Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16from collections import OrderedDict
17import logging as std_logging
18import re
19from typing import (
20 Callable,
21 Dict,
22 Mapping,
23 MutableMapping,
24 MutableSequence,
25 Optional,
26 Sequence,
27 Tuple,
28 Type,
29 Union,
30)
32from google.api_core import exceptions as core_exceptions
33from google.api_core import gapic_v1
34from google.api_core import retry_async as retries
35from google.api_core.client_options import ClientOptions
36from google.auth import credentials as ga_credentials # type: ignore
37from google.oauth2 import service_account # type: ignore
38import google.protobuf
40from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
42try:
43 OptionalRetry = Union[retries.AsyncRetry, gapic_v1.method._MethodDefault, None]
44except AttributeError: # pragma: NO COVER
45 OptionalRetry = Union[retries.AsyncRetry, object, None] # type: ignore
47from google.cloud.location import locations_pb2 # type: ignore
48from google.iam.v1 import iam_policy_pb2 # type: ignore
49from google.iam.v1 import policy_pb2 # type: ignore
50from google.protobuf import field_mask_pb2 # type: ignore
51from google.protobuf import timestamp_pb2 # type: ignore
53from google.cloud.secretmanager_v1beta1.services.secret_manager_service import pagers
54from google.cloud.secretmanager_v1beta1.types import resources, service
56from .client import SecretManagerServiceClient
57from .transports.base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
58from .transports.grpc_asyncio import SecretManagerServiceGrpcAsyncIOTransport
60try:
61 from google.api_core import client_logging # type: ignore
63 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
64except ImportError: # pragma: NO COVER
65 CLIENT_LOGGING_SUPPORTED = False
67_LOGGER = std_logging.getLogger(__name__)
70class SecretManagerServiceAsyncClient:
71 """Secret Manager Service
73 Manages secrets and operations using those secrets. Implements a
74 REST model with the following objects:
76 - [Secret][google.cloud.secrets.v1beta1.Secret]
77 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
78 """
80 _client: SecretManagerServiceClient
82 # Copy defaults from the synchronous client for use here.
83 # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead.
84 DEFAULT_ENDPOINT = SecretManagerServiceClient.DEFAULT_ENDPOINT
85 DEFAULT_MTLS_ENDPOINT = SecretManagerServiceClient.DEFAULT_MTLS_ENDPOINT
86 _DEFAULT_ENDPOINT_TEMPLATE = SecretManagerServiceClient._DEFAULT_ENDPOINT_TEMPLATE
87 _DEFAULT_UNIVERSE = SecretManagerServiceClient._DEFAULT_UNIVERSE
89 secret_path = staticmethod(SecretManagerServiceClient.secret_path)
90 parse_secret_path = staticmethod(SecretManagerServiceClient.parse_secret_path)
91 secret_version_path = staticmethod(SecretManagerServiceClient.secret_version_path)
92 parse_secret_version_path = staticmethod(
93 SecretManagerServiceClient.parse_secret_version_path
94 )
95 common_billing_account_path = staticmethod(
96 SecretManagerServiceClient.common_billing_account_path
97 )
98 parse_common_billing_account_path = staticmethod(
99 SecretManagerServiceClient.parse_common_billing_account_path
100 )
101 common_folder_path = staticmethod(SecretManagerServiceClient.common_folder_path)
102 parse_common_folder_path = staticmethod(
103 SecretManagerServiceClient.parse_common_folder_path
104 )
105 common_organization_path = staticmethod(
106 SecretManagerServiceClient.common_organization_path
107 )
108 parse_common_organization_path = staticmethod(
109 SecretManagerServiceClient.parse_common_organization_path
110 )
111 common_project_path = staticmethod(SecretManagerServiceClient.common_project_path)
112 parse_common_project_path = staticmethod(
113 SecretManagerServiceClient.parse_common_project_path
114 )
115 common_location_path = staticmethod(SecretManagerServiceClient.common_location_path)
116 parse_common_location_path = staticmethod(
117 SecretManagerServiceClient.parse_common_location_path
118 )
120 @classmethod
121 def from_service_account_info(cls, info: dict, *args, **kwargs):
122 """Creates an instance of this client using the provided credentials
123 info.
125 Args:
126 info (dict): The service account private key info.
127 args: Additional arguments to pass to the constructor.
128 kwargs: Additional arguments to pass to the constructor.
130 Returns:
131 SecretManagerServiceAsyncClient: The constructed client.
132 """
133 return SecretManagerServiceClient.from_service_account_info.__func__(SecretManagerServiceAsyncClient, info, *args, **kwargs) # type: ignore
135 @classmethod
136 def from_service_account_file(cls, filename: str, *args, **kwargs):
137 """Creates an instance of this client using the provided credentials
138 file.
140 Args:
141 filename (str): The path to the service account private key json
142 file.
143 args: Additional arguments to pass to the constructor.
144 kwargs: Additional arguments to pass to the constructor.
146 Returns:
147 SecretManagerServiceAsyncClient: The constructed client.
148 """
149 return SecretManagerServiceClient.from_service_account_file.__func__(SecretManagerServiceAsyncClient, filename, *args, **kwargs) # type: ignore
151 from_service_account_json = from_service_account_file
153 @classmethod
154 def get_mtls_endpoint_and_cert_source(
155 cls, client_options: Optional[ClientOptions] = None
156 ):
157 """Return the API endpoint and client cert source for mutual TLS.
159 The client cert source is determined in the following order:
160 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
161 client cert source is None.
162 (2) if `client_options.client_cert_source` is provided, use the provided one; if the
163 default client cert source exists, use the default one; otherwise the client cert
164 source is None.
166 The API endpoint is determined in the following order:
167 (1) if `client_options.api_endpoint` if provided, use the provided one.
168 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
169 default mTLS endpoint; if the environment variable is "never", use the default API
170 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
171 use the default API endpoint.
173 More details can be found at https://google.aip.dev/auth/4114.
175 Args:
176 client_options (google.api_core.client_options.ClientOptions): Custom options for the
177 client. Only the `api_endpoint` and `client_cert_source` properties may be used
178 in this method.
180 Returns:
181 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
182 client cert source to use.
184 Raises:
185 google.auth.exceptions.MutualTLSChannelError: If any errors happen.
186 """
187 return SecretManagerServiceClient.get_mtls_endpoint_and_cert_source(client_options) # type: ignore
189 @property
190 def transport(self) -> SecretManagerServiceTransport:
191 """Returns the transport used by the client instance.
193 Returns:
194 SecretManagerServiceTransport: The transport used by the client instance.
195 """
196 return self._client.transport
198 @property
199 def api_endpoint(self):
200 """Return the API endpoint used by the client instance.
202 Returns:
203 str: The API endpoint used by the client instance.
204 """
205 return self._client._api_endpoint
207 @property
208 def universe_domain(self) -> str:
209 """Return the universe domain used by the client instance.
211 Returns:
212 str: The universe domain used
213 by the client instance.
214 """
215 return self._client._universe_domain
217 get_transport_class = SecretManagerServiceClient.get_transport_class
219 def __init__(
220 self,
221 *,
222 credentials: Optional[ga_credentials.Credentials] = None,
223 transport: Optional[
224 Union[
225 str,
226 SecretManagerServiceTransport,
227 Callable[..., SecretManagerServiceTransport],
228 ]
229 ] = "grpc_asyncio",
230 client_options: Optional[ClientOptions] = None,
231 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
232 ) -> None:
233 """Instantiates the secret manager service async client.
235 Args:
236 credentials (Optional[google.auth.credentials.Credentials]): The
237 authorization credentials to attach to requests. These
238 credentials identify the application to the service; if none
239 are specified, the client will attempt to ascertain the
240 credentials from the environment.
241 transport (Optional[Union[str,SecretManagerServiceTransport,Callable[..., SecretManagerServiceTransport]]]):
242 The transport to use, or a Callable that constructs and returns a new transport to use.
243 If a Callable is given, it will be called with the same set of initialization
244 arguments as used in the SecretManagerServiceTransport constructor.
245 If set to None, a transport is chosen automatically.
246 client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]):
247 Custom options for the client.
249 1. The ``api_endpoint`` property can be used to override the
250 default endpoint provided by the client when ``transport`` is
251 not explicitly provided. Only if this property is not set and
252 ``transport`` was not explicitly provided, the endpoint is
253 determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment
254 variable, which have one of the following values:
255 "always" (always use the default mTLS endpoint), "never" (always
256 use the default regular endpoint) and "auto" (auto-switch to the
257 default mTLS endpoint if client certificate is present; this is
258 the default value).
260 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
261 is "true", then the ``client_cert_source`` property can be used
262 to provide a client certificate for mTLS transport. If
263 not provided, the default SSL client certificate will be used if
264 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
265 set, no client certificate will be used.
267 3. The ``universe_domain`` property can be used to override the
268 default "googleapis.com" universe. Note that ``api_endpoint``
269 property still takes precedence; and ``universe_domain`` is
270 currently not supported for mTLS.
272 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
273 The client info used to send a user-agent string along with
274 API requests. If ``None``, then default info will be used.
275 Generally, you only need to set this if you're developing
276 your own client library.
278 Raises:
279 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
280 creation failed for any reason.
281 """
282 self._client = SecretManagerServiceClient(
283 credentials=credentials,
284 transport=transport,
285 client_options=client_options,
286 client_info=client_info,
287 )
289 if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
290 std_logging.DEBUG
291 ): # pragma: NO COVER
292 _LOGGER.debug(
293 "Created client `google.cloud.secrets_v1beta1.SecretManagerServiceAsyncClient`.",
294 extra={
295 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
296 "universeDomain": getattr(
297 self._client._transport._credentials, "universe_domain", ""
298 ),
299 "credentialsType": f"{type(self._client._transport._credentials).__module__}.{type(self._client._transport._credentials).__qualname__}",
300 "credentialsInfo": getattr(
301 self.transport._credentials, "get_cred_info", lambda: None
302 )(),
303 }
304 if hasattr(self._client._transport, "_credentials")
305 else {
306 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
307 "credentialsType": None,
308 },
309 )
311 async def list_secrets(
312 self,
313 request: Optional[Union[service.ListSecretsRequest, dict]] = None,
314 *,
315 parent: Optional[str] = None,
316 retry: OptionalRetry = gapic_v1.method.DEFAULT,
317 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
318 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
319 ) -> pagers.ListSecretsAsyncPager:
320 r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
322 .. code-block:: python
324 # This snippet has been automatically generated and should be regarded as a
325 # code template only.
326 # It will require modifications to work:
327 # - It may require correct/in-range values for request initialization.
328 # - It may require specifying regional endpoints when creating the service
329 # client as shown in:
330 # https://googleapis.dev/python/google-api-core/latest/client_options.html
331 from google.cloud import secretmanager_v1beta1
333 async def sample_list_secrets():
334 # Create a client
335 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
337 # Initialize request argument(s)
338 request = secretmanager_v1beta1.ListSecretsRequest(
339 parent="parent_value",
340 )
342 # Make the request
343 page_result = client.list_secrets(request=request)
345 # Handle the response
346 async for response in page_result:
347 print(response)
349 Args:
350 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]]):
351 The request object. Request message for
352 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
353 parent (:class:`str`):
354 Required. The resource name of the project associated
355 with the [Secrets][google.cloud.secrets.v1beta1.Secret],
356 in the format ``projects/*``.
358 This corresponds to the ``parent`` field
359 on the ``request`` instance; if ``request`` is provided, this
360 should not be set.
361 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
362 should be retried.
363 timeout (float): The timeout for this request.
364 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
365 sent along with the request as metadata. Normally, each value must be of type `str`,
366 but for metadata keys ending with the suffix `-bin`, the corresponding values must
367 be of type `bytes`.
369 Returns:
370 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsAsyncPager:
371 Response message for
372 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
374 Iterating over this object will yield results and
375 resolve additional pages automatically.
377 """
378 # Create or coerce a protobuf request object.
379 # - Quick check: If we got a request object, we should *not* have
380 # gotten any keyword arguments that map to the request.
381 flattened_params = [parent]
382 has_flattened_params = (
383 len([param for param in flattened_params if param is not None]) > 0
384 )
385 if request is not None and has_flattened_params:
386 raise ValueError(
387 "If the `request` argument is set, then none of "
388 "the individual field arguments should be set."
389 )
391 # - Use the request object if provided (there's no risk of modifying the input as
392 # there are no flattened fields), or create one.
393 if not isinstance(request, service.ListSecretsRequest):
394 request = service.ListSecretsRequest(request)
396 # If we have keyword arguments corresponding to fields on the
397 # request, apply these.
398 if parent is not None:
399 request.parent = parent
401 # Wrap the RPC method; this adds retry and timeout information,
402 # and friendly error handling.
403 rpc = self._client._transport._wrapped_methods[
404 self._client._transport.list_secrets
405 ]
407 # Certain fields should be provided within the metadata header;
408 # add these here.
409 metadata = tuple(metadata) + (
410 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
411 )
413 # Validate the universe domain.
414 self._client._validate_universe_domain()
416 # Send the request.
417 response = await rpc(
418 request,
419 retry=retry,
420 timeout=timeout,
421 metadata=metadata,
422 )
424 # This method is paged; wrap the response in a pager, which provides
425 # an `__aiter__` convenience method.
426 response = pagers.ListSecretsAsyncPager(
427 method=rpc,
428 request=request,
429 response=response,
430 retry=retry,
431 timeout=timeout,
432 metadata=metadata,
433 )
435 # Done; return the response.
436 return response
438 async def create_secret(
439 self,
440 request: Optional[Union[service.CreateSecretRequest, dict]] = None,
441 *,
442 parent: Optional[str] = None,
443 secret_id: Optional[str] = None,
444 secret: Optional[resources.Secret] = None,
445 retry: OptionalRetry = gapic_v1.method.DEFAULT,
446 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
447 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
448 ) -> resources.Secret:
449 r"""Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
450 containing no
451 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
453 .. code-block:: python
455 # This snippet has been automatically generated and should be regarded as a
456 # code template only.
457 # It will require modifications to work:
458 # - It may require correct/in-range values for request initialization.
459 # - It may require specifying regional endpoints when creating the service
460 # client as shown in:
461 # https://googleapis.dev/python/google-api-core/latest/client_options.html
462 from google.cloud import secretmanager_v1beta1
464 async def sample_create_secret():
465 # Create a client
466 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
468 # Initialize request argument(s)
469 request = secretmanager_v1beta1.CreateSecretRequest(
470 parent="parent_value",
471 secret_id="secret_id_value",
472 )
474 # Make the request
475 response = await client.create_secret(request=request)
477 # Handle the response
478 print(response)
480 Args:
481 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]]):
482 The request object. Request message for
483 [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret].
484 parent (:class:`str`):
485 Required. The resource name of the project to associate
486 with the [Secret][google.cloud.secrets.v1beta1.Secret],
487 in the format ``projects/*``.
489 This corresponds to the ``parent`` field
490 on the ``request`` instance; if ``request`` is provided, this
491 should not be set.
492 secret_id (:class:`str`):
493 Required. This must be unique within the project.
495 A secret ID is a string with a maximum length of 255
496 characters and can contain uppercase and lowercase
497 letters, numerals, and the hyphen (``-``) and underscore
498 (``_``) characters.
500 This corresponds to the ``secret_id`` field
501 on the ``request`` instance; if ``request`` is provided, this
502 should not be set.
503 secret (:class:`google.cloud.secretmanager_v1beta1.types.Secret`):
504 Required. A
505 [Secret][google.cloud.secrets.v1beta1.Secret] with
506 initial field values.
508 This corresponds to the ``secret`` field
509 on the ``request`` instance; if ``request`` is provided, this
510 should not be set.
511 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
512 should be retried.
513 timeout (float): The timeout for this request.
514 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
515 sent along with the request as metadata. Normally, each value must be of type `str`,
516 but for metadata keys ending with the suffix `-bin`, the corresponding values must
517 be of type `bytes`.
519 Returns:
520 google.cloud.secretmanager_v1beta1.types.Secret:
521 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose
522 value and versions can be accessed.
524 A [Secret][google.cloud.secrets.v1beta1.Secret] is
525 made up of zero or more
526 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
527 that represent the secret data.
529 """
530 # Create or coerce a protobuf request object.
531 # - Quick check: If we got a request object, we should *not* have
532 # gotten any keyword arguments that map to the request.
533 flattened_params = [parent, secret_id, secret]
534 has_flattened_params = (
535 len([param for param in flattened_params if param is not None]) > 0
536 )
537 if request is not None and has_flattened_params:
538 raise ValueError(
539 "If the `request` argument is set, then none of "
540 "the individual field arguments should be set."
541 )
543 # - Use the request object if provided (there's no risk of modifying the input as
544 # there are no flattened fields), or create one.
545 if not isinstance(request, service.CreateSecretRequest):
546 request = service.CreateSecretRequest(request)
548 # If we have keyword arguments corresponding to fields on the
549 # request, apply these.
550 if parent is not None:
551 request.parent = parent
552 if secret_id is not None:
553 request.secret_id = secret_id
554 if secret is not None:
555 request.secret = secret
557 # Wrap the RPC method; this adds retry and timeout information,
558 # and friendly error handling.
559 rpc = self._client._transport._wrapped_methods[
560 self._client._transport.create_secret
561 ]
563 # Certain fields should be provided within the metadata header;
564 # add these here.
565 metadata = tuple(metadata) + (
566 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
567 )
569 # Validate the universe domain.
570 self._client._validate_universe_domain()
572 # Send the request.
573 response = await rpc(
574 request,
575 retry=retry,
576 timeout=timeout,
577 metadata=metadata,
578 )
580 # Done; return the response.
581 return response
583 async def add_secret_version(
584 self,
585 request: Optional[Union[service.AddSecretVersionRequest, dict]] = None,
586 *,
587 parent: Optional[str] = None,
588 payload: Optional[resources.SecretPayload] = None,
589 retry: OptionalRetry = gapic_v1.method.DEFAULT,
590 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
591 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
592 ) -> resources.SecretVersion:
593 r"""Creates a new
594 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
595 containing secret data and attaches it to an existing
596 [Secret][google.cloud.secrets.v1beta1.Secret].
598 .. code-block:: python
600 # This snippet has been automatically generated and should be regarded as a
601 # code template only.
602 # It will require modifications to work:
603 # - It may require correct/in-range values for request initialization.
604 # - It may require specifying regional endpoints when creating the service
605 # client as shown in:
606 # https://googleapis.dev/python/google-api-core/latest/client_options.html
607 from google.cloud import secretmanager_v1beta1
609 async def sample_add_secret_version():
610 # Create a client
611 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
613 # Initialize request argument(s)
614 request = secretmanager_v1beta1.AddSecretVersionRequest(
615 parent="parent_value",
616 )
618 # Make the request
619 response = await client.add_secret_version(request=request)
621 # Handle the response
622 print(response)
624 Args:
625 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]]):
626 The request object. Request message for
627 [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion].
628 parent (:class:`str`):
629 Required. The resource name of the
630 [Secret][google.cloud.secrets.v1beta1.Secret] to
631 associate with the
632 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
633 in the format ``projects/*/secrets/*``.
635 This corresponds to the ``parent`` field
636 on the ``request`` instance; if ``request`` is provided, this
637 should not be set.
638 payload (:class:`google.cloud.secretmanager_v1beta1.types.SecretPayload`):
639 Required. The secret payload of the
640 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
642 This corresponds to the ``payload`` field
643 on the ``request`` instance; if ``request`` is provided, this
644 should not be set.
645 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
646 should be retried.
647 timeout (float): The timeout for this request.
648 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
649 sent along with the request as metadata. Normally, each value must be of type `str`,
650 but for metadata keys ending with the suffix `-bin`, the corresponding values must
651 be of type `bytes`.
653 Returns:
654 google.cloud.secretmanager_v1beta1.types.SecretVersion:
655 A secret version resource in the
656 Secret Manager API.
658 """
659 # Create or coerce a protobuf request object.
660 # - Quick check: If we got a request object, we should *not* have
661 # gotten any keyword arguments that map to the request.
662 flattened_params = [parent, payload]
663 has_flattened_params = (
664 len([param for param in flattened_params if param is not None]) > 0
665 )
666 if request is not None and has_flattened_params:
667 raise ValueError(
668 "If the `request` argument is set, then none of "
669 "the individual field arguments should be set."
670 )
672 # - Use the request object if provided (there's no risk of modifying the input as
673 # there are no flattened fields), or create one.
674 if not isinstance(request, service.AddSecretVersionRequest):
675 request = service.AddSecretVersionRequest(request)
677 # If we have keyword arguments corresponding to fields on the
678 # request, apply these.
679 if parent is not None:
680 request.parent = parent
681 if payload is not None:
682 request.payload = payload
684 # Wrap the RPC method; this adds retry and timeout information,
685 # and friendly error handling.
686 rpc = self._client._transport._wrapped_methods[
687 self._client._transport.add_secret_version
688 ]
690 # Certain fields should be provided within the metadata header;
691 # add these here.
692 metadata = tuple(metadata) + (
693 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
694 )
696 # Validate the universe domain.
697 self._client._validate_universe_domain()
699 # Send the request.
700 response = await rpc(
701 request,
702 retry=retry,
703 timeout=timeout,
704 metadata=metadata,
705 )
707 # Done; return the response.
708 return response
710 async def get_secret(
711 self,
712 request: Optional[Union[service.GetSecretRequest, dict]] = None,
713 *,
714 name: Optional[str] = None,
715 retry: OptionalRetry = gapic_v1.method.DEFAULT,
716 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
717 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
718 ) -> resources.Secret:
719 r"""Gets metadata for a given
720 [Secret][google.cloud.secrets.v1beta1.Secret].
722 .. code-block:: python
724 # This snippet has been automatically generated and should be regarded as a
725 # code template only.
726 # It will require modifications to work:
727 # - It may require correct/in-range values for request initialization.
728 # - It may require specifying regional endpoints when creating the service
729 # client as shown in:
730 # https://googleapis.dev/python/google-api-core/latest/client_options.html
731 from google.cloud import secretmanager_v1beta1
733 async def sample_get_secret():
734 # Create a client
735 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
737 # Initialize request argument(s)
738 request = secretmanager_v1beta1.GetSecretRequest(
739 name="name_value",
740 )
742 # Make the request
743 response = await client.get_secret(request=request)
745 # Handle the response
746 print(response)
748 Args:
749 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]]):
750 The request object. Request message for
751 [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret].
752 name (:class:`str`):
753 Required. The resource name of the
754 [Secret][google.cloud.secrets.v1beta1.Secret], in the
755 format ``projects/*/secrets/*``.
757 This corresponds to the ``name`` field
758 on the ``request`` instance; if ``request`` is provided, this
759 should not be set.
760 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
761 should be retried.
762 timeout (float): The timeout for this request.
763 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
764 sent along with the request as metadata. Normally, each value must be of type `str`,
765 but for metadata keys ending with the suffix `-bin`, the corresponding values must
766 be of type `bytes`.
768 Returns:
769 google.cloud.secretmanager_v1beta1.types.Secret:
770 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose
771 value and versions can be accessed.
773 A [Secret][google.cloud.secrets.v1beta1.Secret] is
774 made up of zero or more
775 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
776 that represent the secret data.
778 """
779 # Create or coerce a protobuf request object.
780 # - Quick check: If we got a request object, we should *not* have
781 # gotten any keyword arguments that map to the request.
782 flattened_params = [name]
783 has_flattened_params = (
784 len([param for param in flattened_params if param is not None]) > 0
785 )
786 if request is not None and has_flattened_params:
787 raise ValueError(
788 "If the `request` argument is set, then none of "
789 "the individual field arguments should be set."
790 )
792 # - Use the request object if provided (there's no risk of modifying the input as
793 # there are no flattened fields), or create one.
794 if not isinstance(request, service.GetSecretRequest):
795 request = service.GetSecretRequest(request)
797 # If we have keyword arguments corresponding to fields on the
798 # request, apply these.
799 if name is not None:
800 request.name = name
802 # Wrap the RPC method; this adds retry and timeout information,
803 # and friendly error handling.
804 rpc = self._client._transport._wrapped_methods[
805 self._client._transport.get_secret
806 ]
808 # Certain fields should be provided within the metadata header;
809 # add these here.
810 metadata = tuple(metadata) + (
811 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
812 )
814 # Validate the universe domain.
815 self._client._validate_universe_domain()
817 # Send the request.
818 response = await rpc(
819 request,
820 retry=retry,
821 timeout=timeout,
822 metadata=metadata,
823 )
825 # Done; return the response.
826 return response
828 async def update_secret(
829 self,
830 request: Optional[Union[service.UpdateSecretRequest, dict]] = None,
831 *,
832 secret: Optional[resources.Secret] = None,
833 update_mask: Optional[field_mask_pb2.FieldMask] = None,
834 retry: OptionalRetry = gapic_v1.method.DEFAULT,
835 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
836 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
837 ) -> resources.Secret:
838 r"""Updates metadata of an existing
839 [Secret][google.cloud.secrets.v1beta1.Secret].
841 .. code-block:: python
843 # This snippet has been automatically generated and should be regarded as a
844 # code template only.
845 # It will require modifications to work:
846 # - It may require correct/in-range values for request initialization.
847 # - It may require specifying regional endpoints when creating the service
848 # client as shown in:
849 # https://googleapis.dev/python/google-api-core/latest/client_options.html
850 from google.cloud import secretmanager_v1beta1
852 async def sample_update_secret():
853 # Create a client
854 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
856 # Initialize request argument(s)
857 request = secretmanager_v1beta1.UpdateSecretRequest(
858 )
860 # Make the request
861 response = await client.update_secret(request=request)
863 # Handle the response
864 print(response)
866 Args:
867 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]]):
868 The request object. Request message for
869 [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret].
870 secret (:class:`google.cloud.secretmanager_v1beta1.types.Secret`):
871 Required. [Secret][google.cloud.secrets.v1beta1.Secret]
872 with updated field values.
874 This corresponds to the ``secret`` field
875 on the ``request`` instance; if ``request`` is provided, this
876 should not be set.
877 update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
878 Required. Specifies the fields to be
879 updated.
881 This corresponds to the ``update_mask`` field
882 on the ``request`` instance; if ``request`` is provided, this
883 should not be set.
884 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
885 should be retried.
886 timeout (float): The timeout for this request.
887 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
888 sent along with the request as metadata. Normally, each value must be of type `str`,
889 but for metadata keys ending with the suffix `-bin`, the corresponding values must
890 be of type `bytes`.
892 Returns:
893 google.cloud.secretmanager_v1beta1.types.Secret:
894 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose
895 value and versions can be accessed.
897 A [Secret][google.cloud.secrets.v1beta1.Secret] is
898 made up of zero or more
899 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
900 that represent the secret data.
902 """
903 # Create or coerce a protobuf request object.
904 # - Quick check: If we got a request object, we should *not* have
905 # gotten any keyword arguments that map to the request.
906 flattened_params = [secret, update_mask]
907 has_flattened_params = (
908 len([param for param in flattened_params if param is not None]) > 0
909 )
910 if request is not None and has_flattened_params:
911 raise ValueError(
912 "If the `request` argument is set, then none of "
913 "the individual field arguments should be set."
914 )
916 # - Use the request object if provided (there's no risk of modifying the input as
917 # there are no flattened fields), or create one.
918 if not isinstance(request, service.UpdateSecretRequest):
919 request = service.UpdateSecretRequest(request)
921 # If we have keyword arguments corresponding to fields on the
922 # request, apply these.
923 if secret is not None:
924 request.secret = secret
925 if update_mask is not None:
926 request.update_mask = update_mask
928 # Wrap the RPC method; this adds retry and timeout information,
929 # and friendly error handling.
930 rpc = self._client._transport._wrapped_methods[
931 self._client._transport.update_secret
932 ]
934 # Certain fields should be provided within the metadata header;
935 # add these here.
936 metadata = tuple(metadata) + (
937 gapic_v1.routing_header.to_grpc_metadata(
938 (("secret.name", request.secret.name),)
939 ),
940 )
942 # Validate the universe domain.
943 self._client._validate_universe_domain()
945 # Send the request.
946 response = await rpc(
947 request,
948 retry=retry,
949 timeout=timeout,
950 metadata=metadata,
951 )
953 # Done; return the response.
954 return response
956 async def delete_secret(
957 self,
958 request: Optional[Union[service.DeleteSecretRequest, dict]] = None,
959 *,
960 name: Optional[str] = None,
961 retry: OptionalRetry = gapic_v1.method.DEFAULT,
962 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
963 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
964 ) -> None:
965 r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
967 .. code-block:: python
969 # This snippet has been automatically generated and should be regarded as a
970 # code template only.
971 # It will require modifications to work:
972 # - It may require correct/in-range values for request initialization.
973 # - It may require specifying regional endpoints when creating the service
974 # client as shown in:
975 # https://googleapis.dev/python/google-api-core/latest/client_options.html
976 from google.cloud import secretmanager_v1beta1
978 async def sample_delete_secret():
979 # Create a client
980 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
982 # Initialize request argument(s)
983 request = secretmanager_v1beta1.DeleteSecretRequest(
984 name="name_value",
985 )
987 # Make the request
988 await client.delete_secret(request=request)
990 Args:
991 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]]):
992 The request object. Request message for
993 [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret].
994 name (:class:`str`):
995 Required. The resource name of the
996 [Secret][google.cloud.secrets.v1beta1.Secret] to delete
997 in the format ``projects/*/secrets/*``.
999 This corresponds to the ``name`` field
1000 on the ``request`` instance; if ``request`` is provided, this
1001 should not be set.
1002 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1003 should be retried.
1004 timeout (float): The timeout for this request.
1005 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1006 sent along with the request as metadata. Normally, each value must be of type `str`,
1007 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1008 be of type `bytes`.
1009 """
1010 # Create or coerce a protobuf request object.
1011 # - Quick check: If we got a request object, we should *not* have
1012 # gotten any keyword arguments that map to the request.
1013 flattened_params = [name]
1014 has_flattened_params = (
1015 len([param for param in flattened_params if param is not None]) > 0
1016 )
1017 if request is not None and has_flattened_params:
1018 raise ValueError(
1019 "If the `request` argument is set, then none of "
1020 "the individual field arguments should be set."
1021 )
1023 # - Use the request object if provided (there's no risk of modifying the input as
1024 # there are no flattened fields), or create one.
1025 if not isinstance(request, service.DeleteSecretRequest):
1026 request = service.DeleteSecretRequest(request)
1028 # If we have keyword arguments corresponding to fields on the
1029 # request, apply these.
1030 if name is not None:
1031 request.name = name
1033 # Wrap the RPC method; this adds retry and timeout information,
1034 # and friendly error handling.
1035 rpc = self._client._transport._wrapped_methods[
1036 self._client._transport.delete_secret
1037 ]
1039 # Certain fields should be provided within the metadata header;
1040 # add these here.
1041 metadata = tuple(metadata) + (
1042 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1043 )
1045 # Validate the universe domain.
1046 self._client._validate_universe_domain()
1048 # Send the request.
1049 await rpc(
1050 request,
1051 retry=retry,
1052 timeout=timeout,
1053 metadata=metadata,
1054 )
1056 async def list_secret_versions(
1057 self,
1058 request: Optional[Union[service.ListSecretVersionsRequest, dict]] = None,
1059 *,
1060 parent: Optional[str] = None,
1061 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1062 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1063 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1064 ) -> pagers.ListSecretVersionsAsyncPager:
1065 r"""Lists
1066 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
1067 This call does not return secret data.
1069 .. code-block:: python
1071 # This snippet has been automatically generated and should be regarded as a
1072 # code template only.
1073 # It will require modifications to work:
1074 # - It may require correct/in-range values for request initialization.
1075 # - It may require specifying regional endpoints when creating the service
1076 # client as shown in:
1077 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1078 from google.cloud import secretmanager_v1beta1
1080 async def sample_list_secret_versions():
1081 # Create a client
1082 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1084 # Initialize request argument(s)
1085 request = secretmanager_v1beta1.ListSecretVersionsRequest(
1086 parent="parent_value",
1087 )
1089 # Make the request
1090 page_result = client.list_secret_versions(request=request)
1092 # Handle the response
1093 async for response in page_result:
1094 print(response)
1096 Args:
1097 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]]):
1098 The request object. Request message for
1099 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1100 parent (:class:`str`):
1101 Required. The resource name of the
1102 [Secret][google.cloud.secrets.v1beta1.Secret] associated
1103 with the
1104 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1105 to list, in the format ``projects/*/secrets/*``.
1107 This corresponds to the ``parent`` field
1108 on the ``request`` instance; if ``request`` is provided, this
1109 should not be set.
1110 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1111 should be retried.
1112 timeout (float): The timeout for this request.
1113 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1114 sent along with the request as metadata. Normally, each value must be of type `str`,
1115 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1116 be of type `bytes`.
1118 Returns:
1119 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsAsyncPager:
1120 Response message for
1121 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1123 Iterating over this object will yield results and
1124 resolve additional pages automatically.
1126 """
1127 # Create or coerce a protobuf request object.
1128 # - Quick check: If we got a request object, we should *not* have
1129 # gotten any keyword arguments that map to the request.
1130 flattened_params = [parent]
1131 has_flattened_params = (
1132 len([param for param in flattened_params if param is not None]) > 0
1133 )
1134 if request is not None and has_flattened_params:
1135 raise ValueError(
1136 "If the `request` argument is set, then none of "
1137 "the individual field arguments should be set."
1138 )
1140 # - Use the request object if provided (there's no risk of modifying the input as
1141 # there are no flattened fields), or create one.
1142 if not isinstance(request, service.ListSecretVersionsRequest):
1143 request = service.ListSecretVersionsRequest(request)
1145 # If we have keyword arguments corresponding to fields on the
1146 # request, apply these.
1147 if parent is not None:
1148 request.parent = parent
1150 # Wrap the RPC method; this adds retry and timeout information,
1151 # and friendly error handling.
1152 rpc = self._client._transport._wrapped_methods[
1153 self._client._transport.list_secret_versions
1154 ]
1156 # Certain fields should be provided within the metadata header;
1157 # add these here.
1158 metadata = tuple(metadata) + (
1159 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1160 )
1162 # Validate the universe domain.
1163 self._client._validate_universe_domain()
1165 # Send the request.
1166 response = await rpc(
1167 request,
1168 retry=retry,
1169 timeout=timeout,
1170 metadata=metadata,
1171 )
1173 # This method is paged; wrap the response in a pager, which provides
1174 # an `__aiter__` convenience method.
1175 response = pagers.ListSecretVersionsAsyncPager(
1176 method=rpc,
1177 request=request,
1178 response=response,
1179 retry=retry,
1180 timeout=timeout,
1181 metadata=metadata,
1182 )
1184 # Done; return the response.
1185 return response
1187 async def get_secret_version(
1188 self,
1189 request: Optional[Union[service.GetSecretVersionRequest, dict]] = None,
1190 *,
1191 name: Optional[str] = None,
1192 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1193 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1194 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1195 ) -> resources.SecretVersion:
1196 r"""Gets metadata for a
1197 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1199 ``projects/*/secrets/*/versions/latest`` is an alias to the
1200 ``latest``
1201 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1203 .. code-block:: python
1205 # This snippet has been automatically generated and should be regarded as a
1206 # code template only.
1207 # It will require modifications to work:
1208 # - It may require correct/in-range values for request initialization.
1209 # - It may require specifying regional endpoints when creating the service
1210 # client as shown in:
1211 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1212 from google.cloud import secretmanager_v1beta1
1214 async def sample_get_secret_version():
1215 # Create a client
1216 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1218 # Initialize request argument(s)
1219 request = secretmanager_v1beta1.GetSecretVersionRequest(
1220 name="name_value",
1221 )
1223 # Make the request
1224 response = await client.get_secret_version(request=request)
1226 # Handle the response
1227 print(response)
1229 Args:
1230 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]]):
1231 The request object. Request message for
1232 [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion].
1233 name (:class:`str`):
1234 Required. The resource name of the
1235 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1236 in the format ``projects/*/secrets/*/versions/*``.
1237 ``projects/*/secrets/*/versions/latest`` is an alias to
1238 the ``latest``
1239 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1241 This corresponds to the ``name`` field
1242 on the ``request`` instance; if ``request`` is provided, this
1243 should not be set.
1244 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1245 should be retried.
1246 timeout (float): The timeout for this request.
1247 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1248 sent along with the request as metadata. Normally, each value must be of type `str`,
1249 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1250 be of type `bytes`.
1252 Returns:
1253 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1254 A secret version resource in the
1255 Secret Manager API.
1257 """
1258 # Create or coerce a protobuf request object.
1259 # - Quick check: If we got a request object, we should *not* have
1260 # gotten any keyword arguments that map to the request.
1261 flattened_params = [name]
1262 has_flattened_params = (
1263 len([param for param in flattened_params if param is not None]) > 0
1264 )
1265 if request is not None and has_flattened_params:
1266 raise ValueError(
1267 "If the `request` argument is set, then none of "
1268 "the individual field arguments should be set."
1269 )
1271 # - Use the request object if provided (there's no risk of modifying the input as
1272 # there are no flattened fields), or create one.
1273 if not isinstance(request, service.GetSecretVersionRequest):
1274 request = service.GetSecretVersionRequest(request)
1276 # If we have keyword arguments corresponding to fields on the
1277 # request, apply these.
1278 if name is not None:
1279 request.name = name
1281 # Wrap the RPC method; this adds retry and timeout information,
1282 # and friendly error handling.
1283 rpc = self._client._transport._wrapped_methods[
1284 self._client._transport.get_secret_version
1285 ]
1287 # Certain fields should be provided within the metadata header;
1288 # add these here.
1289 metadata = tuple(metadata) + (
1290 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1291 )
1293 # Validate the universe domain.
1294 self._client._validate_universe_domain()
1296 # Send the request.
1297 response = await rpc(
1298 request,
1299 retry=retry,
1300 timeout=timeout,
1301 metadata=metadata,
1302 )
1304 # Done; return the response.
1305 return response
1307 async def access_secret_version(
1308 self,
1309 request: Optional[Union[service.AccessSecretVersionRequest, dict]] = None,
1310 *,
1311 name: Optional[str] = None,
1312 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1313 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1314 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1315 ) -> service.AccessSecretVersionResponse:
1316 r"""Accesses a
1317 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1318 This call returns the secret data.
1320 ``projects/*/secrets/*/versions/latest`` is an alias to the
1321 ``latest``
1322 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1324 .. code-block:: python
1326 # This snippet has been automatically generated and should be regarded as a
1327 # code template only.
1328 # It will require modifications to work:
1329 # - It may require correct/in-range values for request initialization.
1330 # - It may require specifying regional endpoints when creating the service
1331 # client as shown in:
1332 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1333 from google.cloud import secretmanager_v1beta1
1335 async def sample_access_secret_version():
1336 # Create a client
1337 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1339 # Initialize request argument(s)
1340 request = secretmanager_v1beta1.AccessSecretVersionRequest(
1341 name="name_value",
1342 )
1344 # Make the request
1345 response = await client.access_secret_version(request=request)
1347 # Handle the response
1348 print(response)
1350 Args:
1351 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]]):
1352 The request object. Request message for
1353 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1354 name (:class:`str`):
1355 Required. The resource name of the
1356 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1357 in the format ``projects/*/secrets/*/versions/*``.
1359 This corresponds to the ``name`` field
1360 on the ``request`` instance; if ``request`` is provided, this
1361 should not be set.
1362 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1363 should be retried.
1364 timeout (float): The timeout for this request.
1365 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1366 sent along with the request as metadata. Normally, each value must be of type `str`,
1367 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1368 be of type `bytes`.
1370 Returns:
1371 google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse:
1372 Response message for
1373 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1375 """
1376 # Create or coerce a protobuf request object.
1377 # - Quick check: If we got a request object, we should *not* have
1378 # gotten any keyword arguments that map to the request.
1379 flattened_params = [name]
1380 has_flattened_params = (
1381 len([param for param in flattened_params if param is not None]) > 0
1382 )
1383 if request is not None and has_flattened_params:
1384 raise ValueError(
1385 "If the `request` argument is set, then none of "
1386 "the individual field arguments should be set."
1387 )
1389 # - Use the request object if provided (there's no risk of modifying the input as
1390 # there are no flattened fields), or create one.
1391 if not isinstance(request, service.AccessSecretVersionRequest):
1392 request = service.AccessSecretVersionRequest(request)
1394 # If we have keyword arguments corresponding to fields on the
1395 # request, apply these.
1396 if name is not None:
1397 request.name = name
1399 # Wrap the RPC method; this adds retry and timeout information,
1400 # and friendly error handling.
1401 rpc = self._client._transport._wrapped_methods[
1402 self._client._transport.access_secret_version
1403 ]
1405 # Certain fields should be provided within the metadata header;
1406 # add these here.
1407 metadata = tuple(metadata) + (
1408 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1409 )
1411 # Validate the universe domain.
1412 self._client._validate_universe_domain()
1414 # Send the request.
1415 response = await rpc(
1416 request,
1417 retry=retry,
1418 timeout=timeout,
1419 metadata=metadata,
1420 )
1422 # Done; return the response.
1423 return response
1425 async def disable_secret_version(
1426 self,
1427 request: Optional[Union[service.DisableSecretVersionRequest, dict]] = None,
1428 *,
1429 name: Optional[str] = None,
1430 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1431 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1432 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1433 ) -> resources.SecretVersion:
1434 r"""Disables a
1435 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1437 Sets the
1438 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1439 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1440 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
1442 .. code-block:: python
1444 # This snippet has been automatically generated and should be regarded as a
1445 # code template only.
1446 # It will require modifications to work:
1447 # - It may require correct/in-range values for request initialization.
1448 # - It may require specifying regional endpoints when creating the service
1449 # client as shown in:
1450 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1451 from google.cloud import secretmanager_v1beta1
1453 async def sample_disable_secret_version():
1454 # Create a client
1455 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1457 # Initialize request argument(s)
1458 request = secretmanager_v1beta1.DisableSecretVersionRequest(
1459 name="name_value",
1460 )
1462 # Make the request
1463 response = await client.disable_secret_version(request=request)
1465 # Handle the response
1466 print(response)
1468 Args:
1469 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]]):
1470 The request object. Request message for
1471 [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion].
1472 name (:class:`str`):
1473 Required. The resource name of the
1474 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1475 to disable in the format
1476 ``projects/*/secrets/*/versions/*``.
1478 This corresponds to the ``name`` field
1479 on the ``request`` instance; if ``request`` is provided, this
1480 should not be set.
1481 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1482 should be retried.
1483 timeout (float): The timeout for this request.
1484 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1485 sent along with the request as metadata. Normally, each value must be of type `str`,
1486 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1487 be of type `bytes`.
1489 Returns:
1490 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1491 A secret version resource in the
1492 Secret Manager API.
1494 """
1495 # Create or coerce a protobuf request object.
1496 # - Quick check: If we got a request object, we should *not* have
1497 # gotten any keyword arguments that map to the request.
1498 flattened_params = [name]
1499 has_flattened_params = (
1500 len([param for param in flattened_params if param is not None]) > 0
1501 )
1502 if request is not None and has_flattened_params:
1503 raise ValueError(
1504 "If the `request` argument is set, then none of "
1505 "the individual field arguments should be set."
1506 )
1508 # - Use the request object if provided (there's no risk of modifying the input as
1509 # there are no flattened fields), or create one.
1510 if not isinstance(request, service.DisableSecretVersionRequest):
1511 request = service.DisableSecretVersionRequest(request)
1513 # If we have keyword arguments corresponding to fields on the
1514 # request, apply these.
1515 if name is not None:
1516 request.name = name
1518 # Wrap the RPC method; this adds retry and timeout information,
1519 # and friendly error handling.
1520 rpc = self._client._transport._wrapped_methods[
1521 self._client._transport.disable_secret_version
1522 ]
1524 # Certain fields should be provided within the metadata header;
1525 # add these here.
1526 metadata = tuple(metadata) + (
1527 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1528 )
1530 # Validate the universe domain.
1531 self._client._validate_universe_domain()
1533 # Send the request.
1534 response = await rpc(
1535 request,
1536 retry=retry,
1537 timeout=timeout,
1538 metadata=metadata,
1539 )
1541 # Done; return the response.
1542 return response
1544 async def enable_secret_version(
1545 self,
1546 request: Optional[Union[service.EnableSecretVersionRequest, dict]] = None,
1547 *,
1548 name: Optional[str] = None,
1549 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1550 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1551 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1552 ) -> resources.SecretVersion:
1553 r"""Enables a
1554 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1556 Sets the
1557 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1558 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1559 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
1561 .. code-block:: python
1563 # This snippet has been automatically generated and should be regarded as a
1564 # code template only.
1565 # It will require modifications to work:
1566 # - It may require correct/in-range values for request initialization.
1567 # - It may require specifying regional endpoints when creating the service
1568 # client as shown in:
1569 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1570 from google.cloud import secretmanager_v1beta1
1572 async def sample_enable_secret_version():
1573 # Create a client
1574 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1576 # Initialize request argument(s)
1577 request = secretmanager_v1beta1.EnableSecretVersionRequest(
1578 name="name_value",
1579 )
1581 # Make the request
1582 response = await client.enable_secret_version(request=request)
1584 # Handle the response
1585 print(response)
1587 Args:
1588 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]]):
1589 The request object. Request message for
1590 [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion].
1591 name (:class:`str`):
1592 Required. The resource name of the
1593 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1594 to enable in the format
1595 ``projects/*/secrets/*/versions/*``.
1597 This corresponds to the ``name`` field
1598 on the ``request`` instance; if ``request`` is provided, this
1599 should not be set.
1600 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1601 should be retried.
1602 timeout (float): The timeout for this request.
1603 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1604 sent along with the request as metadata. Normally, each value must be of type `str`,
1605 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1606 be of type `bytes`.
1608 Returns:
1609 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1610 A secret version resource in the
1611 Secret Manager API.
1613 """
1614 # Create or coerce a protobuf request object.
1615 # - Quick check: If we got a request object, we should *not* have
1616 # gotten any keyword arguments that map to the request.
1617 flattened_params = [name]
1618 has_flattened_params = (
1619 len([param for param in flattened_params if param is not None]) > 0
1620 )
1621 if request is not None and has_flattened_params:
1622 raise ValueError(
1623 "If the `request` argument is set, then none of "
1624 "the individual field arguments should be set."
1625 )
1627 # - Use the request object if provided (there's no risk of modifying the input as
1628 # there are no flattened fields), or create one.
1629 if not isinstance(request, service.EnableSecretVersionRequest):
1630 request = service.EnableSecretVersionRequest(request)
1632 # If we have keyword arguments corresponding to fields on the
1633 # request, apply these.
1634 if name is not None:
1635 request.name = name
1637 # Wrap the RPC method; this adds retry and timeout information,
1638 # and friendly error handling.
1639 rpc = self._client._transport._wrapped_methods[
1640 self._client._transport.enable_secret_version
1641 ]
1643 # Certain fields should be provided within the metadata header;
1644 # add these here.
1645 metadata = tuple(metadata) + (
1646 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1647 )
1649 # Validate the universe domain.
1650 self._client._validate_universe_domain()
1652 # Send the request.
1653 response = await rpc(
1654 request,
1655 retry=retry,
1656 timeout=timeout,
1657 metadata=metadata,
1658 )
1660 # Done; return the response.
1661 return response
1663 async def destroy_secret_version(
1664 self,
1665 request: Optional[Union[service.DestroySecretVersionRequest, dict]] = None,
1666 *,
1667 name: Optional[str] = None,
1668 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1669 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1670 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1671 ) -> resources.SecretVersion:
1672 r"""Destroys a
1673 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1675 Sets the
1676 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1677 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1678 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
1679 and irrevocably destroys the secret data.
1681 .. code-block:: python
1683 # This snippet has been automatically generated and should be regarded as a
1684 # code template only.
1685 # It will require modifications to work:
1686 # - It may require correct/in-range values for request initialization.
1687 # - It may require specifying regional endpoints when creating the service
1688 # client as shown in:
1689 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1690 from google.cloud import secretmanager_v1beta1
1692 async def sample_destroy_secret_version():
1693 # Create a client
1694 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1696 # Initialize request argument(s)
1697 request = secretmanager_v1beta1.DestroySecretVersionRequest(
1698 name="name_value",
1699 )
1701 # Make the request
1702 response = await client.destroy_secret_version(request=request)
1704 # Handle the response
1705 print(response)
1707 Args:
1708 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]]):
1709 The request object. Request message for
1710 [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion].
1711 name (:class:`str`):
1712 Required. The resource name of the
1713 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1714 to destroy in the format
1715 ``projects/*/secrets/*/versions/*``.
1717 This corresponds to the ``name`` field
1718 on the ``request`` instance; if ``request`` is provided, this
1719 should not be set.
1720 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1721 should be retried.
1722 timeout (float): The timeout for this request.
1723 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1724 sent along with the request as metadata. Normally, each value must be of type `str`,
1725 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1726 be of type `bytes`.
1728 Returns:
1729 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1730 A secret version resource in the
1731 Secret Manager API.
1733 """
1734 # Create or coerce a protobuf request object.
1735 # - Quick check: If we got a request object, we should *not* have
1736 # gotten any keyword arguments that map to the request.
1737 flattened_params = [name]
1738 has_flattened_params = (
1739 len([param for param in flattened_params if param is not None]) > 0
1740 )
1741 if request is not None and has_flattened_params:
1742 raise ValueError(
1743 "If the `request` argument is set, then none of "
1744 "the individual field arguments should be set."
1745 )
1747 # - Use the request object if provided (there's no risk of modifying the input as
1748 # there are no flattened fields), or create one.
1749 if not isinstance(request, service.DestroySecretVersionRequest):
1750 request = service.DestroySecretVersionRequest(request)
1752 # If we have keyword arguments corresponding to fields on the
1753 # request, apply these.
1754 if name is not None:
1755 request.name = name
1757 # Wrap the RPC method; this adds retry and timeout information,
1758 # and friendly error handling.
1759 rpc = self._client._transport._wrapped_methods[
1760 self._client._transport.destroy_secret_version
1761 ]
1763 # Certain fields should be provided within the metadata header;
1764 # add these here.
1765 metadata = tuple(metadata) + (
1766 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1767 )
1769 # Validate the universe domain.
1770 self._client._validate_universe_domain()
1772 # Send the request.
1773 response = await rpc(
1774 request,
1775 retry=retry,
1776 timeout=timeout,
1777 metadata=metadata,
1778 )
1780 # Done; return the response.
1781 return response
1783 async def set_iam_policy(
1784 self,
1785 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None,
1786 *,
1787 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1788 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1789 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1790 ) -> policy_pb2.Policy:
1791 r"""Sets the access control policy on the specified secret. Replaces
1792 any existing policy.
1794 Permissions on
1795 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
1796 enforced according to the policy set on the associated
1797 [Secret][google.cloud.secrets.v1beta1.Secret].
1799 .. code-block:: python
1801 # This snippet has been automatically generated and should be regarded as a
1802 # code template only.
1803 # It will require modifications to work:
1804 # - It may require correct/in-range values for request initialization.
1805 # - It may require specifying regional endpoints when creating the service
1806 # client as shown in:
1807 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1808 from google.cloud import secretmanager_v1beta1
1809 from google.iam.v1 import iam_policy_pb2 # type: ignore
1811 async def sample_set_iam_policy():
1812 # Create a client
1813 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1815 # Initialize request argument(s)
1816 request = iam_policy_pb2.SetIamPolicyRequest(
1817 resource="resource_value",
1818 )
1820 # Make the request
1821 response = await client.set_iam_policy(request=request)
1823 # Handle the response
1824 print(response)
1826 Args:
1827 request (Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]]):
1828 The request object. Request message for ``SetIamPolicy`` method.
1829 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1830 should be retried.
1831 timeout (float): The timeout for this request.
1832 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1833 sent along with the request as metadata. Normally, each value must be of type `str`,
1834 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1835 be of type `bytes`.
1837 Returns:
1838 google.iam.v1.policy_pb2.Policy:
1839 An Identity and Access Management (IAM) policy, which specifies access
1840 controls for Google Cloud resources.
1842 A Policy is a collection of bindings. A binding binds
1843 one or more members, or principals, to a single role.
1844 Principals can be user accounts, service accounts,
1845 Google groups, and domains (such as G Suite). A role
1846 is a named list of permissions; each role can be an
1847 IAM predefined role or a user-created custom role.
1849 For some types of Google Cloud resources, a binding
1850 can also specify a condition, which is a logical
1851 expression that allows access to a resource only if
1852 the expression evaluates to true. A condition can add
1853 constraints based on attributes of the request, the
1854 resource, or both. To learn which resources support
1855 conditions in their IAM policies, see the [IAM
1856 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
1858 **JSON example:**
1860 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
1862 **YAML example:**
1864 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
1866 For a description of IAM and its features, see the
1867 [IAM
1868 documentation](\ https://cloud.google.com/iam/docs/).
1870 """
1871 # Create or coerce a protobuf request object.
1872 # - The request isn't a proto-plus wrapped type,
1873 # so it must be constructed via keyword expansion.
1874 if isinstance(request, dict):
1875 request = iam_policy_pb2.SetIamPolicyRequest(**request)
1876 elif not request:
1877 request = iam_policy_pb2.SetIamPolicyRequest()
1879 # Wrap the RPC method; this adds retry and timeout information,
1880 # and friendly error handling.
1881 rpc = self._client._transport._wrapped_methods[
1882 self._client._transport.set_iam_policy
1883 ]
1885 # Certain fields should be provided within the metadata header;
1886 # add these here.
1887 metadata = tuple(metadata) + (
1888 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
1889 )
1891 # Validate the universe domain.
1892 self._client._validate_universe_domain()
1894 # Send the request.
1895 response = await rpc(
1896 request,
1897 retry=retry,
1898 timeout=timeout,
1899 metadata=metadata,
1900 )
1902 # Done; return the response.
1903 return response
1905 async def get_iam_policy(
1906 self,
1907 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None,
1908 *,
1909 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1910 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1911 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1912 ) -> policy_pb2.Policy:
1913 r"""Gets the access control policy for a secret.
1914 Returns empty policy if the secret exists and does not
1915 have a policy set.
1917 .. code-block:: python
1919 # This snippet has been automatically generated and should be regarded as a
1920 # code template only.
1921 # It will require modifications to work:
1922 # - It may require correct/in-range values for request initialization.
1923 # - It may require specifying regional endpoints when creating the service
1924 # client as shown in:
1925 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1926 from google.cloud import secretmanager_v1beta1
1927 from google.iam.v1 import iam_policy_pb2 # type: ignore
1929 async def sample_get_iam_policy():
1930 # Create a client
1931 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1933 # Initialize request argument(s)
1934 request = iam_policy_pb2.GetIamPolicyRequest(
1935 resource="resource_value",
1936 )
1938 # Make the request
1939 response = await client.get_iam_policy(request=request)
1941 # Handle the response
1942 print(response)
1944 Args:
1945 request (Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]]):
1946 The request object. Request message for ``GetIamPolicy`` method.
1947 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1948 should be retried.
1949 timeout (float): The timeout for this request.
1950 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1951 sent along with the request as metadata. Normally, each value must be of type `str`,
1952 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1953 be of type `bytes`.
1955 Returns:
1956 google.iam.v1.policy_pb2.Policy:
1957 An Identity and Access Management (IAM) policy, which specifies access
1958 controls for Google Cloud resources.
1960 A Policy is a collection of bindings. A binding binds
1961 one or more members, or principals, to a single role.
1962 Principals can be user accounts, service accounts,
1963 Google groups, and domains (such as G Suite). A role
1964 is a named list of permissions; each role can be an
1965 IAM predefined role or a user-created custom role.
1967 For some types of Google Cloud resources, a binding
1968 can also specify a condition, which is a logical
1969 expression that allows access to a resource only if
1970 the expression evaluates to true. A condition can add
1971 constraints based on attributes of the request, the
1972 resource, or both. To learn which resources support
1973 conditions in their IAM policies, see the [IAM
1974 documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
1976 **JSON example:**
1978 :literal:`\` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
1980 **YAML example:**
1982 :literal:`\` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
1984 For a description of IAM and its features, see the
1985 [IAM
1986 documentation](\ https://cloud.google.com/iam/docs/).
1988 """
1989 # Create or coerce a protobuf request object.
1990 # - The request isn't a proto-plus wrapped type,
1991 # so it must be constructed via keyword expansion.
1992 if isinstance(request, dict):
1993 request = iam_policy_pb2.GetIamPolicyRequest(**request)
1994 elif not request:
1995 request = iam_policy_pb2.GetIamPolicyRequest()
1997 # Wrap the RPC method; this adds retry and timeout information,
1998 # and friendly error handling.
1999 rpc = self._client._transport._wrapped_methods[
2000 self._client._transport.get_iam_policy
2001 ]
2003 # Certain fields should be provided within the metadata header;
2004 # add these here.
2005 metadata = tuple(metadata) + (
2006 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2007 )
2009 # Validate the universe domain.
2010 self._client._validate_universe_domain()
2012 # Send the request.
2013 response = await rpc(
2014 request,
2015 retry=retry,
2016 timeout=timeout,
2017 metadata=metadata,
2018 )
2020 # Done; return the response.
2021 return response
2023 async def test_iam_permissions(
2024 self,
2025 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None,
2026 *,
2027 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2028 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2029 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2030 ) -> iam_policy_pb2.TestIamPermissionsResponse:
2031 r"""Returns permissions that a caller has for the specified secret.
2032 If the secret does not exist, this call returns an empty set of
2033 permissions, not a NOT_FOUND error.
2035 Note: This operation is designed to be used for building
2036 permission-aware UIs and command-line tools, not for
2037 authorization checking. This operation may "fail open" without
2038 warning.
2040 .. code-block:: python
2042 # This snippet has been automatically generated and should be regarded as a
2043 # code template only.
2044 # It will require modifications to work:
2045 # - It may require correct/in-range values for request initialization.
2046 # - It may require specifying regional endpoints when creating the service
2047 # client as shown in:
2048 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2049 from google.cloud import secretmanager_v1beta1
2050 from google.iam.v1 import iam_policy_pb2 # type: ignore
2052 async def sample_test_iam_permissions():
2053 # Create a client
2054 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
2056 # Initialize request argument(s)
2057 request = iam_policy_pb2.TestIamPermissionsRequest(
2058 resource="resource_value",
2059 permissions=['permissions_value1', 'permissions_value2'],
2060 )
2062 # Make the request
2063 response = await client.test_iam_permissions(request=request)
2065 # Handle the response
2066 print(response)
2068 Args:
2069 request (Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]]):
2070 The request object. Request message for ``TestIamPermissions`` method.
2071 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
2072 should be retried.
2073 timeout (float): The timeout for this request.
2074 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2075 sent along with the request as metadata. Normally, each value must be of type `str`,
2076 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2077 be of type `bytes`.
2079 Returns:
2080 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
2081 Response message for TestIamPermissions method.
2082 """
2083 # Create or coerce a protobuf request object.
2084 # - The request isn't a proto-plus wrapped type,
2085 # so it must be constructed via keyword expansion.
2086 if isinstance(request, dict):
2087 request = iam_policy_pb2.TestIamPermissionsRequest(**request)
2088 elif not request:
2089 request = iam_policy_pb2.TestIamPermissionsRequest()
2091 # Wrap the RPC method; this adds retry and timeout information,
2092 # and friendly error handling.
2093 rpc = self._client._transport._wrapped_methods[
2094 self._client._transport.test_iam_permissions
2095 ]
2097 # Certain fields should be provided within the metadata header;
2098 # add these here.
2099 metadata = tuple(metadata) + (
2100 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2101 )
2103 # Validate the universe domain.
2104 self._client._validate_universe_domain()
2106 # Send the request.
2107 response = await rpc(
2108 request,
2109 retry=retry,
2110 timeout=timeout,
2111 metadata=metadata,
2112 )
2114 # Done; return the response.
2115 return response
2117 async def get_location(
2118 self,
2119 request: Optional[locations_pb2.GetLocationRequest] = None,
2120 *,
2121 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2122 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2123 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2124 ) -> locations_pb2.Location:
2125 r"""Gets information about a location.
2127 Args:
2128 request (:class:`~.location_pb2.GetLocationRequest`):
2129 The request object. Request message for
2130 `GetLocation` method.
2131 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors,
2132 if any, should be retried.
2133 timeout (float): The timeout for this request.
2134 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2135 sent along with the request as metadata. Normally, each value must be of type `str`,
2136 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2137 be of type `bytes`.
2138 Returns:
2139 ~.location_pb2.Location:
2140 Location object.
2141 """
2142 # Create or coerce a protobuf request object.
2143 # The request isn't a proto-plus wrapped type,
2144 # so it must be constructed via keyword expansion.
2145 if isinstance(request, dict):
2146 request = locations_pb2.GetLocationRequest(**request)
2148 # Wrap the RPC method; this adds retry and timeout information,
2149 # and friendly error handling.
2150 rpc = self.transport._wrapped_methods[self._client._transport.get_location]
2152 # Certain fields should be provided within the metadata header;
2153 # add these here.
2154 metadata = tuple(metadata) + (
2155 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
2156 )
2158 # Validate the universe domain.
2159 self._client._validate_universe_domain()
2161 # Send the request.
2162 response = await rpc(
2163 request,
2164 retry=retry,
2165 timeout=timeout,
2166 metadata=metadata,
2167 )
2169 # Done; return the response.
2170 return response
2172 async def list_locations(
2173 self,
2174 request: Optional[locations_pb2.ListLocationsRequest] = None,
2175 *,
2176 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2177 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2178 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2179 ) -> locations_pb2.ListLocationsResponse:
2180 r"""Lists information about the supported locations for this service.
2182 Args:
2183 request (:class:`~.location_pb2.ListLocationsRequest`):
2184 The request object. Request message for
2185 `ListLocations` method.
2186 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors,
2187 if any, should be retried.
2188 timeout (float): The timeout for this request.
2189 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2190 sent along with the request as metadata. Normally, each value must be of type `str`,
2191 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2192 be of type `bytes`.
2193 Returns:
2194 ~.location_pb2.ListLocationsResponse:
2195 Response message for ``ListLocations`` method.
2196 """
2197 # Create or coerce a protobuf request object.
2198 # The request isn't a proto-plus wrapped type,
2199 # so it must be constructed via keyword expansion.
2200 if isinstance(request, dict):
2201 request = locations_pb2.ListLocationsRequest(**request)
2203 # Wrap the RPC method; this adds retry and timeout information,
2204 # and friendly error handling.
2205 rpc = self.transport._wrapped_methods[self._client._transport.list_locations]
2207 # Certain fields should be provided within the metadata header;
2208 # add these here.
2209 metadata = tuple(metadata) + (
2210 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
2211 )
2213 # Validate the universe domain.
2214 self._client._validate_universe_domain()
2216 # Send the request.
2217 response = await rpc(
2218 request,
2219 retry=retry,
2220 timeout=timeout,
2221 metadata=metadata,
2222 )
2224 # Done; return the response.
2225 return response
2227 async def __aenter__(self) -> "SecretManagerServiceAsyncClient":
2228 return self
2230 async def __aexit__(self, exc_type, exc, tb):
2231 await self.transport.close()
2234DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
2235 gapic_version=package_version.__version__
2236)
2238if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER
2239 DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__
2242__all__ = ("SecretManagerServiceAsyncClient",)