Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import inspect
17import json
18import logging as std_logging
19import pickle
20from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
21import warnings
23from google.api_core import exceptions as core_exceptions
24from google.api_core import gapic_v1, grpc_helpers_async
25from google.api_core import retry_async as retries
26from google.auth import credentials as ga_credentials # type: ignore
27from google.auth.transport.grpc import SslCredentials # type: ignore
28from google.cloud.location import locations_pb2 # type: ignore
29from google.iam.v1 import iam_policy_pb2 # type: ignore
30from google.iam.v1 import policy_pb2 # type: ignore
31from google.protobuf import empty_pb2 # type: ignore
32from google.protobuf.json_format import MessageToJson
33import google.protobuf.message
34import grpc # type: ignore
35from grpc.experimental import aio # type: ignore
36import proto # type: ignore
38from google.cloud.secretmanager_v1beta1.types import resources, service
40from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
41from .grpc import SecretManagerServiceGrpcTransport
43try:
44 from google.api_core import client_logging # type: ignore
46 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
47except ImportError: # pragma: NO COVER
48 CLIENT_LOGGING_SUPPORTED = False
50_LOGGER = std_logging.getLogger(__name__)
53class _LoggingClientAIOInterceptor(
54 grpc.aio.UnaryUnaryClientInterceptor
55): # pragma: NO COVER
56 async def intercept_unary_unary(self, continuation, client_call_details, request):
57 logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
58 std_logging.DEBUG
59 )
60 if logging_enabled: # pragma: NO COVER
61 request_metadata = client_call_details.metadata
62 if isinstance(request, proto.Message):
63 request_payload = type(request).to_json(request)
64 elif isinstance(request, google.protobuf.message.Message):
65 request_payload = MessageToJson(request)
66 else:
67 request_payload = f"{type(request).__name__}: {pickle.dumps(request)}"
69 request_metadata = {
70 key: value.decode("utf-8") if isinstance(value, bytes) else value
71 for key, value in request_metadata
72 }
73 grpc_request = {
74 "payload": request_payload,
75 "requestMethod": "grpc",
76 "metadata": dict(request_metadata),
77 }
78 _LOGGER.debug(
79 f"Sending request for {client_call_details.method}",
80 extra={
81 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
82 "rpcName": str(client_call_details.method),
83 "request": grpc_request,
84 "metadata": grpc_request["metadata"],
85 },
86 )
87 response = await continuation(client_call_details, request)
88 if logging_enabled: # pragma: NO COVER
89 response_metadata = await response.trailing_metadata()
90 # Convert gRPC metadata `<class 'grpc.aio._metadata.Metadata'>` to list of tuples
91 metadata = (
92 dict([(k, str(v)) for k, v in response_metadata])
93 if response_metadata
94 else None
95 )
96 result = await response
97 if isinstance(result, proto.Message):
98 response_payload = type(result).to_json(result)
99 elif isinstance(result, google.protobuf.message.Message):
100 response_payload = MessageToJson(result)
101 else:
102 response_payload = f"{type(result).__name__}: {pickle.dumps(result)}"
103 grpc_response = {
104 "payload": response_payload,
105 "metadata": metadata,
106 "status": "OK",
107 }
108 _LOGGER.debug(
109 f"Received response to rpc {client_call_details.method}.",
110 extra={
111 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
112 "rpcName": str(client_call_details.method),
113 "response": grpc_response,
114 "metadata": grpc_response["metadata"],
115 },
116 )
117 return response
120class SecretManagerServiceGrpcAsyncIOTransport(SecretManagerServiceTransport):
121 """gRPC AsyncIO backend transport for SecretManagerService.
123 Secret Manager Service
125 Manages secrets and operations using those secrets. Implements a
126 REST model with the following objects:
128 - [Secret][google.cloud.secrets.v1beta1.Secret]
129 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
131 This class defines the same methods as the primary client, so the
132 primary client can load the underlying transport implementation
133 and call it.
135 It sends protocol buffers over the wire using gRPC (which is built on
136 top of HTTP/2); the ``grpcio`` package must be installed.
137 """
139 _grpc_channel: aio.Channel
140 _stubs: Dict[str, Callable] = {}
142 @classmethod
143 def create_channel(
144 cls,
145 host: str = "secretmanager.googleapis.com",
146 credentials: Optional[ga_credentials.Credentials] = None,
147 credentials_file: Optional[str] = None,
148 scopes: Optional[Sequence[str]] = None,
149 quota_project_id: Optional[str] = None,
150 **kwargs,
151 ) -> aio.Channel:
152 """Create and return a gRPC AsyncIO channel object.
153 Args:
154 host (Optional[str]): The host for the channel to use.
155 credentials (Optional[~.Credentials]): The
156 authorization credentials to attach to requests. These
157 credentials identify this application to the service. If
158 none are specified, the client will attempt to ascertain
159 the credentials from the environment.
160 credentials_file (Optional[str]): A file with credentials that can
161 be loaded with :func:`google.auth.load_credentials_from_file`.
162 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
163 service. These are only used when credentials are not specified and
164 are passed to :func:`google.auth.default`.
165 quota_project_id (Optional[str]): An optional project to use for billing
166 and quota.
167 kwargs (Optional[dict]): Keyword arguments, which are passed to the
168 channel creation.
169 Returns:
170 aio.Channel: A gRPC AsyncIO channel object.
171 """
173 return grpc_helpers_async.create_channel(
174 host,
175 credentials=credentials,
176 credentials_file=credentials_file,
177 quota_project_id=quota_project_id,
178 default_scopes=cls.AUTH_SCOPES,
179 scopes=scopes,
180 default_host=cls.DEFAULT_HOST,
181 **kwargs,
182 )
184 def __init__(
185 self,
186 *,
187 host: str = "secretmanager.googleapis.com",
188 credentials: Optional[ga_credentials.Credentials] = None,
189 credentials_file: Optional[str] = None,
190 scopes: Optional[Sequence[str]] = None,
191 channel: Optional[Union[aio.Channel, Callable[..., aio.Channel]]] = None,
192 api_mtls_endpoint: Optional[str] = None,
193 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
194 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
195 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
196 quota_project_id: Optional[str] = None,
197 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
198 always_use_jwt_access: Optional[bool] = False,
199 api_audience: Optional[str] = None,
200 ) -> None:
201 """Instantiate the transport.
203 Args:
204 host (Optional[str]):
205 The hostname to connect to (default: 'secretmanager.googleapis.com').
206 credentials (Optional[google.auth.credentials.Credentials]): The
207 authorization credentials to attach to requests. These
208 credentials identify the application to the service; if none
209 are specified, the client will attempt to ascertain the
210 credentials from the environment.
211 This argument is ignored if a ``channel`` instance is provided.
212 credentials_file (Optional[str]): A file with credentials that can
213 be loaded with :func:`google.auth.load_credentials_from_file`.
214 This argument is ignored if a ``channel`` instance is provided.
215 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
216 service. These are only used when credentials are not specified and
217 are passed to :func:`google.auth.default`.
218 channel (Optional[Union[aio.Channel, Callable[..., aio.Channel]]]):
219 A ``Channel`` instance through which to make calls, or a Callable
220 that constructs and returns one. If set to None, ``self.create_channel``
221 is used to create the channel. If a Callable is given, it will be called
222 with the same arguments as used in ``self.create_channel``.
223 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
224 If provided, it overrides the ``host`` argument and tries to create
225 a mutual TLS channel with client SSL credentials from
226 ``client_cert_source`` or application default SSL credentials.
227 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
228 Deprecated. A callback to provide client SSL certificate bytes and
229 private key bytes, both in PEM format. It is ignored if
230 ``api_mtls_endpoint`` is None.
231 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
232 for the grpc channel. It is ignored if a ``channel`` instance is provided.
233 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
234 A callback to provide client certificate bytes and private key bytes,
235 both in PEM format. It is used to configure a mutual TLS channel. It is
236 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
237 quota_project_id (Optional[str]): An optional project to use for billing
238 and quota.
239 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
240 The client info used to send a user-agent string along with
241 API requests. If ``None``, then default info will be used.
242 Generally, you only need to set this if you're developing
243 your own client library.
244 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
245 be used for service account credentials.
247 Raises:
248 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
249 creation failed for any reason.
250 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
251 and ``credentials_file`` are passed.
252 """
253 self._grpc_channel = None
254 self._ssl_channel_credentials = ssl_channel_credentials
255 self._stubs: Dict[str, Callable] = {}
257 if api_mtls_endpoint:
258 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
259 if client_cert_source:
260 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
262 if isinstance(channel, aio.Channel):
263 # Ignore credentials if a channel was passed.
264 credentials = None
265 self._ignore_credentials = True
266 # If a channel was explicitly provided, set it.
267 self._grpc_channel = channel
268 self._ssl_channel_credentials = None
269 else:
270 if api_mtls_endpoint:
271 host = api_mtls_endpoint
273 # Create SSL credentials with client_cert_source or application
274 # default SSL credentials.
275 if client_cert_source:
276 cert, key = client_cert_source()
277 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
278 certificate_chain=cert, private_key=key
279 )
280 else:
281 self._ssl_channel_credentials = SslCredentials().ssl_credentials
283 else:
284 if client_cert_source_for_mtls and not ssl_channel_credentials:
285 cert, key = client_cert_source_for_mtls()
286 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
287 certificate_chain=cert, private_key=key
288 )
290 # The base transport sets the host, credentials and scopes
291 super().__init__(
292 host=host,
293 credentials=credentials,
294 credentials_file=credentials_file,
295 scopes=scopes,
296 quota_project_id=quota_project_id,
297 client_info=client_info,
298 always_use_jwt_access=always_use_jwt_access,
299 api_audience=api_audience,
300 )
302 if not self._grpc_channel:
303 # initialize with the provided callable or the default channel
304 channel_init = channel or type(self).create_channel
305 self._grpc_channel = channel_init(
306 self._host,
307 # use the credentials which are saved
308 credentials=self._credentials,
309 # Set ``credentials_file`` to ``None`` here as
310 # the credentials that we saved earlier should be used.
311 credentials_file=None,
312 scopes=self._scopes,
313 ssl_credentials=self._ssl_channel_credentials,
314 quota_project_id=quota_project_id,
315 options=[
316 ("grpc.max_send_message_length", -1),
317 ("grpc.max_receive_message_length", -1),
318 ],
319 )
321 self._interceptor = _LoggingClientAIOInterceptor()
322 self._grpc_channel._unary_unary_interceptors.append(self._interceptor)
323 self._logged_channel = self._grpc_channel
324 self._wrap_with_kind = (
325 "kind" in inspect.signature(gapic_v1.method_async.wrap_method).parameters
326 )
327 # Wrap messages. This must be done after self._logged_channel exists
328 self._prep_wrapped_messages(client_info)
330 @property
331 def grpc_channel(self) -> aio.Channel:
332 """Create the channel designed to connect to this service.
334 This property caches on the instance; repeated calls return
335 the same channel.
336 """
337 # Return the channel from cache.
338 return self._grpc_channel
340 @property
341 def list_secrets(
342 self,
343 ) -> Callable[[service.ListSecretsRequest], Awaitable[service.ListSecretsResponse]]:
344 r"""Return a callable for the list secrets method over gRPC.
346 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
348 Returns:
349 Callable[[~.ListSecretsRequest],
350 Awaitable[~.ListSecretsResponse]]:
351 A function that, when called, will call the underlying RPC
352 on the server.
353 """
354 # Generate a "stub function" on-the-fly which will actually make
355 # the request.
356 # gRPC handles serialization and deserialization, so we just need
357 # to pass in the functions for each.
358 if "list_secrets" not in self._stubs:
359 self._stubs["list_secrets"] = self._logged_channel.unary_unary(
360 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
361 request_serializer=service.ListSecretsRequest.serialize,
362 response_deserializer=service.ListSecretsResponse.deserialize,
363 )
364 return self._stubs["list_secrets"]
366 @property
367 def create_secret(
368 self,
369 ) -> Callable[[service.CreateSecretRequest], Awaitable[resources.Secret]]:
370 r"""Return a callable for the create secret method over gRPC.
372 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
373 containing no
374 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
376 Returns:
377 Callable[[~.CreateSecretRequest],
378 Awaitable[~.Secret]]:
379 A function that, when called, will call the underlying RPC
380 on the server.
381 """
382 # Generate a "stub function" on-the-fly which will actually make
383 # the request.
384 # gRPC handles serialization and deserialization, so we just need
385 # to pass in the functions for each.
386 if "create_secret" not in self._stubs:
387 self._stubs["create_secret"] = self._logged_channel.unary_unary(
388 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
389 request_serializer=service.CreateSecretRequest.serialize,
390 response_deserializer=resources.Secret.deserialize,
391 )
392 return self._stubs["create_secret"]
394 @property
395 def add_secret_version(
396 self,
397 ) -> Callable[
398 [service.AddSecretVersionRequest], Awaitable[resources.SecretVersion]
399 ]:
400 r"""Return a callable for the add secret version method over gRPC.
402 Creates a new
403 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
404 containing secret data and attaches it to an existing
405 [Secret][google.cloud.secrets.v1beta1.Secret].
407 Returns:
408 Callable[[~.AddSecretVersionRequest],
409 Awaitable[~.SecretVersion]]:
410 A function that, when called, will call the underlying RPC
411 on the server.
412 """
413 # Generate a "stub function" on-the-fly which will actually make
414 # the request.
415 # gRPC handles serialization and deserialization, so we just need
416 # to pass in the functions for each.
417 if "add_secret_version" not in self._stubs:
418 self._stubs["add_secret_version"] = self._logged_channel.unary_unary(
419 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
420 request_serializer=service.AddSecretVersionRequest.serialize,
421 response_deserializer=resources.SecretVersion.deserialize,
422 )
423 return self._stubs["add_secret_version"]
425 @property
426 def get_secret(
427 self,
428 ) -> Callable[[service.GetSecretRequest], Awaitable[resources.Secret]]:
429 r"""Return a callable for the get secret method over gRPC.
431 Gets metadata for a given
432 [Secret][google.cloud.secrets.v1beta1.Secret].
434 Returns:
435 Callable[[~.GetSecretRequest],
436 Awaitable[~.Secret]]:
437 A function that, when called, will call the underlying RPC
438 on the server.
439 """
440 # Generate a "stub function" on-the-fly which will actually make
441 # the request.
442 # gRPC handles serialization and deserialization, so we just need
443 # to pass in the functions for each.
444 if "get_secret" not in self._stubs:
445 self._stubs["get_secret"] = self._logged_channel.unary_unary(
446 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
447 request_serializer=service.GetSecretRequest.serialize,
448 response_deserializer=resources.Secret.deserialize,
449 )
450 return self._stubs["get_secret"]
452 @property
453 def update_secret(
454 self,
455 ) -> Callable[[service.UpdateSecretRequest], Awaitable[resources.Secret]]:
456 r"""Return a callable for the update secret method over gRPC.
458 Updates metadata of an existing
459 [Secret][google.cloud.secrets.v1beta1.Secret].
461 Returns:
462 Callable[[~.UpdateSecretRequest],
463 Awaitable[~.Secret]]:
464 A function that, when called, will call the underlying RPC
465 on the server.
466 """
467 # Generate a "stub function" on-the-fly which will actually make
468 # the request.
469 # gRPC handles serialization and deserialization, so we just need
470 # to pass in the functions for each.
471 if "update_secret" not in self._stubs:
472 self._stubs["update_secret"] = self._logged_channel.unary_unary(
473 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
474 request_serializer=service.UpdateSecretRequest.serialize,
475 response_deserializer=resources.Secret.deserialize,
476 )
477 return self._stubs["update_secret"]
479 @property
480 def delete_secret(
481 self,
482 ) -> Callable[[service.DeleteSecretRequest], Awaitable[empty_pb2.Empty]]:
483 r"""Return a callable for the delete secret method over gRPC.
485 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
487 Returns:
488 Callable[[~.DeleteSecretRequest],
489 Awaitable[~.Empty]]:
490 A function that, when called, will call the underlying RPC
491 on the server.
492 """
493 # Generate a "stub function" on-the-fly which will actually make
494 # the request.
495 # gRPC handles serialization and deserialization, so we just need
496 # to pass in the functions for each.
497 if "delete_secret" not in self._stubs:
498 self._stubs["delete_secret"] = self._logged_channel.unary_unary(
499 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
500 request_serializer=service.DeleteSecretRequest.serialize,
501 response_deserializer=empty_pb2.Empty.FromString,
502 )
503 return self._stubs["delete_secret"]
505 @property
506 def list_secret_versions(
507 self,
508 ) -> Callable[
509 [service.ListSecretVersionsRequest],
510 Awaitable[service.ListSecretVersionsResponse],
511 ]:
512 r"""Return a callable for the list secret versions method over gRPC.
514 Lists
515 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
516 This call does not return secret data.
518 Returns:
519 Callable[[~.ListSecretVersionsRequest],
520 Awaitable[~.ListSecretVersionsResponse]]:
521 A function that, when called, will call the underlying RPC
522 on the server.
523 """
524 # Generate a "stub function" on-the-fly which will actually make
525 # the request.
526 # gRPC handles serialization and deserialization, so we just need
527 # to pass in the functions for each.
528 if "list_secret_versions" not in self._stubs:
529 self._stubs["list_secret_versions"] = self._logged_channel.unary_unary(
530 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
531 request_serializer=service.ListSecretVersionsRequest.serialize,
532 response_deserializer=service.ListSecretVersionsResponse.deserialize,
533 )
534 return self._stubs["list_secret_versions"]
536 @property
537 def get_secret_version(
538 self,
539 ) -> Callable[
540 [service.GetSecretVersionRequest], Awaitable[resources.SecretVersion]
541 ]:
542 r"""Return a callable for the get secret version method over gRPC.
544 Gets metadata for a
545 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
547 ``projects/*/secrets/*/versions/latest`` is an alias to the
548 ``latest``
549 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
551 Returns:
552 Callable[[~.GetSecretVersionRequest],
553 Awaitable[~.SecretVersion]]:
554 A function that, when called, will call the underlying RPC
555 on the server.
556 """
557 # Generate a "stub function" on-the-fly which will actually make
558 # the request.
559 # gRPC handles serialization and deserialization, so we just need
560 # to pass in the functions for each.
561 if "get_secret_version" not in self._stubs:
562 self._stubs["get_secret_version"] = self._logged_channel.unary_unary(
563 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
564 request_serializer=service.GetSecretVersionRequest.serialize,
565 response_deserializer=resources.SecretVersion.deserialize,
566 )
567 return self._stubs["get_secret_version"]
569 @property
570 def access_secret_version(
571 self,
572 ) -> Callable[
573 [service.AccessSecretVersionRequest],
574 Awaitable[service.AccessSecretVersionResponse],
575 ]:
576 r"""Return a callable for the access secret version method over gRPC.
578 Accesses a
579 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
580 This call returns the secret data.
582 ``projects/*/secrets/*/versions/latest`` is an alias to the
583 ``latest``
584 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
586 Returns:
587 Callable[[~.AccessSecretVersionRequest],
588 Awaitable[~.AccessSecretVersionResponse]]:
589 A function that, when called, will call the underlying RPC
590 on the server.
591 """
592 # Generate a "stub function" on-the-fly which will actually make
593 # the request.
594 # gRPC handles serialization and deserialization, so we just need
595 # to pass in the functions for each.
596 if "access_secret_version" not in self._stubs:
597 self._stubs["access_secret_version"] = self._logged_channel.unary_unary(
598 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
599 request_serializer=service.AccessSecretVersionRequest.serialize,
600 response_deserializer=service.AccessSecretVersionResponse.deserialize,
601 )
602 return self._stubs["access_secret_version"]
604 @property
605 def disable_secret_version(
606 self,
607 ) -> Callable[
608 [service.DisableSecretVersionRequest], Awaitable[resources.SecretVersion]
609 ]:
610 r"""Return a callable for the disable secret version method over gRPC.
612 Disables a
613 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
615 Sets the
616 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
617 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
618 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
620 Returns:
621 Callable[[~.DisableSecretVersionRequest],
622 Awaitable[~.SecretVersion]]:
623 A function that, when called, will call the underlying RPC
624 on the server.
625 """
626 # Generate a "stub function" on-the-fly which will actually make
627 # the request.
628 # gRPC handles serialization and deserialization, so we just need
629 # to pass in the functions for each.
630 if "disable_secret_version" not in self._stubs:
631 self._stubs["disable_secret_version"] = self._logged_channel.unary_unary(
632 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
633 request_serializer=service.DisableSecretVersionRequest.serialize,
634 response_deserializer=resources.SecretVersion.deserialize,
635 )
636 return self._stubs["disable_secret_version"]
638 @property
639 def enable_secret_version(
640 self,
641 ) -> Callable[
642 [service.EnableSecretVersionRequest], Awaitable[resources.SecretVersion]
643 ]:
644 r"""Return a callable for the enable secret version method over gRPC.
646 Enables a
647 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
649 Sets the
650 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
651 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
652 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
654 Returns:
655 Callable[[~.EnableSecretVersionRequest],
656 Awaitable[~.SecretVersion]]:
657 A function that, when called, will call the underlying RPC
658 on the server.
659 """
660 # Generate a "stub function" on-the-fly which will actually make
661 # the request.
662 # gRPC handles serialization and deserialization, so we just need
663 # to pass in the functions for each.
664 if "enable_secret_version" not in self._stubs:
665 self._stubs["enable_secret_version"] = self._logged_channel.unary_unary(
666 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
667 request_serializer=service.EnableSecretVersionRequest.serialize,
668 response_deserializer=resources.SecretVersion.deserialize,
669 )
670 return self._stubs["enable_secret_version"]
672 @property
673 def destroy_secret_version(
674 self,
675 ) -> Callable[
676 [service.DestroySecretVersionRequest], Awaitable[resources.SecretVersion]
677 ]:
678 r"""Return a callable for the destroy secret version method over gRPC.
680 Destroys a
681 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
683 Sets the
684 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
685 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
686 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
687 and irrevocably destroys the secret data.
689 Returns:
690 Callable[[~.DestroySecretVersionRequest],
691 Awaitable[~.SecretVersion]]:
692 A function that, when called, will call the underlying RPC
693 on the server.
694 """
695 # Generate a "stub function" on-the-fly which will actually make
696 # the request.
697 # gRPC handles serialization and deserialization, so we just need
698 # to pass in the functions for each.
699 if "destroy_secret_version" not in self._stubs:
700 self._stubs["destroy_secret_version"] = self._logged_channel.unary_unary(
701 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
702 request_serializer=service.DestroySecretVersionRequest.serialize,
703 response_deserializer=resources.SecretVersion.deserialize,
704 )
705 return self._stubs["destroy_secret_version"]
707 @property
708 def set_iam_policy(
709 self,
710 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
711 r"""Return a callable for the set iam policy method over gRPC.
713 Sets the access control policy on the specified secret. Replaces
714 any existing policy.
716 Permissions on
717 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
718 enforced according to the policy set on the associated
719 [Secret][google.cloud.secrets.v1beta1.Secret].
721 Returns:
722 Callable[[~.SetIamPolicyRequest],
723 Awaitable[~.Policy]]:
724 A function that, when called, will call the underlying RPC
725 on the server.
726 """
727 # Generate a "stub function" on-the-fly which will actually make
728 # the request.
729 # gRPC handles serialization and deserialization, so we just need
730 # to pass in the functions for each.
731 if "set_iam_policy" not in self._stubs:
732 self._stubs["set_iam_policy"] = self._logged_channel.unary_unary(
733 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
734 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
735 response_deserializer=policy_pb2.Policy.FromString,
736 )
737 return self._stubs["set_iam_policy"]
739 @property
740 def get_iam_policy(
741 self,
742 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
743 r"""Return a callable for the get iam policy method over gRPC.
745 Gets the access control policy for a secret.
746 Returns empty policy if the secret exists and does not
747 have a policy set.
749 Returns:
750 Callable[[~.GetIamPolicyRequest],
751 Awaitable[~.Policy]]:
752 A function that, when called, will call the underlying RPC
753 on the server.
754 """
755 # Generate a "stub function" on-the-fly which will actually make
756 # the request.
757 # gRPC handles serialization and deserialization, so we just need
758 # to pass in the functions for each.
759 if "get_iam_policy" not in self._stubs:
760 self._stubs["get_iam_policy"] = self._logged_channel.unary_unary(
761 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
762 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
763 response_deserializer=policy_pb2.Policy.FromString,
764 )
765 return self._stubs["get_iam_policy"]
767 @property
768 def test_iam_permissions(
769 self,
770 ) -> Callable[
771 [iam_policy_pb2.TestIamPermissionsRequest],
772 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
773 ]:
774 r"""Return a callable for the test iam permissions method over gRPC.
776 Returns permissions that a caller has for the specified secret.
777 If the secret does not exist, this call returns an empty set of
778 permissions, not a NOT_FOUND error.
780 Note: This operation is designed to be used for building
781 permission-aware UIs and command-line tools, not for
782 authorization checking. This operation may "fail open" without
783 warning.
785 Returns:
786 Callable[[~.TestIamPermissionsRequest],
787 Awaitable[~.TestIamPermissionsResponse]]:
788 A function that, when called, will call the underlying RPC
789 on the server.
790 """
791 # Generate a "stub function" on-the-fly which will actually make
792 # the request.
793 # gRPC handles serialization and deserialization, so we just need
794 # to pass in the functions for each.
795 if "test_iam_permissions" not in self._stubs:
796 self._stubs["test_iam_permissions"] = self._logged_channel.unary_unary(
797 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
798 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
799 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
800 )
801 return self._stubs["test_iam_permissions"]
803 def _prep_wrapped_messages(self, client_info):
804 """Precompute the wrapped methods, overriding the base class method to use async wrappers."""
805 self._wrapped_methods = {
806 self.list_secrets: self._wrap_method(
807 self.list_secrets,
808 default_timeout=60.0,
809 client_info=client_info,
810 ),
811 self.create_secret: self._wrap_method(
812 self.create_secret,
813 default_timeout=60.0,
814 client_info=client_info,
815 ),
816 self.add_secret_version: self._wrap_method(
817 self.add_secret_version,
818 default_timeout=60.0,
819 client_info=client_info,
820 ),
821 self.get_secret: self._wrap_method(
822 self.get_secret,
823 default_timeout=60.0,
824 client_info=client_info,
825 ),
826 self.update_secret: self._wrap_method(
827 self.update_secret,
828 default_timeout=60.0,
829 client_info=client_info,
830 ),
831 self.delete_secret: self._wrap_method(
832 self.delete_secret,
833 default_timeout=60.0,
834 client_info=client_info,
835 ),
836 self.list_secret_versions: self._wrap_method(
837 self.list_secret_versions,
838 default_timeout=60.0,
839 client_info=client_info,
840 ),
841 self.get_secret_version: self._wrap_method(
842 self.get_secret_version,
843 default_timeout=60.0,
844 client_info=client_info,
845 ),
846 self.access_secret_version: self._wrap_method(
847 self.access_secret_version,
848 default_retry=retries.AsyncRetry(
849 initial=1.0,
850 maximum=60.0,
851 multiplier=1.3,
852 predicate=retries.if_exception_type(
853 core_exceptions.ServiceUnavailable,
854 core_exceptions.Unknown,
855 ),
856 deadline=60.0,
857 ),
858 default_timeout=60.0,
859 client_info=client_info,
860 ),
861 self.disable_secret_version: self._wrap_method(
862 self.disable_secret_version,
863 default_timeout=60.0,
864 client_info=client_info,
865 ),
866 self.enable_secret_version: self._wrap_method(
867 self.enable_secret_version,
868 default_timeout=60.0,
869 client_info=client_info,
870 ),
871 self.destroy_secret_version: self._wrap_method(
872 self.destroy_secret_version,
873 default_timeout=60.0,
874 client_info=client_info,
875 ),
876 self.set_iam_policy: self._wrap_method(
877 self.set_iam_policy,
878 default_timeout=60.0,
879 client_info=client_info,
880 ),
881 self.get_iam_policy: self._wrap_method(
882 self.get_iam_policy,
883 default_timeout=60.0,
884 client_info=client_info,
885 ),
886 self.test_iam_permissions: self._wrap_method(
887 self.test_iam_permissions,
888 default_timeout=60.0,
889 client_info=client_info,
890 ),
891 self.get_location: self._wrap_method(
892 self.get_location,
893 default_timeout=None,
894 client_info=client_info,
895 ),
896 self.list_locations: self._wrap_method(
897 self.list_locations,
898 default_timeout=None,
899 client_info=client_info,
900 ),
901 }
903 def _wrap_method(self, func, *args, **kwargs):
904 if self._wrap_with_kind: # pragma: NO COVER
905 kwargs["kind"] = self.kind
906 return gapic_v1.method_async.wrap_method(func, *args, **kwargs)
908 def close(self):
909 return self._logged_channel.close()
911 @property
912 def kind(self) -> str:
913 return "grpc_asyncio"
915 @property
916 def list_locations(
917 self,
918 ) -> Callable[
919 [locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse
920 ]:
921 r"""Return a callable for the list locations method over gRPC."""
922 # Generate a "stub function" on-the-fly which will actually make
923 # the request.
924 # gRPC handles serialization and deserialization, so we just need
925 # to pass in the functions for each.
926 if "list_locations" not in self._stubs:
927 self._stubs["list_locations"] = self._logged_channel.unary_unary(
928 "/google.cloud.location.Locations/ListLocations",
929 request_serializer=locations_pb2.ListLocationsRequest.SerializeToString,
930 response_deserializer=locations_pb2.ListLocationsResponse.FromString,
931 )
932 return self._stubs["list_locations"]
934 @property
935 def get_location(
936 self,
937 ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]:
938 r"""Return a callable for the list locations method over gRPC."""
939 # Generate a "stub function" on-the-fly which will actually make
940 # the request.
941 # gRPC handles serialization and deserialization, so we just need
942 # to pass in the functions for each.
943 if "get_location" not in self._stubs:
944 self._stubs["get_location"] = self._logged_channel.unary_unary(
945 "/google.cloud.location.Locations/GetLocation",
946 request_serializer=locations_pb2.GetLocationRequest.SerializeToString,
947 response_deserializer=locations_pb2.Location.FromString,
948 )
949 return self._stubs["get_location"]
952__all__ = ("SecretManagerServiceGrpcAsyncIOTransport",)