Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# -*- coding: utf-8 -*-
2# Copyright 2026 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16import json
17import logging as std_logging
18import pickle
19import warnings
20from typing import Callable, Dict, Optional, Sequence, Tuple, Union
22import google.auth # type: ignore
23import google.iam.v1.iam_policy_pb2 as iam_policy_pb2 # type: ignore
24import google.iam.v1.policy_pb2 as policy_pb2 # type: ignore
25import google.protobuf.empty_pb2 as empty_pb2 # type: ignore
26import google.protobuf.message
27import grpc # type: ignore
28import proto # type: ignore
29from google.api_core import gapic_v1, grpc_helpers
30from google.auth import credentials as ga_credentials # type: ignore
31from google.auth.transport.grpc import SslCredentials # type: ignore
32from google.cloud.location import locations_pb2 # type: ignore
33from google.protobuf.json_format import MessageToJson
35from google.cloud.secretmanager_v1beta1.types import resources, service
37from .base import DEFAULT_CLIENT_INFO, SecretManagerServiceTransport
39try:
40 from google.api_core import client_logging # type: ignore
42 CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER
43except ImportError: # pragma: NO COVER
44 CLIENT_LOGGING_SUPPORTED = False
46_LOGGER = std_logging.getLogger(__name__)
49class _LoggingClientInterceptor(grpc.UnaryUnaryClientInterceptor): # pragma: NO COVER
50 def intercept_unary_unary(self, continuation, client_call_details, request):
51 logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(
52 std_logging.DEBUG
53 )
54 if logging_enabled: # pragma: NO COVER
55 request_metadata = client_call_details.metadata
56 if isinstance(request, proto.Message):
57 request_payload = type(request).to_json(request)
58 elif isinstance(request, google.protobuf.message.Message):
59 request_payload = MessageToJson(request)
60 else:
61 request_payload = f"{type(request).__name__}: {pickle.dumps(request)!r}"
63 request_metadata = {
64 key: value.decode("utf-8") if isinstance(value, bytes) else value
65 for key, value in request_metadata
66 }
67 grpc_request = {
68 "payload": request_payload,
69 "requestMethod": "grpc",
70 "metadata": dict(request_metadata),
71 }
72 _LOGGER.debug(
73 f"Sending request for {client_call_details.method}",
74 extra={
75 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
76 "rpcName": str(client_call_details.method),
77 "request": grpc_request,
78 "metadata": grpc_request["metadata"],
79 },
80 )
81 response = continuation(client_call_details, request)
82 if logging_enabled: # pragma: NO COVER
83 response_metadata = response.trailing_metadata()
84 # Convert gRPC metadata `<class 'grpc.aio._metadata.Metadata'>` to list of tuples
85 metadata = (
86 dict([(k, str(v)) for k, v in response_metadata])
87 if response_metadata
88 else None
89 )
90 result = response.result()
91 if isinstance(result, proto.Message):
92 response_payload = type(result).to_json(result)
93 elif isinstance(result, google.protobuf.message.Message):
94 response_payload = MessageToJson(result)
95 else:
96 response_payload = f"{type(result).__name__}: {pickle.dumps(result)!r}"
97 grpc_response = {
98 "payload": response_payload,
99 "metadata": metadata,
100 "status": "OK",
101 }
102 _LOGGER.debug(
103 f"Received response for {client_call_details.method}.",
104 extra={
105 "serviceName": "google.cloud.secrets.v1beta1.SecretManagerService",
106 "rpcName": client_call_details.method,
107 "response": grpc_response,
108 "metadata": grpc_response["metadata"],
109 },
110 )
111 return response
114class SecretManagerServiceGrpcTransport(SecretManagerServiceTransport):
115 """gRPC backend transport for SecretManagerService.
117 Secret Manager Service
119 Manages secrets and operations using those secrets. Implements a
120 REST model with the following objects:
122 - [Secret][google.cloud.secrets.v1beta1.Secret]
123 - [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
125 This class defines the same methods as the primary client, so the
126 primary client can load the underlying transport implementation
127 and call it.
129 It sends protocol buffers over the wire using gRPC (which is built on
130 top of HTTP/2); the ``grpcio`` package must be installed.
131 """
133 _stubs: Dict[str, Callable]
135 def __init__(
136 self,
137 *,
138 host: str = "secretmanager.googleapis.com",
139 credentials: Optional[ga_credentials.Credentials] = None,
140 credentials_file: Optional[str] = None,
141 scopes: Optional[Sequence[str]] = None,
142 channel: Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]] = None,
143 api_mtls_endpoint: Optional[str] = None,
144 client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
145 ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None,
146 client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None,
147 quota_project_id: Optional[str] = None,
148 client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
149 always_use_jwt_access: Optional[bool] = False,
150 api_audience: Optional[str] = None,
151 ) -> None:
152 """Instantiate the transport.
154 Args:
155 host (Optional[str]):
156 The hostname to connect to (default: 'secretmanager.googleapis.com').
157 credentials (Optional[google.auth.credentials.Credentials]): The
158 authorization credentials to attach to requests. These
159 credentials identify the application to the service; if none
160 are specified, the client will attempt to ascertain the
161 credentials from the environment.
162 This argument is ignored if a ``channel`` instance is provided.
163 credentials_file (Optional[str]): Deprecated. A file with credentials that can
164 be loaded with :func:`google.auth.load_credentials_from_file`.
165 This argument is ignored if a ``channel`` instance is provided.
166 This argument will be removed in the next major version of this library.
167 scopes (Optional(Sequence[str])): A list of scopes. This argument is
168 ignored if a ``channel`` instance is provided.
169 channel (Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]]):
170 A ``Channel`` instance through which to make calls, or a Callable
171 that constructs and returns one. If set to None, ``self.create_channel``
172 is used to create the channel. If a Callable is given, it will be called
173 with the same arguments as used in ``self.create_channel``.
174 api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint.
175 If provided, it overrides the ``host`` argument and tries to create
176 a mutual TLS channel with client SSL credentials from
177 ``client_cert_source`` or application default SSL credentials.
178 client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]):
179 Deprecated. A callback to provide client SSL certificate bytes and
180 private key bytes, both in PEM format. It is ignored if
181 ``api_mtls_endpoint`` is None.
182 ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials
183 for the grpc channel. It is ignored if a ``channel`` instance is provided.
184 client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]):
185 A callback to provide client certificate bytes and private key bytes,
186 both in PEM format. It is used to configure a mutual TLS channel. It is
187 ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided.
188 quota_project_id (Optional[str]): An optional project to use for billing
189 and quota.
190 client_info (google.api_core.gapic_v1.client_info.ClientInfo):
191 The client info used to send a user-agent string along with
192 API requests. If ``None``, then default info will be used.
193 Generally, you only need to set this if you're developing
194 your own client library.
195 always_use_jwt_access (Optional[bool]): Whether self signed JWT should
196 be used for service account credentials.
197 api_audience (Optional[str]): The intended audience for the API calls
198 to the service that will be set when using certain 3rd party
199 authentication flows. Audience is typically a resource identifier.
200 If not set, the host value will be used as a default.
202 Raises:
203 google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport
204 creation failed for any reason.
205 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
206 and ``credentials_file`` are passed.
207 """
208 self._grpc_channel = None
209 self._ssl_channel_credentials = ssl_channel_credentials
210 self._stubs: Dict[str, Callable] = {}
212 if api_mtls_endpoint:
213 warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning)
214 if client_cert_source:
215 warnings.warn("client_cert_source is deprecated", DeprecationWarning)
217 if isinstance(channel, grpc.Channel):
218 # Ignore credentials if a channel was passed.
219 credentials = None
220 self._ignore_credentials = True
221 # If a channel was explicitly provided, set it.
222 self._grpc_channel = channel
223 self._ssl_channel_credentials = None
225 else:
226 if api_mtls_endpoint:
227 host = api_mtls_endpoint
229 # Create SSL credentials with client_cert_source or application
230 # default SSL credentials.
231 if client_cert_source:
232 cert, key = client_cert_source()
233 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
234 certificate_chain=cert, private_key=key
235 )
236 else:
237 self._ssl_channel_credentials = SslCredentials().ssl_credentials
239 else:
240 if client_cert_source_for_mtls and not ssl_channel_credentials:
241 cert, key = client_cert_source_for_mtls()
242 self._ssl_channel_credentials = grpc.ssl_channel_credentials(
243 certificate_chain=cert, private_key=key
244 )
246 # The base transport sets the host, credentials and scopes
247 super().__init__(
248 host=host,
249 credentials=credentials,
250 credentials_file=credentials_file,
251 scopes=scopes,
252 quota_project_id=quota_project_id,
253 client_info=client_info,
254 always_use_jwt_access=always_use_jwt_access,
255 api_audience=api_audience,
256 )
258 if not self._grpc_channel:
259 # initialize with the provided callable or the default channel
260 channel_init = channel or type(self).create_channel
261 self._grpc_channel = channel_init(
262 self._host,
263 # use the credentials which are saved
264 credentials=self._credentials,
265 # Set ``credentials_file`` to ``None`` here as
266 # the credentials that we saved earlier should be used.
267 credentials_file=None,
268 scopes=self._scopes,
269 ssl_credentials=self._ssl_channel_credentials,
270 quota_project_id=quota_project_id,
271 options=[
272 ("grpc.max_send_message_length", -1),
273 ("grpc.max_receive_message_length", -1),
274 ],
275 )
277 self._interceptor = _LoggingClientInterceptor()
278 self._logged_channel = grpc.intercept_channel(
279 self._grpc_channel, self._interceptor
280 )
282 # Wrap messages. This must be done after self._logged_channel exists
283 self._prep_wrapped_messages(client_info)
285 @classmethod
286 def create_channel(
287 cls,
288 host: str = "secretmanager.googleapis.com",
289 credentials: Optional[ga_credentials.Credentials] = None,
290 credentials_file: Optional[str] = None,
291 scopes: Optional[Sequence[str]] = None,
292 quota_project_id: Optional[str] = None,
293 **kwargs,
294 ) -> grpc.Channel:
295 """Create and return a gRPC channel object.
296 Args:
297 host (Optional[str]): The host for the channel to use.
298 credentials (Optional[~.Credentials]): The
299 authorization credentials to attach to requests. These
300 credentials identify this application to the service. If
301 none are specified, the client will attempt to ascertain
302 the credentials from the environment.
303 credentials_file (Optional[str]): Deprecated. A file with credentials that can
304 be loaded with :func:`google.auth.load_credentials_from_file`.
305 This argument is mutually exclusive with credentials. This argument will be
306 removed in the next major version of this library.
307 scopes (Optional[Sequence[str]]): A optional list of scopes needed for this
308 service. These are only used when credentials are not specified and
309 are passed to :func:`google.auth.default`.
310 quota_project_id (Optional[str]): An optional project to use for billing
311 and quota.
312 kwargs (Optional[dict]): Keyword arguments, which are passed to the
313 channel creation.
314 Returns:
315 grpc.Channel: A gRPC channel object.
317 Raises:
318 google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials``
319 and ``credentials_file`` are passed.
320 """
322 return grpc_helpers.create_channel(
323 host,
324 credentials=credentials,
325 credentials_file=credentials_file,
326 quota_project_id=quota_project_id,
327 default_scopes=cls.AUTH_SCOPES,
328 scopes=scopes,
329 default_host=cls.DEFAULT_HOST,
330 **kwargs,
331 )
333 @property
334 def grpc_channel(self) -> grpc.Channel:
335 """Return the channel designed to connect to this service."""
336 return self._grpc_channel
338 @property
339 def list_secrets(
340 self,
341 ) -> Callable[[service.ListSecretsRequest], service.ListSecretsResponse]:
342 r"""Return a callable for the list secrets method over gRPC.
344 Lists [Secrets][google.cloud.secrets.v1beta1.Secret].
346 Returns:
347 Callable[[~.ListSecretsRequest],
348 ~.ListSecretsResponse]:
349 A function that, when called, will call the underlying RPC
350 on the server.
351 """
352 # Generate a "stub function" on-the-fly which will actually make
353 # the request.
354 # gRPC handles serialization and deserialization, so we just need
355 # to pass in the functions for each.
356 if "list_secrets" not in self._stubs:
357 self._stubs["list_secrets"] = self._logged_channel.unary_unary(
358 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecrets",
359 request_serializer=service.ListSecretsRequest.serialize,
360 response_deserializer=service.ListSecretsResponse.deserialize,
361 )
362 return self._stubs["list_secrets"]
364 @property
365 def create_secret(
366 self,
367 ) -> Callable[[service.CreateSecretRequest], resources.Secret]:
368 r"""Return a callable for the create secret method over gRPC.
370 Creates a new [Secret][google.cloud.secrets.v1beta1.Secret]
371 containing no
372 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
374 Returns:
375 Callable[[~.CreateSecretRequest],
376 ~.Secret]:
377 A function that, when called, will call the underlying RPC
378 on the server.
379 """
380 # Generate a "stub function" on-the-fly which will actually make
381 # the request.
382 # gRPC handles serialization and deserialization, so we just need
383 # to pass in the functions for each.
384 if "create_secret" not in self._stubs:
385 self._stubs["create_secret"] = self._logged_channel.unary_unary(
386 "/google.cloud.secrets.v1beta1.SecretManagerService/CreateSecret",
387 request_serializer=service.CreateSecretRequest.serialize,
388 response_deserializer=resources.Secret.deserialize,
389 )
390 return self._stubs["create_secret"]
392 @property
393 def add_secret_version(
394 self,
395 ) -> Callable[[service.AddSecretVersionRequest], resources.SecretVersion]:
396 r"""Return a callable for the add secret version method over gRPC.
398 Creates a new
399 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]
400 containing secret data and attaches it to an existing
401 [Secret][google.cloud.secrets.v1beta1.Secret].
403 Returns:
404 Callable[[~.AddSecretVersionRequest],
405 ~.SecretVersion]:
406 A function that, when called, will call the underlying RPC
407 on the server.
408 """
409 # Generate a "stub function" on-the-fly which will actually make
410 # the request.
411 # gRPC handles serialization and deserialization, so we just need
412 # to pass in the functions for each.
413 if "add_secret_version" not in self._stubs:
414 self._stubs["add_secret_version"] = self._logged_channel.unary_unary(
415 "/google.cloud.secrets.v1beta1.SecretManagerService/AddSecretVersion",
416 request_serializer=service.AddSecretVersionRequest.serialize,
417 response_deserializer=resources.SecretVersion.deserialize,
418 )
419 return self._stubs["add_secret_version"]
421 @property
422 def get_secret(self) -> Callable[[service.GetSecretRequest], resources.Secret]:
423 r"""Return a callable for the get secret method over gRPC.
425 Gets metadata for a given
426 [Secret][google.cloud.secrets.v1beta1.Secret].
428 Returns:
429 Callable[[~.GetSecretRequest],
430 ~.Secret]:
431 A function that, when called, will call the underlying RPC
432 on the server.
433 """
434 # Generate a "stub function" on-the-fly which will actually make
435 # the request.
436 # gRPC handles serialization and deserialization, so we just need
437 # to pass in the functions for each.
438 if "get_secret" not in self._stubs:
439 self._stubs["get_secret"] = self._logged_channel.unary_unary(
440 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecret",
441 request_serializer=service.GetSecretRequest.serialize,
442 response_deserializer=resources.Secret.deserialize,
443 )
444 return self._stubs["get_secret"]
446 @property
447 def update_secret(
448 self,
449 ) -> Callable[[service.UpdateSecretRequest], resources.Secret]:
450 r"""Return a callable for the update secret method over gRPC.
452 Updates metadata of an existing
453 [Secret][google.cloud.secrets.v1beta1.Secret].
455 Returns:
456 Callable[[~.UpdateSecretRequest],
457 ~.Secret]:
458 A function that, when called, will call the underlying RPC
459 on the server.
460 """
461 # Generate a "stub function" on-the-fly which will actually make
462 # the request.
463 # gRPC handles serialization and deserialization, so we just need
464 # to pass in the functions for each.
465 if "update_secret" not in self._stubs:
466 self._stubs["update_secret"] = self._logged_channel.unary_unary(
467 "/google.cloud.secrets.v1beta1.SecretManagerService/UpdateSecret",
468 request_serializer=service.UpdateSecretRequest.serialize,
469 response_deserializer=resources.Secret.deserialize,
470 )
471 return self._stubs["update_secret"]
473 @property
474 def delete_secret(self) -> Callable[[service.DeleteSecretRequest], empty_pb2.Empty]:
475 r"""Return a callable for the delete secret method over gRPC.
477 Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].
479 Returns:
480 Callable[[~.DeleteSecretRequest],
481 ~.Empty]:
482 A function that, when called, will call the underlying RPC
483 on the server.
484 """
485 # Generate a "stub function" on-the-fly which will actually make
486 # the request.
487 # gRPC handles serialization and deserialization, so we just need
488 # to pass in the functions for each.
489 if "delete_secret" not in self._stubs:
490 self._stubs["delete_secret"] = self._logged_channel.unary_unary(
491 "/google.cloud.secrets.v1beta1.SecretManagerService/DeleteSecret",
492 request_serializer=service.DeleteSecretRequest.serialize,
493 response_deserializer=empty_pb2.Empty.FromString,
494 )
495 return self._stubs["delete_secret"]
497 @property
498 def list_secret_versions(
499 self,
500 ) -> Callable[
501 [service.ListSecretVersionsRequest], service.ListSecretVersionsResponse
502 ]:
503 r"""Return a callable for the list secret versions method over gRPC.
505 Lists
506 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].
507 This call does not return secret data.
509 Returns:
510 Callable[[~.ListSecretVersionsRequest],
511 ~.ListSecretVersionsResponse]:
512 A function that, when called, will call the underlying RPC
513 on the server.
514 """
515 # Generate a "stub function" on-the-fly which will actually make
516 # the request.
517 # gRPC handles serialization and deserialization, so we just need
518 # to pass in the functions for each.
519 if "list_secret_versions" not in self._stubs:
520 self._stubs["list_secret_versions"] = self._logged_channel.unary_unary(
521 "/google.cloud.secrets.v1beta1.SecretManagerService/ListSecretVersions",
522 request_serializer=service.ListSecretVersionsRequest.serialize,
523 response_deserializer=service.ListSecretVersionsResponse.deserialize,
524 )
525 return self._stubs["list_secret_versions"]
527 @property
528 def get_secret_version(
529 self,
530 ) -> Callable[[service.GetSecretVersionRequest], resources.SecretVersion]:
531 r"""Return a callable for the get secret version method over gRPC.
533 Gets metadata for a
534 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
536 ``projects/*/secrets/*/versions/latest`` is an alias to the
537 ``latest``
538 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
540 Returns:
541 Callable[[~.GetSecretVersionRequest],
542 ~.SecretVersion]:
543 A function that, when called, will call the underlying RPC
544 on the server.
545 """
546 # Generate a "stub function" on-the-fly which will actually make
547 # the request.
548 # gRPC handles serialization and deserialization, so we just need
549 # to pass in the functions for each.
550 if "get_secret_version" not in self._stubs:
551 self._stubs["get_secret_version"] = self._logged_channel.unary_unary(
552 "/google.cloud.secrets.v1beta1.SecretManagerService/GetSecretVersion",
553 request_serializer=service.GetSecretVersionRequest.serialize,
554 response_deserializer=resources.SecretVersion.deserialize,
555 )
556 return self._stubs["get_secret_version"]
558 @property
559 def access_secret_version(
560 self,
561 ) -> Callable[
562 [service.AccessSecretVersionRequest], service.AccessSecretVersionResponse
563 ]:
564 r"""Return a callable for the access secret version method over gRPC.
566 Accesses a
567 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
568 This call returns the secret data.
570 ``projects/*/secrets/*/versions/latest`` is an alias to the
571 ``latest``
572 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
574 Returns:
575 Callable[[~.AccessSecretVersionRequest],
576 ~.AccessSecretVersionResponse]:
577 A function that, when called, will call the underlying RPC
578 on the server.
579 """
580 # Generate a "stub function" on-the-fly which will actually make
581 # the request.
582 # gRPC handles serialization and deserialization, so we just need
583 # to pass in the functions for each.
584 if "access_secret_version" not in self._stubs:
585 self._stubs["access_secret_version"] = self._logged_channel.unary_unary(
586 "/google.cloud.secrets.v1beta1.SecretManagerService/AccessSecretVersion",
587 request_serializer=service.AccessSecretVersionRequest.serialize,
588 response_deserializer=service.AccessSecretVersionResponse.deserialize,
589 )
590 return self._stubs["access_secret_version"]
592 @property
593 def disable_secret_version(
594 self,
595 ) -> Callable[[service.DisableSecretVersionRequest], resources.SecretVersion]:
596 r"""Return a callable for the disable secret version method over gRPC.
598 Disables a
599 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
601 Sets the
602 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
603 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
604 [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].
606 Returns:
607 Callable[[~.DisableSecretVersionRequest],
608 ~.SecretVersion]:
609 A function that, when called, will call the underlying RPC
610 on the server.
611 """
612 # Generate a "stub function" on-the-fly which will actually make
613 # the request.
614 # gRPC handles serialization and deserialization, so we just need
615 # to pass in the functions for each.
616 if "disable_secret_version" not in self._stubs:
617 self._stubs["disable_secret_version"] = self._logged_channel.unary_unary(
618 "/google.cloud.secrets.v1beta1.SecretManagerService/DisableSecretVersion",
619 request_serializer=service.DisableSecretVersionRequest.serialize,
620 response_deserializer=resources.SecretVersion.deserialize,
621 )
622 return self._stubs["disable_secret_version"]
624 @property
625 def enable_secret_version(
626 self,
627 ) -> Callable[[service.EnableSecretVersionRequest], resources.SecretVersion]:
628 r"""Return a callable for the enable secret version method over gRPC.
630 Enables a
631 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
633 Sets the
634 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
635 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
636 [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].
638 Returns:
639 Callable[[~.EnableSecretVersionRequest],
640 ~.SecretVersion]:
641 A function that, when called, will call the underlying RPC
642 on the server.
643 """
644 # Generate a "stub function" on-the-fly which will actually make
645 # the request.
646 # gRPC handles serialization and deserialization, so we just need
647 # to pass in the functions for each.
648 if "enable_secret_version" not in self._stubs:
649 self._stubs["enable_secret_version"] = self._logged_channel.unary_unary(
650 "/google.cloud.secrets.v1beta1.SecretManagerService/EnableSecretVersion",
651 request_serializer=service.EnableSecretVersionRequest.serialize,
652 response_deserializer=resources.SecretVersion.deserialize,
653 )
654 return self._stubs["enable_secret_version"]
656 @property
657 def destroy_secret_version(
658 self,
659 ) -> Callable[[service.DestroySecretVersionRequest], resources.SecretVersion]:
660 r"""Return a callable for the destroy secret version method over gRPC.
662 Destroys a
663 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
665 Sets the
666 [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the
667 [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to
668 [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]
669 and irrevocably destroys the secret data.
671 Returns:
672 Callable[[~.DestroySecretVersionRequest],
673 ~.SecretVersion]:
674 A function that, when called, will call the underlying RPC
675 on the server.
676 """
677 # Generate a "stub function" on-the-fly which will actually make
678 # the request.
679 # gRPC handles serialization and deserialization, so we just need
680 # to pass in the functions for each.
681 if "destroy_secret_version" not in self._stubs:
682 self._stubs["destroy_secret_version"] = self._logged_channel.unary_unary(
683 "/google.cloud.secrets.v1beta1.SecretManagerService/DestroySecretVersion",
684 request_serializer=service.DestroySecretVersionRequest.serialize,
685 response_deserializer=resources.SecretVersion.deserialize,
686 )
687 return self._stubs["destroy_secret_version"]
689 @property
690 def set_iam_policy(
691 self,
692 ) -> Callable[[iam_policy_pb2.SetIamPolicyRequest], policy_pb2.Policy]:
693 r"""Return a callable for the set iam policy method over gRPC.
695 Sets the access control policy on the specified secret. Replaces
696 any existing policy.
698 Permissions on
699 [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are
700 enforced according to the policy set on the associated
701 [Secret][google.cloud.secrets.v1beta1.Secret].
703 Returns:
704 Callable[[~.SetIamPolicyRequest],
705 ~.Policy]:
706 A function that, when called, will call the underlying RPC
707 on the server.
708 """
709 # Generate a "stub function" on-the-fly which will actually make
710 # the request.
711 # gRPC handles serialization and deserialization, so we just need
712 # to pass in the functions for each.
713 if "set_iam_policy" not in self._stubs:
714 self._stubs["set_iam_policy"] = self._logged_channel.unary_unary(
715 "/google.cloud.secrets.v1beta1.SecretManagerService/SetIamPolicy",
716 request_serializer=iam_policy_pb2.SetIamPolicyRequest.SerializeToString,
717 response_deserializer=policy_pb2.Policy.FromString,
718 )
719 return self._stubs["set_iam_policy"]
721 @property
722 def get_iam_policy(
723 self,
724 ) -> Callable[[iam_policy_pb2.GetIamPolicyRequest], policy_pb2.Policy]:
725 r"""Return a callable for the get iam policy method over gRPC.
727 Gets the access control policy for a secret.
728 Returns empty policy if the secret exists and does not
729 have a policy set.
731 Returns:
732 Callable[[~.GetIamPolicyRequest],
733 ~.Policy]:
734 A function that, when called, will call the underlying RPC
735 on the server.
736 """
737 # Generate a "stub function" on-the-fly which will actually make
738 # the request.
739 # gRPC handles serialization and deserialization, so we just need
740 # to pass in the functions for each.
741 if "get_iam_policy" not in self._stubs:
742 self._stubs["get_iam_policy"] = self._logged_channel.unary_unary(
743 "/google.cloud.secrets.v1beta1.SecretManagerService/GetIamPolicy",
744 request_serializer=iam_policy_pb2.GetIamPolicyRequest.SerializeToString,
745 response_deserializer=policy_pb2.Policy.FromString,
746 )
747 return self._stubs["get_iam_policy"]
749 @property
750 def test_iam_permissions(
751 self,
752 ) -> Callable[
753 [iam_policy_pb2.TestIamPermissionsRequest],
754 iam_policy_pb2.TestIamPermissionsResponse,
755 ]:
756 r"""Return a callable for the test iam permissions method over gRPC.
758 Returns permissions that a caller has for the specified secret.
759 If the secret does not exist, this call returns an empty set of
760 permissions, not a NOT_FOUND error.
762 Note: This operation is designed to be used for building
763 permission-aware UIs and command-line tools, not for
764 authorization checking. This operation may "fail open" without
765 warning.
767 Returns:
768 Callable[[~.TestIamPermissionsRequest],
769 ~.TestIamPermissionsResponse]:
770 A function that, when called, will call the underlying RPC
771 on the server.
772 """
773 # Generate a "stub function" on-the-fly which will actually make
774 # the request.
775 # gRPC handles serialization and deserialization, so we just need
776 # to pass in the functions for each.
777 if "test_iam_permissions" not in self._stubs:
778 self._stubs["test_iam_permissions"] = self._logged_channel.unary_unary(
779 "/google.cloud.secrets.v1beta1.SecretManagerService/TestIamPermissions",
780 request_serializer=iam_policy_pb2.TestIamPermissionsRequest.SerializeToString,
781 response_deserializer=iam_policy_pb2.TestIamPermissionsResponse.FromString,
782 )
783 return self._stubs["test_iam_permissions"]
785 def close(self):
786 self._logged_channel.close()
788 @property
789 def list_locations(
790 self,
791 ) -> Callable[
792 [locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse
793 ]:
794 r"""Return a callable for the list locations method over gRPC."""
795 # Generate a "stub function" on-the-fly which will actually make
796 # the request.
797 # gRPC handles serialization and deserialization, so we just need
798 # to pass in the functions for each.
799 if "list_locations" not in self._stubs:
800 self._stubs["list_locations"] = self._logged_channel.unary_unary(
801 "/google.cloud.location.Locations/ListLocations",
802 request_serializer=locations_pb2.ListLocationsRequest.SerializeToString,
803 response_deserializer=locations_pb2.ListLocationsResponse.FromString,
804 )
805 return self._stubs["list_locations"]
807 @property
808 def get_location(
809 self,
810 ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]:
811 r"""Return a callable for the list locations method over gRPC."""
812 # Generate a "stub function" on-the-fly which will actually make
813 # the request.
814 # gRPC handles serialization and deserialization, so we just need
815 # to pass in the functions for each.
816 if "get_location" not in self._stubs:
817 self._stubs["get_location"] = self._logged_channel.unary_unary(
818 "/google.cloud.location.Locations/GetLocation",
819 request_serializer=locations_pb2.GetLocationRequest.SerializeToString,
820 response_deserializer=locations_pb2.Location.FromString,
821 )
822 return self._stubs["get_location"]
824 @property
825 def kind(self) -> str:
826 return "grpc"
829__all__ = ("SecretManagerServiceGrpcTransport",)