Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.10/site-packages/google/cloud/secretmanager_v1beta1/services/secret_manager_service/client.py: 31%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

424 statements  

1# -*- coding: utf-8 -*- 

2# Copyright 2024 Google LLC 

3# 

4# Licensed under the Apache License, Version 2.0 (the "License"); 

5# you may not use this file except in compliance with the License. 

6# You may obtain a copy of the License at 

7# 

8# http://www.apache.org/licenses/LICENSE-2.0 

9# 

10# Unless required by applicable law or agreed to in writing, software 

11# distributed under the License is distributed on an "AS IS" BASIS, 

12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

13# See the License for the specific language governing permissions and 

14# limitations under the License. 

15# 

16from collections import OrderedDict 

17import logging as std_logging 

18import os 

19import re 

20from typing import ( 

21 Callable, 

22 Dict, 

23 Mapping, 

24 MutableMapping, 

25 MutableSequence, 

26 Optional, 

27 Sequence, 

28 Tuple, 

29 Type, 

30 Union, 

31 cast, 

32) 

33import warnings 

34 

35from google.api_core import client_options as client_options_lib 

36from google.api_core import exceptions as core_exceptions 

37from google.api_core import gapic_v1 

38from google.api_core import retry as retries 

39from google.auth import credentials as ga_credentials # type: ignore 

40from google.auth.exceptions import MutualTLSChannelError # type: ignore 

41from google.auth.transport import mtls # type: ignore 

42from google.auth.transport.grpc import SslCredentials # type: ignore 

43from google.oauth2 import service_account # type: ignore 

44 

45from google.cloud.secretmanager_v1beta1 import gapic_version as package_version 

46 

47try: 

48 OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None] 

49except AttributeError: # pragma: NO COVER 

50 OptionalRetry = Union[retries.Retry, object, None] # type: ignore 

51 

52try: 

53 from google.api_core import client_logging # type: ignore 

54 

55 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER 

56except ImportError: # pragma: NO COVER 

57 CLIENT_LOGGING_SUPPORTED = False 

58 

59_LOGGER = std_logging.getLogger(__name__) 

60 

61from google.iam.v1 import iam_policy_pb2 # type: ignore 

62from google.iam.v1 import policy_pb2 # type: ignore 

63from google.protobuf import field_mask_pb2 # type: ignore 

64from google.protobuf import timestamp_pb2 # type: ignore 

65 

66from google.cloud.secretmanager_v1beta1.services.secret_manager_service import pagers 

67from google.cloud.secretmanager_v1beta1.types import resources, service 

68 

69from .transports.base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport 

70from .transports.grpc import SecretManagerServiceGrpcTransport 

71from .transports.grpc_asyncio import SecretManagerServiceGrpcAsyncIOTransport 

72from .transports.rest import SecretManagerServiceRestTransport 

73 

74 

75class SecretManagerServiceClientMeta(type): 

76 """Metaclass for the SecretManagerService client. 

77 

78 This provides class-level methods for building and retrieving 

79 support objects (e.g. transport) without polluting the client instance 

80 objects. 

81 """ 

82 

83 _transport_registry = ( 

84 OrderedDict() 

85 ) # type: Dict[str, Type[SecretManagerServiceTransport]] 

86 _transport_registry["grpc"] = SecretManagerServiceGrpcTransport 

87 _transport_registry["grpc_asyncio"] = SecretManagerServiceGrpcAsyncIOTransport 

88 _transport_registry["rest"] = SecretManagerServiceRestTransport 

89 

90 def get_transport_class( 

91 cls, 

92 label: Optional[str] = None, 

93 ) -> Type[SecretManagerServiceTransport]: 

94 """Returns an appropriate transport class. 

95 

96 Args: 

97 label: The name of the desired transport. If none is 

98 provided, then the first transport in the registry is used. 

99 

100 Returns: 

101 The transport class to use. 

102 """ 

103 # If a specific transport is requested, return that one. 

104 if label: 

105 return cls._transport_registry[label] 

106 

107 # No transport is requested; return the default (that is, the first one 

108 # in the dictionary). 

109 return next(iter(cls._transport_registry.values())) 

110 

111 

112class SecretManagerServiceClient(metaclass=SecretManagerServiceClientMeta): 

113 """Secret Manager Service 

114 

115 Manages secrets and operations using those secrets. Implements a 

116 REST model with the following objects: 

117 

118 - [Secret][google.cloud.secrets.v1beta1.Secret] 

119 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

120 """ 

121 

122 @staticmethod 

123 def _get_default_mtls_endpoint(api_endpoint): 

124 """Converts api endpoint to mTLS endpoint. 

125 

126 Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to 

127 "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. 

128 Args: 

129 api_endpoint (Optional[str]): the api endpoint to convert. 

130 Returns: 

131 str: converted mTLS api endpoint. 

132 """ 

133 if not api_endpoint: 

134 return api_endpoint 

135 

136 mtls_endpoint_re = re.compile( 

137 r"(?P<name>[^.]+)(?P<mtls>\.mtls)?(?P<sandbox>\.sandbox)?(?P<googledomain>\.googleapis\.com)?" 

138 ) 

139 

140 m = mtls_endpoint_re.match(api_endpoint) 

141 name, mtls, sandbox, googledomain = m.groups() 

142 if mtls or not googledomain: 

143 return api_endpoint 

144 

145 if sandbox: 

146 return api_endpoint.replace( 

147 "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" 

148 ) 

149 

150 return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") 

151 

152 # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead. 

153 DEFAULT_ENDPOINT = "secretmanager.googleapis.com" 

154 DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore 

155 DEFAULT_ENDPOINT 

156 ) 

157 

158 _DEFAULT_ENDPOINT_TEMPLATE = "secretmanager.{UNIVERSE_DOMAIN}" 

159 _DEFAULT_UNIVERSE = "googleapis.com" 

160 

161 @classmethod 

162 def from_service_account_info(cls, info: dict, *args, **kwargs): 

163 """Creates an instance of this client using the provided credentials 

164 info. 

165 

166 Args: 

167 info (dict): The service account private key info. 

168 args: Additional arguments to pass to the constructor. 

169 kwargs: Additional arguments to pass to the constructor. 

170 

171 Returns: 

172 SecretManagerServiceClient: The constructed client. 

173 """ 

174 credentials = service_account.Credentials.from_service_account_info(info) 

175 kwargs["credentials"] = credentials 

176 return cls(*args, **kwargs) 

177 

178 @classmethod 

179 def from_service_account_file(cls, filename: str, *args, **kwargs): 

180 """Creates an instance of this client using the provided credentials 

181 file. 

182 

183 Args: 

184 filename (str): The path to the service account private key json 

185 file. 

186 args: Additional arguments to pass to the constructor. 

187 kwargs: Additional arguments to pass to the constructor. 

188 

189 Returns: 

190 SecretManagerServiceClient: The constructed client. 

191 """ 

192 credentials = service_account.Credentials.from_service_account_file(filename) 

193 kwargs["credentials"] = credentials 

194 return cls(*args, **kwargs) 

195 

196 from_service_account_json = from_service_account_file 

197 

198 @property 

199 def transport(self) -> SecretManagerServiceTransport: 

200 """Returns the transport used by the client instance. 

201 

202 Returns: 

203 SecretManagerServiceTransport: The transport used by the client 

204 instance. 

205 """ 

206 return self._transport 

207 

208 @staticmethod 

209 def secret_path( 

210 project: str, 

211 secret: str, 

212 ) -> str: 

213 """Returns a fully-qualified secret string.""" 

214 return "projects/{project}/secrets/{secret}".format( 

215 project=project, 

216 secret=secret, 

217 ) 

218 

219 @staticmethod 

220 def parse_secret_path(path: str) -> Dict[str, str]: 

221 """Parses a secret path into its component segments.""" 

222 m = re.match(r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)$", path) 

223 return m.groupdict() if m else {} 

224 

225 @staticmethod 

226 def secret_version_path( 

227 project: str, 

228 secret: str, 

229 secret_version: str, 

230 ) -> str: 

231 """Returns a fully-qualified secret_version string.""" 

232 return "projects/{project}/secrets/{secret}/versions/{secret_version}".format( 

233 project=project, 

234 secret=secret, 

235 secret_version=secret_version, 

236 ) 

237 

238 @staticmethod 

239 def parse_secret_version_path(path: str) -> Dict[str, str]: 

240 """Parses a secret_version path into its component segments.""" 

241 m = re.match( 

242 r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)/versions/(?P<secret_version>.+?)$", 

243 path, 

244 ) 

245 return m.groupdict() if m else {} 

246 

247 @staticmethod 

248 def common_billing_account_path( 

249 billing_account: str, 

250 ) -> str: 

251 """Returns a fully-qualified billing_account string.""" 

252 return "billingAccounts/{billing_account}".format( 

253 billing_account=billing_account, 

254 ) 

255 

256 @staticmethod 

257 def parse_common_billing_account_path(path: str) -> Dict[str, str]: 

258 """Parse a billing_account path into its component segments.""" 

259 m = re.match(r"^billingAccounts/(?P<billing_account>.+?)$", path) 

260 return m.groupdict() if m else {} 

261 

262 @staticmethod 

263 def common_folder_path( 

264 folder: str, 

265 ) -> str: 

266 """Returns a fully-qualified folder string.""" 

267 return "folders/{folder}".format( 

268 folder=folder, 

269 ) 

270 

271 @staticmethod 

272 def parse_common_folder_path(path: str) -> Dict[str, str]: 

273 """Parse a folder path into its component segments.""" 

274 m = re.match(r"^folders/(?P<folder>.+?)$", path) 

275 return m.groupdict() if m else {} 

276 

277 @staticmethod 

278 def common_organization_path( 

279 organization: str, 

280 ) -> str: 

281 """Returns a fully-qualified organization string.""" 

282 return "organizations/{organization}".format( 

283 organization=organization, 

284 ) 

285 

286 @staticmethod 

287 def parse_common_organization_path(path: str) -> Dict[str, str]: 

288 """Parse a organization path into its component segments.""" 

289 m = re.match(r"^organizations/(?P<organization>.+?)$", path) 

290 return m.groupdict() if m else {} 

291 

292 @staticmethod 

293 def common_project_path( 

294 project: str, 

295 ) -> str: 

296 """Returns a fully-qualified project string.""" 

297 return "projects/{project}".format( 

298 project=project, 

299 ) 

300 

301 @staticmethod 

302 def parse_common_project_path(path: str) -> Dict[str, str]: 

303 """Parse a project path into its component segments.""" 

304 m = re.match(r"^projects/(?P<project>.+?)$", path) 

305 return m.groupdict() if m else {} 

306 

307 @staticmethod 

308 def common_location_path( 

309 project: str, 

310 location: str, 

311 ) -> str: 

312 """Returns a fully-qualified location string.""" 

313 return "projects/{project}/locations/{location}".format( 

314 project=project, 

315 location=location, 

316 ) 

317 

318 @staticmethod 

319 def parse_common_location_path(path: str) -> Dict[str, str]: 

320 """Parse a location path into its component segments.""" 

321 m = re.match(r"^projects/(?P<project>.+?)/locations/(?P<location>.+?)$", path) 

322 return m.groupdict() if m else {} 

323 

324 @classmethod 

325 def get_mtls_endpoint_and_cert_source( 

326 cls, client_options: Optional[client_options_lib.ClientOptions] = None 

327 ): 

328 """Deprecated. Return the API endpoint and client cert source for mutual TLS. 

329 

330 The client cert source is determined in the following order: 

331 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the 

332 client cert source is None. 

333 (2) if `client_options.client_cert_source` is provided, use the provided one; if the 

334 default client cert source exists, use the default one; otherwise the client cert 

335 source is None. 

336 

337 The API endpoint is determined in the following order: 

338 (1) if `client_options.api_endpoint` if provided, use the provided one. 

339 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the 

340 default mTLS endpoint; if the environment variable is "never", use the default API 

341 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise 

342 use the default API endpoint. 

343 

344 More details can be found at https://google.aip.dev/auth/4114. 

345 

346 Args: 

347 client_options (google.api_core.client_options.ClientOptions): Custom options for the 

348 client. Only the `api_endpoint` and `client_cert_source` properties may be used 

349 in this method. 

350 

351 Returns: 

352 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the 

353 client cert source to use. 

354 

355 Raises: 

356 google.auth.exceptions.MutualTLSChannelError: If any errors happen. 

357 """ 

358 

359 warnings.warn( 

360 "get_mtls_endpoint_and_cert_source is deprecated. Use the api_endpoint property instead.", 

361 DeprecationWarning, 

362 ) 

363 if client_options is None: 

364 client_options = client_options_lib.ClientOptions() 

365 use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") 

366 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") 

367 if use_client_cert not in ("true", "false"): 

368 raise ValueError( 

369 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" 

370 ) 

371 if use_mtls_endpoint not in ("auto", "never", "always"): 

372 raise MutualTLSChannelError( 

373 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" 

374 ) 

375 

376 # Figure out the client cert source to use. 

377 client_cert_source = None 

378 if use_client_cert == "true": 

379 if client_options.client_cert_source: 

380 client_cert_source = client_options.client_cert_source 

381 elif mtls.has_default_client_cert_source(): 

382 client_cert_source = mtls.default_client_cert_source() 

383 

384 # Figure out which api endpoint to use. 

385 if client_options.api_endpoint is not None: 

386 api_endpoint = client_options.api_endpoint 

387 elif use_mtls_endpoint == "always" or ( 

388 use_mtls_endpoint == "auto" and client_cert_source 

389 ): 

390 api_endpoint = cls.DEFAULT_MTLS_ENDPOINT 

391 else: 

392 api_endpoint = cls.DEFAULT_ENDPOINT 

393 

394 return api_endpoint, client_cert_source 

395 

396 @staticmethod 

397 def _read_environment_variables(): 

398 """Returns the environment variables used by the client. 

399 

400 Returns: 

401 Tuple[bool, str, str]: returns the GOOGLE_API_USE_CLIENT_CERTIFICATE, 

402 GOOGLE_API_USE_MTLS_ENDPOINT, and GOOGLE_CLOUD_UNIVERSE_DOMAIN environment variables. 

403 

404 Raises: 

405 ValueError: If GOOGLE_API_USE_CLIENT_CERTIFICATE is not 

406 any of ["true", "false"]. 

407 google.auth.exceptions.MutualTLSChannelError: If GOOGLE_API_USE_MTLS_ENDPOINT 

408 is not any of ["auto", "never", "always"]. 

409 """ 

410 use_client_cert = os.getenv( 

411 "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false" 

412 ).lower() 

413 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower() 

414 universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN") 

415 if use_client_cert not in ("true", "false"): 

416 raise ValueError( 

417 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" 

418 ) 

419 if use_mtls_endpoint not in ("auto", "never", "always"): 

420 raise MutualTLSChannelError( 

421 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" 

422 ) 

423 return use_client_cert == "true", use_mtls_endpoint, universe_domain_env 

424 

425 @staticmethod 

426 def _get_client_cert_source(provided_cert_source, use_cert_flag): 

427 """Return the client cert source to be used by the client. 

428 

429 Args: 

430 provided_cert_source (bytes): The client certificate source provided. 

431 use_cert_flag (bool): A flag indicating whether to use the client certificate. 

432 

433 Returns: 

434 bytes or None: The client cert source to be used by the client. 

435 """ 

436 client_cert_source = None 

437 if use_cert_flag: 

438 if provided_cert_source: 

439 client_cert_source = provided_cert_source 

440 elif mtls.has_default_client_cert_source(): 

441 client_cert_source = mtls.default_client_cert_source() 

442 return client_cert_source 

443 

444 @staticmethod 

445 def _get_api_endpoint( 

446 api_override, client_cert_source, universe_domain, use_mtls_endpoint 

447 ): 

448 """Return the API endpoint used by the client. 

449 

450 Args: 

451 api_override (str): The API endpoint override. If specified, this is always 

452 the return value of this function and the other arguments are not used. 

453 client_cert_source (bytes): The client certificate source used by the client. 

454 universe_domain (str): The universe domain used by the client. 

455 use_mtls_endpoint (str): How to use the mTLS endpoint, which depends also on the other parameters. 

456 Possible values are "always", "auto", or "never". 

457 

458 Returns: 

459 str: The API endpoint to be used by the client. 

460 """ 

461 if api_override is not None: 

462 api_endpoint = api_override 

463 elif use_mtls_endpoint == "always" or ( 

464 use_mtls_endpoint == "auto" and client_cert_source 

465 ): 

466 _default_universe = SecretManagerServiceClient._DEFAULT_UNIVERSE 

467 if universe_domain != _default_universe: 

468 raise MutualTLSChannelError( 

469 f"mTLS is not supported in any universe other than {_default_universe}." 

470 ) 

471 api_endpoint = SecretManagerServiceClient.DEFAULT_MTLS_ENDPOINT 

472 else: 

473 api_endpoint = SecretManagerServiceClient._DEFAULT_ENDPOINT_TEMPLATE.format( 

474 UNIVERSE_DOMAIN=universe_domain 

475 ) 

476 return api_endpoint 

477 

478 @staticmethod 

479 def _get_universe_domain( 

480 client_universe_domain: Optional[str], universe_domain_env: Optional[str] 

481 ) -> str: 

482 """Return the universe domain used by the client. 

483 

484 Args: 

485 client_universe_domain (Optional[str]): The universe domain configured via the client options. 

486 universe_domain_env (Optional[str]): The universe domain configured via the "GOOGLE_CLOUD_UNIVERSE_DOMAIN" environment variable. 

487 

488 Returns: 

489 str: The universe domain to be used by the client. 

490 

491 Raises: 

492 ValueError: If the universe domain is an empty string. 

493 """ 

494 universe_domain = SecretManagerServiceClient._DEFAULT_UNIVERSE 

495 if client_universe_domain is not None: 

496 universe_domain = client_universe_domain 

497 elif universe_domain_env is not None: 

498 universe_domain = universe_domain_env 

499 if len(universe_domain.strip()) == 0: 

500 raise ValueError("Universe Domain cannot be an empty string.") 

501 return universe_domain 

502 

503 def _validate_universe_domain(self): 

504 """Validates client's and credentials' universe domains are consistent. 

505 

506 Returns: 

507 bool: True iff the configured universe domain is valid. 

508 

509 Raises: 

510 ValueError: If the configured universe domain is not valid. 

511 """ 

512 

513 # NOTE (b/349488459): universe validation is disabled until further notice. 

514 return True 

515 

516 @property 

517 def api_endpoint(self): 

518 """Return the API endpoint used by the client instance. 

519 

520 Returns: 

521 str: The API endpoint used by the client instance. 

522 """ 

523 return self._api_endpoint 

524 

525 @property 

526 def universe_domain(self) -> str: 

527 """Return the universe domain used by the client instance. 

528 

529 Returns: 

530 str: The universe domain used by the client instance. 

531 """ 

532 return self._universe_domain 

533 

534 def __init__( 

535 self, 

536 *, 

537 credentials: Optional[ga_credentials.Credentials] = None, 

538 transport: Optional[ 

539 Union[ 

540 str, 

541 SecretManagerServiceTransport, 

542 Callable[..., SecretManagerServiceTransport], 

543 ] 

544 ] = None, 

545 client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None, 

546 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, 

547 ) -> None: 

548 """Instantiates the secret manager service client. 

549 

550 Args: 

551 credentials (Optional[google.auth.credentials.Credentials]): The 

552 authorization credentials to attach to requests. These 

553 credentials identify the application to the service; if none 

554 are specified, the client will attempt to ascertain the 

555 credentials from the environment. 

556 transport (Optional[Union[str,SecretManagerServiceTransport,Callable[..., SecretManagerServiceTransport]]]): 

557 The transport to use, or a Callable that constructs and returns a new transport. 

558 If a Callable is given, it will be called with the same set of initialization 

559 arguments as used in the SecretManagerServiceTransport constructor. 

560 If set to None, a transport is chosen automatically. 

561 client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]): 

562 Custom options for the client. 

563 

564 1. The ``api_endpoint`` property can be used to override the 

565 default endpoint provided by the client when ``transport`` is 

566 not explicitly provided. Only if this property is not set and 

567 ``transport`` was not explicitly provided, the endpoint is 

568 determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment 

569 variable, which have one of the following values: 

570 "always" (always use the default mTLS endpoint), "never" (always 

571 use the default regular endpoint) and "auto" (auto-switch to the 

572 default mTLS endpoint if client certificate is present; this is 

573 the default value). 

574 

575 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable 

576 is "true", then the ``client_cert_source`` property can be used 

577 to provide a client certificate for mTLS transport. If 

578 not provided, the default SSL client certificate will be used if 

579 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not 

580 set, no client certificate will be used. 

581 

582 3. The ``universe_domain`` property can be used to override the 

583 default "googleapis.com" universe. Note that the ``api_endpoint`` 

584 property still takes precedence; and ``universe_domain`` is 

585 currently not supported for mTLS. 

586 

587 client_info (google.api_core.gapic_v1.client_info.ClientInfo): 

588 The client info used to send a user-agent string along with 

589 API requests. If ``None``, then default info will be used. 

590 Generally, you only need to set this if you're developing 

591 your own client library. 

592 

593 Raises: 

594 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport 

595 creation failed for any reason. 

596 """ 

597 self._client_options = client_options 

598 if isinstance(self._client_options, dict): 

599 self._client_options = client_options_lib.from_dict(self._client_options) 

600 if self._client_options is None: 

601 self._client_options = client_options_lib.ClientOptions() 

602 self._client_options = cast( 

603 client_options_lib.ClientOptions, self._client_options 

604 ) 

605 

606 universe_domain_opt = getattr(self._client_options, "universe_domain", None) 

607 

608 ( 

609 self._use_client_cert, 

610 self._use_mtls_endpoint, 

611 self._universe_domain_env, 

612 ) = SecretManagerServiceClient._read_environment_variables() 

613 self._client_cert_source = SecretManagerServiceClient._get_client_cert_source( 

614 self._client_options.client_cert_source, self._use_client_cert 

615 ) 

616 self._universe_domain = SecretManagerServiceClient._get_universe_domain( 

617 universe_domain_opt, self._universe_domain_env 

618 ) 

619 self._api_endpoint = None # updated below, depending on `transport` 

620 

621 # Initialize the universe domain validation. 

622 self._is_universe_domain_valid = False 

623 

624 if CLIENT_LOGGING_SUPPORTED: # pragma: NO COVER 

625 # Setup logging. 

626 client_logging.initialize_logging() 

627 

628 api_key_value = getattr(self._client_options, "api_key", None) 

629 if api_key_value and credentials: 

630 raise ValueError( 

631 "client_options.api_key and credentials are mutually exclusive" 

632 ) 

633 

634 # Save or instantiate the transport. 

635 # Ordinarily, we provide the transport, but allowing a custom transport 

636 # instance provides an extensibility point for unusual situations. 

637 transport_provided = isinstance(transport, SecretManagerServiceTransport) 

638 if transport_provided: 

639 # transport is a SecretManagerServiceTransport instance. 

640 if credentials or self._client_options.credentials_file or api_key_value: 

641 raise ValueError( 

642 "When providing a transport instance, " 

643 "provide its credentials directly." 

644 ) 

645 if self._client_options.scopes: 

646 raise ValueError( 

647 "When providing a transport instance, provide its scopes " 

648 "directly." 

649 ) 

650 self._transport = cast(SecretManagerServiceTransport, transport) 

651 self._api_endpoint = self._transport.host 

652 

653 self._api_endpoint = ( 

654 self._api_endpoint 

655 or SecretManagerServiceClient._get_api_endpoint( 

656 self._client_options.api_endpoint, 

657 self._client_cert_source, 

658 self._universe_domain, 

659 self._use_mtls_endpoint, 

660 ) 

661 ) 

662 

663 if not transport_provided: 

664 import google.auth._default # type: ignore 

665 

666 if api_key_value and hasattr( 

667 google.auth._default, "get_api_key_credentials" 

668 ): 

669 credentials = google.auth._default.get_api_key_credentials( 

670 api_key_value 

671 ) 

672 

673 transport_init: Union[ 

674 Type[SecretManagerServiceTransport], 

675 Callable[..., SecretManagerServiceTransport], 

676 ] = ( 

677 SecretManagerServiceClient.get_transport_class(transport) 

678 if isinstance(transport, str) or transport is None 

679 else cast(Callable[..., SecretManagerServiceTransport], transport) 

680 ) 

681 # initialize with the provided callable or the passed in class 

682 self._transport = transport_init( 

683 credentials=credentials, 

684 credentials_file=self._client_options.credentials_file, 

685 host=self._api_endpoint, 

686 scopes=self._client_options.scopes, 

687 client_cert_source_for_mtls=self._client_cert_source, 

688 quota_project_id=self._client_options.quota_project_id, 

689 client_info=client_info, 

690 always_use_jwt_access=True, 

691 api_audience=self._client_options.api_audience, 

692 ) 

693 

694 if "async" not in str(self._transport): 

695 if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor( 

696 std_logging.DEBUG 

697 ): # pragma: NO COVER 

698 _LOGGER.debug( 

699 "Created client `google.cloud.secrets_v1beta1.SecretManagerServiceClient`.", 

700 extra={ 

701 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService", 

702 "universeDomain": getattr( 

703 self._transport._credentials, "universe_domain", "" 

704 ), 

705 "credentialsType": f"{type(self._transport._credentials).__module__}.{type(self._transport._credentials).__qualname__}", 

706 "credentialsInfo": getattr( 

707 self.transport._credentials, "get_cred_info", lambda: None 

708 )(), 

709 } 

710 if hasattr(self._transport, "_credentials") 

711 else { 

712 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService", 

713 "credentialsType": None, 

714 }, 

715 ) 

716 

717 def list_secrets( 

718 self, 

719 request: Optional[Union[service.ListSecretsRequest, dict]] = None, 

720 *, 

721 parent: Optional[str] = None, 

722 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

723 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

724 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

725 ) -> pagers.ListSecretsPager: 

726 r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret]. 

727 

728 .. code-block:: python 

729 

730 # This snippet has been automatically generated and should be regarded as a 

731 # code template only. 

732 # It will require modifications to work: 

733 # - It may require correct/in-range values for request initialization. 

734 # - It may require specifying regional endpoints when creating the service 

735 # client as shown in: 

736 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

737 from google.cloud import secretmanager_v1beta1 

738 

739 def sample_list_secrets(): 

740 # Create a client 

741 client = secretmanager_v1beta1.SecretManagerServiceClient() 

742 

743 # Initialize request argument(s) 

744 request = secretmanager_v1beta1.ListSecretsRequest( 

745 parent="parent_value", 

746 ) 

747 

748 # Make the request 

749 page_result = client.list_secrets(request=request) 

750 

751 # Handle the response 

752 for response in page_result: 

753 print(response) 

754 

755 Args: 

756 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]): 

757 The request object. Request message for 

758 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets]. 

759 parent (str): 

760 Required. The resource name of the project associated 

761 with the [Secrets][google.cloud.secrets.v1beta1.Secret], 

762 in the format ``projects/*``. 

763 

764 This corresponds to the ``parent`` field 

765 on the ``request`` instance; if ``request`` is provided, this 

766 should not be set. 

767 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

768 should be retried. 

769 timeout (float): The timeout for this request. 

770 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

771 sent along with the request as metadata. Normally, each value must be of type `str`, 

772 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

773 be of type `bytes`. 

774 

775 Returns: 

776 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsPager: 

777 Response message for 

778 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets]. 

779 

780 Iterating over this object will yield results and 

781 resolve additional pages automatically. 

782 

783 """ 

784 # Create or coerce a protobuf request object. 

785 # - Quick check: If we got a request object, we should *not* have 

786 # gotten any keyword arguments that map to the request. 

787 has_flattened_params = any([parent]) 

788 if request is not None and has_flattened_params: 

789 raise ValueError( 

790 "If the `request` argument is set, then none of " 

791 "the individual field arguments should be set." 

792 ) 

793 

794 # - Use the request object if provided (there's no risk of modifying the input as 

795 # there are no flattened fields), or create one. 

796 if not isinstance(request, service.ListSecretsRequest): 

797 request = service.ListSecretsRequest(request) 

798 # If we have keyword arguments corresponding to fields on the 

799 # request, apply these. 

800 if parent is not None: 

801 request.parent = parent 

802 

803 # Wrap the RPC method; this adds retry and timeout information, 

804 # and friendly error handling. 

805 rpc = self._transport._wrapped_methods[self._transport.list_secrets] 

806 

807 # Certain fields should be provided within the metadata header; 

808 # add these here. 

809 metadata = tuple(metadata) + ( 

810 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), 

811 ) 

812 

813 # Validate the universe domain. 

814 self._validate_universe_domain() 

815 

816 # Send the request. 

817 response = rpc( 

818 request, 

819 retry=retry, 

820 timeout=timeout, 

821 metadata=metadata, 

822 ) 

823 

824 # This method is paged; wrap the response in a pager, which provides 

825 # an `__iter__` convenience method. 

826 response = pagers.ListSecretsPager( 

827 method=rpc, 

828 request=request, 

829 response=response, 

830 retry=retry, 

831 timeout=timeout, 

832 metadata=metadata, 

833 ) 

834 

835 # Done; return the response. 

836 return response 

837 

838 def create_secret( 

839 self, 

840 request: Optional[Union[service.CreateSecretRequest, dict]] = None, 

841 *, 

842 parent: Optional[str] = None, 

843 secret_id: Optional[str] = None, 

844 secret: Optional[resources.Secret] = None, 

845 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

846 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

847 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

848 ) -> resources.Secret: 

849 r"""Creates a new [Secret][google.cloud.secrets.v1beta1.Secret] 

850 containing no 

851 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]. 

852 

853 .. code-block:: python 

854 

855 # This snippet has been automatically generated and should be regarded as a 

856 # code template only. 

857 # It will require modifications to work: 

858 # - It may require correct/in-range values for request initialization. 

859 # - It may require specifying regional endpoints when creating the service 

860 # client as shown in: 

861 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

862 from google.cloud import secretmanager_v1beta1 

863 

864 def sample_create_secret(): 

865 # Create a client 

866 client = secretmanager_v1beta1.SecretManagerServiceClient() 

867 

868 # Initialize request argument(s) 

869 request = secretmanager_v1beta1.CreateSecretRequest( 

870 parent="parent_value", 

871 secret_id="secret_id_value", 

872 ) 

873 

874 # Make the request 

875 response = client.create_secret(request=request) 

876 

877 # Handle the response 

878 print(response) 

879 

880 Args: 

881 request (Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]): 

882 The request object. Request message for 

883 [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret]. 

884 parent (str): 

885 Required. The resource name of the project to associate 

886 with the [Secret][google.cloud.secrets.v1beta1.Secret], 

887 in the format ``projects/*``. 

888 

889 This corresponds to the ``parent`` field 

890 on the ``request`` instance; if ``request`` is provided, this 

891 should not be set. 

892 secret_id (str): 

893 Required. This must be unique within the project. 

894 

895 A secret ID is a string with a maximum length of 255 

896 characters and can contain uppercase and lowercase 

897 letters, numerals, and the hyphen (``-``) and underscore 

898 (``_``) characters. 

899 

900 This corresponds to the ``secret_id`` field 

901 on the ``request`` instance; if ``request`` is provided, this 

902 should not be set. 

903 secret (google.cloud.secretmanager_v1beta1.types.Secret): 

904 Required. A 

905 [Secret][google.cloud.secrets.v1beta1.Secret] with 

906 initial field values. 

907 

908 This corresponds to the ``secret`` field 

909 on the ``request`` instance; if ``request`` is provided, this 

910 should not be set. 

911 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

912 should be retried. 

913 timeout (float): The timeout for this request. 

914 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

915 sent along with the request as metadata. Normally, each value must be of type `str`, 

916 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

917 be of type `bytes`. 

918 

919 Returns: 

920 google.cloud.secretmanager_v1beta1.types.Secret: 

921 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can 

922 be accessed. 

923 

924 A [Secret][google.cloud.secrets.v1beta1.Secret] is 

925 made up of zero or more 

926 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] 

927 that represent the secret data. 

928 

929 """ 

930 # Create or coerce a protobuf request object. 

931 # - Quick check: If we got a request object, we should *not* have 

932 # gotten any keyword arguments that map to the request. 

933 has_flattened_params = any([parent, secret_id, secret]) 

934 if request is not None and has_flattened_params: 

935 raise ValueError( 

936 "If the `request` argument is set, then none of " 

937 "the individual field arguments should be set." 

938 ) 

939 

940 # - Use the request object if provided (there's no risk of modifying the input as 

941 # there are no flattened fields), or create one. 

942 if not isinstance(request, service.CreateSecretRequest): 

943 request = service.CreateSecretRequest(request) 

944 # If we have keyword arguments corresponding to fields on the 

945 # request, apply these. 

946 if parent is not None: 

947 request.parent = parent 

948 if secret_id is not None: 

949 request.secret_id = secret_id 

950 if secret is not None: 

951 request.secret = secret 

952 

953 # Wrap the RPC method; this adds retry and timeout information, 

954 # and friendly error handling. 

955 rpc = self._transport._wrapped_methods[self._transport.create_secret] 

956 

957 # Certain fields should be provided within the metadata header; 

958 # add these here. 

959 metadata = tuple(metadata) + ( 

960 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), 

961 ) 

962 

963 # Validate the universe domain. 

964 self._validate_universe_domain() 

965 

966 # Send the request. 

967 response = rpc( 

968 request, 

969 retry=retry, 

970 timeout=timeout, 

971 metadata=metadata, 

972 ) 

973 

974 # Done; return the response. 

975 return response 

976 

977 def add_secret_version( 

978 self, 

979 request: Optional[Union[service.AddSecretVersionRequest, dict]] = None, 

980 *, 

981 parent: Optional[str] = None, 

982 payload: Optional[resources.SecretPayload] = None, 

983 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

984 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

985 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

986 ) -> resources.SecretVersion: 

987 r"""Creates a new 

988 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

989 containing secret data and attaches it to an existing 

990 [Secret][google.cloud.secrets.v1beta1.Secret]. 

991 

992 .. code-block:: python 

993 

994 # This snippet has been automatically generated and should be regarded as a 

995 # code template only. 

996 # It will require modifications to work: 

997 # - It may require correct/in-range values for request initialization. 

998 # - It may require specifying regional endpoints when creating the service 

999 # client as shown in: 

1000 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1001 from google.cloud import secretmanager_v1beta1 

1002 

1003 def sample_add_secret_version(): 

1004 # Create a client 

1005 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1006 

1007 # Initialize request argument(s) 

1008 request = secretmanager_v1beta1.AddSecretVersionRequest( 

1009 parent="parent_value", 

1010 ) 

1011 

1012 # Make the request 

1013 response = client.add_secret_version(request=request) 

1014 

1015 # Handle the response 

1016 print(response) 

1017 

1018 Args: 

1019 request (Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]): 

1020 The request object. Request message for 

1021 [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion]. 

1022 parent (str): 

1023 Required. The resource name of the 

1024 [Secret][google.cloud.secrets.v1beta1.Secret] to 

1025 associate with the 

1026 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

1027 in the format ``projects/*/secrets/*``. 

1028 

1029 This corresponds to the ``parent`` field 

1030 on the ``request`` instance; if ``request`` is provided, this 

1031 should not be set. 

1032 payload (google.cloud.secretmanager_v1beta1.types.SecretPayload): 

1033 Required. The secret payload of the 

1034 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

1035 

1036 This corresponds to the ``payload`` field 

1037 on the ``request`` instance; if ``request`` is provided, this 

1038 should not be set. 

1039 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1040 should be retried. 

1041 timeout (float): The timeout for this request. 

1042 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1043 sent along with the request as metadata. Normally, each value must be of type `str`, 

1044 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1045 be of type `bytes`. 

1046 

1047 Returns: 

1048 google.cloud.secretmanager_v1beta1.types.SecretVersion: 

1049 A secret version resource in the 

1050 Secret Manager API. 

1051 

1052 """ 

1053 # Create or coerce a protobuf request object. 

1054 # - Quick check: If we got a request object, we should *not* have 

1055 # gotten any keyword arguments that map to the request. 

1056 has_flattened_params = any([parent, payload]) 

1057 if request is not None and has_flattened_params: 

1058 raise ValueError( 

1059 "If the `request` argument is set, then none of " 

1060 "the individual field arguments should be set." 

1061 ) 

1062 

1063 # - Use the request object if provided (there's no risk of modifying the input as 

1064 # there are no flattened fields), or create one. 

1065 if not isinstance(request, service.AddSecretVersionRequest): 

1066 request = service.AddSecretVersionRequest(request) 

1067 # If we have keyword arguments corresponding to fields on the 

1068 # request, apply these. 

1069 if parent is not None: 

1070 request.parent = parent 

1071 if payload is not None: 

1072 request.payload = payload 

1073 

1074 # Wrap the RPC method; this adds retry and timeout information, 

1075 # and friendly error handling. 

1076 rpc = self._transport._wrapped_methods[self._transport.add_secret_version] 

1077 

1078 # Certain fields should be provided within the metadata header; 

1079 # add these here. 

1080 metadata = tuple(metadata) + ( 

1081 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), 

1082 ) 

1083 

1084 # Validate the universe domain. 

1085 self._validate_universe_domain() 

1086 

1087 # Send the request. 

1088 response = rpc( 

1089 request, 

1090 retry=retry, 

1091 timeout=timeout, 

1092 metadata=metadata, 

1093 ) 

1094 

1095 # Done; return the response. 

1096 return response 

1097 

1098 def get_secret( 

1099 self, 

1100 request: Optional[Union[service.GetSecretRequest, dict]] = None, 

1101 *, 

1102 name: Optional[str] = None, 

1103 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

1104 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

1105 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

1106 ) -> resources.Secret: 

1107 r"""Gets metadata for a given 

1108 [Secret][google.cloud.secrets.v1beta1.Secret]. 

1109 

1110 .. code-block:: python 

1111 

1112 # This snippet has been automatically generated and should be regarded as a 

1113 # code template only. 

1114 # It will require modifications to work: 

1115 # - It may require correct/in-range values for request initialization. 

1116 # - It may require specifying regional endpoints when creating the service 

1117 # client as shown in: 

1118 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1119 from google.cloud import secretmanager_v1beta1 

1120 

1121 def sample_get_secret(): 

1122 # Create a client 

1123 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1124 

1125 # Initialize request argument(s) 

1126 request = secretmanager_v1beta1.GetSecretRequest( 

1127 name="name_value", 

1128 ) 

1129 

1130 # Make the request 

1131 response = client.get_secret(request=request) 

1132 

1133 # Handle the response 

1134 print(response) 

1135 

1136 Args: 

1137 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]): 

1138 The request object. Request message for 

1139 [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret]. 

1140 name (str): 

1141 Required. The resource name of the 

1142 [Secret][google.cloud.secrets.v1beta1.Secret], in the 

1143 format ``projects/*/secrets/*``. 

1144 

1145 This corresponds to the ``name`` field 

1146 on the ``request`` instance; if ``request`` is provided, this 

1147 should not be set. 

1148 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1149 should be retried. 

1150 timeout (float): The timeout for this request. 

1151 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1152 sent along with the request as metadata. Normally, each value must be of type `str`, 

1153 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1154 be of type `bytes`. 

1155 

1156 Returns: 

1157 google.cloud.secretmanager_v1beta1.types.Secret: 

1158 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can 

1159 be accessed. 

1160 

1161 A [Secret][google.cloud.secrets.v1beta1.Secret] is 

1162 made up of zero or more 

1163 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] 

1164 that represent the secret data. 

1165 

1166 """ 

1167 # Create or coerce a protobuf request object. 

1168 # - Quick check: If we got a request object, we should *not* have 

1169 # gotten any keyword arguments that map to the request. 

1170 has_flattened_params = any([name]) 

1171 if request is not None and has_flattened_params: 

1172 raise ValueError( 

1173 "If the `request` argument is set, then none of " 

1174 "the individual field arguments should be set." 

1175 ) 

1176 

1177 # - Use the request object if provided (there's no risk of modifying the input as 

1178 # there are no flattened fields), or create one. 

1179 if not isinstance(request, service.GetSecretRequest): 

1180 request = service.GetSecretRequest(request) 

1181 # If we have keyword arguments corresponding to fields on the 

1182 # request, apply these. 

1183 if name is not None: 

1184 request.name = name 

1185 

1186 # Wrap the RPC method; this adds retry and timeout information, 

1187 # and friendly error handling. 

1188 rpc = self._transport._wrapped_methods[self._transport.get_secret] 

1189 

1190 # Certain fields should be provided within the metadata header; 

1191 # add these here. 

1192 metadata = tuple(metadata) + ( 

1193 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), 

1194 ) 

1195 

1196 # Validate the universe domain. 

1197 self._validate_universe_domain() 

1198 

1199 # Send the request. 

1200 response = rpc( 

1201 request, 

1202 retry=retry, 

1203 timeout=timeout, 

1204 metadata=metadata, 

1205 ) 

1206 

1207 # Done; return the response. 

1208 return response 

1209 

1210 def update_secret( 

1211 self, 

1212 request: Optional[Union[service.UpdateSecretRequest, dict]] = None, 

1213 *, 

1214 secret: Optional[resources.Secret] = None, 

1215 update_mask: Optional[field_mask_pb2.FieldMask] = None, 

1216 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

1217 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

1218 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

1219 ) -> resources.Secret: 

1220 r"""Updates metadata of an existing 

1221 [Secret][google.cloud.secrets.v1beta1.Secret]. 

1222 

1223 .. code-block:: python 

1224 

1225 # This snippet has been automatically generated and should be regarded as a 

1226 # code template only. 

1227 # It will require modifications to work: 

1228 # - It may require correct/in-range values for request initialization. 

1229 # - It may require specifying regional endpoints when creating the service 

1230 # client as shown in: 

1231 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1232 from google.cloud import secretmanager_v1beta1 

1233 

1234 def sample_update_secret(): 

1235 # Create a client 

1236 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1237 

1238 # Initialize request argument(s) 

1239 request = secretmanager_v1beta1.UpdateSecretRequest( 

1240 ) 

1241 

1242 # Make the request 

1243 response = client.update_secret(request=request) 

1244 

1245 # Handle the response 

1246 print(response) 

1247 

1248 Args: 

1249 request (Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]): 

1250 The request object. Request message for 

1251 [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret]. 

1252 secret (google.cloud.secretmanager_v1beta1.types.Secret): 

1253 Required. [Secret][google.cloud.secrets.v1beta1.Secret] 

1254 with updated field values. 

1255 

1256 This corresponds to the ``secret`` field 

1257 on the ``request`` instance; if ``request`` is provided, this 

1258 should not be set. 

1259 update_mask (google.protobuf.field_mask_pb2.FieldMask): 

1260 Required. Specifies the fields to be 

1261 updated. 

1262 

1263 This corresponds to the ``update_mask`` field 

1264 on the ``request`` instance; if ``request`` is provided, this 

1265 should not be set. 

1266 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1267 should be retried. 

1268 timeout (float): The timeout for this request. 

1269 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1270 sent along with the request as metadata. Normally, each value must be of type `str`, 

1271 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1272 be of type `bytes`. 

1273 

1274 Returns: 

1275 google.cloud.secretmanager_v1beta1.types.Secret: 

1276 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can 

1277 be accessed. 

1278 

1279 A [Secret][google.cloud.secrets.v1beta1.Secret] is 

1280 made up of zero or more 

1281 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] 

1282 that represent the secret data. 

1283 

1284 """ 

1285 # Create or coerce a protobuf request object. 

1286 # - Quick check: If we got a request object, we should *not* have 

1287 # gotten any keyword arguments that map to the request. 

1288 has_flattened_params = any([secret, update_mask]) 

1289 if request is not None and has_flattened_params: 

1290 raise ValueError( 

1291 "If the `request` argument is set, then none of " 

1292 "the individual field arguments should be set." 

1293 ) 

1294 

1295 # - Use the request object if provided (there's no risk of modifying the input as 

1296 # there are no flattened fields), or create one. 

1297 if not isinstance(request, service.UpdateSecretRequest): 

1298 request = service.UpdateSecretRequest(request) 

1299 # If we have keyword arguments corresponding to fields on the 

1300 # request, apply these. 

1301 if secret is not None: 

1302 request.secret = secret 

1303 if update_mask is not None: 

1304 request.update_mask = update_mask 

1305 

1306 # Wrap the RPC method; this adds retry and timeout information, 

1307 # and friendly error handling. 

1308 rpc = self._transport._wrapped_methods[self._transport.update_secret] 

1309 

1310 # Certain fields should be provided within the metadata header; 

1311 # add these here. 

1312 metadata = tuple(metadata) + ( 

1313 gapic_v1.routing_header.to_grpc_metadata( 

1314 (("secret.name", request.secret.name),) 

1315 ), 

1316 ) 

1317 

1318 # Validate the universe domain. 

1319 self._validate_universe_domain() 

1320 

1321 # Send the request. 

1322 response = rpc( 

1323 request, 

1324 retry=retry, 

1325 timeout=timeout, 

1326 metadata=metadata, 

1327 ) 

1328 

1329 # Done; return the response. 

1330 return response 

1331 

1332 def delete_secret( 

1333 self, 

1334 request: Optional[Union[service.DeleteSecretRequest, dict]] = None, 

1335 *, 

1336 name: Optional[str] = None, 

1337 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

1338 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

1339 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

1340 ) -> None: 

1341 r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret]. 

1342 

1343 .. code-block:: python 

1344 

1345 # This snippet has been automatically generated and should be regarded as a 

1346 # code template only. 

1347 # It will require modifications to work: 

1348 # - It may require correct/in-range values for request initialization. 

1349 # - It may require specifying regional endpoints when creating the service 

1350 # client as shown in: 

1351 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1352 from google.cloud import secretmanager_v1beta1 

1353 

1354 def sample_delete_secret(): 

1355 # Create a client 

1356 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1357 

1358 # Initialize request argument(s) 

1359 request = secretmanager_v1beta1.DeleteSecretRequest( 

1360 name="name_value", 

1361 ) 

1362 

1363 # Make the request 

1364 client.delete_secret(request=request) 

1365 

1366 Args: 

1367 request (Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]): 

1368 The request object. Request message for 

1369 [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret]. 

1370 name (str): 

1371 Required. The resource name of the 

1372 [Secret][google.cloud.secrets.v1beta1.Secret] to delete 

1373 in the format ``projects/*/secrets/*``. 

1374 

1375 This corresponds to the ``name`` field 

1376 on the ``request`` instance; if ``request`` is provided, this 

1377 should not be set. 

1378 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1379 should be retried. 

1380 timeout (float): The timeout for this request. 

1381 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1382 sent along with the request as metadata. Normally, each value must be of type `str`, 

1383 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1384 be of type `bytes`. 

1385 """ 

1386 # Create or coerce a protobuf request object. 

1387 # - Quick check: If we got a request object, we should *not* have 

1388 # gotten any keyword arguments that map to the request. 

1389 has_flattened_params = any([name]) 

1390 if request is not None and has_flattened_params: 

1391 raise ValueError( 

1392 "If the `request` argument is set, then none of " 

1393 "the individual field arguments should be set." 

1394 ) 

1395 

1396 # - Use the request object if provided (there's no risk of modifying the input as 

1397 # there are no flattened fields), or create one. 

1398 if not isinstance(request, service.DeleteSecretRequest): 

1399 request = service.DeleteSecretRequest(request) 

1400 # If we have keyword arguments corresponding to fields on the 

1401 # request, apply these. 

1402 if name is not None: 

1403 request.name = name 

1404 

1405 # Wrap the RPC method; this adds retry and timeout information, 

1406 # and friendly error handling. 

1407 rpc = self._transport._wrapped_methods[self._transport.delete_secret] 

1408 

1409 # Certain fields should be provided within the metadata header; 

1410 # add these here. 

1411 metadata = tuple(metadata) + ( 

1412 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), 

1413 ) 

1414 

1415 # Validate the universe domain. 

1416 self._validate_universe_domain() 

1417 

1418 # Send the request. 

1419 rpc( 

1420 request, 

1421 retry=retry, 

1422 timeout=timeout, 

1423 metadata=metadata, 

1424 ) 

1425 

1426 def list_secret_versions( 

1427 self, 

1428 request: Optional[Union[service.ListSecretVersionsRequest, dict]] = None, 

1429 *, 

1430 parent: Optional[str] = None, 

1431 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

1432 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

1433 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

1434 ) -> pagers.ListSecretVersionsPager: 

1435 r"""Lists 

1436 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]. 

1437 This call does not return secret data. 

1438 

1439 .. code-block:: python 

1440 

1441 # This snippet has been automatically generated and should be regarded as a 

1442 # code template only. 

1443 # It will require modifications to work: 

1444 # - It may require correct/in-range values for request initialization. 

1445 # - It may require specifying regional endpoints when creating the service 

1446 # client as shown in: 

1447 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1448 from google.cloud import secretmanager_v1beta1 

1449 

1450 def sample_list_secret_versions(): 

1451 # Create a client 

1452 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1453 

1454 # Initialize request argument(s) 

1455 request = secretmanager_v1beta1.ListSecretVersionsRequest( 

1456 parent="parent_value", 

1457 ) 

1458 

1459 # Make the request 

1460 page_result = client.list_secret_versions(request=request) 

1461 

1462 # Handle the response 

1463 for response in page_result: 

1464 print(response) 

1465 

1466 Args: 

1467 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]): 

1468 The request object. Request message for 

1469 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions]. 

1470 parent (str): 

1471 Required. The resource name of the 

1472 [Secret][google.cloud.secrets.v1beta1.Secret] associated 

1473 with the 

1474 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] 

1475 to list, in the format ``projects/*/secrets/*``. 

1476 

1477 This corresponds to the ``parent`` field 

1478 on the ``request`` instance; if ``request`` is provided, this 

1479 should not be set. 

1480 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1481 should be retried. 

1482 timeout (float): The timeout for this request. 

1483 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1484 sent along with the request as metadata. Normally, each value must be of type `str`, 

1485 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1486 be of type `bytes`. 

1487 

1488 Returns: 

1489 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsPager: 

1490 Response message for 

1491 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions]. 

1492 

1493 Iterating over this object will yield results and 

1494 resolve additional pages automatically. 

1495 

1496 """ 

1497 # Create or coerce a protobuf request object. 

1498 # - Quick check: If we got a request object, we should *not* have 

1499 # gotten any keyword arguments that map to the request. 

1500 has_flattened_params = any([parent]) 

1501 if request is not None and has_flattened_params: 

1502 raise ValueError( 

1503 "If the `request` argument is set, then none of " 

1504 "the individual field arguments should be set." 

1505 ) 

1506 

1507 # - Use the request object if provided (there's no risk of modifying the input as 

1508 # there are no flattened fields), or create one. 

1509 if not isinstance(request, service.ListSecretVersionsRequest): 

1510 request = service.ListSecretVersionsRequest(request) 

1511 # If we have keyword arguments corresponding to fields on the 

1512 # request, apply these. 

1513 if parent is not None: 

1514 request.parent = parent 

1515 

1516 # Wrap the RPC method; this adds retry and timeout information, 

1517 # and friendly error handling. 

1518 rpc = self._transport._wrapped_methods[self._transport.list_secret_versions] 

1519 

1520 # Certain fields should be provided within the metadata header; 

1521 # add these here. 

1522 metadata = tuple(metadata) + ( 

1523 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), 

1524 ) 

1525 

1526 # Validate the universe domain. 

1527 self._validate_universe_domain() 

1528 

1529 # Send the request. 

1530 response = rpc( 

1531 request, 

1532 retry=retry, 

1533 timeout=timeout, 

1534 metadata=metadata, 

1535 ) 

1536 

1537 # This method is paged; wrap the response in a pager, which provides 

1538 # an `__iter__` convenience method. 

1539 response = pagers.ListSecretVersionsPager( 

1540 method=rpc, 

1541 request=request, 

1542 response=response, 

1543 retry=retry, 

1544 timeout=timeout, 

1545 metadata=metadata, 

1546 ) 

1547 

1548 # Done; return the response. 

1549 return response 

1550 

1551 def get_secret_version( 

1552 self, 

1553 request: Optional[Union[service.GetSecretVersionRequest, dict]] = None, 

1554 *, 

1555 name: Optional[str] = None, 

1556 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

1557 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

1558 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

1559 ) -> resources.SecretVersion: 

1560 r"""Gets metadata for a 

1561 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

1562 

1563 ``projects/*/secrets/*/versions/latest`` is an alias to the 

1564 ``latest`` 

1565 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

1566 

1567 .. code-block:: python 

1568 

1569 # This snippet has been automatically generated and should be regarded as a 

1570 # code template only. 

1571 # It will require modifications to work: 

1572 # - It may require correct/in-range values for request initialization. 

1573 # - It may require specifying regional endpoints when creating the service 

1574 # client as shown in: 

1575 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1576 from google.cloud import secretmanager_v1beta1 

1577 

1578 def sample_get_secret_version(): 

1579 # Create a client 

1580 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1581 

1582 # Initialize request argument(s) 

1583 request = secretmanager_v1beta1.GetSecretVersionRequest( 

1584 name="name_value", 

1585 ) 

1586 

1587 # Make the request 

1588 response = client.get_secret_version(request=request) 

1589 

1590 # Handle the response 

1591 print(response) 

1592 

1593 Args: 

1594 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]): 

1595 The request object. Request message for 

1596 [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion]. 

1597 name (str): 

1598 Required. The resource name of the 

1599 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

1600 in the format ``projects/*/secrets/*/versions/*``. 

1601 ``projects/*/secrets/*/versions/latest`` is an alias to 

1602 the ``latest`` 

1603 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

1604 

1605 This corresponds to the ``name`` field 

1606 on the ``request`` instance; if ``request`` is provided, this 

1607 should not be set. 

1608 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1609 should be retried. 

1610 timeout (float): The timeout for this request. 

1611 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1612 sent along with the request as metadata. Normally, each value must be of type `str`, 

1613 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1614 be of type `bytes`. 

1615 

1616 Returns: 

1617 google.cloud.secretmanager_v1beta1.types.SecretVersion: 

1618 A secret version resource in the 

1619 Secret Manager API. 

1620 

1621 """ 

1622 # Create or coerce a protobuf request object. 

1623 # - Quick check: If we got a request object, we should *not* have 

1624 # gotten any keyword arguments that map to the request. 

1625 has_flattened_params = any([name]) 

1626 if request is not None and has_flattened_params: 

1627 raise ValueError( 

1628 "If the `request` argument is set, then none of " 

1629 "the individual field arguments should be set." 

1630 ) 

1631 

1632 # - Use the request object if provided (there's no risk of modifying the input as 

1633 # there are no flattened fields), or create one. 

1634 if not isinstance(request, service.GetSecretVersionRequest): 

1635 request = service.GetSecretVersionRequest(request) 

1636 # If we have keyword arguments corresponding to fields on the 

1637 # request, apply these. 

1638 if name is not None: 

1639 request.name = name 

1640 

1641 # Wrap the RPC method; this adds retry and timeout information, 

1642 # and friendly error handling. 

1643 rpc = self._transport._wrapped_methods[self._transport.get_secret_version] 

1644 

1645 # Certain fields should be provided within the metadata header; 

1646 # add these here. 

1647 metadata = tuple(metadata) + ( 

1648 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), 

1649 ) 

1650 

1651 # Validate the universe domain. 

1652 self._validate_universe_domain() 

1653 

1654 # Send the request. 

1655 response = rpc( 

1656 request, 

1657 retry=retry, 

1658 timeout=timeout, 

1659 metadata=metadata, 

1660 ) 

1661 

1662 # Done; return the response. 

1663 return response 

1664 

1665 def access_secret_version( 

1666 self, 

1667 request: Optional[Union[service.AccessSecretVersionRequest, dict]] = None, 

1668 *, 

1669 name: Optional[str] = None, 

1670 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

1671 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

1672 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

1673 ) -> service.AccessSecretVersionResponse: 

1674 r"""Accesses a 

1675 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

1676 This call returns the secret data. 

1677 

1678 ``projects/*/secrets/*/versions/latest`` is an alias to the 

1679 ``latest`` 

1680 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

1681 

1682 .. code-block:: python 

1683 

1684 # This snippet has been automatically generated and should be regarded as a 

1685 # code template only. 

1686 # It will require modifications to work: 

1687 # - It may require correct/in-range values for request initialization. 

1688 # - It may require specifying regional endpoints when creating the service 

1689 # client as shown in: 

1690 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1691 from google.cloud import secretmanager_v1beta1 

1692 

1693 def sample_access_secret_version(): 

1694 # Create a client 

1695 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1696 

1697 # Initialize request argument(s) 

1698 request = secretmanager_v1beta1.AccessSecretVersionRequest( 

1699 name="name_value", 

1700 ) 

1701 

1702 # Make the request 

1703 response = client.access_secret_version(request=request) 

1704 

1705 # Handle the response 

1706 print(response) 

1707 

1708 Args: 

1709 request (Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]): 

1710 The request object. Request message for 

1711 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion]. 

1712 name (str): 

1713 Required. The resource name of the 

1714 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

1715 in the format ``projects/*/secrets/*/versions/*``. 

1716 

1717 This corresponds to the ``name`` field 

1718 on the ``request`` instance; if ``request`` is provided, this 

1719 should not be set. 

1720 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1721 should be retried. 

1722 timeout (float): The timeout for this request. 

1723 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1724 sent along with the request as metadata. Normally, each value must be of type `str`, 

1725 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1726 be of type `bytes`. 

1727 

1728 Returns: 

1729 google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse: 

1730 Response message for 

1731 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion]. 

1732 

1733 """ 

1734 # Create or coerce a protobuf request object. 

1735 # - Quick check: If we got a request object, we should *not* have 

1736 # gotten any keyword arguments that map to the request. 

1737 has_flattened_params = any([name]) 

1738 if request is not None and has_flattened_params: 

1739 raise ValueError( 

1740 "If the `request` argument is set, then none of " 

1741 "the individual field arguments should be set." 

1742 ) 

1743 

1744 # - Use the request object if provided (there's no risk of modifying the input as 

1745 # there are no flattened fields), or create one. 

1746 if not isinstance(request, service.AccessSecretVersionRequest): 

1747 request = service.AccessSecretVersionRequest(request) 

1748 # If we have keyword arguments corresponding to fields on the 

1749 # request, apply these. 

1750 if name is not None: 

1751 request.name = name 

1752 

1753 # Wrap the RPC method; this adds retry and timeout information, 

1754 # and friendly error handling. 

1755 rpc = self._transport._wrapped_methods[self._transport.access_secret_version] 

1756 

1757 # Certain fields should be provided within the metadata header; 

1758 # add these here. 

1759 metadata = tuple(metadata) + ( 

1760 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), 

1761 ) 

1762 

1763 # Validate the universe domain. 

1764 self._validate_universe_domain() 

1765 

1766 # Send the request. 

1767 response = rpc( 

1768 request, 

1769 retry=retry, 

1770 timeout=timeout, 

1771 metadata=metadata, 

1772 ) 

1773 

1774 # Done; return the response. 

1775 return response 

1776 

1777 def disable_secret_version( 

1778 self, 

1779 request: Optional[Union[service.DisableSecretVersionRequest, dict]] = None, 

1780 *, 

1781 name: Optional[str] = None, 

1782 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

1783 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

1784 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

1785 ) -> resources.SecretVersion: 

1786 r"""Disables a 

1787 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

1788 

1789 Sets the 

1790 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the 

1791 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to 

1792 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED]. 

1793 

1794 .. code-block:: python 

1795 

1796 # This snippet has been automatically generated and should be regarded as a 

1797 # code template only. 

1798 # It will require modifications to work: 

1799 # - It may require correct/in-range values for request initialization. 

1800 # - It may require specifying regional endpoints when creating the service 

1801 # client as shown in: 

1802 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1803 from google.cloud import secretmanager_v1beta1 

1804 

1805 def sample_disable_secret_version(): 

1806 # Create a client 

1807 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1808 

1809 # Initialize request argument(s) 

1810 request = secretmanager_v1beta1.DisableSecretVersionRequest( 

1811 name="name_value", 

1812 ) 

1813 

1814 # Make the request 

1815 response = client.disable_secret_version(request=request) 

1816 

1817 # Handle the response 

1818 print(response) 

1819 

1820 Args: 

1821 request (Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]): 

1822 The request object. Request message for 

1823 [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion]. 

1824 name (str): 

1825 Required. The resource name of the 

1826 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

1827 to disable in the format 

1828 ``projects/*/secrets/*/versions/*``. 

1829 

1830 This corresponds to the ``name`` field 

1831 on the ``request`` instance; if ``request`` is provided, this 

1832 should not be set. 

1833 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1834 should be retried. 

1835 timeout (float): The timeout for this request. 

1836 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1837 sent along with the request as metadata. Normally, each value must be of type `str`, 

1838 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1839 be of type `bytes`. 

1840 

1841 Returns: 

1842 google.cloud.secretmanager_v1beta1.types.SecretVersion: 

1843 A secret version resource in the 

1844 Secret Manager API. 

1845 

1846 """ 

1847 # Create or coerce a protobuf request object. 

1848 # - Quick check: If we got a request object, we should *not* have 

1849 # gotten any keyword arguments that map to the request. 

1850 has_flattened_params = any([name]) 

1851 if request is not None and has_flattened_params: 

1852 raise ValueError( 

1853 "If the `request` argument is set, then none of " 

1854 "the individual field arguments should be set." 

1855 ) 

1856 

1857 # - Use the request object if provided (there's no risk of modifying the input as 

1858 # there are no flattened fields), or create one. 

1859 if not isinstance(request, service.DisableSecretVersionRequest): 

1860 request = service.DisableSecretVersionRequest(request) 

1861 # If we have keyword arguments corresponding to fields on the 

1862 # request, apply these. 

1863 if name is not None: 

1864 request.name = name 

1865 

1866 # Wrap the RPC method; this adds retry and timeout information, 

1867 # and friendly error handling. 

1868 rpc = self._transport._wrapped_methods[self._transport.disable_secret_version] 

1869 

1870 # Certain fields should be provided within the metadata header; 

1871 # add these here. 

1872 metadata = tuple(metadata) + ( 

1873 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), 

1874 ) 

1875 

1876 # Validate the universe domain. 

1877 self._validate_universe_domain() 

1878 

1879 # Send the request. 

1880 response = rpc( 

1881 request, 

1882 retry=retry, 

1883 timeout=timeout, 

1884 metadata=metadata, 

1885 ) 

1886 

1887 # Done; return the response. 

1888 return response 

1889 

1890 def enable_secret_version( 

1891 self, 

1892 request: Optional[Union[service.EnableSecretVersionRequest, dict]] = None, 

1893 *, 

1894 name: Optional[str] = None, 

1895 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

1896 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

1897 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

1898 ) -> resources.SecretVersion: 

1899 r"""Enables a 

1900 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

1901 

1902 Sets the 

1903 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the 

1904 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to 

1905 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED]. 

1906 

1907 .. code-block:: python 

1908 

1909 # This snippet has been automatically generated and should be regarded as a 

1910 # code template only. 

1911 # It will require modifications to work: 

1912 # - It may require correct/in-range values for request initialization. 

1913 # - It may require specifying regional endpoints when creating the service 

1914 # client as shown in: 

1915 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

1916 from google.cloud import secretmanager_v1beta1 

1917 

1918 def sample_enable_secret_version(): 

1919 # Create a client 

1920 client = secretmanager_v1beta1.SecretManagerServiceClient() 

1921 

1922 # Initialize request argument(s) 

1923 request = secretmanager_v1beta1.EnableSecretVersionRequest( 

1924 name="name_value", 

1925 ) 

1926 

1927 # Make the request 

1928 response = client.enable_secret_version(request=request) 

1929 

1930 # Handle the response 

1931 print(response) 

1932 

1933 Args: 

1934 request (Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]): 

1935 The request object. Request message for 

1936 [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion]. 

1937 name (str): 

1938 Required. The resource name of the 

1939 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

1940 to enable in the format 

1941 ``projects/*/secrets/*/versions/*``. 

1942 

1943 This corresponds to the ``name`` field 

1944 on the ``request`` instance; if ``request`` is provided, this 

1945 should not be set. 

1946 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

1947 should be retried. 

1948 timeout (float): The timeout for this request. 

1949 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

1950 sent along with the request as metadata. Normally, each value must be of type `str`, 

1951 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

1952 be of type `bytes`. 

1953 

1954 Returns: 

1955 google.cloud.secretmanager_v1beta1.types.SecretVersion: 

1956 A secret version resource in the 

1957 Secret Manager API. 

1958 

1959 """ 

1960 # Create or coerce a protobuf request object. 

1961 # - Quick check: If we got a request object, we should *not* have 

1962 # gotten any keyword arguments that map to the request. 

1963 has_flattened_params = any([name]) 

1964 if request is not None and has_flattened_params: 

1965 raise ValueError( 

1966 "If the `request` argument is set, then none of " 

1967 "the individual field arguments should be set." 

1968 ) 

1969 

1970 # - Use the request object if provided (there's no risk of modifying the input as 

1971 # there are no flattened fields), or create one. 

1972 if not isinstance(request, service.EnableSecretVersionRequest): 

1973 request = service.EnableSecretVersionRequest(request) 

1974 # If we have keyword arguments corresponding to fields on the 

1975 # request, apply these. 

1976 if name is not None: 

1977 request.name = name 

1978 

1979 # Wrap the RPC method; this adds retry and timeout information, 

1980 # and friendly error handling. 

1981 rpc = self._transport._wrapped_methods[self._transport.enable_secret_version] 

1982 

1983 # Certain fields should be provided within the metadata header; 

1984 # add these here. 

1985 metadata = tuple(metadata) + ( 

1986 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), 

1987 ) 

1988 

1989 # Validate the universe domain. 

1990 self._validate_universe_domain() 

1991 

1992 # Send the request. 

1993 response = rpc( 

1994 request, 

1995 retry=retry, 

1996 timeout=timeout, 

1997 metadata=metadata, 

1998 ) 

1999 

2000 # Done; return the response. 

2001 return response 

2002 

2003 def destroy_secret_version( 

2004 self, 

2005 request: Optional[Union[service.DestroySecretVersionRequest, dict]] = None, 

2006 *, 

2007 name: Optional[str] = None, 

2008 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

2009 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

2010 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

2011 ) -> resources.SecretVersion: 

2012 r"""Destroys a 

2013 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. 

2014 

2015 Sets the 

2016 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the 

2017 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to 

2018 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED] 

2019 and irrevocably destroys the secret data. 

2020 

2021 .. code-block:: python 

2022 

2023 # This snippet has been automatically generated and should be regarded as a 

2024 # code template only. 

2025 # It will require modifications to work: 

2026 # - It may require correct/in-range values for request initialization. 

2027 # - It may require specifying regional endpoints when creating the service 

2028 # client as shown in: 

2029 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

2030 from google.cloud import secretmanager_v1beta1 

2031 

2032 def sample_destroy_secret_version(): 

2033 # Create a client 

2034 client = secretmanager_v1beta1.SecretManagerServiceClient() 

2035 

2036 # Initialize request argument(s) 

2037 request = secretmanager_v1beta1.DestroySecretVersionRequest( 

2038 name="name_value", 

2039 ) 

2040 

2041 # Make the request 

2042 response = client.destroy_secret_version(request=request) 

2043 

2044 # Handle the response 

2045 print(response) 

2046 

2047 Args: 

2048 request (Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]): 

2049 The request object. Request message for 

2050 [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion]. 

2051 name (str): 

2052 Required. The resource name of the 

2053 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] 

2054 to destroy in the format 

2055 ``projects/*/secrets/*/versions/*``. 

2056 

2057 This corresponds to the ``name`` field 

2058 on the ``request`` instance; if ``request`` is provided, this 

2059 should not be set. 

2060 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

2061 should be retried. 

2062 timeout (float): The timeout for this request. 

2063 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

2064 sent along with the request as metadata. Normally, each value must be of type `str`, 

2065 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

2066 be of type `bytes`. 

2067 

2068 Returns: 

2069 google.cloud.secretmanager_v1beta1.types.SecretVersion: 

2070 A secret version resource in the 

2071 Secret Manager API. 

2072 

2073 """ 

2074 # Create or coerce a protobuf request object. 

2075 # - Quick check: If we got a request object, we should *not* have 

2076 # gotten any keyword arguments that map to the request. 

2077 has_flattened_params = any([name]) 

2078 if request is not None and has_flattened_params: 

2079 raise ValueError( 

2080 "If the `request` argument is set, then none of " 

2081 "the individual field arguments should be set." 

2082 ) 

2083 

2084 # - Use the request object if provided (there's no risk of modifying the input as 

2085 # there are no flattened fields), or create one. 

2086 if not isinstance(request, service.DestroySecretVersionRequest): 

2087 request = service.DestroySecretVersionRequest(request) 

2088 # If we have keyword arguments corresponding to fields on the 

2089 # request, apply these. 

2090 if name is not None: 

2091 request.name = name 

2092 

2093 # Wrap the RPC method; this adds retry and timeout information, 

2094 # and friendly error handling. 

2095 rpc = self._transport._wrapped_methods[self._transport.destroy_secret_version] 

2096 

2097 # Certain fields should be provided within the metadata header; 

2098 # add these here. 

2099 metadata = tuple(metadata) + ( 

2100 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), 

2101 ) 

2102 

2103 # Validate the universe domain. 

2104 self._validate_universe_domain() 

2105 

2106 # Send the request. 

2107 response = rpc( 

2108 request, 

2109 retry=retry, 

2110 timeout=timeout, 

2111 metadata=metadata, 

2112 ) 

2113 

2114 # Done; return the response. 

2115 return response 

2116 

2117 def set_iam_policy( 

2118 self, 

2119 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None, 

2120 *, 

2121 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

2122 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

2123 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

2124 ) -> policy_pb2.Policy: 

2125 r"""Sets the access control policy on the specified secret. Replaces 

2126 any existing policy. 

2127 

2128 Permissions on 

2129 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are 

2130 enforced according to the policy set on the associated 

2131 [Secret][google.cloud.secrets.v1beta1.Secret]. 

2132 

2133 .. code-block:: python 

2134 

2135 # This snippet has been automatically generated and should be regarded as a 

2136 # code template only. 

2137 # It will require modifications to work: 

2138 # - It may require correct/in-range values for request initialization. 

2139 # - It may require specifying regional endpoints when creating the service 

2140 # client as shown in: 

2141 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

2142 from google.cloud import secretmanager_v1beta1 

2143 from google.iam.v1 import iam_policy_pb2 # type: ignore 

2144 

2145 def sample_set_iam_policy(): 

2146 # Create a client 

2147 client = secretmanager_v1beta1.SecretManagerServiceClient() 

2148 

2149 # Initialize request argument(s) 

2150 request = iam_policy_pb2.SetIamPolicyRequest( 

2151 resource="resource_value", 

2152 ) 

2153 

2154 # Make the request 

2155 response = client.set_iam_policy(request=request) 

2156 

2157 # Handle the response 

2158 print(response) 

2159 

2160 Args: 

2161 request (Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]): 

2162 The request object. Request message for ``SetIamPolicy`` method. 

2163 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

2164 should be retried. 

2165 timeout (float): The timeout for this request. 

2166 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

2167 sent along with the request as metadata. Normally, each value must be of type `str`, 

2168 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

2169 be of type `bytes`. 

2170 

2171 Returns: 

2172 google.iam.v1.policy_pb2.Policy: 

2173 An Identity and Access Management (IAM) policy, which specifies access 

2174 controls for Google Cloud resources. 

2175 

2176 A Policy is a collection of bindings. A binding binds 

2177 one or more members, or principals, to a single role. 

2178 Principals can be user accounts, service accounts, 

2179 Google groups, and domains (such as G Suite). A role 

2180 is a named list of permissions; each role can be an 

2181 IAM predefined role or a user-created custom role. 

2182 

2183 For some types of Google Cloud resources, a binding 

2184 can also specify a condition, which is a logical 

2185 expression that allows access to a resource only if 

2186 the expression evaluates to true. A condition can add 

2187 constraints based on attributes of the request, the 

2188 resource, or both. To learn which resources support 

2189 conditions in their IAM policies, see the [IAM 

2190 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). 

2191 

2192 **JSON example:** 

2193 

2194 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \` 

2195 

2196 **YAML example:** 

2197 

2198 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \` 

2199 

2200 For a description of IAM and its features, see the 

2201 [IAM 

2202 documentation](\ https://cloud.google.com/iam/docs/). 

2203 

2204 """ 

2205 # Create or coerce a protobuf request object. 

2206 if isinstance(request, dict): 

2207 # - The request isn't a proto-plus wrapped type, 

2208 # so it must be constructed via keyword expansion. 

2209 request = iam_policy_pb2.SetIamPolicyRequest(**request) 

2210 elif not request: 

2211 # Null request, just make one. 

2212 request = iam_policy_pb2.SetIamPolicyRequest() 

2213 

2214 # Wrap the RPC method; this adds retry and timeout information, 

2215 # and friendly error handling. 

2216 rpc = self._transport._wrapped_methods[self._transport.set_iam_policy] 

2217 

2218 # Certain fields should be provided within the metadata header; 

2219 # add these here. 

2220 metadata = tuple(metadata) + ( 

2221 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), 

2222 ) 

2223 

2224 # Validate the universe domain. 

2225 self._validate_universe_domain() 

2226 

2227 # Send the request. 

2228 response = rpc( 

2229 request, 

2230 retry=retry, 

2231 timeout=timeout, 

2232 metadata=metadata, 

2233 ) 

2234 

2235 # Done; return the response. 

2236 return response 

2237 

2238 def get_iam_policy( 

2239 self, 

2240 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None, 

2241 *, 

2242 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

2243 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

2244 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

2245 ) -> policy_pb2.Policy: 

2246 r"""Gets the access control policy for a secret. 

2247 Returns empty policy if the secret exists and does not 

2248 have a policy set. 

2249 

2250 .. code-block:: python 

2251 

2252 # This snippet has been automatically generated and should be regarded as a 

2253 # code template only. 

2254 # It will require modifications to work: 

2255 # - It may require correct/in-range values for request initialization. 

2256 # - It may require specifying regional endpoints when creating the service 

2257 # client as shown in: 

2258 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

2259 from google.cloud import secretmanager_v1beta1 

2260 from google.iam.v1 import iam_policy_pb2 # type: ignore 

2261 

2262 def sample_get_iam_policy(): 

2263 # Create a client 

2264 client = secretmanager_v1beta1.SecretManagerServiceClient() 

2265 

2266 # Initialize request argument(s) 

2267 request = iam_policy_pb2.GetIamPolicyRequest( 

2268 resource="resource_value", 

2269 ) 

2270 

2271 # Make the request 

2272 response = client.get_iam_policy(request=request) 

2273 

2274 # Handle the response 

2275 print(response) 

2276 

2277 Args: 

2278 request (Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]): 

2279 The request object. Request message for ``GetIamPolicy`` method. 

2280 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

2281 should be retried. 

2282 timeout (float): The timeout for this request. 

2283 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

2284 sent along with the request as metadata. Normally, each value must be of type `str`, 

2285 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

2286 be of type `bytes`. 

2287 

2288 Returns: 

2289 google.iam.v1.policy_pb2.Policy: 

2290 An Identity and Access Management (IAM) policy, which specifies access 

2291 controls for Google Cloud resources. 

2292 

2293 A Policy is a collection of bindings. A binding binds 

2294 one or more members, or principals, to a single role. 

2295 Principals can be user accounts, service accounts, 

2296 Google groups, and domains (such as G Suite). A role 

2297 is a named list of permissions; each role can be an 

2298 IAM predefined role or a user-created custom role. 

2299 

2300 For some types of Google Cloud resources, a binding 

2301 can also specify a condition, which is a logical 

2302 expression that allows access to a resource only if 

2303 the expression evaluates to true. A condition can add 

2304 constraints based on attributes of the request, the 

2305 resource, or both. To learn which resources support 

2306 conditions in their IAM policies, see the [IAM 

2307 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). 

2308 

2309 **JSON example:** 

2310 

2311 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \` 

2312 

2313 **YAML example:** 

2314 

2315 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \` 

2316 

2317 For a description of IAM and its features, see the 

2318 [IAM 

2319 documentation](\ https://cloud.google.com/iam/docs/). 

2320 

2321 """ 

2322 # Create or coerce a protobuf request object. 

2323 if isinstance(request, dict): 

2324 # - The request isn't a proto-plus wrapped type, 

2325 # so it must be constructed via keyword expansion. 

2326 request = iam_policy_pb2.GetIamPolicyRequest(**request) 

2327 elif not request: 

2328 # Null request, just make one. 

2329 request = iam_policy_pb2.GetIamPolicyRequest() 

2330 

2331 # Wrap the RPC method; this adds retry and timeout information, 

2332 # and friendly error handling. 

2333 rpc = self._transport._wrapped_methods[self._transport.get_iam_policy] 

2334 

2335 # Certain fields should be provided within the metadata header; 

2336 # add these here. 

2337 metadata = tuple(metadata) + ( 

2338 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), 

2339 ) 

2340 

2341 # Validate the universe domain. 

2342 self._validate_universe_domain() 

2343 

2344 # Send the request. 

2345 response = rpc( 

2346 request, 

2347 retry=retry, 

2348 timeout=timeout, 

2349 metadata=metadata, 

2350 ) 

2351 

2352 # Done; return the response. 

2353 return response 

2354 

2355 def test_iam_permissions( 

2356 self, 

2357 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None, 

2358 *, 

2359 retry: OptionalRetry = gapic_v1.method.DEFAULT, 

2360 timeout: Union[float, object] = gapic_v1.method.DEFAULT, 

2361 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), 

2362 ) -> iam_policy_pb2.TestIamPermissionsResponse: 

2363 r"""Returns permissions that a caller has for the specified secret. 

2364 If the secret does not exist, this call returns an empty set of 

2365 permissions, not a NOT_FOUND error. 

2366 

2367 Note: This operation is designed to be used for building 

2368 permission-aware UIs and command-line tools, not for 

2369 authorization checking. This operation may "fail open" without 

2370 warning. 

2371 

2372 .. code-block:: python 

2373 

2374 # This snippet has been automatically generated and should be regarded as a 

2375 # code template only. 

2376 # It will require modifications to work: 

2377 # - It may require correct/in-range values for request initialization. 

2378 # - It may require specifying regional endpoints when creating the service 

2379 # client as shown in: 

2380 # https://googleapis.dev/python/google-api-core/latest/client_options.html 

2381 from google.cloud import secretmanager_v1beta1 

2382 from google.iam.v1 import iam_policy_pb2 # type: ignore 

2383 

2384 def sample_test_iam_permissions(): 

2385 # Create a client 

2386 client = secretmanager_v1beta1.SecretManagerServiceClient() 

2387 

2388 # Initialize request argument(s) 

2389 request = iam_policy_pb2.TestIamPermissionsRequest( 

2390 resource="resource_value", 

2391 permissions=['permissions_value1', 'permissions_value2'], 

2392 ) 

2393 

2394 # Make the request 

2395 response = client.test_iam_permissions(request=request) 

2396 

2397 # Handle the response 

2398 print(response) 

2399 

2400 Args: 

2401 request (Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]): 

2402 The request object. Request message for ``TestIamPermissions`` method. 

2403 retry (google.api_core.retry.Retry): Designation of what errors, if any, 

2404 should be retried. 

2405 timeout (float): The timeout for this request. 

2406 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be 

2407 sent along with the request as metadata. Normally, each value must be of type `str`, 

2408 but for metadata keys ending with the suffix `-bin`, the corresponding values must 

2409 be of type `bytes`. 

2410 

2411 Returns: 

2412 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: 

2413 Response message for TestIamPermissions method. 

2414 """ 

2415 # Create or coerce a protobuf request object. 

2416 if isinstance(request, dict): 

2417 # - The request isn't a proto-plus wrapped type, 

2418 # so it must be constructed via keyword expansion. 

2419 request = iam_policy_pb2.TestIamPermissionsRequest(**request) 

2420 elif not request: 

2421 # Null request, just make one. 

2422 request = iam_policy_pb2.TestIamPermissionsRequest() 

2423 

2424 # Wrap the RPC method; this adds retry and timeout information, 

2425 # and friendly error handling. 

2426 rpc = self._transport._wrapped_methods[self._transport.test_iam_permissions] 

2427 

2428 # Certain fields should be provided within the metadata header; 

2429 # add these here. 

2430 metadata = tuple(metadata) + ( 

2431 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), 

2432 ) 

2433 

2434 # Validate the universe domain. 

2435 self._validate_universe_domain() 

2436 

2437 # Send the request. 

2438 response = rpc( 

2439 request, 

2440 retry=retry, 

2441 timeout=timeout, 

2442 metadata=metadata, 

2443 ) 

2444 

2445 # Done; return the response. 

2446 return response 

2447 

2448 def __enter__(self) -> "SecretManagerServiceClient": 

2449 return self 

2450 

2451 def __exit__(self, type, value, traceback): 

2452 """Releases underlying transport's resources. 

2453 

2454 .. warning:: 

2455 ONLY use as a context manager if the transport is NOT shared 

2456 with other clients! Exiting the with block will CLOSE the transport 

2457 and may cause errors in other clients! 

2458 """ 

2459 self.transport.close() 

2460 

2461 

2462DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( 

2463 gapic_version=package_version.__version__ 

2464) 

2465 

2466 

2467__all__ = ("SecretManagerServiceClient",)