Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import json
17import logging as std_logging
18import pickle
19from typing import Callable, Dict, Optional, Sequence, Tuple, Union
20import warnings
22from google.api_core import gapic_v1, grpc_helpers
23import google.auth # type: ignore
24from google.auth import credentials as ga_credentials # type: ignore
25from google.auth.transport.grpc import SslCredentials # type: ignore
26from google.cloud.location import locations_pb2 # type: ignore
27from google.iam.v1 import iam_policy_pb2 # type: ignore
28from google.iam.v1 import policy_pb2 # type: ignore
29from google.protobuf import empty_pb2 # type: ignore
30from google.protobuf.json_format import MessageToJson
31import google.protobuf.message
32import grpc # type: ignore
33import proto # type: ignore
35from google.cloud.secretmanager_v1beta1.types import resources, service
37from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
39try:
40 from google.api_core import client_logging # type: ignore
42 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
43except ImportError: # pragma: NO COVER
44 CLIENT_LOGGING_SUPPORTED = False
46_LOGGER = std_logging.getLogger(__name__)
49class _LoggingClientInterceptor(grpc.UnaryUnaryClientInterceptor): # pragma: NO COVER
50 def intercept_unary_unary(self, continuation, client_call_details, request):
51 logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
52 std_logging.DEBUG
53 )
54 if logging_enabled: # pragma: NO COVER
55 request_metadata = client_call_details.metadata
56 if isinstance(request, proto.Message):
57 request_payload = type(request).to_json(request)
58 elif isinstance(request, google.protobuf.message.Message):
59 request_payload = MessageToJson(request)
60 else:
61 request_payload = f"{type(request).__name__}: {pickle.dumps(request)}"
63 request_metadata = {
64 key: value.decode("utf-8") if isinstance(value, bytes) else value
65 for key, value in request_metadata
66 }
67 grpc_request = {
68 "payload": request_payload,
69 "requestMethod": "grpc",
70 "metadata": dict(request_metadata),
71 }
72 _LOGGER.debug(
73 f"Sending request for {client_call_details.method}",
74 extra={
75 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
76 "rpcName": str(client_call_details.method),
77 "request": grpc_request,
78 "metadata": grpc_request["metadata"],
79 },
80 )
81 response = continuation(client_call_details, request)
82 if logging_enabled: # pragma: NO COVER
83 response_metadata = response.trailing_metadata()
84 # Convert gRPC metadata `<class 'grpc.aio._metadata.Metadata'>` to list of tuples
85 metadata = (
86 dict([(k, str(v)) for k, v in response_metadata])
87 if response_metadata
88 else None
89 )
90 result = response.result()
91 if isinstance(result, proto.Message):
92 response_payload = type(result).to_json(result)
93 elif isinstance(result, google.protobuf.message.Message):
94 response_payload = MessageToJson(result)
95 else:
96 response_payload = f"{type(result).__name__}: {pickle.dumps(result)}"
97 grpc_response = {
98 "payload": response_payload,
99 "metadata": metadata,
100 "status": "OK",
101 }
102 _LOGGER.debug(
103 f"Received response for {client_call_details.method}.",
104 extra={
105 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
106 "rpcName": client_call_details.method,
107 "response": grpc_response,
108 "metadata": grpc_response["metadata"],
109 },
110 )
111 return response
114class SecretManagerServiceGrpcTransport(SecretManagerServiceTransport):
115 """gRPC backend transport for SecretManagerService.
117 Secret Manager Service
119 Manages secrets and operations using those secrets. Implements a
120 REST model with the following objects:
122 - [Secret][google.cloud.secrets.v1beta1.Secret]
123 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
125 This class defines the same methods as the primary client, so the
126 primary client can load the underlying transport implementation
127 and call it.
129 It sends protocol buffers over the wire using gRPC (which is built on
130 top of HTTP/2); the ``grpcio`` package must be installed.
131 """
133 _stubs: Dict[str, Callable]
135 def __init__(
136 self,
137 *,
138 host: str = "secretmanager.googleapis.com",
139 credentials: Optional[ga_credentials.Credentials] = None,
140 credentials_file: Optional[str] = None,
141 scopes: Optional[Sequence[str]] = None,
142 channel: Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]] = None,
143 api_mtls_endpoint: Optional[str] = None,
144 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
145 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
146 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
147 quota_project_id: Optional[str] = None,
148 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
149 always_use_jwt_access: Optional[bool] = False,
150 api_audience: Optional[str] = None,
151 ) -> None:
152 """Instantiate the transport.
154 Args:
155 host (Optional[str]):
156 The hostname to connect to (default: 'secretmanager.googleapis.com').
157 credentials (Optional[google.auth.credentials.Credentials]): The
158 authorization credentials to attach to requests. These
159 credentials identify the application to the service; if none
160 are specified, the client will attempt to ascertain the
161 credentials from the environment.
162 This argument is ignored if a ``channel`` instance is provided.
163 credentials_file (Optional[str]): A file with credentials that can
164 be loaded with :func:`google.auth.load_credentials_from_file`.
165 This argument is ignored if a ``channel`` instance is provided.
166 scopes (Optional(Sequence[str])): A list of scopes. This argument is
167 ignored if a ``channel`` instance is provided.
168 channel (Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]]):
169 A ``Channel`` instance through which to make calls, or a Callable
170 that constructs and returns one. If set to None, ``self.create_channel``
171 is used to create the channel. If a Callable is given, it will be called
172 with the same arguments as used in ``self.create_channel``.
173 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
174 If provided, it overrides the ``host`` argument and tries to create
175 a mutual TLS channel with client SSL credentials from
176 ``client_cert_source`` or application default SSL credentials.
177 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
178 Deprecated. A callback to provide client SSL certificate bytes and
179 private key bytes, both in PEM format. It is ignored if
180 ``api_mtls_endpoint`` is None.
181 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
182 for the grpc channel. It is ignored if a ``channel`` instance is provided.
183 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
184 A callback to provide client certificate bytes and private key bytes,
185 both in PEM format. It is used to configure a mutual TLS channel. It is
186 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
187 quota_project_id (Optional[str]): An optional project to use for billing
188 and quota.
189 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
190 The client info used to send a user-agent string along with
191 API requests. If ``None``, then default info will be used.
192 Generally, you only need to set this if you're developing
193 your own client library.
194 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
195 be used for service account credentials.
197 Raises:
198 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
199 creation failed for any reason.
200 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
201 and ``credentials_file`` are passed.
202 """
203 self._grpc_channel = None
204 self._ssl_channel_credentials = ssl_channel_credentials
205 self._stubs: Dict[str, Callable] = {}
207 if api_mtls_endpoint:
208 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
209 if client_cert_source:
210 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
212 if isinstance(channel, grpc.Channel):
213 # Ignore credentials if a channel was passed.
214 credentials = None
215 self._ignore_credentials = True
216 # If a channel was explicitly provided, set it.
217 self._grpc_channel = channel
218 self._ssl_channel_credentials = None
220 else:
221 if api_mtls_endpoint:
222 host = api_mtls_endpoint
224 # Create SSL credentials with client_cert_source or application
225 # default SSL credentials.
226 if client_cert_source:
227 cert, key = client_cert_source()
228 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
229 certificate_chain=cert, private_key=key
230 )
231 else:
232 self._ssl_channel_credentials = SslCredentials().ssl_credentials
234 else:
235 if client_cert_source_for_mtls and not ssl_channel_credentials:
236 cert, key = client_cert_source_for_mtls()
237 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
238 certificate_chain=cert, private_key=key
239 )
241 # The base transport sets the host, credentials and scopes
242 super().__init__(
243 host=host,
244 credentials=credentials,
245 credentials_file=credentials_file,
246 scopes=scopes,
247 quota_project_id=quota_project_id,
248 client_info=client_info,
249 always_use_jwt_access=always_use_jwt_access,
250 api_audience=api_audience,
251 )
253 if not self._grpc_channel:
254 # initialize with the provided callable or the default channel
255 channel_init = channel or type(self).create_channel
256 self._grpc_channel = channel_init(
257 self._host,
258 # use the credentials which are saved
259 credentials=self._credentials,
260 # Set ``credentials_file`` to ``None`` here as
261 # the credentials that we saved earlier should be used.
262 credentials_file=None,
263 scopes=self._scopes,
264 ssl_credentials=self._ssl_channel_credentials,
265 quota_project_id=quota_project_id,
266 options=[
267 ("grpc.max_send_message_length", -1),
268 ("grpc.max_receive_message_length", -1),
269 ],
270 )
272 self._interceptor = _LoggingClientInterceptor()
273 self._logged_channel = grpc.intercept_channel(
274 self._grpc_channel, self._interceptor
275 )
277 # Wrap messages. This must be done after self._logged_channel exists
278 self._prep_wrapped_messages(client_info)
280 @classmethod
281 def create_channel(
282 cls,
283 host: str = "secretmanager.googleapis.com",
284 credentials: Optional[ga_credentials.Credentials] = None,
285 credentials_file: Optional[str] = None,
286 scopes: Optional[Sequence[str]] = None,
287 quota_project_id: Optional[str] = None,
288 **kwargs,
289 ) -> grpc.Channel:
290 """Create and return a gRPC channel object.
291 Args:
292 host (Optional[str]): The host for the channel to use.
293 credentials (Optional[~.Credentials]): The
294 authorization credentials to attach to requests. These
295 credentials identify this application to the service. If
296 none are specified, the client will attempt to ascertain
297 the credentials from the environment.
298 credentials_file (Optional[str]): A file with credentials that can
299 be loaded with :func:`google.auth.load_credentials_from_file`.
300 This argument is mutually exclusive with credentials.
301 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
302 service. These are only used when credentials are not specified and
303 are passed to :func:`google.auth.default`.
304 quota_project_id (Optional[str]): An optional project to use for billing
305 and quota.
306 kwargs (Optional[dict]): Keyword arguments, which are passed to the
307 channel creation.
308 Returns:
309 grpc.Channel: A gRPC channel object.
311 Raises:
312 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
313 and ``credentials_file`` are passed.
314 """
316 return grpc_helpers.create_channel(
317 host,
318 credentials=credentials,
319 credentials_file=credentials_file,
320 quota_project_id=quota_project_id,
321 default_scopes=cls.AUTH_SCOPES,
322 scopes=scopes,
323 default_host=cls.DEFAULT_HOST,
324 **kwargs,
325 )
327 @property
328 def grpc_channel(self) -> grpc.Channel:
329 """Return the channel designed to connect to this service."""
330 return self._grpc_channel
332 @property
333 def list_secrets(
334 self,
335 ) -> Callable[[service.ListSecretsRequest], service.ListSecretsResponse]:
336 r"""Return a callable for the list secrets method over gRPC.
338 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
340 Returns:
341 Callable[[~.ListSecretsRequest],
342 ~.ListSecretsResponse]:
343 A function that, when called, will call the underlying RPC
344 on the server.
345 """
346 # Generate a "stub function" on-the-fly which will actually make
347 # the request.
348 # gRPC handles serialization and deserialization, so we just need
349 # to pass in the functions for each.
350 if "list_secrets" not in self._stubs:
351 self._stubs["list_secrets"] = self._logged_channel.unary_unary(
352 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
353 request_serializer=service.ListSecretsRequest.serialize,
354 response_deserializer=service.ListSecretsResponse.deserialize,
355 )
356 return self._stubs["list_secrets"]
358 @property
359 def create_secret(
360 self,
361 ) -> Callable[[service.CreateSecretRequest], resources.Secret]:
362 r"""Return a callable for the create secret method over gRPC.
364 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
365 containing no
366 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
368 Returns:
369 Callable[[~.CreateSecretRequest],
370 ~.Secret]:
371 A function that, when called, will call the underlying RPC
372 on the server.
373 """
374 # Generate a "stub function" on-the-fly which will actually make
375 # the request.
376 # gRPC handles serialization and deserialization, so we just need
377 # to pass in the functions for each.
378 if "create_secret" not in self._stubs:
379 self._stubs["create_secret"] = self._logged_channel.unary_unary(
380 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
381 request_serializer=service.CreateSecretRequest.serialize,
382 response_deserializer=resources.Secret.deserialize,
383 )
384 return self._stubs["create_secret"]
386 @property
387 def add_secret_version(
388 self,
389 ) -> Callable[[service.AddSecretVersionRequest], resources.SecretVersion]:
390 r"""Return a callable for the add secret version method over gRPC.
392 Creates a new
393 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
394 containing secret data and attaches it to an existing
395 [Secret][google.cloud.secrets.v1beta1.Secret].
397 Returns:
398 Callable[[~.AddSecretVersionRequest],
399 ~.SecretVersion]:
400 A function that, when called, will call the underlying RPC
401 on the server.
402 """
403 # Generate a "stub function" on-the-fly which will actually make
404 # the request.
405 # gRPC handles serialization and deserialization, so we just need
406 # to pass in the functions for each.
407 if "add_secret_version" not in self._stubs:
408 self._stubs["add_secret_version"] = self._logged_channel.unary_unary(
409 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
410 request_serializer=service.AddSecretVersionRequest.serialize,
411 response_deserializer=resources.SecretVersion.deserialize,
412 )
413 return self._stubs["add_secret_version"]
415 @property
416 def get_secret(self) -> Callable[[service.GetSecretRequest], resources.Secret]:
417 r"""Return a callable for the get secret method over gRPC.
419 Gets metadata for a given
420 [Secret][google.cloud.secrets.v1beta1.Secret].
422 Returns:
423 Callable[[~.GetSecretRequest],
424 ~.Secret]:
425 A function that, when called, will call the underlying RPC
426 on the server.
427 """
428 # Generate a "stub function" on-the-fly which will actually make
429 # the request.
430 # gRPC handles serialization and deserialization, so we just need
431 # to pass in the functions for each.
432 if "get_secret" not in self._stubs:
433 self._stubs["get_secret"] = self._logged_channel.unary_unary(
434 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
435 request_serializer=service.GetSecretRequest.serialize,
436 response_deserializer=resources.Secret.deserialize,
437 )
438 return self._stubs["get_secret"]
440 @property
441 def update_secret(
442 self,
443 ) -> Callable[[service.UpdateSecretRequest], resources.Secret]:
444 r"""Return a callable for the update secret method over gRPC.
446 Updates metadata of an existing
447 [Secret][google.cloud.secrets.v1beta1.Secret].
449 Returns:
450 Callable[[~.UpdateSecretRequest],
451 ~.Secret]:
452 A function that, when called, will call the underlying RPC
453 on the server.
454 """
455 # Generate a "stub function" on-the-fly which will actually make
456 # the request.
457 # gRPC handles serialization and deserialization, so we just need
458 # to pass in the functions for each.
459 if "update_secret" not in self._stubs:
460 self._stubs["update_secret"] = self._logged_channel.unary_unary(
461 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
462 request_serializer=service.UpdateSecretRequest.serialize,
463 response_deserializer=resources.Secret.deserialize,
464 )
465 return self._stubs["update_secret"]
467 @property
468 def delete_secret(self) -> Callable[[service.DeleteSecretRequest], empty_pb2.Empty]:
469 r"""Return a callable for the delete secret method over gRPC.
471 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
473 Returns:
474 Callable[[~.DeleteSecretRequest],
475 ~.Empty]:
476 A function that, when called, will call the underlying RPC
477 on the server.
478 """
479 # Generate a "stub function" on-the-fly which will actually make
480 # the request.
481 # gRPC handles serialization and deserialization, so we just need
482 # to pass in the functions for each.
483 if "delete_secret" not in self._stubs:
484 self._stubs["delete_secret"] = self._logged_channel.unary_unary(
485 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
486 request_serializer=service.DeleteSecretRequest.serialize,
487 response_deserializer=empty_pb2.Empty.FromString,
488 )
489 return self._stubs["delete_secret"]
491 @property
492 def list_secret_versions(
493 self,
494 ) -> Callable[
495 [service.ListSecretVersionsRequest], service.ListSecretVersionsResponse
496 ]:
497 r"""Return a callable for the list secret versions method over gRPC.
499 Lists
500 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
501 This call does not return secret data.
503 Returns:
504 Callable[[~.ListSecretVersionsRequest],
505 ~.ListSecretVersionsResponse]:
506 A function that, when called, will call the underlying RPC
507 on the server.
508 """
509 # Generate a "stub function" on-the-fly which will actually make
510 # the request.
511 # gRPC handles serialization and deserialization, so we just need
512 # to pass in the functions for each.
513 if "list_secret_versions" not in self._stubs:
514 self._stubs["list_secret_versions"] = self._logged_channel.unary_unary(
515 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
516 request_serializer=service.ListSecretVersionsRequest.serialize,
517 response_deserializer=service.ListSecretVersionsResponse.deserialize,
518 )
519 return self._stubs["list_secret_versions"]
521 @property
522 def get_secret_version(
523 self,
524 ) -> Callable[[service.GetSecretVersionRequest], resources.SecretVersion]:
525 r"""Return a callable for the get secret version method over gRPC.
527 Gets metadata for a
528 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
530 ``projects/*/secrets/*/versions/latest`` is an alias to the
531 ``latest``
532 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
534 Returns:
535 Callable[[~.GetSecretVersionRequest],
536 ~.SecretVersion]:
537 A function that, when called, will call the underlying RPC
538 on the server.
539 """
540 # Generate a "stub function" on-the-fly which will actually make
541 # the request.
542 # gRPC handles serialization and deserialization, so we just need
543 # to pass in the functions for each.
544 if "get_secret_version" not in self._stubs:
545 self._stubs["get_secret_version"] = self._logged_channel.unary_unary(
546 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
547 request_serializer=service.GetSecretVersionRequest.serialize,
548 response_deserializer=resources.SecretVersion.deserialize,
549 )
550 return self._stubs["get_secret_version"]
552 @property
553 def access_secret_version(
554 self,
555 ) -> Callable[
556 [service.AccessSecretVersionRequest], service.AccessSecretVersionResponse
557 ]:
558 r"""Return a callable for the access secret version method over gRPC.
560 Accesses a
561 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
562 This call returns the secret data.
564 ``projects/*/secrets/*/versions/latest`` is an alias to the
565 ``latest``
566 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
568 Returns:
569 Callable[[~.AccessSecretVersionRequest],
570 ~.AccessSecretVersionResponse]:
571 A function that, when called, will call the underlying RPC
572 on the server.
573 """
574 # Generate a "stub function" on-the-fly which will actually make
575 # the request.
576 # gRPC handles serialization and deserialization, so we just need
577 # to pass in the functions for each.
578 if "access_secret_version" not in self._stubs:
579 self._stubs["access_secret_version"] = self._logged_channel.unary_unary(
580 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
581 request_serializer=service.AccessSecretVersionRequest.serialize,
582 response_deserializer=service.AccessSecretVersionResponse.deserialize,
583 )
584 return self._stubs["access_secret_version"]
586 @property
587 def disable_secret_version(
588 self,
589 ) -> Callable[[service.DisableSecretVersionRequest], resources.SecretVersion]:
590 r"""Return a callable for the disable secret version method over gRPC.
592 Disables a
593 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
595 Sets the
596 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
597 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
598 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
600 Returns:
601 Callable[[~.DisableSecretVersionRequest],
602 ~.SecretVersion]:
603 A function that, when called, will call the underlying RPC
604 on the server.
605 """
606 # Generate a "stub function" on-the-fly which will actually make
607 # the request.
608 # gRPC handles serialization and deserialization, so we just need
609 # to pass in the functions for each.
610 if "disable_secret_version" not in self._stubs:
611 self._stubs["disable_secret_version"] = self._logged_channel.unary_unary(
612 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
613 request_serializer=service.DisableSecretVersionRequest.serialize,
614 response_deserializer=resources.SecretVersion.deserialize,
615 )
616 return self._stubs["disable_secret_version"]
618 @property
619 def enable_secret_version(
620 self,
621 ) -> Callable[[service.EnableSecretVersionRequest], resources.SecretVersion]:
622 r"""Return a callable for the enable secret version method over gRPC.
624 Enables a
625 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
627 Sets the
628 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
629 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
630 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
632 Returns:
633 Callable[[~.EnableSecretVersionRequest],
634 ~.SecretVersion]:
635 A function that, when called, will call the underlying RPC
636 on the server.
637 """
638 # Generate a "stub function" on-the-fly which will actually make
639 # the request.
640 # gRPC handles serialization and deserialization, so we just need
641 # to pass in the functions for each.
642 if "enable_secret_version" not in self._stubs:
643 self._stubs["enable_secret_version"] = self._logged_channel.unary_unary(
644 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
645 request_serializer=service.EnableSecretVersionRequest.serialize,
646 response_deserializer=resources.SecretVersion.deserialize,
647 )
648 return self._stubs["enable_secret_version"]
650 @property
651 def destroy_secret_version(
652 self,
653 ) -> Callable[[service.DestroySecretVersionRequest], resources.SecretVersion]:
654 r"""Return a callable for the destroy secret version method over gRPC.
656 Destroys a
657 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
659 Sets the
660 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
661 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
662 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
663 and irrevocably destroys the secret data.
665 Returns:
666 Callable[[~.DestroySecretVersionRequest],
667 ~.SecretVersion]:
668 A function that, when called, will call the underlying RPC
669 on the server.
670 """
671 # Generate a "stub function" on-the-fly which will actually make
672 # the request.
673 # gRPC handles serialization and deserialization, so we just need
674 # to pass in the functions for each.
675 if "destroy_secret_version" not in self._stubs:
676 self._stubs["destroy_secret_version"] = self._logged_channel.unary_unary(
677 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
678 request_serializer=service.DestroySecretVersionRequest.serialize,
679 response_deserializer=resources.SecretVersion.deserialize,
680 )
681 return self._stubs["destroy_secret_version"]
683 @property
684 def set_iam_policy(
685 self,
686 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]:
687 r"""Return a callable for the set iam policy method over gRPC.
689 Sets the access control policy on the specified secret. Replaces
690 any existing policy.
692 Permissions on
693 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
694 enforced according to the policy set on the associated
695 [Secret][google.cloud.secrets.v1beta1.Secret].
697 Returns:
698 Callable[[~.SetIamPolicyRequest],
699 ~.Policy]:
700 A function that, when called, will call the underlying RPC
701 on the server.
702 """
703 # Generate a "stub function" on-the-fly which will actually make
704 # the request.
705 # gRPC handles serialization and deserialization, so we just need
706 # to pass in the functions for each.
707 if "set_iam_policy" not in self._stubs:
708 self._stubs["set_iam_policy"] = self._logged_channel.unary_unary(
709 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
710 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
711 response_deserializer=policy_pb2.Policy.FromString,
712 )
713 return self._stubs["set_iam_policy"]
715 @property
716 def get_iam_policy(
717 self,
718 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]:
719 r"""Return a callable for the get iam policy method over gRPC.
721 Gets the access control policy for a secret.
722 Returns empty policy if the secret exists and does not
723 have a policy set.
725 Returns:
726 Callable[[~.GetIamPolicyRequest],
727 ~.Policy]:
728 A function that, when called, will call the underlying RPC
729 on the server.
730 """
731 # Generate a "stub function" on-the-fly which will actually make
732 # the request.
733 # gRPC handles serialization and deserialization, so we just need
734 # to pass in the functions for each.
735 if "get_iam_policy" not in self._stubs:
736 self._stubs["get_iam_policy"] = self._logged_channel.unary_unary(
737 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
738 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
739 response_deserializer=policy_pb2.Policy.FromString,
740 )
741 return self._stubs["get_iam_policy"]
743 @property
744 def test_iam_permissions(
745 self,
746 ) -> Callable[
747 [iam_policy_pb2.TestIamPermissionsRequest],
748 iam_policy_pb2.TestIamPermissionsResponse,
749 ]:
750 r"""Return a callable for the test iam permissions method over gRPC.
752 Returns permissions that a caller has for the specified secret.
753 If the secret does not exist, this call returns an empty set of
754 permissions, not a NOT_FOUND error.
756 Note: This operation is designed to be used for building
757 permission-aware UIs and command-line tools, not for
758 authorization checking. This operation may "fail open" without
759 warning.
761 Returns:
762 Callable[[~.TestIamPermissionsRequest],
763 ~.TestIamPermissionsResponse]:
764 A function that, when called, will call the underlying RPC
765 on the server.
766 """
767 # Generate a "stub function" on-the-fly which will actually make
768 # the request.
769 # gRPC handles serialization and deserialization, so we just need
770 # to pass in the functions for each.
771 if "test_iam_permissions" not in self._stubs:
772 self._stubs["test_iam_permissions"] = self._logged_channel.unary_unary(
773 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
774 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
775 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
776 )
777 return self._stubs["test_iam_permissions"]
779 def close(self):
780 self._logged_channel.close()
782 @property
783 def list_locations(
784 self,
785 ) -> Callable[
786 [locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse
787 ]:
788 r"""Return a callable for the list locations method over gRPC."""
789 # Generate a "stub function" on-the-fly which will actually make
790 # the request.
791 # gRPC handles serialization and deserialization, so we just need
792 # to pass in the functions for each.
793 if "list_locations" not in self._stubs:
794 self._stubs["list_locations"] = self._logged_channel.unary_unary(
795 "/google.cloud.location.Locations/ListLocations",
796 request_serializer=locations_pb2.ListLocationsRequest.SerializeToString,
797 response_deserializer=locations_pb2.ListLocationsResponse.FromString,
798 )
799 return self._stubs["list_locations"]
801 @property
802 def get_location(
803 self,
804 ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]:
805 r"""Return a callable for the list locations method over gRPC."""
806 # Generate a "stub function" on-the-fly which will actually make
807 # the request.
808 # gRPC handles serialization and deserialization, so we just need
809 # to pass in the functions for each.
810 if "get_location" not in self._stubs:
811 self._stubs["get_location"] = self._logged_channel.unary_unary(
812 "/google.cloud.location.Locations/GetLocation",
813 request_serializer=locations_pb2.GetLocationRequest.SerializeToString,
814 response_deserializer=locations_pb2.Location.FromString,
815 )
816 return self._stubs["get_location"]
818 @property
819 def kind(self) -> str:
820 return "grpc"
823__all__ = ("SecretManagerServiceGrpcTransport",)