Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import inspect
17import json
18import logging as std_logging
19import pickle
20from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
21import warnings
23from google.api_core import exceptions as core_exceptions
24from google.api_core import gapic_v1, grpc_helpers_async
25from google.api_core import retry_async as retries
26from google.auth import credentials as ga_credentials # type: ignore
27from google.auth.transport.grpc import SslCredentials # type: ignore
28from google.cloud.location import locations_pb2 # type: ignore
29from google.iam.v1 import iam_policy_pb2 # type: ignore
30from google.iam.v1 import policy_pb2 # type: ignore
31from google.protobuf import empty_pb2 # type: ignore
32from google.protobuf.json_format import MessageToJson
33import google.protobuf.message
34import grpc # type: ignore
35from grpc.experimental import aio # type: ignore
36import proto # type: ignore
38from google.cloud.secretmanager_v1beta1.types import resources, service
40from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
41from .grpc import SecretManagerServiceGrpcTransport
43try:
44 from google.api_core import client_logging # type: ignore
46 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
47except ImportError: # pragma: NO COVER
48 CLIENT_LOGGING_SUPPORTED = False
50_LOGGER = std_logging.getLogger(__name__)
53class _LoggingClientAIOInterceptor(
54 grpc.aio.UnaryUnaryClientInterceptor
55): # pragma: NO COVER
56 async def intercept_unary_unary(self, continuation, client_call_details, request):
57 logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
58 std_logging.DEBUG
59 )
60 if logging_enabled: # pragma: NO COVER
61 request_metadata = client_call_details.metadata
62 if isinstance(request, proto.Message):
63 request_payload = type(request).to_json(request)
64 elif isinstance(request, google.protobuf.message.Message):
65 request_payload = MessageToJson(request)
66 else:
67 request_payload = f"{type(request).__name__}: {pickle.dumps(request)}"
69 request_metadata = {
70 key: value.decode("utf-8") if isinstance(value, bytes) else value
71 for key, value in request_metadata
72 }
73 grpc_request = {
74 "payload": request_payload,
75 "requestMethod": "grpc",
76 "metadata": dict(request_metadata),
77 }
78 _LOGGER.debug(
79 f"Sending request for {client_call_details.method}",
80 extra={
81 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
82 "rpcName": str(client_call_details.method),
83 "request": grpc_request,
84 "metadata": grpc_request["metadata"],
85 },
86 )
87 response = await continuation(client_call_details, request)
88 if logging_enabled: # pragma: NO COVER
89 response_metadata = await response.trailing_metadata()
90 # Convert gRPC metadata `<class 'grpc.aio._metadata.Metadata'>` to list of tuples
91 metadata = (
92 dict([(k, str(v)) for k, v in response_metadata])
93 if response_metadata
94 else None
95 )
96 result = await response
97 if isinstance(result, proto.Message):
98 response_payload = type(result).to_json(result)
99 elif isinstance(result, google.protobuf.message.Message):
100 response_payload = MessageToJson(result)
101 else:
102 response_payload = f"{type(result).__name__}: {pickle.dumps(result)}"
103 grpc_response = {
104 "payload": response_payload,
105 "metadata": metadata,
106 "status": "OK",
107 }
108 _LOGGER.debug(
109 f"Received response to rpc {client_call_details.method}.",
110 extra={
111 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
112 "rpcName": str(client_call_details.method),
113 "response": grpc_response,
114 "metadata": grpc_response["metadata"],
115 },
116 )
117 return response
120class SecretManagerServiceGrpcAsyncIOTransport(SecretManagerServiceTransport):
121 """gRPC AsyncIO backend transport for SecretManagerService.
123 Secret Manager Service
125 Manages secrets and operations using those secrets. Implements a
126 REST model with the following objects:
128 - [Secret][google.cloud.secrets.v1beta1.Secret]
129 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
131 This class defines the same methods as the primary client, so the
132 primary client can load the underlying transport implementation
133 and call it.
135 It sends protocol buffers over the wire using gRPC (which is built on
136 top of HTTP/2); the ``grpcio`` package must be installed.
137 """
139 _grpc_channel: aio.Channel
140 _stubs: Dict[str, Callable] = {}
142 @classmethod
143 def create_channel(
144 cls,
145 host: str = "secretmanager.googleapis.com",
146 credentials: Optional[ga_credentials.Credentials] = None,
147 credentials_file: Optional[str] = None,
148 scopes: Optional[Sequence[str]] = None,
149 quota_project_id: Optional[str] = None,
150 **kwargs,
151 ) -> aio.Channel:
152 """Create and return a gRPC AsyncIO channel object.
153 Args:
154 host (Optional[str]): The host for the channel to use.
155 credentials (Optional[~.Credentials]): The
156 authorization credentials to attach to requests. These
157 credentials identify this application to the service. If
158 none are specified, the client will attempt to ascertain
159 the credentials from the environment.
160 credentials_file (Optional[str]): Deprecated. A file with credentials that can
161 be loaded with :func:`google.auth.load_credentials_from_file`. This argument will be
162 removed in the next major version of this library.
163 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
164 service. These are only used when credentials are not specified and
165 are passed to :func:`google.auth.default`.
166 quota_project_id (Optional[str]): An optional project to use for billing
167 and quota.
168 kwargs (Optional[dict]): Keyword arguments, which are passed to the
169 channel creation.
170 Returns:
171 aio.Channel: A gRPC AsyncIO channel object.
172 """
174 return grpc_helpers_async.create_channel(
175 host,
176 credentials=credentials,
177 credentials_file=credentials_file,
178 quota_project_id=quota_project_id,
179 default_scopes=cls.AUTH_SCOPES,
180 scopes=scopes,
181 default_host=cls.DEFAULT_HOST,
182 **kwargs,
183 )
185 def __init__(
186 self,
187 *,
188 host: str = "secretmanager.googleapis.com",
189 credentials: Optional[ga_credentials.Credentials] = None,
190 credentials_file: Optional[str] = None,
191 scopes: Optional[Sequence[str]] = None,
192 channel: Optional[Union[aio.Channel, Callable[..., aio.Channel]]] = None,
193 api_mtls_endpoint: Optional[str] = None,
194 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
195 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
196 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
197 quota_project_id: Optional[str] = None,
198 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
199 always_use_jwt_access: Optional[bool] = False,
200 api_audience: Optional[str] = None,
201 ) -> None:
202 """Instantiate the transport.
204 Args:
205 host (Optional[str]):
206 The hostname to connect to (default: 'secretmanager.googleapis.com').
207 credentials (Optional[google.auth.credentials.Credentials]): The
208 authorization credentials to attach to requests. These
209 credentials identify the application to the service; if none
210 are specified, the client will attempt to ascertain the
211 credentials from the environment.
212 This argument is ignored if a ``channel`` instance is provided.
213 credentials_file (Optional[str]): Deprecated. A file with credentials that can
214 be loaded with :func:`google.auth.load_credentials_from_file`.
215 This argument is ignored if a ``channel`` instance is provided.
216 This argument will be removed in the next major version of this library.
217 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
218 service. These are only used when credentials are not specified and
219 are passed to :func:`google.auth.default`.
220 channel (Optional[Union[aio.Channel, Callable[..., aio.Channel]]]):
221 A ``Channel`` instance through which to make calls, or a Callable
222 that constructs and returns one. If set to None, ``self.create_channel``
223 is used to create the channel. If a Callable is given, it will be called
224 with the same arguments as used in ``self.create_channel``.
225 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
226 If provided, it overrides the ``host`` argument and tries to create
227 a mutual TLS channel with client SSL credentials from
228 ``client_cert_source`` or application default SSL credentials.
229 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
230 Deprecated. A callback to provide client SSL certificate bytes and
231 private key bytes, both in PEM format. It is ignored if
232 ``api_mtls_endpoint`` is None.
233 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
234 for the grpc channel. It is ignored if a ``channel`` instance is provided.
235 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
236 A callback to provide client certificate bytes and private key bytes,
237 both in PEM format. It is used to configure a mutual TLS channel. It is
238 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
239 quota_project_id (Optional[str]): An optional project to use for billing
240 and quota.
241 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
242 The client info used to send a user-agent string along with
243 API requests. If ``None``, then default info will be used.
244 Generally, you only need to set this if you're developing
245 your own client library.
246 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
247 be used for service account credentials.
249 Raises:
250 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
251 creation failed for any reason.
252 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
253 and ``credentials_file`` are passed.
254 """
255 self._grpc_channel = None
256 self._ssl_channel_credentials = ssl_channel_credentials
257 self._stubs: Dict[str, Callable] = {}
259 if api_mtls_endpoint:
260 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
261 if client_cert_source:
262 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
264 if isinstance(channel, aio.Channel):
265 # Ignore credentials if a channel was passed.
266 credentials = None
267 self._ignore_credentials = True
268 # If a channel was explicitly provided, set it.
269 self._grpc_channel = channel
270 self._ssl_channel_credentials = None
271 else:
272 if api_mtls_endpoint:
273 host = api_mtls_endpoint
275 # Create SSL credentials with client_cert_source or application
276 # default SSL credentials.
277 if client_cert_source:
278 cert, key = client_cert_source()
279 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
280 certificate_chain=cert, private_key=key
281 )
282 else:
283 self._ssl_channel_credentials = SslCredentials().ssl_credentials
285 else:
286 if client_cert_source_for_mtls and not ssl_channel_credentials:
287 cert, key = client_cert_source_for_mtls()
288 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
289 certificate_chain=cert, private_key=key
290 )
292 # The base transport sets the host, credentials and scopes
293 super().__init__(
294 host=host,
295 credentials=credentials,
296 credentials_file=credentials_file,
297 scopes=scopes,
298 quota_project_id=quota_project_id,
299 client_info=client_info,
300 always_use_jwt_access=always_use_jwt_access,
301 api_audience=api_audience,
302 )
304 if not self._grpc_channel:
305 # initialize with the provided callable or the default channel
306 channel_init = channel or type(self).create_channel
307 self._grpc_channel = channel_init(
308 self._host,
309 # use the credentials which are saved
310 credentials=self._credentials,
311 # Set ``credentials_file`` to ``None`` here as
312 # the credentials that we saved earlier should be used.
313 credentials_file=None,
314 scopes=self._scopes,
315 ssl_credentials=self._ssl_channel_credentials,
316 quota_project_id=quota_project_id,
317 options=[
318 ("grpc.max_send_message_length", -1),
319 ("grpc.max_receive_message_length", -1),
320 ],
321 )
323 self._interceptor = _LoggingClientAIOInterceptor()
324 self._grpc_channel._unary_unary_interceptors.append(self._interceptor)
325 self._logged_channel = self._grpc_channel
326 self._wrap_with_kind = (
327 "kind" in inspect.signature(gapic_v1.method_async.wrap_method).parameters
328 )
329 # Wrap messages. This must be done after self._logged_channel exists
330 self._prep_wrapped_messages(client_info)
332 @property
333 def grpc_channel(self) -> aio.Channel:
334 """Create the channel designed to connect to this service.
336 This property caches on the instance; repeated calls return
337 the same channel.
338 """
339 # Return the channel from cache.
340 return self._grpc_channel
342 @property
343 def list_secrets(
344 self,
345 ) -> Callable[[service.ListSecretsRequest], Awaitable[service.ListSecretsResponse]]:
346 r"""Return a callable for the list secrets method over gRPC.
348 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
350 Returns:
351 Callable[[~.ListSecretsRequest],
352 Awaitable[~.ListSecretsResponse]]:
353 A function that, when called, will call the underlying RPC
354 on the server.
355 """
356 # Generate a "stub function" on-the-fly which will actually make
357 # the request.
358 # gRPC handles serialization and deserialization, so we just need
359 # to pass in the functions for each.
360 if "list_secrets" not in self._stubs:
361 self._stubs["list_secrets"] = self._logged_channel.unary_unary(
362 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
363 request_serializer=service.ListSecretsRequest.serialize,
364 response_deserializer=service.ListSecretsResponse.deserialize,
365 )
366 return self._stubs["list_secrets"]
368 @property
369 def create_secret(
370 self,
371 ) -> Callable[[service.CreateSecretRequest], Awaitable[resources.Secret]]:
372 r"""Return a callable for the create secret method over gRPC.
374 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
375 containing no
376 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
378 Returns:
379 Callable[[~.CreateSecretRequest],
380 Awaitable[~.Secret]]:
381 A function that, when called, will call the underlying RPC
382 on the server.
383 """
384 # Generate a "stub function" on-the-fly which will actually make
385 # the request.
386 # gRPC handles serialization and deserialization, so we just need
387 # to pass in the functions for each.
388 if "create_secret" not in self._stubs:
389 self._stubs["create_secret"] = self._logged_channel.unary_unary(
390 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
391 request_serializer=service.CreateSecretRequest.serialize,
392 response_deserializer=resources.Secret.deserialize,
393 )
394 return self._stubs["create_secret"]
396 @property
397 def add_secret_version(
398 self,
399 ) -> Callable[
400 [service.AddSecretVersionRequest], Awaitable[resources.SecretVersion]
401 ]:
402 r"""Return a callable for the add secret version method over gRPC.
404 Creates a new
405 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
406 containing secret data and attaches it to an existing
407 [Secret][google.cloud.secrets.v1beta1.Secret].
409 Returns:
410 Callable[[~.AddSecretVersionRequest],
411 Awaitable[~.SecretVersion]]:
412 A function that, when called, will call the underlying RPC
413 on the server.
414 """
415 # Generate a "stub function" on-the-fly which will actually make
416 # the request.
417 # gRPC handles serialization and deserialization, so we just need
418 # to pass in the functions for each.
419 if "add_secret_version" not in self._stubs:
420 self._stubs["add_secret_version"] = self._logged_channel.unary_unary(
421 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
422 request_serializer=service.AddSecretVersionRequest.serialize,
423 response_deserializer=resources.SecretVersion.deserialize,
424 )
425 return self._stubs["add_secret_version"]
427 @property
428 def get_secret(
429 self,
430 ) -> Callable[[service.GetSecretRequest], Awaitable[resources.Secret]]:
431 r"""Return a callable for the get secret method over gRPC.
433 Gets metadata for a given
434 [Secret][google.cloud.secrets.v1beta1.Secret].
436 Returns:
437 Callable[[~.GetSecretRequest],
438 Awaitable[~.Secret]]:
439 A function that, when called, will call the underlying RPC
440 on the server.
441 """
442 # Generate a "stub function" on-the-fly which will actually make
443 # the request.
444 # gRPC handles serialization and deserialization, so we just need
445 # to pass in the functions for each.
446 if "get_secret" not in self._stubs:
447 self._stubs["get_secret"] = self._logged_channel.unary_unary(
448 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
449 request_serializer=service.GetSecretRequest.serialize,
450 response_deserializer=resources.Secret.deserialize,
451 )
452 return self._stubs["get_secret"]
454 @property
455 def update_secret(
456 self,
457 ) -> Callable[[service.UpdateSecretRequest], Awaitable[resources.Secret]]:
458 r"""Return a callable for the update secret method over gRPC.
460 Updates metadata of an existing
461 [Secret][google.cloud.secrets.v1beta1.Secret].
463 Returns:
464 Callable[[~.UpdateSecretRequest],
465 Awaitable[~.Secret]]:
466 A function that, when called, will call the underlying RPC
467 on the server.
468 """
469 # Generate a "stub function" on-the-fly which will actually make
470 # the request.
471 # gRPC handles serialization and deserialization, so we just need
472 # to pass in the functions for each.
473 if "update_secret" not in self._stubs:
474 self._stubs["update_secret"] = self._logged_channel.unary_unary(
475 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
476 request_serializer=service.UpdateSecretRequest.serialize,
477 response_deserializer=resources.Secret.deserialize,
478 )
479 return self._stubs["update_secret"]
481 @property
482 def delete_secret(
483 self,
484 ) -> Callable[[service.DeleteSecretRequest], Awaitable[empty_pb2.Empty]]:
485 r"""Return a callable for the delete secret method over gRPC.
487 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
489 Returns:
490 Callable[[~.DeleteSecretRequest],
491 Awaitable[~.Empty]]:
492 A function that, when called, will call the underlying RPC
493 on the server.
494 """
495 # Generate a "stub function" on-the-fly which will actually make
496 # the request.
497 # gRPC handles serialization and deserialization, so we just need
498 # to pass in the functions for each.
499 if "delete_secret" not in self._stubs:
500 self._stubs["delete_secret"] = self._logged_channel.unary_unary(
501 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
502 request_serializer=service.DeleteSecretRequest.serialize,
503 response_deserializer=empty_pb2.Empty.FromString,
504 )
505 return self._stubs["delete_secret"]
507 @property
508 def list_secret_versions(
509 self,
510 ) -> Callable[
511 [service.ListSecretVersionsRequest],
512 Awaitable[service.ListSecretVersionsResponse],
513 ]:
514 r"""Return a callable for the list secret versions method over gRPC.
516 Lists
517 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
518 This call does not return secret data.
520 Returns:
521 Callable[[~.ListSecretVersionsRequest],
522 Awaitable[~.ListSecretVersionsResponse]]:
523 A function that, when called, will call the underlying RPC
524 on the server.
525 """
526 # Generate a "stub function" on-the-fly which will actually make
527 # the request.
528 # gRPC handles serialization and deserialization, so we just need
529 # to pass in the functions for each.
530 if "list_secret_versions" not in self._stubs:
531 self._stubs["list_secret_versions"] = self._logged_channel.unary_unary(
532 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
533 request_serializer=service.ListSecretVersionsRequest.serialize,
534 response_deserializer=service.ListSecretVersionsResponse.deserialize,
535 )
536 return self._stubs["list_secret_versions"]
538 @property
539 def get_secret_version(
540 self,
541 ) -> Callable[
542 [service.GetSecretVersionRequest], Awaitable[resources.SecretVersion]
543 ]:
544 r"""Return a callable for the get secret version method over gRPC.
546 Gets metadata for a
547 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
549 ``projects/*/secrets/*/versions/latest`` is an alias to the
550 ``latest``
551 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
553 Returns:
554 Callable[[~.GetSecretVersionRequest],
555 Awaitable[~.SecretVersion]]:
556 A function that, when called, will call the underlying RPC
557 on the server.
558 """
559 # Generate a "stub function" on-the-fly which will actually make
560 # the request.
561 # gRPC handles serialization and deserialization, so we just need
562 # to pass in the functions for each.
563 if "get_secret_version" not in self._stubs:
564 self._stubs["get_secret_version"] = self._logged_channel.unary_unary(
565 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
566 request_serializer=service.GetSecretVersionRequest.serialize,
567 response_deserializer=resources.SecretVersion.deserialize,
568 )
569 return self._stubs["get_secret_version"]
571 @property
572 def access_secret_version(
573 self,
574 ) -> Callable[
575 [service.AccessSecretVersionRequest],
576 Awaitable[service.AccessSecretVersionResponse],
577 ]:
578 r"""Return a callable for the access secret version method over gRPC.
580 Accesses a
581 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
582 This call returns the secret data.
584 ``projects/*/secrets/*/versions/latest`` is an alias to the
585 ``latest``
586 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
588 Returns:
589 Callable[[~.AccessSecretVersionRequest],
590 Awaitable[~.AccessSecretVersionResponse]]:
591 A function that, when called, will call the underlying RPC
592 on the server.
593 """
594 # Generate a "stub function" on-the-fly which will actually make
595 # the request.
596 # gRPC handles serialization and deserialization, so we just need
597 # to pass in the functions for each.
598 if "access_secret_version" not in self._stubs:
599 self._stubs["access_secret_version"] = self._logged_channel.unary_unary(
600 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
601 request_serializer=service.AccessSecretVersionRequest.serialize,
602 response_deserializer=service.AccessSecretVersionResponse.deserialize,
603 )
604 return self._stubs["access_secret_version"]
606 @property
607 def disable_secret_version(
608 self,
609 ) -> Callable[
610 [service.DisableSecretVersionRequest], Awaitable[resources.SecretVersion]
611 ]:
612 r"""Return a callable for the disable secret version method over gRPC.
614 Disables a
615 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
617 Sets the
618 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
619 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
620 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
622 Returns:
623 Callable[[~.DisableSecretVersionRequest],
624 Awaitable[~.SecretVersion]]:
625 A function that, when called, will call the underlying RPC
626 on the server.
627 """
628 # Generate a "stub function" on-the-fly which will actually make
629 # the request.
630 # gRPC handles serialization and deserialization, so we just need
631 # to pass in the functions for each.
632 if "disable_secret_version" not in self._stubs:
633 self._stubs["disable_secret_version"] = self._logged_channel.unary_unary(
634 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
635 request_serializer=service.DisableSecretVersionRequest.serialize,
636 response_deserializer=resources.SecretVersion.deserialize,
637 )
638 return self._stubs["disable_secret_version"]
640 @property
641 def enable_secret_version(
642 self,
643 ) -> Callable[
644 [service.EnableSecretVersionRequest], Awaitable[resources.SecretVersion]
645 ]:
646 r"""Return a callable for the enable secret version method over gRPC.
648 Enables a
649 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
651 Sets the
652 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
653 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
654 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
656 Returns:
657 Callable[[~.EnableSecretVersionRequest],
658 Awaitable[~.SecretVersion]]:
659 A function that, when called, will call the underlying RPC
660 on the server.
661 """
662 # Generate a "stub function" on-the-fly which will actually make
663 # the request.
664 # gRPC handles serialization and deserialization, so we just need
665 # to pass in the functions for each.
666 if "enable_secret_version" not in self._stubs:
667 self._stubs["enable_secret_version"] = self._logged_channel.unary_unary(
668 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
669 request_serializer=service.EnableSecretVersionRequest.serialize,
670 response_deserializer=resources.SecretVersion.deserialize,
671 )
672 return self._stubs["enable_secret_version"]
674 @property
675 def destroy_secret_version(
676 self,
677 ) -> Callable[
678 [service.DestroySecretVersionRequest], Awaitable[resources.SecretVersion]
679 ]:
680 r"""Return a callable for the destroy secret version method over gRPC.
682 Destroys a
683 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
685 Sets the
686 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
687 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
688 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
689 and irrevocably destroys the secret data.
691 Returns:
692 Callable[[~.DestroySecretVersionRequest],
693 Awaitable[~.SecretVersion]]:
694 A function that, when called, will call the underlying RPC
695 on the server.
696 """
697 # Generate a "stub function" on-the-fly which will actually make
698 # the request.
699 # gRPC handles serialization and deserialization, so we just need
700 # to pass in the functions for each.
701 if "destroy_secret_version" not in self._stubs:
702 self._stubs["destroy_secret_version"] = self._logged_channel.unary_unary(
703 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
704 request_serializer=service.DestroySecretVersionRequest.serialize,
705 response_deserializer=resources.SecretVersion.deserialize,
706 )
707 return self._stubs["destroy_secret_version"]
709 @property
710 def set_iam_policy(
711 self,
712 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
713 r"""Return a callable for the set iam policy method over gRPC.
715 Sets the access control policy on the specified secret. Replaces
716 any existing policy.
718 Permissions on
719 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
720 enforced according to the policy set on the associated
721 [Secret][google.cloud.secrets.v1beta1.Secret].
723 Returns:
724 Callable[[~.SetIamPolicyRequest],
725 Awaitable[~.Policy]]:
726 A function that, when called, will call the underlying RPC
727 on the server.
728 """
729 # Generate a "stub function" on-the-fly which will actually make
730 # the request.
731 # gRPC handles serialization and deserialization, so we just need
732 # to pass in the functions for each.
733 if "set_iam_policy" not in self._stubs:
734 self._stubs["set_iam_policy"] = self._logged_channel.unary_unary(
735 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
736 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
737 response_deserializer=policy_pb2.Policy.FromString,
738 )
739 return self._stubs["set_iam_policy"]
741 @property
742 def get_iam_policy(
743 self,
744 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
745 r"""Return a callable for the get iam policy method over gRPC.
747 Gets the access control policy for a secret.
748 Returns empty policy if the secret exists and does not
749 have a policy set.
751 Returns:
752 Callable[[~.GetIamPolicyRequest],
753 Awaitable[~.Policy]]:
754 A function that, when called, will call the underlying RPC
755 on the server.
756 """
757 # Generate a "stub function" on-the-fly which will actually make
758 # the request.
759 # gRPC handles serialization and deserialization, so we just need
760 # to pass in the functions for each.
761 if "get_iam_policy" not in self._stubs:
762 self._stubs["get_iam_policy"] = self._logged_channel.unary_unary(
763 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
764 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
765 response_deserializer=policy_pb2.Policy.FromString,
766 )
767 return self._stubs["get_iam_policy"]
769 @property
770 def test_iam_permissions(
771 self,
772 ) -> Callable[
773 [iam_policy_pb2.TestIamPermissionsRequest],
774 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
775 ]:
776 r"""Return a callable for the test iam permissions method over gRPC.
778 Returns permissions that a caller has for the specified secret.
779 If the secret does not exist, this call returns an empty set of
780 permissions, not a NOT_FOUND error.
782 Note: This operation is designed to be used for building
783 permission-aware UIs and command-line tools, not for
784 authorization checking. This operation may "fail open" without
785 warning.
787 Returns:
788 Callable[[~.TestIamPermissionsRequest],
789 Awaitable[~.TestIamPermissionsResponse]]:
790 A function that, when called, will call the underlying RPC
791 on the server.
792 """
793 # Generate a "stub function" on-the-fly which will actually make
794 # the request.
795 # gRPC handles serialization and deserialization, so we just need
796 # to pass in the functions for each.
797 if "test_iam_permissions" not in self._stubs:
798 self._stubs["test_iam_permissions"] = self._logged_channel.unary_unary(
799 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
800 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
801 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
802 )
803 return self._stubs["test_iam_permissions"]
805 def _prep_wrapped_messages(self, client_info):
806 """Precompute the wrapped methods, overriding the base class method to use async wrappers."""
807 self._wrapped_methods = {
808 self.list_secrets: self._wrap_method(
809 self.list_secrets,
810 default_timeout=60.0,
811 client_info=client_info,
812 ),
813 self.create_secret: self._wrap_method(
814 self.create_secret,
815 default_timeout=60.0,
816 client_info=client_info,
817 ),
818 self.add_secret_version: self._wrap_method(
819 self.add_secret_version,
820 default_timeout=60.0,
821 client_info=client_info,
822 ),
823 self.get_secret: self._wrap_method(
824 self.get_secret,
825 default_timeout=60.0,
826 client_info=client_info,
827 ),
828 self.update_secret: self._wrap_method(
829 self.update_secret,
830 default_timeout=60.0,
831 client_info=client_info,
832 ),
833 self.delete_secret: self._wrap_method(
834 self.delete_secret,
835 default_timeout=60.0,
836 client_info=client_info,
837 ),
838 self.list_secret_versions: self._wrap_method(
839 self.list_secret_versions,
840 default_timeout=60.0,
841 client_info=client_info,
842 ),
843 self.get_secret_version: self._wrap_method(
844 self.get_secret_version,
845 default_timeout=60.0,
846 client_info=client_info,
847 ),
848 self.access_secret_version: self._wrap_method(
849 self.access_secret_version,
850 default_retry=retries.AsyncRetry(
851 initial=1.0,
852 maximum=60.0,
853 multiplier=1.3,
854 predicate=retries.if_exception_type(
855 core_exceptions.ServiceUnavailable,
856 core_exceptions.Unknown,
857 ),
858 deadline=60.0,
859 ),
860 default_timeout=60.0,
861 client_info=client_info,
862 ),
863 self.disable_secret_version: self._wrap_method(
864 self.disable_secret_version,
865 default_timeout=60.0,
866 client_info=client_info,
867 ),
868 self.enable_secret_version: self._wrap_method(
869 self.enable_secret_version,
870 default_timeout=60.0,
871 client_info=client_info,
872 ),
873 self.destroy_secret_version: self._wrap_method(
874 self.destroy_secret_version,
875 default_timeout=60.0,
876 client_info=client_info,
877 ),
878 self.set_iam_policy: self._wrap_method(
879 self.set_iam_policy,
880 default_timeout=60.0,
881 client_info=client_info,
882 ),
883 self.get_iam_policy: self._wrap_method(
884 self.get_iam_policy,
885 default_timeout=60.0,
886 client_info=client_info,
887 ),
888 self.test_iam_permissions: self._wrap_method(
889 self.test_iam_permissions,
890 default_timeout=60.0,
891 client_info=client_info,
892 ),
893 self.get_location: self._wrap_method(
894 self.get_location,
895 default_timeout=None,
896 client_info=client_info,
897 ),
898 self.list_locations: self._wrap_method(
899 self.list_locations,
900 default_timeout=None,
901 client_info=client_info,
902 ),
903 }
905 def _wrap_method(self, func, *args, **kwargs):
906 if self._wrap_with_kind: # pragma: NO COVER
907 kwargs["kind"] = self.kind
908 return gapic_v1.method_async.wrap_method(func, *args, **kwargs)
910 def close(self):
911 return self._logged_channel.close()
913 @property
914 def kind(self) -> str:
915 return "grpc_asyncio"
917 @property
918 def list_locations(
919 self,
920 ) -> Callable[
921 [locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse
922 ]:
923 r"""Return a callable for the list locations method over gRPC."""
924 # Generate a "stub function" on-the-fly which will actually make
925 # the request.
926 # gRPC handles serialization and deserialization, so we just need
927 # to pass in the functions for each.
928 if "list_locations" not in self._stubs:
929 self._stubs["list_locations"] = self._logged_channel.unary_unary(
930 "/google.cloud.location.Locations/ListLocations",
931 request_serializer=locations_pb2.ListLocationsRequest.SerializeToString,
932 response_deserializer=locations_pb2.ListLocationsResponse.FromString,
933 )
934 return self._stubs["list_locations"]
936 @property
937 def get_location(
938 self,
939 ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]:
940 r"""Return a callable for the list locations method over gRPC."""
941 # Generate a "stub function" on-the-fly which will actually make
942 # the request.
943 # gRPC handles serialization and deserialization, so we just need
944 # to pass in the functions for each.
945 if "get_location" not in self._stubs:
946 self._stubs["get_location"] = self._logged_channel.unary_unary(
947 "/google.cloud.location.Locations/GetLocation",
948 request_serializer=locations_pb2.GetLocationRequest.SerializeToString,
949 response_deserializer=locations_pb2.Location.FromString,
950 )
951 return self._stubs["get_location"]
954__all__ = ("SecretManagerServiceGrpcAsyncIOTransport",)