Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import json
17import logging as std_logging
18import pickle
19from typing import Callable, Dict, Optional, Sequence, Tuple, Union
20import warnings
22from google.api_core import gapic_v1, grpc_helpers
23import google.auth # type: ignore
24from google.auth import credentials as ga_credentials # type: ignore
25from google.auth.transport.grpc import SslCredentials # type: ignore
26from google.cloud.location import locations_pb2 # type: ignore
27from google.iam.v1 import iam_policy_pb2 # type: ignore
28from google.iam.v1 import policy_pb2 # type: ignore
29from google.protobuf import empty_pb2 # type: ignore
30from google.protobuf.json_format import MessageToJson
31import google.protobuf.message
32import grpc # type: ignore
33import proto # type: ignore
35from google.cloud.secretmanager_v1beta1.types import resources, service
37from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
39try:
40 from google.api_core import client_logging # type: ignore
42 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
43except ImportError: # pragma: NO COVER
44 CLIENT_LOGGING_SUPPORTED = False
46_LOGGER = std_logging.getLogger(__name__)
49class _LoggingClientInterceptor(grpc.UnaryUnaryClientInterceptor): # pragma: NO COVER
50 def intercept_unary_unary(self, continuation, client_call_details, request):
51 logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
52 std_logging.DEBUG
53 )
54 if logging_enabled: # pragma: NO COVER
55 request_metadata = client_call_details.metadata
56 if isinstance(request, proto.Message):
57 request_payload = type(request).to_json(request)
58 elif isinstance(request, google.protobuf.message.Message):
59 request_payload = MessageToJson(request)
60 else:
61 request_payload = f"{type(request).__name__}: {pickle.dumps(request)}"
63 request_metadata = {
64 key: value.decode("utf-8") if isinstance(value, bytes) else value
65 for key, value in request_metadata
66 }
67 grpc_request = {
68 "payload": request_payload,
69 "requestMethod": "grpc",
70 "metadata": dict(request_metadata),
71 }
72 _LOGGER.debug(
73 f"Sending request for {client_call_details.method}",
74 extra={
75 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
76 "rpcName": str(client_call_details.method),
77 "request": grpc_request,
78 "metadata": grpc_request["metadata"],
79 },
80 )
81 response = continuation(client_call_details, request)
82 if logging_enabled: # pragma: NO COVER
83 response_metadata = response.trailing_metadata()
84 # Convert gRPC metadata `<class 'grpc.aio._metadata.Metadata'>` to list of tuples
85 metadata = (
86 dict([(k, str(v)) for k, v in response_metadata])
87 if response_metadata
88 else None
89 )
90 result = response.result()
91 if isinstance(result, proto.Message):
92 response_payload = type(result).to_json(result)
93 elif isinstance(result, google.protobuf.message.Message):
94 response_payload = MessageToJson(result)
95 else:
96 response_payload = f"{type(result).__name__}: {pickle.dumps(result)}"
97 grpc_response = {
98 "payload": response_payload,
99 "metadata": metadata,
100 "status": "OK",
101 }
102 _LOGGER.debug(
103 f"Received response for {client_call_details.method}.",
104 extra={
105 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
106 "rpcName": client_call_details.method,
107 "response": grpc_response,
108 "metadata": grpc_response["metadata"],
109 },
110 )
111 return response
114class SecretManagerServiceGrpcTransport(SecretManagerServiceTransport):
115 """gRPC backend transport for SecretManagerService.
117 Secret Manager Service
119 Manages secrets and operations using those secrets. Implements a
120 REST model with the following objects:
122 - [Secret][google.cloud.secrets.v1beta1.Secret]
123 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
125 This class defines the same methods as the primary client, so the
126 primary client can load the underlying transport implementation
127 and call it.
129 It sends protocol buffers over the wire using gRPC (which is built on
130 top of HTTP/2); the ``grpcio`` package must be installed.
131 """
133 _stubs: Dict[str, Callable]
135 def __init__(
136 self,
137 *,
138 host: str = "secretmanager.googleapis.com",
139 credentials: Optional[ga_credentials.Credentials] = None,
140 credentials_file: Optional[str] = None,
141 scopes: Optional[Sequence[str]] = None,
142 channel: Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]] = None,
143 api_mtls_endpoint: Optional[str] = None,
144 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
145 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
146 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
147 quota_project_id: Optional[str] = None,
148 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
149 always_use_jwt_access: Optional[bool] = False,
150 api_audience: Optional[str] = None,
151 ) -> None:
152 """Instantiate the transport.
154 Args:
155 host (Optional[str]):
156 The hostname to connect to (default: 'secretmanager.googleapis.com').
157 credentials (Optional[google.auth.credentials.Credentials]): The
158 authorization credentials to attach to requests. These
159 credentials identify the application to the service; if none
160 are specified, the client will attempt to ascertain the
161 credentials from the environment.
162 This argument is ignored if a ``channel`` instance is provided.
163 credentials_file (Optional[str]): Deprecated. A file with credentials that can
164 be loaded with :func:`google.auth.load_credentials_from_file`.
165 This argument is ignored if a ``channel`` instance is provided.
166 This argument will be removed in the next major version of this library.
167 scopes (Optional(Sequence[str])): A list of scopes. This argument is
168 ignored if a ``channel`` instance is provided.
169 channel (Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]]):
170 A ``Channel`` instance through which to make calls, or a Callable
171 that constructs and returns one. If set to None, ``self.create_channel``
172 is used to create the channel. If a Callable is given, it will be called
173 with the same arguments as used in ``self.create_channel``.
174 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
175 If provided, it overrides the ``host`` argument and tries to create
176 a mutual TLS channel with client SSL credentials from
177 ``client_cert_source`` or application default SSL credentials.
178 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
179 Deprecated. A callback to provide client SSL certificate bytes and
180 private key bytes, both in PEM format. It is ignored if
181 ``api_mtls_endpoint`` is None.
182 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
183 for the grpc channel. It is ignored if a ``channel`` instance is provided.
184 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
185 A callback to provide client certificate bytes and private key bytes,
186 both in PEM format. It is used to configure a mutual TLS channel. It is
187 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
188 quota_project_id (Optional[str]): An optional project to use for billing
189 and quota.
190 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
191 The client info used to send a user-agent string along with
192 API requests. If ``None``, then default info will be used.
193 Generally, you only need to set this if you're developing
194 your own client library.
195 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
196 be used for service account credentials.
198 Raises:
199 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
200 creation failed for any reason.
201 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
202 and ``credentials_file`` are passed.
203 """
204 self._grpc_channel = None
205 self._ssl_channel_credentials = ssl_channel_credentials
206 self._stubs: Dict[str, Callable] = {}
208 if api_mtls_endpoint:
209 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
210 if client_cert_source:
211 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
213 if isinstance(channel, grpc.Channel):
214 # Ignore credentials if a channel was passed.
215 credentials = None
216 self._ignore_credentials = True
217 # If a channel was explicitly provided, set it.
218 self._grpc_channel = channel
219 self._ssl_channel_credentials = None
221 else:
222 if api_mtls_endpoint:
223 host = api_mtls_endpoint
225 # Create SSL credentials with client_cert_source or application
226 # default SSL credentials.
227 if client_cert_source:
228 cert, key = client_cert_source()
229 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
230 certificate_chain=cert, private_key=key
231 )
232 else:
233 self._ssl_channel_credentials = SslCredentials().ssl_credentials
235 else:
236 if client_cert_source_for_mtls and not ssl_channel_credentials:
237 cert, key = client_cert_source_for_mtls()
238 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
239 certificate_chain=cert, private_key=key
240 )
242 # The base transport sets the host, credentials and scopes
243 super().__init__(
244 host=host,
245 credentials=credentials,
246 credentials_file=credentials_file,
247 scopes=scopes,
248 quota_project_id=quota_project_id,
249 client_info=client_info,
250 always_use_jwt_access=always_use_jwt_access,
251 api_audience=api_audience,
252 )
254 if not self._grpc_channel:
255 # initialize with the provided callable or the default channel
256 channel_init = channel or type(self).create_channel
257 self._grpc_channel = channel_init(
258 self._host,
259 # use the credentials which are saved
260 credentials=self._credentials,
261 # Set ``credentials_file`` to ``None`` here as
262 # the credentials that we saved earlier should be used.
263 credentials_file=None,
264 scopes=self._scopes,
265 ssl_credentials=self._ssl_channel_credentials,
266 quota_project_id=quota_project_id,
267 options=[
268 ("grpc.max_send_message_length", -1),
269 ("grpc.max_receive_message_length", -1),
270 ],
271 )
273 self._interceptor = _LoggingClientInterceptor()
274 self._logged_channel = grpc.intercept_channel(
275 self._grpc_channel, self._interceptor
276 )
278 # Wrap messages. This must be done after self._logged_channel exists
279 self._prep_wrapped_messages(client_info)
281 @classmethod
282 def create_channel(
283 cls,
284 host: str = "secretmanager.googleapis.com",
285 credentials: Optional[ga_credentials.Credentials] = None,
286 credentials_file: Optional[str] = None,
287 scopes: Optional[Sequence[str]] = None,
288 quota_project_id: Optional[str] = None,
289 **kwargs,
290 ) -> grpc.Channel:
291 """Create and return a gRPC channel object.
292 Args:
293 host (Optional[str]): The host for the channel to use.
294 credentials (Optional[~.Credentials]): The
295 authorization credentials to attach to requests. These
296 credentials identify this application to the service. If
297 none are specified, the client will attempt to ascertain
298 the credentials from the environment.
299 credentials_file (Optional[str]): Deprecated. A file with credentials that can
300 be loaded with :func:`google.auth.load_credentials_from_file`.
301 This argument is mutually exclusive with credentials. This argument will be
302 removed in the next major version of this library.
303 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
304 service. These are only used when credentials are not specified and
305 are passed to :func:`google.auth.default`.
306 quota_project_id (Optional[str]): An optional project to use for billing
307 and quota.
308 kwargs (Optional[dict]): Keyword arguments, which are passed to the
309 channel creation.
310 Returns:
311 grpc.Channel: A gRPC channel object.
313 Raises:
314 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
315 and ``credentials_file`` are passed.
316 """
318 return grpc_helpers.create_channel(
319 host,
320 credentials=credentials,
321 credentials_file=credentials_file,
322 quota_project_id=quota_project_id,
323 default_scopes=cls.AUTH_SCOPES,
324 scopes=scopes,
325 default_host=cls.DEFAULT_HOST,
326 **kwargs,
327 )
329 @property
330 def grpc_channel(self) -> grpc.Channel:
331 """Return the channel designed to connect to this service."""
332 return self._grpc_channel
334 @property
335 def list_secrets(
336 self,
337 ) -> Callable[[service.ListSecretsRequest], service.ListSecretsResponse]:
338 r"""Return a callable for the list secrets method over gRPC.
340 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
342 Returns:
343 Callable[[~.ListSecretsRequest],
344 ~.ListSecretsResponse]:
345 A function that, when called, will call the underlying RPC
346 on the server.
347 """
348 # Generate a "stub function" on-the-fly which will actually make
349 # the request.
350 # gRPC handles serialization and deserialization, so we just need
351 # to pass in the functions for each.
352 if "list_secrets" not in self._stubs:
353 self._stubs["list_secrets"] = self._logged_channel.unary_unary(
354 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
355 request_serializer=service.ListSecretsRequest.serialize,
356 response_deserializer=service.ListSecretsResponse.deserialize,
357 )
358 return self._stubs["list_secrets"]
360 @property
361 def create_secret(
362 self,
363 ) -> Callable[[service.CreateSecretRequest], resources.Secret]:
364 r"""Return a callable for the create secret method over gRPC.
366 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
367 containing no
368 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
370 Returns:
371 Callable[[~.CreateSecretRequest],
372 ~.Secret]:
373 A function that, when called, will call the underlying RPC
374 on the server.
375 """
376 # Generate a "stub function" on-the-fly which will actually make
377 # the request.
378 # gRPC handles serialization and deserialization, so we just need
379 # to pass in the functions for each.
380 if "create_secret" not in self._stubs:
381 self._stubs["create_secret"] = self._logged_channel.unary_unary(
382 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
383 request_serializer=service.CreateSecretRequest.serialize,
384 response_deserializer=resources.Secret.deserialize,
385 )
386 return self._stubs["create_secret"]
388 @property
389 def add_secret_version(
390 self,
391 ) -> Callable[[service.AddSecretVersionRequest], resources.SecretVersion]:
392 r"""Return a callable for the add secret version method over gRPC.
394 Creates a new
395 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
396 containing secret data and attaches it to an existing
397 [Secret][google.cloud.secrets.v1beta1.Secret].
399 Returns:
400 Callable[[~.AddSecretVersionRequest],
401 ~.SecretVersion]:
402 A function that, when called, will call the underlying RPC
403 on the server.
404 """
405 # Generate a "stub function" on-the-fly which will actually make
406 # the request.
407 # gRPC handles serialization and deserialization, so we just need
408 # to pass in the functions for each.
409 if "add_secret_version" not in self._stubs:
410 self._stubs["add_secret_version"] = self._logged_channel.unary_unary(
411 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
412 request_serializer=service.AddSecretVersionRequest.serialize,
413 response_deserializer=resources.SecretVersion.deserialize,
414 )
415 return self._stubs["add_secret_version"]
417 @property
418 def get_secret(self) -> Callable[[service.GetSecretRequest], resources.Secret]:
419 r"""Return a callable for the get secret method over gRPC.
421 Gets metadata for a given
422 [Secret][google.cloud.secrets.v1beta1.Secret].
424 Returns:
425 Callable[[~.GetSecretRequest],
426 ~.Secret]:
427 A function that, when called, will call the underlying RPC
428 on the server.
429 """
430 # Generate a "stub function" on-the-fly which will actually make
431 # the request.
432 # gRPC handles serialization and deserialization, so we just need
433 # to pass in the functions for each.
434 if "get_secret" not in self._stubs:
435 self._stubs["get_secret"] = self._logged_channel.unary_unary(
436 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
437 request_serializer=service.GetSecretRequest.serialize,
438 response_deserializer=resources.Secret.deserialize,
439 )
440 return self._stubs["get_secret"]
442 @property
443 def update_secret(
444 self,
445 ) -> Callable[[service.UpdateSecretRequest], resources.Secret]:
446 r"""Return a callable for the update secret method over gRPC.
448 Updates metadata of an existing
449 [Secret][google.cloud.secrets.v1beta1.Secret].
451 Returns:
452 Callable[[~.UpdateSecretRequest],
453 ~.Secret]:
454 A function that, when called, will call the underlying RPC
455 on the server.
456 """
457 # Generate a "stub function" on-the-fly which will actually make
458 # the request.
459 # gRPC handles serialization and deserialization, so we just need
460 # to pass in the functions for each.
461 if "update_secret" not in self._stubs:
462 self._stubs["update_secret"] = self._logged_channel.unary_unary(
463 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
464 request_serializer=service.UpdateSecretRequest.serialize,
465 response_deserializer=resources.Secret.deserialize,
466 )
467 return self._stubs["update_secret"]
469 @property
470 def delete_secret(self) -> Callable[[service.DeleteSecretRequest], empty_pb2.Empty]:
471 r"""Return a callable for the delete secret method over gRPC.
473 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
475 Returns:
476 Callable[[~.DeleteSecretRequest],
477 ~.Empty]:
478 A function that, when called, will call the underlying RPC
479 on the server.
480 """
481 # Generate a "stub function" on-the-fly which will actually make
482 # the request.
483 # gRPC handles serialization and deserialization, so we just need
484 # to pass in the functions for each.
485 if "delete_secret" not in self._stubs:
486 self._stubs["delete_secret"] = self._logged_channel.unary_unary(
487 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
488 request_serializer=service.DeleteSecretRequest.serialize,
489 response_deserializer=empty_pb2.Empty.FromString,
490 )
491 return self._stubs["delete_secret"]
493 @property
494 def list_secret_versions(
495 self,
496 ) -> Callable[
497 [service.ListSecretVersionsRequest], service.ListSecretVersionsResponse
498 ]:
499 r"""Return a callable for the list secret versions method over gRPC.
501 Lists
502 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
503 This call does not return secret data.
505 Returns:
506 Callable[[~.ListSecretVersionsRequest],
507 ~.ListSecretVersionsResponse]:
508 A function that, when called, will call the underlying RPC
509 on the server.
510 """
511 # Generate a "stub function" on-the-fly which will actually make
512 # the request.
513 # gRPC handles serialization and deserialization, so we just need
514 # to pass in the functions for each.
515 if "list_secret_versions" not in self._stubs:
516 self._stubs["list_secret_versions"] = self._logged_channel.unary_unary(
517 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
518 request_serializer=service.ListSecretVersionsRequest.serialize,
519 response_deserializer=service.ListSecretVersionsResponse.deserialize,
520 )
521 return self._stubs["list_secret_versions"]
523 @property
524 def get_secret_version(
525 self,
526 ) -> Callable[[service.GetSecretVersionRequest], resources.SecretVersion]:
527 r"""Return a callable for the get secret version method over gRPC.
529 Gets metadata for a
530 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
532 ``projects/*/secrets/*/versions/latest`` is an alias to the
533 ``latest``
534 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
536 Returns:
537 Callable[[~.GetSecretVersionRequest],
538 ~.SecretVersion]:
539 A function that, when called, will call the underlying RPC
540 on the server.
541 """
542 # Generate a "stub function" on-the-fly which will actually make
543 # the request.
544 # gRPC handles serialization and deserialization, so we just need
545 # to pass in the functions for each.
546 if "get_secret_version" not in self._stubs:
547 self._stubs["get_secret_version"] = self._logged_channel.unary_unary(
548 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
549 request_serializer=service.GetSecretVersionRequest.serialize,
550 response_deserializer=resources.SecretVersion.deserialize,
551 )
552 return self._stubs["get_secret_version"]
554 @property
555 def access_secret_version(
556 self,
557 ) -> Callable[
558 [service.AccessSecretVersionRequest], service.AccessSecretVersionResponse
559 ]:
560 r"""Return a callable for the access secret version method over gRPC.
562 Accesses a
563 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
564 This call returns the secret data.
566 ``projects/*/secrets/*/versions/latest`` is an alias to the
567 ``latest``
568 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
570 Returns:
571 Callable[[~.AccessSecretVersionRequest],
572 ~.AccessSecretVersionResponse]:
573 A function that, when called, will call the underlying RPC
574 on the server.
575 """
576 # Generate a "stub function" on-the-fly which will actually make
577 # the request.
578 # gRPC handles serialization and deserialization, so we just need
579 # to pass in the functions for each.
580 if "access_secret_version" not in self._stubs:
581 self._stubs["access_secret_version"] = self._logged_channel.unary_unary(
582 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
583 request_serializer=service.AccessSecretVersionRequest.serialize,
584 response_deserializer=service.AccessSecretVersionResponse.deserialize,
585 )
586 return self._stubs["access_secret_version"]
588 @property
589 def disable_secret_version(
590 self,
591 ) -> Callable[[service.DisableSecretVersionRequest], resources.SecretVersion]:
592 r"""Return a callable for the disable secret version method over gRPC.
594 Disables a
595 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
597 Sets the
598 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
599 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
600 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
602 Returns:
603 Callable[[~.DisableSecretVersionRequest],
604 ~.SecretVersion]:
605 A function that, when called, will call the underlying RPC
606 on the server.
607 """
608 # Generate a "stub function" on-the-fly which will actually make
609 # the request.
610 # gRPC handles serialization and deserialization, so we just need
611 # to pass in the functions for each.
612 if "disable_secret_version" not in self._stubs:
613 self._stubs["disable_secret_version"] = self._logged_channel.unary_unary(
614 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
615 request_serializer=service.DisableSecretVersionRequest.serialize,
616 response_deserializer=resources.SecretVersion.deserialize,
617 )
618 return self._stubs["disable_secret_version"]
620 @property
621 def enable_secret_version(
622 self,
623 ) -> Callable[[service.EnableSecretVersionRequest], resources.SecretVersion]:
624 r"""Return a callable for the enable secret version method over gRPC.
626 Enables a
627 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
629 Sets the
630 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
631 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
632 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
634 Returns:
635 Callable[[~.EnableSecretVersionRequest],
636 ~.SecretVersion]:
637 A function that, when called, will call the underlying RPC
638 on the server.
639 """
640 # Generate a "stub function" on-the-fly which will actually make
641 # the request.
642 # gRPC handles serialization and deserialization, so we just need
643 # to pass in the functions for each.
644 if "enable_secret_version" not in self._stubs:
645 self._stubs["enable_secret_version"] = self._logged_channel.unary_unary(
646 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
647 request_serializer=service.EnableSecretVersionRequest.serialize,
648 response_deserializer=resources.SecretVersion.deserialize,
649 )
650 return self._stubs["enable_secret_version"]
652 @property
653 def destroy_secret_version(
654 self,
655 ) -> Callable[[service.DestroySecretVersionRequest], resources.SecretVersion]:
656 r"""Return a callable for the destroy secret version method over gRPC.
658 Destroys a
659 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
661 Sets the
662 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
663 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
664 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
665 and irrevocably destroys the secret data.
667 Returns:
668 Callable[[~.DestroySecretVersionRequest],
669 ~.SecretVersion]:
670 A function that, when called, will call the underlying RPC
671 on the server.
672 """
673 # Generate a "stub function" on-the-fly which will actually make
674 # the request.
675 # gRPC handles serialization and deserialization, so we just need
676 # to pass in the functions for each.
677 if "destroy_secret_version" not in self._stubs:
678 self._stubs["destroy_secret_version"] = self._logged_channel.unary_unary(
679 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
680 request_serializer=service.DestroySecretVersionRequest.serialize,
681 response_deserializer=resources.SecretVersion.deserialize,
682 )
683 return self._stubs["destroy_secret_version"]
685 @property
686 def set_iam_policy(
687 self,
688 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]:
689 r"""Return a callable for the set iam policy method over gRPC.
691 Sets the access control policy on the specified secret. Replaces
692 any existing policy.
694 Permissions on
695 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
696 enforced according to the policy set on the associated
697 [Secret][google.cloud.secrets.v1beta1.Secret].
699 Returns:
700 Callable[[~.SetIamPolicyRequest],
701 ~.Policy]:
702 A function that, when called, will call the underlying RPC
703 on the server.
704 """
705 # Generate a "stub function" on-the-fly which will actually make
706 # the request.
707 # gRPC handles serialization and deserialization, so we just need
708 # to pass in the functions for each.
709 if "set_iam_policy" not in self._stubs:
710 self._stubs["set_iam_policy"] = self._logged_channel.unary_unary(
711 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
712 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
713 response_deserializer=policy_pb2.Policy.FromString,
714 )
715 return self._stubs["set_iam_policy"]
717 @property
718 def get_iam_policy(
719 self,
720 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]:
721 r"""Return a callable for the get iam policy method over gRPC.
723 Gets the access control policy for a secret.
724 Returns empty policy if the secret exists and does not
725 have a policy set.
727 Returns:
728 Callable[[~.GetIamPolicyRequest],
729 ~.Policy]:
730 A function that, when called, will call the underlying RPC
731 on the server.
732 """
733 # Generate a "stub function" on-the-fly which will actually make
734 # the request.
735 # gRPC handles serialization and deserialization, so we just need
736 # to pass in the functions for each.
737 if "get_iam_policy" not in self._stubs:
738 self._stubs["get_iam_policy"] = self._logged_channel.unary_unary(
739 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
740 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
741 response_deserializer=policy_pb2.Policy.FromString,
742 )
743 return self._stubs["get_iam_policy"]
745 @property
746 def test_iam_permissions(
747 self,
748 ) -> Callable[
749 [iam_policy_pb2.TestIamPermissionsRequest],
750 iam_policy_pb2.TestIamPermissionsResponse,
751 ]:
752 r"""Return a callable for the test iam permissions method over gRPC.
754 Returns permissions that a caller has for the specified secret.
755 If the secret does not exist, this call returns an empty set of
756 permissions, not a NOT_FOUND error.
758 Note: This operation is designed to be used for building
759 permission-aware UIs and command-line tools, not for
760 authorization checking. This operation may "fail open" without
761 warning.
763 Returns:
764 Callable[[~.TestIamPermissionsRequest],
765 ~.TestIamPermissionsResponse]:
766 A function that, when called, will call the underlying RPC
767 on the server.
768 """
769 # Generate a "stub function" on-the-fly which will actually make
770 # the request.
771 # gRPC handles serialization and deserialization, so we just need
772 # to pass in the functions for each.
773 if "test_iam_permissions" not in self._stubs:
774 self._stubs["test_iam_permissions"] = self._logged_channel.unary_unary(
775 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
776 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
777 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
778 )
779 return self._stubs["test_iam_permissions"]
781 def close(self):
782 self._logged_channel.close()
784 @property
785 def list_locations(
786 self,
787 ) -> Callable[
788 [locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse
789 ]:
790 r"""Return a callable for the list locations method over gRPC."""
791 # Generate a "stub function" on-the-fly which will actually make
792 # the request.
793 # gRPC handles serialization and deserialization, so we just need
794 # to pass in the functions for each.
795 if "list_locations" not in self._stubs:
796 self._stubs["list_locations"] = self._logged_channel.unary_unary(
797 "/google.cloud.location.Locations/ListLocations",
798 request_serializer=locations_pb2.ListLocationsRequest.SerializeToString,
799 response_deserializer=locations_pb2.ListLocationsResponse.FromString,
800 )
801 return self._stubs["list_locations"]
803 @property
804 def get_location(
805 self,
806 ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]:
807 r"""Return a callable for the list locations method over gRPC."""
808 # Generate a "stub function" on-the-fly which will actually make
809 # the request.
810 # gRPC handles serialization and deserialization, so we just need
811 # to pass in the functions for each.
812 if "get_location" not in self._stubs:
813 self._stubs["get_location"] = self._logged_channel.unary_unary(
814 "/google.cloud.location.Locations/GetLocation",
815 request_serializer=locations_pb2.GetLocationRequest.SerializeToString,
816 response_deserializer=locations_pb2.Location.FromString,
817 )
818 return self._stubs["get_location"]
820 @property
821 def kind(self) -> str:
822 return "grpc"
825__all__ = ("SecretManagerServiceGrpcTransport",)