1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from collections import OrderedDict
17import logging as std_logging
18import os
19import re
20from typing import (
21 Callable,
22 Dict,
23 Mapping,
24 MutableMapping,
25 MutableSequence,
26 Optional,
27 Sequence,
28 Tuple,
29 Type,
30 Union,
31 cast,
32)
33import warnings
34
35from google.api_core import client_options as client_options_lib
36from google.api_core import exceptions as core_exceptions
37from google.api_core import gapic_v1
38from google.api_core import retry as retries
39from google.auth import credentials as ga_credentials # type: ignore
40from google.auth.exceptions import MutualTLSChannelError # type: ignore
41from google.auth.transport import mtls # type: ignore
42from google.auth.transport.grpc import SslCredentials # type: ignore
43from google.oauth2 import service_account # type: ignore
44
45from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
46
47try:
48 OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None]
49except AttributeError: # pragma: NO COVER
50 OptionalRetry = Union[retries.Retry, object, None] # type: ignore
51
52try:
53 from google.api_core import client_logging # type: ignore
54
55 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
56except ImportError: # pragma: NO COVER
57 CLIENT_LOGGING_SUPPORTED = False
58
59_LOGGER = std_logging.getLogger(__name__)
60
61from google.iam.v1 import iam_policy_pb2 # type: ignore
62from google.iam.v1 import policy_pb2 # type: ignore
63from google.protobuf import field_mask_pb2 # type: ignore
64from google.protobuf import timestamp_pb2 # type: ignore
65
66from google.cloud.secretmanager_v1beta1.services.secret_manager_service import pagers
67from google.cloud.secretmanager_v1beta1.types import resources, service
68
69from .transports.base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
70from .transports.grpc import SecretManagerServiceGrpcTransport
71from .transports.grpc_asyncio import SecretManagerServiceGrpcAsyncIOTransport
72from .transports.rest import SecretManagerServiceRestTransport
73
74
75class SecretManagerServiceClientMeta(type):
76 """Metaclass for the SecretManagerService client.
77
78 This provides class-level methods for building and retrieving
79 support objects (e.g. transport) without polluting the client instance
80 objects.
81 """
82
83 _transport_registry = (
84 OrderedDict()
85 ) # type: Dict[str, Type[SecretManagerServiceTransport]]
86 _transport_registry["grpc"] = SecretManagerServiceGrpcTransport
87 _transport_registry["grpc_asyncio"] = SecretManagerServiceGrpcAsyncIOTransport
88 _transport_registry["rest"] = SecretManagerServiceRestTransport
89
90 def get_transport_class(
91 cls,
92 label: Optional[str] = None,
93 ) -> Type[SecretManagerServiceTransport]:
94 """Returns an appropriate transport class.
95
96 Args:
97 label: The name of the desired transport. If none is
98 provided, then the first transport in the registry is used.
99
100 Returns:
101 The transport class to use.
102 """
103 # If a specific transport is requested, return that one.
104 if label:
105 return cls._transport_registry[label]
106
107 # No transport is requested; return the default (that is, the first one
108 # in the dictionary).
109 return next(iter(cls._transport_registry.values()))
110
111
112class SecretManagerServiceClient(metaclass=SecretManagerServiceClientMeta):
113 """Secret Manager Service
114
115 Manages secrets and operations using those secrets. Implements a
116 REST model with the following objects:
117
118 - [Secret][google.cloud.secrets.v1beta1.Secret]
119 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
120 """
121
122 @staticmethod
123 def _get_default_mtls_endpoint(api_endpoint):
124 """Converts api endpoint to mTLS endpoint.
125
126 Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
127 "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
128 Args:
129 api_endpoint (Optional[str]): the api endpoint to convert.
130 Returns:
131 str: converted mTLS api endpoint.
132 """
133 if not api_endpoint:
134 return api_endpoint
135
136 mtls_endpoint_re = re.compile(
137 r"(?P<name>[^.]+)(?P<mtls>\.mtls)?(?P<sandbox>\.sandbox)?(?P<googledomain>\.googleapis\.com)?"
138 )
139
140 m = mtls_endpoint_re.match(api_endpoint)
141 name, mtls, sandbox, googledomain = m.groups()
142 if mtls or not googledomain:
143 return api_endpoint
144
145 if sandbox:
146 return api_endpoint.replace(
147 "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
148 )
149
150 return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
151
152 # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead.
153 DEFAULT_ENDPOINT = "secretmanager.googleapis.com"
154 DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore
155 DEFAULT_ENDPOINT
156 )
157
158 _DEFAULT_ENDPOINT_TEMPLATE = "secretmanager.{UNIVERSE_DOMAIN}"
159 _DEFAULT_UNIVERSE = "googleapis.com"
160
161 @classmethod
162 def from_service_account_info(cls, info: dict, *args, **kwargs):
163 """Creates an instance of this client using the provided credentials
164 info.
165
166 Args:
167 info (dict): The service account private key info.
168 args: Additional arguments to pass to the constructor.
169 kwargs: Additional arguments to pass to the constructor.
170
171 Returns:
172 SecretManagerServiceClient: The constructed client.
173 """
174 credentials = service_account.Credentials.from_service_account_info(info)
175 kwargs["credentials"] = credentials
176 return cls(*args, **kwargs)
177
178 @classmethod
179 def from_service_account_file(cls, filename: str, *args, **kwargs):
180 """Creates an instance of this client using the provided credentials
181 file.
182
183 Args:
184 filename (str): The path to the service account private key json
185 file.
186 args: Additional arguments to pass to the constructor.
187 kwargs: Additional arguments to pass to the constructor.
188
189 Returns:
190 SecretManagerServiceClient: The constructed client.
191 """
192 credentials = service_account.Credentials.from_service_account_file(filename)
193 kwargs["credentials"] = credentials
194 return cls(*args, **kwargs)
195
196 from_service_account_json = from_service_account_file
197
198 @property
199 def transport(self) -> SecretManagerServiceTransport:
200 """Returns the transport used by the client instance.
201
202 Returns:
203 SecretManagerServiceTransport: The transport used by the client
204 instance.
205 """
206 return self._transport
207
208 @staticmethod
209 def secret_path(
210 project: str,
211 secret: str,
212 ) -> str:
213 """Returns a fully-qualified secret string."""
214 return "projects/{project}/secrets/{secret}".format(
215 project=project,
216 secret=secret,
217 )
218
219 @staticmethod
220 def parse_secret_path(path: str) -> Dict[str, str]:
221 """Parses a secret path into its component segments."""
222 m = re.match(r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)$", path)
223 return m.groupdict() if m else {}
224
225 @staticmethod
226 def secret_version_path(
227 project: str,
228 secret: str,
229 secret_version: str,
230 ) -> str:
231 """Returns a fully-qualified secret_version string."""
232 return "projects/{project}/secrets/{secret}/versions/{secret_version}".format(
233 project=project,
234 secret=secret,
235 secret_version=secret_version,
236 )
237
238 @staticmethod
239 def parse_secret_version_path(path: str) -> Dict[str, str]:
240 """Parses a secret_version path into its component segments."""
241 m = re.match(
242 r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)/versions/(?P<secret_version>.+?)$",
243 path,
244 )
245 return m.groupdict() if m else {}
246
247 @staticmethod
248 def common_billing_account_path(
249 billing_account: str,
250 ) -> str:
251 """Returns a fully-qualified billing_account string."""
252 return "billingAccounts/{billing_account}".format(
253 billing_account=billing_account,
254 )
255
256 @staticmethod
257 def parse_common_billing_account_path(path: str) -> Dict[str, str]:
258 """Parse a billing_account path into its component segments."""
259 m = re.match(r"^billingAccounts/(?P<billing_account>.+?)$", path)
260 return m.groupdict() if m else {}
261
262 @staticmethod
263 def common_folder_path(
264 folder: str,
265 ) -> str:
266 """Returns a fully-qualified folder string."""
267 return "folders/{folder}".format(
268 folder=folder,
269 )
270
271 @staticmethod
272 def parse_common_folder_path(path: str) -> Dict[str, str]:
273 """Parse a folder path into its component segments."""
274 m = re.match(r"^folders/(?P<folder>.+?)$", path)
275 return m.groupdict() if m else {}
276
277 @staticmethod
278 def common_organization_path(
279 organization: str,
280 ) -> str:
281 """Returns a fully-qualified organization string."""
282 return "organizations/{organization}".format(
283 organization=organization,
284 )
285
286 @staticmethod
287 def parse_common_organization_path(path: str) -> Dict[str, str]:
288 """Parse a organization path into its component segments."""
289 m = re.match(r"^organizations/(?P<organization>.+?)$", path)
290 return m.groupdict() if m else {}
291
292 @staticmethod
293 def common_project_path(
294 project: str,
295 ) -> str:
296 """Returns a fully-qualified project string."""
297 return "projects/{project}".format(
298 project=project,
299 )
300
301 @staticmethod
302 def parse_common_project_path(path: str) -> Dict[str, str]:
303 """Parse a project path into its component segments."""
304 m = re.match(r"^projects/(?P<project>.+?)$", path)
305 return m.groupdict() if m else {}
306
307 @staticmethod
308 def common_location_path(
309 project: str,
310 location: str,
311 ) -> str:
312 """Returns a fully-qualified location string."""
313 return "projects/{project}/locations/{location}".format(
314 project=project,
315 location=location,
316 )
317
318 @staticmethod
319 def parse_common_location_path(path: str) -> Dict[str, str]:
320 """Parse a location path into its component segments."""
321 m = re.match(r"^projects/(?P<project>.+?)/locations/(?P<location>.+?)$", path)
322 return m.groupdict() if m else {}
323
324 @classmethod
325 def get_mtls_endpoint_and_cert_source(
326 cls, client_options: Optional[client_options_lib.ClientOptions] = None
327 ):
328 """Deprecated. Return the API endpoint and client cert source for mutual TLS.
329
330 The client cert source is determined in the following order:
331 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
332 client cert source is None.
333 (2) if `client_options.client_cert_source` is provided, use the provided one; if the
334 default client cert source exists, use the default one; otherwise the client cert
335 source is None.
336
337 The API endpoint is determined in the following order:
338 (1) if `client_options.api_endpoint` if provided, use the provided one.
339 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
340 default mTLS endpoint; if the environment variable is "never", use the default API
341 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
342 use the default API endpoint.
343
344 More details can be found at https://google.aip.dev/auth/4114.
345
346 Args:
347 client_options (google.api_core.client_options.ClientOptions): Custom options for the
348 client. Only the `api_endpoint` and `client_cert_source` properties may be used
349 in this method.
350
351 Returns:
352 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
353 client cert source to use.
354
355 Raises:
356 google.auth.exceptions.MutualTLSChannelError: If any errors happen.
357 """
358
359 warnings.warn(
360 "get_mtls_endpoint_and_cert_source is deprecated. Use the api_endpoint property instead.",
361 DeprecationWarning,
362 )
363 if client_options is None:
364 client_options = client_options_lib.ClientOptions()
365 use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
366 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
367 if use_client_cert not in ("true", "false"):
368 raise ValueError(
369 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
370 )
371 if use_mtls_endpoint not in ("auto", "never", "always"):
372 raise MutualTLSChannelError(
373 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
374 )
375
376 # Figure out the client cert source to use.
377 client_cert_source = None
378 if use_client_cert == "true":
379 if client_options.client_cert_source:
380 client_cert_source = client_options.client_cert_source
381 elif mtls.has_default_client_cert_source():
382 client_cert_source = mtls.default_client_cert_source()
383
384 # Figure out which api endpoint to use.
385 if client_options.api_endpoint is not None:
386 api_endpoint = client_options.api_endpoint
387 elif use_mtls_endpoint == "always" or (
388 use_mtls_endpoint == "auto" and client_cert_source
389 ):
390 api_endpoint = cls.DEFAULT_MTLS_ENDPOINT
391 else:
392 api_endpoint = cls.DEFAULT_ENDPOINT
393
394 return api_endpoint, client_cert_source
395
396 @staticmethod
397 def _read_environment_variables():
398 """Returns the environment variables used by the client.
399
400 Returns:
401 Tuple[bool, str, str]: returns the GOOGLE_API_USE_CLIENT_CERTIFICATE,
402 GOOGLE_API_USE_MTLS_ENDPOINT, and GOOGLE_CLOUD_UNIVERSE_DOMAIN environment variables.
403
404 Raises:
405 ValueError: If GOOGLE_API_USE_CLIENT_CERTIFICATE is not
406 any of ["true", "false"].
407 google.auth.exceptions.MutualTLSChannelError: If GOOGLE_API_USE_MTLS_ENDPOINT
408 is not any of ["auto", "never", "always"].
409 """
410 use_client_cert = os.getenv(
411 "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
412 ).lower()
413 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()
414 universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")
415 if use_client_cert not in ("true", "false"):
416 raise ValueError(
417 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
418 )
419 if use_mtls_endpoint not in ("auto", "never", "always"):
420 raise MutualTLSChannelError(
421 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
422 )
423 return use_client_cert == "true", use_mtls_endpoint, universe_domain_env
424
425 @staticmethod
426 def _get_client_cert_source(provided_cert_source, use_cert_flag):
427 """Return the client cert source to be used by the client.
428
429 Args:
430 provided_cert_source (bytes): The client certificate source provided.
431 use_cert_flag (bool): A flag indicating whether to use the client certificate.
432
433 Returns:
434 bytes or None: The client cert source to be used by the client.
435 """
436 client_cert_source = None
437 if use_cert_flag:
438 if provided_cert_source:
439 client_cert_source = provided_cert_source
440 elif mtls.has_default_client_cert_source():
441 client_cert_source = mtls.default_client_cert_source()
442 return client_cert_source
443
444 @staticmethod
445 def _get_api_endpoint(
446 api_override, client_cert_source, universe_domain, use_mtls_endpoint
447 ):
448 """Return the API endpoint used by the client.
449
450 Args:
451 api_override (str): The API endpoint override. If specified, this is always
452 the return value of this function and the other arguments are not used.
453 client_cert_source (bytes): The client certificate source used by the client.
454 universe_domain (str): The universe domain used by the client.
455 use_mtls_endpoint (str): How to use the mTLS endpoint, which depends also on the other parameters.
456 Possible values are "always", "auto", or "never".
457
458 Returns:
459 str: The API endpoint to be used by the client.
460 """
461 if api_override is not None:
462 api_endpoint = api_override
463 elif use_mtls_endpoint == "always" or (
464 use_mtls_endpoint == "auto" and client_cert_source
465 ):
466 _default_universe = SecretManagerServiceClient._DEFAULT_UNIVERSE
467 if universe_domain != _default_universe:
468 raise MutualTLSChannelError(
469 f"mTLS is not supported in any universe other than {_default_universe}."
470 )
471 api_endpoint = SecretManagerServiceClient.DEFAULT_MTLS_ENDPOINT
472 else:
473 api_endpoint = SecretManagerServiceClient._DEFAULT_ENDPOINT_TEMPLATE.format(
474 UNIVERSE_DOMAIN=universe_domain
475 )
476 return api_endpoint
477
478 @staticmethod
479 def _get_universe_domain(
480 client_universe_domain: Optional[str], universe_domain_env: Optional[str]
481 ) -> str:
482 """Return the universe domain used by the client.
483
484 Args:
485 client_universe_domain (Optional[str]): The universe domain configured via the client options.
486 universe_domain_env (Optional[str]): The universe domain configured via the "GOOGLE_CLOUD_UNIVERSE_DOMAIN" environment variable.
487
488 Returns:
489 str: The universe domain to be used by the client.
490
491 Raises:
492 ValueError: If the universe domain is an empty string.
493 """
494 universe_domain = SecretManagerServiceClient._DEFAULT_UNIVERSE
495 if client_universe_domain is not None:
496 universe_domain = client_universe_domain
497 elif universe_domain_env is not None:
498 universe_domain = universe_domain_env
499 if len(universe_domain.strip()) == 0:
500 raise ValueError("Universe Domain cannot be an empty string.")
501 return universe_domain
502
503 def _validate_universe_domain(self):
504 """Validates client's and credentials' universe domains are consistent.
505
506 Returns:
507 bool: True iff the configured universe domain is valid.
508
509 Raises:
510 ValueError: If the configured universe domain is not valid.
511 """
512
513 # NOTE (b/349488459): universe validation is disabled until further notice.
514 return True
515
516 @property
517 def api_endpoint(self):
518 """Return the API endpoint used by the client instance.
519
520 Returns:
521 str: The API endpoint used by the client instance.
522 """
523 return self._api_endpoint
524
525 @property
526 def universe_domain(self) -> str:
527 """Return the universe domain used by the client instance.
528
529 Returns:
530 str: The universe domain used by the client instance.
531 """
532 return self._universe_domain
533
534 def __init__(
535 self,
536 *,
537 credentials: Optional[ga_credentials.Credentials] = None,
538 transport: Optional[
539 Union[
540 str,
541 SecretManagerServiceTransport,
542 Callable[..., SecretManagerServiceTransport],
543 ]
544 ] = None,
545 client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None,
546 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
547 ) -> None:
548 """Instantiates the secret manager service client.
549
550 Args:
551 credentials (Optional[google.auth.credentials.Credentials]): The
552 authorization credentials to attach to requests. These
553 credentials identify the application to the service; if none
554 are specified, the client will attempt to ascertain the
555 credentials from the environment.
556 transport (Optional[Union[str,SecretManagerServiceTransport,Callable[..., SecretManagerServiceTransport]]]):
557 The transport to use, or a Callable that constructs and returns a new transport.
558 If a Callable is given, it will be called with the same set of initialization
559 arguments as used in the SecretManagerServiceTransport constructor.
560 If set to None, a transport is chosen automatically.
561 client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]):
562 Custom options for the client.
563
564 1. The ``api_endpoint`` property can be used to override the
565 default endpoint provided by the client when ``transport`` is
566 not explicitly provided. Only if this property is not set and
567 ``transport`` was not explicitly provided, the endpoint is
568 determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment
569 variable, which have one of the following values:
570 "always" (always use the default mTLS endpoint), "never" (always
571 use the default regular endpoint) and "auto" (auto-switch to the
572 default mTLS endpoint if client certificate is present; this is
573 the default value).
574
575 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
576 is "true", then the ``client_cert_source`` property can be used
577 to provide a client certificate for mTLS transport. If
578 not provided, the default SSL client certificate will be used if
579 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
580 set, no client certificate will be used.
581
582 3. The ``universe_domain`` property can be used to override the
583 default "googleapis.com" universe. Note that the ``api_endpoint``
584 property still takes precedence; and ``universe_domain`` is
585 currently not supported for mTLS.
586
587 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
588 The client info used to send a user-agent string along with
589 API requests. If ``None``, then default info will be used.
590 Generally, you only need to set this if you're developing
591 your own client library.
592
593 Raises:
594 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
595 creation failed for any reason.
596 """
597 self._client_options = client_options
598 if isinstance(self._client_options, dict):
599 self._client_options = client_options_lib.from_dict(self._client_options)
600 if self._client_options is None:
601 self._client_options = client_options_lib.ClientOptions()
602 self._client_options = cast(
603 client_options_lib.ClientOptions, self._client_options
604 )
605
606 universe_domain_opt = getattr(self._client_options, "universe_domain", None)
607
608 (
609 self._use_client_cert,
610 self._use_mtls_endpoint,
611 self._universe_domain_env,
612 ) = SecretManagerServiceClient._read_environment_variables()
613 self._client_cert_source = SecretManagerServiceClient._get_client_cert_source(
614 self._client_options.client_cert_source, self._use_client_cert
615 )
616 self._universe_domain = SecretManagerServiceClient._get_universe_domain(
617 universe_domain_opt, self._universe_domain_env
618 )
619 self._api_endpoint = None # updated below, depending on `transport`
620
621 # Initialize the universe domain validation.
622 self._is_universe_domain_valid = False
623
624 if CLIENT_LOGGING_SUPPORTED: # pragma: NO COVER
625 # Setup logging.
626 client_logging.initialize_logging()
627
628 api_key_value = getattr(self._client_options, "api_key", None)
629 if api_key_value and credentials:
630 raise ValueError(
631 "client_options.api_key and credentials are mutually exclusive"
632 )
633
634 # Save or instantiate the transport.
635 # Ordinarily, we provide the transport, but allowing a custom transport
636 # instance provides an extensibility point for unusual situations.
637 transport_provided = isinstance(transport, SecretManagerServiceTransport)
638 if transport_provided:
639 # transport is a SecretManagerServiceTransport instance.
640 if credentials or self._client_options.credentials_file or api_key_value:
641 raise ValueError(
642 "When providing a transport instance, "
643 "provide its credentials directly."
644 )
645 if self._client_options.scopes:
646 raise ValueError(
647 "When providing a transport instance, provide its scopes "
648 "directly."
649 )
650 self._transport = cast(SecretManagerServiceTransport, transport)
651 self._api_endpoint = self._transport.host
652
653 self._api_endpoint = (
654 self._api_endpoint
655 or SecretManagerServiceClient._get_api_endpoint(
656 self._client_options.api_endpoint,
657 self._client_cert_source,
658 self._universe_domain,
659 self._use_mtls_endpoint,
660 )
661 )
662
663 if not transport_provided:
664 import google.auth._default # type: ignore
665
666 if api_key_value and hasattr(
667 google.auth._default, "get_api_key_credentials"
668 ):
669 credentials = google.auth._default.get_api_key_credentials(
670 api_key_value
671 )
672
673 transport_init: Union[
674 Type[SecretManagerServiceTransport],
675 Callable[..., SecretManagerServiceTransport],
676 ] = (
677 SecretManagerServiceClient.get_transport_class(transport)
678 if isinstance(transport, str) or transport is None
679 else cast(Callable[..., SecretManagerServiceTransport], transport)
680 )
681 # initialize with the provided callable or the passed in class
682 self._transport = transport_init(
683 credentials=credentials,
684 credentials_file=self._client_options.credentials_file,
685 host=self._api_endpoint,
686 scopes=self._client_options.scopes,
687 client_cert_source_for_mtls=self._client_cert_source,
688 quota_project_id=self._client_options.quota_project_id,
689 client_info=client_info,
690 always_use_jwt_access=True,
691 api_audience=self._client_options.api_audience,
692 )
693
694 if "async" not in str(self._transport):
695 if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
696 std_logging.DEBUG
697 ): # pragma: NO COVER
698 _LOGGER.debug(
699 "Created client `google.cloud.secrets_v1beta1.SecretManagerServiceClient`.",
700 extra={
701 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
702 "universeDomain": getattr(
703 self._transport._credentials, "universe_domain", ""
704 ),
705 "credentialsType": f"{type(self._transport._credentials).__module__}.{type(self._transport._credentials).__qualname__}",
706 "credentialsInfo": getattr(
707 self.transport._credentials, "get_cred_info", lambda: None
708 )(),
709 }
710 if hasattr(self._transport, "_credentials")
711 else {
712 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
713 "credentialsType": None,
714 },
715 )
716
717 def list_secrets(
718 self,
719 request: Optional[Union[service.ListSecretsRequest, dict]] = None,
720 *,
721 parent: Optional[str] = None,
722 retry: OptionalRetry = gapic_v1.method.DEFAULT,
723 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
724 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
725 ) -> pagers.ListSecretsPager:
726 r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
727
728 .. code-block:: python
729
730 # This snippet has been automatically generated and should be regarded as a
731 # code template only.
732 # It will require modifications to work:
733 # - It may require correct/in-range values for request initialization.
734 # - It may require specifying regional endpoints when creating the service
735 # client as shown in:
736 # https://googleapis.dev/python/google-api-core/latest/client_options.html
737 from google.cloud import secretmanager_v1beta1
738
739 def sample_list_secrets():
740 # Create a client
741 client = secretmanager_v1beta1.SecretManagerServiceClient()
742
743 # Initialize request argument(s)
744 request = secretmanager_v1beta1.ListSecretsRequest(
745 parent="parent_value",
746 )
747
748 # Make the request
749 page_result = client.list_secrets(request=request)
750
751 # Handle the response
752 for response in page_result:
753 print(response)
754
755 Args:
756 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]):
757 The request object. Request message for
758 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
759 parent (str):
760 Required. The resource name of the project associated
761 with the [Secrets][google.cloud.secrets.v1beta1.Secret],
762 in the format ``projects/*``.
763
764 This corresponds to the ``parent`` field
765 on the ``request`` instance; if ``request`` is provided, this
766 should not be set.
767 retry (google.api_core.retry.Retry): Designation of what errors, if any,
768 should be retried.
769 timeout (float): The timeout for this request.
770 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
771 sent along with the request as metadata. Normally, each value must be of type `str`,
772 but for metadata keys ending with the suffix `-bin`, the corresponding values must
773 be of type `bytes`.
774
775 Returns:
776 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsPager:
777 Response message for
778 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
779
780 Iterating over this object will yield results and
781 resolve additional pages automatically.
782
783 """
784 # Create or coerce a protobuf request object.
785 # - Quick check: If we got a request object, we should *not* have
786 # gotten any keyword arguments that map to the request.
787 has_flattened_params = any([parent])
788 if request is not None and has_flattened_params:
789 raise ValueError(
790 "If the `request` argument is set, then none of "
791 "the individual field arguments should be set."
792 )
793
794 # - Use the request object if provided (there's no risk of modifying the input as
795 # there are no flattened fields), or create one.
796 if not isinstance(request, service.ListSecretsRequest):
797 request = service.ListSecretsRequest(request)
798 # If we have keyword arguments corresponding to fields on the
799 # request, apply these.
800 if parent is not None:
801 request.parent = parent
802
803 # Wrap the RPC method; this adds retry and timeout information,
804 # and friendly error handling.
805 rpc = self._transport._wrapped_methods[self._transport.list_secrets]
806
807 # Certain fields should be provided within the metadata header;
808 # add these here.
809 metadata = tuple(metadata) + (
810 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
811 )
812
813 # Validate the universe domain.
814 self._validate_universe_domain()
815
816 # Send the request.
817 response = rpc(
818 request,
819 retry=retry,
820 timeout=timeout,
821 metadata=metadata,
822 )
823
824 # This method is paged; wrap the response in a pager, which provides
825 # an `__iter__` convenience method.
826 response = pagers.ListSecretsPager(
827 method=rpc,
828 request=request,
829 response=response,
830 retry=retry,
831 timeout=timeout,
832 metadata=metadata,
833 )
834
835 # Done; return the response.
836 return response
837
838 def create_secret(
839 self,
840 request: Optional[Union[service.CreateSecretRequest, dict]] = None,
841 *,
842 parent: Optional[str] = None,
843 secret_id: Optional[str] = None,
844 secret: Optional[resources.Secret] = None,
845 retry: OptionalRetry = gapic_v1.method.DEFAULT,
846 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
847 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
848 ) -> resources.Secret:
849 r"""Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
850 containing no
851 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
852
853 .. code-block:: python
854
855 # This snippet has been automatically generated and should be regarded as a
856 # code template only.
857 # It will require modifications to work:
858 # - It may require correct/in-range values for request initialization.
859 # - It may require specifying regional endpoints when creating the service
860 # client as shown in:
861 # https://googleapis.dev/python/google-api-core/latest/client_options.html
862 from google.cloud import secretmanager_v1beta1
863
864 def sample_create_secret():
865 # Create a client
866 client = secretmanager_v1beta1.SecretManagerServiceClient()
867
868 # Initialize request argument(s)
869 request = secretmanager_v1beta1.CreateSecretRequest(
870 parent="parent_value",
871 secret_id="secret_id_value",
872 )
873
874 # Make the request
875 response = client.create_secret(request=request)
876
877 # Handle the response
878 print(response)
879
880 Args:
881 request (Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]):
882 The request object. Request message for
883 [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret].
884 parent (str):
885 Required. The resource name of the project to associate
886 with the [Secret][google.cloud.secrets.v1beta1.Secret],
887 in the format ``projects/*``.
888
889 This corresponds to the ``parent`` field
890 on the ``request`` instance; if ``request`` is provided, this
891 should not be set.
892 secret_id (str):
893 Required. This must be unique within the project.
894
895 A secret ID is a string with a maximum length of 255
896 characters and can contain uppercase and lowercase
897 letters, numerals, and the hyphen (``-``) and underscore
898 (``_``) characters.
899
900 This corresponds to the ``secret_id`` field
901 on the ``request`` instance; if ``request`` is provided, this
902 should not be set.
903 secret (google.cloud.secretmanager_v1beta1.types.Secret):
904 Required. A
905 [Secret][google.cloud.secrets.v1beta1.Secret] with
906 initial field values.
907
908 This corresponds to the ``secret`` field
909 on the ``request`` instance; if ``request`` is provided, this
910 should not be set.
911 retry (google.api_core.retry.Retry): Designation of what errors, if any,
912 should be retried.
913 timeout (float): The timeout for this request.
914 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
915 sent along with the request as metadata. Normally, each value must be of type `str`,
916 but for metadata keys ending with the suffix `-bin`, the corresponding values must
917 be of type `bytes`.
918
919 Returns:
920 google.cloud.secretmanager_v1beta1.types.Secret:
921 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
922 be accessed.
923
924 A [Secret][google.cloud.secrets.v1beta1.Secret] is
925 made up of zero or more
926 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
927 that represent the secret data.
928
929 """
930 # Create or coerce a protobuf request object.
931 # - Quick check: If we got a request object, we should *not* have
932 # gotten any keyword arguments that map to the request.
933 has_flattened_params = any([parent, secret_id, secret])
934 if request is not None and has_flattened_params:
935 raise ValueError(
936 "If the `request` argument is set, then none of "
937 "the individual field arguments should be set."
938 )
939
940 # - Use the request object if provided (there's no risk of modifying the input as
941 # there are no flattened fields), or create one.
942 if not isinstance(request, service.CreateSecretRequest):
943 request = service.CreateSecretRequest(request)
944 # If we have keyword arguments corresponding to fields on the
945 # request, apply these.
946 if parent is not None:
947 request.parent = parent
948 if secret_id is not None:
949 request.secret_id = secret_id
950 if secret is not None:
951 request.secret = secret
952
953 # Wrap the RPC method; this adds retry and timeout information,
954 # and friendly error handling.
955 rpc = self._transport._wrapped_methods[self._transport.create_secret]
956
957 # Certain fields should be provided within the metadata header;
958 # add these here.
959 metadata = tuple(metadata) + (
960 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
961 )
962
963 # Validate the universe domain.
964 self._validate_universe_domain()
965
966 # Send the request.
967 response = rpc(
968 request,
969 retry=retry,
970 timeout=timeout,
971 metadata=metadata,
972 )
973
974 # Done; return the response.
975 return response
976
977 def add_secret_version(
978 self,
979 request: Optional[Union[service.AddSecretVersionRequest, dict]] = None,
980 *,
981 parent: Optional[str] = None,
982 payload: Optional[resources.SecretPayload] = None,
983 retry: OptionalRetry = gapic_v1.method.DEFAULT,
984 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
985 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
986 ) -> resources.SecretVersion:
987 r"""Creates a new
988 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
989 containing secret data and attaches it to an existing
990 [Secret][google.cloud.secrets.v1beta1.Secret].
991
992 .. code-block:: python
993
994 # This snippet has been automatically generated and should be regarded as a
995 # code template only.
996 # It will require modifications to work:
997 # - It may require correct/in-range values for request initialization.
998 # - It may require specifying regional endpoints when creating the service
999 # client as shown in:
1000 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1001 from google.cloud import secretmanager_v1beta1
1002
1003 def sample_add_secret_version():
1004 # Create a client
1005 client = secretmanager_v1beta1.SecretManagerServiceClient()
1006
1007 # Initialize request argument(s)
1008 request = secretmanager_v1beta1.AddSecretVersionRequest(
1009 parent="parent_value",
1010 )
1011
1012 # Make the request
1013 response = client.add_secret_version(request=request)
1014
1015 # Handle the response
1016 print(response)
1017
1018 Args:
1019 request (Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]):
1020 The request object. Request message for
1021 [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion].
1022 parent (str):
1023 Required. The resource name of the
1024 [Secret][google.cloud.secrets.v1beta1.Secret] to
1025 associate with the
1026 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1027 in the format ``projects/*/secrets/*``.
1028
1029 This corresponds to the ``parent`` field
1030 on the ``request`` instance; if ``request`` is provided, this
1031 should not be set.
1032 payload (google.cloud.secretmanager_v1beta1.types.SecretPayload):
1033 Required. The secret payload of the
1034 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1035
1036 This corresponds to the ``payload`` field
1037 on the ``request`` instance; if ``request`` is provided, this
1038 should not be set.
1039 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1040 should be retried.
1041 timeout (float): The timeout for this request.
1042 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1043 sent along with the request as metadata. Normally, each value must be of type `str`,
1044 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1045 be of type `bytes`.
1046
1047 Returns:
1048 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1049 A secret version resource in the
1050 Secret Manager API.
1051
1052 """
1053 # Create or coerce a protobuf request object.
1054 # - Quick check: If we got a request object, we should *not* have
1055 # gotten any keyword arguments that map to the request.
1056 has_flattened_params = any([parent, payload])
1057 if request is not None and has_flattened_params:
1058 raise ValueError(
1059 "If the `request` argument is set, then none of "
1060 "the individual field arguments should be set."
1061 )
1062
1063 # - Use the request object if provided (there's no risk of modifying the input as
1064 # there are no flattened fields), or create one.
1065 if not isinstance(request, service.AddSecretVersionRequest):
1066 request = service.AddSecretVersionRequest(request)
1067 # If we have keyword arguments corresponding to fields on the
1068 # request, apply these.
1069 if parent is not None:
1070 request.parent = parent
1071 if payload is not None:
1072 request.payload = payload
1073
1074 # Wrap the RPC method; this adds retry and timeout information,
1075 # and friendly error handling.
1076 rpc = self._transport._wrapped_methods[self._transport.add_secret_version]
1077
1078 # Certain fields should be provided within the metadata header;
1079 # add these here.
1080 metadata = tuple(metadata) + (
1081 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1082 )
1083
1084 # Validate the universe domain.
1085 self._validate_universe_domain()
1086
1087 # Send the request.
1088 response = rpc(
1089 request,
1090 retry=retry,
1091 timeout=timeout,
1092 metadata=metadata,
1093 )
1094
1095 # Done; return the response.
1096 return response
1097
1098 def get_secret(
1099 self,
1100 request: Optional[Union[service.GetSecretRequest, dict]] = None,
1101 *,
1102 name: Optional[str] = None,
1103 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1104 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1105 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1106 ) -> resources.Secret:
1107 r"""Gets metadata for a given
1108 [Secret][google.cloud.secrets.v1beta1.Secret].
1109
1110 .. code-block:: python
1111
1112 # This snippet has been automatically generated and should be regarded as a
1113 # code template only.
1114 # It will require modifications to work:
1115 # - It may require correct/in-range values for request initialization.
1116 # - It may require specifying regional endpoints when creating the service
1117 # client as shown in:
1118 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1119 from google.cloud import secretmanager_v1beta1
1120
1121 def sample_get_secret():
1122 # Create a client
1123 client = secretmanager_v1beta1.SecretManagerServiceClient()
1124
1125 # Initialize request argument(s)
1126 request = secretmanager_v1beta1.GetSecretRequest(
1127 name="name_value",
1128 )
1129
1130 # Make the request
1131 response = client.get_secret(request=request)
1132
1133 # Handle the response
1134 print(response)
1135
1136 Args:
1137 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]):
1138 The request object. Request message for
1139 [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret].
1140 name (str):
1141 Required. The resource name of the
1142 [Secret][google.cloud.secrets.v1beta1.Secret], in the
1143 format ``projects/*/secrets/*``.
1144
1145 This corresponds to the ``name`` field
1146 on the ``request`` instance; if ``request`` is provided, this
1147 should not be set.
1148 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1149 should be retried.
1150 timeout (float): The timeout for this request.
1151 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1152 sent along with the request as metadata. Normally, each value must be of type `str`,
1153 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1154 be of type `bytes`.
1155
1156 Returns:
1157 google.cloud.secretmanager_v1beta1.types.Secret:
1158 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
1159 be accessed.
1160
1161 A [Secret][google.cloud.secrets.v1beta1.Secret] is
1162 made up of zero or more
1163 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1164 that represent the secret data.
1165
1166 """
1167 # Create or coerce a protobuf request object.
1168 # - Quick check: If we got a request object, we should *not* have
1169 # gotten any keyword arguments that map to the request.
1170 has_flattened_params = any([name])
1171 if request is not None and has_flattened_params:
1172 raise ValueError(
1173 "If the `request` argument is set, then none of "
1174 "the individual field arguments should be set."
1175 )
1176
1177 # - Use the request object if provided (there's no risk of modifying the input as
1178 # there are no flattened fields), or create one.
1179 if not isinstance(request, service.GetSecretRequest):
1180 request = service.GetSecretRequest(request)
1181 # If we have keyword arguments corresponding to fields on the
1182 # request, apply these.
1183 if name is not None:
1184 request.name = name
1185
1186 # Wrap the RPC method; this adds retry and timeout information,
1187 # and friendly error handling.
1188 rpc = self._transport._wrapped_methods[self._transport.get_secret]
1189
1190 # Certain fields should be provided within the metadata header;
1191 # add these here.
1192 metadata = tuple(metadata) + (
1193 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1194 )
1195
1196 # Validate the universe domain.
1197 self._validate_universe_domain()
1198
1199 # Send the request.
1200 response = rpc(
1201 request,
1202 retry=retry,
1203 timeout=timeout,
1204 metadata=metadata,
1205 )
1206
1207 # Done; return the response.
1208 return response
1209
1210 def update_secret(
1211 self,
1212 request: Optional[Union[service.UpdateSecretRequest, dict]] = None,
1213 *,
1214 secret: Optional[resources.Secret] = None,
1215 update_mask: Optional[field_mask_pb2.FieldMask] = None,
1216 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1217 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1218 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1219 ) -> resources.Secret:
1220 r"""Updates metadata of an existing
1221 [Secret][google.cloud.secrets.v1beta1.Secret].
1222
1223 .. code-block:: python
1224
1225 # This snippet has been automatically generated and should be regarded as a
1226 # code template only.
1227 # It will require modifications to work:
1228 # - It may require correct/in-range values for request initialization.
1229 # - It may require specifying regional endpoints when creating the service
1230 # client as shown in:
1231 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1232 from google.cloud import secretmanager_v1beta1
1233
1234 def sample_update_secret():
1235 # Create a client
1236 client = secretmanager_v1beta1.SecretManagerServiceClient()
1237
1238 # Initialize request argument(s)
1239 request = secretmanager_v1beta1.UpdateSecretRequest(
1240 )
1241
1242 # Make the request
1243 response = client.update_secret(request=request)
1244
1245 # Handle the response
1246 print(response)
1247
1248 Args:
1249 request (Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]):
1250 The request object. Request message for
1251 [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret].
1252 secret (google.cloud.secretmanager_v1beta1.types.Secret):
1253 Required. [Secret][google.cloud.secrets.v1beta1.Secret]
1254 with updated field values.
1255
1256 This corresponds to the ``secret`` field
1257 on the ``request`` instance; if ``request`` is provided, this
1258 should not be set.
1259 update_mask (google.protobuf.field_mask_pb2.FieldMask):
1260 Required. Specifies the fields to be
1261 updated.
1262
1263 This corresponds to the ``update_mask`` field
1264 on the ``request`` instance; if ``request`` is provided, this
1265 should not be set.
1266 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1267 should be retried.
1268 timeout (float): The timeout for this request.
1269 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1270 sent along with the request as metadata. Normally, each value must be of type `str`,
1271 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1272 be of type `bytes`.
1273
1274 Returns:
1275 google.cloud.secretmanager_v1beta1.types.Secret:
1276 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
1277 be accessed.
1278
1279 A [Secret][google.cloud.secrets.v1beta1.Secret] is
1280 made up of zero or more
1281 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1282 that represent the secret data.
1283
1284 """
1285 # Create or coerce a protobuf request object.
1286 # - Quick check: If we got a request object, we should *not* have
1287 # gotten any keyword arguments that map to the request.
1288 has_flattened_params = any([secret, update_mask])
1289 if request is not None and has_flattened_params:
1290 raise ValueError(
1291 "If the `request` argument is set, then none of "
1292 "the individual field arguments should be set."
1293 )
1294
1295 # - Use the request object if provided (there's no risk of modifying the input as
1296 # there are no flattened fields), or create one.
1297 if not isinstance(request, service.UpdateSecretRequest):
1298 request = service.UpdateSecretRequest(request)
1299 # If we have keyword arguments corresponding to fields on the
1300 # request, apply these.
1301 if secret is not None:
1302 request.secret = secret
1303 if update_mask is not None:
1304 request.update_mask = update_mask
1305
1306 # Wrap the RPC method; this adds retry and timeout information,
1307 # and friendly error handling.
1308 rpc = self._transport._wrapped_methods[self._transport.update_secret]
1309
1310 # Certain fields should be provided within the metadata header;
1311 # add these here.
1312 metadata = tuple(metadata) + (
1313 gapic_v1.routing_header.to_grpc_metadata(
1314 (("secret.name", request.secret.name),)
1315 ),
1316 )
1317
1318 # Validate the universe domain.
1319 self._validate_universe_domain()
1320
1321 # Send the request.
1322 response = rpc(
1323 request,
1324 retry=retry,
1325 timeout=timeout,
1326 metadata=metadata,
1327 )
1328
1329 # Done; return the response.
1330 return response
1331
1332 def delete_secret(
1333 self,
1334 request: Optional[Union[service.DeleteSecretRequest, dict]] = None,
1335 *,
1336 name: Optional[str] = None,
1337 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1338 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1339 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1340 ) -> None:
1341 r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
1342
1343 .. code-block:: python
1344
1345 # This snippet has been automatically generated and should be regarded as a
1346 # code template only.
1347 # It will require modifications to work:
1348 # - It may require correct/in-range values for request initialization.
1349 # - It may require specifying regional endpoints when creating the service
1350 # client as shown in:
1351 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1352 from google.cloud import secretmanager_v1beta1
1353
1354 def sample_delete_secret():
1355 # Create a client
1356 client = secretmanager_v1beta1.SecretManagerServiceClient()
1357
1358 # Initialize request argument(s)
1359 request = secretmanager_v1beta1.DeleteSecretRequest(
1360 name="name_value",
1361 )
1362
1363 # Make the request
1364 client.delete_secret(request=request)
1365
1366 Args:
1367 request (Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]):
1368 The request object. Request message for
1369 [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret].
1370 name (str):
1371 Required. The resource name of the
1372 [Secret][google.cloud.secrets.v1beta1.Secret] to delete
1373 in the format ``projects/*/secrets/*``.
1374
1375 This corresponds to the ``name`` field
1376 on the ``request`` instance; if ``request`` is provided, this
1377 should not be set.
1378 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1379 should be retried.
1380 timeout (float): The timeout for this request.
1381 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1382 sent along with the request as metadata. Normally, each value must be of type `str`,
1383 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1384 be of type `bytes`.
1385 """
1386 # Create or coerce a protobuf request object.
1387 # - Quick check: If we got a request object, we should *not* have
1388 # gotten any keyword arguments that map to the request.
1389 has_flattened_params = any([name])
1390 if request is not None and has_flattened_params:
1391 raise ValueError(
1392 "If the `request` argument is set, then none of "
1393 "the individual field arguments should be set."
1394 )
1395
1396 # - Use the request object if provided (there's no risk of modifying the input as
1397 # there are no flattened fields), or create one.
1398 if not isinstance(request, service.DeleteSecretRequest):
1399 request = service.DeleteSecretRequest(request)
1400 # If we have keyword arguments corresponding to fields on the
1401 # request, apply these.
1402 if name is not None:
1403 request.name = name
1404
1405 # Wrap the RPC method; this adds retry and timeout information,
1406 # and friendly error handling.
1407 rpc = self._transport._wrapped_methods[self._transport.delete_secret]
1408
1409 # Certain fields should be provided within the metadata header;
1410 # add these here.
1411 metadata = tuple(metadata) + (
1412 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1413 )
1414
1415 # Validate the universe domain.
1416 self._validate_universe_domain()
1417
1418 # Send the request.
1419 rpc(
1420 request,
1421 retry=retry,
1422 timeout=timeout,
1423 metadata=metadata,
1424 )
1425
1426 def list_secret_versions(
1427 self,
1428 request: Optional[Union[service.ListSecretVersionsRequest, dict]] = None,
1429 *,
1430 parent: Optional[str] = None,
1431 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1432 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1433 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1434 ) -> pagers.ListSecretVersionsPager:
1435 r"""Lists
1436 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
1437 This call does not return secret data.
1438
1439 .. code-block:: python
1440
1441 # This snippet has been automatically generated and should be regarded as a
1442 # code template only.
1443 # It will require modifications to work:
1444 # - It may require correct/in-range values for request initialization.
1445 # - It may require specifying regional endpoints when creating the service
1446 # client as shown in:
1447 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1448 from google.cloud import secretmanager_v1beta1
1449
1450 def sample_list_secret_versions():
1451 # Create a client
1452 client = secretmanager_v1beta1.SecretManagerServiceClient()
1453
1454 # Initialize request argument(s)
1455 request = secretmanager_v1beta1.ListSecretVersionsRequest(
1456 parent="parent_value",
1457 )
1458
1459 # Make the request
1460 page_result = client.list_secret_versions(request=request)
1461
1462 # Handle the response
1463 for response in page_result:
1464 print(response)
1465
1466 Args:
1467 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]):
1468 The request object. Request message for
1469 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1470 parent (str):
1471 Required. The resource name of the
1472 [Secret][google.cloud.secrets.v1beta1.Secret] associated
1473 with the
1474 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1475 to list, in the format ``projects/*/secrets/*``.
1476
1477 This corresponds to the ``parent`` field
1478 on the ``request`` instance; if ``request`` is provided, this
1479 should not be set.
1480 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1481 should be retried.
1482 timeout (float): The timeout for this request.
1483 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1484 sent along with the request as metadata. Normally, each value must be of type `str`,
1485 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1486 be of type `bytes`.
1487
1488 Returns:
1489 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsPager:
1490 Response message for
1491 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1492
1493 Iterating over this object will yield results and
1494 resolve additional pages automatically.
1495
1496 """
1497 # Create or coerce a protobuf request object.
1498 # - Quick check: If we got a request object, we should *not* have
1499 # gotten any keyword arguments that map to the request.
1500 has_flattened_params = any([parent])
1501 if request is not None and has_flattened_params:
1502 raise ValueError(
1503 "If the `request` argument is set, then none of "
1504 "the individual field arguments should be set."
1505 )
1506
1507 # - Use the request object if provided (there's no risk of modifying the input as
1508 # there are no flattened fields), or create one.
1509 if not isinstance(request, service.ListSecretVersionsRequest):
1510 request = service.ListSecretVersionsRequest(request)
1511 # If we have keyword arguments corresponding to fields on the
1512 # request, apply these.
1513 if parent is not None:
1514 request.parent = parent
1515
1516 # Wrap the RPC method; this adds retry and timeout information,
1517 # and friendly error handling.
1518 rpc = self._transport._wrapped_methods[self._transport.list_secret_versions]
1519
1520 # Certain fields should be provided within the metadata header;
1521 # add these here.
1522 metadata = tuple(metadata) + (
1523 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1524 )
1525
1526 # Validate the universe domain.
1527 self._validate_universe_domain()
1528
1529 # Send the request.
1530 response = rpc(
1531 request,
1532 retry=retry,
1533 timeout=timeout,
1534 metadata=metadata,
1535 )
1536
1537 # This method is paged; wrap the response in a pager, which provides
1538 # an `__iter__` convenience method.
1539 response = pagers.ListSecretVersionsPager(
1540 method=rpc,
1541 request=request,
1542 response=response,
1543 retry=retry,
1544 timeout=timeout,
1545 metadata=metadata,
1546 )
1547
1548 # Done; return the response.
1549 return response
1550
1551 def get_secret_version(
1552 self,
1553 request: Optional[Union[service.GetSecretVersionRequest, dict]] = None,
1554 *,
1555 name: Optional[str] = None,
1556 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1557 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1558 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1559 ) -> resources.SecretVersion:
1560 r"""Gets metadata for a
1561 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1562
1563 ``projects/*/secrets/*/versions/latest`` is an alias to the
1564 ``latest``
1565 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1566
1567 .. code-block:: python
1568
1569 # This snippet has been automatically generated and should be regarded as a
1570 # code template only.
1571 # It will require modifications to work:
1572 # - It may require correct/in-range values for request initialization.
1573 # - It may require specifying regional endpoints when creating the service
1574 # client as shown in:
1575 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1576 from google.cloud import secretmanager_v1beta1
1577
1578 def sample_get_secret_version():
1579 # Create a client
1580 client = secretmanager_v1beta1.SecretManagerServiceClient()
1581
1582 # Initialize request argument(s)
1583 request = secretmanager_v1beta1.GetSecretVersionRequest(
1584 name="name_value",
1585 )
1586
1587 # Make the request
1588 response = client.get_secret_version(request=request)
1589
1590 # Handle the response
1591 print(response)
1592
1593 Args:
1594 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]):
1595 The request object. Request message for
1596 [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion].
1597 name (str):
1598 Required. The resource name of the
1599 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1600 in the format ``projects/*/secrets/*/versions/*``.
1601 ``projects/*/secrets/*/versions/latest`` is an alias to
1602 the ``latest``
1603 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1604
1605 This corresponds to the ``name`` field
1606 on the ``request`` instance; if ``request`` is provided, this
1607 should not be set.
1608 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1609 should be retried.
1610 timeout (float): The timeout for this request.
1611 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1612 sent along with the request as metadata. Normally, each value must be of type `str`,
1613 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1614 be of type `bytes`.
1615
1616 Returns:
1617 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1618 A secret version resource in the
1619 Secret Manager API.
1620
1621 """
1622 # Create or coerce a protobuf request object.
1623 # - Quick check: If we got a request object, we should *not* have
1624 # gotten any keyword arguments that map to the request.
1625 has_flattened_params = any([name])
1626 if request is not None and has_flattened_params:
1627 raise ValueError(
1628 "If the `request` argument is set, then none of "
1629 "the individual field arguments should be set."
1630 )
1631
1632 # - Use the request object if provided (there's no risk of modifying the input as
1633 # there are no flattened fields), or create one.
1634 if not isinstance(request, service.GetSecretVersionRequest):
1635 request = service.GetSecretVersionRequest(request)
1636 # If we have keyword arguments corresponding to fields on the
1637 # request, apply these.
1638 if name is not None:
1639 request.name = name
1640
1641 # Wrap the RPC method; this adds retry and timeout information,
1642 # and friendly error handling.
1643 rpc = self._transport._wrapped_methods[self._transport.get_secret_version]
1644
1645 # Certain fields should be provided within the metadata header;
1646 # add these here.
1647 metadata = tuple(metadata) + (
1648 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1649 )
1650
1651 # Validate the universe domain.
1652 self._validate_universe_domain()
1653
1654 # Send the request.
1655 response = rpc(
1656 request,
1657 retry=retry,
1658 timeout=timeout,
1659 metadata=metadata,
1660 )
1661
1662 # Done; return the response.
1663 return response
1664
1665 def access_secret_version(
1666 self,
1667 request: Optional[Union[service.AccessSecretVersionRequest, dict]] = None,
1668 *,
1669 name: Optional[str] = None,
1670 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1671 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1672 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1673 ) -> service.AccessSecretVersionResponse:
1674 r"""Accesses a
1675 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1676 This call returns the secret data.
1677
1678 ``projects/*/secrets/*/versions/latest`` is an alias to the
1679 ``latest``
1680 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1681
1682 .. code-block:: python
1683
1684 # This snippet has been automatically generated and should be regarded as a
1685 # code template only.
1686 # It will require modifications to work:
1687 # - It may require correct/in-range values for request initialization.
1688 # - It may require specifying regional endpoints when creating the service
1689 # client as shown in:
1690 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1691 from google.cloud import secretmanager_v1beta1
1692
1693 def sample_access_secret_version():
1694 # Create a client
1695 client = secretmanager_v1beta1.SecretManagerServiceClient()
1696
1697 # Initialize request argument(s)
1698 request = secretmanager_v1beta1.AccessSecretVersionRequest(
1699 name="name_value",
1700 )
1701
1702 # Make the request
1703 response = client.access_secret_version(request=request)
1704
1705 # Handle the response
1706 print(response)
1707
1708 Args:
1709 request (Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]):
1710 The request object. Request message for
1711 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1712 name (str):
1713 Required. The resource name of the
1714 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1715 in the format ``projects/*/secrets/*/versions/*``.
1716
1717 This corresponds to the ``name`` field
1718 on the ``request`` instance; if ``request`` is provided, this
1719 should not be set.
1720 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1721 should be retried.
1722 timeout (float): The timeout for this request.
1723 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1724 sent along with the request as metadata. Normally, each value must be of type `str`,
1725 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1726 be of type `bytes`.
1727
1728 Returns:
1729 google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse:
1730 Response message for
1731 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1732
1733 """
1734 # Create or coerce a protobuf request object.
1735 # - Quick check: If we got a request object, we should *not* have
1736 # gotten any keyword arguments that map to the request.
1737 has_flattened_params = any([name])
1738 if request is not None and has_flattened_params:
1739 raise ValueError(
1740 "If the `request` argument is set, then none of "
1741 "the individual field arguments should be set."
1742 )
1743
1744 # - Use the request object if provided (there's no risk of modifying the input as
1745 # there are no flattened fields), or create one.
1746 if not isinstance(request, service.AccessSecretVersionRequest):
1747 request = service.AccessSecretVersionRequest(request)
1748 # If we have keyword arguments corresponding to fields on the
1749 # request, apply these.
1750 if name is not None:
1751 request.name = name
1752
1753 # Wrap the RPC method; this adds retry and timeout information,
1754 # and friendly error handling.
1755 rpc = self._transport._wrapped_methods[self._transport.access_secret_version]
1756
1757 # Certain fields should be provided within the metadata header;
1758 # add these here.
1759 metadata = tuple(metadata) + (
1760 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1761 )
1762
1763 # Validate the universe domain.
1764 self._validate_universe_domain()
1765
1766 # Send the request.
1767 response = rpc(
1768 request,
1769 retry=retry,
1770 timeout=timeout,
1771 metadata=metadata,
1772 )
1773
1774 # Done; return the response.
1775 return response
1776
1777 def disable_secret_version(
1778 self,
1779 request: Optional[Union[service.DisableSecretVersionRequest, dict]] = None,
1780 *,
1781 name: Optional[str] = None,
1782 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1783 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1784 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1785 ) -> resources.SecretVersion:
1786 r"""Disables a
1787 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1788
1789 Sets the
1790 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1791 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1792 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
1793
1794 .. code-block:: python
1795
1796 # This snippet has been automatically generated and should be regarded as a
1797 # code template only.
1798 # It will require modifications to work:
1799 # - It may require correct/in-range values for request initialization.
1800 # - It may require specifying regional endpoints when creating the service
1801 # client as shown in:
1802 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1803 from google.cloud import secretmanager_v1beta1
1804
1805 def sample_disable_secret_version():
1806 # Create a client
1807 client = secretmanager_v1beta1.SecretManagerServiceClient()
1808
1809 # Initialize request argument(s)
1810 request = secretmanager_v1beta1.DisableSecretVersionRequest(
1811 name="name_value",
1812 )
1813
1814 # Make the request
1815 response = client.disable_secret_version(request=request)
1816
1817 # Handle the response
1818 print(response)
1819
1820 Args:
1821 request (Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]):
1822 The request object. Request message for
1823 [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion].
1824 name (str):
1825 Required. The resource name of the
1826 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1827 to disable in the format
1828 ``projects/*/secrets/*/versions/*``.
1829
1830 This corresponds to the ``name`` field
1831 on the ``request`` instance; if ``request`` is provided, this
1832 should not be set.
1833 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1834 should be retried.
1835 timeout (float): The timeout for this request.
1836 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1837 sent along with the request as metadata. Normally, each value must be of type `str`,
1838 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1839 be of type `bytes`.
1840
1841 Returns:
1842 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1843 A secret version resource in the
1844 Secret Manager API.
1845
1846 """
1847 # Create or coerce a protobuf request object.
1848 # - Quick check: If we got a request object, we should *not* have
1849 # gotten any keyword arguments that map to the request.
1850 has_flattened_params = any([name])
1851 if request is not None and has_flattened_params:
1852 raise ValueError(
1853 "If the `request` argument is set, then none of "
1854 "the individual field arguments should be set."
1855 )
1856
1857 # - Use the request object if provided (there's no risk of modifying the input as
1858 # there are no flattened fields), or create one.
1859 if not isinstance(request, service.DisableSecretVersionRequest):
1860 request = service.DisableSecretVersionRequest(request)
1861 # If we have keyword arguments corresponding to fields on the
1862 # request, apply these.
1863 if name is not None:
1864 request.name = name
1865
1866 # Wrap the RPC method; this adds retry and timeout information,
1867 # and friendly error handling.
1868 rpc = self._transport._wrapped_methods[self._transport.disable_secret_version]
1869
1870 # Certain fields should be provided within the metadata header;
1871 # add these here.
1872 metadata = tuple(metadata) + (
1873 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1874 )
1875
1876 # Validate the universe domain.
1877 self._validate_universe_domain()
1878
1879 # Send the request.
1880 response = rpc(
1881 request,
1882 retry=retry,
1883 timeout=timeout,
1884 metadata=metadata,
1885 )
1886
1887 # Done; return the response.
1888 return response
1889
1890 def enable_secret_version(
1891 self,
1892 request: Optional[Union[service.EnableSecretVersionRequest, dict]] = None,
1893 *,
1894 name: Optional[str] = None,
1895 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1896 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1897 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1898 ) -> resources.SecretVersion:
1899 r"""Enables a
1900 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1901
1902 Sets the
1903 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1904 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1905 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
1906
1907 .. code-block:: python
1908
1909 # This snippet has been automatically generated and should be regarded as a
1910 # code template only.
1911 # It will require modifications to work:
1912 # - It may require correct/in-range values for request initialization.
1913 # - It may require specifying regional endpoints when creating the service
1914 # client as shown in:
1915 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1916 from google.cloud import secretmanager_v1beta1
1917
1918 def sample_enable_secret_version():
1919 # Create a client
1920 client = secretmanager_v1beta1.SecretManagerServiceClient()
1921
1922 # Initialize request argument(s)
1923 request = secretmanager_v1beta1.EnableSecretVersionRequest(
1924 name="name_value",
1925 )
1926
1927 # Make the request
1928 response = client.enable_secret_version(request=request)
1929
1930 # Handle the response
1931 print(response)
1932
1933 Args:
1934 request (Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]):
1935 The request object. Request message for
1936 [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion].
1937 name (str):
1938 Required. The resource name of the
1939 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1940 to enable in the format
1941 ``projects/*/secrets/*/versions/*``.
1942
1943 This corresponds to the ``name`` field
1944 on the ``request`` instance; if ``request`` is provided, this
1945 should not be set.
1946 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1947 should be retried.
1948 timeout (float): The timeout for this request.
1949 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1950 sent along with the request as metadata. Normally, each value must be of type `str`,
1951 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1952 be of type `bytes`.
1953
1954 Returns:
1955 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1956 A secret version resource in the
1957 Secret Manager API.
1958
1959 """
1960 # Create or coerce a protobuf request object.
1961 # - Quick check: If we got a request object, we should *not* have
1962 # gotten any keyword arguments that map to the request.
1963 has_flattened_params = any([name])
1964 if request is not None and has_flattened_params:
1965 raise ValueError(
1966 "If the `request` argument is set, then none of "
1967 "the individual field arguments should be set."
1968 )
1969
1970 # - Use the request object if provided (there's no risk of modifying the input as
1971 # there are no flattened fields), or create one.
1972 if not isinstance(request, service.EnableSecretVersionRequest):
1973 request = service.EnableSecretVersionRequest(request)
1974 # If we have keyword arguments corresponding to fields on the
1975 # request, apply these.
1976 if name is not None:
1977 request.name = name
1978
1979 # Wrap the RPC method; this adds retry and timeout information,
1980 # and friendly error handling.
1981 rpc = self._transport._wrapped_methods[self._transport.enable_secret_version]
1982
1983 # Certain fields should be provided within the metadata header;
1984 # add these here.
1985 metadata = tuple(metadata) + (
1986 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1987 )
1988
1989 # Validate the universe domain.
1990 self._validate_universe_domain()
1991
1992 # Send the request.
1993 response = rpc(
1994 request,
1995 retry=retry,
1996 timeout=timeout,
1997 metadata=metadata,
1998 )
1999
2000 # Done; return the response.
2001 return response
2002
2003 def destroy_secret_version(
2004 self,
2005 request: Optional[Union[service.DestroySecretVersionRequest, dict]] = None,
2006 *,
2007 name: Optional[str] = None,
2008 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2009 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2010 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2011 ) -> resources.SecretVersion:
2012 r"""Destroys a
2013 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
2014
2015 Sets the
2016 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
2017 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
2018 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
2019 and irrevocably destroys the secret data.
2020
2021 .. code-block:: python
2022
2023 # This snippet has been automatically generated and should be regarded as a
2024 # code template only.
2025 # It will require modifications to work:
2026 # - It may require correct/in-range values for request initialization.
2027 # - It may require specifying regional endpoints when creating the service
2028 # client as shown in:
2029 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2030 from google.cloud import secretmanager_v1beta1
2031
2032 def sample_destroy_secret_version():
2033 # Create a client
2034 client = secretmanager_v1beta1.SecretManagerServiceClient()
2035
2036 # Initialize request argument(s)
2037 request = secretmanager_v1beta1.DestroySecretVersionRequest(
2038 name="name_value",
2039 )
2040
2041 # Make the request
2042 response = client.destroy_secret_version(request=request)
2043
2044 # Handle the response
2045 print(response)
2046
2047 Args:
2048 request (Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]):
2049 The request object. Request message for
2050 [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion].
2051 name (str):
2052 Required. The resource name of the
2053 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
2054 to destroy in the format
2055 ``projects/*/secrets/*/versions/*``.
2056
2057 This corresponds to the ``name`` field
2058 on the ``request`` instance; if ``request`` is provided, this
2059 should not be set.
2060 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2061 should be retried.
2062 timeout (float): The timeout for this request.
2063 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2064 sent along with the request as metadata. Normally, each value must be of type `str`,
2065 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2066 be of type `bytes`.
2067
2068 Returns:
2069 google.cloud.secretmanager_v1beta1.types.SecretVersion:
2070 A secret version resource in the
2071 Secret Manager API.
2072
2073 """
2074 # Create or coerce a protobuf request object.
2075 # - Quick check: If we got a request object, we should *not* have
2076 # gotten any keyword arguments that map to the request.
2077 has_flattened_params = any([name])
2078 if request is not None and has_flattened_params:
2079 raise ValueError(
2080 "If the `request` argument is set, then none of "
2081 "the individual field arguments should be set."
2082 )
2083
2084 # - Use the request object if provided (there's no risk of modifying the input as
2085 # there are no flattened fields), or create one.
2086 if not isinstance(request, service.DestroySecretVersionRequest):
2087 request = service.DestroySecretVersionRequest(request)
2088 # If we have keyword arguments corresponding to fields on the
2089 # request, apply these.
2090 if name is not None:
2091 request.name = name
2092
2093 # Wrap the RPC method; this adds retry and timeout information,
2094 # and friendly error handling.
2095 rpc = self._transport._wrapped_methods[self._transport.destroy_secret_version]
2096
2097 # Certain fields should be provided within the metadata header;
2098 # add these here.
2099 metadata = tuple(metadata) + (
2100 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
2101 )
2102
2103 # Validate the universe domain.
2104 self._validate_universe_domain()
2105
2106 # Send the request.
2107 response = rpc(
2108 request,
2109 retry=retry,
2110 timeout=timeout,
2111 metadata=metadata,
2112 )
2113
2114 # Done; return the response.
2115 return response
2116
2117 def set_iam_policy(
2118 self,
2119 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None,
2120 *,
2121 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2122 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2123 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2124 ) -> policy_pb2.Policy:
2125 r"""Sets the access control policy on the specified secret. Replaces
2126 any existing policy.
2127
2128 Permissions on
2129 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
2130 enforced according to the policy set on the associated
2131 [Secret][google.cloud.secrets.v1beta1.Secret].
2132
2133 .. code-block:: python
2134
2135 # This snippet has been automatically generated and should be regarded as a
2136 # code template only.
2137 # It will require modifications to work:
2138 # - It may require correct/in-range values for request initialization.
2139 # - It may require specifying regional endpoints when creating the service
2140 # client as shown in:
2141 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2142 from google.cloud import secretmanager_v1beta1
2143 from google.iam.v1 import iam_policy_pb2 # type: ignore
2144
2145 def sample_set_iam_policy():
2146 # Create a client
2147 client = secretmanager_v1beta1.SecretManagerServiceClient()
2148
2149 # Initialize request argument(s)
2150 request = iam_policy_pb2.SetIamPolicyRequest(
2151 resource="resource_value",
2152 )
2153
2154 # Make the request
2155 response = client.set_iam_policy(request=request)
2156
2157 # Handle the response
2158 print(response)
2159
2160 Args:
2161 request (Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]):
2162 The request object. Request message for ``SetIamPolicy`` method.
2163 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2164 should be retried.
2165 timeout (float): The timeout for this request.
2166 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2167 sent along with the request as metadata. Normally, each value must be of type `str`,
2168 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2169 be of type `bytes`.
2170
2171 Returns:
2172 google.iam.v1.policy_pb2.Policy:
2173 An Identity and Access Management (IAM) policy, which specifies access
2174 controls for Google Cloud resources.
2175
2176 A Policy is a collection of bindings. A binding binds
2177 one or more members, or principals, to a single role.
2178 Principals can be user accounts, service accounts,
2179 Google groups, and domains (such as G Suite). A role
2180 is a named list of permissions; each role can be an
2181 IAM predefined role or a user-created custom role.
2182
2183 For some types of Google Cloud resources, a binding
2184 can also specify a condition, which is a logical
2185 expression that allows access to a resource only if
2186 the expression evaluates to true. A condition can add
2187 constraints based on attributes of the request, the
2188 resource, or both. To learn which resources support
2189 conditions in their IAM policies, see the [IAM
2190 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
2191
2192 **JSON example:**
2193
2194 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
2195
2196 **YAML example:**
2197
2198 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
2199
2200 For a description of IAM and its features, see the
2201 [IAM
2202 documentation](\ https://cloud.google.com/iam/docs/).
2203
2204 """
2205 # Create or coerce a protobuf request object.
2206 if isinstance(request, dict):
2207 # - The request isn't a proto-plus wrapped type,
2208 # so it must be constructed via keyword expansion.
2209 request = iam_policy_pb2.SetIamPolicyRequest(**request)
2210 elif not request:
2211 # Null request, just make one.
2212 request = iam_policy_pb2.SetIamPolicyRequest()
2213
2214 # Wrap the RPC method; this adds retry and timeout information,
2215 # and friendly error handling.
2216 rpc = self._transport._wrapped_methods[self._transport.set_iam_policy]
2217
2218 # Certain fields should be provided within the metadata header;
2219 # add these here.
2220 metadata = tuple(metadata) + (
2221 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2222 )
2223
2224 # Validate the universe domain.
2225 self._validate_universe_domain()
2226
2227 # Send the request.
2228 response = rpc(
2229 request,
2230 retry=retry,
2231 timeout=timeout,
2232 metadata=metadata,
2233 )
2234
2235 # Done; return the response.
2236 return response
2237
2238 def get_iam_policy(
2239 self,
2240 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None,
2241 *,
2242 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2243 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2244 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2245 ) -> policy_pb2.Policy:
2246 r"""Gets the access control policy for a secret.
2247 Returns empty policy if the secret exists and does not
2248 have a policy set.
2249
2250 .. code-block:: python
2251
2252 # This snippet has been automatically generated and should be regarded as a
2253 # code template only.
2254 # It will require modifications to work:
2255 # - It may require correct/in-range values for request initialization.
2256 # - It may require specifying regional endpoints when creating the service
2257 # client as shown in:
2258 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2259 from google.cloud import secretmanager_v1beta1
2260 from google.iam.v1 import iam_policy_pb2 # type: ignore
2261
2262 def sample_get_iam_policy():
2263 # Create a client
2264 client = secretmanager_v1beta1.SecretManagerServiceClient()
2265
2266 # Initialize request argument(s)
2267 request = iam_policy_pb2.GetIamPolicyRequest(
2268 resource="resource_value",
2269 )
2270
2271 # Make the request
2272 response = client.get_iam_policy(request=request)
2273
2274 # Handle the response
2275 print(response)
2276
2277 Args:
2278 request (Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]):
2279 The request object. Request message for ``GetIamPolicy`` method.
2280 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2281 should be retried.
2282 timeout (float): The timeout for this request.
2283 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2284 sent along with the request as metadata. Normally, each value must be of type `str`,
2285 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2286 be of type `bytes`.
2287
2288 Returns:
2289 google.iam.v1.policy_pb2.Policy:
2290 An Identity and Access Management (IAM) policy, which specifies access
2291 controls for Google Cloud resources.
2292
2293 A Policy is a collection of bindings. A binding binds
2294 one or more members, or principals, to a single role.
2295 Principals can be user accounts, service accounts,
2296 Google groups, and domains (such as G Suite). A role
2297 is a named list of permissions; each role can be an
2298 IAM predefined role or a user-created custom role.
2299
2300 For some types of Google Cloud resources, a binding
2301 can also specify a condition, which is a logical
2302 expression that allows access to a resource only if
2303 the expression evaluates to true. A condition can add
2304 constraints based on attributes of the request, the
2305 resource, or both. To learn which resources support
2306 conditions in their IAM policies, see the [IAM
2307 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
2308
2309 **JSON example:**
2310
2311 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
2312
2313 **YAML example:**
2314
2315 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
2316
2317 For a description of IAM and its features, see the
2318 [IAM
2319 documentation](\ https://cloud.google.com/iam/docs/).
2320
2321 """
2322 # Create or coerce a protobuf request object.
2323 if isinstance(request, dict):
2324 # - The request isn't a proto-plus wrapped type,
2325 # so it must be constructed via keyword expansion.
2326 request = iam_policy_pb2.GetIamPolicyRequest(**request)
2327 elif not request:
2328 # Null request, just make one.
2329 request = iam_policy_pb2.GetIamPolicyRequest()
2330
2331 # Wrap the RPC method; this adds retry and timeout information,
2332 # and friendly error handling.
2333 rpc = self._transport._wrapped_methods[self._transport.get_iam_policy]
2334
2335 # Certain fields should be provided within the metadata header;
2336 # add these here.
2337 metadata = tuple(metadata) + (
2338 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2339 )
2340
2341 # Validate the universe domain.
2342 self._validate_universe_domain()
2343
2344 # Send the request.
2345 response = rpc(
2346 request,
2347 retry=retry,
2348 timeout=timeout,
2349 metadata=metadata,
2350 )
2351
2352 # Done; return the response.
2353 return response
2354
2355 def test_iam_permissions(
2356 self,
2357 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None,
2358 *,
2359 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2360 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2361 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2362 ) -> iam_policy_pb2.TestIamPermissionsResponse:
2363 r"""Returns permissions that a caller has for the specified secret.
2364 If the secret does not exist, this call returns an empty set of
2365 permissions, not a NOT_FOUND error.
2366
2367 Note: This operation is designed to be used for building
2368 permission-aware UIs and command-line tools, not for
2369 authorization checking. This operation may "fail open" without
2370 warning.
2371
2372 .. code-block:: python
2373
2374 # This snippet has been automatically generated and should be regarded as a
2375 # code template only.
2376 # It will require modifications to work:
2377 # - It may require correct/in-range values for request initialization.
2378 # - It may require specifying regional endpoints when creating the service
2379 # client as shown in:
2380 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2381 from google.cloud import secretmanager_v1beta1
2382 from google.iam.v1 import iam_policy_pb2 # type: ignore
2383
2384 def sample_test_iam_permissions():
2385 # Create a client
2386 client = secretmanager_v1beta1.SecretManagerServiceClient()
2387
2388 # Initialize request argument(s)
2389 request = iam_policy_pb2.TestIamPermissionsRequest(
2390 resource="resource_value",
2391 permissions=['permissions_value1', 'permissions_value2'],
2392 )
2393
2394 # Make the request
2395 response = client.test_iam_permissions(request=request)
2396
2397 # Handle the response
2398 print(response)
2399
2400 Args:
2401 request (Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]):
2402 The request object. Request message for ``TestIamPermissions`` method.
2403 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2404 should be retried.
2405 timeout (float): The timeout for this request.
2406 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2407 sent along with the request as metadata. Normally, each value must be of type `str`,
2408 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2409 be of type `bytes`.
2410
2411 Returns:
2412 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
2413 Response message for TestIamPermissions method.
2414 """
2415 # Create or coerce a protobuf request object.
2416 if isinstance(request, dict):
2417 # - The request isn't a proto-plus wrapped type,
2418 # so it must be constructed via keyword expansion.
2419 request = iam_policy_pb2.TestIamPermissionsRequest(**request)
2420 elif not request:
2421 # Null request, just make one.
2422 request = iam_policy_pb2.TestIamPermissionsRequest()
2423
2424 # Wrap the RPC method; this adds retry and timeout information,
2425 # and friendly error handling.
2426 rpc = self._transport._wrapped_methods[self._transport.test_iam_permissions]
2427
2428 # Certain fields should be provided within the metadata header;
2429 # add these here.
2430 metadata = tuple(metadata) + (
2431 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2432 )
2433
2434 # Validate the universe domain.
2435 self._validate_universe_domain()
2436
2437 # Send the request.
2438 response = rpc(
2439 request,
2440 retry=retry,
2441 timeout=timeout,
2442 metadata=metadata,
2443 )
2444
2445 # Done; return the response.
2446 return response
2447
2448 def __enter__(self) -> "SecretManagerServiceClient":
2449 return self
2450
2451 def __exit__(self, type, value, traceback):
2452 """Releases underlying transport's resources.
2453
2454 .. warning::
2455 ONLY use as a context manager if the transport is NOT shared
2456 with other clients! Exiting the with block will CLOSE the transport
2457 and may cause errors in other clients!
2458 """
2459 self.transport.close()
2460
2461
2462DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
2463 gapic_version=package_version.__version__
2464)
2465
2466
2467__all__ = ("SecretManagerServiceClient",)