Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2024 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from collections import OrderedDict
17import logging as std_logging
18import os
19import re
20from typing import (
21 Callable,
22 Dict,
23 Mapping,
24 MutableMapping,
25 MutableSequence,
26 Optional,
27 Sequence,
28 Tuple,
29 Type,
30 Union,
31 cast,
32)
33import warnings
35from google.api_core import client_options as client_options_lib
36from google.api_core import exceptions as core_exceptions
37from google.api_core import gapic_v1
38from google.api_core import retry as retries
39from google.auth import credentials as ga_credentials # type: ignore
40from google.auth.exceptions import MutualTLSChannelError # type: ignore
41from google.auth.transport import mtls # type: ignore
42from google.auth.transport.grpc import SslCredentials # type: ignore
43from google.oauth2 import service_account # type: ignore
45from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
47try:
48 OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None]
49except AttributeError: # pragma: NO COVER
50 OptionalRetry = Union[retries.Retry, object, None] # type: ignore
52try:
53 from google.api_core import client_logging # type: ignore
55 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
56except ImportError: # pragma: NO COVER
57 CLIENT_LOGGING_SUPPORTED = False
59_LOGGER = std_logging.getLogger(__name__)
61from google.iam.v1 import iam_policy_pb2 # type: ignore
62from google.iam.v1 import policy_pb2 # type: ignore
63from google.protobuf import field_mask_pb2 # type: ignore
64from google.protobuf import timestamp_pb2 # type: ignore
66from google.cloud.secretmanager_v1beta1.services.secret_manager_service import pagers
67from google.cloud.secretmanager_v1beta1.types import resources, service
69from .transports.base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
70from .transports.grpc import SecretManagerServiceGrpcTransport
71from .transports.grpc_asyncio import SecretManagerServiceGrpcAsyncIOTransport
72from .transports.rest import SecretManagerServiceRestTransport
75class SecretManagerServiceClientMeta(type):
76 """Metaclass for the SecretManagerService client.
78 This provides class-level methods for building and retrieving
79 support objects (e.g. transport) without polluting the client instance
80 objects.
81 """
83 _transport_registry = (
84 OrderedDict()
85 ) # type: Dict[str, Type[SecretManagerServiceTransport]]
86 _transport_registry["grpc"] = SecretManagerServiceGrpcTransport
87 _transport_registry["grpc_asyncio"] = SecretManagerServiceGrpcAsyncIOTransport
88 _transport_registry["rest"] = SecretManagerServiceRestTransport
90 def get_transport_class(
91 cls,
92 label: Optional[str] = None,
93 ) -> Type[SecretManagerServiceTransport]:
94 """Returns an appropriate transport class.
96 Args:
97 label: The name of the desired transport. If none is
98 provided, then the first transport in the registry is used.
100 Returns:
101 The transport class to use.
102 """
103 # If a specific transport is requested, return that one.
104 if label:
105 return cls._transport_registry[label]
107 # No transport is requested; return the default (that is, the first one
108 # in the dictionary).
109 return next(iter(cls._transport_registry.values()))
112class SecretManagerServiceClient(metaclass=SecretManagerServiceClientMeta):
113 """Secret Manager Service
115 Manages secrets and operations using those secrets. Implements a
116 REST model with the following objects:
118 - [Secret][google.cloud.secrets.v1beta1.Secret]
119 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
120 """
122 @staticmethod
123 def _get_default_mtls_endpoint(api_endpoint):
124 """Converts api endpoint to mTLS endpoint.
126 Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to
127 "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively.
128 Args:
129 api_endpoint (Optional[str]): the api endpoint to convert.
130 Returns:
131 str: converted mTLS api endpoint.
132 """
133 if not api_endpoint:
134 return api_endpoint
136 mtls_endpoint_re = re.compile(
137 r"(?P<name>[^.]+)(?P<mtls>\.mtls)?(?P<sandbox>\.sandbox)?(?P<googledomain>\.googleapis\.com)?"
138 )
140 m = mtls_endpoint_re.match(api_endpoint)
141 name, mtls, sandbox, googledomain = m.groups()
142 if mtls or not googledomain:
143 return api_endpoint
145 if sandbox:
146 return api_endpoint.replace(
147 "sandbox.googleapis.com", "mtls.sandbox.googleapis.com"
148 )
150 return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com")
152 # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead.
153 DEFAULT_ENDPOINT = "secretmanager.googleapis.com"
154 DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore
155 DEFAULT_ENDPOINT
156 )
158 _DEFAULT_ENDPOINT_TEMPLATE = "secretmanager.{UNIVERSE_DOMAIN}"
159 _DEFAULT_UNIVERSE = "googleapis.com"
161 @classmethod
162 def from_service_account_info(cls, info: dict, *args, **kwargs):
163 """Creates an instance of this client using the provided credentials
164 info.
166 Args:
167 info (dict): The service account private key info.
168 args: Additional arguments to pass to the constructor.
169 kwargs: Additional arguments to pass to the constructor.
171 Returns:
172 SecretManagerServiceClient: The constructed client.
173 """
174 credentials = service_account.Credentials.from_service_account_info(info)
175 kwargs["credentials"] = credentials
176 return cls(*args, **kwargs)
178 @classmethod
179 def from_service_account_file(cls, filename: str, *args, **kwargs):
180 """Creates an instance of this client using the provided credentials
181 file.
183 Args:
184 filename (str): The path to the service account private key json
185 file.
186 args: Additional arguments to pass to the constructor.
187 kwargs: Additional arguments to pass to the constructor.
189 Returns:
190 SecretManagerServiceClient: The constructed client.
191 """
192 credentials = service_account.Credentials.from_service_account_file(filename)
193 kwargs["credentials"] = credentials
194 return cls(*args, **kwargs)
196 from_service_account_json = from_service_account_file
198 @property
199 def transport(self) -> SecretManagerServiceTransport:
200 """Returns the transport used by the client instance.
202 Returns:
203 SecretManagerServiceTransport: The transport used by the client
204 instance.
205 """
206 return self._transport
208 @staticmethod
209 def secret_path(
210 project: str,
211 secret: str,
212 ) -> str:
213 """Returns a fully-qualified secret string."""
214 return "projects/{project}/secrets/{secret}".format(
215 project=project,
216 secret=secret,
217 )
219 @staticmethod
220 def parse_secret_path(path: str) -> Dict[str, str]:
221 """Parses a secret path into its component segments."""
222 m = re.match(r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)$", path)
223 return m.groupdict() if m else {}
225 @staticmethod
226 def secret_version_path(
227 project: str,
228 secret: str,
229 secret_version: str,
230 ) -> str:
231 """Returns a fully-qualified secret_version string."""
232 return "projects/{project}/secrets/{secret}/versions/{secret_version}".format(
233 project=project,
234 secret=secret,
235 secret_version=secret_version,
236 )
238 @staticmethod
239 def parse_secret_version_path(path: str) -> Dict[str, str]:
240 """Parses a secret_version path into its component segments."""
241 m = re.match(
242 r"^projects/(?P<project>.+?)/secrets/(?P<secret>.+?)/versions/(?P<secret_version>.+?)$",
243 path,
244 )
245 return m.groupdict() if m else {}
247 @staticmethod
248 def common_billing_account_path(
249 billing_account: str,
250 ) -> str:
251 """Returns a fully-qualified billing_account string."""
252 return "billingAccounts/{billing_account}".format(
253 billing_account=billing_account,
254 )
256 @staticmethod
257 def parse_common_billing_account_path(path: str) -> Dict[str, str]:
258 """Parse a billing_account path into its component segments."""
259 m = re.match(r"^billingAccounts/(?P<billing_account>.+?)$", path)
260 return m.groupdict() if m else {}
262 @staticmethod
263 def common_folder_path(
264 folder: str,
265 ) -> str:
266 """Returns a fully-qualified folder string."""
267 return "folders/{folder}".format(
268 folder=folder,
269 )
271 @staticmethod
272 def parse_common_folder_path(path: str) -> Dict[str, str]:
273 """Parse a folder path into its component segments."""
274 m = re.match(r"^folders/(?P<folder>.+?)$", path)
275 return m.groupdict() if m else {}
277 @staticmethod
278 def common_organization_path(
279 organization: str,
280 ) -> str:
281 """Returns a fully-qualified organization string."""
282 return "organizations/{organization}".format(
283 organization=organization,
284 )
286 @staticmethod
287 def parse_common_organization_path(path: str) -> Dict[str, str]:
288 """Parse a organization path into its component segments."""
289 m = re.match(r"^organizations/(?P<organization>.+?)$", path)
290 return m.groupdict() if m else {}
292 @staticmethod
293 def common_project_path(
294 project: str,
295 ) -> str:
296 """Returns a fully-qualified project string."""
297 return "projects/{project}".format(
298 project=project,
299 )
301 @staticmethod
302 def parse_common_project_path(path: str) -> Dict[str, str]:
303 """Parse a project path into its component segments."""
304 m = re.match(r"^projects/(?P<project>.+?)$", path)
305 return m.groupdict() if m else {}
307 @staticmethod
308 def common_location_path(
309 project: str,
310 location: str,
311 ) -> str:
312 """Returns a fully-qualified location string."""
313 return "projects/{project}/locations/{location}".format(
314 project=project,
315 location=location,
316 )
318 @staticmethod
319 def parse_common_location_path(path: str) -> Dict[str, str]:
320 """Parse a location path into its component segments."""
321 m = re.match(r"^projects/(?P<project>.+?)/locations/(?P<location>.+?)$", path)
322 return m.groupdict() if m else {}
324 @classmethod
325 def get_mtls_endpoint_and_cert_source(
326 cls, client_options: Optional[client_options_lib.ClientOptions] = None
327 ):
328 """Deprecated. Return the API endpoint and client cert source for mutual TLS.
330 The client cert source is determined in the following order:
331 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
332 client cert source is None.
333 (2) if `client_options.client_cert_source` is provided, use the provided one; if the
334 default client cert source exists, use the default one; otherwise the client cert
335 source is None.
337 The API endpoint is determined in the following order:
338 (1) if `client_options.api_endpoint` if provided, use the provided one.
339 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
340 default mTLS endpoint; if the environment variable is "never", use the default API
341 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
342 use the default API endpoint.
344 More details can be found at https://google.aip.dev/auth/4114.
346 Args:
347 client_options (google.api_core.client_options.ClientOptions): Custom options for the
348 client. Only the `api_endpoint` and `client_cert_source` properties may be used
349 in this method.
351 Returns:
352 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
353 client cert source to use.
355 Raises:
356 google.auth.exceptions.MutualTLSChannelError: If any errors happen.
357 """
359 warnings.warn(
360 "get_mtls_endpoint_and_cert_source is deprecated. Use the api_endpoint property instead.",
361 DeprecationWarning,
362 )
363 if client_options is None:
364 client_options = client_options_lib.ClientOptions()
365 use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false")
366 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")
367 if use_client_cert not in ("true", "false"):
368 raise ValueError(
369 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
370 )
371 if use_mtls_endpoint not in ("auto", "never", "always"):
372 raise MutualTLSChannelError(
373 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
374 )
376 # Figure out the client cert source to use.
377 client_cert_source = None
378 if use_client_cert == "true":
379 if client_options.client_cert_source:
380 client_cert_source = client_options.client_cert_source
381 elif mtls.has_default_client_cert_source():
382 client_cert_source = mtls.default_client_cert_source()
384 # Figure out which api endpoint to use.
385 if client_options.api_endpoint is not None:
386 api_endpoint = client_options.api_endpoint
387 elif use_mtls_endpoint == "always" or (
388 use_mtls_endpoint == "auto" and client_cert_source
389 ):
390 api_endpoint = cls.DEFAULT_MTLS_ENDPOINT
391 else:
392 api_endpoint = cls.DEFAULT_ENDPOINT
394 return api_endpoint, client_cert_source
396 @staticmethod
397 def _read_environment_variables():
398 """Returns the environment variables used by the client.
400 Returns:
401 Tuple[bool, str, str]: returns the GOOGLE_API_USE_CLIENT_CERTIFICATE,
402 GOOGLE_API_USE_MTLS_ENDPOINT, and GOOGLE_CLOUD_UNIVERSE_DOMAIN environment variables.
404 Raises:
405 ValueError: If GOOGLE_API_USE_CLIENT_CERTIFICATE is not
406 any of ["true", "false"].
407 google.auth.exceptions.MutualTLSChannelError: If GOOGLE_API_USE_MTLS_ENDPOINT
408 is not any of ["auto", "never", "always"].
409 """
410 use_client_cert = os.getenv(
411 "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
412 ).lower()
413 use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower()
414 universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN")
415 if use_client_cert not in ("true", "false"):
416 raise ValueError(
417 "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`"
418 )
419 if use_mtls_endpoint not in ("auto", "never", "always"):
420 raise MutualTLSChannelError(
421 "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`"
422 )
423 return use_client_cert == "true", use_mtls_endpoint, universe_domain_env
425 @staticmethod
426 def _get_client_cert_source(provided_cert_source, use_cert_flag):
427 """Return the client cert source to be used by the client.
429 Args:
430 provided_cert_source (bytes): The client certificate source provided.
431 use_cert_flag (bool): A flag indicating whether to use the client certificate.
433 Returns:
434 bytes or None: The client cert source to be used by the client.
435 """
436 client_cert_source = None
437 if use_cert_flag:
438 if provided_cert_source:
439 client_cert_source = provided_cert_source
440 elif mtls.has_default_client_cert_source():
441 client_cert_source = mtls.default_client_cert_source()
442 return client_cert_source
444 @staticmethod
445 def _get_api_endpoint(
446 api_override, client_cert_source, universe_domain, use_mtls_endpoint
447 ):
448 """Return the API endpoint used by the client.
450 Args:
451 api_override (str): The API endpoint override. If specified, this is always
452 the return value of this function and the other arguments are not used.
453 client_cert_source (bytes): The client certificate source used by the client.
454 universe_domain (str): The universe domain used by the client.
455 use_mtls_endpoint (str): How to use the mTLS endpoint, which depends also on the other parameters.
456 Possible values are "always", "auto", or "never".
458 Returns:
459 str: The API endpoint to be used by the client.
460 """
461 if api_override is not None:
462 api_endpoint = api_override
463 elif use_mtls_endpoint == "always" or (
464 use_mtls_endpoint == "auto" and client_cert_source
465 ):
466 _default_universe = SecretManagerServiceClient._DEFAULT_UNIVERSE
467 if universe_domain != _default_universe:
468 raise MutualTLSChannelError(
469 f"mTLS is not supported in any universe other than {_default_universe}."
470 )
471 api_endpoint = SecretManagerServiceClient.DEFAULT_MTLS_ENDPOINT
472 else:
473 api_endpoint = SecretManagerServiceClient._DEFAULT_ENDPOINT_TEMPLATE.format(
474 UNIVERSE_DOMAIN=universe_domain
475 )
476 return api_endpoint
478 @staticmethod
479 def _get_universe_domain(
480 client_universe_domain: Optional[str], universe_domain_env: Optional[str]
481 ) -> str:
482 """Return the universe domain used by the client.
484 Args:
485 client_universe_domain (Optional[str]): The universe domain configured via the client options.
486 universe_domain_env (Optional[str]): The universe domain configured via the "GOOGLE_CLOUD_UNIVERSE_DOMAIN" environment variable.
488 Returns:
489 str: The universe domain to be used by the client.
491 Raises:
492 ValueError: If the universe domain is an empty string.
493 """
494 universe_domain = SecretManagerServiceClient._DEFAULT_UNIVERSE
495 if client_universe_domain is not None:
496 universe_domain = client_universe_domain
497 elif universe_domain_env is not None:
498 universe_domain = universe_domain_env
499 if len(universe_domain.strip()) == 0:
500 raise ValueError("Universe Domain cannot be an empty string.")
501 return universe_domain
503 def _validate_universe_domain(self):
504 """Validates client's and credentials' universe domains are consistent.
506 Returns:
507 bool: True iff the configured universe domain is valid.
509 Raises:
510 ValueError: If the configured universe domain is not valid.
511 """
513 # NOTE (b/349488459): universe validation is disabled until further notice.
514 return True
516 @property
517 def api_endpoint(self):
518 """Return the API endpoint used by the client instance.
520 Returns:
521 str: The API endpoint used by the client instance.
522 """
523 return self._api_endpoint
525 @property
526 def universe_domain(self) -> str:
527 """Return the universe domain used by the client instance.
529 Returns:
530 str: The universe domain used by the client instance.
531 """
532 return self._universe_domain
534 def __init__(
535 self,
536 *,
537 credentials: Optional[ga_credentials.Credentials] = None,
538 transport: Optional[
539 Union[
540 str,
541 SecretManagerServiceTransport,
542 Callable[..., SecretManagerServiceTransport],
543 ]
544 ] = None,
545 client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None,
546 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
547 ) -> None:
548 """Instantiates the secret manager service client.
550 Args:
551 credentials (Optional[google.auth.credentials.Credentials]): The
552 authorization credentials to attach to requests. These
553 credentials identify the application to the service; if none
554 are specified, the client will attempt to ascertain the
555 credentials from the environment.
556 transport (Optional[Union[str,SecretManagerServiceTransport,Callable[..., SecretManagerServiceTransport]]]):
557 The transport to use, or a Callable that constructs and returns a new transport.
558 If a Callable is given, it will be called with the same set of initialization
559 arguments as used in the SecretManagerServiceTransport constructor.
560 If set to None, a transport is chosen automatically.
561 client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]):
562 Custom options for the client.
564 1. The ``api_endpoint`` property can be used to override the
565 default endpoint provided by the client when ``transport`` is
566 not explicitly provided. Only if this property is not set and
567 ``transport`` was not explicitly provided, the endpoint is
568 determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment
569 variable, which have one of the following values:
570 "always" (always use the default mTLS endpoint), "never" (always
571 use the default regular endpoint) and "auto" (auto-switch to the
572 default mTLS endpoint if client certificate is present; this is
573 the default value).
575 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
576 is "true", then the ``client_cert_source`` property can be used
577 to provide a client certificate for mTLS transport. If
578 not provided, the default SSL client certificate will be used if
579 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
580 set, no client certificate will be used.
582 3. The ``universe_domain`` property can be used to override the
583 default "googleapis.com" universe. Note that the ``api_endpoint``
584 property still takes precedence; and ``universe_domain`` is
585 currently not supported for mTLS.
587 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
588 The client info used to send a user-agent string along with
589 API requests. If ``None``, then default info will be used.
590 Generally, you only need to set this if you're developing
591 your own client library.
593 Raises:
594 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
595 creation failed for any reason.
596 """
597 self._client_options = client_options
598 if isinstance(self._client_options, dict):
599 self._client_options = client_options_lib.from_dict(self._client_options)
600 if self._client_options is None:
601 self._client_options = client_options_lib.ClientOptions()
602 self._client_options = cast(
603 client_options_lib.ClientOptions, self._client_options
604 )
606 universe_domain_opt = getattr(self._client_options, "universe_domain", None)
608 (
609 self._use_client_cert,
610 self._use_mtls_endpoint,
611 self._universe_domain_env,
612 ) = SecretManagerServiceClient._read_environment_variables()
613 self._client_cert_source = SecretManagerServiceClient._get_client_cert_source(
614 self._client_options.client_cert_source, self._use_client_cert
615 )
616 self._universe_domain = SecretManagerServiceClient._get_universe_domain(
617 universe_domain_opt, self._universe_domain_env
618 )
619 self._api_endpoint = None # updated below, depending on `transport`
621 # Initialize the universe domain validation.
622 self._is_universe_domain_valid = False
624 if CLIENT_LOGGING_SUPPORTED: # pragma: NO COVER
625 # Setup logging.
626 client_logging.initialize_logging()
628 api_key_value = getattr(self._client_options, "api_key", None)
629 if api_key_value and credentials:
630 raise ValueError(
631 "client_options.api_key and credentials are mutually exclusive"
632 )
634 # Save or instantiate the transport.
635 # Ordinarily, we provide the transport, but allowing a custom transport
636 # instance provides an extensibility point for unusual situations.
637 transport_provided = isinstance(transport, SecretManagerServiceTransport)
638 if transport_provided:
639 # transport is a SecretManagerServiceTransport instance.
640 if credentials or self._client_options.credentials_file or api_key_value:
641 raise ValueError(
642 "When providing a transport instance, "
643 "provide its credentials directly."
644 )
645 if self._client_options.scopes:
646 raise ValueError(
647 "When providing a transport instance, provide its scopes "
648 "directly."
649 )
650 self._transport = cast(SecretManagerServiceTransport, transport)
651 self._api_endpoint = self._transport.host
653 self._api_endpoint = (
654 self._api_endpoint
655 or SecretManagerServiceClient._get_api_endpoint(
656 self._client_options.api_endpoint,
657 self._client_cert_source,
658 self._universe_domain,
659 self._use_mtls_endpoint,
660 )
661 )
663 if not transport_provided:
664 import google.auth._default # type: ignore
666 if api_key_value and hasattr(
667 google.auth._default, "get_api_key_credentials"
668 ):
669 credentials = google.auth._default.get_api_key_credentials(
670 api_key_value
671 )
673 transport_init: Union[
674 Type[SecretManagerServiceTransport],
675 Callable[..., SecretManagerServiceTransport],
676 ] = (
677 SecretManagerServiceClient.get_transport_class(transport)
678 if isinstance(transport, str) or transport is None
679 else cast(Callable[..., SecretManagerServiceTransport], transport)
680 )
681 # initialize with the provided callable or the passed in class
682 self._transport = transport_init(
683 credentials=credentials,
684 credentials_file=self._client_options.credentials_file,
685 host=self._api_endpoint,
686 scopes=self._client_options.scopes,
687 client_cert_source_for_mtls=self._client_cert_source,
688 quota_project_id=self._client_options.quota_project_id,
689 client_info=client_info,
690 always_use_jwt_access=True,
691 api_audience=self._client_options.api_audience,
692 )
694 if "async" not in str(self._transport):
695 if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
696 std_logging.DEBUG
697 ): # pragma: NO COVER
698 _LOGGER.debug(
699 "Created client `google.cloud.secrets_v1beta1.SecretManagerServiceClient`.",
700 extra={
701 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
702 "universeDomain": getattr(
703 self._transport._credentials, "universe_domain", ""
704 ),
705 "credentialsType": f"{type(self._transport._credentials).__module__}.{type(self._transport._credentials).__qualname__}",
706 "credentialsInfo": getattr(
707 self.transport._credentials, "get_cred_info", lambda: None
708 )(),
709 }
710 if hasattr(self._transport, "_credentials")
711 else {
712 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
713 "credentialsType": None,
714 },
715 )
717 def list_secrets(
718 self,
719 request: Optional[Union[service.ListSecretsRequest, dict]] = None,
720 *,
721 parent: Optional[str] = None,
722 retry: OptionalRetry = gapic_v1.method.DEFAULT,
723 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
724 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
725 ) -> pagers.ListSecretsPager:
726 r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
728 .. code-block:: python
730 # This snippet has been automatically generated and should be regarded as a
731 # code template only.
732 # It will require modifications to work:
733 # - It may require correct/in-range values for request initialization.
734 # - It may require specifying regional endpoints when creating the service
735 # client as shown in:
736 # https://googleapis.dev/python/google-api-core/latest/client_options.html
737 from google.cloud import secretmanager_v1beta1
739 def sample_list_secrets():
740 # Create a client
741 client = secretmanager_v1beta1.SecretManagerServiceClient()
743 # Initialize request argument(s)
744 request = secretmanager_v1beta1.ListSecretsRequest(
745 parent="parent_value",
746 )
748 # Make the request
749 page_result = client.list_secrets(request=request)
751 # Handle the response
752 for response in page_result:
753 print(response)
755 Args:
756 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]):
757 The request object. Request message for
758 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
759 parent (str):
760 Required. The resource name of the project associated
761 with the [Secrets][google.cloud.secrets.v1beta1.Secret],
762 in the format ``projects/*``.
764 This corresponds to the ``parent`` field
765 on the ``request`` instance; if ``request`` is provided, this
766 should not be set.
767 retry (google.api_core.retry.Retry): Designation of what errors, if any,
768 should be retried.
769 timeout (float): The timeout for this request.
770 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
771 sent along with the request as metadata. Normally, each value must be of type `str`,
772 but for metadata keys ending with the suffix `-bin`, the corresponding values must
773 be of type `bytes`.
775 Returns:
776 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsPager:
777 Response message for
778 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
780 Iterating over this object will yield results and
781 resolve additional pages automatically.
783 """
784 # Create or coerce a protobuf request object.
785 # - Quick check: If we got a request object, we should *not* have
786 # gotten any keyword arguments that map to the request.
787 has_flattened_params = any([parent])
788 if request is not None and has_flattened_params:
789 raise ValueError(
790 "If the `request` argument is set, then none of "
791 "the individual field arguments should be set."
792 )
794 # - Use the request object if provided (there's no risk of modifying the input as
795 # there are no flattened fields), or create one.
796 if not isinstance(request, service.ListSecretsRequest):
797 request = service.ListSecretsRequest(request)
798 # If we have keyword arguments corresponding to fields on the
799 # request, apply these.
800 if parent is not None:
801 request.parent = parent
803 # Wrap the RPC method; this adds retry and timeout information,
804 # and friendly error handling.
805 rpc = self._transport._wrapped_methods[self._transport.list_secrets]
807 # Certain fields should be provided within the metadata header;
808 # add these here.
809 metadata = tuple(metadata) + (
810 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
811 )
813 # Validate the universe domain.
814 self._validate_universe_domain()
816 # Send the request.
817 response = rpc(
818 request,
819 retry=retry,
820 timeout=timeout,
821 metadata=metadata,
822 )
824 # This method is paged; wrap the response in a pager, which provides
825 # an `__iter__` convenience method.
826 response = pagers.ListSecretsPager(
827 method=rpc,
828 request=request,
829 response=response,
830 retry=retry,
831 timeout=timeout,
832 metadata=metadata,
833 )
835 # Done; return the response.
836 return response
838 def create_secret(
839 self,
840 request: Optional[Union[service.CreateSecretRequest, dict]] = None,
841 *,
842 parent: Optional[str] = None,
843 secret_id: Optional[str] = None,
844 secret: Optional[resources.Secret] = None,
845 retry: OptionalRetry = gapic_v1.method.DEFAULT,
846 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
847 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
848 ) -> resources.Secret:
849 r"""Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
850 containing no
851 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
853 .. code-block:: python
855 # This snippet has been automatically generated and should be regarded as a
856 # code template only.
857 # It will require modifications to work:
858 # - It may require correct/in-range values for request initialization.
859 # - It may require specifying regional endpoints when creating the service
860 # client as shown in:
861 # https://googleapis.dev/python/google-api-core/latest/client_options.html
862 from google.cloud import secretmanager_v1beta1
864 def sample_create_secret():
865 # Create a client
866 client = secretmanager_v1beta1.SecretManagerServiceClient()
868 # Initialize request argument(s)
869 request = secretmanager_v1beta1.CreateSecretRequest(
870 parent="parent_value",
871 secret_id="secret_id_value",
872 )
874 # Make the request
875 response = client.create_secret(request=request)
877 # Handle the response
878 print(response)
880 Args:
881 request (Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]):
882 The request object. Request message for
883 [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret].
884 parent (str):
885 Required. The resource name of the project to associate
886 with the [Secret][google.cloud.secrets.v1beta1.Secret],
887 in the format ``projects/*``.
889 This corresponds to the ``parent`` field
890 on the ``request`` instance; if ``request`` is provided, this
891 should not be set.
892 secret_id (str):
893 Required. This must be unique within the project.
895 A secret ID is a string with a maximum length of 255
896 characters and can contain uppercase and lowercase
897 letters, numerals, and the hyphen (``-``) and underscore
898 (``_``) characters.
900 This corresponds to the ``secret_id`` field
901 on the ``request`` instance; if ``request`` is provided, this
902 should not be set.
903 secret (google.cloud.secretmanager_v1beta1.types.Secret):
904 Required. A
905 [Secret][google.cloud.secrets.v1beta1.Secret] with
906 initial field values.
908 This corresponds to the ``secret`` field
909 on the ``request`` instance; if ``request`` is provided, this
910 should not be set.
911 retry (google.api_core.retry.Retry): Designation of what errors, if any,
912 should be retried.
913 timeout (float): The timeout for this request.
914 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
915 sent along with the request as metadata. Normally, each value must be of type `str`,
916 but for metadata keys ending with the suffix `-bin`, the corresponding values must
917 be of type `bytes`.
919 Returns:
920 google.cloud.secretmanager_v1beta1.types.Secret:
921 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
922 be accessed.
924 A [Secret][google.cloud.secrets.v1beta1.Secret] is
925 made up of zero or more
926 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
927 that represent the secret data.
929 """
930 # Create or coerce a protobuf request object.
931 # - Quick check: If we got a request object, we should *not* have
932 # gotten any keyword arguments that map to the request.
933 has_flattened_params = any([parent, secret_id, secret])
934 if request is not None and has_flattened_params:
935 raise ValueError(
936 "If the `request` argument is set, then none of "
937 "the individual field arguments should be set."
938 )
940 # - Use the request object if provided (there's no risk of modifying the input as
941 # there are no flattened fields), or create one.
942 if not isinstance(request, service.CreateSecretRequest):
943 request = service.CreateSecretRequest(request)
944 # If we have keyword arguments corresponding to fields on the
945 # request, apply these.
946 if parent is not None:
947 request.parent = parent
948 if secret_id is not None:
949 request.secret_id = secret_id
950 if secret is not None:
951 request.secret = secret
953 # Wrap the RPC method; this adds retry and timeout information,
954 # and friendly error handling.
955 rpc = self._transport._wrapped_methods[self._transport.create_secret]
957 # Certain fields should be provided within the metadata header;
958 # add these here.
959 metadata = tuple(metadata) + (
960 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
961 )
963 # Validate the universe domain.
964 self._validate_universe_domain()
966 # Send the request.
967 response = rpc(
968 request,
969 retry=retry,
970 timeout=timeout,
971 metadata=metadata,
972 )
974 # Done; return the response.
975 return response
977 def add_secret_version(
978 self,
979 request: Optional[Union[service.AddSecretVersionRequest, dict]] = None,
980 *,
981 parent: Optional[str] = None,
982 payload: Optional[resources.SecretPayload] = None,
983 retry: OptionalRetry = gapic_v1.method.DEFAULT,
984 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
985 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
986 ) -> resources.SecretVersion:
987 r"""Creates a new
988 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
989 containing secret data and attaches it to an existing
990 [Secret][google.cloud.secrets.v1beta1.Secret].
992 .. code-block:: python
994 # This snippet has been automatically generated and should be regarded as a
995 # code template only.
996 # It will require modifications to work:
997 # - It may require correct/in-range values for request initialization.
998 # - It may require specifying regional endpoints when creating the service
999 # client as shown in:
1000 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1001 from google.cloud import secretmanager_v1beta1
1003 def sample_add_secret_version():
1004 # Create a client
1005 client = secretmanager_v1beta1.SecretManagerServiceClient()
1007 # Initialize request argument(s)
1008 request = secretmanager_v1beta1.AddSecretVersionRequest(
1009 parent="parent_value",
1010 )
1012 # Make the request
1013 response = client.add_secret_version(request=request)
1015 # Handle the response
1016 print(response)
1018 Args:
1019 request (Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]):
1020 The request object. Request message for
1021 [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion].
1022 parent (str):
1023 Required. The resource name of the
1024 [Secret][google.cloud.secrets.v1beta1.Secret] to
1025 associate with the
1026 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1027 in the format ``projects/*/secrets/*``.
1029 This corresponds to the ``parent`` field
1030 on the ``request`` instance; if ``request`` is provided, this
1031 should not be set.
1032 payload (google.cloud.secretmanager_v1beta1.types.SecretPayload):
1033 Required. The secret payload of the
1034 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1036 This corresponds to the ``payload`` field
1037 on the ``request`` instance; if ``request`` is provided, this
1038 should not be set.
1039 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1040 should be retried.
1041 timeout (float): The timeout for this request.
1042 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1043 sent along with the request as metadata. Normally, each value must be of type `str`,
1044 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1045 be of type `bytes`.
1047 Returns:
1048 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1049 A secret version resource in the
1050 Secret Manager API.
1052 """
1053 # Create or coerce a protobuf request object.
1054 # - Quick check: If we got a request object, we should *not* have
1055 # gotten any keyword arguments that map to the request.
1056 has_flattened_params = any([parent, payload])
1057 if request is not None and has_flattened_params:
1058 raise ValueError(
1059 "If the `request` argument is set, then none of "
1060 "the individual field arguments should be set."
1061 )
1063 # - Use the request object if provided (there's no risk of modifying the input as
1064 # there are no flattened fields), or create one.
1065 if not isinstance(request, service.AddSecretVersionRequest):
1066 request = service.AddSecretVersionRequest(request)
1067 # If we have keyword arguments corresponding to fields on the
1068 # request, apply these.
1069 if parent is not None:
1070 request.parent = parent
1071 if payload is not None:
1072 request.payload = payload
1074 # Wrap the RPC method; this adds retry and timeout information,
1075 # and friendly error handling.
1076 rpc = self._transport._wrapped_methods[self._transport.add_secret_version]
1078 # Certain fields should be provided within the metadata header;
1079 # add these here.
1080 metadata = tuple(metadata) + (
1081 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1082 )
1084 # Validate the universe domain.
1085 self._validate_universe_domain()
1087 # Send the request.
1088 response = rpc(
1089 request,
1090 retry=retry,
1091 timeout=timeout,
1092 metadata=metadata,
1093 )
1095 # Done; return the response.
1096 return response
1098 def get_secret(
1099 self,
1100 request: Optional[Union[service.GetSecretRequest, dict]] = None,
1101 *,
1102 name: Optional[str] = None,
1103 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1104 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1105 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1106 ) -> resources.Secret:
1107 r"""Gets metadata for a given
1108 [Secret][google.cloud.secrets.v1beta1.Secret].
1110 .. code-block:: python
1112 # This snippet has been automatically generated and should be regarded as a
1113 # code template only.
1114 # It will require modifications to work:
1115 # - It may require correct/in-range values for request initialization.
1116 # - It may require specifying regional endpoints when creating the service
1117 # client as shown in:
1118 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1119 from google.cloud import secretmanager_v1beta1
1121 def sample_get_secret():
1122 # Create a client
1123 client = secretmanager_v1beta1.SecretManagerServiceClient()
1125 # Initialize request argument(s)
1126 request = secretmanager_v1beta1.GetSecretRequest(
1127 name="name_value",
1128 )
1130 # Make the request
1131 response = client.get_secret(request=request)
1133 # Handle the response
1134 print(response)
1136 Args:
1137 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]):
1138 The request object. Request message for
1139 [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret].
1140 name (str):
1141 Required. The resource name of the
1142 [Secret][google.cloud.secrets.v1beta1.Secret], in the
1143 format ``projects/*/secrets/*``.
1145 This corresponds to the ``name`` field
1146 on the ``request`` instance; if ``request`` is provided, this
1147 should not be set.
1148 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1149 should be retried.
1150 timeout (float): The timeout for this request.
1151 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1152 sent along with the request as metadata. Normally, each value must be of type `str`,
1153 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1154 be of type `bytes`.
1156 Returns:
1157 google.cloud.secretmanager_v1beta1.types.Secret:
1158 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
1159 be accessed.
1161 A [Secret][google.cloud.secrets.v1beta1.Secret] is
1162 made up of zero or more
1163 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1164 that represent the secret data.
1166 """
1167 # Create or coerce a protobuf request object.
1168 # - Quick check: If we got a request object, we should *not* have
1169 # gotten any keyword arguments that map to the request.
1170 has_flattened_params = any([name])
1171 if request is not None and has_flattened_params:
1172 raise ValueError(
1173 "If the `request` argument is set, then none of "
1174 "the individual field arguments should be set."
1175 )
1177 # - Use the request object if provided (there's no risk of modifying the input as
1178 # there are no flattened fields), or create one.
1179 if not isinstance(request, service.GetSecretRequest):
1180 request = service.GetSecretRequest(request)
1181 # If we have keyword arguments corresponding to fields on the
1182 # request, apply these.
1183 if name is not None:
1184 request.name = name
1186 # Wrap the RPC method; this adds retry and timeout information,
1187 # and friendly error handling.
1188 rpc = self._transport._wrapped_methods[self._transport.get_secret]
1190 # Certain fields should be provided within the metadata header;
1191 # add these here.
1192 metadata = tuple(metadata) + (
1193 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1194 )
1196 # Validate the universe domain.
1197 self._validate_universe_domain()
1199 # Send the request.
1200 response = rpc(
1201 request,
1202 retry=retry,
1203 timeout=timeout,
1204 metadata=metadata,
1205 )
1207 # Done; return the response.
1208 return response
1210 def update_secret(
1211 self,
1212 request: Optional[Union[service.UpdateSecretRequest, dict]] = None,
1213 *,
1214 secret: Optional[resources.Secret] = None,
1215 update_mask: Optional[field_mask_pb2.FieldMask] = None,
1216 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1217 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1218 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1219 ) -> resources.Secret:
1220 r"""Updates metadata of an existing
1221 [Secret][google.cloud.secrets.v1beta1.Secret].
1223 .. code-block:: python
1225 # This snippet has been automatically generated and should be regarded as a
1226 # code template only.
1227 # It will require modifications to work:
1228 # - It may require correct/in-range values for request initialization.
1229 # - It may require specifying regional endpoints when creating the service
1230 # client as shown in:
1231 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1232 from google.cloud import secretmanager_v1beta1
1234 def sample_update_secret():
1235 # Create a client
1236 client = secretmanager_v1beta1.SecretManagerServiceClient()
1238 # Initialize request argument(s)
1239 request = secretmanager_v1beta1.UpdateSecretRequest(
1240 )
1242 # Make the request
1243 response = client.update_secret(request=request)
1245 # Handle the response
1246 print(response)
1248 Args:
1249 request (Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]):
1250 The request object. Request message for
1251 [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret].
1252 secret (google.cloud.secretmanager_v1beta1.types.Secret):
1253 Required. [Secret][google.cloud.secrets.v1beta1.Secret]
1254 with updated field values.
1256 This corresponds to the ``secret`` field
1257 on the ``request`` instance; if ``request`` is provided, this
1258 should not be set.
1259 update_mask (google.protobuf.field_mask_pb2.FieldMask):
1260 Required. Specifies the fields to be
1261 updated.
1263 This corresponds to the ``update_mask`` field
1264 on the ``request`` instance; if ``request`` is provided, this
1265 should not be set.
1266 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1267 should be retried.
1268 timeout (float): The timeout for this request.
1269 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1270 sent along with the request as metadata. Normally, each value must be of type `str`,
1271 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1272 be of type `bytes`.
1274 Returns:
1275 google.cloud.secretmanager_v1beta1.types.Secret:
1276 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can
1277 be accessed.
1279 A [Secret][google.cloud.secrets.v1beta1.Secret] is
1280 made up of zero or more
1281 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1282 that represent the secret data.
1284 """
1285 # Create or coerce a protobuf request object.
1286 # - Quick check: If we got a request object, we should *not* have
1287 # gotten any keyword arguments that map to the request.
1288 has_flattened_params = any([secret, update_mask])
1289 if request is not None and has_flattened_params:
1290 raise ValueError(
1291 "If the `request` argument is set, then none of "
1292 "the individual field arguments should be set."
1293 )
1295 # - Use the request object if provided (there's no risk of modifying the input as
1296 # there are no flattened fields), or create one.
1297 if not isinstance(request, service.UpdateSecretRequest):
1298 request = service.UpdateSecretRequest(request)
1299 # If we have keyword arguments corresponding to fields on the
1300 # request, apply these.
1301 if secret is not None:
1302 request.secret = secret
1303 if update_mask is not None:
1304 request.update_mask = update_mask
1306 # Wrap the RPC method; this adds retry and timeout information,
1307 # and friendly error handling.
1308 rpc = self._transport._wrapped_methods[self._transport.update_secret]
1310 # Certain fields should be provided within the metadata header;
1311 # add these here.
1312 metadata = tuple(metadata) + (
1313 gapic_v1.routing_header.to_grpc_metadata(
1314 (("secret.name", request.secret.name),)
1315 ),
1316 )
1318 # Validate the universe domain.
1319 self._validate_universe_domain()
1321 # Send the request.
1322 response = rpc(
1323 request,
1324 retry=retry,
1325 timeout=timeout,
1326 metadata=metadata,
1327 )
1329 # Done; return the response.
1330 return response
1332 def delete_secret(
1333 self,
1334 request: Optional[Union[service.DeleteSecretRequest, dict]] = None,
1335 *,
1336 name: Optional[str] = None,
1337 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1338 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1339 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1340 ) -> None:
1341 r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
1343 .. code-block:: python
1345 # This snippet has been automatically generated and should be regarded as a
1346 # code template only.
1347 # It will require modifications to work:
1348 # - It may require correct/in-range values for request initialization.
1349 # - It may require specifying regional endpoints when creating the service
1350 # client as shown in:
1351 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1352 from google.cloud import secretmanager_v1beta1
1354 def sample_delete_secret():
1355 # Create a client
1356 client = secretmanager_v1beta1.SecretManagerServiceClient()
1358 # Initialize request argument(s)
1359 request = secretmanager_v1beta1.DeleteSecretRequest(
1360 name="name_value",
1361 )
1363 # Make the request
1364 client.delete_secret(request=request)
1366 Args:
1367 request (Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]):
1368 The request object. Request message for
1369 [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret].
1370 name (str):
1371 Required. The resource name of the
1372 [Secret][google.cloud.secrets.v1beta1.Secret] to delete
1373 in the format ``projects/*/secrets/*``.
1375 This corresponds to the ``name`` field
1376 on the ``request`` instance; if ``request`` is provided, this
1377 should not be set.
1378 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1379 should be retried.
1380 timeout (float): The timeout for this request.
1381 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1382 sent along with the request as metadata. Normally, each value must be of type `str`,
1383 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1384 be of type `bytes`.
1385 """
1386 # Create or coerce a protobuf request object.
1387 # - Quick check: If we got a request object, we should *not* have
1388 # gotten any keyword arguments that map to the request.
1389 has_flattened_params = any([name])
1390 if request is not None and has_flattened_params:
1391 raise ValueError(
1392 "If the `request` argument is set, then none of "
1393 "the individual field arguments should be set."
1394 )
1396 # - Use the request object if provided (there's no risk of modifying the input as
1397 # there are no flattened fields), or create one.
1398 if not isinstance(request, service.DeleteSecretRequest):
1399 request = service.DeleteSecretRequest(request)
1400 # If we have keyword arguments corresponding to fields on the
1401 # request, apply these.
1402 if name is not None:
1403 request.name = name
1405 # Wrap the RPC method; this adds retry and timeout information,
1406 # and friendly error handling.
1407 rpc = self._transport._wrapped_methods[self._transport.delete_secret]
1409 # Certain fields should be provided within the metadata header;
1410 # add these here.
1411 metadata = tuple(metadata) + (
1412 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1413 )
1415 # Validate the universe domain.
1416 self._validate_universe_domain()
1418 # Send the request.
1419 rpc(
1420 request,
1421 retry=retry,
1422 timeout=timeout,
1423 metadata=metadata,
1424 )
1426 def list_secret_versions(
1427 self,
1428 request: Optional[Union[service.ListSecretVersionsRequest, dict]] = None,
1429 *,
1430 parent: Optional[str] = None,
1431 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1432 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1433 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1434 ) -> pagers.ListSecretVersionsPager:
1435 r"""Lists
1436 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
1437 This call does not return secret data.
1439 .. code-block:: python
1441 # This snippet has been automatically generated and should be regarded as a
1442 # code template only.
1443 # It will require modifications to work:
1444 # - It may require correct/in-range values for request initialization.
1445 # - It may require specifying regional endpoints when creating the service
1446 # client as shown in:
1447 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1448 from google.cloud import secretmanager_v1beta1
1450 def sample_list_secret_versions():
1451 # Create a client
1452 client = secretmanager_v1beta1.SecretManagerServiceClient()
1454 # Initialize request argument(s)
1455 request = secretmanager_v1beta1.ListSecretVersionsRequest(
1456 parent="parent_value",
1457 )
1459 # Make the request
1460 page_result = client.list_secret_versions(request=request)
1462 # Handle the response
1463 for response in page_result:
1464 print(response)
1466 Args:
1467 request (Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]):
1468 The request object. Request message for
1469 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1470 parent (str):
1471 Required. The resource name of the
1472 [Secret][google.cloud.secrets.v1beta1.Secret] associated
1473 with the
1474 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1475 to list, in the format ``projects/*/secrets/*``.
1477 This corresponds to the ``parent`` field
1478 on the ``request`` instance; if ``request`` is provided, this
1479 should not be set.
1480 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1481 should be retried.
1482 timeout (float): The timeout for this request.
1483 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1484 sent along with the request as metadata. Normally, each value must be of type `str`,
1485 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1486 be of type `bytes`.
1488 Returns:
1489 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsPager:
1490 Response message for
1491 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1493 Iterating over this object will yield results and
1494 resolve additional pages automatically.
1496 """
1497 # Create or coerce a protobuf request object.
1498 # - Quick check: If we got a request object, we should *not* have
1499 # gotten any keyword arguments that map to the request.
1500 has_flattened_params = any([parent])
1501 if request is not None and has_flattened_params:
1502 raise ValueError(
1503 "If the `request` argument is set, then none of "
1504 "the individual field arguments should be set."
1505 )
1507 # - Use the request object if provided (there's no risk of modifying the input as
1508 # there are no flattened fields), or create one.
1509 if not isinstance(request, service.ListSecretVersionsRequest):
1510 request = service.ListSecretVersionsRequest(request)
1511 # If we have keyword arguments corresponding to fields on the
1512 # request, apply these.
1513 if parent is not None:
1514 request.parent = parent
1516 # Wrap the RPC method; this adds retry and timeout information,
1517 # and friendly error handling.
1518 rpc = self._transport._wrapped_methods[self._transport.list_secret_versions]
1520 # Certain fields should be provided within the metadata header;
1521 # add these here.
1522 metadata = tuple(metadata) + (
1523 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1524 )
1526 # Validate the universe domain.
1527 self._validate_universe_domain()
1529 # Send the request.
1530 response = rpc(
1531 request,
1532 retry=retry,
1533 timeout=timeout,
1534 metadata=metadata,
1535 )
1537 # This method is paged; wrap the response in a pager, which provides
1538 # an `__iter__` convenience method.
1539 response = pagers.ListSecretVersionsPager(
1540 method=rpc,
1541 request=request,
1542 response=response,
1543 retry=retry,
1544 timeout=timeout,
1545 metadata=metadata,
1546 )
1548 # Done; return the response.
1549 return response
1551 def get_secret_version(
1552 self,
1553 request: Optional[Union[service.GetSecretVersionRequest, dict]] = None,
1554 *,
1555 name: Optional[str] = None,
1556 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1557 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1558 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1559 ) -> resources.SecretVersion:
1560 r"""Gets metadata for a
1561 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1563 ``projects/*/secrets/*/versions/latest`` is an alias to the
1564 ``latest``
1565 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1567 .. code-block:: python
1569 # This snippet has been automatically generated and should be regarded as a
1570 # code template only.
1571 # It will require modifications to work:
1572 # - It may require correct/in-range values for request initialization.
1573 # - It may require specifying regional endpoints when creating the service
1574 # client as shown in:
1575 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1576 from google.cloud import secretmanager_v1beta1
1578 def sample_get_secret_version():
1579 # Create a client
1580 client = secretmanager_v1beta1.SecretManagerServiceClient()
1582 # Initialize request argument(s)
1583 request = secretmanager_v1beta1.GetSecretVersionRequest(
1584 name="name_value",
1585 )
1587 # Make the request
1588 response = client.get_secret_version(request=request)
1590 # Handle the response
1591 print(response)
1593 Args:
1594 request (Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]):
1595 The request object. Request message for
1596 [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion].
1597 name (str):
1598 Required. The resource name of the
1599 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1600 in the format ``projects/*/secrets/*/versions/*``.
1601 ``projects/*/secrets/*/versions/latest`` is an alias to
1602 the ``latest``
1603 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1605 This corresponds to the ``name`` field
1606 on the ``request`` instance; if ``request`` is provided, this
1607 should not be set.
1608 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1609 should be retried.
1610 timeout (float): The timeout for this request.
1611 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1612 sent along with the request as metadata. Normally, each value must be of type `str`,
1613 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1614 be of type `bytes`.
1616 Returns:
1617 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1618 A secret version resource in the
1619 Secret Manager API.
1621 """
1622 # Create or coerce a protobuf request object.
1623 # - Quick check: If we got a request object, we should *not* have
1624 # gotten any keyword arguments that map to the request.
1625 has_flattened_params = any([name])
1626 if request is not None and has_flattened_params:
1627 raise ValueError(
1628 "If the `request` argument is set, then none of "
1629 "the individual field arguments should be set."
1630 )
1632 # - Use the request object if provided (there's no risk of modifying the input as
1633 # there are no flattened fields), or create one.
1634 if not isinstance(request, service.GetSecretVersionRequest):
1635 request = service.GetSecretVersionRequest(request)
1636 # If we have keyword arguments corresponding to fields on the
1637 # request, apply these.
1638 if name is not None:
1639 request.name = name
1641 # Wrap the RPC method; this adds retry and timeout information,
1642 # and friendly error handling.
1643 rpc = self._transport._wrapped_methods[self._transport.get_secret_version]
1645 # Certain fields should be provided within the metadata header;
1646 # add these here.
1647 metadata = tuple(metadata) + (
1648 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1649 )
1651 # Validate the universe domain.
1652 self._validate_universe_domain()
1654 # Send the request.
1655 response = rpc(
1656 request,
1657 retry=retry,
1658 timeout=timeout,
1659 metadata=metadata,
1660 )
1662 # Done; return the response.
1663 return response
1665 def access_secret_version(
1666 self,
1667 request: Optional[Union[service.AccessSecretVersionRequest, dict]] = None,
1668 *,
1669 name: Optional[str] = None,
1670 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1671 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1672 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1673 ) -> service.AccessSecretVersionResponse:
1674 r"""Accesses a
1675 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1676 This call returns the secret data.
1678 ``projects/*/secrets/*/versions/latest`` is an alias to the
1679 ``latest``
1680 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1682 .. code-block:: python
1684 # This snippet has been automatically generated and should be regarded as a
1685 # code template only.
1686 # It will require modifications to work:
1687 # - It may require correct/in-range values for request initialization.
1688 # - It may require specifying regional endpoints when creating the service
1689 # client as shown in:
1690 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1691 from google.cloud import secretmanager_v1beta1
1693 def sample_access_secret_version():
1694 # Create a client
1695 client = secretmanager_v1beta1.SecretManagerServiceClient()
1697 # Initialize request argument(s)
1698 request = secretmanager_v1beta1.AccessSecretVersionRequest(
1699 name="name_value",
1700 )
1702 # Make the request
1703 response = client.access_secret_version(request=request)
1705 # Handle the response
1706 print(response)
1708 Args:
1709 request (Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]):
1710 The request object. Request message for
1711 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1712 name (str):
1713 Required. The resource name of the
1714 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1715 in the format ``projects/*/secrets/*/versions/*``.
1717 This corresponds to the ``name`` field
1718 on the ``request`` instance; if ``request`` is provided, this
1719 should not be set.
1720 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1721 should be retried.
1722 timeout (float): The timeout for this request.
1723 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1724 sent along with the request as metadata. Normally, each value must be of type `str`,
1725 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1726 be of type `bytes`.
1728 Returns:
1729 google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse:
1730 Response message for
1731 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1733 """
1734 # Create or coerce a protobuf request object.
1735 # - Quick check: If we got a request object, we should *not* have
1736 # gotten any keyword arguments that map to the request.
1737 has_flattened_params = any([name])
1738 if request is not None and has_flattened_params:
1739 raise ValueError(
1740 "If the `request` argument is set, then none of "
1741 "the individual field arguments should be set."
1742 )
1744 # - Use the request object if provided (there's no risk of modifying the input as
1745 # there are no flattened fields), or create one.
1746 if not isinstance(request, service.AccessSecretVersionRequest):
1747 request = service.AccessSecretVersionRequest(request)
1748 # If we have keyword arguments corresponding to fields on the
1749 # request, apply these.
1750 if name is not None:
1751 request.name = name
1753 # Wrap the RPC method; this adds retry and timeout information,
1754 # and friendly error handling.
1755 rpc = self._transport._wrapped_methods[self._transport.access_secret_version]
1757 # Certain fields should be provided within the metadata header;
1758 # add these here.
1759 metadata = tuple(metadata) + (
1760 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1761 )
1763 # Validate the universe domain.
1764 self._validate_universe_domain()
1766 # Send the request.
1767 response = rpc(
1768 request,
1769 retry=retry,
1770 timeout=timeout,
1771 metadata=metadata,
1772 )
1774 # Done; return the response.
1775 return response
1777 def disable_secret_version(
1778 self,
1779 request: Optional[Union[service.DisableSecretVersionRequest, dict]] = None,
1780 *,
1781 name: Optional[str] = None,
1782 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1783 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1784 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1785 ) -> resources.SecretVersion:
1786 r"""Disables a
1787 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1789 Sets the
1790 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1791 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1792 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
1794 .. code-block:: python
1796 # This snippet has been automatically generated and should be regarded as a
1797 # code template only.
1798 # It will require modifications to work:
1799 # - It may require correct/in-range values for request initialization.
1800 # - It may require specifying regional endpoints when creating the service
1801 # client as shown in:
1802 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1803 from google.cloud import secretmanager_v1beta1
1805 def sample_disable_secret_version():
1806 # Create a client
1807 client = secretmanager_v1beta1.SecretManagerServiceClient()
1809 # Initialize request argument(s)
1810 request = secretmanager_v1beta1.DisableSecretVersionRequest(
1811 name="name_value",
1812 )
1814 # Make the request
1815 response = client.disable_secret_version(request=request)
1817 # Handle the response
1818 print(response)
1820 Args:
1821 request (Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]):
1822 The request object. Request message for
1823 [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion].
1824 name (str):
1825 Required. The resource name of the
1826 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1827 to disable in the format
1828 ``projects/*/secrets/*/versions/*``.
1830 This corresponds to the ``name`` field
1831 on the ``request`` instance; if ``request`` is provided, this
1832 should not be set.
1833 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1834 should be retried.
1835 timeout (float): The timeout for this request.
1836 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1837 sent along with the request as metadata. Normally, each value must be of type `str`,
1838 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1839 be of type `bytes`.
1841 Returns:
1842 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1843 A secret version resource in the
1844 Secret Manager API.
1846 """
1847 # Create or coerce a protobuf request object.
1848 # - Quick check: If we got a request object, we should *not* have
1849 # gotten any keyword arguments that map to the request.
1850 has_flattened_params = any([name])
1851 if request is not None and has_flattened_params:
1852 raise ValueError(
1853 "If the `request` argument is set, then none of "
1854 "the individual field arguments should be set."
1855 )
1857 # - Use the request object if provided (there's no risk of modifying the input as
1858 # there are no flattened fields), or create one.
1859 if not isinstance(request, service.DisableSecretVersionRequest):
1860 request = service.DisableSecretVersionRequest(request)
1861 # If we have keyword arguments corresponding to fields on the
1862 # request, apply these.
1863 if name is not None:
1864 request.name = name
1866 # Wrap the RPC method; this adds retry and timeout information,
1867 # and friendly error handling.
1868 rpc = self._transport._wrapped_methods[self._transport.disable_secret_version]
1870 # Certain fields should be provided within the metadata header;
1871 # add these here.
1872 metadata = tuple(metadata) + (
1873 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1874 )
1876 # Validate the universe domain.
1877 self._validate_universe_domain()
1879 # Send the request.
1880 response = rpc(
1881 request,
1882 retry=retry,
1883 timeout=timeout,
1884 metadata=metadata,
1885 )
1887 # Done; return the response.
1888 return response
1890 def enable_secret_version(
1891 self,
1892 request: Optional[Union[service.EnableSecretVersionRequest, dict]] = None,
1893 *,
1894 name: Optional[str] = None,
1895 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1896 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1897 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1898 ) -> resources.SecretVersion:
1899 r"""Enables a
1900 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1902 Sets the
1903 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1904 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1905 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
1907 .. code-block:: python
1909 # This snippet has been automatically generated and should be regarded as a
1910 # code template only.
1911 # It will require modifications to work:
1912 # - It may require correct/in-range values for request initialization.
1913 # - It may require specifying regional endpoints when creating the service
1914 # client as shown in:
1915 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1916 from google.cloud import secretmanager_v1beta1
1918 def sample_enable_secret_version():
1919 # Create a client
1920 client = secretmanager_v1beta1.SecretManagerServiceClient()
1922 # Initialize request argument(s)
1923 request = secretmanager_v1beta1.EnableSecretVersionRequest(
1924 name="name_value",
1925 )
1927 # Make the request
1928 response = client.enable_secret_version(request=request)
1930 # Handle the response
1931 print(response)
1933 Args:
1934 request (Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]):
1935 The request object. Request message for
1936 [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion].
1937 name (str):
1938 Required. The resource name of the
1939 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1940 to enable in the format
1941 ``projects/*/secrets/*/versions/*``.
1943 This corresponds to the ``name`` field
1944 on the ``request`` instance; if ``request`` is provided, this
1945 should not be set.
1946 retry (google.api_core.retry.Retry): Designation of what errors, if any,
1947 should be retried.
1948 timeout (float): The timeout for this request.
1949 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1950 sent along with the request as metadata. Normally, each value must be of type `str`,
1951 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1952 be of type `bytes`.
1954 Returns:
1955 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1956 A secret version resource in the
1957 Secret Manager API.
1959 """
1960 # Create or coerce a protobuf request object.
1961 # - Quick check: If we got a request object, we should *not* have
1962 # gotten any keyword arguments that map to the request.
1963 has_flattened_params = any([name])
1964 if request is not None and has_flattened_params:
1965 raise ValueError(
1966 "If the `request` argument is set, then none of "
1967 "the individual field arguments should be set."
1968 )
1970 # - Use the request object if provided (there's no risk of modifying the input as
1971 # there are no flattened fields), or create one.
1972 if not isinstance(request, service.EnableSecretVersionRequest):
1973 request = service.EnableSecretVersionRequest(request)
1974 # If we have keyword arguments corresponding to fields on the
1975 # request, apply these.
1976 if name is not None:
1977 request.name = name
1979 # Wrap the RPC method; this adds retry and timeout information,
1980 # and friendly error handling.
1981 rpc = self._transport._wrapped_methods[self._transport.enable_secret_version]
1983 # Certain fields should be provided within the metadata header;
1984 # add these here.
1985 metadata = tuple(metadata) + (
1986 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1987 )
1989 # Validate the universe domain.
1990 self._validate_universe_domain()
1992 # Send the request.
1993 response = rpc(
1994 request,
1995 retry=retry,
1996 timeout=timeout,
1997 metadata=metadata,
1998 )
2000 # Done; return the response.
2001 return response
2003 def destroy_secret_version(
2004 self,
2005 request: Optional[Union[service.DestroySecretVersionRequest, dict]] = None,
2006 *,
2007 name: Optional[str] = None,
2008 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2009 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2010 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2011 ) -> resources.SecretVersion:
2012 r"""Destroys a
2013 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
2015 Sets the
2016 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
2017 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
2018 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
2019 and irrevocably destroys the secret data.
2021 .. code-block:: python
2023 # This snippet has been automatically generated and should be regarded as a
2024 # code template only.
2025 # It will require modifications to work:
2026 # - It may require correct/in-range values for request initialization.
2027 # - It may require specifying regional endpoints when creating the service
2028 # client as shown in:
2029 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2030 from google.cloud import secretmanager_v1beta1
2032 def sample_destroy_secret_version():
2033 # Create a client
2034 client = secretmanager_v1beta1.SecretManagerServiceClient()
2036 # Initialize request argument(s)
2037 request = secretmanager_v1beta1.DestroySecretVersionRequest(
2038 name="name_value",
2039 )
2041 # Make the request
2042 response = client.destroy_secret_version(request=request)
2044 # Handle the response
2045 print(response)
2047 Args:
2048 request (Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]):
2049 The request object. Request message for
2050 [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion].
2051 name (str):
2052 Required. The resource name of the
2053 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
2054 to destroy in the format
2055 ``projects/*/secrets/*/versions/*``.
2057 This corresponds to the ``name`` field
2058 on the ``request`` instance; if ``request`` is provided, this
2059 should not be set.
2060 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2061 should be retried.
2062 timeout (float): The timeout for this request.
2063 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2064 sent along with the request as metadata. Normally, each value must be of type `str`,
2065 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2066 be of type `bytes`.
2068 Returns:
2069 google.cloud.secretmanager_v1beta1.types.SecretVersion:
2070 A secret version resource in the
2071 Secret Manager API.
2073 """
2074 # Create or coerce a protobuf request object.
2075 # - Quick check: If we got a request object, we should *not* have
2076 # gotten any keyword arguments that map to the request.
2077 has_flattened_params = any([name])
2078 if request is not None and has_flattened_params:
2079 raise ValueError(
2080 "If the `request` argument is set, then none of "
2081 "the individual field arguments should be set."
2082 )
2084 # - Use the request object if provided (there's no risk of modifying the input as
2085 # there are no flattened fields), or create one.
2086 if not isinstance(request, service.DestroySecretVersionRequest):
2087 request = service.DestroySecretVersionRequest(request)
2088 # If we have keyword arguments corresponding to fields on the
2089 # request, apply these.
2090 if name is not None:
2091 request.name = name
2093 # Wrap the RPC method; this adds retry and timeout information,
2094 # and friendly error handling.
2095 rpc = self._transport._wrapped_methods[self._transport.destroy_secret_version]
2097 # Certain fields should be provided within the metadata header;
2098 # add these here.
2099 metadata = tuple(metadata) + (
2100 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
2101 )
2103 # Validate the universe domain.
2104 self._validate_universe_domain()
2106 # Send the request.
2107 response = rpc(
2108 request,
2109 retry=retry,
2110 timeout=timeout,
2111 metadata=metadata,
2112 )
2114 # Done; return the response.
2115 return response
2117 def set_iam_policy(
2118 self,
2119 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None,
2120 *,
2121 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2122 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2123 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2124 ) -> policy_pb2.Policy:
2125 r"""Sets the access control policy on the specified secret. Replaces
2126 any existing policy.
2128 Permissions on
2129 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
2130 enforced according to the policy set on the associated
2131 [Secret][google.cloud.secrets.v1beta1.Secret].
2133 .. code-block:: python
2135 # This snippet has been automatically generated and should be regarded as a
2136 # code template only.
2137 # It will require modifications to work:
2138 # - It may require correct/in-range values for request initialization.
2139 # - It may require specifying regional endpoints when creating the service
2140 # client as shown in:
2141 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2142 from google.cloud import secretmanager_v1beta1
2143 from google.iam.v1 import iam_policy_pb2 # type: ignore
2145 def sample_set_iam_policy():
2146 # Create a client
2147 client = secretmanager_v1beta1.SecretManagerServiceClient()
2149 # Initialize request argument(s)
2150 request = iam_policy_pb2.SetIamPolicyRequest(
2151 resource="resource_value",
2152 )
2154 # Make the request
2155 response = client.set_iam_policy(request=request)
2157 # Handle the response
2158 print(response)
2160 Args:
2161 request (Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]):
2162 The request object. Request message for ``SetIamPolicy`` method.
2163 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2164 should be retried.
2165 timeout (float): The timeout for this request.
2166 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2167 sent along with the request as metadata. Normally, each value must be of type `str`,
2168 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2169 be of type `bytes`.
2171 Returns:
2172 google.iam.v1.policy_pb2.Policy:
2173 An Identity and Access Management (IAM) policy, which specifies access
2174 controls for Google Cloud resources.
2176 A Policy is a collection of bindings. A binding binds
2177 one or more members, or principals, to a single role.
2178 Principals can be user accounts, service accounts,
2179 Google groups, and domains (such as G Suite). A role
2180 is a named list of permissions; each role can be an
2181 IAM predefined role or a user-created custom role.
2183 For some types of Google Cloud resources, a binding
2184 can also specify a condition, which is a logical
2185 expression that allows access to a resource only if
2186 the expression evaluates to true. A condition can add
2187 constraints based on attributes of the request, the
2188 resource, or both. To learn which resources support
2189 conditions in their IAM policies, see the [IAM
2190 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
2192 **JSON example:**
2194 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
2196 **YAML example:**
2198 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
2200 For a description of IAM and its features, see the
2201 [IAM
2202 documentation](\ https://cloud.google.com/iam/docs/).
2204 """
2205 # Create or coerce a protobuf request object.
2206 if isinstance(request, dict):
2207 # - The request isn't a proto-plus wrapped type,
2208 # so it must be constructed via keyword expansion.
2209 request = iam_policy_pb2.SetIamPolicyRequest(**request)
2210 elif not request:
2211 # Null request, just make one.
2212 request = iam_policy_pb2.SetIamPolicyRequest()
2214 # Wrap the RPC method; this adds retry and timeout information,
2215 # and friendly error handling.
2216 rpc = self._transport._wrapped_methods[self._transport.set_iam_policy]
2218 # Certain fields should be provided within the metadata header;
2219 # add these here.
2220 metadata = tuple(metadata) + (
2221 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2222 )
2224 # Validate the universe domain.
2225 self._validate_universe_domain()
2227 # Send the request.
2228 response = rpc(
2229 request,
2230 retry=retry,
2231 timeout=timeout,
2232 metadata=metadata,
2233 )
2235 # Done; return the response.
2236 return response
2238 def get_iam_policy(
2239 self,
2240 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None,
2241 *,
2242 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2243 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2244 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2245 ) -> policy_pb2.Policy:
2246 r"""Gets the access control policy for a secret.
2247 Returns empty policy if the secret exists and does not
2248 have a policy set.
2250 .. code-block:: python
2252 # This snippet has been automatically generated and should be regarded as a
2253 # code template only.
2254 # It will require modifications to work:
2255 # - It may require correct/in-range values for request initialization.
2256 # - It may require specifying regional endpoints when creating the service
2257 # client as shown in:
2258 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2259 from google.cloud import secretmanager_v1beta1
2260 from google.iam.v1 import iam_policy_pb2 # type: ignore
2262 def sample_get_iam_policy():
2263 # Create a client
2264 client = secretmanager_v1beta1.SecretManagerServiceClient()
2266 # Initialize request argument(s)
2267 request = iam_policy_pb2.GetIamPolicyRequest(
2268 resource="resource_value",
2269 )
2271 # Make the request
2272 response = client.get_iam_policy(request=request)
2274 # Handle the response
2275 print(response)
2277 Args:
2278 request (Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]):
2279 The request object. Request message for ``GetIamPolicy`` method.
2280 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2281 should be retried.
2282 timeout (float): The timeout for this request.
2283 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2284 sent along with the request as metadata. Normally, each value must be of type `str`,
2285 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2286 be of type `bytes`.
2288 Returns:
2289 google.iam.v1.policy_pb2.Policy:
2290 An Identity and Access Management (IAM) policy, which specifies access
2291 controls for Google Cloud resources.
2293 A Policy is a collection of bindings. A binding binds
2294 one or more members, or principals, to a single role.
2295 Principals can be user accounts, service accounts,
2296 Google groups, and domains (such as G Suite). A role
2297 is a named list of permissions; each role can be an
2298 IAM predefined role or a user-created custom role.
2300 For some types of Google Cloud resources, a binding
2301 can also specify a condition, which is a logical
2302 expression that allows access to a resource only if
2303 the expression evaluates to true. A condition can add
2304 constraints based on attributes of the request, the
2305 resource, or both. To learn which resources support
2306 conditions in their IAM policies, see the [IAM
2307 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
2309 **JSON example:**
2311 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
2313 **YAML example:**
2315 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
2317 For a description of IAM and its features, see the
2318 [IAM
2319 documentation](\ https://cloud.google.com/iam/docs/).
2321 """
2322 # Create or coerce a protobuf request object.
2323 if isinstance(request, dict):
2324 # - The request isn't a proto-plus wrapped type,
2325 # so it must be constructed via keyword expansion.
2326 request = iam_policy_pb2.GetIamPolicyRequest(**request)
2327 elif not request:
2328 # Null request, just make one.
2329 request = iam_policy_pb2.GetIamPolicyRequest()
2331 # Wrap the RPC method; this adds retry and timeout information,
2332 # and friendly error handling.
2333 rpc = self._transport._wrapped_methods[self._transport.get_iam_policy]
2335 # Certain fields should be provided within the metadata header;
2336 # add these here.
2337 metadata = tuple(metadata) + (
2338 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2339 )
2341 # Validate the universe domain.
2342 self._validate_universe_domain()
2344 # Send the request.
2345 response = rpc(
2346 request,
2347 retry=retry,
2348 timeout=timeout,
2349 metadata=metadata,
2350 )
2352 # Done; return the response.
2353 return response
2355 def test_iam_permissions(
2356 self,
2357 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None,
2358 *,
2359 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2360 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2361 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2362 ) -> iam_policy_pb2.TestIamPermissionsResponse:
2363 r"""Returns permissions that a caller has for the specified secret.
2364 If the secret does not exist, this call returns an empty set of
2365 permissions, not a NOT_FOUND error.
2367 Note: This operation is designed to be used for building
2368 permission-aware UIs and command-line tools, not for
2369 authorization checking. This operation may "fail open" without
2370 warning.
2372 .. code-block:: python
2374 # This snippet has been automatically generated and should be regarded as a
2375 # code template only.
2376 # It will require modifications to work:
2377 # - It may require correct/in-range values for request initialization.
2378 # - It may require specifying regional endpoints when creating the service
2379 # client as shown in:
2380 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2381 from google.cloud import secretmanager_v1beta1
2382 from google.iam.v1 import iam_policy_pb2 # type: ignore
2384 def sample_test_iam_permissions():
2385 # Create a client
2386 client = secretmanager_v1beta1.SecretManagerServiceClient()
2388 # Initialize request argument(s)
2389 request = iam_policy_pb2.TestIamPermissionsRequest(
2390 resource="resource_value",
2391 permissions=['permissions_value1', 'permissions_value2'],
2392 )
2394 # Make the request
2395 response = client.test_iam_permissions(request=request)
2397 # Handle the response
2398 print(response)
2400 Args:
2401 request (Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]):
2402 The request object. Request message for ``TestIamPermissions`` method.
2403 retry (google.api_core.retry.Retry): Designation of what errors, if any,
2404 should be retried.
2405 timeout (float): The timeout for this request.
2406 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2407 sent along with the request as metadata. Normally, each value must be of type `str`,
2408 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2409 be of type `bytes`.
2411 Returns:
2412 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
2413 Response message for TestIamPermissions method.
2414 """
2415 # Create or coerce a protobuf request object.
2416 if isinstance(request, dict):
2417 # - The request isn't a proto-plus wrapped type,
2418 # so it must be constructed via keyword expansion.
2419 request = iam_policy_pb2.TestIamPermissionsRequest(**request)
2420 elif not request:
2421 # Null request, just make one.
2422 request = iam_policy_pb2.TestIamPermissionsRequest()
2424 # Wrap the RPC method; this adds retry and timeout information,
2425 # and friendly error handling.
2426 rpc = self._transport._wrapped_methods[self._transport.test_iam_permissions]
2428 # Certain fields should be provided within the metadata header;
2429 # add these here.
2430 metadata = tuple(metadata) + (
2431 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2432 )
2434 # Validate the universe domain.
2435 self._validate_universe_domain()
2437 # Send the request.
2438 response = rpc(
2439 request,
2440 retry=retry,
2441 timeout=timeout,
2442 metadata=metadata,
2443 )
2445 # Done; return the response.
2446 return response
2448 def __enter__(self) -> "SecretManagerServiceClient":
2449 return self
2451 def __exit__(self, type, value, traceback):
2452 """Releases underlying transport's resources.
2454 .. warning::
2455 ONLY use as a context manager if the transport is NOT shared
2456 with other clients! Exiting the with block will CLOSE the transport
2457 and may cause errors in other clients!
2458 """
2459 self.transport.close()
2462DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
2463 gapic_version=package_version.__version__
2464)
2467__all__ = ("SecretManagerServiceClient",)