Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2026 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import inspect
17import json
18import logging as std_logging
19import pickle
20import warnings
21from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union
23import google.iam.v1.iam_policy_pb2 as iam_policy_pb2 # type: ignore
24import google.iam.v1.policy_pb2 as policy_pb2 # type: ignore
25import google.protobuf.empty_pb2 as empty_pb2 # type: ignore
26import google.protobuf.message
27import grpc # type: ignore
28import proto # type: ignore
29from google.api_core import exceptions as core_exceptions
30from google.api_core import gapic_v1, grpc_helpers_async
31from google.api_core import retry_async as retries
32from google.auth import credentials as ga_credentials # type: ignore
33from google.auth.transport.grpc import SslCredentials # type: ignore
34from google.cloud.location import locations_pb2 # type: ignore
35from google.protobuf.json_format import MessageToJson
36from grpc.experimental import aio # type: ignore
38from google.cloud.secretmanager_v1beta1.types import resources, service
40from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
41from .grpc import SecretManagerServiceGrpcTransport
43try:
44 from google.api_core import client_logging # type: ignore
46 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
47except ImportError: # pragma: NO COVER
48 CLIENT_LOGGING_SUPPORTED = False
50_LOGGER = std_logging.getLogger(__name__)
53class _LoggingClientAIOInterceptor(
54 grpc.aio.UnaryUnaryClientInterceptor
55): # pragma: NO COVER
56 async def intercept_unary_unary(self, continuation, client_call_details, request):
57 logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
58 std_logging.DEBUG
59 )
60 if logging_enabled: # pragma: NO COVER
61 request_metadata = client_call_details.metadata
62 if isinstance(request, proto.Message):
63 request_payload = type(request).to_json(request)
64 elif isinstance(request, google.protobuf.message.Message):
65 request_payload = MessageToJson(request)
66 else:
67 request_payload = f"{type(request).__name__}: {pickle.dumps(request)!r}"
69 request_metadata = {
70 key: value.decode("utf-8") if isinstance(value, bytes) else value
71 for key, value in request_metadata
72 }
73 grpc_request = {
74 "payload": request_payload,
75 "requestMethod": "grpc",
76 "metadata": dict(request_metadata),
77 }
78 _LOGGER.debug(
79 f"Sending request for {client_call_details.method}",
80 extra={
81 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
82 "rpcName": str(client_call_details.method),
83 "request": grpc_request,
84 "metadata": grpc_request["metadata"],
85 },
86 )
87 response = await continuation(client_call_details, request)
88 if logging_enabled: # pragma: NO COVER
89 response_metadata = await response.trailing_metadata()
90 # Convert gRPC metadata `<class 'grpc.aio._metadata.Metadata'>` to list of tuples
91 metadata = (
92 dict([(k, str(v)) for k, v in response_metadata])
93 if response_metadata
94 else None
95 )
96 result = await response
97 if isinstance(result, proto.Message):
98 response_payload = type(result).to_json(result)
99 elif isinstance(result, google.protobuf.message.Message):
100 response_payload = MessageToJson(result)
101 else:
102 response_payload = f"{type(result).__name__}: {pickle.dumps(result)!r}"
103 grpc_response = {
104 "payload": response_payload,
105 "metadata": metadata,
106 "status": "OK",
107 }
108 _LOGGER.debug(
109 f"Received response to rpc {client_call_details.method}.",
110 extra={
111 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
112 "rpcName": str(client_call_details.method),
113 "response": grpc_response,
114 "metadata": grpc_response["metadata"],
115 },
116 )
117 return response
120class SecretManagerServiceGrpcAsyncIOTransport(SecretManagerServiceTransport):
121 """gRPC AsyncIO backend transport for SecretManagerService.
123 Secret Manager Service
125 Manages secrets and operations using those secrets. Implements a
126 REST model with the following objects:
128 - [Secret][google.cloud.secrets.v1beta1.Secret]
129 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
131 This class defines the same methods as the primary client, so the
132 primary client can load the underlying transport implementation
133 and call it.
135 It sends protocol buffers over the wire using gRPC (which is built on
136 top of HTTP/2); the ``grpcio`` package must be installed.
137 """
139 _grpc_channel: aio.Channel
140 _stubs: Dict[str, Callable] = {}
142 @classmethod
143 def create_channel(
144 cls,
145 host: str = "secretmanager.googleapis.com",
146 credentials: Optional[ga_credentials.Credentials] = None,
147 credentials_file: Optional[str] = None,
148 scopes: Optional[Sequence[str]] = None,
149 quota_project_id: Optional[str] = None,
150 **kwargs,
151 ) -> aio.Channel:
152 """Create and return a gRPC AsyncIO channel object.
153 Args:
154 host (Optional[str]): The host for the channel to use.
155 credentials (Optional[~.Credentials]): The
156 authorization credentials to attach to requests. These
157 credentials identify this application to the service. If
158 none are specified, the client will attempt to ascertain
159 the credentials from the environment.
160 credentials_file (Optional[str]): Deprecated. A file with credentials that can
161 be loaded with :func:`google.auth.load_credentials_from_file`. This argument will be
162 removed in the next major version of this library.
163 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
164 service. These are only used when credentials are not specified and
165 are passed to :func:`google.auth.default`.
166 quota_project_id (Optional[str]): An optional project to use for billing
167 and quota.
168 kwargs (Optional[dict]): Keyword arguments, which are passed to the
169 channel creation.
170 Returns:
171 aio.Channel: A gRPC AsyncIO channel object.
172 """
174 return grpc_helpers_async.create_channel(
175 host,
176 credentials=credentials,
177 credentials_file=credentials_file,
178 quota_project_id=quota_project_id,
179 default_scopes=cls.AUTH_SCOPES,
180 scopes=scopes,
181 default_host=cls.DEFAULT_HOST,
182 **kwargs,
183 )
185 def __init__(
186 self,
187 *,
188 host: str = "secretmanager.googleapis.com",
189 credentials: Optional[ga_credentials.Credentials] = None,
190 credentials_file: Optional[str] = None,
191 scopes: Optional[Sequence[str]] = None,
192 channel: Optional[Union[aio.Channel, Callable[..., aio.Channel]]] = None,
193 api_mtls_endpoint: Optional[str] = None,
194 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
195 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
196 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
197 quota_project_id: Optional[str] = None,
198 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
199 always_use_jwt_access: Optional[bool] = False,
200 api_audience: Optional[str] = None,
201 ) -> None:
202 """Instantiate the transport.
204 Args:
205 host (Optional[str]):
206 The hostname to connect to (default: 'secretmanager.googleapis.com').
207 credentials (Optional[google.auth.credentials.Credentials]): The
208 authorization credentials to attach to requests. These
209 credentials identify the application to the service; if none
210 are specified, the client will attempt to ascertain the
211 credentials from the environment.
212 This argument is ignored if a ``channel`` instance is provided.
213 credentials_file (Optional[str]): Deprecated. A file with credentials that can
214 be loaded with :func:`google.auth.load_credentials_from_file`.
215 This argument is ignored if a ``channel`` instance is provided.
216 This argument will be removed in the next major version of this library.
217 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
218 service. These are only used when credentials are not specified and
219 are passed to :func:`google.auth.default`.
220 channel (Optional[Union[aio.Channel, Callable[..., aio.Channel]]]):
221 A ``Channel`` instance through which to make calls, or a Callable
222 that constructs and returns one. If set to None, ``self.create_channel``
223 is used to create the channel. If a Callable is given, it will be called
224 with the same arguments as used in ``self.create_channel``.
225 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
226 If provided, it overrides the ``host`` argument and tries to create
227 a mutual TLS channel with client SSL credentials from
228 ``client_cert_source`` or application default SSL credentials.
229 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
230 Deprecated. A callback to provide client SSL certificate bytes and
231 private key bytes, both in PEM format. It is ignored if
232 ``api_mtls_endpoint`` is None.
233 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
234 for the grpc channel. It is ignored if a ``channel`` instance is provided.
235 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
236 A callback to provide client certificate bytes and private key bytes,
237 both in PEM format. It is used to configure a mutual TLS channel. It is
238 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
239 quota_project_id (Optional[str]): An optional project to use for billing
240 and quota.
241 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
242 The client info used to send a user-agent string along with
243 API requests. If ``None``, then default info will be used.
244 Generally, you only need to set this if you're developing
245 your own client library.
246 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
247 be used for service account credentials.
248 api_audience (Optional[str]): The intended audience for the API calls
249 to the service that will be set when using certain 3rd party
250 authentication flows. Audience is typically a resource identifier.
251 If not set, the host value will be used as a default.
253 Raises:
254 google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport
255 creation failed for any reason.
256 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
257 and ``credentials_file`` are passed.
258 """
259 self._grpc_channel = None
260 self._ssl_channel_credentials = ssl_channel_credentials
261 self._stubs: Dict[str, Callable] = {}
263 if api_mtls_endpoint:
264 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
265 if client_cert_source:
266 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
268 if isinstance(channel, aio.Channel):
269 # Ignore credentials if a channel was passed.
270 credentials = None
271 self._ignore_credentials = True
272 # If a channel was explicitly provided, set it.
273 self._grpc_channel = channel
274 self._ssl_channel_credentials = None
275 else:
276 if api_mtls_endpoint:
277 host = api_mtls_endpoint
279 # Create SSL credentials with client_cert_source or application
280 # default SSL credentials.
281 if client_cert_source:
282 cert, key = client_cert_source()
283 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
284 certificate_chain=cert, private_key=key
285 )
286 else:
287 self._ssl_channel_credentials = SslCredentials().ssl_credentials
289 else:
290 if client_cert_source_for_mtls and not ssl_channel_credentials:
291 cert, key = client_cert_source_for_mtls()
292 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
293 certificate_chain=cert, private_key=key
294 )
296 # The base transport sets the host, credentials and scopes
297 super().__init__(
298 host=host,
299 credentials=credentials,
300 credentials_file=credentials_file,
301 scopes=scopes,
302 quota_project_id=quota_project_id,
303 client_info=client_info,
304 always_use_jwt_access=always_use_jwt_access,
305 api_audience=api_audience,
306 )
308 if not self._grpc_channel:
309 # initialize with the provided callable or the default channel
310 channel_init = channel or type(self).create_channel
311 self._grpc_channel = channel_init(
312 self._host,
313 # use the credentials which are saved
314 credentials=self._credentials,
315 # Set ``credentials_file`` to ``None`` here as
316 # the credentials that we saved earlier should be used.
317 credentials_file=None,
318 scopes=self._scopes,
319 ssl_credentials=self._ssl_channel_credentials,
320 quota_project_id=quota_project_id,
321 options=[
322 ("grpc.max_send_message_length", -1),
323 ("grpc.max_receive_message_length", -1),
324 ],
325 )
327 self._interceptor = _LoggingClientAIOInterceptor()
328 self._grpc_channel._unary_unary_interceptors.append(self._interceptor)
329 self._logged_channel = self._grpc_channel
330 self._wrap_with_kind = (
331 "kind" in inspect.signature(gapic_v1.method_async.wrap_method).parameters
332 )
333 # Wrap messages. This must be done after self._logged_channel exists
334 self._prep_wrapped_messages(client_info)
336 @property
337 def grpc_channel(self) -> aio.Channel:
338 """Create the channel designed to connect to this service.
340 This property caches on the instance; repeated calls return
341 the same channel.
342 """
343 # Return the channel from cache.
344 return self._grpc_channel
346 @property
347 def list_secrets(
348 self,
349 ) -> Callable[[service.ListSecretsRequest], Awaitable[service.ListSecretsResponse]]:
350 r"""Return a callable for the list secrets method over gRPC.
352 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
354 Returns:
355 Callable[[~.ListSecretsRequest],
356 Awaitable[~.ListSecretsResponse]]:
357 A function that, when called, will call the underlying RPC
358 on the server.
359 """
360 # Generate a "stub function" on-the-fly which will actually make
361 # the request.
362 # gRPC handles serialization and deserialization, so we just need
363 # to pass in the functions for each.
364 if "list_secrets" not in self._stubs:
365 self._stubs["list_secrets"] = self._logged_channel.unary_unary(
366 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
367 request_serializer=service.ListSecretsRequest.serialize,
368 response_deserializer=service.ListSecretsResponse.deserialize,
369 )
370 return self._stubs["list_secrets"]
372 @property
373 def create_secret(
374 self,
375 ) -> Callable[[service.CreateSecretRequest], Awaitable[resources.Secret]]:
376 r"""Return a callable for the create secret method over gRPC.
378 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
379 containing no
380 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
382 Returns:
383 Callable[[~.CreateSecretRequest],
384 Awaitable[~.Secret]]:
385 A function that, when called, will call the underlying RPC
386 on the server.
387 """
388 # Generate a "stub function" on-the-fly which will actually make
389 # the request.
390 # gRPC handles serialization and deserialization, so we just need
391 # to pass in the functions for each.
392 if "create_secret" not in self._stubs:
393 self._stubs["create_secret"] = self._logged_channel.unary_unary(
394 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
395 request_serializer=service.CreateSecretRequest.serialize,
396 response_deserializer=resources.Secret.deserialize,
397 )
398 return self._stubs["create_secret"]
400 @property
401 def add_secret_version(
402 self,
403 ) -> Callable[
404 [service.AddSecretVersionRequest], Awaitable[resources.SecretVersion]
405 ]:
406 r"""Return a callable for the add secret version method over gRPC.
408 Creates a new
409 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
410 containing secret data and attaches it to an existing
411 [Secret][google.cloud.secrets.v1beta1.Secret].
413 Returns:
414 Callable[[~.AddSecretVersionRequest],
415 Awaitable[~.SecretVersion]]:
416 A function that, when called, will call the underlying RPC
417 on the server.
418 """
419 # Generate a "stub function" on-the-fly which will actually make
420 # the request.
421 # gRPC handles serialization and deserialization, so we just need
422 # to pass in the functions for each.
423 if "add_secret_version" not in self._stubs:
424 self._stubs["add_secret_version"] = self._logged_channel.unary_unary(
425 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
426 request_serializer=service.AddSecretVersionRequest.serialize,
427 response_deserializer=resources.SecretVersion.deserialize,
428 )
429 return self._stubs["add_secret_version"]
431 @property
432 def get_secret(
433 self,
434 ) -> Callable[[service.GetSecretRequest], Awaitable[resources.Secret]]:
435 r"""Return a callable for the get secret method over gRPC.
437 Gets metadata for a given
438 [Secret][google.cloud.secrets.v1beta1.Secret].
440 Returns:
441 Callable[[~.GetSecretRequest],
442 Awaitable[~.Secret]]:
443 A function that, when called, will call the underlying RPC
444 on the server.
445 """
446 # Generate a "stub function" on-the-fly which will actually make
447 # the request.
448 # gRPC handles serialization and deserialization, so we just need
449 # to pass in the functions for each.
450 if "get_secret" not in self._stubs:
451 self._stubs["get_secret"] = self._logged_channel.unary_unary(
452 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
453 request_serializer=service.GetSecretRequest.serialize,
454 response_deserializer=resources.Secret.deserialize,
455 )
456 return self._stubs["get_secret"]
458 @property
459 def update_secret(
460 self,
461 ) -> Callable[[service.UpdateSecretRequest], Awaitable[resources.Secret]]:
462 r"""Return a callable for the update secret method over gRPC.
464 Updates metadata of an existing
465 [Secret][google.cloud.secrets.v1beta1.Secret].
467 Returns:
468 Callable[[~.UpdateSecretRequest],
469 Awaitable[~.Secret]]:
470 A function that, when called, will call the underlying RPC
471 on the server.
472 """
473 # Generate a "stub function" on-the-fly which will actually make
474 # the request.
475 # gRPC handles serialization and deserialization, so we just need
476 # to pass in the functions for each.
477 if "update_secret" not in self._stubs:
478 self._stubs["update_secret"] = self._logged_channel.unary_unary(
479 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
480 request_serializer=service.UpdateSecretRequest.serialize,
481 response_deserializer=resources.Secret.deserialize,
482 )
483 return self._stubs["update_secret"]
485 @property
486 def delete_secret(
487 self,
488 ) -> Callable[[service.DeleteSecretRequest], Awaitable[empty_pb2.Empty]]:
489 r"""Return a callable for the delete secret method over gRPC.
491 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
493 Returns:
494 Callable[[~.DeleteSecretRequest],
495 Awaitable[~.Empty]]:
496 A function that, when called, will call the underlying RPC
497 on the server.
498 """
499 # Generate a "stub function" on-the-fly which will actually make
500 # the request.
501 # gRPC handles serialization and deserialization, so we just need
502 # to pass in the functions for each.
503 if "delete_secret" not in self._stubs:
504 self._stubs["delete_secret"] = self._logged_channel.unary_unary(
505 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
506 request_serializer=service.DeleteSecretRequest.serialize,
507 response_deserializer=empty_pb2.Empty.FromString,
508 )
509 return self._stubs["delete_secret"]
511 @property
512 def list_secret_versions(
513 self,
514 ) -> Callable[
515 [service.ListSecretVersionsRequest],
516 Awaitable[service.ListSecretVersionsResponse],
517 ]:
518 r"""Return a callable for the list secret versions method over gRPC.
520 Lists
521 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
522 This call does not return secret data.
524 Returns:
525 Callable[[~.ListSecretVersionsRequest],
526 Awaitable[~.ListSecretVersionsResponse]]:
527 A function that, when called, will call the underlying RPC
528 on the server.
529 """
530 # Generate a "stub function" on-the-fly which will actually make
531 # the request.
532 # gRPC handles serialization and deserialization, so we just need
533 # to pass in the functions for each.
534 if "list_secret_versions" not in self._stubs:
535 self._stubs["list_secret_versions"] = self._logged_channel.unary_unary(
536 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
537 request_serializer=service.ListSecretVersionsRequest.serialize,
538 response_deserializer=service.ListSecretVersionsResponse.deserialize,
539 )
540 return self._stubs["list_secret_versions"]
542 @property
543 def get_secret_version(
544 self,
545 ) -> Callable[
546 [service.GetSecretVersionRequest], Awaitable[resources.SecretVersion]
547 ]:
548 r"""Return a callable for the get secret version method over gRPC.
550 Gets metadata for a
551 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
553 ``projects/*/secrets/*/versions/latest`` is an alias to the
554 ``latest``
555 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
557 Returns:
558 Callable[[~.GetSecretVersionRequest],
559 Awaitable[~.SecretVersion]]:
560 A function that, when called, will call the underlying RPC
561 on the server.
562 """
563 # Generate a "stub function" on-the-fly which will actually make
564 # the request.
565 # gRPC handles serialization and deserialization, so we just need
566 # to pass in the functions for each.
567 if "get_secret_version" not in self._stubs:
568 self._stubs["get_secret_version"] = self._logged_channel.unary_unary(
569 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
570 request_serializer=service.GetSecretVersionRequest.serialize,
571 response_deserializer=resources.SecretVersion.deserialize,
572 )
573 return self._stubs["get_secret_version"]
575 @property
576 def access_secret_version(
577 self,
578 ) -> Callable[
579 [service.AccessSecretVersionRequest],
580 Awaitable[service.AccessSecretVersionResponse],
581 ]:
582 r"""Return a callable for the access secret version method over gRPC.
584 Accesses a
585 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
586 This call returns the secret data.
588 ``projects/*/secrets/*/versions/latest`` is an alias to the
589 ``latest``
590 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
592 Returns:
593 Callable[[~.AccessSecretVersionRequest],
594 Awaitable[~.AccessSecretVersionResponse]]:
595 A function that, when called, will call the underlying RPC
596 on the server.
597 """
598 # Generate a "stub function" on-the-fly which will actually make
599 # the request.
600 # gRPC handles serialization and deserialization, so we just need
601 # to pass in the functions for each.
602 if "access_secret_version" not in self._stubs:
603 self._stubs["access_secret_version"] = self._logged_channel.unary_unary(
604 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
605 request_serializer=service.AccessSecretVersionRequest.serialize,
606 response_deserializer=service.AccessSecretVersionResponse.deserialize,
607 )
608 return self._stubs["access_secret_version"]
610 @property
611 def disable_secret_version(
612 self,
613 ) -> Callable[
614 [service.DisableSecretVersionRequest], Awaitable[resources.SecretVersion]
615 ]:
616 r"""Return a callable for the disable secret version method over gRPC.
618 Disables a
619 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
621 Sets the
622 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
623 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
624 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
626 Returns:
627 Callable[[~.DisableSecretVersionRequest],
628 Awaitable[~.SecretVersion]]:
629 A function that, when called, will call the underlying RPC
630 on the server.
631 """
632 # Generate a "stub function" on-the-fly which will actually make
633 # the request.
634 # gRPC handles serialization and deserialization, so we just need
635 # to pass in the functions for each.
636 if "disable_secret_version" not in self._stubs:
637 self._stubs["disable_secret_version"] = self._logged_channel.unary_unary(
638 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
639 request_serializer=service.DisableSecretVersionRequest.serialize,
640 response_deserializer=resources.SecretVersion.deserialize,
641 )
642 return self._stubs["disable_secret_version"]
644 @property
645 def enable_secret_version(
646 self,
647 ) -> Callable[
648 [service.EnableSecretVersionRequest], Awaitable[resources.SecretVersion]
649 ]:
650 r"""Return a callable for the enable secret version method over gRPC.
652 Enables a
653 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
655 Sets the
656 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
657 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
658 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
660 Returns:
661 Callable[[~.EnableSecretVersionRequest],
662 Awaitable[~.SecretVersion]]:
663 A function that, when called, will call the underlying RPC
664 on the server.
665 """
666 # Generate a "stub function" on-the-fly which will actually make
667 # the request.
668 # gRPC handles serialization and deserialization, so we just need
669 # to pass in the functions for each.
670 if "enable_secret_version" not in self._stubs:
671 self._stubs["enable_secret_version"] = self._logged_channel.unary_unary(
672 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
673 request_serializer=service.EnableSecretVersionRequest.serialize,
674 response_deserializer=resources.SecretVersion.deserialize,
675 )
676 return self._stubs["enable_secret_version"]
678 @property
679 def destroy_secret_version(
680 self,
681 ) -> Callable[
682 [service.DestroySecretVersionRequest], Awaitable[resources.SecretVersion]
683 ]:
684 r"""Return a callable for the destroy secret version method over gRPC.
686 Destroys a
687 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
689 Sets the
690 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
691 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
692 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
693 and irrevocably destroys the secret data.
695 Returns:
696 Callable[[~.DestroySecretVersionRequest],
697 Awaitable[~.SecretVersion]]:
698 A function that, when called, will call the underlying RPC
699 on the server.
700 """
701 # Generate a "stub function" on-the-fly which will actually make
702 # the request.
703 # gRPC handles serialization and deserialization, so we just need
704 # to pass in the functions for each.
705 if "destroy_secret_version" not in self._stubs:
706 self._stubs["destroy_secret_version"] = self._logged_channel.unary_unary(
707 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
708 request_serializer=service.DestroySecretVersionRequest.serialize,
709 response_deserializer=resources.SecretVersion.deserialize,
710 )
711 return self._stubs["destroy_secret_version"]
713 @property
714 def set_iam_policy(
715 self,
716 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
717 r"""Return a callable for the set iam policy method over gRPC.
719 Sets the access control policy on the specified secret. Replaces
720 any existing policy.
722 Permissions on
723 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
724 enforced according to the policy set on the associated
725 [Secret][google.cloud.secrets.v1beta1.Secret].
727 Returns:
728 Callable[[~.SetIamPolicyRequest],
729 Awaitable[~.Policy]]:
730 A function that, when called, will call the underlying RPC
731 on the server.
732 """
733 # Generate a "stub function" on-the-fly which will actually make
734 # the request.
735 # gRPC handles serialization and deserialization, so we just need
736 # to pass in the functions for each.
737 if "set_iam_policy" not in self._stubs:
738 self._stubs["set_iam_policy"] = self._logged_channel.unary_unary(
739 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
740 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
741 response_deserializer=policy_pb2.Policy.FromString,
742 )
743 return self._stubs["set_iam_policy"]
745 @property
746 def get_iam_policy(
747 self,
748 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], Awaitable[policy_pb2.Policy]]:
749 r"""Return a callable for the get iam policy method over gRPC.
751 Gets the access control policy for a secret.
752 Returns empty policy if the secret exists and does not
753 have a policy set.
755 Returns:
756 Callable[[~.GetIamPolicyRequest],
757 Awaitable[~.Policy]]:
758 A function that, when called, will call the underlying RPC
759 on the server.
760 """
761 # Generate a "stub function" on-the-fly which will actually make
762 # the request.
763 # gRPC handles serialization and deserialization, so we just need
764 # to pass in the functions for each.
765 if "get_iam_policy" not in self._stubs:
766 self._stubs["get_iam_policy"] = self._logged_channel.unary_unary(
767 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
768 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
769 response_deserializer=policy_pb2.Policy.FromString,
770 )
771 return self._stubs["get_iam_policy"]
773 @property
774 def test_iam_permissions(
775 self,
776 ) -> Callable[
777 [iam_policy_pb2.TestIamPermissionsRequest],
778 Awaitable[iam_policy_pb2.TestIamPermissionsResponse],
779 ]:
780 r"""Return a callable for the test iam permissions method over gRPC.
782 Returns permissions that a caller has for the specified secret.
783 If the secret does not exist, this call returns an empty set of
784 permissions, not a NOT_FOUND error.
786 Note: This operation is designed to be used for building
787 permission-aware UIs and command-line tools, not for
788 authorization checking. This operation may "fail open" without
789 warning.
791 Returns:
792 Callable[[~.TestIamPermissionsRequest],
793 Awaitable[~.TestIamPermissionsResponse]]:
794 A function that, when called, will call the underlying RPC
795 on the server.
796 """
797 # Generate a "stub function" on-the-fly which will actually make
798 # the request.
799 # gRPC handles serialization and deserialization, so we just need
800 # to pass in the functions for each.
801 if "test_iam_permissions" not in self._stubs:
802 self._stubs["test_iam_permissions"] = self._logged_channel.unary_unary(
803 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
804 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
805 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
806 )
807 return self._stubs["test_iam_permissions"]
809 def _prep_wrapped_messages(self, client_info):
810 """Precompute the wrapped methods, overriding the base class method to use async wrappers."""
811 self._wrapped_methods = {
812 self.list_secrets: self._wrap_method(
813 self.list_secrets,
814 default_timeout=60.0,
815 client_info=client_info,
816 ),
817 self.create_secret: self._wrap_method(
818 self.create_secret,
819 default_timeout=60.0,
820 client_info=client_info,
821 ),
822 self.add_secret_version: self._wrap_method(
823 self.add_secret_version,
824 default_timeout=60.0,
825 client_info=client_info,
826 ),
827 self.get_secret: self._wrap_method(
828 self.get_secret,
829 default_timeout=60.0,
830 client_info=client_info,
831 ),
832 self.update_secret: self._wrap_method(
833 self.update_secret,
834 default_timeout=60.0,
835 client_info=client_info,
836 ),
837 self.delete_secret: self._wrap_method(
838 self.delete_secret,
839 default_timeout=60.0,
840 client_info=client_info,
841 ),
842 self.list_secret_versions: self._wrap_method(
843 self.list_secret_versions,
844 default_timeout=60.0,
845 client_info=client_info,
846 ),
847 self.get_secret_version: self._wrap_method(
848 self.get_secret_version,
849 default_timeout=60.0,
850 client_info=client_info,
851 ),
852 self.access_secret_version: self._wrap_method(
853 self.access_secret_version,
854 default_retry=retries.AsyncRetry(
855 initial=1.0,
856 maximum=60.0,
857 multiplier=1.3,
858 predicate=retries.if_exception_type(
859 core_exceptions.ServiceUnavailable,
860 core_exceptions.Unknown,
861 ),
862 deadline=60.0,
863 ),
864 default_timeout=60.0,
865 client_info=client_info,
866 ),
867 self.disable_secret_version: self._wrap_method(
868 self.disable_secret_version,
869 default_timeout=60.0,
870 client_info=client_info,
871 ),
872 self.enable_secret_version: self._wrap_method(
873 self.enable_secret_version,
874 default_timeout=60.0,
875 client_info=client_info,
876 ),
877 self.destroy_secret_version: self._wrap_method(
878 self.destroy_secret_version,
879 default_timeout=60.0,
880 client_info=client_info,
881 ),
882 self.set_iam_policy: self._wrap_method(
883 self.set_iam_policy,
884 default_timeout=60.0,
885 client_info=client_info,
886 ),
887 self.get_iam_policy: self._wrap_method(
888 self.get_iam_policy,
889 default_timeout=60.0,
890 client_info=client_info,
891 ),
892 self.test_iam_permissions: self._wrap_method(
893 self.test_iam_permissions,
894 default_timeout=60.0,
895 client_info=client_info,
896 ),
897 self.get_location: self._wrap_method(
898 self.get_location,
899 default_timeout=None,
900 client_info=client_info,
901 ),
902 self.list_locations: self._wrap_method(
903 self.list_locations,
904 default_timeout=None,
905 client_info=client_info,
906 ),
907 }
909 def _wrap_method(self, func, *args, **kwargs):
910 if self._wrap_with_kind: # pragma: NO COVER
911 kwargs["kind"] = self.kind
912 return gapic_v1.method_async.wrap_method(func, *args, **kwargs)
914 def close(self):
915 return self._logged_channel.close()
917 @property
918 def kind(self) -> str:
919 return "grpc_asyncio"
921 @property
922 def list_locations(
923 self,
924 ) -> Callable[
925 [locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse
926 ]:
927 r"""Return a callable for the list locations method over gRPC."""
928 # Generate a "stub function" on-the-fly which will actually make
929 # the request.
930 # gRPC handles serialization and deserialization, so we just need
931 # to pass in the functions for each.
932 if "list_locations" not in self._stubs:
933 self._stubs["list_locations"] = self._logged_channel.unary_unary(
934 "/google.cloud.location.Locations/ListLocations",
935 request_serializer=locations_pb2.ListLocationsRequest.SerializeToString,
936 response_deserializer=locations_pb2.ListLocationsResponse.FromString,
937 )
938 return self._stubs["list_locations"]
940 @property
941 def get_location(
942 self,
943 ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]:
944 r"""Return a callable for the list locations method over gRPC."""
945 # Generate a "stub function" on-the-fly which will actually make
946 # the request.
947 # gRPC handles serialization and deserialization, so we just need
948 # to pass in the functions for each.
949 if "get_location" not in self._stubs:
950 self._stubs["get_location"] = self._logged_channel.unary_unary(
951 "/google.cloud.location.Locations/GetLocation",
952 request_serializer=locations_pb2.GetLocationRequest.SerializeToString,
953 response_deserializer=locations_pb2.Location.FromString,
954 )
955 return self._stubs["get_location"]
958__all__ = ("SecretManagerServiceGrpcAsyncIOTransport",)