Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import abc
17from typing import Awaitable, Callable, Dict, Optional, Sequence, Union
19import google.api_core
20from google.api_core import exceptions as core_exceptions
21from google.api_core import gapic_v1
22from google.api_core import retry as retries
23import google.auth # type: ignore
24from google.auth import credentials as ga_credentials # type: ignore
25from google.cloud.location import locations_pb2 # type: ignore
26import google.iam.v1.iam_policy_pb2 as iam_policy_pb2 # type: ignore
27import google.iam.v1.policy_pb2 as policy_pb2 # type: ignore
28from google.oauth2 import service_account # type: ignore
29import google.protobuf
30import google.protobuf.empty_pb2 as empty_pb2 # type: ignore
32from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
33from google.cloud.secretmanager_v1beta1.types import resources, service
35DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
36 gapic_version=package_version.__version__
37)
39if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER
40 DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__
43class SecretManagerServiceTransport(abc.ABC):
44 """Abstract transport class for SecretManagerService."""
46 AUTH_SCOPES = ("https://www.googleapis.com/auth/cloud-platform",)
48 DEFAULT_HOST: str = "secretmanager.googleapis.com"
50 def __init__(
51 self,
52 *,
53 host: str = DEFAULT_HOST,
54 credentials: Optional[ga_credentials.Credentials] = None,
55 credentials_file: Optional[str] = None,
56 scopes: Optional[Sequence[str]] = None,
57 quota_project_id: Optional[str] = None,
58 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
59 always_use_jwt_access: Optional[bool] = False,
60 api_audience: Optional[str] = None,
61 **kwargs,
62 ) -> None:
63 """Instantiate the transport.
65 Args:
66 host (Optional[str]):
67 The hostname to connect to (default: 'secretmanager.googleapis.com').
68 credentials (Optional[google.auth.credentials.Credentials]): The
69 authorization credentials to attach to requests. These
70 credentials identify the application to the service; if none
71 are specified, the client will attempt to ascertain the
72 credentials from the environment.
73 credentials_file (Optional[str]): Deprecated. A file with credentials that can
74 be loaded with :func:`google.auth.load_credentials_from_file`.
75 This argument is mutually exclusive with credentials. This argument will be
76 removed in the next major version of this library.
77 scopes (Optional[Sequence[str]]): A list of scopes.
78 quota_project_id (Optional[str]): An optional project to use for billing
79 and quota.
80 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
81 The client info used to send a user-agent string along with
82 API requests. If ``None``, then default info will be used.
83 Generally, you only need to set this if you're developing
84 your own client library.
85 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
86 be used for service account credentials.
87 """
89 # Save the scopes.
90 self._scopes = scopes
91 if not hasattr(self, "_ignore_credentials"):
92 self._ignore_credentials: bool = False
94 # If no credentials are provided, then determine the appropriate
95 # defaults.
96 if credentials and credentials_file:
97 raise core_exceptions.DuplicateCredentialArgs(
98 "'credentials_file' and 'credentials' are mutually exclusive"
99 )
101 if credentials_file is not None:
102 credentials, _ = google.auth.load_credentials_from_file(
103 credentials_file,
104 scopes=scopes,
105 quota_project_id=quota_project_id,
106 default_scopes=self.AUTH_SCOPES,
107 )
108 elif credentials is None and not self._ignore_credentials:
109 credentials, _ = google.auth.default(
110 scopes=scopes,
111 quota_project_id=quota_project_id,
112 default_scopes=self.AUTH_SCOPES,
113 )
114 # Don't apply audience if the credentials file passed from user.
115 if hasattr(credentials, "with_gdch_audience"):
116 credentials = credentials.with_gdch_audience(
117 api_audience if api_audience else host
118 )
120 # If the credentials are service account credentials, then always try to use self signed JWT.
121 if (
122 always_use_jwt_access
123 and isinstance(credentials, service_account.Credentials)
124 and hasattr(service_account.Credentials, "with_always_use_jwt_access")
125 ):
126 credentials = credentials.with_always_use_jwt_access(True)
128 # Save the credentials.
129 self._credentials = credentials
131 # Save the hostname. Default to port 443 (HTTPS) if none is specified.
132 if ":" not in host:
133 host += ":443"
134 self._host = host
136 @property
137 def host(self):
138 return self._host
140 def _prep_wrapped_messages(self, client_info):
141 # Precompute the wrapped methods.
142 self._wrapped_methods = {
143 self.list_secrets: gapic_v1.method.wrap_method(
144 self.list_secrets,
145 default_timeout=60.0,
146 client_info=client_info,
147 ),
148 self.create_secret: gapic_v1.method.wrap_method(
149 self.create_secret,
150 default_timeout=60.0,
151 client_info=client_info,
152 ),
153 self.add_secret_version: gapic_v1.method.wrap_method(
154 self.add_secret_version,
155 default_timeout=60.0,
156 client_info=client_info,
157 ),
158 self.get_secret: gapic_v1.method.wrap_method(
159 self.get_secret,
160 default_timeout=60.0,
161 client_info=client_info,
162 ),
163 self.update_secret: gapic_v1.method.wrap_method(
164 self.update_secret,
165 default_timeout=60.0,
166 client_info=client_info,
167 ),
168 self.delete_secret: gapic_v1.method.wrap_method(
169 self.delete_secret,
170 default_timeout=60.0,
171 client_info=client_info,
172 ),
173 self.list_secret_versions: gapic_v1.method.wrap_method(
174 self.list_secret_versions,
175 default_timeout=60.0,
176 client_info=client_info,
177 ),
178 self.get_secret_version: gapic_v1.method.wrap_method(
179 self.get_secret_version,
180 default_timeout=60.0,
181 client_info=client_info,
182 ),
183 self.access_secret_version: gapic_v1.method.wrap_method(
184 self.access_secret_version,
185 default_retry=retries.Retry(
186 initial=1.0,
187 maximum=60.0,
188 multiplier=1.3,
189 predicate=retries.if_exception_type(
190 core_exceptions.ServiceUnavailable,
191 core_exceptions.Unknown,
192 ),
193 deadline=60.0,
194 ),
195 default_timeout=60.0,
196 client_info=client_info,
197 ),
198 self.disable_secret_version: gapic_v1.method.wrap_method(
199 self.disable_secret_version,
200 default_timeout=60.0,
201 client_info=client_info,
202 ),
203 self.enable_secret_version: gapic_v1.method.wrap_method(
204 self.enable_secret_version,
205 default_timeout=60.0,
206 client_info=client_info,
207 ),
208 self.destroy_secret_version: gapic_v1.method.wrap_method(
209 self.destroy_secret_version,
210 default_timeout=60.0,
211 client_info=client_info,
212 ),
213 self.set_iam_policy: gapic_v1.method.wrap_method(
214 self.set_iam_policy,
215 default_timeout=60.0,
216 client_info=client_info,
217 ),
218 self.get_iam_policy: gapic_v1.method.wrap_method(
219 self.get_iam_policy,
220 default_timeout=60.0,
221 client_info=client_info,
222 ),
223 self.test_iam_permissions: gapic_v1.method.wrap_method(
224 self.test_iam_permissions,
225 default_timeout=60.0,
226 client_info=client_info,
227 ),
228 self.get_location: gapic_v1.method.wrap_method(
229 self.get_location,
230 default_timeout=None,
231 client_info=client_info,
232 ),
233 self.list_locations: gapic_v1.method.wrap_method(
234 self.list_locations,
235 default_timeout=None,
236 client_info=client_info,
237 ),
238 }
240 def close(self):
241 """Closes resources associated with the transport.
243 .. warning::
244 Only call this method if the transport is NOT shared
245 with other clients - this may cause errors in other clients!
246 """
247 raise NotImplementedError()
249 @property
250 def list_secrets(
251 self,
252 ) -> Callable[
253 [service.ListSecretsRequest],
254 Union[service.ListSecretsResponse, Awaitable[service.ListSecretsResponse]],
255 ]:
256 raise NotImplementedError()
258 @property
259 def create_secret(
260 self,
261 ) -> Callable[
262 [service.CreateSecretRequest],
263 Union[resources.Secret, Awaitable[resources.Secret]],
264 ]:
265 raise NotImplementedError()
267 @property
268 def add_secret_version(
269 self,
270 ) -> Callable[
271 [service.AddSecretVersionRequest],
272 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
273 ]:
274 raise NotImplementedError()
276 @property
277 def get_secret(
278 self,
279 ) -> Callable[
280 [service.GetSecretRequest], Union[resources.Secret, Awaitable[resources.Secret]]
281 ]:
282 raise NotImplementedError()
284 @property
285 def update_secret(
286 self,
287 ) -> Callable[
288 [service.UpdateSecretRequest],
289 Union[resources.Secret, Awaitable[resources.Secret]],
290 ]:
291 raise NotImplementedError()
293 @property
294 def delete_secret(
295 self,
296 ) -> Callable[
297 [service.DeleteSecretRequest],
298 Union[empty_pb2.Empty, Awaitable[empty_pb2.Empty]],
299 ]:
300 raise NotImplementedError()
302 @property
303 def list_secret_versions(
304 self,
305 ) -> Callable[
306 [service.ListSecretVersionsRequest],
307 Union[
308 service.ListSecretVersionsResponse,
309 Awaitable[service.ListSecretVersionsResponse],
310 ],
311 ]:
312 raise NotImplementedError()
314 @property
315 def get_secret_version(
316 self,
317 ) -> Callable[
318 [service.GetSecretVersionRequest],
319 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
320 ]:
321 raise NotImplementedError()
323 @property
324 def access_secret_version(
325 self,
326 ) -> Callable[
327 [service.AccessSecretVersionRequest],
328 Union[
329 service.AccessSecretVersionResponse,
330 Awaitable[service.AccessSecretVersionResponse],
331 ],
332 ]:
333 raise NotImplementedError()
335 @property
336 def disable_secret_version(
337 self,
338 ) -> Callable[
339 [service.DisableSecretVersionRequest],
340 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
341 ]:
342 raise NotImplementedError()
344 @property
345 def enable_secret_version(
346 self,
347 ) -> Callable[
348 [service.EnableSecretVersionRequest],
349 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
350 ]:
351 raise NotImplementedError()
353 @property
354 def destroy_secret_version(
355 self,
356 ) -> Callable[
357 [service.DestroySecretVersionRequest],
358 Union[resources.SecretVersion, Awaitable[resources.SecretVersion]],
359 ]:
360 raise NotImplementedError()
362 @property
363 def set_iam_policy(
364 self,
365 ) -> Callable[
366 [iam_policy_pb2.SetIamPolicyRequest],
367 Union[policy_pb2.Policy, Awaitable[policy_pb2.Policy]],
368 ]:
369 raise NotImplementedError()
371 @property
372 def get_iam_policy(
373 self,
374 ) -> Callable[
375 [iam_policy_pb2.GetIamPolicyRequest],
376 Union[policy_pb2.Policy, Awaitable[policy_pb2.Policy]],
377 ]:
378 raise NotImplementedError()
380 @property
381 def test_iam_permissions(
382 self,
383 ) -> Callable[
384 [iam_policy_pb2.TestIamPermissionsRequest],
385 Union[
386 iam_policy_pb2.TestIamPermissionsResponse,
387 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
388 ],
389 ]:
390 raise NotImplementedError()
392 @property
393 def get_location(
394 self,
395 ) -> Callable[
396 [locations_pb2.GetLocationRequest],
397 Union[locations_pb2.Location, Awaitable[locations_pb2.Location]],
398 ]:
399 raise NotImplementedError()
401 @property
402 def list_locations(
403 self,
404 ) -> Callable[
405 [locations_pb2.ListLocationsRequest],
406 Union[
407 locations_pb2.ListLocationsResponse,
408 Awaitable[locations_pb2.ListLocationsResponse],
409 ],
410 ]:
411 raise NotImplementedError()
413 @property
414 def kind(self) -> str:
415 raise NotImplementedError()
418__all__ = ("SecretManagerServiceTransport",)