From 92c4a983bcfb127eb4eb37a1a25e8c773a5fdcbf Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Wed, 20 Jan 2021 08:41:07 -0800 Subject: [PATCH] feat: added expire_time and ttl fields to Secret (#70) * chore: upgrade gapic-generator-python to 0.39.1 feat: add 'from_service_account_info' factory to clients fix: fix sphinx identifiers PiperOrigin-RevId: 350246057 Source-Author: Google APIs Source-Date: Tue Jan 5 16:44:11 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 520682435235d9c503983a360a2090025aa47cd1 Source-Link: https://github.com/googleapis/googleapis/commit/520682435235d9c503983a360a2090025aa47cd1 * feat: added expire_time and ttl fields to Secret PiperOrigin-RevId: 352563582 Source-Author: Google APIs Source-Date: Tue Jan 19 07:29:20 2021 -0800 Source-Repo: googleapis/googleapis Source-Sha: 9ecdacc9a00e1dd443b11bf10215d6e7648db8a7 Source-Link: https://github.com/googleapis/googleapis/commit/9ecdacc9a00e1dd443b11bf10215d6e7648db8a7 --- .coveragerc | 22 +- .../secret_manager_service.rst | 11 + docs/secretmanager_v1/services.rst | 6 +- docs/secretmanager_v1/types.rst | 1 + .../secret_manager_service.rst | 11 + docs/secretmanager_v1beta1/services.rst | 6 +- docs/secretmanager_v1beta1/types.rst | 1 + .../secret_manager_service/async_client.py | 362 ++++++++-------- .../services/secret_manager_service/client.py | 407 +++++++++--------- .../services/secret_manager_service/pagers.py | 32 +- .../cloud/secretmanager_v1/types/resources.py | 51 ++- .../cloud/secretmanager_v1/types/service.py | 14 +- .../secret_manager_service/async_client.py | 361 ++++++++-------- .../services/secret_manager_service/client.py | 406 ++++++++--------- .../services/secret_manager_service/pagers.py | 32 +- .../secretmanager_v1beta1/types/resources.py | 18 +- .../secretmanager_v1beta1/types/service.py | 14 +- synth.metadata | 7 +- .../test_secret_manager_service.py | 41 +- .../test_secret_manager_service.py | 28 +- 20 files changed, 959 insertions(+), 872 deletions(-) create mode 100644 docs/secretmanager_v1/secret_manager_service.rst create mode 100644 docs/secretmanager_v1beta1/secret_manager_service.rst diff --git a/.coveragerc b/.coveragerc index ba0f2ca..3da2883 100644 --- a/.coveragerc +++ b/.coveragerc @@ -1,27 +1,11 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Generated by synthtool. DO NOT EDIT! [run] branch = True [report] fail_under = 100 show_missing = True -omit = google/cloud/secretmanager/__init__.py +omit = + google/cloud/secretmanager/__init__.py exclude_lines = # Re-enable the standard pragma pragma: NO COVER @@ -31,4 +15,4 @@ exclude_lines = # This is added at the module level as a safeguard for if someone # generates the code and tries to run it without pip installing. This # makes it virtually impossible to test properly. - except pkg_resources.DistributionNotFound \ No newline at end of file + except pkg_resources.DistributionNotFound diff --git a/docs/secretmanager_v1/secret_manager_service.rst b/docs/secretmanager_v1/secret_manager_service.rst new file mode 100644 index 0000000..3bb016d --- /dev/null +++ b/docs/secretmanager_v1/secret_manager_service.rst @@ -0,0 +1,11 @@ +SecretManagerService +-------------------------------------- + +.. automodule:: google.cloud.secretmanager_v1.services.secret_manager_service + :members: + :inherited-members: + + +.. automodule:: google.cloud.secretmanager_v1.services.secret_manager_service.pagers + :members: + :inherited-members: diff --git a/docs/secretmanager_v1/services.rst b/docs/secretmanager_v1/services.rst index 2454edf..aac8f75 100644 --- a/docs/secretmanager_v1/services.rst +++ b/docs/secretmanager_v1/services.rst @@ -1,6 +1,6 @@ Services for Google Cloud Secretmanager v1 API ============================================== +.. toctree:: + :maxdepth: 2 -.. automodule:: google.cloud.secretmanager_v1.services.secret_manager_service - :members: - :inherited-members: + secret_manager_service diff --git a/docs/secretmanager_v1/types.rst b/docs/secretmanager_v1/types.rst index 580720f..a3cb4ce 100644 --- a/docs/secretmanager_v1/types.rst +++ b/docs/secretmanager_v1/types.rst @@ -3,4 +3,5 @@ Types for Google Cloud Secretmanager v1 API .. automodule:: google.cloud.secretmanager_v1.types :members: + :undoc-members: :show-inheritance: diff --git a/docs/secretmanager_v1beta1/secret_manager_service.rst b/docs/secretmanager_v1beta1/secret_manager_service.rst new file mode 100644 index 0000000..cec4d4e --- /dev/null +++ b/docs/secretmanager_v1beta1/secret_manager_service.rst @@ -0,0 +1,11 @@ +SecretManagerService +-------------------------------------- + +.. automodule:: google.cloud.secretmanager_v1beta1.services.secret_manager_service + :members: + :inherited-members: + + +.. automodule:: google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers + :members: + :inherited-members: diff --git a/docs/secretmanager_v1beta1/services.rst b/docs/secretmanager_v1beta1/services.rst index e548f90..5266a7f 100644 --- a/docs/secretmanager_v1beta1/services.rst +++ b/docs/secretmanager_v1beta1/services.rst @@ -1,6 +1,6 @@ Services for Google Cloud Secretmanager v1beta1 API =================================================== +.. toctree:: + :maxdepth: 2 -.. automodule:: google.cloud.secretmanager_v1beta1.services.secret_manager_service - :members: - :inherited-members: + secret_manager_service diff --git a/docs/secretmanager_v1beta1/types.rst b/docs/secretmanager_v1beta1/types.rst index af33251..7e8f6e1 100644 --- a/docs/secretmanager_v1beta1/types.rst +++ b/docs/secretmanager_v1beta1/types.rst @@ -3,4 +3,5 @@ Types for Google Cloud Secretmanager v1beta1 API .. automodule:: google.cloud.secretmanager_v1beta1.types :members: + :undoc-members: :show-inheritance: diff --git a/google/cloud/secretmanager_v1/services/secret_manager_service/async_client.py b/google/cloud/secretmanager_v1/services/secret_manager_service/async_client.py index 52da1ec..f0020b2 100644 --- a/google/cloud/secretmanager_v1/services/secret_manager_service/async_client.py +++ b/google/cloud/secretmanager_v1/services/secret_manager_service/async_client.py @@ -33,6 +33,7 @@ from google.cloud.secretmanager_v1.types import service from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore from google.iam.v1 import policy_pb2 as policy # type: ignore +from google.protobuf import duration_pb2 as duration # type: ignore from google.protobuf import field_mask_pb2 as field_mask # type: ignore from google.protobuf import timestamp_pb2 as timestamp # type: ignore @@ -92,6 +93,7 @@ class SecretManagerServiceAsyncClient: SecretManagerServiceClient.parse_common_location_path ) + from_service_account_info = SecretManagerServiceClient.from_service_account_info from_service_account_file = SecretManagerServiceClient.from_service_account_file from_service_account_json = from_service_account_file @@ -169,7 +171,7 @@ async def list_secrets( r"""Lists [Secrets][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.ListSecretsRequest`): + request (:class:`google.cloud.secretmanager_v1.types.ListSecretsRequest`): The request object. Request message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. parent (:class:`str`): @@ -177,6 +179,7 @@ async def list_secrets( with the [Secrets][google.cloud.secretmanager.v1.Secret], in the format ``projects/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -188,7 +191,7 @@ async def list_secrets( sent along with the request as metadata. Returns: - ~.pagers.ListSecretsAsyncPager: + google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretsAsyncPager: Response message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. @@ -256,13 +259,14 @@ async def create_secret( [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. Args: - request (:class:`~.service.CreateSecretRequest`): + request (:class:`google.cloud.secretmanager_v1.types.CreateSecretRequest`): The request object. Request message for [SecretManagerService.CreateSecret][google.cloud.secretmanager.v1.SecretManagerService.CreateSecret]. parent (:class:`str`): Required. The resource name of the project to associate with the [Secret][google.cloud.secretmanager.v1.Secret], in the format ``projects/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -273,13 +277,15 @@ async def create_secret( characters and can contain uppercase and lowercase letters, numerals, and the hyphen (``-``) and underscore (``_``) characters. + This corresponds to the ``secret_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - secret (:class:`~.resources.Secret`): + secret (:class:`google.cloud.secretmanager_v1.types.Secret`): Required. A [Secret][google.cloud.secretmanager.v1.Secret] with initial field values. + This corresponds to the ``secret`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -291,14 +297,14 @@ async def create_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secretmanager.v1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1.types.Secret: + A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secretmanager.v1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secretmanager.v1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -359,7 +365,7 @@ async def add_secret_version( [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.AddSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1.types.AddSecretVersionRequest`): The request object. Request message for [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion]. parent (:class:`str`): @@ -368,12 +374,14 @@ async def add_secret_version( associate with the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format ``projects/*/secrets/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - payload (:class:`~.resources.SecretPayload`): + payload (:class:`google.cloud.secretmanager_v1.types.SecretPayload`): Required. The secret payload of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + This corresponds to the ``payload`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -385,7 +393,7 @@ async def add_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -443,13 +451,14 @@ async def get_secret( [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.GetSecretRequest`): + request (:class:`google.cloud.secretmanager_v1.types.GetSecretRequest`): The request object. Request message for [SecretManagerService.GetSecret][google.cloud.secretmanager.v1.SecretManagerService.GetSecret]. name (:class:`str`): Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret], in the format ``projects/*/secrets/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -461,14 +470,14 @@ async def get_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secretmanager.v1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1.types.Secret: + A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secretmanager.v1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secretmanager.v1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -523,18 +532,20 @@ async def update_secret( [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.UpdateSecretRequest`): + request (:class:`google.cloud.secretmanager_v1.types.UpdateSecretRequest`): The request object. Request message for [SecretManagerService.UpdateSecret][google.cloud.secretmanager.v1.SecretManagerService.UpdateSecret]. - secret (:class:`~.resources.Secret`): + secret (:class:`google.cloud.secretmanager_v1.types.Secret`): Required. [Secret][google.cloud.secretmanager.v1.Secret] with updated field values. + This corresponds to the ``secret`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): Required. Specifies the fields to be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -546,14 +557,14 @@ async def update_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secretmanager.v1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1.types.Secret: + A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secretmanager.v1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secretmanager.v1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -610,13 +621,14 @@ async def delete_secret( r"""Deletes a [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.DeleteSecretRequest`): + request (:class:`google.cloud.secretmanager_v1.types.DeleteSecretRequest`): The request object. Request message for [SecretManagerService.DeleteSecret][google.cloud.secretmanager.v1.SecretManagerService.DeleteSecret]. name (:class:`str`): Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to delete in the format ``projects/*/secrets/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -678,7 +690,7 @@ async def list_secret_versions( This call does not return secret data. Args: - request (:class:`~.service.ListSecretVersionsRequest`): + request (:class:`google.cloud.secretmanager_v1.types.ListSecretVersionsRequest`): The request object. Request message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. parent (:class:`str`): @@ -687,6 +699,7 @@ async def list_secret_versions( associated with the [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] to list, in the format ``projects/*/secrets/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -698,7 +711,7 @@ async def list_secret_versions( sent along with the request as metadata. Returns: - ~.pagers.ListSecretVersionsAsyncPager: + google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretVersionsAsyncPager: Response message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. @@ -767,7 +780,7 @@ async def get_secret_version( [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Args: - request (:class:`~.service.GetSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1.types.GetSecretVersionRequest`): The request object. Request message for [SecretManagerService.GetSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.GetSecretVersion]. name (:class:`str`): @@ -777,6 +790,7 @@ async def get_secret_version( ``projects/*/secrets/*/versions/latest`` is an alias to the ``latest`` [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -788,7 +802,7 @@ async def get_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -849,13 +863,14 @@ async def access_secret_version( [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Args: - request (:class:`~.service.AccessSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1.types.AccessSecretVersionRequest`): The request object. Request message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion]. name (:class:`str`): Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -867,7 +882,7 @@ async def access_secret_version( sent along with the request as metadata. Returns: - ~.service.AccessSecretVersionResponse: + google.cloud.secretmanager_v1.types.AccessSecretVersionResponse: Response message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion]. @@ -937,7 +952,7 @@ async def disable_secret_version( [DISABLED][google.cloud.secretmanager.v1.SecretVersion.State.DISABLED]. Args: - request (:class:`~.service.DisableSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1.types.DisableSecretVersionRequest`): The request object. Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DisableSecretVersion]. name (:class:`str`): @@ -945,6 +960,7 @@ async def disable_secret_version( [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to disable in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -956,7 +972,7 @@ async def disable_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1018,7 +1034,7 @@ async def enable_secret_version( [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED]. Args: - request (:class:`~.service.EnableSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1.types.EnableSecretVersionRequest`): The request object. Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.EnableSecretVersion]. name (:class:`str`): @@ -1026,6 +1042,7 @@ async def enable_secret_version( [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to enable in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1037,7 +1054,7 @@ async def enable_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1100,7 +1117,7 @@ async def destroy_secret_version( and irrevocably destroys the secret data. Args: - request (:class:`~.service.DestroySecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1.types.DestroySecretVersionRequest`): The request object. Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DestroySecretVersion]. name (:class:`str`): @@ -1108,6 +1125,7 @@ async def destroy_secret_version( [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to destroy in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1119,7 +1137,7 @@ async def destroy_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1179,7 +1197,7 @@ async def set_iam_policy( [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`): The request object. Request message for `SetIamPolicy` method. @@ -1190,72 +1208,62 @@ async def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1298,7 +1306,7 @@ async def get_iam_policy( have a policy set. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`): The request object. Request message for `GetIamPolicy` method. @@ -1309,72 +1317,62 @@ async def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1422,7 +1420,7 @@ async def test_iam_permissions( warning. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`): The request object. Request message for `TestIamPermissions` method. @@ -1433,8 +1431,8 @@ async def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. diff --git a/google/cloud/secretmanager_v1/services/secret_manager_service/client.py b/google/cloud/secretmanager_v1/services/secret_manager_service/client.py index 283ca0f..e56e5e4 100644 --- a/google/cloud/secretmanager_v1/services/secret_manager_service/client.py +++ b/google/cloud/secretmanager_v1/services/secret_manager_service/client.py @@ -37,6 +37,7 @@ from google.cloud.secretmanager_v1.types import service from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore from google.iam.v1 import policy_pb2 as policy # type: ignore +from google.protobuf import duration_pb2 as duration # type: ignore from google.protobuf import field_mask_pb2 as field_mask # type: ignore from google.protobuf import timestamp_pb2 as timestamp # type: ignore @@ -124,6 +125,22 @@ def _get_default_mtls_endpoint(api_endpoint): DEFAULT_ENDPOINT ) + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecretManagerServiceClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + @classmethod def from_service_account_file(cls, filename: str, *args, **kwargs): """Creates an instance of this client using the provided credentials @@ -136,7 +153,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs): kwargs: Additional arguments to pass to the constructor. Returns: - {@api.name}: The constructed client. + SecretManagerServiceClient: The constructed client. """ credentials = service_account.Credentials.from_service_account_file(filename) kwargs["credentials"] = credentials @@ -257,10 +274,10 @@ def __init__( credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. - transport (Union[str, ~.SecretManagerServiceTransport]): The + transport (Union[str, SecretManagerServiceTransport]): The transport to use. If set to None, a transport is chosen automatically. - client_options (client_options_lib.ClientOptions): Custom options for the + client_options (google.api_core.client_options.ClientOptions): Custom options for the client. It won't take effect if a ``transport`` instance is provided. (1) The ``api_endpoint`` property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT @@ -370,14 +387,15 @@ def list_secrets( r"""Lists [Secrets][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.ListSecretsRequest`): + request (google.cloud.secretmanager_v1.types.ListSecretsRequest): The request object. Request message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. - parent (:class:`str`): + parent (str): Required. The resource name of the project associated with the [Secrets][google.cloud.secretmanager.v1.Secret], in the format ``projects/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -389,7 +407,7 @@ def list_secrets( sent along with the request as metadata. Returns: - ~.pagers.ListSecretsPager: + google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretsPager: Response message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. @@ -458,30 +476,33 @@ def create_secret( [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. Args: - request (:class:`~.service.CreateSecretRequest`): + request (google.cloud.secretmanager_v1.types.CreateSecretRequest): The request object. Request message for [SecretManagerService.CreateSecret][google.cloud.secretmanager.v1.SecretManagerService.CreateSecret]. - parent (:class:`str`): + parent (str): Required. The resource name of the project to associate with the [Secret][google.cloud.secretmanager.v1.Secret], in the format ``projects/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - secret_id (:class:`str`): + secret_id (str): Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (``-``) and underscore (``_``) characters. + This corresponds to the ``secret_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - secret (:class:`~.resources.Secret`): + secret (google.cloud.secretmanager_v1.types.Secret): Required. A [Secret][google.cloud.secretmanager.v1.Secret] with initial field values. + This corresponds to the ``secret`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -493,14 +514,14 @@ def create_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secretmanager.v1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1.types.Secret: + A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secretmanager.v1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secretmanager.v1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -562,21 +583,23 @@ def add_secret_version( [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.AddSecretVersionRequest`): + request (google.cloud.secretmanager_v1.types.AddSecretVersionRequest): The request object. Request message for [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion]. - parent (:class:`str`): + parent (str): Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to associate with the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format ``projects/*/secrets/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - payload (:class:`~.resources.SecretPayload`): + payload (google.cloud.secretmanager_v1.types.SecretPayload): Required. The secret payload of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + This corresponds to the ``payload`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -588,7 +611,7 @@ def add_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -647,13 +670,14 @@ def get_secret( [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.GetSecretRequest`): + request (google.cloud.secretmanager_v1.types.GetSecretRequest): The request object. Request message for [SecretManagerService.GetSecret][google.cloud.secretmanager.v1.SecretManagerService.GetSecret]. - name (:class:`str`): + name (str): Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret], in the format ``projects/*/secrets/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -665,14 +689,14 @@ def get_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secretmanager.v1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1.types.Secret: + A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secretmanager.v1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secretmanager.v1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -728,18 +752,20 @@ def update_secret( [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.UpdateSecretRequest`): + request (google.cloud.secretmanager_v1.types.UpdateSecretRequest): The request object. Request message for [SecretManagerService.UpdateSecret][google.cloud.secretmanager.v1.SecretManagerService.UpdateSecret]. - secret (:class:`~.resources.Secret`): + secret (google.cloud.secretmanager_v1.types.Secret): Required. [Secret][google.cloud.secretmanager.v1.Secret] with updated field values. + This corresponds to the ``secret`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (google.protobuf.field_mask_pb2.FieldMask): Required. Specifies the fields to be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -751,14 +777,14 @@ def update_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secretmanager.v1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1.types.Secret: + A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secretmanager.v1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secretmanager.v1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -816,13 +842,14 @@ def delete_secret( r"""Deletes a [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.service.DeleteSecretRequest`): + request (google.cloud.secretmanager_v1.types.DeleteSecretRequest): The request object. Request message for [SecretManagerService.DeleteSecret][google.cloud.secretmanager.v1.SecretManagerService.DeleteSecret]. - name (:class:`str`): + name (str): Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to delete in the format ``projects/*/secrets/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -885,15 +912,16 @@ def list_secret_versions( This call does not return secret data. Args: - request (:class:`~.service.ListSecretVersionsRequest`): + request (google.cloud.secretmanager_v1.types.ListSecretVersionsRequest): The request object. Request message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. - parent (:class:`str`): + parent (str): Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] associated with the [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] to list, in the format ``projects/*/secrets/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -905,7 +933,7 @@ def list_secret_versions( sent along with the request as metadata. Returns: - ~.pagers.ListSecretVersionsPager: + google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretVersionsPager: Response message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. @@ -975,16 +1003,17 @@ def get_secret_version( [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Args: - request (:class:`~.service.GetSecretVersionRequest`): + request (google.cloud.secretmanager_v1.types.GetSecretVersionRequest): The request object. Request message for [SecretManagerService.GetSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.GetSecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format ``projects/*/secrets/*/versions/*``. ``projects/*/secrets/*/versions/latest`` is an alias to the ``latest`` [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -996,7 +1025,7 @@ def get_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1058,13 +1087,14 @@ def access_secret_version( [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Args: - request (:class:`~.service.AccessSecretVersionRequest`): + request (google.cloud.secretmanager_v1.types.AccessSecretVersionRequest): The request object. Request message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1076,7 +1106,7 @@ def access_secret_version( sent along with the request as metadata. Returns: - ~.service.AccessSecretVersionResponse: + google.cloud.secretmanager_v1.types.AccessSecretVersionResponse: Response message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion]. @@ -1139,14 +1169,15 @@ def disable_secret_version( [DISABLED][google.cloud.secretmanager.v1.SecretVersion.State.DISABLED]. Args: - request (:class:`~.service.DisableSecretVersionRequest`): + request (google.cloud.secretmanager_v1.types.DisableSecretVersionRequest): The request object. Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DisableSecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to disable in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1158,7 +1189,7 @@ def disable_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1221,14 +1252,15 @@ def enable_secret_version( [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED]. Args: - request (:class:`~.service.EnableSecretVersionRequest`): + request (google.cloud.secretmanager_v1.types.EnableSecretVersionRequest): The request object. Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.EnableSecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to enable in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1240,7 +1272,7 @@ def enable_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1304,14 +1336,15 @@ def destroy_secret_version( and irrevocably destroys the secret data. Args: - request (:class:`~.service.DestroySecretVersionRequest`): + request (google.cloud.secretmanager_v1.types.DestroySecretVersionRequest): The request object. Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DestroySecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to destroy in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1323,7 +1356,7 @@ def destroy_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1384,7 +1417,7 @@ def set_iam_policy( [Secret][google.cloud.secretmanager.v1.Secret]. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest): The request object. Request message for `SetIamPolicy` method. @@ -1395,72 +1428,62 @@ def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1499,7 +1522,7 @@ def get_iam_policy( have a policy set. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.GetIamPolicyRequest): The request object. Request message for `GetIamPolicy` method. @@ -1510,72 +1533,62 @@ def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1619,7 +1632,7 @@ def test_iam_permissions( warning. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest): The request object. Request message for `TestIamPermissions` method. @@ -1630,8 +1643,8 @@ def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. diff --git a/google/cloud/secretmanager_v1/services/secret_manager_service/pagers.py b/google/cloud/secretmanager_v1/services/secret_manager_service/pagers.py index 0a8238b..db5a2a1 100644 --- a/google/cloud/secretmanager_v1/services/secret_manager_service/pagers.py +++ b/google/cloud/secretmanager_v1/services/secret_manager_service/pagers.py @@ -25,7 +25,7 @@ class ListSecretsPager: """A pager for iterating through ``list_secrets`` requests. This class thinly wraps an initial - :class:`~.service.ListSecretsResponse` object, and + :class:`google.cloud.secretmanager_v1.types.ListSecretsResponse` object, and provides an ``__iter__`` method to iterate through its ``secrets`` field. @@ -34,7 +34,7 @@ class ListSecretsPager: through the ``secrets`` field on the corresponding responses. - All the usual :class:`~.service.ListSecretsResponse` + All the usual :class:`google.cloud.secretmanager_v1.types.ListSecretsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -52,9 +52,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.service.ListSecretsRequest`): + request (google.cloud.secretmanager_v1.types.ListSecretsRequest): The initial request object. - response (:class:`~.service.ListSecretsResponse`): + response (google.cloud.secretmanager_v1.types.ListSecretsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -87,7 +87,7 @@ class ListSecretsAsyncPager: """A pager for iterating through ``list_secrets`` requests. This class thinly wraps an initial - :class:`~.service.ListSecretsResponse` object, and + :class:`google.cloud.secretmanager_v1.types.ListSecretsResponse` object, and provides an ``__aiter__`` method to iterate through its ``secrets`` field. @@ -96,7 +96,7 @@ class ListSecretsAsyncPager: through the ``secrets`` field on the corresponding responses. - All the usual :class:`~.service.ListSecretsResponse` + All the usual :class:`google.cloud.secretmanager_v1.types.ListSecretsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -114,9 +114,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.service.ListSecretsRequest`): + request (google.cloud.secretmanager_v1.types.ListSecretsRequest): The initial request object. - response (:class:`~.service.ListSecretsResponse`): + response (google.cloud.secretmanager_v1.types.ListSecretsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -153,7 +153,7 @@ class ListSecretVersionsPager: """A pager for iterating through ``list_secret_versions`` requests. This class thinly wraps an initial - :class:`~.service.ListSecretVersionsResponse` object, and + :class:`google.cloud.secretmanager_v1.types.ListSecretVersionsResponse` object, and provides an ``__iter__`` method to iterate through its ``versions`` field. @@ -162,7 +162,7 @@ class ListSecretVersionsPager: through the ``versions`` field on the corresponding responses. - All the usual :class:`~.service.ListSecretVersionsResponse` + All the usual :class:`google.cloud.secretmanager_v1.types.ListSecretVersionsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -180,9 +180,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.service.ListSecretVersionsRequest`): + request (google.cloud.secretmanager_v1.types.ListSecretVersionsRequest): The initial request object. - response (:class:`~.service.ListSecretVersionsResponse`): + response (google.cloud.secretmanager_v1.types.ListSecretVersionsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -215,7 +215,7 @@ class ListSecretVersionsAsyncPager: """A pager for iterating through ``list_secret_versions`` requests. This class thinly wraps an initial - :class:`~.service.ListSecretVersionsResponse` object, and + :class:`google.cloud.secretmanager_v1.types.ListSecretVersionsResponse` object, and provides an ``__aiter__`` method to iterate through its ``versions`` field. @@ -224,7 +224,7 @@ class ListSecretVersionsAsyncPager: through the ``versions`` field on the corresponding responses. - All the usual :class:`~.service.ListSecretVersionsResponse` + All the usual :class:`google.cloud.secretmanager_v1.types.ListSecretVersionsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -242,9 +242,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.service.ListSecretVersionsRequest`): + request (google.cloud.secretmanager_v1.types.ListSecretVersionsRequest): The initial request object. - response (:class:`~.service.ListSecretVersionsResponse`): + response (google.cloud.secretmanager_v1.types.ListSecretVersionsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. diff --git a/google/cloud/secretmanager_v1/types/resources.py b/google/cloud/secretmanager_v1/types/resources.py index b94f55d..23b45cd 100644 --- a/google/cloud/secretmanager_v1/types/resources.py +++ b/google/cloud/secretmanager_v1/types/resources.py @@ -18,6 +18,7 @@ import proto # type: ignore +from google.protobuf import duration_pb2 as duration # type: ignore from google.protobuf import timestamp_pb2 as timestamp # type: ignore @@ -49,17 +50,17 @@ class Secret(proto.Message): Output only. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] in the format ``projects/*/secrets/*``. - replication (~.resources.Replication): + replication (google.cloud.secretmanager_v1.types.Replication): Required. Immutable. The replication policy of the secret data attached to the [Secret][google.cloud.secretmanager.v1.Secret]. The replication policy cannot be changed after the Secret has been created. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): Output only. The time at which the [Secret][google.cloud.secretmanager.v1.Secret] was created. - labels (Sequence[~.resources.Secret.LabelsEntry]): + labels (Sequence[google.cloud.secretmanager_v1.types.Secret.LabelsEntry]): The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a @@ -73,6 +74,14 @@ class Secret(proto.Message): ``[\p{Ll}\p{Lo}\p{N}_-]{0,63}`` No more than 64 labels can be assigned to a given resource. + expire_time (google.protobuf.timestamp_pb2.Timestamp): + Optional. Timestamp in UTC when the + [Secret][google.cloud.secretmanager.v1.Secret] is scheduled + to expire. This is always provided on output, regardless of + what was sent on input. + ttl (google.protobuf.duration_pb2.Duration): + Input only. The TTL for the + [Secret][google.cloud.secretmanager.v1.Secret]. """ name = proto.Field(proto.STRING, number=1) @@ -83,6 +92,14 @@ class Secret(proto.Message): labels = proto.MapField(proto.STRING, proto.STRING, number=4) + expire_time = proto.Field( + proto.MESSAGE, number=6, oneof="expiration", message=timestamp.Timestamp, + ) + + ttl = proto.Field( + proto.MESSAGE, number=7, oneof="expiration", message=duration.Duration, + ) + class SecretVersion(proto.Message): r"""A secret version resource in the Secret Manager API. @@ -97,21 +114,21 @@ class SecretVersion(proto.Message): IDs in a [Secret][google.cloud.secretmanager.v1.Secret] start at 1 and are incremented for each subsequent version of the secret. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): Output only. The time at which the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was created. - destroy_time (~.timestamp.Timestamp): + destroy_time (google.protobuf.timestamp_pb2.Timestamp): Output only. The time this [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was destroyed. Only present if [state][google.cloud.secretmanager.v1.SecretVersion.state] is [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED]. - state (~.resources.SecretVersion.State): + state (google.cloud.secretmanager_v1.types.SecretVersion.State): Output only. The current state of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. - replication_status (~.resources.ReplicationStatus): + replication_status (google.cloud.secretmanager_v1.types.ReplicationStatus): The replication status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. """ @@ -144,10 +161,10 @@ class Replication(proto.Message): configuration of data. Attributes: - automatic (~.resources.Replication.Automatic): + automatic (google.cloud.secretmanager_v1.types.Replication.Automatic): The [Secret][google.cloud.secretmanager.v1.Secret] will automatically be replicated without any restrictions. - user_managed (~.resources.Replication.UserManaged): + user_managed (google.cloud.secretmanager_v1.types.Replication.UserManaged): The [Secret][google.cloud.secretmanager.v1.Secret] will only be replicated into the locations specified. """ @@ -158,7 +175,7 @@ class Automatic(proto.Message): restrictions. Attributes: - customer_managed_encryption (~.resources.CustomerManagedEncryption): + customer_managed_encryption (google.cloud.secretmanager_v1.types.CustomerManagedEncryption): Optional. The customer-managed encryption configuration of the [Secret][google.cloud.secretmanager.v1.Secret]. If no configuration is provided, Google-managed default encryption @@ -183,7 +200,7 @@ class UserManaged(proto.Message): locations specified in [Secret.replication.user_managed.replicas][] Attributes: - replicas (Sequence[~.resources.Replication.UserManaged.Replica]): + replicas (Sequence[google.cloud.secretmanager_v1.types.Replication.UserManaged.Replica]): Required. The list of Replicas for this [Secret][google.cloud.secretmanager.v1.Secret]. @@ -198,7 +215,7 @@ class Replica(proto.Message): location (str): The canonical IDs of the location to replicate data. For example: ``"us-east1"``. - customer_managed_encryption (~.resources.CustomerManagedEncryption): + customer_managed_encryption (google.cloud.secretmanager_v1.types.CustomerManagedEncryption): Optional. The customer-managed encryption configuration of the [User-Managed Replica][Replication.UserManaged.Replica]. If no configuration is provided, Google-managed default @@ -264,7 +281,7 @@ class ReplicationStatus(proto.Message): [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Attributes: - automatic (~.resources.ReplicationStatus.AutomaticStatus): + automatic (google.cloud.secretmanager_v1.types.ReplicationStatus.AutomaticStatus): Describes the replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with automatic replication. @@ -272,7 +289,7 @@ class ReplicationStatus(proto.Message): Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has an automatic replication policy. - user_managed (~.resources.ReplicationStatus.UserManagedStatus): + user_managed (google.cloud.secretmanager_v1.types.ReplicationStatus.UserManagedStatus): Describes the replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with user-managed replication. @@ -292,7 +309,7 @@ class AutomaticStatus(proto.Message): replication policy. Attributes: - customer_managed_encryption (~.resources.CustomerManagedEncryptionStatus): + customer_managed_encryption (google.cloud.secretmanager_v1.types.CustomerManagedEncryptionStatus): Output only. The customer-managed encryption status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only populated if customer-managed encryption is used. @@ -312,7 +329,7 @@ class UserManagedStatus(proto.Message): replication policy. Attributes: - replicas (Sequence[~.resources.ReplicationStatus.UserManagedStatus.ReplicaStatus]): + replicas (Sequence[google.cloud.secretmanager_v1.types.ReplicationStatus.UserManagedStatus.ReplicaStatus]): Output only. The list of replica statuses for the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. """ @@ -325,7 +342,7 @@ class ReplicaStatus(proto.Message): location (str): Output only. The canonical ID of the replica location. For example: ``"us-east1"``. - customer_managed_encryption (~.resources.CustomerManagedEncryptionStatus): + customer_managed_encryption (google.cloud.secretmanager_v1.types.CustomerManagedEncryptionStatus): Output only. The customer-managed encryption status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only populated if customer-managed encryption is used. diff --git a/google/cloud/secretmanager_v1/types/service.py b/google/cloud/secretmanager_v1/types/service.py index 406095d..32c3743 100644 --- a/google/cloud/secretmanager_v1/types/service.py +++ b/google/cloud/secretmanager_v1/types/service.py @@ -76,7 +76,7 @@ class ListSecretsResponse(proto.Message): [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets]. Attributes: - secrets (Sequence[~.resources.Secret]): + secrets (Sequence[google.cloud.secretmanager_v1.types.Secret]): The list of [Secrets][google.cloud.secretmanager.v1.Secret] sorted in reverse by create_time (newest first). next_page_token (str): @@ -116,7 +116,7 @@ class CreateSecretRequest(proto.Message): characters and can contain uppercase and lowercase letters, numerals, and the hyphen (``-``) and underscore (``_``) characters. - secret (~.resources.Secret): + secret (google.cloud.secretmanager_v1.types.Secret): Required. A [Secret][google.cloud.secretmanager.v1.Secret] with initial field values. """ @@ -139,7 +139,7 @@ class AddSecretVersionRequest(proto.Message): with the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format ``projects/*/secrets/*``. - payload (~.resources.SecretPayload): + payload (google.cloud.secretmanager_v1.types.SecretPayload): Required. The secret payload of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. """ @@ -197,7 +197,7 @@ class ListSecretVersionsResponse(proto.Message): [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions]. Attributes: - versions (Sequence[~.resources.SecretVersion]): + versions (Sequence[google.cloud.secretmanager_v1.types.SecretVersion]): The list of [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] sorted in reverse by create_time (newest first). @@ -246,10 +246,10 @@ class UpdateSecretRequest(proto.Message): [SecretManagerService.UpdateSecret][google.cloud.secretmanager.v1.SecretManagerService.UpdateSecret]. Attributes: - secret (~.resources.Secret): + secret (google.cloud.secretmanager_v1.types.Secret): Required. [Secret][google.cloud.secretmanager.v1.Secret] with updated field values. - update_mask (~.field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): Required. Specifies the fields to be updated. """ @@ -281,7 +281,7 @@ class AccessSecretVersionResponse(proto.Message): The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format ``projects/*/secrets/*/versions/*``. - payload (~.resources.SecretPayload): + payload (google.cloud.secretmanager_v1.types.SecretPayload): Secret payload """ diff --git a/google/cloud/secretmanager_v1beta1/services/secret_manager_service/async_client.py b/google/cloud/secretmanager_v1beta1/services/secret_manager_service/async_client.py index db3abf9..96f04dd 100644 --- a/google/cloud/secretmanager_v1beta1/services/secret_manager_service/async_client.py +++ b/google/cloud/secretmanager_v1beta1/services/secret_manager_service/async_client.py @@ -92,6 +92,7 @@ class SecretManagerServiceAsyncClient: SecretManagerServiceClient.parse_common_location_path ) + from_service_account_info = SecretManagerServiceClient.from_service_account_info from_service_account_file = SecretManagerServiceClient.from_service_account_file from_service_account_json = from_service_account_file @@ -169,13 +170,14 @@ async def list_secrets( r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.ListSecretsRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.ListSecretsRequest`): The request object. Request message for [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets]. parent (:class:`str`): Required. The resource name of the project associated with the [Secrets][google.cloud.secrets.v1beta1.Secret], in the format ``projects/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -187,7 +189,7 @@ async def list_secrets( sent along with the request as metadata. Returns: - ~.pagers.ListSecretsAsyncPager: + google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsAsyncPager: Response message for [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets]. @@ -255,13 +257,14 @@ async def create_secret( [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]. Args: - request (:class:`~.service.CreateSecretRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.CreateSecretRequest`): The request object. Request message for [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret]. parent (:class:`str`): Required. The resource name of the project to associate with the [Secret][google.cloud.secrets.v1beta1.Secret], in the format ``projects/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -272,13 +275,15 @@ async def create_secret( characters and can contain uppercase and lowercase letters, numerals, and the hyphen (``-``) and underscore (``_``) characters. + This corresponds to the ``secret_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - secret (:class:`~.resources.Secret`): + secret (:class:`google.cloud.secretmanager_v1beta1.types.Secret`): Required. A [Secret][google.cloud.secrets.v1beta1.Secret] with initial field values. + This corresponds to the ``secret`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -290,14 +295,14 @@ async def create_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secrets.v1beta1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1beta1.types.Secret: + A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secrets.v1beta1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secrets.v1beta1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -358,7 +363,7 @@ async def add_secret_version( [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.AddSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest`): The request object. Request message for [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion]. parent (:class:`str`): @@ -367,12 +372,14 @@ async def add_secret_version( associate with the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format ``projects/*/secrets/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - payload (:class:`~.resources.SecretPayload`): + payload (:class:`google.cloud.secretmanager_v1beta1.types.SecretPayload`): Required. The secret payload of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. + This corresponds to the ``payload`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -384,7 +391,7 @@ async def add_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -442,13 +449,14 @@ async def get_secret( [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.GetSecretRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.GetSecretRequest`): The request object. Request message for [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret]. name (:class:`str`): Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret], in the format ``projects/*/secrets/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -460,14 +468,14 @@ async def get_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secrets.v1beta1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1beta1.types.Secret: + A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secrets.v1beta1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secrets.v1beta1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -522,18 +530,20 @@ async def update_secret( [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.UpdateSecretRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest`): The request object. Request message for [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret]. - secret (:class:`~.resources.Secret`): + secret (:class:`google.cloud.secretmanager_v1beta1.types.Secret`): Required. [Secret][google.cloud.secrets.v1beta1.Secret] with updated field values. + This corresponds to the ``secret`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): Required. Specifies the fields to be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -545,14 +555,14 @@ async def update_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secrets.v1beta1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1beta1.types.Secret: + A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secrets.v1beta1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secrets.v1beta1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -609,13 +619,14 @@ async def delete_secret( r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.DeleteSecretRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest`): The request object. Request message for [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret]. name (:class:`str`): Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] to delete in the format ``projects/*/secrets/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -677,7 +688,7 @@ async def list_secret_versions( This call does not return secret data. Args: - request (:class:`~.service.ListSecretVersionsRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest`): The request object. Request message for [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions]. parent (:class:`str`): @@ -686,6 +697,7 @@ async def list_secret_versions( with the [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] to list, in the format ``projects/*/secrets/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -697,7 +709,7 @@ async def list_secret_versions( sent along with the request as metadata. Returns: - ~.pagers.ListSecretVersionsAsyncPager: + google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsAsyncPager: Response message for [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions]. @@ -766,7 +778,7 @@ async def get_secret_version( [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. Args: - request (:class:`~.service.GetSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest`): The request object. Request message for [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion]. name (:class:`str`): @@ -776,6 +788,7 @@ async def get_secret_version( ``projects/*/secrets/*/versions/latest`` is an alias to the ``latest`` [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -787,7 +800,7 @@ async def get_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -848,13 +861,14 @@ async def access_secret_version( [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. Args: - request (:class:`~.service.AccessSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest`): The request object. Request message for [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion]. name (:class:`str`): Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -866,7 +880,7 @@ async def access_secret_version( sent along with the request as metadata. Returns: - ~.service.AccessSecretVersionResponse: + google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse: Response message for [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion]. @@ -935,7 +949,7 @@ async def disable_secret_version( [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED]. Args: - request (:class:`~.service.DisableSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest`): The request object. Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion]. name (:class:`str`): @@ -943,6 +957,7 @@ async def disable_secret_version( [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to disable in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -954,7 +969,7 @@ async def disable_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1015,7 +1030,7 @@ async def enable_secret_version( [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED]. Args: - request (:class:`~.service.EnableSecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest`): The request object. Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion]. name (:class:`str`): @@ -1023,6 +1038,7 @@ async def enable_secret_version( [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to enable in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1034,7 +1050,7 @@ async def enable_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1096,7 +1112,7 @@ async def destroy_secret_version( and irrevocably destroys the secret data. Args: - request (:class:`~.service.DestroySecretVersionRequest`): + request (:class:`google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest`): The request object. Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion]. name (:class:`str`): @@ -1104,6 +1120,7 @@ async def destroy_secret_version( [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to destroy in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1115,7 +1132,7 @@ async def destroy_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1175,7 +1192,7 @@ async def set_iam_policy( [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.SetIamPolicyRequest`): The request object. Request message for `SetIamPolicy` method. @@ -1186,72 +1203,62 @@ async def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1294,7 +1301,7 @@ async def get_iam_policy( have a policy set. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.GetIamPolicyRequest`): The request object. Request message for `GetIamPolicy` method. @@ -1305,72 +1312,62 @@ async def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1418,7 +1415,7 @@ async def test_iam_permissions( warning. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (:class:`google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest`): The request object. Request message for `TestIamPermissions` method. @@ -1429,8 +1426,8 @@ async def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. diff --git a/google/cloud/secretmanager_v1beta1/services/secret_manager_service/client.py b/google/cloud/secretmanager_v1beta1/services/secret_manager_service/client.py index 0c59d0d..5d3a912 100644 --- a/google/cloud/secretmanager_v1beta1/services/secret_manager_service/client.py +++ b/google/cloud/secretmanager_v1beta1/services/secret_manager_service/client.py @@ -124,6 +124,22 @@ def _get_default_mtls_endpoint(api_endpoint): DEFAULT_ENDPOINT ) + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + SecretManagerServiceClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + @classmethod def from_service_account_file(cls, filename: str, *args, **kwargs): """Creates an instance of this client using the provided credentials @@ -136,7 +152,7 @@ def from_service_account_file(cls, filename: str, *args, **kwargs): kwargs: Additional arguments to pass to the constructor. Returns: - {@api.name}: The constructed client. + SecretManagerServiceClient: The constructed client. """ credentials = service_account.Credentials.from_service_account_file(filename) kwargs["credentials"] = credentials @@ -257,10 +273,10 @@ def __init__( credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. - transport (Union[str, ~.SecretManagerServiceTransport]): The + transport (Union[str, SecretManagerServiceTransport]): The transport to use. If set to None, a transport is chosen automatically. - client_options (client_options_lib.ClientOptions): Custom options for the + client_options (google.api_core.client_options.ClientOptions): Custom options for the client. It won't take effect if a ``transport`` instance is provided. (1) The ``api_endpoint`` property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT @@ -370,13 +386,14 @@ def list_secrets( r"""Lists [Secrets][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.ListSecretsRequest`): + request (google.cloud.secretmanager_v1beta1.types.ListSecretsRequest): The request object. Request message for [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets]. - parent (:class:`str`): + parent (str): Required. The resource name of the project associated with the [Secrets][google.cloud.secrets.v1beta1.Secret], in the format ``projects/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -388,7 +405,7 @@ def list_secrets( sent along with the request as metadata. Returns: - ~.pagers.ListSecretsPager: + google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsPager: Response message for [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets]. @@ -457,30 +474,33 @@ def create_secret( [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]. Args: - request (:class:`~.service.CreateSecretRequest`): + request (google.cloud.secretmanager_v1beta1.types.CreateSecretRequest): The request object. Request message for [SecretManagerService.CreateSecret][google.cloud.secrets.v1beta1.SecretManagerService.CreateSecret]. - parent (:class:`str`): + parent (str): Required. The resource name of the project to associate with the [Secret][google.cloud.secrets.v1beta1.Secret], in the format ``projects/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - secret_id (:class:`str`): + secret_id (str): Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (``-``) and underscore (``_``) characters. + This corresponds to the ``secret_id`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - secret (:class:`~.resources.Secret`): + secret (google.cloud.secretmanager_v1beta1.types.Secret): Required. A [Secret][google.cloud.secrets.v1beta1.Secret] with initial field values. + This corresponds to the ``secret`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -492,14 +512,14 @@ def create_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secrets.v1beta1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1beta1.types.Secret: + A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secrets.v1beta1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secrets.v1beta1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -561,21 +581,23 @@ def add_secret_version( [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.AddSecretVersionRequest`): + request (google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest): The request object. Request message for [SecretManagerService.AddSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AddSecretVersion]. - parent (:class:`str`): + parent (str): Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] to associate with the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format ``projects/*/secrets/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - payload (:class:`~.resources.SecretPayload`): + payload (google.cloud.secretmanager_v1beta1.types.SecretPayload): Required. The secret payload of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. + This corresponds to the ``payload`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -587,7 +609,7 @@ def add_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -646,13 +668,14 @@ def get_secret( [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.GetSecretRequest`): + request (google.cloud.secretmanager_v1beta1.types.GetSecretRequest): The request object. Request message for [SecretManagerService.GetSecret][google.cloud.secrets.v1beta1.SecretManagerService.GetSecret]. - name (:class:`str`): + name (str): Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret], in the format ``projects/*/secrets/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -664,14 +687,14 @@ def get_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secrets.v1beta1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1beta1.types.Secret: + A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secrets.v1beta1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secrets.v1beta1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -727,18 +750,20 @@ def update_secret( [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.UpdateSecretRequest`): + request (google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest): The request object. Request message for [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret]. - secret (:class:`~.resources.Secret`): + secret (google.cloud.secretmanager_v1beta1.types.Secret): Required. [Secret][google.cloud.secrets.v1beta1.Secret] with updated field values. + This corresponds to the ``secret`` field on the ``request`` instance; if ``request`` is provided, this should not be set. - update_mask (:class:`~.field_mask.FieldMask`): + update_mask (google.protobuf.field_mask_pb2.FieldMask): Required. Specifies the fields to be updated. + This corresponds to the ``update_mask`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -750,14 +775,14 @@ def update_secret( sent along with the request as metadata. Returns: - ~.resources.Secret: - A [Secret][google.cloud.secrets.v1beta1.Secret] is a - logical secret whose value and versions can be accessed. + google.cloud.secretmanager_v1beta1.types.Secret: + A [Secret][google.cloud.secrets.v1beta1.Secret] is a logical secret whose value and versions can + be accessed. - A [Secret][google.cloud.secrets.v1beta1.Secret] is made - up of zero or more - [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] - that represent the secret data. + A [Secret][google.cloud.secrets.v1beta1.Secret] is + made up of zero or more + [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] + that represent the secret data. """ # Create or coerce a protobuf request object. @@ -815,13 +840,14 @@ def delete_secret( r"""Deletes a [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.service.DeleteSecretRequest`): + request (google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest): The request object. Request message for [SecretManagerService.DeleteSecret][google.cloud.secrets.v1beta1.SecretManagerService.DeleteSecret]. - name (:class:`str`): + name (str): Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] to delete in the format ``projects/*/secrets/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -884,15 +910,16 @@ def list_secret_versions( This call does not return secret data. Args: - request (:class:`~.service.ListSecretVersionsRequest`): + request (google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest): The request object. Request message for [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions]. - parent (:class:`str`): + parent (str): Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] associated with the [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] to list, in the format ``projects/*/secrets/*``. + This corresponds to the ``parent`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -904,7 +931,7 @@ def list_secret_versions( sent along with the request as metadata. Returns: - ~.pagers.ListSecretVersionsPager: + google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsPager: Response message for [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions]. @@ -974,16 +1001,17 @@ def get_secret_version( [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. Args: - request (:class:`~.service.GetSecretVersionRequest`): + request (google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest): The request object. Request message for [SecretManagerService.GetSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.GetSecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format ``projects/*/secrets/*/versions/*``. ``projects/*/secrets/*/versions/latest`` is an alias to the ``latest`` [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -995,7 +1023,7 @@ def get_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1057,13 +1085,14 @@ def access_secret_version( [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. Args: - request (:class:`~.service.AccessSecretVersionRequest`): + request (google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest): The request object. Request message for [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1075,7 +1104,7 @@ def access_secret_version( sent along with the request as metadata. Returns: - ~.service.AccessSecretVersionResponse: + google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse: Response message for [SecretManagerService.AccessSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.AccessSecretVersion]. @@ -1137,14 +1166,15 @@ def disable_secret_version( [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED]. Args: - request (:class:`~.service.DisableSecretVersionRequest`): + request (google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest): The request object. Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DisableSecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to disable in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1156,7 +1186,7 @@ def disable_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1218,14 +1248,15 @@ def enable_secret_version( [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED]. Args: - request (:class:`~.service.EnableSecretVersionRequest`): + request (google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest): The request object. Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.EnableSecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to enable in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1237,7 +1268,7 @@ def enable_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1300,14 +1331,15 @@ def destroy_secret_version( and irrevocably destroys the secret data. Args: - request (:class:`~.service.DestroySecretVersionRequest`): + request (google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest): The request object. Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secrets.v1beta1.SecretManagerService.DestroySecretVersion]. - name (:class:`str`): + name (str): Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to destroy in the format ``projects/*/secrets/*/versions/*``. + This corresponds to the ``name`` field on the ``request`` instance; if ``request`` is provided, this should not be set. @@ -1319,7 +1351,7 @@ def destroy_secret_version( sent along with the request as metadata. Returns: - ~.resources.SecretVersion: + google.cloud.secretmanager_v1beta1.types.SecretVersion: A secret version resource in the Secret Manager API. @@ -1380,7 +1412,7 @@ def set_iam_policy( [Secret][google.cloud.secrets.v1beta1.Secret]. Args: - request (:class:`~.iam_policy.SetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest): The request object. Request message for `SetIamPolicy` method. @@ -1391,72 +1423,62 @@ def set_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1495,7 +1517,7 @@ def get_iam_policy( have a policy set. Args: - request (:class:`~.iam_policy.GetIamPolicyRequest`): + request (google.iam.v1.iam_policy_pb2.GetIamPolicyRequest): The request object. Request message for `GetIamPolicy` method. @@ -1506,72 +1528,62 @@ def get_iam_policy( sent along with the request as metadata. Returns: - ~.policy.Policy: - Defines an Identity and Access Management (IAM) policy. - It is used to specify access control policies for Cloud - Platform resources. - - A ``Policy`` is a collection of ``bindings``. A - ``binding`` binds one or more ``members`` to a single - ``role``. Members can be user accounts, service - accounts, Google groups, and domains (such as G Suite). - A ``role`` is a named list of permissions (defined by - IAM or configured by users). A ``binding`` can - optionally specify a ``condition``, which is a logic - expression that further constrains the role binding - based on attributes about the request and/or target - resource. - - **JSON Example** - - :: - - { - "bindings": [ - { - "role": "roles/resourcemanager.organizationAdmin", - "members": [ - "user:mike@example.com", - "group:admins@example.com", - "domain:google.com", - "serviceAccount:my-project-id@appspot.gserviceaccount.com" - ] - }, - { - "role": "roles/resourcemanager.organizationViewer", - "members": ["user:eve@example.com"], - "condition": { - "title": "expirable access", - "description": "Does not grant access after Sep 2020", - "expression": "request.time < - timestamp('2020-10-01T00:00:00.000Z')", - } - } - ] - } - - **YAML Example** - - :: - - bindings: - - members: - - user:mike@example.com - - group:admins@example.com - - domain:google.com - - serviceAccount:my-project-id@appspot.gserviceaccount.com - role: roles/resourcemanager.organizationAdmin - - members: - - user:eve@example.com - role: roles/resourcemanager.organizationViewer - condition: - title: expirable access - description: Does not grant access after Sep 2020 - expression: request.time < timestamp('2020-10-01T00:00:00.000Z') - - For a description of IAM and its features, see the `IAM - developer's - guide `__. + google.iam.v1.policy_pb2.Policy: + Defines an Identity and Access Management (IAM) policy. It is used to + specify access control policies for Cloud Platform + resources. + + A Policy is a collection of bindings. A binding binds + one or more members to a single role. Members can be + user accounts, service accounts, Google groups, and + domains (such as G Suite). A role is a named list of + permissions (defined by IAM or configured by users). + A binding can optionally specify a condition, which + is a logic expression that further constrains the + role binding based on attributes about the request + and/or target resource. + + **JSON Example** + + { + "bindings": [ + { + "role": + "roles/resourcemanager.organizationAdmin", + "members": [ "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + + }, { "role": + "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { "title": "expirable access", + "description": "Does not grant access after + Sep 2020", "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", } } + + ] + + } + + **YAML Example** + + bindings: - members: - user:\ mike@example.com - + group:\ admins@example.com - domain:google.com - + serviceAccount:\ my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin - + members: - user:\ eve@example.com role: + roles/resourcemanager.organizationViewer + condition: title: expirable access description: + Does not grant access after Sep 2020 expression: + request.time < + timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the + [IAM developer's + guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. @@ -1615,7 +1627,7 @@ def test_iam_permissions( warning. Args: - request (:class:`~.iam_policy.TestIamPermissionsRequest`): + request (google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest): The request object. Request message for `TestIamPermissions` method. @@ -1626,8 +1638,8 @@ def test_iam_permissions( sent along with the request as metadata. Returns: - ~.iam_policy.TestIamPermissionsResponse: - Response message for ``TestIamPermissions`` method. + google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse: + Response message for TestIamPermissions method. """ # Create or coerce a protobuf request object. diff --git a/google/cloud/secretmanager_v1beta1/services/secret_manager_service/pagers.py b/google/cloud/secretmanager_v1beta1/services/secret_manager_service/pagers.py index db9122e..32f4866 100644 --- a/google/cloud/secretmanager_v1beta1/services/secret_manager_service/pagers.py +++ b/google/cloud/secretmanager_v1beta1/services/secret_manager_service/pagers.py @@ -25,7 +25,7 @@ class ListSecretsPager: """A pager for iterating through ``list_secrets`` requests. This class thinly wraps an initial - :class:`~.service.ListSecretsResponse` object, and + :class:`google.cloud.secretmanager_v1beta1.types.ListSecretsResponse` object, and provides an ``__iter__`` method to iterate through its ``secrets`` field. @@ -34,7 +34,7 @@ class ListSecretsPager: through the ``secrets`` field on the corresponding responses. - All the usual :class:`~.service.ListSecretsResponse` + All the usual :class:`google.cloud.secretmanager_v1beta1.types.ListSecretsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -52,9 +52,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.service.ListSecretsRequest`): + request (google.cloud.secretmanager_v1beta1.types.ListSecretsRequest): The initial request object. - response (:class:`~.service.ListSecretsResponse`): + response (google.cloud.secretmanager_v1beta1.types.ListSecretsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -87,7 +87,7 @@ class ListSecretsAsyncPager: """A pager for iterating through ``list_secrets`` requests. This class thinly wraps an initial - :class:`~.service.ListSecretsResponse` object, and + :class:`google.cloud.secretmanager_v1beta1.types.ListSecretsResponse` object, and provides an ``__aiter__`` method to iterate through its ``secrets`` field. @@ -96,7 +96,7 @@ class ListSecretsAsyncPager: through the ``secrets`` field on the corresponding responses. - All the usual :class:`~.service.ListSecretsResponse` + All the usual :class:`google.cloud.secretmanager_v1beta1.types.ListSecretsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -114,9 +114,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.service.ListSecretsRequest`): + request (google.cloud.secretmanager_v1beta1.types.ListSecretsRequest): The initial request object. - response (:class:`~.service.ListSecretsResponse`): + response (google.cloud.secretmanager_v1beta1.types.ListSecretsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -153,7 +153,7 @@ class ListSecretVersionsPager: """A pager for iterating through ``list_secret_versions`` requests. This class thinly wraps an initial - :class:`~.service.ListSecretVersionsResponse` object, and + :class:`google.cloud.secretmanager_v1beta1.types.ListSecretVersionsResponse` object, and provides an ``__iter__`` method to iterate through its ``versions`` field. @@ -162,7 +162,7 @@ class ListSecretVersionsPager: through the ``versions`` field on the corresponding responses. - All the usual :class:`~.service.ListSecretVersionsResponse` + All the usual :class:`google.cloud.secretmanager_v1beta1.types.ListSecretVersionsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -180,9 +180,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.service.ListSecretVersionsRequest`): + request (google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest): The initial request object. - response (:class:`~.service.ListSecretVersionsResponse`): + response (google.cloud.secretmanager_v1beta1.types.ListSecretVersionsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. @@ -215,7 +215,7 @@ class ListSecretVersionsAsyncPager: """A pager for iterating through ``list_secret_versions`` requests. This class thinly wraps an initial - :class:`~.service.ListSecretVersionsResponse` object, and + :class:`google.cloud.secretmanager_v1beta1.types.ListSecretVersionsResponse` object, and provides an ``__aiter__`` method to iterate through its ``versions`` field. @@ -224,7 +224,7 @@ class ListSecretVersionsAsyncPager: through the ``versions`` field on the corresponding responses. - All the usual :class:`~.service.ListSecretVersionsResponse` + All the usual :class:`google.cloud.secretmanager_v1beta1.types.ListSecretVersionsResponse` attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup. """ @@ -242,9 +242,9 @@ def __init__( Args: method (Callable): The method that was originally called, and which instantiated this pager. - request (:class:`~.service.ListSecretVersionsRequest`): + request (google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest): The initial request object. - response (:class:`~.service.ListSecretVersionsResponse`): + response (google.cloud.secretmanager_v1beta1.types.ListSecretVersionsResponse): The initial response object. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. diff --git a/google/cloud/secretmanager_v1beta1/types/resources.py b/google/cloud/secretmanager_v1beta1/types/resources.py index 05959ea..f6eaa67 100644 --- a/google/cloud/secretmanager_v1beta1/types/resources.py +++ b/google/cloud/secretmanager_v1beta1/types/resources.py @@ -40,17 +40,17 @@ class Secret(proto.Message): Output only. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] in the format ``projects/*/secrets/*``. - replication (~.resources.Replication): + replication (google.cloud.secretmanager_v1beta1.types.Replication): Required. Immutable. The replication policy of the secret data attached to the [Secret][google.cloud.secrets.v1beta1.Secret]. The replication policy cannot be changed after the Secret has been created. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): Output only. The time at which the [Secret][google.cloud.secrets.v1beta1.Secret] was created. - labels (Sequence[~.resources.Secret.LabelsEntry]): + labels (Sequence[google.cloud.secretmanager_v1beta1.types.Secret.LabelsEntry]): The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a @@ -88,17 +88,17 @@ class SecretVersion(proto.Message): IDs in a [Secret][google.cloud.secrets.v1beta1.Secret] start at 1 and are incremented for each subsequent version of the secret. - create_time (~.timestamp.Timestamp): + create_time (google.protobuf.timestamp_pb2.Timestamp): Output only. The time at which the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] was created. - destroy_time (~.timestamp.Timestamp): + destroy_time (google.protobuf.timestamp_pb2.Timestamp): Output only. The time this [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] was destroyed. Only present if [state][google.cloud.secrets.v1beta1.SecretVersion.state] is [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED]. - state (~.resources.SecretVersion.State): + state (google.cloud.secretmanager_v1beta1.types.SecretVersion.State): Output only. The current state of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. """ @@ -126,10 +126,10 @@ class Replication(proto.Message): r"""A policy that defines the replication configuration of data. Attributes: - automatic (~.resources.Replication.Automatic): + automatic (google.cloud.secretmanager_v1beta1.types.Replication.Automatic): The [Secret][google.cloud.secrets.v1beta1.Secret] will automatically be replicated without any restrictions. - user_managed (~.resources.Replication.UserManaged): + user_managed (google.cloud.secretmanager_v1beta1.types.Replication.UserManaged): The [Secret][google.cloud.secrets.v1beta1.Secret] will only be replicated into the locations specified. """ @@ -146,7 +146,7 @@ class UserManaged(proto.Message): locations specified in [Secret.replication.user_managed.replicas][] Attributes: - replicas (Sequence[~.resources.Replication.UserManaged.Replica]): + replicas (Sequence[google.cloud.secretmanager_v1beta1.types.Replication.UserManaged.Replica]): Required. The list of Replicas for this [Secret][google.cloud.secrets.v1beta1.Secret]. diff --git a/google/cloud/secretmanager_v1beta1/types/service.py b/google/cloud/secretmanager_v1beta1/types/service.py index 46b1d61..fe05d19 100644 --- a/google/cloud/secretmanager_v1beta1/types/service.py +++ b/google/cloud/secretmanager_v1beta1/types/service.py @@ -76,7 +76,7 @@ class ListSecretsResponse(proto.Message): [SecretManagerService.ListSecrets][google.cloud.secrets.v1beta1.SecretManagerService.ListSecrets]. Attributes: - secrets (Sequence[~.resources.Secret]): + secrets (Sequence[google.cloud.secretmanager_v1beta1.types.Secret]): The list of [Secrets][google.cloud.secrets.v1beta1.Secret] sorted in reverse by create_time (newest first). next_page_token (str): @@ -116,7 +116,7 @@ class CreateSecretRequest(proto.Message): characters and can contain uppercase and lowercase letters, numerals, and the hyphen (``-``) and underscore (``_``) characters. - secret (~.resources.Secret): + secret (google.cloud.secretmanager_v1beta1.types.Secret): Required. A [Secret][google.cloud.secrets.v1beta1.Secret] with initial field values. """ @@ -139,7 +139,7 @@ class AddSecretVersionRequest(proto.Message): with the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format ``projects/*/secrets/*``. - payload (~.resources.SecretPayload): + payload (google.cloud.secretmanager_v1beta1.types.SecretPayload): Required. The secret payload of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. """ @@ -197,7 +197,7 @@ class ListSecretVersionsResponse(proto.Message): [SecretManagerService.ListSecretVersions][google.cloud.secrets.v1beta1.SecretManagerService.ListSecretVersions]. Attributes: - versions (Sequence[~.resources.SecretVersion]): + versions (Sequence[google.cloud.secretmanager_v1beta1.types.SecretVersion]): The list of [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] sorted in reverse by create_time (newest first). @@ -246,10 +246,10 @@ class UpdateSecretRequest(proto.Message): [SecretManagerService.UpdateSecret][google.cloud.secrets.v1beta1.SecretManagerService.UpdateSecret]. Attributes: - secret (~.resources.Secret): + secret (google.cloud.secretmanager_v1beta1.types.Secret): Required. [Secret][google.cloud.secrets.v1beta1.Secret] with updated field values. - update_mask (~.field_mask.FieldMask): + update_mask (google.protobuf.field_mask_pb2.FieldMask): Required. Specifies the fields to be updated. """ @@ -281,7 +281,7 @@ class AccessSecretVersionResponse(proto.Message): The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format ``projects/*/secrets/*/versions/*``. - payload (~.resources.SecretPayload): + payload (google.cloud.secretmanager_v1beta1.types.SecretPayload): Secret payload """ diff --git a/synth.metadata b/synth.metadata index d2de210..c78eabd 100644 --- a/synth.metadata +++ b/synth.metadata @@ -11,8 +11,8 @@ "git": { "name": "googleapis", "remote": "https://github.com/googleapis/googleapis.git", - "sha": "dd372aa22ded7a8ba6f0e03a80e06358a3fa0907", - "internalRef": "347055288" + "sha": "9ecdacc9a00e1dd443b11bf10215d6e7648db8a7", + "internalRef": "352563582" } }, { @@ -51,6 +51,7 @@ } ], "generatedFiles": [ + ".coveragerc", ".flake8", ".github/CONTRIBUTING.md", ".github/ISSUE_TEMPLATE/bug_report.md", @@ -104,8 +105,10 @@ "docs/_templates/layout.html", "docs/conf.py", "docs/multiprocessing.rst", + "docs/secretmanager_v1/secret_manager_service.rst", "docs/secretmanager_v1/services.rst", "docs/secretmanager_v1/types.rst", + "docs/secretmanager_v1beta1/secret_manager_service.rst", "docs/secretmanager_v1beta1/services.rst", "docs/secretmanager_v1beta1/types.rst", "google/cloud/secretmanager/__init__.py", diff --git a/tests/unit/gapic/secretmanager_v1/test_secret_manager_service.py b/tests/unit/gapic/secretmanager_v1/test_secret_manager_service.py index a97340c..f01241a 100644 --- a/tests/unit/gapic/secretmanager_v1/test_secret_manager_service.py +++ b/tests/unit/gapic/secretmanager_v1/test_secret_manager_service.py @@ -46,6 +46,7 @@ from google.iam.v1 import options_pb2 as options # type: ignore from google.iam.v1 import policy_pb2 as policy # type: ignore from google.oauth2 import service_account +from google.protobuf import duration_pb2 as duration # type: ignore from google.protobuf import field_mask_pb2 as field_mask # type: ignore from google.protobuf import timestamp_pb2 as timestamp # type: ignore from google.type import expr_pb2 as expr # type: ignore @@ -96,8 +97,21 @@ def test__get_default_mtls_endpoint(): ) +def test_secret_manager_service_client_from_service_account_info(): + creds = credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = SecretManagerServiceClient.from_service_account_info(info) + assert client.transport._credentials == creds + + assert client.transport._host == "secretmanager.googleapis.com:443" + + @pytest.mark.parametrize( - "client_class", [SecretManagerServiceClient, SecretManagerServiceAsyncClient] + "client_class", [SecretManagerServiceClient, SecretManagerServiceAsyncClient,] ) def test_secret_manager_service_client_from_service_account_file(client_class): creds = credentials.AnonymousCredentials() @@ -116,7 +130,10 @@ def test_secret_manager_service_client_from_service_account_file(client_class): def test_secret_manager_service_client_get_transport_class(): transport = SecretManagerServiceClient.get_transport_class() - assert transport == transports.SecretManagerServiceGrpcTransport + available_transports = [ + transports.SecretManagerServiceGrpcTransport, + ] + assert transport in available_transports transport = SecretManagerServiceClient.get_transport_class("grpc") assert transport == transports.SecretManagerServiceGrpcTransport @@ -814,7 +831,9 @@ def test_create_secret( # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client.transport.create_secret), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = resources.Secret(name="name_value",) + call.return_value = resources.Secret( + name="name_value", expire_time=timestamp.Timestamp(seconds=751), + ) response = client.create_secret(request) @@ -1256,7 +1275,9 @@ def test_get_secret(transport: str = "grpc", request_type=service.GetSecretReque # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client.transport.get_secret), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = resources.Secret(name="name_value",) + call.return_value = resources.Secret( + name="name_value", expire_time=timestamp.Timestamp(seconds=751), + ) response = client.get_secret(request) @@ -1449,7 +1470,9 @@ def test_update_secret( # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client.transport.update_secret), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = resources.Secret(name="name_value",) + call.return_value = resources.Secret( + name="name_value", expire_time=timestamp.Timestamp(seconds=751), + ) response = client.update_secret(request) @@ -3908,7 +3931,7 @@ def test_secret_manager_service_host_with_port(): def test_secret_manager_service_grpc_transport_channel(): - channel = grpc.insecure_channel("http://localhost/") + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecretManagerServiceGrpcTransport( @@ -3920,7 +3943,7 @@ def test_secret_manager_service_grpc_transport_channel(): def test_secret_manager_service_grpc_asyncio_transport_channel(): - channel = aio.insecure_channel("http://localhost/") + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecretManagerServiceGrpcAsyncIOTransport( @@ -3945,7 +3968,7 @@ def test_secret_manager_service_transport_channel_mtls_with_client_cert_source( "grpc.ssl_channel_credentials", autospec=True ) as grpc_ssl_channel_cred: with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_ssl_cred = mock.Mock() grpc_ssl_channel_cred.return_value = mock_ssl_cred @@ -3998,7 +4021,7 @@ def test_secret_manager_service_transport_channel_mtls_with_adc(transport_class) ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), ): with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_grpc_channel = mock.Mock() grpc_create_channel.return_value = mock_grpc_channel diff --git a/tests/unit/gapic/secretmanager_v1beta1/test_secret_manager_service.py b/tests/unit/gapic/secretmanager_v1beta1/test_secret_manager_service.py index 7975256..64bc147 100644 --- a/tests/unit/gapic/secretmanager_v1beta1/test_secret_manager_service.py +++ b/tests/unit/gapic/secretmanager_v1beta1/test_secret_manager_service.py @@ -98,8 +98,21 @@ def test__get_default_mtls_endpoint(): ) +def test_secret_manager_service_client_from_service_account_info(): + creds = credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_info" + ) as factory: + factory.return_value = creds + info = {"valid": True} + client = SecretManagerServiceClient.from_service_account_info(info) + assert client.transport._credentials == creds + + assert client.transport._host == "secretmanager.googleapis.com:443" + + @pytest.mark.parametrize( - "client_class", [SecretManagerServiceClient, SecretManagerServiceAsyncClient] + "client_class", [SecretManagerServiceClient, SecretManagerServiceAsyncClient,] ) def test_secret_manager_service_client_from_service_account_file(client_class): creds = credentials.AnonymousCredentials() @@ -118,7 +131,10 @@ def test_secret_manager_service_client_from_service_account_file(client_class): def test_secret_manager_service_client_get_transport_class(): transport = SecretManagerServiceClient.get_transport_class() - assert transport == transports.SecretManagerServiceGrpcTransport + available_transports = [ + transports.SecretManagerServiceGrpcTransport, + ] + assert transport in available_transports transport = SecretManagerServiceClient.get_transport_class("grpc") assert transport == transports.SecretManagerServiceGrpcTransport @@ -3910,7 +3926,7 @@ def test_secret_manager_service_host_with_port(): def test_secret_manager_service_grpc_transport_channel(): - channel = grpc.insecure_channel("http://localhost/") + channel = grpc.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecretManagerServiceGrpcTransport( @@ -3922,7 +3938,7 @@ def test_secret_manager_service_grpc_transport_channel(): def test_secret_manager_service_grpc_asyncio_transport_channel(): - channel = aio.insecure_channel("http://localhost/") + channel = aio.secure_channel("http://localhost/", grpc.local_channel_credentials()) # Check that channel is used if provided. transport = transports.SecretManagerServiceGrpcAsyncIOTransport( @@ -3947,7 +3963,7 @@ def test_secret_manager_service_transport_channel_mtls_with_client_cert_source( "grpc.ssl_channel_credentials", autospec=True ) as grpc_ssl_channel_cred: with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_ssl_cred = mock.Mock() grpc_ssl_channel_cred.return_value = mock_ssl_cred @@ -4000,7 +4016,7 @@ def test_secret_manager_service_transport_channel_mtls_with_adc(transport_class) ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), ): with mock.patch.object( - transport_class, "create_channel", autospec=True + transport_class, "create_channel" ) as grpc_create_channel: mock_grpc_channel = mock.Mock() grpc_create_channel.return_value = mock_grpc_channel