Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import abc
17from typing import Awaitable, Callable, Dict, Optional, Sequence, Union
19import google.api_core
20from google.api_core import exceptions as core_exceptions
21from google.api_core import gapic_v1
22from google.api_core import retry as retries
23import google.auth # type: ignore
24from google.auth import credentials as ga_credentials # type: ignore
25from google.cloud.location import locations_pb2 # type: ignore
26from google.iam.v1 import iam_policy_pb2 # type: ignore
27from google.iam.v1 import policy_pb2 # type: ignore
28from google.oauth2 import service_account # type: ignore
29import google.protobuf
30from google.protobuf import empty_pb2 # type: ignore
32from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
33from google.cloud.secretmanager_v1beta1.types import resources, service
35DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
36 gapic_version=package_version.__version__
37)
39if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER
40 DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__
43class SecretManagerServiceTransport(abc.ABC):
44 """Abstract transport class for SecretManagerService."""
46 AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",)
48 DEFAULT_HOST: str = "secretmanager.googleapis.com"
50 def __init__(
51 self,
52 *,
53 host: str = DEFAULT_HOST,
54 credentials: Optional[ga_credentials.Credentials] = None,
55 credentials_file: Optional[str] = None,
56 scopes: Optional[Sequence[str]] = None,
57 quota_project_id: Optional[str] = None,
58 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
59 always_use_jwt_access: Optional[bool] = False,
60 api_audience: Optional[str] = None,
61 **kwargs,
62 ) -> None:
63 """Instantiate the transport.
65 Args:
66 host (Optional[str]):
67 The hostname to connect to (default: 'secretmanager.googleapis.com').
68 credentials (Optional[google.auth.credentials.Credentials]): The
69 authorization credentials to attach to requests. These
70 credentials identify the application to the service; if none
71 are specified, the client will attempt to ascertain the
72 credentials from the environment.
73 credentials_file (Optional[str]): A file with credentials that can
74 be loaded with :func:`google.auth.load_credentials_from_file`.
75 This argument is mutually exclusive with credentials.
76 scopes (Optional[Sequence[str]]): A list of scopes.
77 quota_project_id (Optional[str]): An optional project to use for billing
78 and quota.
79 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
80 The client info used to send a user-agent string along with
81 API requests. If ``None``, then default info will be used.
82 Generally, you only need to set this if you're developing
83 your own client library.
84 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
85 be used for service account credentials.
86 """
88 scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES}
90 # Save the scopes.
91 self._scopes = scopes
92 if not hasattr(self, "_ignore_credentials"):
93 self._ignore_credentials: bool = False
95 # If no credentials are provided, then determine the appropriate
96 # defaults.
97 if credentials and credentials_file:
98 raise core_exceptions.DuplicateCredentialArgs(
99 "'credentials_file' and 'credentials' are mutually exclusive"
100 )
102 if credentials_file is not None:
103 credentials, _ = google.auth.load_credentials_from_file(
104 credentials_file, **scopes_kwargs, quota_project_id=quota_project_id
105 )
106 elif credentials is None and not self._ignore_credentials:
107 credentials, _ = google.auth.default(
108 **scopes_kwargs, quota_project_id=quota_project_id
109 )
110 # Don't apply audience if the credentials file passed from user.
111 if hasattr(credentials, "with_gdch_audience"):
112 credentials = credentials.with_gdch_audience(
113 api_audience if api_audience else host
114 )
116 # If the credentials are service account credentials, then always try to use self signed JWT.
117 if (
118 always_use_jwt_access
119 and isinstance(credentials, service_account.Credentials)
120 and hasattr(service_account.Credentials, "with_always_use_jwt_access")
121 ):
122 credentials = credentials.with_always_use_jwt_access(True)
124 # Save the credentials.
125 self._credentials = credentials
127 # Save the hostname. Default to port 443 (HTTPS) if none is specified.
128 if ":" not in host:
129 host += ":443"
130 self._host = host
132 @property
133 def host(self):
134 return self._host
136 def _prep_wrapped_messages(self, client_info):
137 # Precompute the wrapped methods.
138 self._wrapped_methods = {
139 self.list_secrets: gapic_v1.method.wrap_method(
140 self.list_secrets,
141 default_timeout=60.0,
142 client_info=client_info,
143 ),
144 self.create_secret: gapic_v1.method.wrap_method(
145 self.create_secret,
146 default_timeout=60.0,
147 client_info=client_info,
148 ),
149 self.add_secret_version: gapic_v1.method.wrap_method(
150 self.add_secret_version,
151 default_timeout=60.0,
152 client_info=client_info,
153 ),
154 self.get_secret: gapic_v1.method.wrap_method(
155 self.get_secret,
156 default_timeout=60.0,
157 client_info=client_info,
158 ),
159 self.update_secret: gapic_v1.method.wrap_method(
160 self.update_secret,
161 default_timeout=60.0,
162 client_info=client_info,
163 ),
164 self.delete_secret: gapic_v1.method.wrap_method(
165 self.delete_secret,
166 default_timeout=60.0,
167 client_info=client_info,
168 ),
169 self.list_secret_versions: gapic_v1.method.wrap_method(
170 self.list_secret_versions,
171 default_timeout=60.0,
172 client_info=client_info,
173 ),
174 self.get_secret_version: gapic_v1.method.wrap_method(
175 self.get_secret_version,
176 default_timeout=60.0,
177 client_info=client_info,
178 ),
179 self.access_secret_version: gapic_v1.method.wrap_method(
180 self.access_secret_version,
181 default_retry=retries.Retry(
182 initial=1.0,
183 maximum=60.0,
184 multiplier=1.3,
185 predicate=retries.if_exception_type(
186 core_exceptions.ServiceUnavailable,
187 core_exceptions.Unknown,
188 ),
189 deadline=60.0,
190 ),
191 default_timeout=60.0,
192 client_info=client_info,
193 ),
194 self.disable_secret_version: gapic_v1.method.wrap_method(
195 self.disable_secret_version,
196 default_timeout=60.0,
197 client_info=client_info,
198 ),
199 self.enable_secret_version: gapic_v1.method.wrap_method(
200 self.enable_secret_version,
201 default_timeout=60.0,
202 client_info=client_info,
203 ),
204 self.destroy_secret_version: gapic_v1.method.wrap_method(
205 self.destroy_secret_version,
206 default_timeout=60.0,
207 client_info=client_info,
208 ),
209 self.set_iam_policy: gapic_v1.method.wrap_method(
210 self.set_iam_policy,
211 default_timeout=60.0,
212 client_info=client_info,
213 ),
214 self.get_iam_policy: gapic_v1.method.wrap_method(
215 self.get_iam_policy,
216 default_timeout=60.0,
217 client_info=client_info,
218 ),
219 self.test_iam_permissions: gapic_v1.method.wrap_method(
220 self.test_iam_permissions,
221 default_timeout=60.0,
222 client_info=client_info,
223 ),
224 self.get_location: gapic_v1.method.wrap_method(
225 self.get_location,
226 default_timeout=None,
227 client_info=client_info,
228 ),
229 self.list_locations: gapic_v1.method.wrap_method(
230 self.list_locations,
231 default_timeout=None,
232 client_info=client_info,
233 ),
234 }
236 def close(self):
237 """Closes resources associated with the transport.
239 .. warning::
240 Only call this method if the transport is NOT shared
241 with other clients - this may cause errors in other clients!
242 """
243 raise NotImplementedError()
245 @property
246 def list_secrets(
247 self,
248 ) -> Callable[
249 [service.ListSecretsRequest],
250 Union[service.ListSecretsResponse, Awaitable[service.ListSecretsResponse]],
251 ]:
252 raise NotImplementedError()
254 @property
255 def create_secret(
256 self,
257 ) -> Callable[
258 [service.CreateSecretRequest],
259 Union[resources.Secret, Awaitable[resources.Secret]],
260 ]:
261 raise NotImplementedError()
263 @property
264 def add_secret_version(
265 self,
266 ) -> Callable[
267 [service.AddSecretVersionRequest],
268 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
269 ]:
270 raise NotImplementedError()
272 @property
273 def get_secret(
274 self,
275 ) -> Callable[
276 [service.GetSecretRequest], Union[resources.Secret, Awaitable[resources.Secret]]
277 ]:
278 raise NotImplementedError()
280 @property
281 def update_secret(
282 self,
283 ) -> Callable[
284 [service.UpdateSecretRequest],
285 Union[resources.Secret, Awaitable[resources.Secret]],
286 ]:
287 raise NotImplementedError()
289 @property
290 def delete_secret(
291 self,
292 ) -> Callable[
293 [service.DeleteSecretRequest],
294 Union[empty_pb2.Empty, Awaitable[empty_pb2.Empty]],
295 ]:
296 raise NotImplementedError()
298 @property
299 def list_secret_versions(
300 self,
301 ) -> Callable[
302 [service.ListSecretVersionsRequest],
303 Union[
304 service.ListSecretVersionsResponse,
305 Awaitable[service.ListSecretVersionsResponse],
306 ],
307 ]:
308 raise NotImplementedError()
310 @property
311 def get_secret_version(
312 self,
313 ) -> Callable[
314 [service.GetSecretVersionRequest],
315 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
316 ]:
317 raise NotImplementedError()
319 @property
320 def access_secret_version(
321 self,
322 ) -> Callable[
323 [service.AccessSecretVersionRequest],
324 Union[
325 service.AccessSecretVersionResponse,
326 Awaitable[service.AccessSecretVersionResponse],
327 ],
328 ]:
329 raise NotImplementedError()
331 @property
332 def disable_secret_version(
333 self,
334 ) -> Callable[
335 [service.DisableSecretVersionRequest],
336 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
337 ]:
338 raise NotImplementedError()
340 @property
341 def enable_secret_version(
342 self,
343 ) -> Callable[
344 [service.EnableSecretVersionRequest],
345 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
346 ]:
347 raise NotImplementedError()
349 @property
350 def destroy_secret_version(
351 self,
352 ) -> Callable[
353 [service.DestroySecretVersionRequest],
354 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
355 ]:
356 raise NotImplementedError()
358 @property
359 def set_iam_policy(
360 self,
361 ) -> Callable[
362 [iam_policy_pb2.SetIamPolicyRequest],
363 Union[policy_pb2.Policy, Awaitable[policy_pb2.Policy]],
364 ]:
365 raise NotImplementedError()
367 @property
368 def get_iam_policy(
369 self,
370 ) -> Callable[
371 [iam_policy_pb2.GetIamPolicyRequest],
372 Union[policy_pb2.Policy, Awaitable[policy_pb2.Policy]],
373 ]:
374 raise NotImplementedError()
376 @property
377 def test_iam_permissions(
378 self,
379 ) -> Callable[
380 [iam_policy_pb2.TestIamPermissionsRequest],
381 Union[
382 iam_policy_pb2.TestIamPermissionsResponse,
383 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
384 ],
385 ]:
386 raise NotImplementedError()
388 @property
389 def get_location(
390 self,
391 ) -> Callable[
392 [locations_pb2.GetLocationRequest],
393 Union[locations_pb2.Location, Awaitable[locations_pb2.Location]],
394 ]:
395 raise NotImplementedError()
397 @property
398 def list_locations(
399 self,
400 ) -> Callable[
401 [locations_pb2.ListLocationsRequest],
402 Union[
403 locations_pb2.ListLocationsResponse,
404 Awaitable[locations_pb2.ListLocationsResponse],
405 ],
406 ]:
407 raise NotImplementedError()
409 @property
410 def kind(self) -> str:
411 raise NotImplementedError()
414__all__ = ("SecretManagerServiceTransport",)