Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2025 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import logging as std_logging
17import re
18from collections import OrderedDict
19from typing import (
20 Callable,
21 Dict,
22 Mapping,
23 MutableMapping,
24 MutableSequence,
25 Optional,
26 Sequence,
27 Tuple,
28 Type,
29 Union,
30)
32import google.protobuf
33from google.api_core import exceptions as core_exceptions
34from google.api_core import gapic_v1
35from google.api_core import retry_async as retries
36from google.api_core.client_options import ClientOptions
37from google.auth import credentials as ga_credentials # type: ignore
38from google.oauth2 import service_account # type: ignore
40from google.cloud.secretmanager_v1beta1 import gapic_version as package_version
42try:
43 OptionalRetry = Union[retries.AsyncRetry, gapic_v1.method._MethodDefault, None]
44except AttributeError: # pragma: NO COVER
45 OptionalRetry = Union[retries.AsyncRetry, object, None] # type: ignore
47import google.iam.v1.iam_policy_pb2 as iam_policy_pb2 # type: ignore
48import google.iam.v1.policy_pb2 as policy_pb2 # type: ignore
49import google.protobuf.field_mask_pb2 as field_mask_pb2 # type: ignore
50import google.protobuf.timestamp_pb2 as timestamp_pb2 # type: ignore
51from google.cloud.location import locations_pb2 # type: ignore
53from google.cloud.secretmanager_v1beta1.services.secret_manager_service import pagers
54from google.cloud.secretmanager_v1beta1.types import resources, service
56from .client import SecretManagerServiceClient
57from .transports.base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
58from .transports.grpc_asyncio import SecretManagerServiceGrpcAsyncIOTransport
60try:
61 from google.api_core import client_logging # type: ignore
63 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
64except ImportError: # pragma: NO COVER
65 CLIENT_LOGGING_SUPPORTED = False
67_LOGGER = std_logging.getLogger(__name__)
70class SecretManagerServiceAsyncClient:
71 """Secret Manager Service
73 Manages secrets and operations using those secrets. Implements a
74 REST model with the following objects:
76 - [Secret][google.cloud.secrets.v1beta1.Secret]
77 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
78 """
80 _client: SecretManagerServiceClient
82 # Copy defaults from the synchronous client for use here.
83 # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead.
84 DEFAULT_ENDPOINT = SecretManagerServiceClient.DEFAULT_ENDPOINT
85 DEFAULT_MTLS_ENDPOINT = SecretManagerServiceClient.DEFAULT_MTLS_ENDPOINT
86 _DEFAULT_ENDPOINT_TEMPLATE = SecretManagerServiceClient._DEFAULT_ENDPOINT_TEMPLATE
87 _DEFAULT_UNIVERSE = SecretManagerServiceClient._DEFAULT_UNIVERSE
89 secret_path = staticmethod(SecretManagerServiceClient.secret_path)
90 parse_secret_path = staticmethod(SecretManagerServiceClient.parse_secret_path)
91 secret_version_path = staticmethod(SecretManagerServiceClient.secret_version_path)
92 parse_secret_version_path = staticmethod(
93 SecretManagerServiceClient.parse_secret_version_path
94 )
95 common_billing_account_path = staticmethod(
96 SecretManagerServiceClient.common_billing_account_path
97 )
98 parse_common_billing_account_path = staticmethod(
99 SecretManagerServiceClient.parse_common_billing_account_path
100 )
101 common_folder_path = staticmethod(SecretManagerServiceClient.common_folder_path)
102 parse_common_folder_path = staticmethod(
103 SecretManagerServiceClient.parse_common_folder_path
104 )
105 common_organization_path = staticmethod(
106 SecretManagerServiceClient.common_organization_path
107 )
108 parse_common_organization_path = staticmethod(
109 SecretManagerServiceClient.parse_common_organization_path
110 )
111 common_project_path = staticmethod(SecretManagerServiceClient.common_project_path)
112 parse_common_project_path = staticmethod(
113 SecretManagerServiceClient.parse_common_project_path
114 )
115 common_location_path = staticmethod(SecretManagerServiceClient.common_location_path)
116 parse_common_location_path = staticmethod(
117 SecretManagerServiceClient.parse_common_location_path
118 )
120 @classmethod
121 def from_service_account_info(cls, info: dict, *args, **kwargs):
122 """Creates an instance of this client using the provided credentials
123 info.
125 Args:
126 info (dict): The service account private key info.
127 args: Additional arguments to pass to the constructor.
128 kwargs: Additional arguments to pass to the constructor.
130 Returns:
131 SecretManagerServiceAsyncClient: The constructed client.
132 """
133 sa_info_func = (
134 SecretManagerServiceClient.from_service_account_info.__func__ # type: ignore
135 )
136 return sa_info_func(SecretManagerServiceAsyncClient, info, *args, **kwargs)
138 @classmethod
139 def from_service_account_file(cls, filename: str, *args, **kwargs):
140 """Creates an instance of this client using the provided credentials
141 file.
143 Args:
144 filename (str): The path to the service account private key json
145 file.
146 args: Additional arguments to pass to the constructor.
147 kwargs: Additional arguments to pass to the constructor.
149 Returns:
150 SecretManagerServiceAsyncClient: The constructed client.
151 """
152 sa_file_func = (
153 SecretManagerServiceClient.from_service_account_file.__func__ # type: ignore
154 )
155 return sa_file_func(SecretManagerServiceAsyncClient, filename, *args, **kwargs)
157 from_service_account_json = from_service_account_file
159 @classmethod
160 def get_mtls_endpoint_and_cert_source(
161 cls, client_options: Optional[ClientOptions] = None
162 ):
163 """Return the API endpoint and client cert source for mutual TLS.
165 The client cert source is determined in the following order:
166 (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the
167 client cert source is None.
168 (2) if `client_options.client_cert_source` is provided, use the provided one; if the
169 default client cert source exists, use the default one; otherwise the client cert
170 source is None.
172 The API endpoint is determined in the following order:
173 (1) if `client_options.api_endpoint` if provided, use the provided one.
174 (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the
175 default mTLS endpoint; if the environment variable is "never", use the default API
176 endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
177 use the default API endpoint.
179 More details can be found at https://google.aip.dev/auth/4114.
181 Args:
182 client_options (google.api_core.client_options.ClientOptions): Custom options for the
183 client. Only the `api_endpoint` and `client_cert_source` properties may be used
184 in this method.
186 Returns:
187 Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the
188 client cert source to use.
190 Raises:
191 google.auth.exceptions.MutualTLSChannelError: If any errors happen.
192 """
193 return SecretManagerServiceClient.get_mtls_endpoint_and_cert_source(
194 client_options
195 ) # type: ignore
197 @property
198 def transport(self) -> SecretManagerServiceTransport:
199 """Returns the transport used by the client instance.
201 Returns:
202 SecretManagerServiceTransport: The transport used by the client instance.
203 """
204 return self._client.transport
206 @property
207 def api_endpoint(self):
208 """Return the API endpoint used by the client instance.
210 Returns:
211 str: The API endpoint used by the client instance.
212 """
213 return self._client._api_endpoint
215 @property
216 def universe_domain(self) -> str:
217 """Return the universe domain used by the client instance.
219 Returns:
220 str: The universe domain used
221 by the client instance.
222 """
223 return self._client._universe_domain
225 get_transport_class = SecretManagerServiceClient.get_transport_class
227 def __init__(
228 self,
229 *,
230 credentials: Optional[ga_credentials.Credentials] = None,
231 transport: Optional[
232 Union[
233 str,
234 SecretManagerServiceTransport,
235 Callable[..., SecretManagerServiceTransport],
236 ]
237 ] = "grpc_asyncio",
238 client_options: Optional[ClientOptions] = None,
239 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
240 ) -> None:
241 """Instantiates the secret manager service async client.
243 Args:
244 credentials (Optional[google.auth.credentials.Credentials]): The
245 authorization credentials to attach to requests. These
246 credentials identify the application to the service; if none
247 are specified, the client will attempt to ascertain the
248 credentials from the environment.
249 transport (Optional[Union[str,SecretManagerServiceTransport,Callable[..., SecretManagerServiceTransport]]]):
250 The transport to use, or a Callable that constructs and returns a new transport to use.
251 If a Callable is given, it will be called with the same set of initialization
252 arguments as used in the SecretManagerServiceTransport constructor.
253 If set to None, a transport is chosen automatically.
254 client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]):
255 Custom options for the client.
257 1. The ``api_endpoint`` property can be used to override the
258 default endpoint provided by the client when ``transport`` is
259 not explicitly provided. Only if this property is not set and
260 ``transport`` was not explicitly provided, the endpoint is
261 determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment
262 variable, which have one of the following values:
263 "always" (always use the default mTLS endpoint), "never" (always
264 use the default regular endpoint) and "auto" (auto-switch to the
265 default mTLS endpoint if client certificate is present; this is
266 the default value).
268 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable
269 is "true", then the ``client_cert_source`` property can be used
270 to provide a client certificate for mTLS transport. If
271 not provided, the default SSL client certificate will be used if
272 present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not
273 set, no client certificate will be used.
275 3. The ``universe_domain`` property can be used to override the
276 default "googleapis.com" universe. Note that ``api_endpoint``
277 property still takes precedence; and ``universe_domain`` is
278 currently not supported for mTLS.
280 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
281 The client info used to send a user-agent string along with
282 API requests. If ``None``, then default info will be used.
283 Generally, you only need to set this if you're developing
284 your own client library.
286 Raises:
287 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
288 creation failed for any reason.
289 """
290 self._client = SecretManagerServiceClient(
291 credentials=credentials,
292 transport=transport,
293 client_options=client_options,
294 client_info=client_info,
295 )
297 if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
298 std_logging.DEBUG
299 ): # pragma: NO COVER
300 _LOGGER.debug(
301 "Created client `google.cloud.secrets_v1beta1.SecretManagerServiceAsyncClient`.",
302 extra={
303 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
304 "universeDomain": getattr(
305 self._client._transport._credentials, "universe_domain", ""
306 ),
307 "credentialsType": f"{type(self._client._transport._credentials).__module__}.{type(self._client._transport._credentials).__qualname__}",
308 "credentialsInfo": getattr(
309 self.transport._credentials, "get_cred_info", lambda: None
310 )(),
311 }
312 if hasattr(self._client._transport, "_credentials")
313 else {
314 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
315 "credentialsType": None,
316 },
317 )
319 async def list_secrets(
320 self,
321 request: Optional[Union[service.ListSecretsRequest, dict]] = None,
322 *,
323 parent: Optional[str] = None,
324 retry: OptionalRetry = gapic_v1.method.DEFAULT,
325 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
326 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
327 ) -> pagers.ListSecretsAsyncPager:
328 r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
330 .. code-block:: python
332 # This snippet has been automatically generated and should be regarded as a
333 # code template only.
334 # It will require modifications to work:
335 # - It may require correct/in-range values for request initialization.
336 # - It may require specifying regional endpoints when creating the service
337 # client as shown in:
338 # https://googleapis.dev/python/google-api-core/latest/client_options.html
339 from google.cloud import secretmanager_v1beta1
341 async def sample_list_secrets():
342 # Create a client
343 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
345 # Initialize request argument(s)
346 request = secretmanager_v1beta1.ListSecretsRequest(
347 parent="parent_value",
348 )
350 # Make the request
351 page_result = client.list_secrets(request=request)
353 # Handle the response
354 async for response in page_result:
355 print(response)
357 Args:
358 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]]):
359 The request object. Request message for
360 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
361 parent (:class:`str`):
362 Required. The resource name of the project associated
363 with the [Secrets][google.cloud.secrets.v1beta1.Secret],
364 in the format ``projects/*``.
366 This corresponds to the ``parent`` field
367 on the ``request`` instance; if ``request`` is provided, this
368 should not be set.
369 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
370 should be retried.
371 timeout (float): The timeout for this request.
372 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
373 sent along with the request as metadata. Normally, each value must be of type `str`,
374 but for metadata keys ending with the suffix `-bin`, the corresponding values must
375 be of type `bytes`.
377 Returns:
378 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsAsyncPager:
379 Response message for
380 [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets].
382 Iterating over this object will yield results and
383 resolve additional pages automatically.
385 """
386 # Create or coerce a protobuf request object.
387 # - Quick check: If we got a request object, we should *not* have
388 # gotten any keyword arguments that map to the request.
389 flattened_params = [parent]
390 has_flattened_params = (
391 len([param for param in flattened_params if param is not None]) > 0
392 )
393 if request is not None and has_flattened_params:
394 raise ValueError(
395 "If the `request` argument is set, then none of "
396 "the individual field arguments should be set."
397 )
399 # - Use the request object if provided (there's no risk of modifying the input as
400 # there are no flattened fields), or create one.
401 if not isinstance(request, service.ListSecretsRequest):
402 request = service.ListSecretsRequest(request)
404 # If we have keyword arguments corresponding to fields on the
405 # request, apply these.
406 if parent is not None:
407 request.parent = parent
409 # Wrap the RPC method; this adds retry and timeout information,
410 # and friendly error handling.
411 rpc = self._client._transport._wrapped_methods[
412 self._client._transport.list_secrets
413 ]
415 # Certain fields should be provided within the metadata header;
416 # add these here.
417 metadata = tuple(metadata) + (
418 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
419 )
421 # Validate the universe domain.
422 self._client._validate_universe_domain()
424 # Send the request.
425 response = await rpc(
426 request,
427 retry=retry,
428 timeout=timeout,
429 metadata=metadata,
430 )
432 # This method is paged; wrap the response in a pager, which provides
433 # an `__aiter__` convenience method.
434 response = pagers.ListSecretsAsyncPager(
435 method=rpc,
436 request=request,
437 response=response,
438 retry=retry,
439 timeout=timeout,
440 metadata=metadata,
441 )
443 # Done; return the response.
444 return response
446 async def create_secret(
447 self,
448 request: Optional[Union[service.CreateSecretRequest, dict]] = None,
449 *,
450 parent: Optional[str] = None,
451 secret_id: Optional[str] = None,
452 secret: Optional[resources.Secret] = None,
453 retry: OptionalRetry = gapic_v1.method.DEFAULT,
454 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
455 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
456 ) -> resources.Secret:
457 r"""Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
458 containing no
459 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
461 .. code-block:: python
463 # This snippet has been automatically generated and should be regarded as a
464 # code template only.
465 # It will require modifications to work:
466 # - It may require correct/in-range values for request initialization.
467 # - It may require specifying regional endpoints when creating the service
468 # client as shown in:
469 # https://googleapis.dev/python/google-api-core/latest/client_options.html
470 from google.cloud import secretmanager_v1beta1
472 async def sample_create_secret():
473 # Create a client
474 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
476 # Initialize request argument(s)
477 request = secretmanager_v1beta1.CreateSecretRequest(
478 parent="parent_value",
479 secret_id="secret_id_value",
480 )
482 # Make the request
483 response = await client.create_secret(request=request)
485 # Handle the response
486 print(response)
488 Args:
489 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]]):
490 The request object. Request message for
491 [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret].
492 parent (:class:`str`):
493 Required. The resource name of the project to associate
494 with the [Secret][google.cloud.secrets.v1beta1.Secret],
495 in the format ``projects/*``.
497 This corresponds to the ``parent`` field
498 on the ``request`` instance; if ``request`` is provided, this
499 should not be set.
500 secret_id (:class:`str`):
501 Required. This must be unique within the project.
503 A secret ID is a string with a maximum length of 255
504 characters and can contain uppercase and lowercase
505 letters, numerals, and the hyphen (``-``) and underscore
506 (``_``) characters.
508 This corresponds to the ``secret_id`` field
509 on the ``request`` instance; if ``request`` is provided, this
510 should not be set.
511 secret (:class:`google.cloud.secretmanager_v1beta1.types.Secret`):
512 Required. A
513 [Secret][google.cloud.secrets.v1beta1.Secret] with
514 initial field values.
516 This corresponds to the ``secret`` field
517 on the ``request`` instance; if ``request`` is provided, this
518 should not be set.
519 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
520 should be retried.
521 timeout (float): The timeout for this request.
522 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
523 sent along with the request as metadata. Normally, each value must be of type `str`,
524 but for metadata keys ending with the suffix `-bin`, the corresponding values must
525 be of type `bytes`.
527 Returns:
528 google.cloud.secretmanager_v1beta1.types.Secret:
529 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose
530 value and versions can be accessed.
532 A [Secret][google.cloud.secrets.v1beta1.Secret] is
533 made up of zero or more
534 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
535 that represent the secret data.
537 """
538 # Create or coerce a protobuf request object.
539 # - Quick check: If we got a request object, we should *not* have
540 # gotten any keyword arguments that map to the request.
541 flattened_params = [parent, secret_id, secret]
542 has_flattened_params = (
543 len([param for param in flattened_params if param is not None]) > 0
544 )
545 if request is not None and has_flattened_params:
546 raise ValueError(
547 "If the `request` argument is set, then none of "
548 "the individual field arguments should be set."
549 )
551 # - Use the request object if provided (there's no risk of modifying the input as
552 # there are no flattened fields), or create one.
553 if not isinstance(request, service.CreateSecretRequest):
554 request = service.CreateSecretRequest(request)
556 # If we have keyword arguments corresponding to fields on the
557 # request, apply these.
558 if parent is not None:
559 request.parent = parent
560 if secret_id is not None:
561 request.secret_id = secret_id
562 if secret is not None:
563 request.secret = secret
565 # Wrap the RPC method; this adds retry and timeout information,
566 # and friendly error handling.
567 rpc = self._client._transport._wrapped_methods[
568 self._client._transport.create_secret
569 ]
571 # Certain fields should be provided within the metadata header;
572 # add these here.
573 metadata = tuple(metadata) + (
574 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
575 )
577 # Validate the universe domain.
578 self._client._validate_universe_domain()
580 # Send the request.
581 response = await rpc(
582 request,
583 retry=retry,
584 timeout=timeout,
585 metadata=metadata,
586 )
588 # Done; return the response.
589 return response
591 async def add_secret_version(
592 self,
593 request: Optional[Union[service.AddSecretVersionRequest, dict]] = None,
594 *,
595 parent: Optional[str] = None,
596 payload: Optional[resources.SecretPayload] = None,
597 retry: OptionalRetry = gapic_v1.method.DEFAULT,
598 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
599 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
600 ) -> resources.SecretVersion:
601 r"""Creates a new
602 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
603 containing secret data and attaches it to an existing
604 [Secret][google.cloud.secrets.v1beta1.Secret].
606 .. code-block:: python
608 # This snippet has been automatically generated and should be regarded as a
609 # code template only.
610 # It will require modifications to work:
611 # - It may require correct/in-range values for request initialization.
612 # - It may require specifying regional endpoints when creating the service
613 # client as shown in:
614 # https://googleapis.dev/python/google-api-core/latest/client_options.html
615 from google.cloud import secretmanager_v1beta1
617 async def sample_add_secret_version():
618 # Create a client
619 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
621 # Initialize request argument(s)
622 request = secretmanager_v1beta1.AddSecretVersionRequest(
623 parent="parent_value",
624 )
626 # Make the request
627 response = await client.add_secret_version(request=request)
629 # Handle the response
630 print(response)
632 Args:
633 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]]):
634 The request object. Request message for
635 [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion].
636 parent (:class:`str`):
637 Required. The resource name of the
638 [Secret][google.cloud.secrets.v1beta1.Secret] to
639 associate with the
640 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
641 in the format ``projects/*/secrets/*``.
643 This corresponds to the ``parent`` field
644 on the ``request`` instance; if ``request`` is provided, this
645 should not be set.
646 payload (:class:`google.cloud.secretmanager_v1beta1.types.SecretPayload`):
647 Required. The secret payload of the
648 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
650 This corresponds to the ``payload`` field
651 on the ``request`` instance; if ``request`` is provided, this
652 should not be set.
653 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
654 should be retried.
655 timeout (float): The timeout for this request.
656 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
657 sent along with the request as metadata. Normally, each value must be of type `str`,
658 but for metadata keys ending with the suffix `-bin`, the corresponding values must
659 be of type `bytes`.
661 Returns:
662 google.cloud.secretmanager_v1beta1.types.SecretVersion:
663 A secret version resource in the
664 Secret Manager API.
666 """
667 # Create or coerce a protobuf request object.
668 # - Quick check: If we got a request object, we should *not* have
669 # gotten any keyword arguments that map to the request.
670 flattened_params = [parent, payload]
671 has_flattened_params = (
672 len([param for param in flattened_params if param is not None]) > 0
673 )
674 if request is not None and has_flattened_params:
675 raise ValueError(
676 "If the `request` argument is set, then none of "
677 "the individual field arguments should be set."
678 )
680 # - Use the request object if provided (there's no risk of modifying the input as
681 # there are no flattened fields), or create one.
682 if not isinstance(request, service.AddSecretVersionRequest):
683 request = service.AddSecretVersionRequest(request)
685 # If we have keyword arguments corresponding to fields on the
686 # request, apply these.
687 if parent is not None:
688 request.parent = parent
689 if payload is not None:
690 request.payload = payload
692 # Wrap the RPC method; this adds retry and timeout information,
693 # and friendly error handling.
694 rpc = self._client._transport._wrapped_methods[
695 self._client._transport.add_secret_version
696 ]
698 # Certain fields should be provided within the metadata header;
699 # add these here.
700 metadata = tuple(metadata) + (
701 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
702 )
704 # Validate the universe domain.
705 self._client._validate_universe_domain()
707 # Send the request.
708 response = await rpc(
709 request,
710 retry=retry,
711 timeout=timeout,
712 metadata=metadata,
713 )
715 # Done; return the response.
716 return response
718 async def get_secret(
719 self,
720 request: Optional[Union[service.GetSecretRequest, dict]] = None,
721 *,
722 name: Optional[str] = None,
723 retry: OptionalRetry = gapic_v1.method.DEFAULT,
724 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
725 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
726 ) -> resources.Secret:
727 r"""Gets metadata for a given
728 [Secret][google.cloud.secrets.v1beta1.Secret].
730 .. code-block:: python
732 # This snippet has been automatically generated and should be regarded as a
733 # code template only.
734 # It will require modifications to work:
735 # - It may require correct/in-range values for request initialization.
736 # - It may require specifying regional endpoints when creating the service
737 # client as shown in:
738 # https://googleapis.dev/python/google-api-core/latest/client_options.html
739 from google.cloud import secretmanager_v1beta1
741 async def sample_get_secret():
742 # Create a client
743 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
745 # Initialize request argument(s)
746 request = secretmanager_v1beta1.GetSecretRequest(
747 name="name_value",
748 )
750 # Make the request
751 response = await client.get_secret(request=request)
753 # Handle the response
754 print(response)
756 Args:
757 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]]):
758 The request object. Request message for
759 [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret].
760 name (:class:`str`):
761 Required. The resource name of the
762 [Secret][google.cloud.secrets.v1beta1.Secret], in the
763 format ``projects/*/secrets/*``.
765 This corresponds to the ``name`` field
766 on the ``request`` instance; if ``request`` is provided, this
767 should not be set.
768 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
769 should be retried.
770 timeout (float): The timeout for this request.
771 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
772 sent along with the request as metadata. Normally, each value must be of type `str`,
773 but for metadata keys ending with the suffix `-bin`, the corresponding values must
774 be of type `bytes`.
776 Returns:
777 google.cloud.secretmanager_v1beta1.types.Secret:
778 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose
779 value and versions can be accessed.
781 A [Secret][google.cloud.secrets.v1beta1.Secret] is
782 made up of zero or more
783 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
784 that represent the secret data.
786 """
787 # Create or coerce a protobuf request object.
788 # - Quick check: If we got a request object, we should *not* have
789 # gotten any keyword arguments that map to the request.
790 flattened_params = [name]
791 has_flattened_params = (
792 len([param for param in flattened_params if param is not None]) > 0
793 )
794 if request is not None and has_flattened_params:
795 raise ValueError(
796 "If the `request` argument is set, then none of "
797 "the individual field arguments should be set."
798 )
800 # - Use the request object if provided (there's no risk of modifying the input as
801 # there are no flattened fields), or create one.
802 if not isinstance(request, service.GetSecretRequest):
803 request = service.GetSecretRequest(request)
805 # If we have keyword arguments corresponding to fields on the
806 # request, apply these.
807 if name is not None:
808 request.name = name
810 # Wrap the RPC method; this adds retry and timeout information,
811 # and friendly error handling.
812 rpc = self._client._transport._wrapped_methods[
813 self._client._transport.get_secret
814 ]
816 # Certain fields should be provided within the metadata header;
817 # add these here.
818 metadata = tuple(metadata) + (
819 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
820 )
822 # Validate the universe domain.
823 self._client._validate_universe_domain()
825 # Send the request.
826 response = await rpc(
827 request,
828 retry=retry,
829 timeout=timeout,
830 metadata=metadata,
831 )
833 # Done; return the response.
834 return response
836 async def update_secret(
837 self,
838 request: Optional[Union[service.UpdateSecretRequest, dict]] = None,
839 *,
840 secret: Optional[resources.Secret] = None,
841 update_mask: Optional[field_mask_pb2.FieldMask] = None,
842 retry: OptionalRetry = gapic_v1.method.DEFAULT,
843 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
844 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
845 ) -> resources.Secret:
846 r"""Updates metadata of an existing
847 [Secret][google.cloud.secrets.v1beta1.Secret].
849 .. code-block:: python
851 # This snippet has been automatically generated and should be regarded as a
852 # code template only.
853 # It will require modifications to work:
854 # - It may require correct/in-range values for request initialization.
855 # - It may require specifying regional endpoints when creating the service
856 # client as shown in:
857 # https://googleapis.dev/python/google-api-core/latest/client_options.html
858 from google.cloud import secretmanager_v1beta1
860 async def sample_update_secret():
861 # Create a client
862 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
864 # Initialize request argument(s)
865 request = secretmanager_v1beta1.UpdateSecretRequest(
866 )
868 # Make the request
869 response = await client.update_secret(request=request)
871 # Handle the response
872 print(response)
874 Args:
875 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]]):
876 The request object. Request message for
877 [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret].
878 secret (:class:`google.cloud.secretmanager_v1beta1.types.Secret`):
879 Required. [Secret][google.cloud.secrets.v1beta1.Secret]
880 with updated field values.
882 This corresponds to the ``secret`` field
883 on the ``request`` instance; if ``request`` is provided, this
884 should not be set.
885 update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`):
886 Required. Specifies the fields to be
887 updated.
889 This corresponds to the ``update_mask`` field
890 on the ``request`` instance; if ``request`` is provided, this
891 should not be set.
892 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
893 should be retried.
894 timeout (float): The timeout for this request.
895 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
896 sent along with the request as metadata. Normally, each value must be of type `str`,
897 but for metadata keys ending with the suffix `-bin`, the corresponding values must
898 be of type `bytes`.
900 Returns:
901 google.cloud.secretmanager_v1beta1.types.Secret:
902 A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose
903 value and versions can be accessed.
905 A [Secret][google.cloud.secrets.v1beta1.Secret] is
906 made up of zero or more
907 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
908 that represent the secret data.
910 """
911 # Create or coerce a protobuf request object.
912 # - Quick check: If we got a request object, we should *not* have
913 # gotten any keyword arguments that map to the request.
914 flattened_params = [secret, update_mask]
915 has_flattened_params = (
916 len([param for param in flattened_params if param is not None]) > 0
917 )
918 if request is not None and has_flattened_params:
919 raise ValueError(
920 "If the `request` argument is set, then none of "
921 "the individual field arguments should be set."
922 )
924 # - Use the request object if provided (there's no risk of modifying the input as
925 # there are no flattened fields), or create one.
926 if not isinstance(request, service.UpdateSecretRequest):
927 request = service.UpdateSecretRequest(request)
929 # If we have keyword arguments corresponding to fields on the
930 # request, apply these.
931 if secret is not None:
932 request.secret = secret
933 if update_mask is not None:
934 request.update_mask = update_mask
936 # Wrap the RPC method; this adds retry and timeout information,
937 # and friendly error handling.
938 rpc = self._client._transport._wrapped_methods[
939 self._client._transport.update_secret
940 ]
942 # Certain fields should be provided within the metadata header;
943 # add these here.
944 metadata = tuple(metadata) + (
945 gapic_v1.routing_header.to_grpc_metadata(
946 (("secret.name", request.secret.name),)
947 ),
948 )
950 # Validate the universe domain.
951 self._client._validate_universe_domain()
953 # Send the request.
954 response = await rpc(
955 request,
956 retry=retry,
957 timeout=timeout,
958 metadata=metadata,
959 )
961 # Done; return the response.
962 return response
964 async def delete_secret(
965 self,
966 request: Optional[Union[service.DeleteSecretRequest, dict]] = None,
967 *,
968 name: Optional[str] = None,
969 retry: OptionalRetry = gapic_v1.method.DEFAULT,
970 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
971 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
972 ) -> None:
973 r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
975 .. code-block:: python
977 # This snippet has been automatically generated and should be regarded as a
978 # code template only.
979 # It will require modifications to work:
980 # - It may require correct/in-range values for request initialization.
981 # - It may require specifying regional endpoints when creating the service
982 # client as shown in:
983 # https://googleapis.dev/python/google-api-core/latest/client_options.html
984 from google.cloud import secretmanager_v1beta1
986 async def sample_delete_secret():
987 # Create a client
988 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
990 # Initialize request argument(s)
991 request = secretmanager_v1beta1.DeleteSecretRequest(
992 name="name_value",
993 )
995 # Make the request
996 await client.delete_secret(request=request)
998 Args:
999 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]]):
1000 The request object. Request message for
1001 [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret].
1002 name (:class:`str`):
1003 Required. The resource name of the
1004 [Secret][google.cloud.secrets.v1beta1.Secret] to delete
1005 in the format ``projects/*/secrets/*``.
1007 This corresponds to the ``name`` field
1008 on the ``request`` instance; if ``request`` is provided, this
1009 should not be set.
1010 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1011 should be retried.
1012 timeout (float): The timeout for this request.
1013 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1014 sent along with the request as metadata. Normally, each value must be of type `str`,
1015 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1016 be of type `bytes`.
1017 """
1018 # Create or coerce a protobuf request object.
1019 # - Quick check: If we got a request object, we should *not* have
1020 # gotten any keyword arguments that map to the request.
1021 flattened_params = [name]
1022 has_flattened_params = (
1023 len([param for param in flattened_params if param is not None]) > 0
1024 )
1025 if request is not None and has_flattened_params:
1026 raise ValueError(
1027 "If the `request` argument is set, then none of "
1028 "the individual field arguments should be set."
1029 )
1031 # - Use the request object if provided (there's no risk of modifying the input as
1032 # there are no flattened fields), or create one.
1033 if not isinstance(request, service.DeleteSecretRequest):
1034 request = service.DeleteSecretRequest(request)
1036 # If we have keyword arguments corresponding to fields on the
1037 # request, apply these.
1038 if name is not None:
1039 request.name = name
1041 # Wrap the RPC method; this adds retry and timeout information,
1042 # and friendly error handling.
1043 rpc = self._client._transport._wrapped_methods[
1044 self._client._transport.delete_secret
1045 ]
1047 # Certain fields should be provided within the metadata header;
1048 # add these here.
1049 metadata = tuple(metadata) + (
1050 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1051 )
1053 # Validate the universe domain.
1054 self._client._validate_universe_domain()
1056 # Send the request.
1057 await rpc(
1058 request,
1059 retry=retry,
1060 timeout=timeout,
1061 metadata=metadata,
1062 )
1064 async def list_secret_versions(
1065 self,
1066 request: Optional[Union[service.ListSecretVersionsRequest, dict]] = None,
1067 *,
1068 parent: Optional[str] = None,
1069 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1070 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1071 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1072 ) -> pagers.ListSecretVersionsAsyncPager:
1073 r"""Lists
1074 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
1075 This call does not return secret data.
1077 .. code-block:: python
1079 # This snippet has been automatically generated and should be regarded as a
1080 # code template only.
1081 # It will require modifications to work:
1082 # - It may require correct/in-range values for request initialization.
1083 # - It may require specifying regional endpoints when creating the service
1084 # client as shown in:
1085 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1086 from google.cloud import secretmanager_v1beta1
1088 async def sample_list_secret_versions():
1089 # Create a client
1090 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1092 # Initialize request argument(s)
1093 request = secretmanager_v1beta1.ListSecretVersionsRequest(
1094 parent="parent_value",
1095 )
1097 # Make the request
1098 page_result = client.list_secret_versions(request=request)
1100 # Handle the response
1101 async for response in page_result:
1102 print(response)
1104 Args:
1105 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]]):
1106 The request object. Request message for
1107 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1108 parent (:class:`str`):
1109 Required. The resource name of the
1110 [Secret][google.cloud.secrets.v1beta1.Secret] associated
1111 with the
1112 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]
1113 to list, in the format ``projects/*/secrets/*``.
1115 This corresponds to the ``parent`` field
1116 on the ``request`` instance; if ``request`` is provided, this
1117 should not be set.
1118 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1119 should be retried.
1120 timeout (float): The timeout for this request.
1121 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1122 sent along with the request as metadata. Normally, each value must be of type `str`,
1123 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1124 be of type `bytes`.
1126 Returns:
1127 google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsAsyncPager:
1128 Response message for
1129 [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions].
1131 Iterating over this object will yield results and
1132 resolve additional pages automatically.
1134 """
1135 # Create or coerce a protobuf request object.
1136 # - Quick check: If we got a request object, we should *not* have
1137 # gotten any keyword arguments that map to the request.
1138 flattened_params = [parent]
1139 has_flattened_params = (
1140 len([param for param in flattened_params if param is not None]) > 0
1141 )
1142 if request is not None and has_flattened_params:
1143 raise ValueError(
1144 "If the `request` argument is set, then none of "
1145 "the individual field arguments should be set."
1146 )
1148 # - Use the request object if provided (there's no risk of modifying the input as
1149 # there are no flattened fields), or create one.
1150 if not isinstance(request, service.ListSecretVersionsRequest):
1151 request = service.ListSecretVersionsRequest(request)
1153 # If we have keyword arguments corresponding to fields on the
1154 # request, apply these.
1155 if parent is not None:
1156 request.parent = parent
1158 # Wrap the RPC method; this adds retry and timeout information,
1159 # and friendly error handling.
1160 rpc = self._client._transport._wrapped_methods[
1161 self._client._transport.list_secret_versions
1162 ]
1164 # Certain fields should be provided within the metadata header;
1165 # add these here.
1166 metadata = tuple(metadata) + (
1167 gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)),
1168 )
1170 # Validate the universe domain.
1171 self._client._validate_universe_domain()
1173 # Send the request.
1174 response = await rpc(
1175 request,
1176 retry=retry,
1177 timeout=timeout,
1178 metadata=metadata,
1179 )
1181 # This method is paged; wrap the response in a pager, which provides
1182 # an `__aiter__` convenience method.
1183 response = pagers.ListSecretVersionsAsyncPager(
1184 method=rpc,
1185 request=request,
1186 response=response,
1187 retry=retry,
1188 timeout=timeout,
1189 metadata=metadata,
1190 )
1192 # Done; return the response.
1193 return response
1195 async def get_secret_version(
1196 self,
1197 request: Optional[Union[service.GetSecretVersionRequest, dict]] = None,
1198 *,
1199 name: Optional[str] = None,
1200 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1201 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1202 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1203 ) -> resources.SecretVersion:
1204 r"""Gets metadata for a
1205 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1207 ``projects/*/secrets/*/versions/latest`` is an alias to the
1208 ``latest``
1209 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1211 .. code-block:: python
1213 # This snippet has been automatically generated and should be regarded as a
1214 # code template only.
1215 # It will require modifications to work:
1216 # - It may require correct/in-range values for request initialization.
1217 # - It may require specifying regional endpoints when creating the service
1218 # client as shown in:
1219 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1220 from google.cloud import secretmanager_v1beta1
1222 async def sample_get_secret_version():
1223 # Create a client
1224 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1226 # Initialize request argument(s)
1227 request = secretmanager_v1beta1.GetSecretVersionRequest(
1228 name="name_value",
1229 )
1231 # Make the request
1232 response = await client.get_secret_version(request=request)
1234 # Handle the response
1235 print(response)
1237 Args:
1238 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]]):
1239 The request object. Request message for
1240 [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion].
1241 name (:class:`str`):
1242 Required. The resource name of the
1243 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1244 in the format ``projects/*/secrets/*/versions/*``.
1245 ``projects/*/secrets/*/versions/latest`` is an alias to
1246 the ``latest``
1247 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1249 This corresponds to the ``name`` field
1250 on the ``request`` instance; if ``request`` is provided, this
1251 should not be set.
1252 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1253 should be retried.
1254 timeout (float): The timeout for this request.
1255 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1256 sent along with the request as metadata. Normally, each value must be of type `str`,
1257 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1258 be of type `bytes`.
1260 Returns:
1261 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1262 A secret version resource in the
1263 Secret Manager API.
1265 """
1266 # Create or coerce a protobuf request object.
1267 # - Quick check: If we got a request object, we should *not* have
1268 # gotten any keyword arguments that map to the request.
1269 flattened_params = [name]
1270 has_flattened_params = (
1271 len([param for param in flattened_params if param is not None]) > 0
1272 )
1273 if request is not None and has_flattened_params:
1274 raise ValueError(
1275 "If the `request` argument is set, then none of "
1276 "the individual field arguments should be set."
1277 )
1279 # - Use the request object if provided (there's no risk of modifying the input as
1280 # there are no flattened fields), or create one.
1281 if not isinstance(request, service.GetSecretVersionRequest):
1282 request = service.GetSecretVersionRequest(request)
1284 # If we have keyword arguments corresponding to fields on the
1285 # request, apply these.
1286 if name is not None:
1287 request.name = name
1289 # Wrap the RPC method; this adds retry and timeout information,
1290 # and friendly error handling.
1291 rpc = self._client._transport._wrapped_methods[
1292 self._client._transport.get_secret_version
1293 ]
1295 # Certain fields should be provided within the metadata header;
1296 # add these here.
1297 metadata = tuple(metadata) + (
1298 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1299 )
1301 # Validate the universe domain.
1302 self._client._validate_universe_domain()
1304 # Send the request.
1305 response = await rpc(
1306 request,
1307 retry=retry,
1308 timeout=timeout,
1309 metadata=metadata,
1310 )
1312 # Done; return the response.
1313 return response
1315 async def access_secret_version(
1316 self,
1317 request: Optional[Union[service.AccessSecretVersionRequest, dict]] = None,
1318 *,
1319 name: Optional[str] = None,
1320 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1321 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1322 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1323 ) -> service.AccessSecretVersionResponse:
1324 r"""Accesses a
1325 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1326 This call returns the secret data.
1328 ``projects/*/secrets/*/versions/latest`` is an alias to the
1329 ``latest``
1330 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1332 .. code-block:: python
1334 # This snippet has been automatically generated and should be regarded as a
1335 # code template only.
1336 # It will require modifications to work:
1337 # - It may require correct/in-range values for request initialization.
1338 # - It may require specifying regional endpoints when creating the service
1339 # client as shown in:
1340 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1341 from google.cloud import secretmanager_v1beta1
1343 async def sample_access_secret_version():
1344 # Create a client
1345 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1347 # Initialize request argument(s)
1348 request = secretmanager_v1beta1.AccessSecretVersionRequest(
1349 name="name_value",
1350 )
1352 # Make the request
1353 response = await client.access_secret_version(request=request)
1355 # Handle the response
1356 print(response)
1358 Args:
1359 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]]):
1360 The request object. Request message for
1361 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1362 name (:class:`str`):
1363 Required. The resource name of the
1364 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1365 in the format ``projects/*/secrets/*/versions/*``.
1367 This corresponds to the ``name`` field
1368 on the ``request`` instance; if ``request`` is provided, this
1369 should not be set.
1370 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1371 should be retried.
1372 timeout (float): The timeout for this request.
1373 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1374 sent along with the request as metadata. Normally, each value must be of type `str`,
1375 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1376 be of type `bytes`.
1378 Returns:
1379 google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse:
1380 Response message for
1381 [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion].
1383 """
1384 # Create or coerce a protobuf request object.
1385 # - Quick check: If we got a request object, we should *not* have
1386 # gotten any keyword arguments that map to the request.
1387 flattened_params = [name]
1388 has_flattened_params = (
1389 len([param for param in flattened_params if param is not None]) > 0
1390 )
1391 if request is not None and has_flattened_params:
1392 raise ValueError(
1393 "If the `request` argument is set, then none of "
1394 "the individual field arguments should be set."
1395 )
1397 # - Use the request object if provided (there's no risk of modifying the input as
1398 # there are no flattened fields), or create one.
1399 if not isinstance(request, service.AccessSecretVersionRequest):
1400 request = service.AccessSecretVersionRequest(request)
1402 # If we have keyword arguments corresponding to fields on the
1403 # request, apply these.
1404 if name is not None:
1405 request.name = name
1407 # Wrap the RPC method; this adds retry and timeout information,
1408 # and friendly error handling.
1409 rpc = self._client._transport._wrapped_methods[
1410 self._client._transport.access_secret_version
1411 ]
1413 # Certain fields should be provided within the metadata header;
1414 # add these here.
1415 metadata = tuple(metadata) + (
1416 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1417 )
1419 # Validate the universe domain.
1420 self._client._validate_universe_domain()
1422 # Send the request.
1423 response = await rpc(
1424 request,
1425 retry=retry,
1426 timeout=timeout,
1427 metadata=metadata,
1428 )
1430 # Done; return the response.
1431 return response
1433 async def disable_secret_version(
1434 self,
1435 request: Optional[Union[service.DisableSecretVersionRequest, dict]] = None,
1436 *,
1437 name: Optional[str] = None,
1438 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1439 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1440 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1441 ) -> resources.SecretVersion:
1442 r"""Disables a
1443 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1445 Sets the
1446 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1447 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1448 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
1450 .. code-block:: python
1452 # This snippet has been automatically generated and should be regarded as a
1453 # code template only.
1454 # It will require modifications to work:
1455 # - It may require correct/in-range values for request initialization.
1456 # - It may require specifying regional endpoints when creating the service
1457 # client as shown in:
1458 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1459 from google.cloud import secretmanager_v1beta1
1461 async def sample_disable_secret_version():
1462 # Create a client
1463 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1465 # Initialize request argument(s)
1466 request = secretmanager_v1beta1.DisableSecretVersionRequest(
1467 name="name_value",
1468 )
1470 # Make the request
1471 response = await client.disable_secret_version(request=request)
1473 # Handle the response
1474 print(response)
1476 Args:
1477 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]]):
1478 The request object. Request message for
1479 [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion].
1480 name (:class:`str`):
1481 Required. The resource name of the
1482 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1483 to disable in the format
1484 ``projects/*/secrets/*/versions/*``.
1486 This corresponds to the ``name`` field
1487 on the ``request`` instance; if ``request`` is provided, this
1488 should not be set.
1489 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1490 should be retried.
1491 timeout (float): The timeout for this request.
1492 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1493 sent along with the request as metadata. Normally, each value must be of type `str`,
1494 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1495 be of type `bytes`.
1497 Returns:
1498 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1499 A secret version resource in the
1500 Secret Manager API.
1502 """
1503 # Create or coerce a protobuf request object.
1504 # - Quick check: If we got a request object, we should *not* have
1505 # gotten any keyword arguments that map to the request.
1506 flattened_params = [name]
1507 has_flattened_params = (
1508 len([param for param in flattened_params if param is not None]) > 0
1509 )
1510 if request is not None and has_flattened_params:
1511 raise ValueError(
1512 "If the `request` argument is set, then none of "
1513 "the individual field arguments should be set."
1514 )
1516 # - Use the request object if provided (there's no risk of modifying the input as
1517 # there are no flattened fields), or create one.
1518 if not isinstance(request, service.DisableSecretVersionRequest):
1519 request = service.DisableSecretVersionRequest(request)
1521 # If we have keyword arguments corresponding to fields on the
1522 # request, apply these.
1523 if name is not None:
1524 request.name = name
1526 # Wrap the RPC method; this adds retry and timeout information,
1527 # and friendly error handling.
1528 rpc = self._client._transport._wrapped_methods[
1529 self._client._transport.disable_secret_version
1530 ]
1532 # Certain fields should be provided within the metadata header;
1533 # add these here.
1534 metadata = tuple(metadata) + (
1535 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1536 )
1538 # Validate the universe domain.
1539 self._client._validate_universe_domain()
1541 # Send the request.
1542 response = await rpc(
1543 request,
1544 retry=retry,
1545 timeout=timeout,
1546 metadata=metadata,
1547 )
1549 # Done; return the response.
1550 return response
1552 async def enable_secret_version(
1553 self,
1554 request: Optional[Union[service.EnableSecretVersionRequest, dict]] = None,
1555 *,
1556 name: Optional[str] = None,
1557 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1558 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1559 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1560 ) -> resources.SecretVersion:
1561 r"""Enables a
1562 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1564 Sets the
1565 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1566 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1567 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
1569 .. code-block:: python
1571 # This snippet has been automatically generated and should be regarded as a
1572 # code template only.
1573 # It will require modifications to work:
1574 # - It may require correct/in-range values for request initialization.
1575 # - It may require specifying regional endpoints when creating the service
1576 # client as shown in:
1577 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1578 from google.cloud import secretmanager_v1beta1
1580 async def sample_enable_secret_version():
1581 # Create a client
1582 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1584 # Initialize request argument(s)
1585 request = secretmanager_v1beta1.EnableSecretVersionRequest(
1586 name="name_value",
1587 )
1589 # Make the request
1590 response = await client.enable_secret_version(request=request)
1592 # Handle the response
1593 print(response)
1595 Args:
1596 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]]):
1597 The request object. Request message for
1598 [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion].
1599 name (:class:`str`):
1600 Required. The resource name of the
1601 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1602 to enable in the format
1603 ``projects/*/secrets/*/versions/*``.
1605 This corresponds to the ``name`` field
1606 on the ``request`` instance; if ``request`` is provided, this
1607 should not be set.
1608 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1609 should be retried.
1610 timeout (float): The timeout for this request.
1611 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1612 sent along with the request as metadata. Normally, each value must be of type `str`,
1613 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1614 be of type `bytes`.
1616 Returns:
1617 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1618 A secret version resource in the
1619 Secret Manager API.
1621 """
1622 # Create or coerce a protobuf request object.
1623 # - Quick check: If we got a request object, we should *not* have
1624 # gotten any keyword arguments that map to the request.
1625 flattened_params = [name]
1626 has_flattened_params = (
1627 len([param for param in flattened_params if param is not None]) > 0
1628 )
1629 if request is not None and has_flattened_params:
1630 raise ValueError(
1631 "If the `request` argument is set, then none of "
1632 "the individual field arguments should be set."
1633 )
1635 # - Use the request object if provided (there's no risk of modifying the input as
1636 # there are no flattened fields), or create one.
1637 if not isinstance(request, service.EnableSecretVersionRequest):
1638 request = service.EnableSecretVersionRequest(request)
1640 # If we have keyword arguments corresponding to fields on the
1641 # request, apply these.
1642 if name is not None:
1643 request.name = name
1645 # Wrap the RPC method; this adds retry and timeout information,
1646 # and friendly error handling.
1647 rpc = self._client._transport._wrapped_methods[
1648 self._client._transport.enable_secret_version
1649 ]
1651 # Certain fields should be provided within the metadata header;
1652 # add these here.
1653 metadata = tuple(metadata) + (
1654 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1655 )
1657 # Validate the universe domain.
1658 self._client._validate_universe_domain()
1660 # Send the request.
1661 response = await rpc(
1662 request,
1663 retry=retry,
1664 timeout=timeout,
1665 metadata=metadata,
1666 )
1668 # Done; return the response.
1669 return response
1671 async def destroy_secret_version(
1672 self,
1673 request: Optional[Union[service.DestroySecretVersionRequest, dict]] = None,
1674 *,
1675 name: Optional[str] = None,
1676 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1677 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1678 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1679 ) -> resources.SecretVersion:
1680 r"""Destroys a
1681 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
1683 Sets the
1684 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
1685 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
1686 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
1687 and irrevocably destroys the secret data.
1689 .. code-block:: python
1691 # This snippet has been automatically generated and should be regarded as a
1692 # code template only.
1693 # It will require modifications to work:
1694 # - It may require correct/in-range values for request initialization.
1695 # - It may require specifying regional endpoints when creating the service
1696 # client as shown in:
1697 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1698 from google.cloud import secretmanager_v1beta1
1700 async def sample_destroy_secret_version():
1701 # Create a client
1702 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1704 # Initialize request argument(s)
1705 request = secretmanager_v1beta1.DestroySecretVersionRequest(
1706 name="name_value",
1707 )
1709 # Make the request
1710 response = await client.destroy_secret_version(request=request)
1712 # Handle the response
1713 print(response)
1715 Args:
1716 request (Optional[Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]]):
1717 The request object. Request message for
1718 [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion].
1719 name (:class:`str`):
1720 Required. The resource name of the
1721 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
1722 to destroy in the format
1723 ``projects/*/secrets/*/versions/*``.
1725 This corresponds to the ``name`` field
1726 on the ``request`` instance; if ``request`` is provided, this
1727 should not be set.
1728 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1729 should be retried.
1730 timeout (float): The timeout for this request.
1731 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1732 sent along with the request as metadata. Normally, each value must be of type `str`,
1733 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1734 be of type `bytes`.
1736 Returns:
1737 google.cloud.secretmanager_v1beta1.types.SecretVersion:
1738 A secret version resource in the
1739 Secret Manager API.
1741 """
1742 # Create or coerce a protobuf request object.
1743 # - Quick check: If we got a request object, we should *not* have
1744 # gotten any keyword arguments that map to the request.
1745 flattened_params = [name]
1746 has_flattened_params = (
1747 len([param for param in flattened_params if param is not None]) > 0
1748 )
1749 if request is not None and has_flattened_params:
1750 raise ValueError(
1751 "If the `request` argument is set, then none of "
1752 "the individual field arguments should be set."
1753 )
1755 # - Use the request object if provided (there's no risk of modifying the input as
1756 # there are no flattened fields), or create one.
1757 if not isinstance(request, service.DestroySecretVersionRequest):
1758 request = service.DestroySecretVersionRequest(request)
1760 # If we have keyword arguments corresponding to fields on the
1761 # request, apply these.
1762 if name is not None:
1763 request.name = name
1765 # Wrap the RPC method; this adds retry and timeout information,
1766 # and friendly error handling.
1767 rpc = self._client._transport._wrapped_methods[
1768 self._client._transport.destroy_secret_version
1769 ]
1771 # Certain fields should be provided within the metadata header;
1772 # add these here.
1773 metadata = tuple(metadata) + (
1774 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
1775 )
1777 # Validate the universe domain.
1778 self._client._validate_universe_domain()
1780 # Send the request.
1781 response = await rpc(
1782 request,
1783 retry=retry,
1784 timeout=timeout,
1785 metadata=metadata,
1786 )
1788 # Done; return the response.
1789 return response
1791 async def set_iam_policy(
1792 self,
1793 request: Optional[Union[iam_policy_pb2.SetIamPolicyRequest, dict]] = None,
1794 *,
1795 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1796 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1797 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1798 ) -> policy_pb2.Policy:
1799 r"""Sets the access control policy on the specified secret. Replaces
1800 any existing policy.
1802 Permissions on
1803 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
1804 enforced according to the policy set on the associated
1805 [Secret][google.cloud.secrets.v1beta1.Secret].
1807 .. code-block:: python
1809 # This snippet has been automatically generated and should be regarded as a
1810 # code template only.
1811 # It will require modifications to work:
1812 # - It may require correct/in-range values for request initialization.
1813 # - It may require specifying regional endpoints when creating the service
1814 # client as shown in:
1815 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1816 from google.cloud import secretmanager_v1beta1
1817 import google.iam.v1.iam_policy_pb2 as iam_policy_pb2 # type: ignore
1819 async def sample_set_iam_policy():
1820 # Create a client
1821 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1823 # Initialize request argument(s)
1824 request = iam_policy_pb2.SetIamPolicyRequest(
1825 resource="resource_value",
1826 )
1828 # Make the request
1829 response = await client.set_iam_policy(request=request)
1831 # Handle the response
1832 print(response)
1834 Args:
1835 request (Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]]):
1836 The request object. Request message for ``SetIamPolicy`` method.
1837 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1838 should be retried.
1839 timeout (float): The timeout for this request.
1840 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1841 sent along with the request as metadata. Normally, each value must be of type `str`,
1842 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1843 be of type `bytes`.
1845 Returns:
1846 google.iam.v1.policy_pb2.Policy:
1847 An Identity and Access Management (IAM) policy, which specifies access
1848 controls for Google Cloud resources.
1850 A Policy is a collection of bindings. A binding binds
1851 one or more members, or principals, to a single role.
1852 Principals can be user accounts, service accounts,
1853 Google groups, and domains (such as G Suite). A role
1854 is a named list of permissions; each role can be an
1855 IAM predefined role or a user-created custom role.
1857 For some types of Google Cloud resources, a binding
1858 can also specify a condition, which is a logical
1859 expression that allows access to a resource only if
1860 the expression evaluates to true. A condition can add
1861 constraints based on attributes of the request, the
1862 resource, or both. To learn which resources support
1863 conditions in their IAM policies, see the [IAM
1864 documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1866 **JSON example:**
1868 :literal:`` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
1870 **YAML example:**
1872 :literal:`` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
1874 For a description of IAM and its features, see the
1875 [IAM
1876 documentation](https://cloud.google.com/iam/docs/).
1878 """
1879 # Create or coerce a protobuf request object.
1880 # - The request isn't a proto-plus wrapped type,
1881 # so it must be constructed via keyword expansion.
1882 if isinstance(request, dict):
1883 request = iam_policy_pb2.SetIamPolicyRequest(**request)
1884 elif not request:
1885 request = iam_policy_pb2.SetIamPolicyRequest()
1887 # Wrap the RPC method; this adds retry and timeout information,
1888 # and friendly error handling.
1889 rpc = self._client._transport._wrapped_methods[
1890 self._client._transport.set_iam_policy
1891 ]
1893 # Certain fields should be provided within the metadata header;
1894 # add these here.
1895 metadata = tuple(metadata) + (
1896 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
1897 )
1899 # Validate the universe domain.
1900 self._client._validate_universe_domain()
1902 # Send the request.
1903 response = await rpc(
1904 request,
1905 retry=retry,
1906 timeout=timeout,
1907 metadata=metadata,
1908 )
1910 # Done; return the response.
1911 return response
1913 async def get_iam_policy(
1914 self,
1915 request: Optional[Union[iam_policy_pb2.GetIamPolicyRequest, dict]] = None,
1916 *,
1917 retry: OptionalRetry = gapic_v1.method.DEFAULT,
1918 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
1919 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
1920 ) -> policy_pb2.Policy:
1921 r"""Gets the access control policy for a secret.
1922 Returns empty policy if the secret exists and does not
1923 have a policy set.
1925 .. code-block:: python
1927 # This snippet has been automatically generated and should be regarded as a
1928 # code template only.
1929 # It will require modifications to work:
1930 # - It may require correct/in-range values for request initialization.
1931 # - It may require specifying regional endpoints when creating the service
1932 # client as shown in:
1933 # https://googleapis.dev/python/google-api-core/latest/client_options.html
1934 from google.cloud import secretmanager_v1beta1
1935 import google.iam.v1.iam_policy_pb2 as iam_policy_pb2 # type: ignore
1937 async def sample_get_iam_policy():
1938 # Create a client
1939 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
1941 # Initialize request argument(s)
1942 request = iam_policy_pb2.GetIamPolicyRequest(
1943 resource="resource_value",
1944 )
1946 # Make the request
1947 response = await client.get_iam_policy(request=request)
1949 # Handle the response
1950 print(response)
1952 Args:
1953 request (Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]]):
1954 The request object. Request message for ``GetIamPolicy`` method.
1955 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
1956 should be retried.
1957 timeout (float): The timeout for this request.
1958 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
1959 sent along with the request as metadata. Normally, each value must be of type `str`,
1960 but for metadata keys ending with the suffix `-bin`, the corresponding values must
1961 be of type `bytes`.
1963 Returns:
1964 google.iam.v1.policy_pb2.Policy:
1965 An Identity and Access Management (IAM) policy, which specifies access
1966 controls for Google Cloud resources.
1968 A Policy is a collection of bindings. A binding binds
1969 one or more members, or principals, to a single role.
1970 Principals can be user accounts, service accounts,
1971 Google groups, and domains (such as G Suite). A role
1972 is a named list of permissions; each role can be an
1973 IAM predefined role or a user-created custom role.
1975 For some types of Google Cloud resources, a binding
1976 can also specify a condition, which is a logical
1977 expression that allows access to a resource only if
1978 the expression evaluates to true. A condition can add
1979 constraints based on attributes of the request, the
1980 resource, or both. To learn which resources support
1981 conditions in their IAM policies, see the [IAM
1982 documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
1984 **JSON example:**
1986 :literal:`` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }`\ \`
1988 **YAML example:**
1990 :literal:`` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3`\ \`
1992 For a description of IAM and its features, see the
1993 [IAM
1994 documentation](https://cloud.google.com/iam/docs/).
1996 """
1997 # Create or coerce a protobuf request object.
1998 # - The request isn't a proto-plus wrapped type,
1999 # so it must be constructed via keyword expansion.
2000 if isinstance(request, dict):
2001 request = iam_policy_pb2.GetIamPolicyRequest(**request)
2002 elif not request:
2003 request = iam_policy_pb2.GetIamPolicyRequest()
2005 # Wrap the RPC method; this adds retry and timeout information,
2006 # and friendly error handling.
2007 rpc = self._client._transport._wrapped_methods[
2008 self._client._transport.get_iam_policy
2009 ]
2011 # Certain fields should be provided within the metadata header;
2012 # add these here.
2013 metadata = tuple(metadata) + (
2014 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2015 )
2017 # Validate the universe domain.
2018 self._client._validate_universe_domain()
2020 # Send the request.
2021 response = await rpc(
2022 request,
2023 retry=retry,
2024 timeout=timeout,
2025 metadata=metadata,
2026 )
2028 # Done; return the response.
2029 return response
2031 async def test_iam_permissions(
2032 self,
2033 request: Optional[Union[iam_policy_pb2.TestIamPermissionsRequest, dict]] = None,
2034 *,
2035 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2036 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2037 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2038 ) -> iam_policy_pb2.TestIamPermissionsResponse:
2039 r"""Returns permissions that a caller has for the specified secret.
2040 If the secret does not exist, this call returns an empty set of
2041 permissions, not a NOT_FOUND error.
2043 Note: This operation is designed to be used for building
2044 permission-aware UIs and command-line tools, not for
2045 authorization checking. This operation may "fail open" without
2046 warning.
2048 .. code-block:: python
2050 # This snippet has been automatically generated and should be regarded as a
2051 # code template only.
2052 # It will require modifications to work:
2053 # - It may require correct/in-range values for request initialization.
2054 # - It may require specifying regional endpoints when creating the service
2055 # client as shown in:
2056 # https://googleapis.dev/python/google-api-core/latest/client_options.html
2057 from google.cloud import secretmanager_v1beta1
2058 import google.iam.v1.iam_policy_pb2 as iam_policy_pb2 # type: ignore
2060 async def sample_test_iam_permissions():
2061 # Create a client
2062 client = secretmanager_v1beta1.SecretManagerServiceAsyncClient()
2064 # Initialize request argument(s)
2065 request = iam_policy_pb2.TestIamPermissionsRequest(
2066 resource="resource_value",
2067 permissions=['permissions_value1', 'permissions_value2'],
2068 )
2070 # Make the request
2071 response = await client.test_iam_permissions(request=request)
2073 # Handle the response
2074 print(response)
2076 Args:
2077 request (Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]]):
2078 The request object. Request message for ``TestIamPermissions`` method.
2079 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any,
2080 should be retried.
2081 timeout (float): The timeout for this request.
2082 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2083 sent along with the request as metadata. Normally, each value must be of type `str`,
2084 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2085 be of type `bytes`.
2087 Returns:
2088 google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse:
2089 Response message for TestIamPermissions method.
2090 """
2091 # Create or coerce a protobuf request object.
2092 # - The request isn't a proto-plus wrapped type,
2093 # so it must be constructed via keyword expansion.
2094 if isinstance(request, dict):
2095 request = iam_policy_pb2.TestIamPermissionsRequest(**request)
2096 elif not request:
2097 request = iam_policy_pb2.TestIamPermissionsRequest()
2099 # Wrap the RPC method; this adds retry and timeout information,
2100 # and friendly error handling.
2101 rpc = self._client._transport._wrapped_methods[
2102 self._client._transport.test_iam_permissions
2103 ]
2105 # Certain fields should be provided within the metadata header;
2106 # add these here.
2107 metadata = tuple(metadata) + (
2108 gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)),
2109 )
2111 # Validate the universe domain.
2112 self._client._validate_universe_domain()
2114 # Send the request.
2115 response = await rpc(
2116 request,
2117 retry=retry,
2118 timeout=timeout,
2119 metadata=metadata,
2120 )
2122 # Done; return the response.
2123 return response
2125 async def get_location(
2126 self,
2127 request: Optional[locations_pb2.GetLocationRequest] = None,
2128 *,
2129 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2130 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2131 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2132 ) -> locations_pb2.Location:
2133 r"""Gets information about a location.
2135 Args:
2136 request (:class:`~.location_pb2.GetLocationRequest`):
2137 The request object. Request message for
2138 `GetLocation` method.
2139 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors,
2140 if any, should be retried.
2141 timeout (float): The timeout for this request.
2142 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2143 sent along with the request as metadata. Normally, each value must be of type `str`,
2144 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2145 be of type `bytes`.
2146 Returns:
2147 ~.location_pb2.Location:
2148 Location object.
2149 """
2150 # Create or coerce a protobuf request object.
2151 # The request isn't a proto-plus wrapped type,
2152 # so it must be constructed via keyword expansion.
2153 if isinstance(request, dict):
2154 request = locations_pb2.GetLocationRequest(**request)
2156 # Wrap the RPC method; this adds retry and timeout information,
2157 # and friendly error handling.
2158 rpc = self.transport._wrapped_methods[self._client._transport.get_location]
2160 # Certain fields should be provided within the metadata header;
2161 # add these here.
2162 metadata = tuple(metadata) + (
2163 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
2164 )
2166 # Validate the universe domain.
2167 self._client._validate_universe_domain()
2169 # Send the request.
2170 response = await rpc(
2171 request,
2172 retry=retry,
2173 timeout=timeout,
2174 metadata=metadata,
2175 )
2177 # Done; return the response.
2178 return response
2180 async def list_locations(
2181 self,
2182 request: Optional[locations_pb2.ListLocationsRequest] = None,
2183 *,
2184 retry: OptionalRetry = gapic_v1.method.DEFAULT,
2185 timeout: Union[float, object] = gapic_v1.method.DEFAULT,
2186 metadata: Sequence[Tuple[str, Union[str, bytes]]] = (),
2187 ) -> locations_pb2.ListLocationsResponse:
2188 r"""Lists information about the supported locations for this service.
2190 Args:
2191 request (:class:`~.location_pb2.ListLocationsRequest`):
2192 The request object. Request message for
2193 `ListLocations` method.
2194 retry (google.api_core.retry_async.AsyncRetry): Designation of what errors,
2195 if any, should be retried.
2196 timeout (float): The timeout for this request.
2197 metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be
2198 sent along with the request as metadata. Normally, each value must be of type `str`,
2199 but for metadata keys ending with the suffix `-bin`, the corresponding values must
2200 be of type `bytes`.
2201 Returns:
2202 ~.location_pb2.ListLocationsResponse:
2203 Response message for ``ListLocations`` method.
2204 """
2205 # Create or coerce a protobuf request object.
2206 # The request isn't a proto-plus wrapped type,
2207 # so it must be constructed via keyword expansion.
2208 if isinstance(request, dict):
2209 request = locations_pb2.ListLocationsRequest(**request)
2211 # Wrap the RPC method; this adds retry and timeout information,
2212 # and friendly error handling.
2213 rpc = self.transport._wrapped_methods[self._client._transport.list_locations]
2215 # Certain fields should be provided within the metadata header;
2216 # add these here.
2217 metadata = tuple(metadata) + (
2218 gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)),
2219 )
2221 # Validate the universe domain.
2222 self._client._validate_universe_domain()
2224 # Send the request.
2225 response = await rpc(
2226 request,
2227 retry=retry,
2228 timeout=timeout,
2229 metadata=metadata,
2230 )
2232 # Done; return the response.
2233 return response
2235 async def __aenter__(self) -> "SecretManagerServiceAsyncClient":
2236 return self
2238 async def __aexit__(self, exc_type, exc, tb):
2239 await self.transport.close()
2242DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(
2243 gapic_version=package_version.__version__
2244)
2246if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER
2247 DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__
2250__all__ = ("SecretManagerServiceAsyncClient",)