-range values for request initialization.
1186 # - It may require specifying regional endpoints when creating the service
1187 # client as shown in:
1188 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1189 from google.cloud import secretmanager_v1beta1
1191 async def sample_get_secret_version():
1192 # Create a client
1193 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1195 # Initialize request argument(s)
1196 request = secretmanager_v1beta1.GetSecretVersionRequest(
1197 name="name_value",
1198 )
1200 # Make the request
1201 response = await client.get_secret_version(request=request)
1203 # Handle the response
1204 print(response)
1206 Args:
1207 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]]):
1208 The request object. Request message for
1209 [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion].
1210 name (:class:`str`):
1211 Required. The resource name of the
1212 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1213 in the format ``projects/*/secrets/*/versions/*``.
1214 ``projects/*/secrets/*/versions/latest`` is an alias to
1215 the ``latest``
1216 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1218 This corresponds to the ``name`` field
1219 on the ``request`` instance; if ``request`` is provided, this
1220 should not be set.
1221 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1222 should be retried.
1223 timeout (float): The timeout for this request.
1224 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1225 sent along with the request as metadata. Normally, each value must be of type `str`,
1226 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1227 be of type `bytes`.
1229 Returns:
1230 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1231 A secret version resource in the
1232 Secret Manager API.
1234 """
1235 # Create or coerce a protobuf request object.
1236 # - Quick check: If we got a request object, we should *not* have
1237 # gotten any keyword arguments that map to the request.
1238 has_flattened_params = any([name])
1239 if request is not None and has_flattened_params:
1240 raise ValueError(
1241 "If the `request` argument is set, then none of "
1242 "the individual field arguments should be set."
1243 )
1245 # - Use the request object if provided (there's no risk of modifying the input as
1246 # there are no flattened fields), or create one.
1247 if not isinstance(request, service.GetSecretVersionRequest):
1248 request = service.GetSecretVersionRequest(request)
1250 # If we have keyword arguments corresponding to fields on the
1251 # request, apply these.
1252 if name is not None:
1253 request.name = name
1255 # Wrap the RPC method; this adds retry and timeout information,
1256 # and friendly error handling.
1257 rpc = self._client._transport._wrapped_methods[
1258 self._client._transport.get_secret_version
1259 ]
1261 # Certain fields should be provided within the metadata header;
1262 # add these here.
1263 metadata = tuple(metadata) + (
1264 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1265 )
1267 # Validate the universe domain.
1268 self._client._validate_universe_domain()
1270 # Send the request.
1271 response = await rpc(
1272 request,
1273 retry=retry,
1274 timeout=timeout,
1275 metadata=metadata,
1276 )
1278 # Done; return the response.
1279 return response
1281 async def access_secret_version(
1282 self,
1283 request: Optional[Union[service.AccessSecretVersionRequest, dict]] = None,
1284 *,
1285 name: Optional[str] = None,
1286 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1287 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1288 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1289 ) -> service.AccessSecretVersionResponse:
1290 r"""Accesses a
1291 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1292 This call returns the secret data.
1294 ``projects/*/secrets/*/versions/latest`` is an alias to the
1295 ``latest``
1296 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1298 .. code-block:: python
1300 # This snippet has been automatically generated and should be regarded as a
1301 # code template only.
1302 # It will require modifications to work:
1303 # - It may require correct/in-range values for request initialization.
1304 # - It may require specifying regional endpoints when creating the service
1305 # client as shown in:
1306 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1307 from google.cloud import secretmanager_v1beta1
1309 async def sample_access_secret_version():
1310 # Create a client
1311 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1313 # Initialize request argument(s)
1314 request = secretmanager_v1beta1.AccessSecretVersionRequest(
1315 name="name_value",
1316 )
1318 # Make the request
1319 response = await client.access_secret_version(request=request)
1321 # Handle the response
1322 print(response)
1324 Args:
1325 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]]):
1326 The request object. Request message for
1327 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1328 name (:class:`str`):
1329 Required. The resource name of the
1330 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1331 in the format ``projects/*/secrets/*/versions/*``.
1333 This corresponds to the ``name`` field
1334 on the ``request`` instance; if ``request`` is provided, this
1335 should not be set.
1336 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1337 should be retried.
1338 timeout (float): The timeout for this request.
1339 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1340 sent along with the request as metadata. Normally, each value must be of type `str`,
1341 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1342 be of type `bytes`.
1344 Returns:
1345 google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse:
1346 Response message for
1347 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1349 """
1350 # Create or coerce a protobuf request object.
1351 # - Quick check: If we got a request object, we should *not* have
1352 # gotten any keyword arguments that map to the request.
1353 has_flattened_params = any([name])
1354 if request is not None and has_flattened_params:
1355 raise ValueError(
1356 "If the `request` argument is set, then none of "
1357 "the individual field arguments should be set."
1358 )
1360 # - Use the request object if provided (there's no risk of modifying the input as
1361 # there are no flattened fields), or create one.
1362 if not isinstance(request, service.AccessSecretVersionRequest):
1363 request = service.AccessSecretVersionRequest(request)
1365 # If we have keyword arguments corresponding to fields on the
1366 # request, apply these.
1367 if name is not None:
1368 request.name = name
1370 # Wrap the RPC method; this adds retry and timeout information,
1371 # and friendly error handling.
1372 rpc = self._client._transport._wrapped_methods[
1373 self._client._transport.access_secret_version
1374 ]
1376 # Certain fields should be provided within the metadata header;
1377 # add these here.
1378 metadata = tuple(metadata) + (
1379 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1380 )
1382 # Validate the universe domain.
1383 self._client._validate_universe_domain()
1385 # Send the request.
1386 response = await rpc(
1387 request,
1388 retry=retry,
1389 timeout=timeout,
1390 metadata=metadata,
1391 )
1393 # Done; return the response.
1394 return response
1396 async def disable_secret_version(
1397 self,
1398 request: Optional[Union[service.DisableSecretVersionRequest, dict]] = None,
1399 *,
1400 name: Optional[str] = None,
1401 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1402 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1403 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1404 ) -> resources.SecretVersion:
1405 r"""Disables a
1406 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1408 Sets the
1409 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1410 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1411 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
1413 .. code-block:: python
1415 # This snippet has been automatically generated and should be regarded as a
1416 # code template only.
1417 # It will require modifications to work:
1418 # - It may require correct/in-range values for request initialization.
1419 # - It may require specifying regional endpoints when creating the service
1420 # client as shown in:
1421 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1422 from google.cloud import secretmanager_v1beta1
1424 async def sample_disable_secret_version():
1425 # Create a client
1426 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1428 # Initialize request argument(s)
1429 request = secretmanager_v1beta1.DisableSecretVersionRequest(
1430 name="name_value",
1431 )
1433 # Make the request
1434 response = await client.disable_secret_version(request=request)
1436 # Handle the response
1437 print(response)
1439 Args:
1440 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]]):
1441 The request object. Request message for
1442 [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion].
1443 name (:class:`str`):
1444 Required. The resource name of the
1445 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1446 to disable in the format
1447 ``projects/*/secrets/*/versions/*``.
1449 This corresponds to the ``name`` field
1450 on the ``request`` instance; if ``request`` is provided, this
1451 should not be set.
1452 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1453 should be retried.
1454 timeout (float): The timeout for this request.
1455 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1456 sent along with the request as metadata. Normally, each value must be of type `str`,
1457 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1458 be of type `bytes`.
1460 Returns:
1461 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1462 A secret version resource in the
1463 Secret Manager API.
1465 """
1466 # Create or coerce a protobuf request object.
1467 # - Quick check: If we got a request object, we should *not* have
1468 # gotten any keyword arguments that map to the request.
1469 has_flattened_params = any([name])
1470 if request is not None and has_flattened_params:
1471 raise ValueError(
1472 "If the `request` argument is set, then none of "
1473 "the individual field arguments should be set."
1474 )
1476 # - Use the request object if provided (there's no risk of modifying the input as
1477 # there are no flattened fields), or create one.
1478 if not isinstance(request, service.DisableSecretVersionRequest):
1479 request = service.DisableSecretVersionRequest(request)
1481 # If we have keyword arguments corresponding to fields on the
1482 # request, apply these.
1483 if name is not None:
1484 request.name = name
1486 # Wrap the RPC method; this adds retry and timeout information,
1487 # and friendly error handling.
1488 rpc = self._client._transport._wrapped_methods[
1489 self._client._transport.disable_secret_version
1490 ]
1492 # Certain fields should be provided within the metadata header;
1493 # add these here.
1494 metadata = tuple(metadata) + (
1495 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1496 )
1498 # Validate the universe domain.
1499 self._client._validate_universe_domain()
1501 # Send the request.
1502 response = await rpc(
1503 request,
1504 retry=retry,
1505 timeout=timeout,
1506 metadata=metadata,
1507 )
1509 # Done; return the response.
1510 return response
1512 async def enable_secret_version(
1513 self,
1514 request: Optional[Union[service.EnableSecretVersionRequest, dict]] = None,
1515 *,
1516 name: Optional[str] = None,
1517 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1518 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1519 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1520 ) -> resources.SecretVersion:
1521 r"""Enables a
1522 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1524 Sets the
1525 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1526 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1527 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
1529 .. code-block:: python
1531 # This snippet has been automatically generated and should be regarded as a
1532 # code template only.
1533 # It will require modifications to work:
1534 # - It may require correct/in-range values for request initialization.
1535 # - It may require specifying regional endpoints when creating the service
1536 # client as shown in:
1537 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1538 from google.cloud import secretmanager_v1beta1
1540 async def sample_enable_secret_version():
1541 # Create a client
1542 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1544 # Initialize request argument(s)
1545 request = secretmanager_v1beta1.EnableSecretVersionRequest(
1546 name="name_value",
1547 )
1549 # Make the request
1550 response = await client.enable_secret_version(request=request)
1552 # Handle the response
1553 print(response)
1555 Args:
1556 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]]):
1557 The request object. Request message for
1558 [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion].
1559 name (:class:`str`):
1560 Required. The resource name of the
1561 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1562 to enable in the format
1563 ``projects/*/secrets/*/versions/*``.
1565 This corresponds to the ``name`` field
1566 on the ``request`` instance; if ``request`` is provided, this
1567 should not be set.
1568 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1569 should be retried.
1570 timeout (float): The timeout for this request.
1571 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1572 sent along with the request as metadata. Normally, each value must be of type `str`,
1573 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1574 be of type `bytes`.
1576 Returns:
1577 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1578 A secret version resource in the
1579 Secret Manager API.
1581 """
1582 # Create or coerce a protobuf request object.
1583 # - Quick check: If we got a request object, we should *not* have
1584 # gotten any keyword arguments that map to the request.
1585 has_flattened_params = any([name])
1586 if request is not None and has_flattened_params:
1587 raise ValueError(
1588 "If the `request` argument is set, then none of "
1589 "the individual field arguments should be set."
1590 )
1592 # - Use the request object if provided (there's no risk of modifying the input as
1593 # there are no flattened fields), or create one.
1594 if not isinstance(request, service.EnableSecretVersionRequest):
1595 request = service.EnableSecretVersionRequest(request)
1597 # If we have keyword arguments corresponding to fields on the
1598 # request, apply these.
1599 if name is not None:
1600 request.name = name
1602 # Wrap the RPC method; this adds retry and timeout information,
1603 # and friendly error handling.
1604 rpc = self._client._transport._wrapped_methods[
1605 self._client._transport.enable_secret_version
1606 ]
1608 # Certain fields should be provided within the metadata header;
1609 # add these here.
1610 metadata = tuple(metadata) + (
1611 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1612 )
1614 # Validate the universe domain.
1615 self._client._validate_universe_domain()
1617 # Send the request.
1618 response = await rpc(
1619 request,
1620 retry=retry,
1621 timeout=timeout,
1622 metadata=metadata,
1623 )
1625 # Done; return the response.
1626 return response
1628 async def destroy_secret_version(
1629 self,
1630 request: Optional[Union[service.DestroySecretVersionRequest, dict]] = None,
1631 *,
1632 name: Optional[str] = None,
1633 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1634 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1635 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1636 ) -> resources.SecretVersion:
1637 r"""Destroys a
1638 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1640 Sets the
1641 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1642 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1643 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
1644 and irrevocably destroys the secret data.
1646 .. code-block:: python
1648 # This snippet has been automatically generated and should be regarded as a
1649 # code template only.
1650 # It will require modifications to work:
1651 # - It may require correct/in-range values for request initialization.
1652 # - It may require specifying regional endpoints when creating the service
1653 # client as shown in:
1654 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1655 from google.cloud import secretmanager_v1beta1
1657 async def sample_destroy_secret_version():
1658 # Create a client
1659 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1661 # Initialize request argument(s)
1662 request = secretmanager_v1beta1.DestroySecretVersionRequest(
1663 name="name_value",
1664 )
1666 # Make the request
1667 response = await client.destroy_secret_version(request=request)
1669 # Handle the response
1670 print(response)
1672 Args:
1673 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]]):
1674 The request object. Request message for
1675 [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion].
1676 name (:class:`str`):
1677 Required. The resource name of the
1678 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1679 to destroy in the format
1680 ``projects/*/secrets/*/versions/*``.
1682 This corresponds to the ``name`` field
1683 on the ``request`` instance; if ``request`` is provided, this
1684 should not be set.
1685 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1686 should be retried.
1687 timeout (float): The timeout for this request.
1688 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1689 sent along with the request as metadata. Normally, each value must be of type `str`,
1690 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1691 be of type `bytes`.
1693 Returns:
1694 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1695 A secret version resource in the
1696 Secret Manager API.
1698 """
1699 # Create or coerce a protobuf request object.
1700 # - Quick check: If we got a request object, we should *not* have
1701 # gotten any keyword arguments that map to the request.
1702 has_flattened_params = any([name])
1703 if request is not None and has_flattened_params:
1704 raise ValueError(
1705 "If the `request` argument is set, then none of "
1706 "the individual field arguments should be set."
1707 )
1709 # - Use the request object if provided (there's no risk of modifying the input as
1710 # there are no flattened fields), or create one.
1711 if not isinstance(request, service.DestroySecretVersionRequest):
1712 request = service.DestroySecretVersionRequest(request)
1714 # If we have keyword arguments corresponding to fields on the
1715 # request, apply these.
1716 if name is not None:
1717 request.name = name
1719 # Wrap the RPC method; this adds retry and timeout information,
1720 # and friendly error handling.
1721 rpc = self._client._transport._wrapped_methods[
1722 self._client._transport.destroy_secret_version
1723 ]
1725 # Certain fields should be provided within the metadata header;
1726 # add these here.
1727 metadata = tuple(metadata) + (
1728 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1729 )
1731 # Validate the universe domain.
1732 self._client._validate_universe_domain()
1734 # Send the request.
1735 response = await rpc(
1736 request,
1737 retry=retry,
1738 timeout=timeout,
1739 metadata=metadata,
1740 )
1742 # Done; return the response.
1743 return response
1745 async def set_iam_policy(
1746 self,
1747 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None,
1748 *,
1749 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1750 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1751 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1752 ) -> policy_pb2.Policy:
1753 r"""Sets the access control policy on the specified secret. Replaces
1754 any existing policy.
1756 Permissions on
1757 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
1758 enforced according to the policy set on the associated
1759 [Secret][google.cloud.secrets.v1beta1.Secret].
1761 .. code-block:: python
1763 # This snippet has been automatically generated and should be regarded as a
1764 # code template only.
1765 # It will require modifications to work:
1766 # - It may require correct/in-range values for request initialization.
1767 # - It may require specifying regional endpoints when creating the service
1768 # client as shown in:
1769 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1770 from google.cloud import secretmanager_v1beta1
1771 from google.iam.v1 import iam_policy_pb2 # type: ignore
1773 async def sample_set_iam_policy():
1774 # Create a client
1775 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1777 # Initialize request argument(s)
1778 request = iam_policy_pb2.SetIamPolicyRequest(
1779 resource="resource_value",
1780 )
1782 # Make the request
1783 response = await client.set_iam_policy(request=request)
1785 # Handle the response
1786 print(response)
1788 Args:
1789 request (Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]]):
1790 The request object. Request message for ``SetIamPolicy`` method.
1791 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1792 should be retried.
1793 timeout (float): The timeout for this request.
1794 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1795 sent along with the request as metadata. Normally, each value must be of type `str`,
1796 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1797 be of type `bytes`.
1799 Returns:
1800 google.iam.v1.policy_pb2.Policy:
1801 An Identity and Access Management (IAM) policy, which specifies access
1802 controls for Google Cloud resources.
1804 A Policy is a collection of bindings. A binding binds
1805 one or more members, or principals, to a single role.
1806 Principals can be user accounts, service accounts,
1807 Google groups, and domains (such as G Suite). A role
1808 is a named list of permissions; each role can be an
1809 IAM predefined role or a user-created custom role.
1811 For some types of Google Cloud resources, a binding
1812 can also specify a condition, which is a logical
1813 expression that allows access to a resource only if
1814 the expression evaluates to true. A condition can add
1815 constraints based on attributes of the request, the
1816 resource, or both. To learn which resources support
1817 conditions in their IAM policies, see the [IAM
1818 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
1820 **JSON example:**
1822 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
1824 **YAML example:**
1826 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
1828 For a description of IAM and its features, see the
1829 [IAM
1830 documentation](\ https://cloud.google.com/iam/docs/).
1832 """
1833 # Create or coerce a protobuf request object.
1834 # - The request isn't a proto-plus wrapped type,
1835 # so it must be constructed via keyword expansion.
1836 if isinstance(request, dict):
1837 request = iam_policy_pb2.SetIamPolicyRequest(**request)
1838 elif not request:
1839 request = iam_policy_pb2.SetIamPolicyRequest()
1841 # Wrap the RPC method; this adds retry and timeout information,
1842 # and friendly error handling.
1843 rpc = self._client._transport._wrapped_methods[
1844 self._client._transport.set_iam_policy
1845 ]
1847 # Certain fields should be provided within the metadata header;
1848 # add these here.
1849 metadata = tuple(metadata) + (
1850 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
1851 )
1853 # Validate the universe domain.
1854 self._client._validate_universe_domain()
1856 # Send the request.
1857 response = await rpc(
1858 request,
1859 retry=retry,
1860 timeout=timeout,
1861 metadata=metadata,
1862 )
1864 # Done; return the response.
1865 return response
1867 async def get_iam_policy(
1868 self,
1869 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None,
1870 *,
1871 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1872 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1873 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1874 ) -> policy_pb2.Policy:
1875 r"""Gets the access control policy for a secret.
1876 Returns empty policy if the secret exists and does not
1877 have a policy set.
1879 .. code-block:: python
1881 # This snippet has been automatically generated and should be regarded as a
1882 # code template only.
1883 # It will require modifications to work:
1884 # - It may require correct/in-range values for request initialization.
1885 # - It may require specifying regional endpoints when creating the service
1886 # client as shown in:
1887 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1888 from google.cloud import secretmanager_v1beta1
1889 from google.iam.v1 import iam_policy_pb2 # type: ignore
1891 async def sample_get_iam_policy():
1892 # Create a client
1893 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1895 # Initialize request argument(s)
1896 request = iam_policy_pb2.GetIamPolicyRequest(
1897 resource="resource_value",
1898 )
1900 # Make the request
1901 response = await client.get_iam_policy(request=request)
1903 # Handle the response
1904 print(response)
1906 Args:
1907 request (Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]]):
1908 The request object. Request message for ``GetIamPolicy`` method.
1909 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1910 should be retried.
1911 timeout (float): The timeout for this request.
1912 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1913 sent along with the request as metadata. Normally, each value must be of type `str`,
1914 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1915 be of type `bytes`.
1917 Returns:
1918 google.iam.v1.policy_pb2.Policy:
1919 An Identity and Access Management (IAM) policy, which specifies access
1920 controls for Google Cloud resources.
1922 A Policy is a collection of bindings. A binding binds
1923 one or more members, or principals, to a single role.
1924 Principals can be user accounts, service accounts,
1925 Google groups, and domains (such as G Suite). A role
1926 is a named list of permissions; each role can be an
1927 IAM predefined role or a user-created custom role.
1929 For some types of Google Cloud resources, a binding
1930 can also specify a condition, which is a logical
1931 expression that allows access to a resource only if
1932 the expression evaluates to true. A condition can add
1933 constraints based on attributes of the request, the
1934 resource, or both. To learn which resources support
1935 conditions in their IAM policies, see the [IAM
1936 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
1938 **JSON example:**
1940 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
1942 **YAML example:**
1944 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
1946 For a description of IAM and its features, see the
1947 [IAM
1948 documentation](\ https://cloud.google.com/iam/docs/).
1950 """
1951 # Create or coerce a protobuf request object.
1952 # - The request isn't a proto-plus wrapped type,
1953 # so it must be constructed via keyword expansion.
1954 if isinstance(request, dict):
1955 request = iam_policy_pb2.GetIamPolicyRequest(**request)
1956 elif not request:
1957 request = iam_policy_pb2.GetIamPolicyRequest()
1959 # Wrap the RPC method; this adds retry and timeout information,
1960 # and friendly error handling.
1961 rpc = self._client._transport._wrapped_methods[
1962 self._client._transport.get_iam_policy
1963 ]
1965 # Certain fields should be provided within the metadata header;
1966 # add these here.
1967 metadata = tuple(metadata) + (
1968 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
1969 )
1971 # Validate the universe domain.
1972 self._client._validate_universe_domain()
1974 # Send the request.
1975 response = await rpc(
1976 request,
1977 retry=retry,
1978 timeout=timeout,
1979 metadata=metadata,
1980 )
1982 # Done; return the response.
1983 return response
1985 async def test_iam_permissions(
1986 self,
1987 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None,
1988 *,
1989 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1990 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1991 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1992 ) -> iam_policy_pb2.TestIamPermissionsResponse:
1993 r"""Returns permissions that a caller has for the specified secret.
1994 If the secret does not exist, this call returns an empty set of
1995 permissions, not a NOT_FOUND error.
1997 Note: This operation is designed to be used for building
1998 permission-aware UIs and command-line tools, not for
1999 authorization checking. This operation may "fail open" without
2000 warning.
2002 .. code-block:: python
2004 # This snippet has been automatically generated and should be regarded as a
2005 # code template only.
2006 # It will require modifications to work:
2007 # - It may require correct/in-range values for request initialization.
2008 # - It may require specifying regional endpoints when creating the service
2009 # client as shown in:
2010 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2011 from google.cloud import secretmanager_v1beta1
2012 from google.iam.v1 import iam_policy_pb2 # type: ignore
2014 async def sample_test_iam_permissions():
2015 # Create a client
2016 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
2018 # Initialize request argument(s)
2019 request = iam_policy_pb2.TestIamPermissionsRequest(
2020 resource="resource_value",
2021 permissions=['permissions_value1', 'permissions_value2'],
2022 )
2024 # Make the request
2025 response = await client.test_iam_permissions(request=request)
2027 # Handle the response
2028 print(response)
2030 Args:
2031 request (Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]]):
2032 The request object. Request message for ``TestIamPermissions`` method.
2033 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
2034 should be retried.
2035 timeout (float): The timeout for this request.
2036 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2037 sent along with the request as metadata. Normally, each value must be of type `str`,
2038 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2039 be of type `bytes`.
2041 Returns:
2042 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
2043 Response message for TestIamPermissions method.
2044 """
2045 # Create or coerce a protobuf request object.
2046 # - The request isn't a proto-plus wrapped type,
2047 # so it must be constructed via keyword expansion.
2048 if isinstance(request, dict):
2049 request = iam_policy_pb2.TestIamPermissionsRequest(**request)
2050 elif not request:
2051 request = iam_policy_pb2.TestIamPermissionsRequest()
2053 # Wrap the RPC method; this adds retry and timeout information,
2054 # and friendly error handling.
2055 rpc = self._client._transport._wrapped_methods[
2056 self._client._transport.test_iam_permissions
2057 ]
2059 # Certain fields should be provided within the metadata header;
2060 # add these here.
2061 metadata = tuple(metadata) + (
2062 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2063 )
2065 # Validate the universe domain.
2066 self._client._validate_universe_domain()
2068 # Send the request.
2069 response = await rpc(
2070 request,
2071 retry=retry,
2072 timeout=timeout,
2073 metadata=metadata,
2074 )
2076 # Done; return the response.
2077 return response
2079 async def __aenter__(self) -> "SecretManagerServiceAsyncClient":
2080 return self
2082 async def __aexit__(self, exc_type, exc, tb):
2083 await self.transport.close()
2086DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
2087 gapic_version=package_version.__version__
2088)
2091__all__ = ("SecretManagerServiceAsyncClient",)