Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import abc
17from typing import Awaitable, Callable, Dict, Optional, Sequence, Union
19import google.api_core
20from google.api_core import exceptions as core_exceptions
21from google.api_core import gapic_v1
22from google.api_core import retry as retries
23import google.auth # type: ignore
24from google.auth import credentials as ga_credentials # type: ignore
25from google.cloud.location import locations_pb2 # type: ignore
26from google.iam.v1 import iam_policy_pb2 # type: ignore
27from google.iam.v1 import policy_pb2 # type: ignore
28from google.oauth2 import service_account # type: ignore
29import google.protobuf
30from google.protobuf import empty_pb2 # type: ignore
32from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
33from google.cloud.secretmanager_v1beta1.types import resources, service
35DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
36 gapic_version=package_version.__version__
37)
39if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER
40 DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__
43class SecretManagerServiceTransport(abc.ABC):
44 """Abstract transport class for SecretManagerService."""
46 AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",)
48 DEFAULT_HOST: str = "secretmanager.googleapis.com"
50 def __init__(
51 self,
52 *,
53 host: str = DEFAULT_HOST,
54 credentials: Optional[ga_credentials.Credentials] = None,
55 credentials_file: Optional[str] = None,
56 scopes: Optional[Sequence[str]] = None,
57 quota_project_id: Optional[str] = None,
58 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
59 always_use_jwt_access: Optional[bool] = False,
60 api_audience: Optional[str] = None,
61 **kwargs,
62 ) -> None:
63 """Instantiate the transport.
65 Args:
66 host (Optional[str]):
67 The hostname to connect to (default: 'secretmanager.googleapis.com').
68 credentials (Optional[google.auth.credentials.Credentials]): The
69 authorization credentials to attach to requests. These
70 credentials identify the application to the service; if none
71 are specified, the client will attempt to ascertain the
72 credentials from the environment.
73 credentials_file (Optional[str]): Deprecated. A file with credentials that can
74 be loaded with :func:`google.auth.load_credentials_from_file`.
75 This argument is mutually exclusive with credentials. This argument will be
76 removed in the next major version of this library.
77 scopes (Optional[Sequence[str]]): A list of scopes.
78 quota_project_id (Optional[str]): An optional project to use for billing
79 and quota.
80 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
81 The client info used to send a user-agent string along with
82 API requests. If ``None``, then default info will be used.
83 Generally, you only need to set this if you're developing
84 your own client library.
85 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
86 be used for service account credentials.
87 """
89 scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES}
91 # Save the scopes.
92 self._scopes = scopes
93 if not hasattr(self, "_ignore_credentials"):
94 self._ignore_credentials: bool = False
96 # If no credentials are provided, then determine the appropriate
97 # defaults.
98 if credentials and credentials_file:
99 raise core_exceptions.DuplicateCredentialArgs(
100 "'credentials_file' and 'credentials' are mutually exclusive"
101 )
103 if credentials_file is not None:
104 credentials, _ = google.auth.load_credentials_from_file(
105 credentials_file, **scopes_kwargs, quota_project_id=quota_project_id
106 )
107 elif credentials is None and not self._ignore_credentials:
108 credentials, _ = google.auth.default(
109 **scopes_kwargs, quota_project_id=quota_project_id
110 )
111 # Don't apply audience if the credentials file passed from user.
112 if hasattr(credentials, "with_gdch_audience"):
113 credentials = credentials.with_gdch_audience(
114 api_audience if api_audience else host
115 )
117 # If the credentials are service account credentials, then always try to use self signed JWT.
118 if (
119 always_use_jwt_access
120 and isinstance(credentials, service_account.Credentials)
121 and hasattr(service_account.Credentials, "with_always_use_jwt_access")
122 ):
123 credentials = credentials.with_always_use_jwt_access(True)
125 # Save the credentials.
126 self._credentials = credentials
128 # Save the hostname. Default to port 443 (HTTPS) if none is specified.
129 if ":" not in host:
130 host += ":443"
131 self._host = host
133 @property
134 def host(self):
135 return self._host
137 def _prep_wrapped_messages(self, client_info):
138 # Precompute the wrapped methods.
139 self._wrapped_methods = {
140 self.list_secrets: gapic_v1.method.wrap_method(
141 self.list_secrets,
142 default_timeout=60.0,
143 client_info=client_info,
144 ),
145 self.create_secret: gapic_v1.method.wrap_method(
146 self.create_secret,
147 default_timeout=60.0,
148 client_info=client_info,
149 ),
150 self.add_secret_version: gapic_v1.method.wrap_method(
151 self.add_secret_version,
152 default_timeout=60.0,
153 client_info=client_info,
154 ),
155 self.get_secret: gapic_v1.method.wrap_method(
156 self.get_secret,
157 default_timeout=60.0,
158 client_info=client_info,
159 ),
160 self.update_secret: gapic_v1.method.wrap_method(
161 self.update_secret,
162 default_timeout=60.0,
163 client_info=client_info,
164 ),
165 self.delete_secret: gapic_v1.method.wrap_method(
166 self.delete_secret,
167 default_timeout=60.0,
168 client_info=client_info,
169 ),
170 self.list_secret_versions: gapic_v1.method.wrap_method(
171 self.list_secret_versions,
172 default_timeout=60.0,
173 client_info=client_info,
174 ),
175 self.get_secret_version: gapic_v1.method.wrap_method(
176 self.get_secret_version,
177 default_timeout=60.0,
178 client_info=client_info,
179 ),
180 self.access_secret_version: gapic_v1.method.wrap_method(
181 self.access_secret_version,
182 default_retry=retries.Retry(
183 initial=1.0,
184 maximum=60.0,
185 multiplier=1.3,
186 predicate=retries.if_exception_type(
187 core_exceptions.ServiceUnavailable,
188 core_exceptions.Unknown,
189 ),
190 deadline=60.0,
191 ),
192 default_timeout=60.0,
193 client_info=client_info,
194 ),
195 self.disable_secret_version: gapic_v1.method.wrap_method(
196 self.disable_secret_version,
197 default_timeout=60.0,
198 client_info=client_info,
199 ),
200 self.enable_secret_version: gapic_v1.method.wrap_method(
201 self.enable_secret_version,
202 default_timeout=60.0,
203 client_info=client_info,
204 ),
205 self.destroy_secret_version: gapic_v1.method.wrap_method(
206 self.destroy_secret_version,
207 default_timeout=60.0,
208 client_info=client_info,
209 ),
210 self.set_iam_policy: gapic_v1.method.wrap_method(
211 self.set_iam_policy,
212 default_timeout=60.0,
213 client_info=client_info,
214 ),
215 self.get_iam_policy: gapic_v1.method.wrap_method(
216 self.get_iam_policy,
217 default_timeout=60.0,
218 client_info=client_info,
219 ),
220 self.test_iam_permissions: gapic_v1.method.wrap_method(
221 self.test_iam_permissions,
222 default_timeout=60.0,
223 client_info=client_info,
224 ),
225 self.get_location: gapic_v1.method.wrap_method(
226 self.get_location,
227 default_timeout=None,
228 client_info=client_info,
229 ),
230 self.list_locations: gapic_v1.method.wrap_method(
231 self.list_locations,
232 default_timeout=None,
233 client_info=client_info,
234 ),
235 }
237 def close(self):
238 """Closes resources associated with the transport.
240 .. warning::
241 Only call this method if the transport is NOT shared
242 with other clients - this may cause errors in other clients!
243 """
244 raise NotImplementedError()
246 @property
247 def list_secrets(
248 self,
249 ) -> Callable[
250 [service.ListSecretsRequest],
251 Union[service.ListSecretsResponse, Awaitable[service.ListSecretsResponse]],
252 ]:
253 raise NotImplementedError()
255 @property
256 def create_secret(
257 self,
258 ) -> Callable[
259 [service.CreateSecretRequest],
260 Union[resources.Secret, Awaitable[resources.Secret]],
261 ]:
262 raise NotImplementedError()
264 @property
265 def add_secret_version(
266 self,
267 ) -> Callable[
268 [service.AddSecretVersionRequest],
269 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
270 ]:
271 raise NotImplementedError()
273 @property
274 def get_secret(
275 self,
276 ) -> Callable[
277 [service.GetSecretRequest], Union[resources.Secret, Awaitable[resources.Secret]]
278 ]:
279 raise NotImplementedError()
281 @property
282 def update_secret(
283 self,
284 ) -> Callable[
285 [service.UpdateSecretRequest],
286 Union[resources.Secret, Awaitable[resources.Secret]],
287 ]:
288 raise NotImplementedError()
290 @property
291 def delete_secret(
292 self,
293 ) -> Callable[
294 [service.DeleteSecretRequest],
295 Union[empty_pb2.Empty, Awaitable[empty_pb2.Empty]],
296 ]:
297 raise NotImplementedError()
299 @property
300 def list_secret_versions(
301 self,
302 ) -> Callable[
303 [service.ListSecretVersionsRequest],
304 Union[
305 service.ListSecretVersionsResponse,
306 Awaitable[service.ListSecretVersionsResponse],
307 ],
308 ]:
309 raise NotImplementedError()
311 @property
312 def get_secret_version(
313 self,
314 ) -> Callable[
315 [service.GetSecretVersionRequest],
316 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
317 ]:
318 raise NotImplementedError()
320 @property
321 def access_secret_version(
322 self,
323 ) -> Callable[
324 [service.AccessSecretVersionRequest],
325 Union[
326 service.AccessSecretVersionResponse,
327 Awaitable[service.AccessSecretVersionResponse],
328 ],
329 ]:
330 raise NotImplementedError()
332 @property
333 def disable_secret_version(
334 self,
335 ) -> Callable[
336 [service.DisableSecretVersionRequest],
337 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
338 ]:
339 raise NotImplementedError()
341 @property
342 def enable_secret_version(
343 self,
344 ) -> Callable[
345 [service.EnableSecretVersionRequest],
346 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
347 ]:
348 raise NotImplementedError()
350 @property
351 def destroy_secret_version(
352 self,
353 ) -> Callable[
354 [service.DestroySecretVersionRequest],
355 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
356 ]:
357 raise NotImplementedError()
359 @property
360 def set_iam_policy(
361 self,
362 ) -> Callable[
363 [iam_policy_pb2.SetIamPolicyRequest],
364 Union[policy_pb2.Policy, Awaitable[policy_pb2.Policy]],
365 ]:
366 raise NotImplementedError()
368 @property
369 def get_iam_policy(
370 self,
371 ) -> Callable[
372 [iam_policy_pb2.GetIamPolicyRequest],
373 Union[policy_pb2.Policy, Awaitable[policy_pb2.Policy]],
374 ]:
375 raise NotImplementedError()
377 @property
378 def test_iam_permissions(
379 self,
380 ) -> Callable[
381 [iam_policy_pb2.TestIamPermissionsRequest],
382 Union[
383 iam_policy_pb2.TestIamPermissionsResponse,
384 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
385 ],
386 ]:
387 raise NotImplementedError()
389 @property
390 def get_location(
391 self,
392 ) -> Callable[
393 [locations_pb2.GetLocationRequest],
394 Union[locations_pb2.Location, Awaitable[locations_pb2.Location]],
395 ]:
396 raise NotImplementedError()
398 @property
399 def list_locations(
400 self,
401 ) -> Callable[
402 [locations_pb2.ListLocationsRequest],
403 Union[
404 locations_pb2.ListLocationsResponse,
405 Awaitable[locations_pb2.ListLocationsResponse],
406 ],
407 ]:
408 raise NotImplementedError()
410 @property
411 def kind(self) -> str:
412 raise NotImplementedError()
415__all__ = ("SecretManagerServiceTransport",)