From 54f92e8c78cf9c44ecee73471cd45dd28dcdfb4e Mon Sep 17 00:00:00 2001 From: Owl Bot Date: Thu, 31 Jul 2025 08:57:31 +0000 Subject: [PATCH 1/2] feat: Introducing new Grant states for Withdrawal operation PiperOrigin-RevId: 789206965 Source-Link: https://github.com/googleapis/googleapis/commit/fb0d2d75cadbe06b2ab06baf7239f279d907fc7c Source-Link: https://github.com/googleapis/googleapis-gen/commit/fc7a38c3b7fb08d37a613f22954343dc30443832 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXByaXZpbGVnZWRhY2Nlc3NtYW5hZ2VyLy5Pd2xCb3QueWFtbCIsImgiOiJmYzdhMzhjM2I3ZmIwOGQzN2E2MTNmMjI5NTQzNDNkYzMwNDQzODMyIn0= --- .../v1/.coveragerc | 13 + .../v1/.flake8 | 34 + .../v1/LICENSE | 202 + .../v1/MANIFEST.in | 20 + .../v1/README.rst | 143 + .../v1/docs/_static/custom.css | 20 + .../v1/docs/_templates/layout.html | 50 + .../v1/docs/conf.py | 385 + .../v1/docs/index.rst | 10 + .../v1/docs/multiprocessing.rst | 7 + .../privileged_access_manager.rst | 10 + .../privilegedaccessmanager_v1/services_.rst | 6 + .../privilegedaccessmanager_v1/types_.rst | 6 + .../cloud/privilegedaccessmanager/__init__.py | 81 + .../privilegedaccessmanager/gapic_version.py | 16 + .../cloud/privilegedaccessmanager/py.typed | 2 + .../privilegedaccessmanager_v1/__init__.py | 82 + .../gapic_metadata.json | 238 + .../gapic_version.py | 16 + .../cloud/privilegedaccessmanager_v1/py.typed | 2 + .../services/__init__.py | 15 + .../privileged_access_manager/__init__.py | 22 + .../privileged_access_manager/async_client.py | 2115 +++ .../privileged_access_manager/client.py | 2488 ++++ .../privileged_access_manager/pagers.py | 583 + .../transports/README.rst | 9 + .../transports/__init__.py | 38 + .../transports/base.py | 417 + .../transports/grpc.py | 852 ++ .../transports/grpc_asyncio.py | 963 ++ .../transports/rest.py | 3381 +++++ .../transports/rest_base.py | 960 ++ .../types/__init__.py | 74 + .../types/privilegedaccessmanager.py | 1736 +++ .../v1/mypy.ini | 3 + .../v1/noxfile.py | 591 + ...eged_access_manager_approve_grant_async.py | 52 + ...leged_access_manager_approve_grant_sync.py | 52 + ...s_manager_check_onboarding_status_async.py | 52 + ...ss_manager_check_onboarding_status_sync.py | 52 + ...access_manager_create_entitlement_async.py | 57 + ..._access_manager_create_entitlement_sync.py | 57 + ...leged_access_manager_create_grant_async.py | 52 + ...ileged_access_manager_create_grant_sync.py | 52 + ...access_manager_delete_entitlement_async.py | 56 + ..._access_manager_delete_entitlement_sync.py | 56 + ...vileged_access_manager_deny_grant_async.py | 52 + ...ivileged_access_manager_deny_grant_sync.py | 52 + ...ed_access_manager_get_entitlement_async.py | 52 + ...ged_access_manager_get_entitlement_sync.py | 52 + ...ivileged_access_manager_get_grant_async.py | 52 + ...rivileged_access_manager_get_grant_sync.py | 52 + ..._access_manager_list_entitlements_async.py | 53 + ...d_access_manager_list_entitlements_sync.py | 53 + ...ileged_access_manager_list_grants_async.py | 53 + ...vileged_access_manager_list_grants_sync.py | 53 + ...leged_access_manager_revoke_grant_async.py | 56 + ...ileged_access_manager_revoke_grant_sync.py | 56 + ...ccess_manager_search_entitlements_async.py | 54 + ...access_manager_search_entitlements_sync.py | 54 + ...eged_access_manager_search_grants_async.py | 54 + ...leged_access_manager_search_grants_sync.py | 54 + ...access_manager_update_entitlement_async.py | 55 + ..._access_manager_update_entitlement_sync.py | 55 + ...ogle.cloud.privilegedaccessmanager.v1.json | 2253 +++ ...xup_privilegedaccessmanager_v1_keywords.py | 189 + .../v1/setup.py | 98 + .../v1/testing/constraints-3.10.txt | 6 + .../v1/testing/constraints-3.11.txt | 6 + .../v1/testing/constraints-3.12.txt | 6 + .../v1/testing/constraints-3.13.txt | 11 + .../v1/testing/constraints-3.7.txt | 10 + .../v1/testing/constraints-3.8.txt | 6 + .../v1/testing/constraints-3.9.txt | 6 + .../v1/tests/__init__.py | 16 + .../v1/tests/unit/__init__.py | 16 + .../v1/tests/unit/gapic/__init__.py | 16 + .../privilegedaccessmanager_v1/__init__.py | 16 + .../test_privileged_access_manager.py | 12358 ++++++++++++++++ 79 files changed, 32103 insertions(+) create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.coveragerc create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.flake8 create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/LICENSE create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/MANIFEST.in create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/README.rst create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_static/custom.css create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_templates/layout.html create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/conf.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/index.rst create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/multiprocessing.rst create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/privileged_access_manager.rst create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/services_.rst create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/types_.rst create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/gapic_version.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/py.typed create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_metadata.json create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_version.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/py.typed create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/pagers.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/README.rst create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/base.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc_asyncio.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest_base.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/mypy.ini create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/noxfile.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/scripts/fixup_privilegedaccessmanager_v1_keywords.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/setup.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.10.txt create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.11.txt create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.12.txt create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.13.txt create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.7.txt create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.8.txt create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.9.txt create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/__init__.py create mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.coveragerc b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.coveragerc new file mode 100644 index 000000000000..85ba59bc71ba --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.coveragerc @@ -0,0 +1,13 @@ +[run] +branch = True + +[report] +show_missing = True +omit = + google/cloud/privilegedaccessmanager/__init__.py + google/cloud/privilegedaccessmanager/gapic_version.py +exclude_lines = + # Re-enable the standard pragma + pragma: NO COVER + # Ignore debug-only repr + def __repr__ diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.flake8 b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.flake8 new file mode 100644 index 000000000000..90316de21489 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.flake8 @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +[flake8] +# TODO(https://github.com/googleapis/gapic-generator-python/issues/2333): +# Resolve flake8 lint issues +ignore = E203, E231, E266, E501, W503 +exclude = + # TODO(https://github.com/googleapis/gapic-generator-python/issues/2333): + # Ensure that generated code passes flake8 lint + **/gapic/** + **/services/** + **/types/** + # Exclude Protobuf gencode + *_pb2.py + + # Standard linting exemptions. + **/.nox/** + __pycache__, + .git, + *.pyc, + conf.py diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/LICENSE b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/LICENSE new file mode 100644 index 000000000000..d64569567334 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/MANIFEST.in b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/MANIFEST.in new file mode 100644 index 000000000000..dae249ec8976 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/MANIFEST.in @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +include README.rst LICENSE +recursive-include google *.py *.pyi *.json *.proto py.typed +recursive-include tests * +global-exclude *.py[co] +global-exclude __pycache__ diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/README.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/README.rst new file mode 100644 index 000000000000..5dd6962db8d2 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/README.rst @@ -0,0 +1,143 @@ +Python Client for Google Cloud Privilegedaccessmanager API +================================================= + +Quick Start +----------- + +In order to use this library, you first need to go through the following steps: + +1. `Select or create a Cloud Platform project.`_ +2. `Enable billing for your project.`_ +3. Enable the Google Cloud Privilegedaccessmanager API. +4. `Setup Authentication.`_ + +.. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project +.. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project +.. _Setup Authentication.: https://googleapis.dev/python/google-api-core/latest/auth.html + +Installation +~~~~~~~~~~~~ + +Install this library in a `virtualenv`_ using pip. `virtualenv`_ is a tool to +create isolated Python environments. The basic problem it addresses is one of +dependencies and versions, and indirectly permissions. + +With `virtualenv`_, it's possible to install this library without needing system +install permissions, and without clashing with the installed system +dependencies. + +.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/ + + +Mac/Linux +^^^^^^^^^ + +.. code-block:: console + + python3 -m venv + source /bin/activate + /bin/pip install /path/to/library + + +Windows +^^^^^^^ + +.. code-block:: console + + python3 -m venv + \Scripts\activate + \Scripts\pip.exe install \path\to\library + + +Logging +------- + +This library uses the standard Python :code:`logging` functionality to log some RPC events that could be of interest for debugging and monitoring purposes. +Note the following: + +#. Logs may contain sensitive information. Take care to **restrict access to the logs** if they are saved, whether it be on local storage or on Google Cloud Logging. +#. Google may refine the occurrence, level, and content of various log messages in this library without flagging such changes as breaking. **Do not depend on immutability of the logging events**. +#. By default, the logging events from this library are not handled. You must **explicitly configure log handling** using one of the mechanisms below. + + +Simple, environment-based configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To enable logging for this library without any changes in your code, set the :code:`GOOGLE_SDK_PYTHON_LOGGING_SCOPE` environment variable to a valid Google +logging scope. This configures handling of logging events (at level :code:`logging.DEBUG` or higher) from this library in a default manner, emitting the logged +messages in a structured format. It does not currently allow customizing the logging levels captured nor the handlers, formatters, etc. used for any logging +event. + +A logging scope is a period-separated namespace that begins with :code:`google`, identifying the Python module or package to log. + +- Valid logging scopes: :code:`google`, :code:`google.cloud.asset.v1`, :code:`google.api`, :code:`google.auth`, etc. +- Invalid logging scopes: :code:`foo`, :code:`123`, etc. + +**NOTE**: If the logging scope is invalid, the library does not set up any logging handlers. + + +Examples +^^^^^^^^ + +- Enabling the default handler for all Google-based loggers + +.. code-block:: console + + export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google + +- Enabling the default handler for a specific Google module (for a client library called :code:`library_v1`): + +.. code-block:: console + + export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google.cloud.library_v1 + + +Advanced, code-based configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +You can also configure a valid logging scope using Python's standard `logging` mechanism. + + +Examples +^^^^^^^^ + +- Configuring a handler for all Google-based loggers + +.. code-block:: python + + import logging + + from google.cloud.translate_v3 import translate + + base_logger = logging.getLogger("google") + base_logger.addHandler(logging.StreamHandler()) + base_logger.setLevel(logging.DEBUG) + +- Configuring a handler for a specific Google module (for a client library called :code:`library_v1`): + +.. code-block:: python + + import logging + + from google.cloud.translate_v3 import translate + + base_logger = logging.getLogger("google.cloud.library_v1") + base_logger.addHandler(logging.StreamHandler()) + base_logger.setLevel(logging.DEBUG) + + +Logging details +~~~~~~~~~~~~~~~ + +#. Regardless of which of the mechanisms above you use to configure logging for this library, by default logging events are not propagated up to the root + logger from the `google`-level logger. If you need the events to be propagated to the root logger, you must explicitly set + :code:`logging.getLogger("google").propagate = True` in your code. +#. You can mix the different logging configurations above for different Google modules. For example, you may want use a code-based logging configuration for + one library, but decide you need to also set up environment-based logging configuration for another library. + + #. If you attempt to use both code-based and environment-based configuration for the same module, the environment-based configuration will be ineffectual + if the code -based configuration gets applied first. + +#. The Google-specific logging configurations (default handlers for environment-based configuration; not propagating logging events to the root logger) get + executed the first time *any* client library is instantiated in your application, and only if the affected loggers have not been previously configured. + (This is the reason for 2.i. above.) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_static/custom.css b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_static/custom.css new file mode 100644 index 000000000000..b0a295464b23 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_static/custom.css @@ -0,0 +1,20 @@ +div#python2-eol { + border-color: red; + border-width: medium; +} + +/* Ensure minimum width for 'Parameters' / 'Returns' column */ +dl.field-list > dt { + min-width: 100px +} + +/* Insert space between methods for readability */ +dl.method { + padding-top: 10px; + padding-bottom: 10px +} + +/* Insert empty space between classes */ +dl.class { + padding-bottom: 50px +} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_templates/layout.html b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_templates/layout.html new file mode 100644 index 000000000000..95e9c77fcfe1 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_templates/layout.html @@ -0,0 +1,50 @@ + +{% extends "!layout.html" %} +{%- block content %} +{%- if theme_fixed_sidebar|lower == 'true' %} +
+ {{ sidebar() }} + {%- block document %} +
+ {%- if render_sidebar %} +
+ {%- endif %} + + {%- block relbar_top %} + {%- if theme_show_relbar_top|tobool %} +
+   + {{- rellink_markup () }} +
+ {%- endif %} + {% endblock %} + +
+
+ As of January 1, 2020 this library no longer supports Python 2 on the latest released version. + Library versions released prior to that date will continue to be available. For more information please + visit Python 2 support on Google Cloud. +
+ {% block body %} {% endblock %} +
+ + {%- block relbar_bottom %} + {%- if theme_show_relbar_bottom|tobool %} +
+   + {{- rellink_markup () }} +
+ {%- endif %} + {% endblock %} + + {%- if render_sidebar %} +
+ {%- endif %} +
+ {%- endblock %} +
+
+{%- else %} +{{ super() }} +{%- endif %} +{%- endblock %} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/conf.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/conf.py new file mode 100644 index 000000000000..0e6041a4ac82 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/conf.py @@ -0,0 +1,385 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# google-cloud-privilegedaccessmanager documentation build configuration file +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys +import os +import shlex + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +sys.path.insert(0, os.path.abspath("..")) + +# For plugins that can not read conf.py. +# See also: https://github.com/docascode/sphinx-docfx-yaml/issues/85 +sys.path.insert(0, os.path.abspath(".")) + +__version__ = "" + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +needs_sphinx = "4.5.0" + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + "sphinx.ext.autodoc", + "sphinx.ext.autosummary", + "sphinx.ext.intersphinx", + "sphinx.ext.coverage", + "sphinx.ext.doctest", + "sphinx.ext.napoleon", + "sphinx.ext.todo", + "sphinx.ext.viewcode", + "recommonmark", +] + +# autodoc/autosummary flags +autoclass_content = "both" +autodoc_default_options = {"members": True} +autosummary_generate = True + + +# Add any paths that contain templates here, relative to this directory. +templates_path = ["_templates"] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = [".rst", ".md"] + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The root toctree document. +root_doc = "index" + +# General information about the project. +project = u"google-cloud-privilegedaccessmanager" +copyright = u"2025, Google, LLC" +author = u"Google APIs" + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The full version, including alpha/beta/rc tags. +release = __version__ +# The short X.Y version. +version = ".".join(release.split(".")[0:2]) + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [ + "_build", + "**/.nox/**/*", + "samples/AUTHORING_GUIDE.md", + "samples/CONTRIBUTING.md", + "samples/snippets/README.rst", +] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = "sphinx" + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = True + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = "alabaster" + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +html_theme_options = { + "description": "Google Cloud Client Libraries for google-cloud-privilegedaccessmanager", + "github_user": "googleapis", + "github_repo": "google-cloud-python", + "github_banner": True, + "font_family": "'Roboto', Georgia, sans", + "head_font_family": "'Roboto', Georgia, serif", + "code_font_family": "'Roboto Mono', 'Consolas', monospace", +} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ["_static"] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +# html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr' +# html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +# html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +# html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = "google-cloud-privilegedaccessmanager-doc" + +# -- Options for warnings ------------------------------------------------------ + + +suppress_warnings = [ + # Temporarily suppress this to avoid "more than one target found for + # cross-reference" warning, which are intractable for us to avoid while in + # a mono-repo. + # See https://github.com/sphinx-doc/sphinx/blob + # /2a65ffeef5c107c19084fabdd706cdff3f52d93c/sphinx/domains/python.py#L843 + "ref.python" +] + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + # Additional stuff for the LaTeX preamble. + # 'preamble': '', + # Latex figure (float) alignment + # 'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + ( + root_doc, + "google-cloud-privilegedaccessmanager.tex", + u"google-cloud-privilegedaccessmanager Documentation", + author, + "manual", + ) +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ( + root_doc, + "google-cloud-privilegedaccessmanager", + "google-cloud-privilegedaccessmanager Documentation", + [author], + 1, + ) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ( + root_doc, + "google-cloud-privilegedaccessmanager", + "google-cloud-privilegedaccessmanager Documentation", + author, + "google-cloud-privilegedaccessmanager", + "google-cloud-privilegedaccessmanager Library", + "APIs", + ) +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False + + +# Example configuration for intersphinx: refer to the Python standard library. +intersphinx_mapping = { + "python": ("https://python.readthedocs.org/en/latest/", None), + "google-auth": ("https://googleapis.dev/python/google-auth/latest/", None), + "google.api_core": ( + "https://googleapis.dev/python/google-api-core/latest/", + None, + ), + "grpc": ("https://grpc.github.io/grpc/python/", None), + "proto-plus": ("https://proto-plus-python.readthedocs.io/en/latest/", None), + "protobuf": ("https://googleapis.dev/python/protobuf/latest/", None), +} + + +# Napoleon settings +napoleon_google_docstring = True +napoleon_numpy_docstring = True +napoleon_include_private_with_doc = False +napoleon_include_special_with_doc = True +napoleon_use_admonition_for_examples = False +napoleon_use_admonition_for_notes = False +napoleon_use_admonition_for_references = False +napoleon_use_ivar = False +napoleon_use_param = True +napoleon_use_rtype = True diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/index.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/index.rst new file mode 100644 index 000000000000..fc20400a4b9b --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/index.rst @@ -0,0 +1,10 @@ +.. include:: multiprocessing.rst + + +API Reference +------------- +.. toctree:: + :maxdepth: 2 + + privilegedaccessmanager_v1/services_ + privilegedaccessmanager_v1/types_ diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/multiprocessing.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/multiprocessing.rst new file mode 100644 index 000000000000..536d17b2ea65 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/multiprocessing.rst @@ -0,0 +1,7 @@ +.. note:: + + Because this client uses :mod:`grpc` library, it is safe to + share instances across threads. In multiprocessing scenarios, the best + practice is to create client instances *after* the invocation of + :func:`os.fork` by :class:`multiprocessing.pool.Pool` or + :class:`multiprocessing.Process`. diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/privileged_access_manager.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/privileged_access_manager.rst new file mode 100644 index 000000000000..c4b9e31774b7 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/privileged_access_manager.rst @@ -0,0 +1,10 @@ +PrivilegedAccessManager +----------------------------------------- + +.. automodule:: google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager + :members: + :inherited-members: + +.. automodule:: google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers + :members: + :inherited-members: diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/services_.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/services_.rst new file mode 100644 index 000000000000..df1e04dc45f3 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/services_.rst @@ -0,0 +1,6 @@ +Services for Google Cloud Privilegedaccessmanager v1 API +======================================================== +.. toctree:: + :maxdepth: 2 + + privileged_access_manager diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/types_.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/types_.rst new file mode 100644 index 000000000000..4c609f05f1d8 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/types_.rst @@ -0,0 +1,6 @@ +Types for Google Cloud Privilegedaccessmanager v1 API +===================================================== + +.. automodule:: google.cloud.privilegedaccessmanager_v1.types + :members: + :show-inheritance: diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/__init__.py new file mode 100644 index 000000000000..34bdc03a2a64 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/__init__.py @@ -0,0 +1,81 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from google.cloud.privilegedaccessmanager import gapic_version as package_version + +__version__ = package_version.__version__ + + +from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.client import PrivilegedAccessManagerClient +from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.async_client import PrivilegedAccessManagerAsyncClient + +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import AccessControlEntry +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ApprovalWorkflow +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ApproveGrantRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import CheckOnboardingStatusRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import CheckOnboardingStatusResponse +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import CreateEntitlementRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import CreateGrantRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import DeleteEntitlementRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import DenyGrantRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import Entitlement +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import GetEntitlementRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import GetGrantRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import Grant +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import Justification +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ListEntitlementsRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ListEntitlementsResponse +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ListGrantsRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ListGrantsResponse +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ManualApprovals +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import OperationMetadata +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import PrivilegedAccess +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import RevokeGrantRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import SearchEntitlementsRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import SearchEntitlementsResponse +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import SearchGrantsRequest +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import SearchGrantsResponse +from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import UpdateEntitlementRequest + +__all__ = ('PrivilegedAccessManagerClient', + 'PrivilegedAccessManagerAsyncClient', + 'AccessControlEntry', + 'ApprovalWorkflow', + 'ApproveGrantRequest', + 'CheckOnboardingStatusRequest', + 'CheckOnboardingStatusResponse', + 'CreateEntitlementRequest', + 'CreateGrantRequest', + 'DeleteEntitlementRequest', + 'DenyGrantRequest', + 'Entitlement', + 'GetEntitlementRequest', + 'GetGrantRequest', + 'Grant', + 'Justification', + 'ListEntitlementsRequest', + 'ListEntitlementsResponse', + 'ListGrantsRequest', + 'ListGrantsResponse', + 'ManualApprovals', + 'OperationMetadata', + 'PrivilegedAccess', + 'RevokeGrantRequest', + 'SearchEntitlementsRequest', + 'SearchEntitlementsResponse', + 'SearchGrantsRequest', + 'SearchGrantsResponse', + 'UpdateEntitlementRequest', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/gapic_version.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/gapic_version.py new file mode 100644 index 000000000000..20a9cd975b02 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/gapic_version.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +__version__ = "0.0.0" # {x-release-please-version} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/py.typed b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/py.typed new file mode 100644 index 000000000000..835028116f75 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/py.typed @@ -0,0 +1,2 @@ +# Marker file for PEP 561. +# The google-cloud-privilegedaccessmanager package uses inline types. diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/__init__.py new file mode 100644 index 000000000000..f6fe77c6fee7 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/__init__.py @@ -0,0 +1,82 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from google.cloud.privilegedaccessmanager_v1 import gapic_version as package_version + +__version__ = package_version.__version__ + + +from .services.privileged_access_manager import PrivilegedAccessManagerClient +from .services.privileged_access_manager import PrivilegedAccessManagerAsyncClient + +from .types.privilegedaccessmanager import AccessControlEntry +from .types.privilegedaccessmanager import ApprovalWorkflow +from .types.privilegedaccessmanager import ApproveGrantRequest +from .types.privilegedaccessmanager import CheckOnboardingStatusRequest +from .types.privilegedaccessmanager import CheckOnboardingStatusResponse +from .types.privilegedaccessmanager import CreateEntitlementRequest +from .types.privilegedaccessmanager import CreateGrantRequest +from .types.privilegedaccessmanager import DeleteEntitlementRequest +from .types.privilegedaccessmanager import DenyGrantRequest +from .types.privilegedaccessmanager import Entitlement +from .types.privilegedaccessmanager import GetEntitlementRequest +from .types.privilegedaccessmanager import GetGrantRequest +from .types.privilegedaccessmanager import Grant +from .types.privilegedaccessmanager import Justification +from .types.privilegedaccessmanager import ListEntitlementsRequest +from .types.privilegedaccessmanager import ListEntitlementsResponse +from .types.privilegedaccessmanager import ListGrantsRequest +from .types.privilegedaccessmanager import ListGrantsResponse +from .types.privilegedaccessmanager import ManualApprovals +from .types.privilegedaccessmanager import OperationMetadata +from .types.privilegedaccessmanager import PrivilegedAccess +from .types.privilegedaccessmanager import RevokeGrantRequest +from .types.privilegedaccessmanager import SearchEntitlementsRequest +from .types.privilegedaccessmanager import SearchEntitlementsResponse +from .types.privilegedaccessmanager import SearchGrantsRequest +from .types.privilegedaccessmanager import SearchGrantsResponse +from .types.privilegedaccessmanager import UpdateEntitlementRequest + +__all__ = ( + 'PrivilegedAccessManagerAsyncClient', +'AccessControlEntry', +'ApprovalWorkflow', +'ApproveGrantRequest', +'CheckOnboardingStatusRequest', +'CheckOnboardingStatusResponse', +'CreateEntitlementRequest', +'CreateGrantRequest', +'DeleteEntitlementRequest', +'DenyGrantRequest', +'Entitlement', +'GetEntitlementRequest', +'GetGrantRequest', +'Grant', +'Justification', +'ListEntitlementsRequest', +'ListEntitlementsResponse', +'ListGrantsRequest', +'ListGrantsResponse', +'ManualApprovals', +'OperationMetadata', +'PrivilegedAccess', +'PrivilegedAccessManagerClient', +'RevokeGrantRequest', +'SearchEntitlementsRequest', +'SearchEntitlementsResponse', +'SearchGrantsRequest', +'SearchGrantsResponse', +'UpdateEntitlementRequest', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_metadata.json b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_metadata.json new file mode 100644 index 000000000000..0a486b55a4ef --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_metadata.json @@ -0,0 +1,238 @@ + { + "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", + "language": "python", + "libraryPackage": "google.cloud.privilegedaccessmanager_v1", + "protoPackage": "google.cloud.privilegedaccessmanager.v1", + "schema": "1.0", + "services": { + "PrivilegedAccessManager": { + "clients": { + "grpc": { + "libraryClient": "PrivilegedAccessManagerClient", + "rpcs": { + "ApproveGrant": { + "methods": [ + "approve_grant" + ] + }, + "CheckOnboardingStatus": { + "methods": [ + "check_onboarding_status" + ] + }, + "CreateEntitlement": { + "methods": [ + "create_entitlement" + ] + }, + "CreateGrant": { + "methods": [ + "create_grant" + ] + }, + "DeleteEntitlement": { + "methods": [ + "delete_entitlement" + ] + }, + "DenyGrant": { + "methods": [ + "deny_grant" + ] + }, + "GetEntitlement": { + "methods": [ + "get_entitlement" + ] + }, + "GetGrant": { + "methods": [ + "get_grant" + ] + }, + "ListEntitlements": { + "methods": [ + "list_entitlements" + ] + }, + "ListGrants": { + "methods": [ + "list_grants" + ] + }, + "RevokeGrant": { + "methods": [ + "revoke_grant" + ] + }, + "SearchEntitlements": { + "methods": [ + "search_entitlements" + ] + }, + "SearchGrants": { + "methods": [ + "search_grants" + ] + }, + "UpdateEntitlement": { + "methods": [ + "update_entitlement" + ] + } + } + }, + "grpc-async": { + "libraryClient": "PrivilegedAccessManagerAsyncClient", + "rpcs": { + "ApproveGrant": { + "methods": [ + "approve_grant" + ] + }, + "CheckOnboardingStatus": { + "methods": [ + "check_onboarding_status" + ] + }, + "CreateEntitlement": { + "methods": [ + "create_entitlement" + ] + }, + "CreateGrant": { + "methods": [ + "create_grant" + ] + }, + "DeleteEntitlement": { + "methods": [ + "delete_entitlement" + ] + }, + "DenyGrant": { + "methods": [ + "deny_grant" + ] + }, + "GetEntitlement": { + "methods": [ + "get_entitlement" + ] + }, + "GetGrant": { + "methods": [ + "get_grant" + ] + }, + "ListEntitlements": { + "methods": [ + "list_entitlements" + ] + }, + "ListGrants": { + "methods": [ + "list_grants" + ] + }, + "RevokeGrant": { + "methods": [ + "revoke_grant" + ] + }, + "SearchEntitlements": { + "methods": [ + "search_entitlements" + ] + }, + "SearchGrants": { + "methods": [ + "search_grants" + ] + }, + "UpdateEntitlement": { + "methods": [ + "update_entitlement" + ] + } + } + }, + "rest": { + "libraryClient": "PrivilegedAccessManagerClient", + "rpcs": { + "ApproveGrant": { + "methods": [ + "approve_grant" + ] + }, + "CheckOnboardingStatus": { + "methods": [ + "check_onboarding_status" + ] + }, + "CreateEntitlement": { + "methods": [ + "create_entitlement" + ] + }, + "CreateGrant": { + "methods": [ + "create_grant" + ] + }, + "DeleteEntitlement": { + "methods": [ + "delete_entitlement" + ] + }, + "DenyGrant": { + "methods": [ + "deny_grant" + ] + }, + "GetEntitlement": { + "methods": [ + "get_entitlement" + ] + }, + "GetGrant": { + "methods": [ + "get_grant" + ] + }, + "ListEntitlements": { + "methods": [ + "list_entitlements" + ] + }, + "ListGrants": { + "methods": [ + "list_grants" + ] + }, + "RevokeGrant": { + "methods": [ + "revoke_grant" + ] + }, + "SearchEntitlements": { + "methods": [ + "search_entitlements" + ] + }, + "SearchGrants": { + "methods": [ + "search_grants" + ] + }, + "UpdateEntitlement": { + "methods": [ + "update_entitlement" + ] + } + } + } + } + } + } +} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_version.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_version.py new file mode 100644 index 000000000000..20a9cd975b02 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_version.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +__version__ = "0.0.0" # {x-release-please-version} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/py.typed b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/py.typed new file mode 100644 index 000000000000..835028116f75 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/py.typed @@ -0,0 +1,2 @@ +# Marker file for PEP 561. +# The google-cloud-privilegedaccessmanager package uses inline types. diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/__init__.py new file mode 100644 index 000000000000..cbf94b283c70 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/__init__.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/__init__.py new file mode 100644 index 000000000000..5b4aaccfc804 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/__init__.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .client import PrivilegedAccessManagerClient +from .async_client import PrivilegedAccessManagerAsyncClient + +__all__ = ( + 'PrivilegedAccessManagerClient', + 'PrivilegedAccessManagerAsyncClient', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py new file mode 100644 index 000000000000..14fcbde8b0b5 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py @@ -0,0 +1,2115 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import logging as std_logging +from collections import OrderedDict +import re +from typing import Dict, Callable, Mapping, MutableMapping, MutableSequence, Optional, Sequence, Tuple, Type, Union +import uuid + +from google.cloud.privilegedaccessmanager_v1 import gapic_version as package_version + +from google.api_core.client_options import ClientOptions +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import retry_async as retries +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore +import google.protobuf + + +try: + OptionalRetry = Union[retries.AsyncRetry, gapic_v1.method._MethodDefault, None] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.AsyncRetry, object, None] # type: ignore + +from google.api_core import operation # type: ignore +from google.api_core import operation_async # type: ignore +from google.cloud.location import locations_pb2 # type: ignore +from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import pagers +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager +from google.longrunning import operations_pb2 # type: ignore +from google.protobuf import duration_pb2 # type: ignore +from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import timestamp_pb2 # type: ignore +from .transports.base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO +from .transports.grpc_asyncio import PrivilegedAccessManagerGrpcAsyncIOTransport +from .client import PrivilegedAccessManagerClient + +try: + from google.api_core import client_logging # type: ignore + CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER +except ImportError: # pragma: NO COVER + CLIENT_LOGGING_SUPPORTED = False + +_LOGGER = std_logging.getLogger(__name__) + +class PrivilegedAccessManagerAsyncClient: + """This API allows customers to manage temporary, request based + privileged access to their resources. + + It defines the following resource model: + + - A collection of ``Entitlement`` resources. An entitlement allows + configuring (among other things): + + - Some kind of privileged access that users can request. + - A set of users called *requesters* who can request this + access. + - A maximum duration for which the access can be requested. + - An optional approval workflow which must be satisfied before + access is granted. + + - A collection of ``Grant`` resources. A grant is a request by a + requester to get the privileged access specified in an + entitlement for some duration. + + After the approval workflow as specified in the entitlement is + satisfied, the specified access is given to the requester. The + access is automatically taken back after the requested duration + is over. + """ + + _client: PrivilegedAccessManagerClient + + # Copy defaults from the synchronous client for use here. + # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead. + DEFAULT_ENDPOINT = PrivilegedAccessManagerClient.DEFAULT_ENDPOINT + DEFAULT_MTLS_ENDPOINT = PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT + _DEFAULT_ENDPOINT_TEMPLATE = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE + _DEFAULT_UNIVERSE = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE + + entitlement_path = staticmethod(PrivilegedAccessManagerClient.entitlement_path) + parse_entitlement_path = staticmethod(PrivilegedAccessManagerClient.parse_entitlement_path) + grant_path = staticmethod(PrivilegedAccessManagerClient.grant_path) + parse_grant_path = staticmethod(PrivilegedAccessManagerClient.parse_grant_path) + common_billing_account_path = staticmethod(PrivilegedAccessManagerClient.common_billing_account_path) + parse_common_billing_account_path = staticmethod(PrivilegedAccessManagerClient.parse_common_billing_account_path) + common_folder_path = staticmethod(PrivilegedAccessManagerClient.common_folder_path) + parse_common_folder_path = staticmethod(PrivilegedAccessManagerClient.parse_common_folder_path) + common_organization_path = staticmethod(PrivilegedAccessManagerClient.common_organization_path) + parse_common_organization_path = staticmethod(PrivilegedAccessManagerClient.parse_common_organization_path) + common_project_path = staticmethod(PrivilegedAccessManagerClient.common_project_path) + parse_common_project_path = staticmethod(PrivilegedAccessManagerClient.parse_common_project_path) + common_location_path = staticmethod(PrivilegedAccessManagerClient.common_location_path) + parse_common_location_path = staticmethod(PrivilegedAccessManagerClient.parse_common_location_path) + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + PrivilegedAccessManagerAsyncClient: The constructed client. + """ + return PrivilegedAccessManagerClient.from_service_account_info.__func__(PrivilegedAccessManagerAsyncClient, info, *args, **kwargs) # type: ignore + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + PrivilegedAccessManagerAsyncClient: The constructed client. + """ + return PrivilegedAccessManagerClient.from_service_account_file.__func__(PrivilegedAccessManagerAsyncClient, filename, *args, **kwargs) # type: ignore + + from_service_account_json = from_service_account_file + + @classmethod + def get_mtls_endpoint_and_cert_source(cls, client_options: Optional[ClientOptions] = None): + """Return the API endpoint and client cert source for mutual TLS. + + The client cert source is determined in the following order: + (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the + client cert source is None. + (2) if `client_options.client_cert_source` is provided, use the provided one; if the + default client cert source exists, use the default one; otherwise the client cert + source is None. + + The API endpoint is determined in the following order: + (1) if `client_options.api_endpoint` if provided, use the provided one. + (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the + default mTLS endpoint; if the environment variable is "never", use the default API + endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise + use the default API endpoint. + + More details can be found at https://google.aip.dev/auth/4114. + + Args: + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. Only the `api_endpoint` and `client_cert_source` properties may be used + in this method. + + Returns: + Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the + client cert source to use. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If any errors happen. + """ + return PrivilegedAccessManagerClient.get_mtls_endpoint_and_cert_source(client_options) # type: ignore + + @property + def transport(self) -> PrivilegedAccessManagerTransport: + """Returns the transport used by the client instance. + + Returns: + PrivilegedAccessManagerTransport: The transport used by the client instance. + """ + return self._client.transport + + @property + def api_endpoint(self): + """Return the API endpoint used by the client instance. + + Returns: + str: The API endpoint used by the client instance. + """ + return self._client._api_endpoint + + @property + def universe_domain(self) -> str: + """Return the universe domain used by the client instance. + + Returns: + str: The universe domain used + by the client instance. + """ + return self._client._universe_domain + + get_transport_class = PrivilegedAccessManagerClient.get_transport_class + + def __init__(self, *, + credentials: Optional[ga_credentials.Credentials] = None, + transport: Optional[Union[str, PrivilegedAccessManagerTransport, Callable[..., PrivilegedAccessManagerTransport]]] = "grpc_asyncio", + client_options: Optional[ClientOptions] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the privileged access manager async client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Optional[Union[str,PrivilegedAccessManagerTransport,Callable[..., PrivilegedAccessManagerTransport]]]): + The transport to use, or a Callable that constructs and returns a new transport to use. + If a Callable is given, it will be called with the same set of initialization + arguments as used in the PrivilegedAccessManagerTransport constructor. + If set to None, a transport is chosen automatically. + client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]): + Custom options for the client. + + 1. The ``api_endpoint`` property can be used to override the + default endpoint provided by the client when ``transport`` is + not explicitly provided. Only if this property is not set and + ``transport`` was not explicitly provided, the endpoint is + determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment + variable, which have one of the following values: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto-switch to the + default mTLS endpoint if client certificate is present; this is + the default value). + + 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide a client certificate for mTLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + + 3. The ``universe_domain`` property can be used to override the + default "googleapis.com" universe. Note that ``api_endpoint`` + property still takes precedence; and ``universe_domain`` is + currently not supported for mTLS. + + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + """ + self._client = PrivilegedAccessManagerClient( + credentials=credentials, + transport=transport, + client_options=client_options, + client_info=client_info, + + ) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(std_logging.DEBUG): # pragma: NO COVER + _LOGGER.debug( + "Created client `google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient`.", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "universeDomain": getattr(self._client._transport._credentials, "universe_domain", ""), + "credentialsType": f"{type(self._client._transport._credentials).__module__}.{type(self._client._transport._credentials).__qualname__}", + "credentialsInfo": getattr(self.transport._credentials, "get_cred_info", lambda: None)(), + } if hasattr(self._client._transport, "_credentials") else { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "credentialsType": None, + } + ) + + async def check_onboarding_status(self, + request: Optional[Union[privilegedaccessmanager.CheckOnboardingStatusRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.CheckOnboardingStatusResponse: + r"""``CheckOnboardingStatus`` reports the onboarding status for a + project/folder/organization. Any findings reported by this API + need to be fixed before PAM can be used on the resource. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_check_onboarding_status(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CheckOnboardingStatusRequest( + parent="parent_value", + ) + + # Make the request + response = await client.check_onboarding_status(request=request) + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusRequest, dict]]): + The request object. Request message for ``CheckOnboardingStatus`` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse: + Response message for CheckOnboardingStatus method. + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.CheckOnboardingStatusRequest): + request = privilegedaccessmanager.CheckOnboardingStatusRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.check_onboarding_status] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def list_entitlements(self, + request: Optional[Union[privilegedaccessmanager.ListEntitlementsRequest, dict]] = None, + *, + parent: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> pagers.ListEntitlementsAsyncPager: + r"""Lists entitlements in a given + project/folder/organization and location. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_list_entitlements(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ListEntitlementsRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_entitlements(request=request) + + # Handle the response + async for response in page_result: + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest, dict]]): + The request object. Message for requesting list of + entitlements. + parent (:class:`str`): + Required. The parent which owns the + entitlement resources. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListEntitlementsAsyncPager: + Message for response to listing + entitlements. + Iterating over this object will yield + results and resolve additional pages + automatically. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [parent] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError("If the `request` argument is set, then none of " + "the individual field arguments should be set.") + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.ListEntitlementsRequest): + request = privilegedaccessmanager.ListEntitlementsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.list_entitlements] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListEntitlementsAsyncPager( + method=rpc, + request=request, + response=response, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def search_entitlements(self, + request: Optional[Union[privilegedaccessmanager.SearchEntitlementsRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> pagers.SearchEntitlementsAsyncPager: + r"""``SearchEntitlements`` returns entitlements on which the caller + has the specified access. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_search_entitlements(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.SearchEntitlementsRequest( + parent="parent_value", + caller_access_type="GRANT_APPROVER", + ) + + # Make the request + page_result = client.search_entitlements(request=request) + + # Handle the response + async for response in page_result: + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest, dict]]): + The request object. Request message for ``SearchEntitlements`` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchEntitlementsAsyncPager: + Response message for SearchEntitlements method. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.SearchEntitlementsRequest): + request = privilegedaccessmanager.SearchEntitlementsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.search_entitlements] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.SearchEntitlementsAsyncPager( + method=rpc, + request=request, + response=response, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_entitlement(self, + request: Optional[Union[privilegedaccessmanager.GetEntitlementRequest, dict]] = None, + *, + name: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Entitlement: + r"""Gets details of a single entitlement. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_get_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.GetEntitlementRequest( + name="name_value", + ) + + # Make the request + response = await client.get_entitlement(request=request) + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.GetEntitlementRequest, dict]]): + The request object. Message for getting an entitlement. + name (:class:`str`): + Required. Name of the resource. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Entitlement: + An entitlement defines the + eligibility of a set of users to obtain + predefined access for some time possibly + after going through an approval + workflow. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [name] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError("If the `request` argument is set, then none of " + "the individual field arguments should be set.") + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.GetEntitlementRequest): + request = privilegedaccessmanager.GetEntitlementRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.get_entitlement] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def create_entitlement(self, + request: Optional[Union[privilegedaccessmanager.CreateEntitlementRequest, dict]] = None, + *, + parent: Optional[str] = None, + entitlement: Optional[privilegedaccessmanager.Entitlement] = None, + entitlement_id: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operation_async.AsyncOperation: + r"""Creates a new entitlement in a given + project/folder/organization and location. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_create_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CreateEntitlementRequest( + parent="parent_value", + entitlement_id="entitlement_id_value", + ) + + # Make the request + operation = client.create_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = (await operation).result() + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.CreateEntitlementRequest, dict]]): + The request object. Message for creating an entitlement. + parent (:class:`str`): + Required. Name of the parent resource for the + entitlement. Possible formats: + + - ``organizations/{organization-number}/locations/{region}`` + - ``folders/{folder-number}/locations/{region}`` + - ``projects/{project-id|project-number}/locations/{region}`` + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + entitlement (:class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement`): + Required. The resource being created + This corresponds to the ``entitlement`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + entitlement_id (:class:`str`): + Required. The ID to use for this entitlement. This + becomes the last part of the resource name. + + This value should be 4-63 characters in length, and + valid characters are "[a-z]", "[0-9]", and "-". The + first character should be from [a-z]. + + This value should be unique among all other entitlements + under the specified ``parent``. + + This corresponds to the ``entitlement_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.api_core.operation_async.AsyncOperation: + An object representing a long-running operation. + + The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain + predefined access for some time possibly after going + through an approval workflow. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [parent, entitlement, entitlement_id] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError("If the `request` argument is set, then none of " + "the individual field arguments should be set.") + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.CreateEntitlementRequest): + request = privilegedaccessmanager.CreateEntitlementRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + if entitlement is not None: + request.entitlement = entitlement + if entitlement_id is not None: + request.entitlement_id = entitlement_id + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.create_entitlement] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation_async.from_gapic( + response, + self._client._transport.operations_client, + privilegedaccessmanager.Entitlement, + metadata_type=privilegedaccessmanager.OperationMetadata, + ) + + # Done; return the response. + return response + + async def delete_entitlement(self, + request: Optional[Union[privilegedaccessmanager.DeleteEntitlementRequest, dict]] = None, + *, + name: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operation_async.AsyncOperation: + r"""Deletes a single entitlement. This method can only be called + when there are no in-progress + (``ACTIVE``/``ACTIVATING``/``REVOKING``) grants under the + entitlement. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_delete_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.DeleteEntitlementRequest( + name="name_value", + ) + + # Make the request + operation = client.delete_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = (await operation).result() + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.DeleteEntitlementRequest, dict]]): + The request object. Message for deleting an entitlement. + name (:class:`str`): + Required. Name of the resource. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.api_core.operation_async.AsyncOperation: + An object representing a long-running operation. + + The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain + predefined access for some time possibly after going + through an approval workflow. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [name] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError("If the `request` argument is set, then none of " + "the individual field arguments should be set.") + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.DeleteEntitlementRequest): + request = privilegedaccessmanager.DeleteEntitlementRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.delete_entitlement] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation_async.from_gapic( + response, + self._client._transport.operations_client, + privilegedaccessmanager.Entitlement, + metadata_type=privilegedaccessmanager.OperationMetadata, + ) + + # Done; return the response. + return response + + async def update_entitlement(self, + request: Optional[Union[privilegedaccessmanager.UpdateEntitlementRequest, dict]] = None, + *, + entitlement: Optional[privilegedaccessmanager.Entitlement] = None, + update_mask: Optional[field_mask_pb2.FieldMask] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operation_async.AsyncOperation: + r"""Updates the entitlement specified in the request. Updated fields + in the entitlement need to be specified in an update mask. The + changes made to an entitlement are applicable only on future + grants of the entitlement. However, if new approvers are added + or existing approvers are removed from the approval workflow, + the changes are effective on existing grants. + + The following fields are not supported for updates: + + - All immutable fields + - Entitlement name + - Resource name + - Resource type + - Adding an approval workflow in an entitlement which + previously had no approval workflow. + - Deleting the approval workflow from an entitlement. + - Adding or deleting a step in the approval workflow (only one + step is supported) + + Note that updates are allowed on the list of approvers in an + approval workflow step. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_update_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.UpdateEntitlementRequest( + ) + + # Make the request + operation = client.update_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = (await operation).result() + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.UpdateEntitlementRequest, dict]]): + The request object. Message for updating an entitlement. + entitlement (:class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement`): + Required. The entitlement resource + that is updated. + + This corresponds to the ``entitlement`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): + Required. The list of fields to update. A field is + overwritten if, and only if, it is in the mask. Any + immutable fields set in the mask are ignored by the + server. Repeated fields and map fields are only allowed + in the last position of a ``paths`` string and overwrite + the existing values. Hence an update to a repeated field + or a map should contain the entire list of values. The + fields specified in the update_mask are relative to the + resource and not to the request. (e.g. + ``MaxRequestDuration``; *not* + ``entitlement.MaxRequestDuration``) A value of '*' for + this field refers to full replacement of the resource. + + This corresponds to the ``update_mask`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.api_core.operation_async.AsyncOperation: + An object representing a long-running operation. + + The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain + predefined access for some time possibly after going + through an approval workflow. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [entitlement, update_mask] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError("If the `request` argument is set, then none of " + "the individual field arguments should be set.") + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.UpdateEntitlementRequest): + request = privilegedaccessmanager.UpdateEntitlementRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if entitlement is not None: + request.entitlement = entitlement + if update_mask is not None: + request.update_mask = update_mask + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.update_entitlement] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("entitlement.name", request.entitlement.name), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation_async.from_gapic( + response, + self._client._transport.operations_client, + privilegedaccessmanager.Entitlement, + metadata_type=privilegedaccessmanager.OperationMetadata, + ) + + # Done; return the response. + return response + + async def list_grants(self, + request: Optional[Union[privilegedaccessmanager.ListGrantsRequest, dict]] = None, + *, + parent: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> pagers.ListGrantsAsyncPager: + r"""Lists grants for a given entitlement. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_list_grants(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ListGrantsRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_grants(request=request) + + # Handle the response + async for response in page_result: + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest, dict]]): + The request object. Message for requesting list of + grants. + parent (:class:`str`): + Required. The parent resource which + owns the grants. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListGrantsAsyncPager: + Message for response to listing + grants. + Iterating over this object will yield + results and resolve additional pages + automatically. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [parent] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError("If the `request` argument is set, then none of " + "the individual field arguments should be set.") + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.ListGrantsRequest): + request = privilegedaccessmanager.ListGrantsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.list_grants] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListGrantsAsyncPager( + method=rpc, + request=request, + response=response, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def search_grants(self, + request: Optional[Union[privilegedaccessmanager.SearchGrantsRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> pagers.SearchGrantsAsyncPager: + r"""``SearchGrants`` returns grants that are related to the calling + user in the specified way. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_search_grants(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.SearchGrantsRequest( + parent="parent_value", + caller_relationship="HAD_APPROVED", + ) + + # Make the request + page_result = client.search_grants(request=request) + + # Handle the response + async for response in page_result: + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest, dict]]): + The request object. Request message for ``SearchGrants`` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchGrantsAsyncPager: + Response message for SearchGrants method. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.SearchGrantsRequest): + request = privilegedaccessmanager.SearchGrantsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.search_grants] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.SearchGrantsAsyncPager( + method=rpc, + request=request, + response=response, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_grant(self, + request: Optional[Union[privilegedaccessmanager.GetGrantRequest, dict]] = None, + *, + name: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Grant: + r"""Get details of a single grant. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_get_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.GetGrantRequest( + name="name_value", + ) + + # Make the request + response = await client.get_grant(request=request) + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.GetGrantRequest, dict]]): + The request object. Message for getting a grant. + name (:class:`str`): + Required. Name of the resource. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [name] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError("If the `request` argument is set, then none of " + "the individual field arguments should be set.") + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.GetGrantRequest): + request = privilegedaccessmanager.GetGrantRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.get_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def create_grant(self, + request: Optional[Union[privilegedaccessmanager.CreateGrantRequest, dict]] = None, + *, + parent: Optional[str] = None, + grant: Optional[privilegedaccessmanager.Grant] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Grant: + r"""Creates a new grant in a given + project/folder/organization and location. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_create_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CreateGrantRequest( + parent="parent_value", + ) + + # Make the request + response = await client.create_grant(request=request) + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.CreateGrantRequest, dict]]): + The request object. Message for creating a grant + parent (:class:`str`): + Required. Name of the parent + entitlement for which this grant is + being requested. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + grant (:class:`google.cloud.privilegedaccessmanager_v1.types.Grant`): + Required. The resource being created. + This corresponds to the ``grant`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [parent, grant] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError("If the `request` argument is set, then none of " + "the individual field arguments should be set.") + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.CreateGrantRequest): + request = privilegedaccessmanager.CreateGrantRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + if grant is not None: + request.grant = grant + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.create_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def approve_grant(self, + request: Optional[Union[privilegedaccessmanager.ApproveGrantRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Grant: + r"""``ApproveGrant`` is used to approve a grant. This method can + only be called on a grant when it's in the ``APPROVAL_AWAITED`` + state. This operation can't be undone. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_approve_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ApproveGrantRequest( + name="name_value", + ) + + # Make the request + response = await client.approve_grant(request=request) + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.ApproveGrantRequest, dict]]): + The request object. Request message for ``ApproveGrant`` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.ApproveGrantRequest): + request = privilegedaccessmanager.ApproveGrantRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.approve_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def deny_grant(self, + request: Optional[Union[privilegedaccessmanager.DenyGrantRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Grant: + r"""``DenyGrant`` is used to deny a grant. This method can only be + called on a grant when it's in the ``APPROVAL_AWAITED`` state. + This operation can't be undone. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_deny_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.DenyGrantRequest( + name="name_value", + ) + + # Make the request + response = await client.deny_grant(request=request) + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.DenyGrantRequest, dict]]): + The request object. Request message for ``DenyGrant`` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.DenyGrantRequest): + request = privilegedaccessmanager.DenyGrantRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.deny_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def revoke_grant(self, + request: Optional[Union[privilegedaccessmanager.RevokeGrantRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operation_async.AsyncOperation: + r"""``RevokeGrant`` is used to immediately revoke access for a + grant. This method can be called when the grant is in a + non-terminal state. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + async def sample_revoke_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.RevokeGrantRequest( + name="name_value", + ) + + # Make the request + operation = client.revoke_grant(request=request) + + print("Waiting for operation to complete...") + + response = (await operation).result() + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.RevokeGrantRequest, dict]]): + The request object. Request message for ``RevokeGrant`` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.api_core.operation_async.AsyncOperation: + An object representing a long-running operation. + + The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Grant` A grant represents a request from a user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.RevokeGrantRequest): + request = privilegedaccessmanager.RevokeGrantRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._client._transport._wrapped_methods[self._client._transport.revoke_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation_async.from_gapic( + response, + self._client._transport.operations_client, + privilegedaccessmanager.Grant, + metadata_type=privilegedaccessmanager.OperationMetadata, + ) + + # Done; return the response. + return response + + async def list_operations( + self, + request: Optional[operations_pb2.ListOperationsRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operations_pb2.ListOperationsResponse: + r"""Lists operations that match the specified filter in the request. + + Args: + request (:class:`~.operations_pb2.ListOperationsRequest`): + The request object. Request message for + `ListOperations` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + ~.operations_pb2.ListOperationsResponse: + Response message for ``ListOperations`` method. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.ListOperationsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self.transport._wrapped_methods[self._client._transport.list_operations] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def get_operation( + self, + request: Optional[operations_pb2.GetOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operations_pb2.Operation: + r"""Gets the latest state of a long-running operation. + + Args: + request (:class:`~.operations_pb2.GetOperationRequest`): + The request object. Request message for + `GetOperation` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + ~.operations_pb2.Operation: + An ``Operation`` object. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.GetOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self.transport._wrapped_methods[self._client._transport.get_operation] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def delete_operation( + self, + request: Optional[operations_pb2.DeleteOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> None: + r"""Deletes a long-running operation. + + This method indicates that the client is no longer interested + in the operation result. It does not cancel the operation. + If the server doesn't support this method, it returns + `google.rpc.Code.UNIMPLEMENTED`. + + Args: + request (:class:`~.operations_pb2.DeleteOperationRequest`): + The request object. Request message for + `DeleteOperation` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + None + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.DeleteOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self.transport._wrapped_methods[self._client._transport.delete_operation] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + async def get_location( + self, + request: Optional[locations_pb2.GetLocationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> locations_pb2.Location: + r"""Gets information about a location. + + Args: + request (:class:`~.location_pb2.GetLocationRequest`): + The request object. Request message for + `GetLocation` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + ~.location_pb2.Location: + Location object. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = locations_pb2.GetLocationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self.transport._wrapped_methods[self._client._transport.get_location] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def list_locations( + self, + request: Optional[locations_pb2.ListLocationsRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> locations_pb2.ListLocationsResponse: + r"""Lists information about the supported locations for this service. + + Args: + request (:class:`~.location_pb2.ListLocationsRequest`): + The request object. Request message for + `ListLocations` method. + retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + ~.location_pb2.ListLocationsResponse: + Response message for ``ListLocations`` method. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = locations_pb2.ListLocationsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self.transport._wrapped_methods[self._client._transport.list_locations] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._client._validate_universe_domain() + + # Send the request. + response = await rpc( + request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def __aenter__(self) -> "PrivilegedAccessManagerAsyncClient": + return self + + async def __aexit__(self, exc_type, exc, tb): + await self.transport.close() + +DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(gapic_version=package_version.__version__) + +if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER + DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__ + + +__all__ = ( + "PrivilegedAccessManagerAsyncClient", +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py new file mode 100644 index 000000000000..707e549d0437 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py @@ -0,0 +1,2488 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from http import HTTPStatus +import json +import logging as std_logging +import os +import re +from typing import Dict, Callable, Mapping, MutableMapping, MutableSequence, Optional, Sequence, Tuple, Type, Union, cast +import uuid +import warnings + +from google.cloud.privilegedaccessmanager_v1 import gapic_version as package_version + +from google.api_core import client_options as client_options_lib +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import retry as retries +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport import mtls # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.auth.exceptions import MutualTLSChannelError # type: ignore +from google.oauth2 import service_account # type: ignore +import google.protobuf + +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object, None] # type: ignore + +try: + from google.api_core import client_logging # type: ignore + CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER +except ImportError: # pragma: NO COVER + CLIENT_LOGGING_SUPPORTED = False + +_LOGGER = std_logging.getLogger(__name__) + +from google.api_core import operation # type: ignore +from google.api_core import operation_async # type: ignore +from google.cloud.location import locations_pb2 # type: ignore +from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import pagers +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager +from google.longrunning import operations_pb2 # type: ignore +from google.protobuf import duration_pb2 # type: ignore +from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import timestamp_pb2 # type: ignore +from .transports.base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO +from .transports.grpc import PrivilegedAccessManagerGrpcTransport +from .transports.grpc_asyncio import PrivilegedAccessManagerGrpcAsyncIOTransport +from .transports.rest import PrivilegedAccessManagerRestTransport + + +class PrivilegedAccessManagerClientMeta(type): + """Metaclass for the PrivilegedAccessManager client. + + This provides class-level methods for building and retrieving + support objects (e.g. transport) without polluting the client instance + objects. + """ + _transport_registry = OrderedDict() # type: Dict[str, Type[PrivilegedAccessManagerTransport]] + _transport_registry["grpc"] = PrivilegedAccessManagerGrpcTransport + _transport_registry["grpc_asyncio"] = PrivilegedAccessManagerGrpcAsyncIOTransport + _transport_registry["rest"] = PrivilegedAccessManagerRestTransport + + def get_transport_class(cls, + label: Optional[str] = None, + ) -> Type[PrivilegedAccessManagerTransport]: + """Returns an appropriate transport class. + + Args: + label: The name of the desired transport. If none is + provided, then the first transport in the registry is used. + + Returns: + The transport class to use. + """ + # If a specific transport is requested, return that one. + if label: + return cls._transport_registry[label] + + # No transport is requested; return the default (that is, the first one + # in the dictionary). + return next(iter(cls._transport_registry.values())) + + +class PrivilegedAccessManagerClient(metaclass=PrivilegedAccessManagerClientMeta): + """This API allows customers to manage temporary, request based + privileged access to their resources. + + It defines the following resource model: + + - A collection of ``Entitlement`` resources. An entitlement allows + configuring (among other things): + + - Some kind of privileged access that users can request. + - A set of users called *requesters* who can request this + access. + - A maximum duration for which the access can be requested. + - An optional approval workflow which must be satisfied before + access is granted. + + - A collection of ``Grant`` resources. A grant is a request by a + requester to get the privileged access specified in an + entitlement for some duration. + + After the approval workflow as specified in the entitlement is + satisfied, the specified access is given to the requester. The + access is automatically taken back after the requested duration + is over. + """ + + @staticmethod + def _get_default_mtls_endpoint(api_endpoint): + """Converts api endpoint to mTLS endpoint. + + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to + "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. + Args: + api_endpoint (Optional[str]): the api endpoint to convert. + Returns: + str: converted mTLS api endpoint. + """ + if not api_endpoint: + return api_endpoint + + mtls_endpoint_re = re.compile( + r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" + ) + + m = mtls_endpoint_re.match(api_endpoint) + name, mtls, sandbox, googledomain = m.groups() + if mtls or not googledomain: + return api_endpoint + + if sandbox: + return api_endpoint.replace( + "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" + ) + + return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") + + # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead. + DEFAULT_ENDPOINT = "privilegedaccessmanager.googleapis.com" + DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore + DEFAULT_ENDPOINT + ) + + _DEFAULT_ENDPOINT_TEMPLATE = "privilegedaccessmanager.{UNIVERSE_DOMAIN}" + _DEFAULT_UNIVERSE = "googleapis.com" + + @classmethod + def from_service_account_info(cls, info: dict, *args, **kwargs): + """Creates an instance of this client using the provided credentials + info. + + Args: + info (dict): The service account private key info. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + PrivilegedAccessManagerClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_info(info) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + PrivilegedAccessManagerClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file( + filename) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @property + def transport(self) -> PrivilegedAccessManagerTransport: + """Returns the transport used by the client instance. + + Returns: + PrivilegedAccessManagerTransport: The transport used by the client + instance. + """ + return self._transport + + @staticmethod + def entitlement_path(project: str,location: str,entitlement: str,) -> str: + """Returns a fully-qualified entitlement string.""" + return "projects/{project}/locations/{location}/entitlements/{entitlement}".format(project=project, location=location, entitlement=entitlement, ) + + @staticmethod + def parse_entitlement_path(path: str) -> Dict[str,str]: + """Parses a entitlement path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)/entitlements/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def grant_path(project: str,location: str,entitlement: str,grant: str,) -> str: + """Returns a fully-qualified grant string.""" + return "projects/{project}/locations/{location}/entitlements/{entitlement}/grants/{grant}".format(project=project, location=location, entitlement=entitlement, grant=grant, ) + + @staticmethod + def parse_grant_path(path: str) -> Dict[str,str]: + """Parses a grant path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)/entitlements/(?P.+?)/grants/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_billing_account_path(billing_account: str, ) -> str: + """Returns a fully-qualified billing_account string.""" + return "billingAccounts/{billing_account}".format(billing_account=billing_account, ) + + @staticmethod + def parse_common_billing_account_path(path: str) -> Dict[str,str]: + """Parse a billing_account path into its component segments.""" + m = re.match(r"^billingAccounts/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_folder_path(folder: str, ) -> str: + """Returns a fully-qualified folder string.""" + return "folders/{folder}".format(folder=folder, ) + + @staticmethod + def parse_common_folder_path(path: str) -> Dict[str,str]: + """Parse a folder path into its component segments.""" + m = re.match(r"^folders/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_organization_path(organization: str, ) -> str: + """Returns a fully-qualified organization string.""" + return "organizations/{organization}".format(organization=organization, ) + + @staticmethod + def parse_common_organization_path(path: str) -> Dict[str,str]: + """Parse a organization path into its component segments.""" + m = re.match(r"^organizations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_project_path(project: str, ) -> str: + """Returns a fully-qualified project string.""" + return "projects/{project}".format(project=project, ) + + @staticmethod + def parse_common_project_path(path: str) -> Dict[str,str]: + """Parse a project path into its component segments.""" + m = re.match(r"^projects/(?P.+?)$", path) + return m.groupdict() if m else {} + + @staticmethod + def common_location_path(project: str, location: str, ) -> str: + """Returns a fully-qualified location string.""" + return "projects/{project}/locations/{location}".format(project=project, location=location, ) + + @staticmethod + def parse_common_location_path(path: str) -> Dict[str,str]: + """Parse a location path into its component segments.""" + m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) + return m.groupdict() if m else {} + + @classmethod + def get_mtls_endpoint_and_cert_source(cls, client_options: Optional[client_options_lib.ClientOptions] = None): + """Deprecated. Return the API endpoint and client cert source for mutual TLS. + + The client cert source is determined in the following order: + (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the + client cert source is None. + (2) if `client_options.client_cert_source` is provided, use the provided one; if the + default client cert source exists, use the default one; otherwise the client cert + source is None. + + The API endpoint is determined in the following order: + (1) if `client_options.api_endpoint` if provided, use the provided one. + (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the + default mTLS endpoint; if the environment variable is "never", use the default API + endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise + use the default API endpoint. + + More details can be found at https://google.aip.dev/auth/4114. + + Args: + client_options (google.api_core.client_options.ClientOptions): Custom options for the + client. Only the `api_endpoint` and `client_cert_source` properties may be used + in this method. + + Returns: + Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the + client cert source to use. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If any errors happen. + """ + + warnings.warn("get_mtls_endpoint_and_cert_source is deprecated. Use the api_endpoint property instead.", + DeprecationWarning) + if client_options is None: + client_options = client_options_lib.ClientOptions() + use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") + use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") + if use_client_cert not in ("true", "false"): + raise ValueError("Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`") + if use_mtls_endpoint not in ("auto", "never", "always"): + raise MutualTLSChannelError("Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`") + + # Figure out the client cert source to use. + client_cert_source = None + if use_client_cert == "true": + if client_options.client_cert_source: + client_cert_source = client_options.client_cert_source + elif mtls.has_default_client_cert_source(): + client_cert_source = mtls.default_client_cert_source() + + # Figure out which api endpoint to use. + if client_options.api_endpoint is not None: + api_endpoint = client_options.api_endpoint + elif use_mtls_endpoint == "always" or (use_mtls_endpoint == "auto" and client_cert_source): + api_endpoint = cls.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = cls.DEFAULT_ENDPOINT + + return api_endpoint, client_cert_source + + @staticmethod + def _read_environment_variables(): + """Returns the environment variables used by the client. + + Returns: + Tuple[bool, str, str]: returns the GOOGLE_API_USE_CLIENT_CERTIFICATE, + GOOGLE_API_USE_MTLS_ENDPOINT, and GOOGLE_CLOUD_UNIVERSE_DOMAIN environment variables. + + Raises: + ValueError: If GOOGLE_API_USE_CLIENT_CERTIFICATE is not + any of ["true", "false"]. + google.auth.exceptions.MutualTLSChannelError: If GOOGLE_API_USE_MTLS_ENDPOINT + is not any of ["auto", "never", "always"]. + """ + use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false").lower() + use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower() + universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN") + if use_client_cert not in ("true", "false"): + raise ValueError("Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`") + if use_mtls_endpoint not in ("auto", "never", "always"): + raise MutualTLSChannelError("Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`") + return use_client_cert == "true", use_mtls_endpoint, universe_domain_env + + @staticmethod + def _get_client_cert_source(provided_cert_source, use_cert_flag): + """Return the client cert source to be used by the client. + + Args: + provided_cert_source (bytes): The client certificate source provided. + use_cert_flag (bool): A flag indicating whether to use the client certificate. + + Returns: + bytes or None: The client cert source to be used by the client. + """ + client_cert_source = None + if use_cert_flag: + if provided_cert_source: + client_cert_source = provided_cert_source + elif mtls.has_default_client_cert_source(): + client_cert_source = mtls.default_client_cert_source() + return client_cert_source + + @staticmethod + def _get_api_endpoint(api_override, client_cert_source, universe_domain, use_mtls_endpoint): + """Return the API endpoint used by the client. + + Args: + api_override (str): The API endpoint override. If specified, this is always + the return value of this function and the other arguments are not used. + client_cert_source (bytes): The client certificate source used by the client. + universe_domain (str): The universe domain used by the client. + use_mtls_endpoint (str): How to use the mTLS endpoint, which depends also on the other parameters. + Possible values are "always", "auto", or "never". + + Returns: + str: The API endpoint to be used by the client. + """ + if api_override is not None: + api_endpoint = api_override + elif use_mtls_endpoint == "always" or (use_mtls_endpoint == "auto" and client_cert_source): + _default_universe = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE + if universe_domain != _default_universe: + raise MutualTLSChannelError(f"mTLS is not supported in any universe other than {_default_universe}.") + api_endpoint = PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT + else: + api_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=universe_domain) + return api_endpoint + + @staticmethod + def _get_universe_domain(client_universe_domain: Optional[str], universe_domain_env: Optional[str]) -> str: + """Return the universe domain used by the client. + + Args: + client_universe_domain (Optional[str]): The universe domain configured via the client options. + universe_domain_env (Optional[str]): The universe domain configured via the "GOOGLE_CLOUD_UNIVERSE_DOMAIN" environment variable. + + Returns: + str: The universe domain to be used by the client. + + Raises: + ValueError: If the universe domain is an empty string. + """ + universe_domain = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE + if client_universe_domain is not None: + universe_domain = client_universe_domain + elif universe_domain_env is not None: + universe_domain = universe_domain_env + if len(universe_domain.strip()) == 0: + raise ValueError("Universe Domain cannot be an empty string.") + return universe_domain + + def _validate_universe_domain(self): + """Validates client's and credentials' universe domains are consistent. + + Returns: + bool: True iff the configured universe domain is valid. + + Raises: + ValueError: If the configured universe domain is not valid. + """ + + # NOTE (b/349488459): universe validation is disabled until further notice. + return True + + def _add_cred_info_for_auth_errors( + self, + error: core_exceptions.GoogleAPICallError + ) -> None: + """Adds credential info string to error details for 401/403/404 errors. + + Args: + error (google.api_core.exceptions.GoogleAPICallError): The error to add the cred info. + """ + if error.code not in [HTTPStatus.UNAUTHORIZED, HTTPStatus.FORBIDDEN, HTTPStatus.NOT_FOUND]: + return + + cred = self._transport._credentials + + # get_cred_info is only available in google-auth>=2.35.0 + if not hasattr(cred, "get_cred_info"): + return + + # ignore the type check since pypy test fails when get_cred_info + # is not available + cred_info = cred.get_cred_info() # type: ignore + if cred_info and hasattr(error._details, "append"): + error._details.append(json.dumps(cred_info)) + + @property + def api_endpoint(self): + """Return the API endpoint used by the client instance. + + Returns: + str: The API endpoint used by the client instance. + """ + return self._api_endpoint + + @property + def universe_domain(self) -> str: + """Return the universe domain used by the client instance. + + Returns: + str: The universe domain used by the client instance. + """ + return self._universe_domain + + def __init__(self, *, + credentials: Optional[ga_credentials.Credentials] = None, + transport: Optional[Union[str, PrivilegedAccessManagerTransport, Callable[..., PrivilegedAccessManagerTransport]]] = None, + client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + ) -> None: + """Instantiates the privileged access manager client. + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Optional[Union[str,PrivilegedAccessManagerTransport,Callable[..., PrivilegedAccessManagerTransport]]]): + The transport to use, or a Callable that constructs and returns a new transport. + If a Callable is given, it will be called with the same set of initialization + arguments as used in the PrivilegedAccessManagerTransport constructor. + If set to None, a transport is chosen automatically. + client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]): + Custom options for the client. + + 1. The ``api_endpoint`` property can be used to override the + default endpoint provided by the client when ``transport`` is + not explicitly provided. Only if this property is not set and + ``transport`` was not explicitly provided, the endpoint is + determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment + variable, which have one of the following values: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint) and "auto" (auto-switch to the + default mTLS endpoint if client certificate is present; this is + the default value). + + 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable + is "true", then the ``client_cert_source`` property can be used + to provide a client certificate for mTLS transport. If + not provided, the default SSL client certificate will be used if + present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not + set, no client certificate will be used. + + 3. The ``universe_domain`` property can be used to override the + default "googleapis.com" universe. Note that the ``api_endpoint`` + property still takes precedence; and ``universe_domain`` is + currently not supported for mTLS. + + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + """ + self._client_options = client_options + if isinstance(self._client_options, dict): + self._client_options = client_options_lib.from_dict(self._client_options) + if self._client_options is None: + self._client_options = client_options_lib.ClientOptions() + self._client_options = cast(client_options_lib.ClientOptions, self._client_options) + + universe_domain_opt = getattr(self._client_options, 'universe_domain', None) + + self._use_client_cert, self._use_mtls_endpoint, self._universe_domain_env = PrivilegedAccessManagerClient._read_environment_variables() + self._client_cert_source = PrivilegedAccessManagerClient._get_client_cert_source(self._client_options.client_cert_source, self._use_client_cert) + self._universe_domain = PrivilegedAccessManagerClient._get_universe_domain(universe_domain_opt, self._universe_domain_env) + self._api_endpoint = None # updated below, depending on `transport` + + # Initialize the universe domain validation. + self._is_universe_domain_valid = False + + if CLIENT_LOGGING_SUPPORTED: # pragma: NO COVER + # Setup logging. + client_logging.initialize_logging() + + api_key_value = getattr(self._client_options, "api_key", None) + if api_key_value and credentials: + raise ValueError("client_options.api_key and credentials are mutually exclusive") + + # Save or instantiate the transport. + # Ordinarily, we provide the transport, but allowing a custom transport + # instance provides an extensibility point for unusual situations. + transport_provided = isinstance(transport, PrivilegedAccessManagerTransport) + if transport_provided: + # transport is a PrivilegedAccessManagerTransport instance. + if credentials or self._client_options.credentials_file or api_key_value: + raise ValueError("When providing a transport instance, " + "provide its credentials directly.") + if self._client_options.scopes: + raise ValueError( + "When providing a transport instance, provide its scopes " + "directly." + ) + self._transport = cast(PrivilegedAccessManagerTransport, transport) + self._api_endpoint = self._transport.host + + self._api_endpoint = (self._api_endpoint or + PrivilegedAccessManagerClient._get_api_endpoint( + self._client_options.api_endpoint, + self._client_cert_source, + self._universe_domain, + self._use_mtls_endpoint)) + + if not transport_provided: + import google.auth._default # type: ignore + + if api_key_value and hasattr(google.auth._default, "get_api_key_credentials"): + credentials = google.auth._default.get_api_key_credentials(api_key_value) + + transport_init: Union[Type[PrivilegedAccessManagerTransport], Callable[..., PrivilegedAccessManagerTransport]] = ( + PrivilegedAccessManagerClient.get_transport_class(transport) + if isinstance(transport, str) or transport is None + else cast(Callable[..., PrivilegedAccessManagerTransport], transport) + ) + # initialize with the provided callable or the passed in class + self._transport = transport_init( + credentials=credentials, + credentials_file=self._client_options.credentials_file, + host=self._api_endpoint, + scopes=self._client_options.scopes, + client_cert_source_for_mtls=self._client_cert_source, + quota_project_id=self._client_options.quota_project_id, + client_info=client_info, + always_use_jwt_access=True, + api_audience=self._client_options.api_audience, + ) + + if "async" not in str(self._transport): + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(std_logging.DEBUG): # pragma: NO COVER + _LOGGER.debug( + "Created client `google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient`.", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "universeDomain": getattr(self._transport._credentials, "universe_domain", ""), + "credentialsType": f"{type(self._transport._credentials).__module__}.{type(self._transport._credentials).__qualname__}", + "credentialsInfo": getattr(self.transport._credentials, "get_cred_info", lambda: None)(), + } if hasattr(self._transport, "_credentials") else { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "credentialsType": None, + } + ) + + def check_onboarding_status(self, + request: Optional[Union[privilegedaccessmanager.CheckOnboardingStatusRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.CheckOnboardingStatusResponse: + r"""``CheckOnboardingStatus`` reports the onboarding status for a + project/folder/organization. Any findings reported by this API + need to be fixed before PAM can be used on the resource. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_check_onboarding_status(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CheckOnboardingStatusRequest( + parent="parent_value", + ) + + # Make the request + response = client.check_onboarding_status(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusRequest, dict]): + The request object. Request message for ``CheckOnboardingStatus`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse: + Response message for CheckOnboardingStatus method. + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.CheckOnboardingStatusRequest): + request = privilegedaccessmanager.CheckOnboardingStatusRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.check_onboarding_status] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def list_entitlements(self, + request: Optional[Union[privilegedaccessmanager.ListEntitlementsRequest, dict]] = None, + *, + parent: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> pagers.ListEntitlementsPager: + r"""Lists entitlements in a given + project/folder/organization and location. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_list_entitlements(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ListEntitlementsRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_entitlements(request=request) + + # Handle the response + for response in page_result: + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest, dict]): + The request object. Message for requesting list of + entitlements. + parent (str): + Required. The parent which owns the + entitlement resources. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListEntitlementsPager: + Message for response to listing + entitlements. + Iterating over this object will yield + results and resolve additional pages + automatically. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [parent] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError('If the `request` argument is set, then none of ' + 'the individual field arguments should be set.') + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.ListEntitlementsRequest): + request = privilegedaccessmanager.ListEntitlementsRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_entitlements] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListEntitlementsPager( + method=rpc, + request=request, + response=response, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def search_entitlements(self, + request: Optional[Union[privilegedaccessmanager.SearchEntitlementsRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> pagers.SearchEntitlementsPager: + r"""``SearchEntitlements`` returns entitlements on which the caller + has the specified access. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_search_entitlements(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.SearchEntitlementsRequest( + parent="parent_value", + caller_access_type="GRANT_APPROVER", + ) + + # Make the request + page_result = client.search_entitlements(request=request) + + # Handle the response + for response in page_result: + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest, dict]): + The request object. Request message for ``SearchEntitlements`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchEntitlementsPager: + Response message for SearchEntitlements method. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.SearchEntitlementsRequest): + request = privilegedaccessmanager.SearchEntitlementsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.search_entitlements] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.SearchEntitlementsPager( + method=rpc, + request=request, + response=response, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def get_entitlement(self, + request: Optional[Union[privilegedaccessmanager.GetEntitlementRequest, dict]] = None, + *, + name: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Entitlement: + r"""Gets details of a single entitlement. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_get_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.GetEntitlementRequest( + name="name_value", + ) + + # Make the request + response = client.get_entitlement(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.GetEntitlementRequest, dict]): + The request object. Message for getting an entitlement. + name (str): + Required. Name of the resource. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Entitlement: + An entitlement defines the + eligibility of a set of users to obtain + predefined access for some time possibly + after going through an approval + workflow. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [name] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError('If the `request` argument is set, then none of ' + 'the individual field arguments should be set.') + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.GetEntitlementRequest): + request = privilegedaccessmanager.GetEntitlementRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_entitlement] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def create_entitlement(self, + request: Optional[Union[privilegedaccessmanager.CreateEntitlementRequest, dict]] = None, + *, + parent: Optional[str] = None, + entitlement: Optional[privilegedaccessmanager.Entitlement] = None, + entitlement_id: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operation.Operation: + r"""Creates a new entitlement in a given + project/folder/organization and location. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_create_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CreateEntitlementRequest( + parent="parent_value", + entitlement_id="entitlement_id_value", + ) + + # Make the request + operation = client.create_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.CreateEntitlementRequest, dict]): + The request object. Message for creating an entitlement. + parent (str): + Required. Name of the parent resource for the + entitlement. Possible formats: + + - ``organizations/{organization-number}/locations/{region}`` + - ``folders/{folder-number}/locations/{region}`` + - ``projects/{project-id|project-number}/locations/{region}`` + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + entitlement (google.cloud.privilegedaccessmanager_v1.types.Entitlement): + Required. The resource being created + This corresponds to the ``entitlement`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + entitlement_id (str): + Required. The ID to use for this entitlement. This + becomes the last part of the resource name. + + This value should be 4-63 characters in length, and + valid characters are "[a-z]", "[0-9]", and "-". The + first character should be from [a-z]. + + This value should be unique among all other entitlements + under the specified ``parent``. + + This corresponds to the ``entitlement_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.api_core.operation.Operation: + An object representing a long-running operation. + + The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain + predefined access for some time possibly after going + through an approval workflow. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [parent, entitlement, entitlement_id] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError('If the `request` argument is set, then none of ' + 'the individual field arguments should be set.') + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.CreateEntitlementRequest): + request = privilegedaccessmanager.CreateEntitlementRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + if entitlement is not None: + request.entitlement = entitlement + if entitlement_id is not None: + request.entitlement_id = entitlement_id + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_entitlement] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation.from_gapic( + response, + self._transport.operations_client, + privilegedaccessmanager.Entitlement, + metadata_type=privilegedaccessmanager.OperationMetadata, + ) + + # Done; return the response. + return response + + def delete_entitlement(self, + request: Optional[Union[privilegedaccessmanager.DeleteEntitlementRequest, dict]] = None, + *, + name: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operation.Operation: + r"""Deletes a single entitlement. This method can only be called + when there are no in-progress + (``ACTIVE``/``ACTIVATING``/``REVOKING``) grants under the + entitlement. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_delete_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.DeleteEntitlementRequest( + name="name_value", + ) + + # Make the request + operation = client.delete_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.DeleteEntitlementRequest, dict]): + The request object. Message for deleting an entitlement. + name (str): + Required. Name of the resource. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.api_core.operation.Operation: + An object representing a long-running operation. + + The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain + predefined access for some time possibly after going + through an approval workflow. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [name] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError('If the `request` argument is set, then none of ' + 'the individual field arguments should be set.') + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.DeleteEntitlementRequest): + request = privilegedaccessmanager.DeleteEntitlementRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.delete_entitlement] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation.from_gapic( + response, + self._transport.operations_client, + privilegedaccessmanager.Entitlement, + metadata_type=privilegedaccessmanager.OperationMetadata, + ) + + # Done; return the response. + return response + + def update_entitlement(self, + request: Optional[Union[privilegedaccessmanager.UpdateEntitlementRequest, dict]] = None, + *, + entitlement: Optional[privilegedaccessmanager.Entitlement] = None, + update_mask: Optional[field_mask_pb2.FieldMask] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operation.Operation: + r"""Updates the entitlement specified in the request. Updated fields + in the entitlement need to be specified in an update mask. The + changes made to an entitlement are applicable only on future + grants of the entitlement. However, if new approvers are added + or existing approvers are removed from the approval workflow, + the changes are effective on existing grants. + + The following fields are not supported for updates: + + - All immutable fields + - Entitlement name + - Resource name + - Resource type + - Adding an approval workflow in an entitlement which + previously had no approval workflow. + - Deleting the approval workflow from an entitlement. + - Adding or deleting a step in the approval workflow (only one + step is supported) + + Note that updates are allowed on the list of approvers in an + approval workflow step. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_update_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.UpdateEntitlementRequest( + ) + + # Make the request + operation = client.update_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.UpdateEntitlementRequest, dict]): + The request object. Message for updating an entitlement. + entitlement (google.cloud.privilegedaccessmanager_v1.types.Entitlement): + Required. The entitlement resource + that is updated. + + This corresponds to the ``entitlement`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + update_mask (google.protobuf.field_mask_pb2.FieldMask): + Required. The list of fields to update. A field is + overwritten if, and only if, it is in the mask. Any + immutable fields set in the mask are ignored by the + server. Repeated fields and map fields are only allowed + in the last position of a ``paths`` string and overwrite + the existing values. Hence an update to a repeated field + or a map should contain the entire list of values. The + fields specified in the update_mask are relative to the + resource and not to the request. (e.g. + ``MaxRequestDuration``; *not* + ``entitlement.MaxRequestDuration``) A value of '*' for + this field refers to full replacement of the resource. + + This corresponds to the ``update_mask`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.api_core.operation.Operation: + An object representing a long-running operation. + + The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain + predefined access for some time possibly after going + through an approval workflow. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [entitlement, update_mask] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError('If the `request` argument is set, then none of ' + 'the individual field arguments should be set.') + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.UpdateEntitlementRequest): + request = privilegedaccessmanager.UpdateEntitlementRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if entitlement is not None: + request.entitlement = entitlement + if update_mask is not None: + request.update_mask = update_mask + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.update_entitlement] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("entitlement.name", request.entitlement.name), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation.from_gapic( + response, + self._transport.operations_client, + privilegedaccessmanager.Entitlement, + metadata_type=privilegedaccessmanager.OperationMetadata, + ) + + # Done; return the response. + return response + + def list_grants(self, + request: Optional[Union[privilegedaccessmanager.ListGrantsRequest, dict]] = None, + *, + parent: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> pagers.ListGrantsPager: + r"""Lists grants for a given entitlement. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_list_grants(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ListGrantsRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_grants(request=request) + + # Handle the response + for response in page_result: + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest, dict]): + The request object. Message for requesting list of + grants. + parent (str): + Required. The parent resource which + owns the grants. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListGrantsPager: + Message for response to listing + grants. + Iterating over this object will yield + results and resolve additional pages + automatically. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [parent] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError('If the `request` argument is set, then none of ' + 'the individual field arguments should be set.') + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.ListGrantsRequest): + request = privilegedaccessmanager.ListGrantsRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_grants] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListGrantsPager( + method=rpc, + request=request, + response=response, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def search_grants(self, + request: Optional[Union[privilegedaccessmanager.SearchGrantsRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> pagers.SearchGrantsPager: + r"""``SearchGrants`` returns grants that are related to the calling + user in the specified way. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_search_grants(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.SearchGrantsRequest( + parent="parent_value", + caller_relationship="HAD_APPROVED", + ) + + # Make the request + page_result = client.search_grants(request=request) + + # Handle the response + for response in page_result: + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest, dict]): + The request object. Request message for ``SearchGrants`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchGrantsPager: + Response message for SearchGrants method. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.SearchGrantsRequest): + request = privilegedaccessmanager.SearchGrantsRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.search_grants] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.SearchGrantsPager( + method=rpc, + request=request, + response=response, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def get_grant(self, + request: Optional[Union[privilegedaccessmanager.GetGrantRequest, dict]] = None, + *, + name: Optional[str] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Grant: + r"""Get details of a single grant. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_get_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.GetGrantRequest( + name="name_value", + ) + + # Make the request + response = client.get_grant(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.GetGrantRequest, dict]): + The request object. Message for getting a grant. + name (str): + Required. Name of the resource. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [name] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError('If the `request` argument is set, then none of ' + 'the individual field arguments should be set.') + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.GetGrantRequest): + request = privilegedaccessmanager.GetGrantRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def create_grant(self, + request: Optional[Union[privilegedaccessmanager.CreateGrantRequest, dict]] = None, + *, + parent: Optional[str] = None, + grant: Optional[privilegedaccessmanager.Grant] = None, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Grant: + r"""Creates a new grant in a given + project/folder/organization and location. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_create_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CreateGrantRequest( + parent="parent_value", + ) + + # Make the request + response = client.create_grant(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.CreateGrantRequest, dict]): + The request object. Message for creating a grant + parent (str): + Required. Name of the parent + entitlement for which this grant is + being requested. + + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + grant (google.cloud.privilegedaccessmanager_v1.types.Grant): + Required. The resource being created. + This corresponds to the ``grant`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Quick check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + flattened_params = [parent, grant] + has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 + if request is not None and has_flattened_params: + raise ValueError('If the `request` argument is set, then none of ' + 'the individual field arguments should be set.') + + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.CreateGrantRequest): + request = privilegedaccessmanager.CreateGrantRequest(request) + # If we have keyword arguments corresponding to fields on the + # request, apply these. + if parent is not None: + request.parent = parent + if grant is not None: + request.grant = grant + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("parent", request.parent), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def approve_grant(self, + request: Optional[Union[privilegedaccessmanager.ApproveGrantRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Grant: + r"""``ApproveGrant`` is used to approve a grant. This method can + only be called on a grant when it's in the ``APPROVAL_AWAITED`` + state. This operation can't be undone. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_approve_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ApproveGrantRequest( + name="name_value", + ) + + # Make the request + response = client.approve_grant(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.ApproveGrantRequest, dict]): + The request object. Request message for ``ApproveGrant`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.ApproveGrantRequest): + request = privilegedaccessmanager.ApproveGrantRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.approve_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def deny_grant(self, + request: Optional[Union[privilegedaccessmanager.DenyGrantRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> privilegedaccessmanager.Grant: + r"""``DenyGrant`` is used to deny a grant. This method can only be + called on a grant when it's in the ``APPROVAL_AWAITED`` state. + This operation can't be undone. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_deny_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.DenyGrantRequest( + name="name_value", + ) + + # Make the request + response = client.deny_grant(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.DenyGrantRequest, dict]): + The request object. Request message for ``DenyGrant`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.cloud.privilegedaccessmanager_v1.types.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.DenyGrantRequest): + request = privilegedaccessmanager.DenyGrantRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.deny_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def revoke_grant(self, + request: Optional[Union[privilegedaccessmanager.RevokeGrantRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operation.Operation: + r"""``RevokeGrant`` is used to immediately revoke access for a + grant. This method can be called when the grant is in a + non-terminal state. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import privilegedaccessmanager_v1 + + def sample_revoke_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.RevokeGrantRequest( + name="name_value", + ) + + # Make the request + operation = client.revoke_grant(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.privilegedaccessmanager_v1.types.RevokeGrantRequest, dict]): + The request object. Request message for ``RevokeGrant`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + google.api_core.operation.Operation: + An object representing a long-running operation. + + The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Grant` A grant represents a request from a user for obtaining the access specified + in an entitlement they are eligible for. + + """ + # Create or coerce a protobuf request object. + # - Use the request object if provided (there's no risk of modifying the input as + # there are no flattened fields), or create one. + if not isinstance(request, privilegedaccessmanager.RevokeGrantRequest): + request = privilegedaccessmanager.RevokeGrantRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.revoke_grant] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ("name", request.name), + )), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Wrap the response in an operation future. + response = operation.from_gapic( + response, + self._transport.operations_client, + privilegedaccessmanager.Grant, + metadata_type=privilegedaccessmanager.OperationMetadata, + ) + + # Done; return the response. + return response + + def __enter__(self) -> "PrivilegedAccessManagerClient": + return self + + def __exit__(self, type, value, traceback): + """Releases underlying transport's resources. + + .. warning:: + ONLY use as a context manager if the transport is NOT shared + with other clients! Exiting the with block will CLOSE the transport + and may cause errors in other clients! + """ + self.transport.close() + + def list_operations( + self, + request: Optional[operations_pb2.ListOperationsRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operations_pb2.ListOperationsResponse: + r"""Lists operations that match the specified filter in the request. + + Args: + request (:class:`~.operations_pb2.ListOperationsRequest`): + The request object. Request message for + `ListOperations` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + ~.operations_pb2.ListOperationsResponse: + Response message for ``ListOperations`` method. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.ListOperationsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_operations] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + try: + # Send the request. + response = rpc( + request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + except core_exceptions.GoogleAPICallError as e: + self._add_cred_info_for_auth_errors(e) + raise e + + def get_operation( + self, + request: Optional[operations_pb2.GetOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> operations_pb2.Operation: + r"""Gets the latest state of a long-running operation. + + Args: + request (:class:`~.operations_pb2.GetOperationRequest`): + The request object. Request message for + `GetOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + ~.operations_pb2.Operation: + An ``Operation`` object. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.GetOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_operation] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + try: + # Send the request. + response = rpc( + request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + except core_exceptions.GoogleAPICallError as e: + self._add_cred_info_for_auth_errors(e) + raise e + + def delete_operation( + self, + request: Optional[operations_pb2.DeleteOperationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> None: + r"""Deletes a long-running operation. + + This method indicates that the client is no longer interested + in the operation result. It does not cancel the operation. + If the server doesn't support this method, it returns + `google.rpc.Code.UNIMPLEMENTED`. + + Args: + request (:class:`~.operations_pb2.DeleteOperationRequest`): + The request object. Request message for + `DeleteOperation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + None + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = operations_pb2.DeleteOperationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.delete_operation] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + # Send the request. + rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + def get_location( + self, + request: Optional[locations_pb2.GetLocationRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> locations_pb2.Location: + r"""Gets information about a location. + + Args: + request (:class:`~.location_pb2.GetLocationRequest`): + The request object. Request message for + `GetLocation` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + ~.location_pb2.Location: + Location object. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = locations_pb2.GetLocationRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_location] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + try: + # Send the request. + response = rpc( + request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + except core_exceptions.GoogleAPICallError as e: + self._add_cred_info_for_auth_errors(e) + raise e + + def list_locations( + self, + request: Optional[locations_pb2.ListLocationsRequest] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), + ) -> locations_pb2.ListLocationsResponse: + r"""Lists information about the supported locations for this service. + + Args: + request (:class:`~.location_pb2.ListLocationsRequest`): + The request object. Request message for + `ListLocations` method. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + Returns: + ~.location_pb2.ListLocationsResponse: + Response message for ``ListLocations`` method. + """ + # Create or coerce a protobuf request object. + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = locations_pb2.ListLocationsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_locations] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("name", request.name),)), + ) + + # Validate the universe domain. + self._validate_universe_domain() + + try: + # Send the request. + response = rpc( + request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + except core_exceptions.GoogleAPICallError as e: + self._add_cred_info_for_auth_errors(e) + raise e + + +DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(gapic_version=package_version.__version__) + +if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER + DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__ + +__all__ = ( + "PrivilegedAccessManagerClient", +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/pagers.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/pagers.py new file mode 100644 index 000000000000..574887b30413 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/pagers.py @@ -0,0 +1,583 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from google.api_core import gapic_v1 +from google.api_core import retry as retries +from google.api_core import retry_async as retries_async +from typing import Any, AsyncIterator, Awaitable, Callable, Sequence, Tuple, Optional, Iterator, Union +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None] + OptionalAsyncRetry = Union[retries_async.AsyncRetry, gapic_v1.method._MethodDefault, None] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object, None] # type: ignore + OptionalAsyncRetry = Union[retries_async.AsyncRetry, object, None] # type: ignore + +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager + + +class ListEntitlementsPager: + """A pager for iterating through ``list_entitlements`` requests. + + This class thinly wraps an initial + :class:`google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``entitlements`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListEntitlements`` requests and continue to iterate + through the ``entitlements`` field on the + corresponding responses. + + All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., privilegedaccessmanager.ListEntitlementsResponse], + request: privilegedaccessmanager.ListEntitlementsRequest, + response: privilegedaccessmanager.ListEntitlementsResponse, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest): + The initial request object. + response (google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse): + The initial response object. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + self._method = method + self._request = privilegedaccessmanager.ListEntitlementsRequest(request) + self._response = response + self._retry = retry + self._timeout = timeout + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterator[privilegedaccessmanager.ListEntitlementsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterator[privilegedaccessmanager.Entitlement]: + for page in self.pages: + yield from page.entitlements + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) + + +class ListEntitlementsAsyncPager: + """A pager for iterating through ``list_entitlements`` requests. + + This class thinly wraps an initial + :class:`google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``entitlements`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListEntitlements`` requests and continue to iterate + through the ``entitlements`` field on the + corresponding responses. + + All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., Awaitable[privilegedaccessmanager.ListEntitlementsResponse]], + request: privilegedaccessmanager.ListEntitlementsRequest, + response: privilegedaccessmanager.ListEntitlementsResponse, + *, + retry: OptionalAsyncRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): + """Instantiates the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest): + The initial request object. + response (google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse): + The initial response object. + retry (google.api_core.retry.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + self._method = method + self._request = privilegedaccessmanager.ListEntitlementsRequest(request) + self._response = response + self._retry = retry + self._timeout = timeout + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterator[privilegedaccessmanager.ListEntitlementsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) + yield self._response + def __aiter__(self) -> AsyncIterator[privilegedaccessmanager.Entitlement]: + async def async_generator(): + async for page in self.pages: + for response in page.entitlements: + yield response + + return async_generator() + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) + + +class SearchEntitlementsPager: + """A pager for iterating through ``search_entitlements`` requests. + + This class thinly wraps an initial + :class:`google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``entitlements`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``SearchEntitlements`` requests and continue to iterate + through the ``entitlements`` field on the + corresponding responses. + + All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., privilegedaccessmanager.SearchEntitlementsResponse], + request: privilegedaccessmanager.SearchEntitlementsRequest, + response: privilegedaccessmanager.SearchEntitlementsResponse, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest): + The initial request object. + response (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse): + The initial response object. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + self._method = method + self._request = privilegedaccessmanager.SearchEntitlementsRequest(request) + self._response = response + self._retry = retry + self._timeout = timeout + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterator[privilegedaccessmanager.SearchEntitlementsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterator[privilegedaccessmanager.Entitlement]: + for page in self.pages: + yield from page.entitlements + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) + + +class SearchEntitlementsAsyncPager: + """A pager for iterating through ``search_entitlements`` requests. + + This class thinly wraps an initial + :class:`google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``entitlements`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``SearchEntitlements`` requests and continue to iterate + through the ``entitlements`` field on the + corresponding responses. + + All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., Awaitable[privilegedaccessmanager.SearchEntitlementsResponse]], + request: privilegedaccessmanager.SearchEntitlementsRequest, + response: privilegedaccessmanager.SearchEntitlementsResponse, + *, + retry: OptionalAsyncRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): + """Instantiates the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest): + The initial request object. + response (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse): + The initial response object. + retry (google.api_core.retry.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + self._method = method + self._request = privilegedaccessmanager.SearchEntitlementsRequest(request) + self._response = response + self._retry = retry + self._timeout = timeout + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterator[privilegedaccessmanager.SearchEntitlementsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) + yield self._response + def __aiter__(self) -> AsyncIterator[privilegedaccessmanager.Entitlement]: + async def async_generator(): + async for page in self.pages: + for response in page.entitlements: + yield response + + return async_generator() + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) + + +class ListGrantsPager: + """A pager for iterating through ``list_grants`` requests. + + This class thinly wraps an initial + :class:`google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``grants`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListGrants`` requests and continue to iterate + through the ``grants`` field on the + corresponding responses. + + All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., privilegedaccessmanager.ListGrantsResponse], + request: privilegedaccessmanager.ListGrantsRequest, + response: privilegedaccessmanager.ListGrantsResponse, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest): + The initial request object. + response (google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse): + The initial response object. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + self._method = method + self._request = privilegedaccessmanager.ListGrantsRequest(request) + self._response = response + self._retry = retry + self._timeout = timeout + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterator[privilegedaccessmanager.ListGrantsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterator[privilegedaccessmanager.Grant]: + for page in self.pages: + yield from page.grants + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) + + +class ListGrantsAsyncPager: + """A pager for iterating through ``list_grants`` requests. + + This class thinly wraps an initial + :class:`google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``grants`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListGrants`` requests and continue to iterate + through the ``grants`` field on the + corresponding responses. + + All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., Awaitable[privilegedaccessmanager.ListGrantsResponse]], + request: privilegedaccessmanager.ListGrantsRequest, + response: privilegedaccessmanager.ListGrantsResponse, + *, + retry: OptionalAsyncRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): + """Instantiates the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest): + The initial request object. + response (google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse): + The initial response object. + retry (google.api_core.retry.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + self._method = method + self._request = privilegedaccessmanager.ListGrantsRequest(request) + self._response = response + self._retry = retry + self._timeout = timeout + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterator[privilegedaccessmanager.ListGrantsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) + yield self._response + def __aiter__(self) -> AsyncIterator[privilegedaccessmanager.Grant]: + async def async_generator(): + async for page in self.pages: + for response in page.grants: + yield response + + return async_generator() + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) + + +class SearchGrantsPager: + """A pager for iterating through ``search_grants`` requests. + + This class thinly wraps an initial + :class:`google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``grants`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``SearchGrants`` requests and continue to iterate + through the ``grants`` field on the + corresponding responses. + + All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., privilegedaccessmanager.SearchGrantsResponse], + request: privilegedaccessmanager.SearchGrantsRequest, + response: privilegedaccessmanager.SearchGrantsResponse, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest): + The initial request object. + response (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse): + The initial response object. + retry (google.api_core.retry.Retry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + self._method = method + self._request = privilegedaccessmanager.SearchGrantsRequest(request) + self._response = response + self._retry = retry + self._timeout = timeout + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterator[privilegedaccessmanager.SearchGrantsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterator[privilegedaccessmanager.Grant]: + for page in self.pages: + yield from page.grants + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) + + +class SearchGrantsAsyncPager: + """A pager for iterating through ``search_grants`` requests. + + This class thinly wraps an initial + :class:`google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``grants`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``SearchGrants`` requests and continue to iterate + through the ``grants`` field on the + corresponding responses. + + All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + def __init__(self, + method: Callable[..., Awaitable[privilegedaccessmanager.SearchGrantsResponse]], + request: privilegedaccessmanager.SearchGrantsRequest, + response: privilegedaccessmanager.SearchGrantsResponse, + *, + retry: OptionalAsyncRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): + """Instantiates the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest): + The initial request object. + response (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse): + The initial response object. + retry (google.api_core.retry.AsyncRetry): Designation of what errors, + if any, should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + self._method = method + self._request = privilegedaccessmanager.SearchGrantsRequest(request) + self._response = response + self._retry = retry + self._timeout = timeout + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterator[privilegedaccessmanager.SearchGrantsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) + yield self._response + def __aiter__(self) -> AsyncIterator[privilegedaccessmanager.Grant]: + async def async_generator(): + async for page in self.pages: + for response in page.grants: + yield response + + return async_generator() + + def __repr__(self) -> str: + return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/README.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/README.rst new file mode 100644 index 000000000000..7ab2494d17da --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/README.rst @@ -0,0 +1,9 @@ + +transport inheritance structure +_______________________________ + +`PrivilegedAccessManagerTransport` is the ABC for all transports. +- public child `PrivilegedAccessManagerGrpcTransport` for sync gRPC transport (defined in `grpc.py`). +- public child `PrivilegedAccessManagerGrpcAsyncIOTransport` for async gRPC transport (defined in `grpc_asyncio.py`). +- private child `_BasePrivilegedAccessManagerRestTransport` for base REST transport with inner classes `_BaseMETHOD` (defined in `rest_base.py`). +- public child `PrivilegedAccessManagerRestTransport` for sync REST transport with inner classes `METHOD` derived from the parent's corresponding `_BaseMETHOD` classes (defined in `rest.py`). diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/__init__.py new file mode 100644 index 000000000000..a69a112bc5d0 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/__init__.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from collections import OrderedDict +from typing import Dict, Type + +from .base import PrivilegedAccessManagerTransport +from .grpc import PrivilegedAccessManagerGrpcTransport +from .grpc_asyncio import PrivilegedAccessManagerGrpcAsyncIOTransport +from .rest import PrivilegedAccessManagerRestTransport +from .rest import PrivilegedAccessManagerRestInterceptor + + +# Compile a registry of transports. +_transport_registry = OrderedDict() # type: Dict[str, Type[PrivilegedAccessManagerTransport]] +_transport_registry['grpc'] = PrivilegedAccessManagerGrpcTransport +_transport_registry['grpc_asyncio'] = PrivilegedAccessManagerGrpcAsyncIOTransport +_transport_registry['rest'] = PrivilegedAccessManagerRestTransport + +__all__ = ( + 'PrivilegedAccessManagerTransport', + 'PrivilegedAccessManagerGrpcTransport', + 'PrivilegedAccessManagerGrpcAsyncIOTransport', + 'PrivilegedAccessManagerRestTransport', + 'PrivilegedAccessManagerRestInterceptor', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/base.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/base.py new file mode 100644 index 000000000000..4fd8201cac98 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/base.py @@ -0,0 +1,417 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import abc +from typing import Awaitable, Callable, Dict, Optional, Sequence, Union + +from google.cloud.privilegedaccessmanager_v1 import gapic_version as package_version + +import google.auth # type: ignore +import google.api_core +from google.api_core import exceptions as core_exceptions +from google.api_core import gapic_v1 +from google.api_core import retry as retries +from google.api_core import operations_v1 +from google.auth import credentials as ga_credentials # type: ignore +from google.oauth2 import service_account # type: ignore +import google.protobuf + +from google.cloud.location import locations_pb2 # type: ignore +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager +from google.longrunning import operations_pb2 # type: ignore + +DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(gapic_version=package_version.__version__) + +if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER + DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__ + + +class PrivilegedAccessManagerTransport(abc.ABC): + """Abstract transport class for PrivilegedAccessManager.""" + + AUTH_SCOPES = ( + 'https://www.googleapis.com/auth/cloud-platform', + ) + + DEFAULT_HOST: str = 'privilegedaccessmanager.googleapis.com' + + def __init__( + self, *, + host: str = DEFAULT_HOST, + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, + **kwargs, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A list of scopes. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + """ + + scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} + + # Save the scopes. + self._scopes = scopes + if not hasattr(self, "_ignore_credentials"): + self._ignore_credentials: bool = False + + # If no credentials are provided, then determine the appropriate + # defaults. + if credentials and credentials_file: + raise core_exceptions.DuplicateCredentialArgs("'credentials_file' and 'credentials' are mutually exclusive") + + if credentials_file is not None: + credentials, _ = google.auth.load_credentials_from_file( + credentials_file, + **scopes_kwargs, + quota_project_id=quota_project_id + ) + elif credentials is None and not self._ignore_credentials: + credentials, _ = google.auth.default(**scopes_kwargs, quota_project_id=quota_project_id) + # Don't apply audience if the credentials file passed from user. + if hasattr(credentials, "with_gdch_audience"): + credentials = credentials.with_gdch_audience(api_audience if api_audience else host) + + # If the credentials are service account credentials, then always try to use self signed JWT. + if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): + credentials = credentials.with_always_use_jwt_access(True) + + # Save the credentials. + self._credentials = credentials + + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ':' not in host: + host += ':443' + self._host = host + + @property + def host(self): + return self._host + + def _prep_wrapped_messages(self, client_info): + # Precompute the wrapped methods. + self._wrapped_methods = { + self.check_onboarding_status: gapic_v1.method.wrap_method( + self.check_onboarding_status, + default_timeout=None, + client_info=client_info, + ), + self.list_entitlements: gapic_v1.method.wrap_method( + self.list_entitlements, + default_timeout=None, + client_info=client_info, + ), + self.search_entitlements: gapic_v1.method.wrap_method( + self.search_entitlements, + default_timeout=None, + client_info=client_info, + ), + self.get_entitlement: gapic_v1.method.wrap_method( + self.get_entitlement, + default_timeout=None, + client_info=client_info, + ), + self.create_entitlement: gapic_v1.method.wrap_method( + self.create_entitlement, + default_timeout=None, + client_info=client_info, + ), + self.delete_entitlement: gapic_v1.method.wrap_method( + self.delete_entitlement, + default_timeout=None, + client_info=client_info, + ), + self.update_entitlement: gapic_v1.method.wrap_method( + self.update_entitlement, + default_timeout=None, + client_info=client_info, + ), + self.list_grants: gapic_v1.method.wrap_method( + self.list_grants, + default_timeout=None, + client_info=client_info, + ), + self.search_grants: gapic_v1.method.wrap_method( + self.search_grants, + default_timeout=None, + client_info=client_info, + ), + self.get_grant: gapic_v1.method.wrap_method( + self.get_grant, + default_timeout=None, + client_info=client_info, + ), + self.create_grant: gapic_v1.method.wrap_method( + self.create_grant, + default_timeout=None, + client_info=client_info, + ), + self.approve_grant: gapic_v1.method.wrap_method( + self.approve_grant, + default_timeout=None, + client_info=client_info, + ), + self.deny_grant: gapic_v1.method.wrap_method( + self.deny_grant, + default_timeout=None, + client_info=client_info, + ), + self.revoke_grant: gapic_v1.method.wrap_method( + self.revoke_grant, + default_timeout=None, + client_info=client_info, + ), + self.get_location: gapic_v1.method.wrap_method( + self.get_location, + default_timeout=None, + client_info=client_info, + ), + self.list_locations: gapic_v1.method.wrap_method( + self.list_locations, + default_timeout=None, + client_info=client_info, + ), + self.delete_operation: gapic_v1.method.wrap_method( + self.delete_operation, + default_timeout=None, + client_info=client_info, + ), + self.get_operation: gapic_v1.method.wrap_method( + self.get_operation, + default_timeout=None, + client_info=client_info, + ), + self.list_operations: gapic_v1.method.wrap_method( + self.list_operations, + default_timeout=None, + client_info=client_info, + ), + } + + def close(self): + """Closes resources associated with the transport. + + .. warning:: + Only call this method if the transport is NOT shared + with other clients - this may cause errors in other clients! + """ + raise NotImplementedError() + + @property + def operations_client(self): + """Return the client designed to process long-running operations.""" + raise NotImplementedError() + + @property + def check_onboarding_status(self) -> Callable[ + [privilegedaccessmanager.CheckOnboardingStatusRequest], + Union[ + privilegedaccessmanager.CheckOnboardingStatusResponse, + Awaitable[privilegedaccessmanager.CheckOnboardingStatusResponse] + ]]: + raise NotImplementedError() + + @property + def list_entitlements(self) -> Callable[ + [privilegedaccessmanager.ListEntitlementsRequest], + Union[ + privilegedaccessmanager.ListEntitlementsResponse, + Awaitable[privilegedaccessmanager.ListEntitlementsResponse] + ]]: + raise NotImplementedError() + + @property + def search_entitlements(self) -> Callable[ + [privilegedaccessmanager.SearchEntitlementsRequest], + Union[ + privilegedaccessmanager.SearchEntitlementsResponse, + Awaitable[privilegedaccessmanager.SearchEntitlementsResponse] + ]]: + raise NotImplementedError() + + @property + def get_entitlement(self) -> Callable[ + [privilegedaccessmanager.GetEntitlementRequest], + Union[ + privilegedaccessmanager.Entitlement, + Awaitable[privilegedaccessmanager.Entitlement] + ]]: + raise NotImplementedError() + + @property + def create_entitlement(self) -> Callable[ + [privilegedaccessmanager.CreateEntitlementRequest], + Union[ + operations_pb2.Operation, + Awaitable[operations_pb2.Operation] + ]]: + raise NotImplementedError() + + @property + def delete_entitlement(self) -> Callable[ + [privilegedaccessmanager.DeleteEntitlementRequest], + Union[ + operations_pb2.Operation, + Awaitable[operations_pb2.Operation] + ]]: + raise NotImplementedError() + + @property + def update_entitlement(self) -> Callable[ + [privilegedaccessmanager.UpdateEntitlementRequest], + Union[ + operations_pb2.Operation, + Awaitable[operations_pb2.Operation] + ]]: + raise NotImplementedError() + + @property + def list_grants(self) -> Callable[ + [privilegedaccessmanager.ListGrantsRequest], + Union[ + privilegedaccessmanager.ListGrantsResponse, + Awaitable[privilegedaccessmanager.ListGrantsResponse] + ]]: + raise NotImplementedError() + + @property + def search_grants(self) -> Callable[ + [privilegedaccessmanager.SearchGrantsRequest], + Union[ + privilegedaccessmanager.SearchGrantsResponse, + Awaitable[privilegedaccessmanager.SearchGrantsResponse] + ]]: + raise NotImplementedError() + + @property + def get_grant(self) -> Callable[ + [privilegedaccessmanager.GetGrantRequest], + Union[ + privilegedaccessmanager.Grant, + Awaitable[privilegedaccessmanager.Grant] + ]]: + raise NotImplementedError() + + @property + def create_grant(self) -> Callable[ + [privilegedaccessmanager.CreateGrantRequest], + Union[ + privilegedaccessmanager.Grant, + Awaitable[privilegedaccessmanager.Grant] + ]]: + raise NotImplementedError() + + @property + def approve_grant(self) -> Callable[ + [privilegedaccessmanager.ApproveGrantRequest], + Union[ + privilegedaccessmanager.Grant, + Awaitable[privilegedaccessmanager.Grant] + ]]: + raise NotImplementedError() + + @property + def deny_grant(self) -> Callable[ + [privilegedaccessmanager.DenyGrantRequest], + Union[ + privilegedaccessmanager.Grant, + Awaitable[privilegedaccessmanager.Grant] + ]]: + raise NotImplementedError() + + @property + def revoke_grant(self) -> Callable[ + [privilegedaccessmanager.RevokeGrantRequest], + Union[ + operations_pb2.Operation, + Awaitable[operations_pb2.Operation] + ]]: + raise NotImplementedError() + + @property + def list_operations( + self, + ) -> Callable[ + [operations_pb2.ListOperationsRequest], + Union[operations_pb2.ListOperationsResponse, Awaitable[operations_pb2.ListOperationsResponse]], + ]: + raise NotImplementedError() + + @property + def get_operation( + self, + ) -> Callable[ + [operations_pb2.GetOperationRequest], + Union[operations_pb2.Operation, Awaitable[operations_pb2.Operation]], + ]: + raise NotImplementedError() + + @property + def delete_operation( + self, + ) -> Callable[ + [operations_pb2.DeleteOperationRequest], + None, + ]: + raise NotImplementedError() + + @property + def get_location(self, + ) -> Callable[ + [locations_pb2.GetLocationRequest], + Union[locations_pb2.Location, Awaitable[locations_pb2.Location]], + ]: + raise NotImplementedError() + + @property + def list_locations(self, + ) -> Callable[ + [locations_pb2.ListLocationsRequest], + Union[locations_pb2.ListLocationsResponse, Awaitable[locations_pb2.ListLocationsResponse]], + ]: + raise NotImplementedError() + + @property + def kind(self) -> str: + raise NotImplementedError() + + +__all__ = ( + 'PrivilegedAccessManagerTransport', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc.py new file mode 100644 index 000000000000..a330fcf8a5e0 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc.py @@ -0,0 +1,852 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import json +import logging as std_logging +import pickle +import warnings +from typing import Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import grpc_helpers +from google.api_core import operations_v1 +from google.api_core import gapic_v1 +import google.auth # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.protobuf.json_format import MessageToJson +import google.protobuf.message + +import grpc # type: ignore +import proto # type: ignore + +from google.cloud.location import locations_pb2 # type: ignore +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager +from google.longrunning import operations_pb2 # type: ignore +from .base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO + +try: + from google.api_core import client_logging # type: ignore + CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER +except ImportError: # pragma: NO COVER + CLIENT_LOGGING_SUPPORTED = False + +_LOGGER = std_logging.getLogger(__name__) + + +class _LoggingClientInterceptor(grpc.UnaryUnaryClientInterceptor): # pragma: NO COVER + def intercept_unary_unary(self, continuation, client_call_details, request): + logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(std_logging.DEBUG) + if logging_enabled: # pragma: NO COVER + request_metadata = client_call_details.metadata + if isinstance(request, proto.Message): + request_payload = type(request).to_json(request) + elif isinstance(request, google.protobuf.message.Message): + request_payload = MessageToJson(request) + else: + request_payload = f"{type(request).__name__}: {pickle.dumps(request)}" + + request_metadata = { + key: value.decode("utf-8") if isinstance(value, bytes) else value + for key, value in request_metadata + } + grpc_request = { + "payload": request_payload, + "requestMethod": "grpc", + "metadata": dict(request_metadata), + } + _LOGGER.debug( + f"Sending request for {client_call_details.method}", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": str(client_call_details.method), + "request": grpc_request, + "metadata": grpc_request["metadata"], + }, + ) + response = continuation(client_call_details, request) + if logging_enabled: # pragma: NO COVER + response_metadata = response.trailing_metadata() + # Convert gRPC metadata `` to list of tuples + metadata = dict([(k, str(v)) for k, v in response_metadata]) if response_metadata else None + result = response.result() + if isinstance(result, proto.Message): + response_payload = type(result).to_json(result) + elif isinstance(result, google.protobuf.message.Message): + response_payload = MessageToJson(result) + else: + response_payload = f"{type(result).__name__}: {pickle.dumps(result)}" + grpc_response = { + "payload": response_payload, + "metadata": metadata, + "status": "OK", + } + _LOGGER.debug( + f"Received response for {client_call_details.method}.", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": client_call_details.method, + "response": grpc_response, + "metadata": grpc_response["metadata"], + }, + ) + return response + + +class PrivilegedAccessManagerGrpcTransport(PrivilegedAccessManagerTransport): + """gRPC backend transport for PrivilegedAccessManager. + + This API allows customers to manage temporary, request based + privileged access to their resources. + + It defines the following resource model: + + - A collection of ``Entitlement`` resources. An entitlement allows + configuring (among other things): + + - Some kind of privileged access that users can request. + - A set of users called *requesters* who can request this + access. + - A maximum duration for which the access can be requested. + - An optional approval workflow which must be satisfied before + access is granted. + + - A collection of ``Grant`` resources. A grant is a request by a + requester to get the privileged access specified in an + entitlement for some duration. + + After the approval workflow as specified in the entitlement is + satisfied, the specified access is given to the requester. The + access is automatically taken back after the requested duration + is over. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + _stubs: Dict[str, Callable] + + def __init__(self, *, + host: str = 'privilegedaccessmanager.googleapis.com', + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]] = None, + api_mtls_endpoint: Optional[str] = None, + client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None, + ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None, + client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if a ``channel`` instance is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if a ``channel`` instance is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if a ``channel`` instance is provided. + channel (Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]]): + A ``Channel`` instance through which to make calls, or a Callable + that constructs and returns one. If set to None, ``self.create_channel`` + is used to create the channel. If a Callable is given, it will be called + with the same arguments as used in ``self.create_channel``. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or application default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for the grpc channel. It is ignored if a ``channel`` instance is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure a mutual TLS channel. It is + ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client: Optional[operations_v1.OperationsClient] = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if isinstance(channel, grpc.Channel): + # Ignore credentials if a channel was passed. + credentials = None + self._ignore_credentials = True + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, + ) + + if not self._grpc_channel: + # initialize with the provided callable or the default channel + channel_init = channel or type(self).create_channel + self._grpc_channel = channel_init( + self._host, + # use the credentials which are saved + credentials=self._credentials, + # Set ``credentials_file`` to ``None`` here as + # the credentials that we saved earlier should be used. + credentials_file=None, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + self._interceptor = _LoggingClientInterceptor() + self._logged_channel = grpc.intercept_channel(self._grpc_channel, self._interceptor) + + # Wrap messages. This must be done after self._logged_channel exists + self._prep_wrapped_messages(client_info) + + @classmethod + def create_channel(cls, + host: str = 'privilegedaccessmanager.googleapis.com', + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs) -> grpc.Channel: + """Create and return a gRPC channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + grpc.Channel: A gRPC channel object. + + Raises: + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + + return grpc_helpers.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs + ) + + @property + def grpc_channel(self) -> grpc.Channel: + """Return the channel designed to connect to this service. + """ + return self._grpc_channel + + @property + def operations_client(self) -> operations_v1.OperationsClient: + """Create the client designed to process long-running operations. + + This property caches on the instance; repeated calls return the same + client. + """ + # Quick check: Only create a new client if we do not already have one. + if self._operations_client is None: + self._operations_client = operations_v1.OperationsClient( + self._logged_channel + ) + + # Return the client from cache. + return self._operations_client + + @property + def check_onboarding_status(self) -> Callable[ + [privilegedaccessmanager.CheckOnboardingStatusRequest], + privilegedaccessmanager.CheckOnboardingStatusResponse]: + r"""Return a callable for the check onboarding status method over gRPC. + + ``CheckOnboardingStatus`` reports the onboarding status for a + project/folder/organization. Any findings reported by this API + need to be fixed before PAM can be used on the resource. + + Returns: + Callable[[~.CheckOnboardingStatusRequest], + ~.CheckOnboardingStatusResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'check_onboarding_status' not in self._stubs: + self._stubs['check_onboarding_status'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CheckOnboardingStatus', + request_serializer=privilegedaccessmanager.CheckOnboardingStatusRequest.serialize, + response_deserializer=privilegedaccessmanager.CheckOnboardingStatusResponse.deserialize, + ) + return self._stubs['check_onboarding_status'] + + @property + def list_entitlements(self) -> Callable[ + [privilegedaccessmanager.ListEntitlementsRequest], + privilegedaccessmanager.ListEntitlementsResponse]: + r"""Return a callable for the list entitlements method over gRPC. + + Lists entitlements in a given + project/folder/organization and location. + + Returns: + Callable[[~.ListEntitlementsRequest], + ~.ListEntitlementsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'list_entitlements' not in self._stubs: + self._stubs['list_entitlements'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ListEntitlements', + request_serializer=privilegedaccessmanager.ListEntitlementsRequest.serialize, + response_deserializer=privilegedaccessmanager.ListEntitlementsResponse.deserialize, + ) + return self._stubs['list_entitlements'] + + @property + def search_entitlements(self) -> Callable[ + [privilegedaccessmanager.SearchEntitlementsRequest], + privilegedaccessmanager.SearchEntitlementsResponse]: + r"""Return a callable for the search entitlements method over gRPC. + + ``SearchEntitlements`` returns entitlements on which the caller + has the specified access. + + Returns: + Callable[[~.SearchEntitlementsRequest], + ~.SearchEntitlementsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'search_entitlements' not in self._stubs: + self._stubs['search_entitlements'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/SearchEntitlements', + request_serializer=privilegedaccessmanager.SearchEntitlementsRequest.serialize, + response_deserializer=privilegedaccessmanager.SearchEntitlementsResponse.deserialize, + ) + return self._stubs['search_entitlements'] + + @property + def get_entitlement(self) -> Callable[ + [privilegedaccessmanager.GetEntitlementRequest], + privilegedaccessmanager.Entitlement]: + r"""Return a callable for the get entitlement method over gRPC. + + Gets details of a single entitlement. + + Returns: + Callable[[~.GetEntitlementRequest], + ~.Entitlement]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_entitlement' not in self._stubs: + self._stubs['get_entitlement'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/GetEntitlement', + request_serializer=privilegedaccessmanager.GetEntitlementRequest.serialize, + response_deserializer=privilegedaccessmanager.Entitlement.deserialize, + ) + return self._stubs['get_entitlement'] + + @property + def create_entitlement(self) -> Callable[ + [privilegedaccessmanager.CreateEntitlementRequest], + operations_pb2.Operation]: + r"""Return a callable for the create entitlement method over gRPC. + + Creates a new entitlement in a given + project/folder/organization and location. + + Returns: + Callable[[~.CreateEntitlementRequest], + ~.Operation]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'create_entitlement' not in self._stubs: + self._stubs['create_entitlement'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CreateEntitlement', + request_serializer=privilegedaccessmanager.CreateEntitlementRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs['create_entitlement'] + + @property + def delete_entitlement(self) -> Callable[ + [privilegedaccessmanager.DeleteEntitlementRequest], + operations_pb2.Operation]: + r"""Return a callable for the delete entitlement method over gRPC. + + Deletes a single entitlement. This method can only be called + when there are no in-progress + (``ACTIVE``/``ACTIVATING``/``REVOKING``) grants under the + entitlement. + + Returns: + Callable[[~.DeleteEntitlementRequest], + ~.Operation]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'delete_entitlement' not in self._stubs: + self._stubs['delete_entitlement'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/DeleteEntitlement', + request_serializer=privilegedaccessmanager.DeleteEntitlementRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs['delete_entitlement'] + + @property + def update_entitlement(self) -> Callable[ + [privilegedaccessmanager.UpdateEntitlementRequest], + operations_pb2.Operation]: + r"""Return a callable for the update entitlement method over gRPC. + + Updates the entitlement specified in the request. Updated fields + in the entitlement need to be specified in an update mask. The + changes made to an entitlement are applicable only on future + grants of the entitlement. However, if new approvers are added + or existing approvers are removed from the approval workflow, + the changes are effective on existing grants. + + The following fields are not supported for updates: + + - All immutable fields + - Entitlement name + - Resource name + - Resource type + - Adding an approval workflow in an entitlement which + previously had no approval workflow. + - Deleting the approval workflow from an entitlement. + - Adding or deleting a step in the approval workflow (only one + step is supported) + + Note that updates are allowed on the list of approvers in an + approval workflow step. + + Returns: + Callable[[~.UpdateEntitlementRequest], + ~.Operation]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'update_entitlement' not in self._stubs: + self._stubs['update_entitlement'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/UpdateEntitlement', + request_serializer=privilegedaccessmanager.UpdateEntitlementRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs['update_entitlement'] + + @property + def list_grants(self) -> Callable[ + [privilegedaccessmanager.ListGrantsRequest], + privilegedaccessmanager.ListGrantsResponse]: + r"""Return a callable for the list grants method over gRPC. + + Lists grants for a given entitlement. + + Returns: + Callable[[~.ListGrantsRequest], + ~.ListGrantsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'list_grants' not in self._stubs: + self._stubs['list_grants'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ListGrants', + request_serializer=privilegedaccessmanager.ListGrantsRequest.serialize, + response_deserializer=privilegedaccessmanager.ListGrantsResponse.deserialize, + ) + return self._stubs['list_grants'] + + @property + def search_grants(self) -> Callable[ + [privilegedaccessmanager.SearchGrantsRequest], + privilegedaccessmanager.SearchGrantsResponse]: + r"""Return a callable for the search grants method over gRPC. + + ``SearchGrants`` returns grants that are related to the calling + user in the specified way. + + Returns: + Callable[[~.SearchGrantsRequest], + ~.SearchGrantsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'search_grants' not in self._stubs: + self._stubs['search_grants'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/SearchGrants', + request_serializer=privilegedaccessmanager.SearchGrantsRequest.serialize, + response_deserializer=privilegedaccessmanager.SearchGrantsResponse.deserialize, + ) + return self._stubs['search_grants'] + + @property + def get_grant(self) -> Callable[ + [privilegedaccessmanager.GetGrantRequest], + privilegedaccessmanager.Grant]: + r"""Return a callable for the get grant method over gRPC. + + Get details of a single grant. + + Returns: + Callable[[~.GetGrantRequest], + ~.Grant]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_grant' not in self._stubs: + self._stubs['get_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/GetGrant', + request_serializer=privilegedaccessmanager.GetGrantRequest.serialize, + response_deserializer=privilegedaccessmanager.Grant.deserialize, + ) + return self._stubs['get_grant'] + + @property + def create_grant(self) -> Callable[ + [privilegedaccessmanager.CreateGrantRequest], + privilegedaccessmanager.Grant]: + r"""Return a callable for the create grant method over gRPC. + + Creates a new grant in a given + project/folder/organization and location. + + Returns: + Callable[[~.CreateGrantRequest], + ~.Grant]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'create_grant' not in self._stubs: + self._stubs['create_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CreateGrant', + request_serializer=privilegedaccessmanager.CreateGrantRequest.serialize, + response_deserializer=privilegedaccessmanager.Grant.deserialize, + ) + return self._stubs['create_grant'] + + @property + def approve_grant(self) -> Callable[ + [privilegedaccessmanager.ApproveGrantRequest], + privilegedaccessmanager.Grant]: + r"""Return a callable for the approve grant method over gRPC. + + ``ApproveGrant`` is used to approve a grant. This method can + only be called on a grant when it's in the ``APPROVAL_AWAITED`` + state. This operation can't be undone. + + Returns: + Callable[[~.ApproveGrantRequest], + ~.Grant]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'approve_grant' not in self._stubs: + self._stubs['approve_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ApproveGrant', + request_serializer=privilegedaccessmanager.ApproveGrantRequest.serialize, + response_deserializer=privilegedaccessmanager.Grant.deserialize, + ) + return self._stubs['approve_grant'] + + @property + def deny_grant(self) -> Callable[ + [privilegedaccessmanager.DenyGrantRequest], + privilegedaccessmanager.Grant]: + r"""Return a callable for the deny grant method over gRPC. + + ``DenyGrant`` is used to deny a grant. This method can only be + called on a grant when it's in the ``APPROVAL_AWAITED`` state. + This operation can't be undone. + + Returns: + Callable[[~.DenyGrantRequest], + ~.Grant]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'deny_grant' not in self._stubs: + self._stubs['deny_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/DenyGrant', + request_serializer=privilegedaccessmanager.DenyGrantRequest.serialize, + response_deserializer=privilegedaccessmanager.Grant.deserialize, + ) + return self._stubs['deny_grant'] + + @property + def revoke_grant(self) -> Callable[ + [privilegedaccessmanager.RevokeGrantRequest], + operations_pb2.Operation]: + r"""Return a callable for the revoke grant method over gRPC. + + ``RevokeGrant`` is used to immediately revoke access for a + grant. This method can be called when the grant is in a + non-terminal state. + + Returns: + Callable[[~.RevokeGrantRequest], + ~.Operation]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'revoke_grant' not in self._stubs: + self._stubs['revoke_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/RevokeGrant', + request_serializer=privilegedaccessmanager.RevokeGrantRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs['revoke_grant'] + + def close(self): + self._logged_channel.close() + + @property + def delete_operation( + self, + ) -> Callable[[operations_pb2.DeleteOperationRequest], None]: + r"""Return a callable for the delete_operation method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "delete_operation" not in self._stubs: + self._stubs["delete_operation"] = self._logged_channel.unary_unary( + "/google.longrunning.Operations/DeleteOperation", + request_serializer=operations_pb2.DeleteOperationRequest.SerializeToString, + response_deserializer=None, + ) + return self._stubs["delete_operation"] + + @property + def get_operation( + self, + ) -> Callable[[operations_pb2.GetOperationRequest], operations_pb2.Operation]: + r"""Return a callable for the get_operation method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_operation" not in self._stubs: + self._stubs["get_operation"] = self._logged_channel.unary_unary( + "/google.longrunning.Operations/GetOperation", + request_serializer=operations_pb2.GetOperationRequest.SerializeToString, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["get_operation"] + + @property + def list_operations( + self, + ) -> Callable[[operations_pb2.ListOperationsRequest], operations_pb2.ListOperationsResponse]: + r"""Return a callable for the list_operations method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_operations" not in self._stubs: + self._stubs["list_operations"] = self._logged_channel.unary_unary( + "/google.longrunning.Operations/ListOperations", + request_serializer=operations_pb2.ListOperationsRequest.SerializeToString, + response_deserializer=operations_pb2.ListOperationsResponse.FromString, + ) + return self._stubs["list_operations"] + + @property + def list_locations( + self, + ) -> Callable[[locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse]: + r"""Return a callable for the list locations method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_locations" not in self._stubs: + self._stubs["list_locations"] = self._logged_channel.unary_unary( + "/google.cloud.location.Locations/ListLocations", + request_serializer=locations_pb2.ListLocationsRequest.SerializeToString, + response_deserializer=locations_pb2.ListLocationsResponse.FromString, + ) + return self._stubs["list_locations"] + + @property + def get_location( + self, + ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]: + r"""Return a callable for the list locations method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_location" not in self._stubs: + self._stubs["get_location"] = self._logged_channel.unary_unary( + "/google.cloud.location.Locations/GetLocation", + request_serializer=locations_pb2.GetLocationRequest.SerializeToString, + response_deserializer=locations_pb2.Location.FromString, + ) + return self._stubs["get_location"] + + @property + def kind(self) -> str: + return "grpc" + + +__all__ = ( + 'PrivilegedAccessManagerGrpcTransport', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc_asyncio.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc_asyncio.py new file mode 100644 index 000000000000..5c10ae7bfbb9 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc_asyncio.py @@ -0,0 +1,963 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import inspect +import json +import pickle +import logging as std_logging +import warnings +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union + +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers_async +from google.api_core import exceptions as core_exceptions +from google.api_core import retry_async as retries +from google.api_core import operations_v1 +from google.auth import credentials as ga_credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore +from google.protobuf.json_format import MessageToJson +import google.protobuf.message + +import grpc # type: ignore +import proto # type: ignore +from grpc.experimental import aio # type: ignore + +from google.cloud.location import locations_pb2 # type: ignore +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager +from google.longrunning import operations_pb2 # type: ignore +from .base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO +from .grpc import PrivilegedAccessManagerGrpcTransport + +try: + from google.api_core import client_logging # type: ignore + CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER +except ImportError: # pragma: NO COVER + CLIENT_LOGGING_SUPPORTED = False + +_LOGGER = std_logging.getLogger(__name__) + + +class _LoggingClientAIOInterceptor(grpc.aio.UnaryUnaryClientInterceptor): # pragma: NO COVER + async def intercept_unary_unary(self, continuation, client_call_details, request): + logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(std_logging.DEBUG) + if logging_enabled: # pragma: NO COVER + request_metadata = client_call_details.metadata + if isinstance(request, proto.Message): + request_payload = type(request).to_json(request) + elif isinstance(request, google.protobuf.message.Message): + request_payload = MessageToJson(request) + else: + request_payload = f"{type(request).__name__}: {pickle.dumps(request)}" + + request_metadata = { + key: value.decode("utf-8") if isinstance(value, bytes) else value + for key, value in request_metadata + } + grpc_request = { + "payload": request_payload, + "requestMethod": "grpc", + "metadata": dict(request_metadata), + } + _LOGGER.debug( + f"Sending request for {client_call_details.method}", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": str(client_call_details.method), + "request": grpc_request, + "metadata": grpc_request["metadata"], + }, + ) + response = await continuation(client_call_details, request) + if logging_enabled: # pragma: NO COVER + response_metadata = await response.trailing_metadata() + # Convert gRPC metadata `` to list of tuples + metadata = dict([(k, str(v)) for k, v in response_metadata]) if response_metadata else None + result = await response + if isinstance(result, proto.Message): + response_payload = type(result).to_json(result) + elif isinstance(result, google.protobuf.message.Message): + response_payload = MessageToJson(result) + else: + response_payload = f"{type(result).__name__}: {pickle.dumps(result)}" + grpc_response = { + "payload": response_payload, + "metadata": metadata, + "status": "OK", + } + _LOGGER.debug( + f"Received response to rpc {client_call_details.method}.", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": str(client_call_details.method), + "response": grpc_response, + "metadata": grpc_response["metadata"], + }, + ) + return response + + +class PrivilegedAccessManagerGrpcAsyncIOTransport(PrivilegedAccessManagerTransport): + """gRPC AsyncIO backend transport for PrivilegedAccessManager. + + This API allows customers to manage temporary, request based + privileged access to their resources. + + It defines the following resource model: + + - A collection of ``Entitlement`` resources. An entitlement allows + configuring (among other things): + + - Some kind of privileged access that users can request. + - A set of users called *requesters* who can request this + access. + - A maximum duration for which the access can be requested. + - An optional approval workflow which must be satisfied before + access is granted. + + - A collection of ``Grant`` resources. A grant is a request by a + requester to get the privileged access specified in an + entitlement for some duration. + + After the approval workflow as specified in the entitlement is + satisfied, the specified access is given to the requester. The + access is automatically taken back after the requested duration + is over. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _grpc_channel: aio.Channel + _stubs: Dict[str, Callable] = {} + + @classmethod + def create_channel(cls, + host: str = 'privilegedaccessmanager.googleapis.com', + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs) -> aio.Channel: + """Create and return a gRPC AsyncIO channel object. + Args: + host (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + aio.Channel: A gRPC AsyncIO channel object. + """ + + return grpc_helpers_async.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + quota_project_id=quota_project_id, + default_scopes=cls.AUTH_SCOPES, + scopes=scopes, + default_host=cls.DEFAULT_HOST, + **kwargs + ) + + def __init__(self, *, + host: str = 'privilegedaccessmanager.googleapis.com', + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: Optional[Union[aio.Channel, Callable[..., aio.Channel]]] = None, + api_mtls_endpoint: Optional[str] = None, + client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None, + ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None, + client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if a ``channel`` instance is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if a ``channel`` instance is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + channel (Optional[Union[aio.Channel, Callable[..., aio.Channel]]]): + A ``Channel`` instance through which to make calls, or a Callable + that constructs and returns one. If set to None, ``self.create_channel`` + is used to create the channel. If a Callable is given, it will be called + with the same arguments as used in ``self.create_channel``. + api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. + If provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or application default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): + Deprecated. A callback to provide client SSL certificate bytes and + private key bytes, both in PEM format. It is ignored if + ``api_mtls_endpoint`` is None. + ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials + for the grpc channel. It is ignored if a ``channel`` instance is provided. + client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): + A callback to provide client certificate bytes and private key bytes, + both in PEM format. It is used to configure a mutual TLS channel. It is + ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + self._grpc_channel = None + self._ssl_channel_credentials = ssl_channel_credentials + self._stubs: Dict[str, Callable] = {} + self._operations_client: Optional[operations_v1.OperationsAsyncClient] = None + + if api_mtls_endpoint: + warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) + if client_cert_source: + warnings.warn("client_cert_source is deprecated", DeprecationWarning) + + if isinstance(channel, aio.Channel): + # Ignore credentials if a channel was passed. + credentials = None + self._ignore_credentials = True + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + self._ssl_channel_credentials = None + else: + if api_mtls_endpoint: + host = api_mtls_endpoint + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + self._ssl_channel_credentials = SslCredentials().ssl_credentials + + else: + if client_cert_source_for_mtls and not ssl_channel_credentials: + cert, key = client_cert_source_for_mtls() + self._ssl_channel_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + + # The base transport sets the host, credentials and scopes + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience, + ) + + if not self._grpc_channel: + # initialize with the provided callable or the default channel + channel_init = channel or type(self).create_channel + self._grpc_channel = channel_init( + self._host, + # use the credentials which are saved + credentials=self._credentials, + # Set ``credentials_file`` to ``None`` here as + # the credentials that we saved earlier should be used. + credentials_file=None, + scopes=self._scopes, + ssl_credentials=self._ssl_channel_credentials, + quota_project_id=quota_project_id, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + self._interceptor = _LoggingClientAIOInterceptor() + self._grpc_channel._unary_unary_interceptors.append(self._interceptor) + self._logged_channel = self._grpc_channel + self._wrap_with_kind = "kind" in inspect.signature(gapic_v1.method_async.wrap_method).parameters + # Wrap messages. This must be done after self._logged_channel exists + self._prep_wrapped_messages(client_info) + + @property + def grpc_channel(self) -> aio.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Return the channel from cache. + return self._grpc_channel + + @property + def operations_client(self) -> operations_v1.OperationsAsyncClient: + """Create the client designed to process long-running operations. + + This property caches on the instance; repeated calls return the same + client. + """ + # Quick check: Only create a new client if we do not already have one. + if self._operations_client is None: + self._operations_client = operations_v1.OperationsAsyncClient( + self._logged_channel + ) + + # Return the client from cache. + return self._operations_client + + @property + def check_onboarding_status(self) -> Callable[ + [privilegedaccessmanager.CheckOnboardingStatusRequest], + Awaitable[privilegedaccessmanager.CheckOnboardingStatusResponse]]: + r"""Return a callable for the check onboarding status method over gRPC. + + ``CheckOnboardingStatus`` reports the onboarding status for a + project/folder/organization. Any findings reported by this API + need to be fixed before PAM can be used on the resource. + + Returns: + Callable[[~.CheckOnboardingStatusRequest], + Awaitable[~.CheckOnboardingStatusResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'check_onboarding_status' not in self._stubs: + self._stubs['check_onboarding_status'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CheckOnboardingStatus', + request_serializer=privilegedaccessmanager.CheckOnboardingStatusRequest.serialize, + response_deserializer=privilegedaccessmanager.CheckOnboardingStatusResponse.deserialize, + ) + return self._stubs['check_onboarding_status'] + + @property + def list_entitlements(self) -> Callable[ + [privilegedaccessmanager.ListEntitlementsRequest], + Awaitable[privilegedaccessmanager.ListEntitlementsResponse]]: + r"""Return a callable for the list entitlements method over gRPC. + + Lists entitlements in a given + project/folder/organization and location. + + Returns: + Callable[[~.ListEntitlementsRequest], + Awaitable[~.ListEntitlementsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'list_entitlements' not in self._stubs: + self._stubs['list_entitlements'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ListEntitlements', + request_serializer=privilegedaccessmanager.ListEntitlementsRequest.serialize, + response_deserializer=privilegedaccessmanager.ListEntitlementsResponse.deserialize, + ) + return self._stubs['list_entitlements'] + + @property + def search_entitlements(self) -> Callable[ + [privilegedaccessmanager.SearchEntitlementsRequest], + Awaitable[privilegedaccessmanager.SearchEntitlementsResponse]]: + r"""Return a callable for the search entitlements method over gRPC. + + ``SearchEntitlements`` returns entitlements on which the caller + has the specified access. + + Returns: + Callable[[~.SearchEntitlementsRequest], + Awaitable[~.SearchEntitlementsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'search_entitlements' not in self._stubs: + self._stubs['search_entitlements'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/SearchEntitlements', + request_serializer=privilegedaccessmanager.SearchEntitlementsRequest.serialize, + response_deserializer=privilegedaccessmanager.SearchEntitlementsResponse.deserialize, + ) + return self._stubs['search_entitlements'] + + @property + def get_entitlement(self) -> Callable[ + [privilegedaccessmanager.GetEntitlementRequest], + Awaitable[privilegedaccessmanager.Entitlement]]: + r"""Return a callable for the get entitlement method over gRPC. + + Gets details of a single entitlement. + + Returns: + Callable[[~.GetEntitlementRequest], + Awaitable[~.Entitlement]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_entitlement' not in self._stubs: + self._stubs['get_entitlement'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/GetEntitlement', + request_serializer=privilegedaccessmanager.GetEntitlementRequest.serialize, + response_deserializer=privilegedaccessmanager.Entitlement.deserialize, + ) + return self._stubs['get_entitlement'] + + @property + def create_entitlement(self) -> Callable[ + [privilegedaccessmanager.CreateEntitlementRequest], + Awaitable[operations_pb2.Operation]]: + r"""Return a callable for the create entitlement method over gRPC. + + Creates a new entitlement in a given + project/folder/organization and location. + + Returns: + Callable[[~.CreateEntitlementRequest], + Awaitable[~.Operation]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'create_entitlement' not in self._stubs: + self._stubs['create_entitlement'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CreateEntitlement', + request_serializer=privilegedaccessmanager.CreateEntitlementRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs['create_entitlement'] + + @property + def delete_entitlement(self) -> Callable[ + [privilegedaccessmanager.DeleteEntitlementRequest], + Awaitable[operations_pb2.Operation]]: + r"""Return a callable for the delete entitlement method over gRPC. + + Deletes a single entitlement. This method can only be called + when there are no in-progress + (``ACTIVE``/``ACTIVATING``/``REVOKING``) grants under the + entitlement. + + Returns: + Callable[[~.DeleteEntitlementRequest], + Awaitable[~.Operation]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'delete_entitlement' not in self._stubs: + self._stubs['delete_entitlement'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/DeleteEntitlement', + request_serializer=privilegedaccessmanager.DeleteEntitlementRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs['delete_entitlement'] + + @property + def update_entitlement(self) -> Callable[ + [privilegedaccessmanager.UpdateEntitlementRequest], + Awaitable[operations_pb2.Operation]]: + r"""Return a callable for the update entitlement method over gRPC. + + Updates the entitlement specified in the request. Updated fields + in the entitlement need to be specified in an update mask. The + changes made to an entitlement are applicable only on future + grants of the entitlement. However, if new approvers are added + or existing approvers are removed from the approval workflow, + the changes are effective on existing grants. + + The following fields are not supported for updates: + + - All immutable fields + - Entitlement name + - Resource name + - Resource type + - Adding an approval workflow in an entitlement which + previously had no approval workflow. + - Deleting the approval workflow from an entitlement. + - Adding or deleting a step in the approval workflow (only one + step is supported) + + Note that updates are allowed on the list of approvers in an + approval workflow step. + + Returns: + Callable[[~.UpdateEntitlementRequest], + Awaitable[~.Operation]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'update_entitlement' not in self._stubs: + self._stubs['update_entitlement'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/UpdateEntitlement', + request_serializer=privilegedaccessmanager.UpdateEntitlementRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs['update_entitlement'] + + @property + def list_grants(self) -> Callable[ + [privilegedaccessmanager.ListGrantsRequest], + Awaitable[privilegedaccessmanager.ListGrantsResponse]]: + r"""Return a callable for the list grants method over gRPC. + + Lists grants for a given entitlement. + + Returns: + Callable[[~.ListGrantsRequest], + Awaitable[~.ListGrantsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'list_grants' not in self._stubs: + self._stubs['list_grants'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ListGrants', + request_serializer=privilegedaccessmanager.ListGrantsRequest.serialize, + response_deserializer=privilegedaccessmanager.ListGrantsResponse.deserialize, + ) + return self._stubs['list_grants'] + + @property + def search_grants(self) -> Callable[ + [privilegedaccessmanager.SearchGrantsRequest], + Awaitable[privilegedaccessmanager.SearchGrantsResponse]]: + r"""Return a callable for the search grants method over gRPC. + + ``SearchGrants`` returns grants that are related to the calling + user in the specified way. + + Returns: + Callable[[~.SearchGrantsRequest], + Awaitable[~.SearchGrantsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'search_grants' not in self._stubs: + self._stubs['search_grants'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/SearchGrants', + request_serializer=privilegedaccessmanager.SearchGrantsRequest.serialize, + response_deserializer=privilegedaccessmanager.SearchGrantsResponse.deserialize, + ) + return self._stubs['search_grants'] + + @property + def get_grant(self) -> Callable[ + [privilegedaccessmanager.GetGrantRequest], + Awaitable[privilegedaccessmanager.Grant]]: + r"""Return a callable for the get grant method over gRPC. + + Get details of a single grant. + + Returns: + Callable[[~.GetGrantRequest], + Awaitable[~.Grant]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'get_grant' not in self._stubs: + self._stubs['get_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/GetGrant', + request_serializer=privilegedaccessmanager.GetGrantRequest.serialize, + response_deserializer=privilegedaccessmanager.Grant.deserialize, + ) + return self._stubs['get_grant'] + + @property + def create_grant(self) -> Callable[ + [privilegedaccessmanager.CreateGrantRequest], + Awaitable[privilegedaccessmanager.Grant]]: + r"""Return a callable for the create grant method over gRPC. + + Creates a new grant in a given + project/folder/organization and location. + + Returns: + Callable[[~.CreateGrantRequest], + Awaitable[~.Grant]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'create_grant' not in self._stubs: + self._stubs['create_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CreateGrant', + request_serializer=privilegedaccessmanager.CreateGrantRequest.serialize, + response_deserializer=privilegedaccessmanager.Grant.deserialize, + ) + return self._stubs['create_grant'] + + @property + def approve_grant(self) -> Callable[ + [privilegedaccessmanager.ApproveGrantRequest], + Awaitable[privilegedaccessmanager.Grant]]: + r"""Return a callable for the approve grant method over gRPC. + + ``ApproveGrant`` is used to approve a grant. This method can + only be called on a grant when it's in the ``APPROVAL_AWAITED`` + state. This operation can't be undone. + + Returns: + Callable[[~.ApproveGrantRequest], + Awaitable[~.Grant]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'approve_grant' not in self._stubs: + self._stubs['approve_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ApproveGrant', + request_serializer=privilegedaccessmanager.ApproveGrantRequest.serialize, + response_deserializer=privilegedaccessmanager.Grant.deserialize, + ) + return self._stubs['approve_grant'] + + @property + def deny_grant(self) -> Callable[ + [privilegedaccessmanager.DenyGrantRequest], + Awaitable[privilegedaccessmanager.Grant]]: + r"""Return a callable for the deny grant method over gRPC. + + ``DenyGrant`` is used to deny a grant. This method can only be + called on a grant when it's in the ``APPROVAL_AWAITED`` state. + This operation can't be undone. + + Returns: + Callable[[~.DenyGrantRequest], + Awaitable[~.Grant]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'deny_grant' not in self._stubs: + self._stubs['deny_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/DenyGrant', + request_serializer=privilegedaccessmanager.DenyGrantRequest.serialize, + response_deserializer=privilegedaccessmanager.Grant.deserialize, + ) + return self._stubs['deny_grant'] + + @property + def revoke_grant(self) -> Callable[ + [privilegedaccessmanager.RevokeGrantRequest], + Awaitable[operations_pb2.Operation]]: + r"""Return a callable for the revoke grant method over gRPC. + + ``RevokeGrant`` is used to immediately revoke access for a + grant. This method can be called when the grant is in a + non-terminal state. + + Returns: + Callable[[~.RevokeGrantRequest], + Awaitable[~.Operation]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if 'revoke_grant' not in self._stubs: + self._stubs['revoke_grant'] = self._logged_channel.unary_unary( + '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/RevokeGrant', + request_serializer=privilegedaccessmanager.RevokeGrantRequest.serialize, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs['revoke_grant'] + + def _prep_wrapped_messages(self, client_info): + """ Precompute the wrapped methods, overriding the base class method to use async wrappers.""" + self._wrapped_methods = { + self.check_onboarding_status: self._wrap_method( + self.check_onboarding_status, + default_timeout=None, + client_info=client_info, + ), + self.list_entitlements: self._wrap_method( + self.list_entitlements, + default_timeout=None, + client_info=client_info, + ), + self.search_entitlements: self._wrap_method( + self.search_entitlements, + default_timeout=None, + client_info=client_info, + ), + self.get_entitlement: self._wrap_method( + self.get_entitlement, + default_timeout=None, + client_info=client_info, + ), + self.create_entitlement: self._wrap_method( + self.create_entitlement, + default_timeout=None, + client_info=client_info, + ), + self.delete_entitlement: self._wrap_method( + self.delete_entitlement, + default_timeout=None, + client_info=client_info, + ), + self.update_entitlement: self._wrap_method( + self.update_entitlement, + default_timeout=None, + client_info=client_info, + ), + self.list_grants: self._wrap_method( + self.list_grants, + default_timeout=None, + client_info=client_info, + ), + self.search_grants: self._wrap_method( + self.search_grants, + default_timeout=None, + client_info=client_info, + ), + self.get_grant: self._wrap_method( + self.get_grant, + default_timeout=None, + client_info=client_info, + ), + self.create_grant: self._wrap_method( + self.create_grant, + default_timeout=None, + client_info=client_info, + ), + self.approve_grant: self._wrap_method( + self.approve_grant, + default_timeout=None, + client_info=client_info, + ), + self.deny_grant: self._wrap_method( + self.deny_grant, + default_timeout=None, + client_info=client_info, + ), + self.revoke_grant: self._wrap_method( + self.revoke_grant, + default_timeout=None, + client_info=client_info, + ), + self.get_location: self._wrap_method( + self.get_location, + default_timeout=None, + client_info=client_info, + ), + self.list_locations: self._wrap_method( + self.list_locations, + default_timeout=None, + client_info=client_info, + ), + self.delete_operation: self._wrap_method( + self.delete_operation, + default_timeout=None, + client_info=client_info, + ), + self.get_operation: self._wrap_method( + self.get_operation, + default_timeout=None, + client_info=client_info, + ), + self.list_operations: self._wrap_method( + self.list_operations, + default_timeout=None, + client_info=client_info, + ), + } + + def _wrap_method(self, func, *args, **kwargs): + if self._wrap_with_kind: # pragma: NO COVER + kwargs["kind"] = self.kind + return gapic_v1.method_async.wrap_method(func, *args, **kwargs) + + def close(self): + return self._logged_channel.close() + + @property + def kind(self) -> str: + return "grpc_asyncio" + + @property + def delete_operation( + self, + ) -> Callable[[operations_pb2.DeleteOperationRequest], None]: + r"""Return a callable for the delete_operation method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "delete_operation" not in self._stubs: + self._stubs["delete_operation"] = self._logged_channel.unary_unary( + "/google.longrunning.Operations/DeleteOperation", + request_serializer=operations_pb2.DeleteOperationRequest.SerializeToString, + response_deserializer=None, + ) + return self._stubs["delete_operation"] + + @property + def get_operation( + self, + ) -> Callable[[operations_pb2.GetOperationRequest], operations_pb2.Operation]: + r"""Return a callable for the get_operation method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_operation" not in self._stubs: + self._stubs["get_operation"] = self._logged_channel.unary_unary( + "/google.longrunning.Operations/GetOperation", + request_serializer=operations_pb2.GetOperationRequest.SerializeToString, + response_deserializer=operations_pb2.Operation.FromString, + ) + return self._stubs["get_operation"] + + @property + def list_operations( + self, + ) -> Callable[[operations_pb2.ListOperationsRequest], operations_pb2.ListOperationsResponse]: + r"""Return a callable for the list_operations method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_operations" not in self._stubs: + self._stubs["list_operations"] = self._logged_channel.unary_unary( + "/google.longrunning.Operations/ListOperations", + request_serializer=operations_pb2.ListOperationsRequest.SerializeToString, + response_deserializer=operations_pb2.ListOperationsResponse.FromString, + ) + return self._stubs["list_operations"] + + @property + def list_locations( + self, + ) -> Callable[[locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse]: + r"""Return a callable for the list locations method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_locations" not in self._stubs: + self._stubs["list_locations"] = self._logged_channel.unary_unary( + "/google.cloud.location.Locations/ListLocations", + request_serializer=locations_pb2.ListLocationsRequest.SerializeToString, + response_deserializer=locations_pb2.ListLocationsResponse.FromString, + ) + return self._stubs["list_locations"] + + @property + def get_location( + self, + ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]: + r"""Return a callable for the list locations method over gRPC. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_location" not in self._stubs: + self._stubs["get_location"] = self._logged_channel.unary_unary( + "/google.cloud.location.Locations/GetLocation", + request_serializer=locations_pb2.GetLocationRequest.SerializeToString, + response_deserializer=locations_pb2.Location.FromString, + ) + return self._stubs["get_location"] + + +__all__ = ( + 'PrivilegedAccessManagerGrpcAsyncIOTransport', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest.py new file mode 100644 index 000000000000..51cf90ec39a8 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest.py @@ -0,0 +1,3381 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import logging +import json # type: ignore + +from google.auth.transport.requests import AuthorizedSession # type: ignore +from google.auth import credentials as ga_credentials # type: ignore +from google.api_core import exceptions as core_exceptions +from google.api_core import retry as retries +from google.api_core import rest_helpers +from google.api_core import rest_streaming +from google.api_core import gapic_v1 +import google.protobuf + +from google.protobuf import json_format +from google.api_core import operations_v1 +from google.cloud.location import locations_pb2 # type: ignore + +from requests import __version__ as requests_version +import dataclasses +from typing import Any, Callable, Dict, List, Optional, Sequence, Tuple, Union +import warnings + + +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager +from google.longrunning import operations_pb2 # type: ignore + + +from .rest_base import _BasePrivilegedAccessManagerRestTransport +from .base import DEFAULT_CLIENT_INFO as BASE_DEFAULT_CLIENT_INFO + +try: + OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None] +except AttributeError: # pragma: NO COVER + OptionalRetry = Union[retries.Retry, object, None] # type: ignore + +try: + from google.api_core import client_logging # type: ignore + CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER +except ImportError: # pragma: NO COVER + CLIENT_LOGGING_SUPPORTED = False + +_LOGGER = logging.getLogger(__name__) + +DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( + gapic_version=BASE_DEFAULT_CLIENT_INFO.gapic_version, + grpc_version=None, + rest_version=f"requests@{requests_version}", +) + +if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER + DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__ + + +class PrivilegedAccessManagerRestInterceptor: + """Interceptor for PrivilegedAccessManager. + + Interceptors are used to manipulate requests, request metadata, and responses + in arbitrary ways. + Example use cases include: + * Logging + * Verifying requests according to service or custom semantics + * Stripping extraneous information from responses + + These use cases and more can be enabled by injecting an + instance of a custom subclass when constructing the PrivilegedAccessManagerRestTransport. + + .. code-block:: python + class MyCustomPrivilegedAccessManagerInterceptor(PrivilegedAccessManagerRestInterceptor): + def pre_approve_grant(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_approve_grant(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_check_onboarding_status(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_check_onboarding_status(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_entitlement(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_entitlement(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_create_grant(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_create_grant(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_delete_entitlement(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_delete_entitlement(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_deny_grant(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_deny_grant(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_entitlement(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_entitlement(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_get_grant(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_get_grant(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_entitlements(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_entitlements(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_list_grants(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_list_grants(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_revoke_grant(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_revoke_grant(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_search_entitlements(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_search_entitlements(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_search_grants(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_search_grants(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_update_entitlement(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_update_entitlement(self, response): + logging.log(f"Received response: {response}") + return response + + transport = PrivilegedAccessManagerRestTransport(interceptor=MyCustomPrivilegedAccessManagerInterceptor()) + client = PrivilegedAccessManagerClient(transport=transport) + + + """ + def pre_approve_grant(self, request: privilegedaccessmanager.ApproveGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ApproveGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for approve_grant + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_approve_grant(self, response: privilegedaccessmanager.Grant) -> privilegedaccessmanager.Grant: + """Post-rpc interceptor for approve_grant + + DEPRECATED. Please use the `post_approve_grant_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_approve_grant` interceptor runs + before the `post_approve_grant_with_metadata` interceptor. + """ + return response + + def post_approve_grant_with_metadata(self, response: privilegedaccessmanager.Grant, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Grant, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for approve_grant + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_approve_grant_with_metadata` + interceptor in new development instead of the `post_approve_grant` interceptor. + When both interceptors are used, this `post_approve_grant_with_metadata` interceptor runs after the + `post_approve_grant` interceptor. The (possibly modified) response returned by + `post_approve_grant` will be passed to + `post_approve_grant_with_metadata`. + """ + return response, metadata + + def pre_check_onboarding_status(self, request: privilegedaccessmanager.CheckOnboardingStatusRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.CheckOnboardingStatusRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for check_onboarding_status + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_check_onboarding_status(self, response: privilegedaccessmanager.CheckOnboardingStatusResponse) -> privilegedaccessmanager.CheckOnboardingStatusResponse: + """Post-rpc interceptor for check_onboarding_status + + DEPRECATED. Please use the `post_check_onboarding_status_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_check_onboarding_status` interceptor runs + before the `post_check_onboarding_status_with_metadata` interceptor. + """ + return response + + def post_check_onboarding_status_with_metadata(self, response: privilegedaccessmanager.CheckOnboardingStatusResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.CheckOnboardingStatusResponse, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for check_onboarding_status + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_check_onboarding_status_with_metadata` + interceptor in new development instead of the `post_check_onboarding_status` interceptor. + When both interceptors are used, this `post_check_onboarding_status_with_metadata` interceptor runs after the + `post_check_onboarding_status` interceptor. The (possibly modified) response returned by + `post_check_onboarding_status` will be passed to + `post_check_onboarding_status_with_metadata`. + """ + return response, metadata + + def pre_create_entitlement(self, request: privilegedaccessmanager.CreateEntitlementRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.CreateEntitlementRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for create_entitlement + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_create_entitlement(self, response: operations_pb2.Operation) -> operations_pb2.Operation: + """Post-rpc interceptor for create_entitlement + + DEPRECATED. Please use the `post_create_entitlement_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_create_entitlement` interceptor runs + before the `post_create_entitlement_with_metadata` interceptor. + """ + return response + + def post_create_entitlement_with_metadata(self, response: operations_pb2.Operation, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[operations_pb2.Operation, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for create_entitlement + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_create_entitlement_with_metadata` + interceptor in new development instead of the `post_create_entitlement` interceptor. + When both interceptors are used, this `post_create_entitlement_with_metadata` interceptor runs after the + `post_create_entitlement` interceptor. The (possibly modified) response returned by + `post_create_entitlement` will be passed to + `post_create_entitlement_with_metadata`. + """ + return response, metadata + + def pre_create_grant(self, request: privilegedaccessmanager.CreateGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.CreateGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for create_grant + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_create_grant(self, response: privilegedaccessmanager.Grant) -> privilegedaccessmanager.Grant: + """Post-rpc interceptor for create_grant + + DEPRECATED. Please use the `post_create_grant_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_create_grant` interceptor runs + before the `post_create_grant_with_metadata` interceptor. + """ + return response + + def post_create_grant_with_metadata(self, response: privilegedaccessmanager.Grant, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Grant, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for create_grant + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_create_grant_with_metadata` + interceptor in new development instead of the `post_create_grant` interceptor. + When both interceptors are used, this `post_create_grant_with_metadata` interceptor runs after the + `post_create_grant` interceptor. The (possibly modified) response returned by + `post_create_grant` will be passed to + `post_create_grant_with_metadata`. + """ + return response, metadata + + def pre_delete_entitlement(self, request: privilegedaccessmanager.DeleteEntitlementRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.DeleteEntitlementRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for delete_entitlement + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_delete_entitlement(self, response: operations_pb2.Operation) -> operations_pb2.Operation: + """Post-rpc interceptor for delete_entitlement + + DEPRECATED. Please use the `post_delete_entitlement_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_delete_entitlement` interceptor runs + before the `post_delete_entitlement_with_metadata` interceptor. + """ + return response + + def post_delete_entitlement_with_metadata(self, response: operations_pb2.Operation, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[operations_pb2.Operation, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for delete_entitlement + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_delete_entitlement_with_metadata` + interceptor in new development instead of the `post_delete_entitlement` interceptor. + When both interceptors are used, this `post_delete_entitlement_with_metadata` interceptor runs after the + `post_delete_entitlement` interceptor. The (possibly modified) response returned by + `post_delete_entitlement` will be passed to + `post_delete_entitlement_with_metadata`. + """ + return response, metadata + + def pre_deny_grant(self, request: privilegedaccessmanager.DenyGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.DenyGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for deny_grant + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_deny_grant(self, response: privilegedaccessmanager.Grant) -> privilegedaccessmanager.Grant: + """Post-rpc interceptor for deny_grant + + DEPRECATED. Please use the `post_deny_grant_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_deny_grant` interceptor runs + before the `post_deny_grant_with_metadata` interceptor. + """ + return response + + def post_deny_grant_with_metadata(self, response: privilegedaccessmanager.Grant, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Grant, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for deny_grant + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_deny_grant_with_metadata` + interceptor in new development instead of the `post_deny_grant` interceptor. + When both interceptors are used, this `post_deny_grant_with_metadata` interceptor runs after the + `post_deny_grant` interceptor. The (possibly modified) response returned by + `post_deny_grant` will be passed to + `post_deny_grant_with_metadata`. + """ + return response, metadata + + def pre_get_entitlement(self, request: privilegedaccessmanager.GetEntitlementRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.GetEntitlementRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for get_entitlement + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_get_entitlement(self, response: privilegedaccessmanager.Entitlement) -> privilegedaccessmanager.Entitlement: + """Post-rpc interceptor for get_entitlement + + DEPRECATED. Please use the `post_get_entitlement_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_get_entitlement` interceptor runs + before the `post_get_entitlement_with_metadata` interceptor. + """ + return response + + def post_get_entitlement_with_metadata(self, response: privilegedaccessmanager.Entitlement, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Entitlement, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for get_entitlement + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_get_entitlement_with_metadata` + interceptor in new development instead of the `post_get_entitlement` interceptor. + When both interceptors are used, this `post_get_entitlement_with_metadata` interceptor runs after the + `post_get_entitlement` interceptor. The (possibly modified) response returned by + `post_get_entitlement` will be passed to + `post_get_entitlement_with_metadata`. + """ + return response, metadata + + def pre_get_grant(self, request: privilegedaccessmanager.GetGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.GetGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for get_grant + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_get_grant(self, response: privilegedaccessmanager.Grant) -> privilegedaccessmanager.Grant: + """Post-rpc interceptor for get_grant + + DEPRECATED. Please use the `post_get_grant_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_get_grant` interceptor runs + before the `post_get_grant_with_metadata` interceptor. + """ + return response + + def post_get_grant_with_metadata(self, response: privilegedaccessmanager.Grant, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Grant, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for get_grant + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_get_grant_with_metadata` + interceptor in new development instead of the `post_get_grant` interceptor. + When both interceptors are used, this `post_get_grant_with_metadata` interceptor runs after the + `post_get_grant` interceptor. The (possibly modified) response returned by + `post_get_grant` will be passed to + `post_get_grant_with_metadata`. + """ + return response, metadata + + def pre_list_entitlements(self, request: privilegedaccessmanager.ListEntitlementsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ListEntitlementsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for list_entitlements + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_list_entitlements(self, response: privilegedaccessmanager.ListEntitlementsResponse) -> privilegedaccessmanager.ListEntitlementsResponse: + """Post-rpc interceptor for list_entitlements + + DEPRECATED. Please use the `post_list_entitlements_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_list_entitlements` interceptor runs + before the `post_list_entitlements_with_metadata` interceptor. + """ + return response + + def post_list_entitlements_with_metadata(self, response: privilegedaccessmanager.ListEntitlementsResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ListEntitlementsResponse, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for list_entitlements + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_list_entitlements_with_metadata` + interceptor in new development instead of the `post_list_entitlements` interceptor. + When both interceptors are used, this `post_list_entitlements_with_metadata` interceptor runs after the + `post_list_entitlements` interceptor. The (possibly modified) response returned by + `post_list_entitlements` will be passed to + `post_list_entitlements_with_metadata`. + """ + return response, metadata + + def pre_list_grants(self, request: privilegedaccessmanager.ListGrantsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ListGrantsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for list_grants + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_list_grants(self, response: privilegedaccessmanager.ListGrantsResponse) -> privilegedaccessmanager.ListGrantsResponse: + """Post-rpc interceptor for list_grants + + DEPRECATED. Please use the `post_list_grants_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_list_grants` interceptor runs + before the `post_list_grants_with_metadata` interceptor. + """ + return response + + def post_list_grants_with_metadata(self, response: privilegedaccessmanager.ListGrantsResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ListGrantsResponse, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for list_grants + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_list_grants_with_metadata` + interceptor in new development instead of the `post_list_grants` interceptor. + When both interceptors are used, this `post_list_grants_with_metadata` interceptor runs after the + `post_list_grants` interceptor. The (possibly modified) response returned by + `post_list_grants` will be passed to + `post_list_grants_with_metadata`. + """ + return response, metadata + + def pre_revoke_grant(self, request: privilegedaccessmanager.RevokeGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.RevokeGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for revoke_grant + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_revoke_grant(self, response: operations_pb2.Operation) -> operations_pb2.Operation: + """Post-rpc interceptor for revoke_grant + + DEPRECATED. Please use the `post_revoke_grant_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_revoke_grant` interceptor runs + before the `post_revoke_grant_with_metadata` interceptor. + """ + return response + + def post_revoke_grant_with_metadata(self, response: operations_pb2.Operation, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[operations_pb2.Operation, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for revoke_grant + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_revoke_grant_with_metadata` + interceptor in new development instead of the `post_revoke_grant` interceptor. + When both interceptors are used, this `post_revoke_grant_with_metadata` interceptor runs after the + `post_revoke_grant` interceptor. The (possibly modified) response returned by + `post_revoke_grant` will be passed to + `post_revoke_grant_with_metadata`. + """ + return response, metadata + + def pre_search_entitlements(self, request: privilegedaccessmanager.SearchEntitlementsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.SearchEntitlementsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for search_entitlements + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_search_entitlements(self, response: privilegedaccessmanager.SearchEntitlementsResponse) -> privilegedaccessmanager.SearchEntitlementsResponse: + """Post-rpc interceptor for search_entitlements + + DEPRECATED. Please use the `post_search_entitlements_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_search_entitlements` interceptor runs + before the `post_search_entitlements_with_metadata` interceptor. + """ + return response + + def post_search_entitlements_with_metadata(self, response: privilegedaccessmanager.SearchEntitlementsResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.SearchEntitlementsResponse, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for search_entitlements + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_search_entitlements_with_metadata` + interceptor in new development instead of the `post_search_entitlements` interceptor. + When both interceptors are used, this `post_search_entitlements_with_metadata` interceptor runs after the + `post_search_entitlements` interceptor. The (possibly modified) response returned by + `post_search_entitlements` will be passed to + `post_search_entitlements_with_metadata`. + """ + return response, metadata + + def pre_search_grants(self, request: privilegedaccessmanager.SearchGrantsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.SearchGrantsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for search_grants + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_search_grants(self, response: privilegedaccessmanager.SearchGrantsResponse) -> privilegedaccessmanager.SearchGrantsResponse: + """Post-rpc interceptor for search_grants + + DEPRECATED. Please use the `post_search_grants_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_search_grants` interceptor runs + before the `post_search_grants_with_metadata` interceptor. + """ + return response + + def post_search_grants_with_metadata(self, response: privilegedaccessmanager.SearchGrantsResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.SearchGrantsResponse, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for search_grants + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_search_grants_with_metadata` + interceptor in new development instead of the `post_search_grants` interceptor. + When both interceptors are used, this `post_search_grants_with_metadata` interceptor runs after the + `post_search_grants` interceptor. The (possibly modified) response returned by + `post_search_grants` will be passed to + `post_search_grants_with_metadata`. + """ + return response, metadata + + def pre_update_entitlement(self, request: privilegedaccessmanager.UpdateEntitlementRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.UpdateEntitlementRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for update_entitlement + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_update_entitlement(self, response: operations_pb2.Operation) -> operations_pb2.Operation: + """Post-rpc interceptor for update_entitlement + + DEPRECATED. Please use the `post_update_entitlement_with_metadata` + interceptor instead. + + Override in a subclass to read or manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. This `post_update_entitlement` interceptor runs + before the `post_update_entitlement_with_metadata` interceptor. + """ + return response + + def post_update_entitlement_with_metadata(self, response: operations_pb2.Operation, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[operations_pb2.Operation, Sequence[Tuple[str, Union[str, bytes]]]]: + """Post-rpc interceptor for update_entitlement + + Override in a subclass to read or manipulate the response or metadata after it + is returned by the PrivilegedAccessManager server but before it is returned to user code. + + We recommend only using this `post_update_entitlement_with_metadata` + interceptor in new development instead of the `post_update_entitlement` interceptor. + When both interceptors are used, this `post_update_entitlement_with_metadata` interceptor runs after the + `post_update_entitlement` interceptor. The (possibly modified) response returned by + `post_update_entitlement` will be passed to + `post_update_entitlement_with_metadata`. + """ + return response, metadata + + def pre_get_location( + self, request: locations_pb2.GetLocationRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] + ) -> Tuple[locations_pb2.GetLocationRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for get_location + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_get_location( + self, response: locations_pb2.Location + ) -> locations_pb2.Location: + """Post-rpc interceptor for get_location + + Override in a subclass to manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. + """ + return response + + def pre_list_locations( + self, request: locations_pb2.ListLocationsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] + ) -> Tuple[locations_pb2.ListLocationsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for list_locations + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_list_locations( + self, response: locations_pb2.ListLocationsResponse + ) -> locations_pb2.ListLocationsResponse: + """Post-rpc interceptor for list_locations + + Override in a subclass to manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. + """ + return response + + def pre_delete_operation( + self, request: operations_pb2.DeleteOperationRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] + ) -> Tuple[operations_pb2.DeleteOperationRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for delete_operation + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_delete_operation( + self, response: None + ) -> None: + """Post-rpc interceptor for delete_operation + + Override in a subclass to manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. + """ + return response + + def pre_get_operation( + self, request: operations_pb2.GetOperationRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] + ) -> Tuple[operations_pb2.GetOperationRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for get_operation + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_get_operation( + self, response: operations_pb2.Operation + ) -> operations_pb2.Operation: + """Post-rpc interceptor for get_operation + + Override in a subclass to manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. + """ + return response + + def pre_list_operations( + self, request: operations_pb2.ListOperationsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] + ) -> Tuple[operations_pb2.ListOperationsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: + """Pre-rpc interceptor for list_operations + + Override in a subclass to manipulate the request or metadata + before they are sent to the PrivilegedAccessManager server. + """ + return request, metadata + + def post_list_operations( + self, response: operations_pb2.ListOperationsResponse + ) -> operations_pb2.ListOperationsResponse: + """Post-rpc interceptor for list_operations + + Override in a subclass to manipulate the response + after it is returned by the PrivilegedAccessManager server but before + it is returned to user code. + """ + return response + + +@dataclasses.dataclass +class PrivilegedAccessManagerRestStub: + _session: AuthorizedSession + _host: str + _interceptor: PrivilegedAccessManagerRestInterceptor + + +class PrivilegedAccessManagerRestTransport(_BasePrivilegedAccessManagerRestTransport): + """REST backend synchronous transport for PrivilegedAccessManager. + + This API allows customers to manage temporary, request based + privileged access to their resources. + + It defines the following resource model: + + - A collection of ``Entitlement`` resources. An entitlement allows + configuring (among other things): + + - Some kind of privileged access that users can request. + - A set of users called *requesters* who can request this + access. + - A maximum duration for which the access can be requested. + - An optional approval workflow which must be satisfied before + access is granted. + + - A collection of ``Grant`` resources. A grant is a request by a + requester to get the privileged access specified in an + entitlement for some duration. + + After the approval workflow as specified in the entitlement is + satisfied, the specified access is given to the requester. The + access is automatically taken back after the requested duration + is over. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends JSON representations of protocol buffers over HTTP/1.1 + """ + + def __init__(self, *, + host: str = 'privilegedaccessmanager.googleapis.com', + credentials: Optional[ga_credentials.Credentials] = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + client_cert_source_for_mtls: Optional[Callable[[ + ], Tuple[bytes, bytes]]] = None, + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + url_scheme: str = 'https', + interceptor: Optional[PrivilegedAccessManagerRestInterceptor] = None, + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): + The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + client_cert_source_for_mtls (Callable[[], Tuple[bytes, bytes]]): Client + certificate to configure mutual TLS HTTP channel. It is ignored + if ``channel`` is provided. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you are developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + url_scheme: the protocol scheme for the API endpoint. Normally + "https", but for testing or local servers, + "http" can be specified. + """ + # Run the base constructor + # TODO(yon-mg): resolve other ctor params i.e. scopes, quota, etc. + # TODO: When custom host (api_endpoint) is set, `scopes` must *also* be set on the + # credentials object + super().__init__( + host=host, + credentials=credentials, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + url_scheme=url_scheme, + api_audience=api_audience + ) + self._session = AuthorizedSession( + self._credentials, default_host=self.DEFAULT_HOST) + self._operations_client: Optional[operations_v1.AbstractOperationsClient] = None + if client_cert_source_for_mtls: + self._session.configure_mtls_channel(client_cert_source_for_mtls) + self._interceptor = interceptor or PrivilegedAccessManagerRestInterceptor() + self._prep_wrapped_messages(client_info) + + @property + def operations_client(self) -> operations_v1.AbstractOperationsClient: + """Create the client designed to process long-running operations. + + This property caches on the instance; repeated calls return the same + client. + """ + # Only create a new client if we do not already have one. + if self._operations_client is None: + http_options: Dict[str, List[Dict[str, str]]] = { + 'google.longrunning.Operations.DeleteOperation': [ + { + 'method': 'delete', + 'uri': '/v1/{name=projects/*/locations/*/operations/*}', + }, + { + 'method': 'delete', + 'uri': '/v1/{name=organizations/*/locations/*/operations/*}', + }, + { + 'method': 'delete', + 'uri': '/v1/{name=folders/*/locations/*/operations/*}', + }, + ], + 'google.longrunning.Operations.GetOperation': [ + { + 'method': 'get', + 'uri': '/v1/{name=projects/*/locations/*/operations/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=organizations/*/locations/*/operations/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=folders/*/locations/*/operations/*}', + }, + ], + 'google.longrunning.Operations.ListOperations': [ + { + 'method': 'get', + 'uri': '/v1/{name=projects/*/locations/*}/operations', + }, + { + 'method': 'get', + 'uri': '/v1/{name=organizations/*/locations/*}/operations', + }, + { + 'method': 'get', + 'uri': '/v1/{name=folders/*/locations/*}/operations', + }, + ], + } + + rest_transport = operations_v1.OperationsRestTransport( + host=self._host, + # use the credentials which are saved + credentials=self._credentials, + scopes=self._scopes, + http_options=http_options, + path_prefix="v1") + + self._operations_client = operations_v1.AbstractOperationsClient(transport=rest_transport) + + # Return the client from cache. + return self._operations_client + + class _ApproveGrant(_BasePrivilegedAccessManagerRestTransport._BaseApproveGrant, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.ApproveGrant") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + return response + + def __call__(self, + request: privilegedaccessmanager.ApproveGrantRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.Grant: + r"""Call the approve grant method over HTTP. + + Args: + request (~.privilegedaccessmanager.ApproveGrantRequest): + The request object. Request message for ``ApproveGrant`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_http_options() + + request, metadata = self._interceptor.pre_approve_grant(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_transcoded_request(http_options, request) + + body = _BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_request_body_json(transcoded_request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ApproveGrant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ApproveGrant", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._ApproveGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.Grant() + pb_resp = privilegedaccessmanager.Grant.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_approve_grant(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_approve_grant_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.Grant.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.approve_grant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ApproveGrant", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _CheckOnboardingStatus(_BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.CheckOnboardingStatus") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: privilegedaccessmanager.CheckOnboardingStatusRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.CheckOnboardingStatusResponse: + r"""Call the check onboarding status method over HTTP. + + Args: + request (~.privilegedaccessmanager.CheckOnboardingStatusRequest): + The request object. Request message for ``CheckOnboardingStatus`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.CheckOnboardingStatusResponse: + Response message for ``CheckOnboardingStatus`` method. + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus._get_http_options() + + request, metadata = self._interceptor.pre_check_onboarding_status(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.CheckOnboardingStatus", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "CheckOnboardingStatus", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._CheckOnboardingStatus._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.CheckOnboardingStatusResponse() + pb_resp = privilegedaccessmanager.CheckOnboardingStatusResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_check_onboarding_status(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_check_onboarding_status_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.CheckOnboardingStatusResponse.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.check_onboarding_status", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "CheckOnboardingStatus", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _CreateEntitlement(_BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.CreateEntitlement") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + return response + + def __call__(self, + request: privilegedaccessmanager.CreateEntitlementRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> operations_pb2.Operation: + r"""Call the create entitlement method over HTTP. + + Args: + request (~.privilegedaccessmanager.CreateEntitlementRequest): + The request object. Message for creating an entitlement. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.operations_pb2.Operation: + This resource represents a + long-running operation that is the + result of a network API call. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_http_options() + + request, metadata = self._interceptor.pre_create_entitlement(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_transcoded_request(http_options, request) + + body = _BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_request_body_json(transcoded_request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.CreateEntitlement", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "CreateEntitlement", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._CreateEntitlement._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = operations_pb2.Operation() + json_format.Parse(response.content, resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_create_entitlement(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_create_entitlement_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = json_format.MessageToJson(resp) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.create_entitlement", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "CreateEntitlement", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _CreateGrant(_BasePrivilegedAccessManagerRestTransport._BaseCreateGrant, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.CreateGrant") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + return response + + def __call__(self, + request: privilegedaccessmanager.CreateGrantRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.Grant: + r"""Call the create grant method over HTTP. + + Args: + request (~.privilegedaccessmanager.CreateGrantRequest): + The request object. Message for creating a grant + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_http_options() + + request, metadata = self._interceptor.pre_create_grant(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_transcoded_request(http_options, request) + + body = _BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_request_body_json(transcoded_request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.CreateGrant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "CreateGrant", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._CreateGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.Grant() + pb_resp = privilegedaccessmanager.Grant.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_create_grant(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_create_grant_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.Grant.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.create_grant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "CreateGrant", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _DeleteEntitlement(_BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.DeleteEntitlement") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: privilegedaccessmanager.DeleteEntitlementRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> operations_pb2.Operation: + r"""Call the delete entitlement method over HTTP. + + Args: + request (~.privilegedaccessmanager.DeleteEntitlementRequest): + The request object. Message for deleting an entitlement. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.operations_pb2.Operation: + This resource represents a + long-running operation that is the + result of a network API call. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement._get_http_options() + + request, metadata = self._interceptor.pre_delete_entitlement(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.DeleteEntitlement", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "DeleteEntitlement", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._DeleteEntitlement._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = operations_pb2.Operation() + json_format.Parse(response.content, resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_delete_entitlement(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_delete_entitlement_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = json_format.MessageToJson(resp) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.delete_entitlement", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "DeleteEntitlement", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _DenyGrant(_BasePrivilegedAccessManagerRestTransport._BaseDenyGrant, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.DenyGrant") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + return response + + def __call__(self, + request: privilegedaccessmanager.DenyGrantRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.Grant: + r"""Call the deny grant method over HTTP. + + Args: + request (~.privilegedaccessmanager.DenyGrantRequest): + The request object. Request message for ``DenyGrant`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_http_options() + + request, metadata = self._interceptor.pre_deny_grant(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_transcoded_request(http_options, request) + + body = _BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_request_body_json(transcoded_request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.DenyGrant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "DenyGrant", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._DenyGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.Grant() + pb_resp = privilegedaccessmanager.Grant.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_deny_grant(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_deny_grant_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.Grant.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.deny_grant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "DenyGrant", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _GetEntitlement(_BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.GetEntitlement") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: privilegedaccessmanager.GetEntitlementRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.Entitlement: + r"""Call the get entitlement method over HTTP. + + Args: + request (~.privilegedaccessmanager.GetEntitlementRequest): + The request object. Message for getting an entitlement. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.Entitlement: + An entitlement defines the + eligibility of a set of users to obtain + predefined access for some time possibly + after going through an approval + workflow. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement._get_http_options() + + request, metadata = self._interceptor.pre_get_entitlement(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.GetEntitlement", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "GetEntitlement", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._GetEntitlement._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.Entitlement() + pb_resp = privilegedaccessmanager.Entitlement.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_get_entitlement(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_get_entitlement_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.Entitlement.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.get_entitlement", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "GetEntitlement", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _GetGrant(_BasePrivilegedAccessManagerRestTransport._BaseGetGrant, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.GetGrant") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: privilegedaccessmanager.GetGrantRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.Grant: + r"""Call the get grant method over HTTP. + + Args: + request (~.privilegedaccessmanager.GetGrantRequest): + The request object. Message for getting a grant. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.Grant: + A grant represents a request from a + user for obtaining the access specified + in an entitlement they are eligible for. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseGetGrant._get_http_options() + + request, metadata = self._interceptor.pre_get_grant(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseGetGrant._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseGetGrant._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.GetGrant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "GetGrant", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._GetGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.Grant() + pb_resp = privilegedaccessmanager.Grant.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_get_grant(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_get_grant_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.Grant.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.get_grant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "GetGrant", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _ListEntitlements(_BasePrivilegedAccessManagerRestTransport._BaseListEntitlements, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.ListEntitlements") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: privilegedaccessmanager.ListEntitlementsRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.ListEntitlementsResponse: + r"""Call the list entitlements method over HTTP. + + Args: + request (~.privilegedaccessmanager.ListEntitlementsRequest): + The request object. Message for requesting list of + entitlements. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.ListEntitlementsResponse: + Message for response to listing + entitlements. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseListEntitlements._get_http_options() + + request, metadata = self._interceptor.pre_list_entitlements(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseListEntitlements._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseListEntitlements._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ListEntitlements", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ListEntitlements", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._ListEntitlements._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.ListEntitlementsResponse() + pb_resp = privilegedaccessmanager.ListEntitlementsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_list_entitlements(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_list_entitlements_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.ListEntitlementsResponse.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.list_entitlements", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ListEntitlements", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _ListGrants(_BasePrivilegedAccessManagerRestTransport._BaseListGrants, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.ListGrants") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: privilegedaccessmanager.ListGrantsRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.ListGrantsResponse: + r"""Call the list grants method over HTTP. + + Args: + request (~.privilegedaccessmanager.ListGrantsRequest): + The request object. Message for requesting list of + grants. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.ListGrantsResponse: + Message for response to listing + grants. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseListGrants._get_http_options() + + request, metadata = self._interceptor.pre_list_grants(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseListGrants._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseListGrants._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ListGrants", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ListGrants", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._ListGrants._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.ListGrantsResponse() + pb_resp = privilegedaccessmanager.ListGrantsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_list_grants(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_list_grants_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.ListGrantsResponse.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.list_grants", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ListGrants", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _RevokeGrant(_BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.RevokeGrant") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + return response + + def __call__(self, + request: privilegedaccessmanager.RevokeGrantRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> operations_pb2.Operation: + r"""Call the revoke grant method over HTTP. + + Args: + request (~.privilegedaccessmanager.RevokeGrantRequest): + The request object. Request message for ``RevokeGrant`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.operations_pb2.Operation: + This resource represents a + long-running operation that is the + result of a network API call. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_http_options() + + request, metadata = self._interceptor.pre_revoke_grant(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_transcoded_request(http_options, request) + + body = _BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_request_body_json(transcoded_request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.RevokeGrant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "RevokeGrant", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._RevokeGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = operations_pb2.Operation() + json_format.Parse(response.content, resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_revoke_grant(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_revoke_grant_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = json_format.MessageToJson(resp) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.revoke_grant", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "RevokeGrant", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _SearchEntitlements(_BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.SearchEntitlements") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: privilegedaccessmanager.SearchEntitlementsRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.SearchEntitlementsResponse: + r"""Call the search entitlements method over HTTP. + + Args: + request (~.privilegedaccessmanager.SearchEntitlementsRequest): + The request object. Request message for ``SearchEntitlements`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.SearchEntitlementsResponse: + Response message for ``SearchEntitlements`` method. + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements._get_http_options() + + request, metadata = self._interceptor.pre_search_entitlements(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.SearchEntitlements", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "SearchEntitlements", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._SearchEntitlements._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.SearchEntitlementsResponse() + pb_resp = privilegedaccessmanager.SearchEntitlementsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_search_entitlements(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_search_entitlements_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.SearchEntitlementsResponse.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.search_entitlements", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "SearchEntitlements", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _SearchGrants(_BasePrivilegedAccessManagerRestTransport._BaseSearchGrants, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.SearchGrants") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: privilegedaccessmanager.SearchGrantsRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> privilegedaccessmanager.SearchGrantsResponse: + r"""Call the search grants method over HTTP. + + Args: + request (~.privilegedaccessmanager.SearchGrantsRequest): + The request object. Request message for ``SearchGrants`` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.privilegedaccessmanager.SearchGrantsResponse: + Response message for ``SearchGrants`` method. + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseSearchGrants._get_http_options() + + request, metadata = self._interceptor.pre_search_grants(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseSearchGrants._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseSearchGrants._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = type(request).to_json(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.SearchGrants", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "SearchGrants", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._SearchGrants._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = privilegedaccessmanager.SearchGrantsResponse() + pb_resp = privilegedaccessmanager.SearchGrantsResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_search_grants(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_search_grants_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = privilegedaccessmanager.SearchGrantsResponse.to_json(response) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.search_grants", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "SearchGrants", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + class _UpdateEntitlement(_BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.UpdateEntitlement") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + return response + + def __call__(self, + request: privilegedaccessmanager.UpdateEntitlementRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> operations_pb2.Operation: + r"""Call the update entitlement method over HTTP. + + Args: + request (~.privilegedaccessmanager.UpdateEntitlementRequest): + The request object. Message for updating an entitlement. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + ~.operations_pb2.Operation: + This resource represents a + long-running operation that is the + result of a network API call. + + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_http_options() + + request, metadata = self._interceptor.pre_update_entitlement(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_transcoded_request(http_options, request) + + body = _BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_request_body_json(transcoded_request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.UpdateEntitlement", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "UpdateEntitlement", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._UpdateEntitlement._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = operations_pb2.Operation() + json_format.Parse(response.content, resp, ignore_unknown_fields=True) + + resp = self._interceptor.post_update_entitlement(resp) + response_metadata = [(k, str(v)) for k, v in response.headers.items()] + resp, _ = self._interceptor.post_update_entitlement_with_metadata(resp, response_metadata) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = json_format.MessageToJson(resp) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.update_entitlement", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "UpdateEntitlement", + "metadata": http_response["headers"], + "httpResponse": http_response, + }, + ) + return resp + + @property + def approve_grant(self) -> Callable[ + [privilegedaccessmanager.ApproveGrantRequest], + privilegedaccessmanager.Grant]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ApproveGrant(self._session, self._host, self._interceptor) # type: ignore + + @property + def check_onboarding_status(self) -> Callable[ + [privilegedaccessmanager.CheckOnboardingStatusRequest], + privilegedaccessmanager.CheckOnboardingStatusResponse]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CheckOnboardingStatus(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_entitlement(self) -> Callable[ + [privilegedaccessmanager.CreateEntitlementRequest], + operations_pb2.Operation]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateEntitlement(self._session, self._host, self._interceptor) # type: ignore + + @property + def create_grant(self) -> Callable[ + [privilegedaccessmanager.CreateGrantRequest], + privilegedaccessmanager.Grant]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._CreateGrant(self._session, self._host, self._interceptor) # type: ignore + + @property + def delete_entitlement(self) -> Callable[ + [privilegedaccessmanager.DeleteEntitlementRequest], + operations_pb2.Operation]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._DeleteEntitlement(self._session, self._host, self._interceptor) # type: ignore + + @property + def deny_grant(self) -> Callable[ + [privilegedaccessmanager.DenyGrantRequest], + privilegedaccessmanager.Grant]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._DenyGrant(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_entitlement(self) -> Callable[ + [privilegedaccessmanager.GetEntitlementRequest], + privilegedaccessmanager.Entitlement]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetEntitlement(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_grant(self) -> Callable[ + [privilegedaccessmanager.GetGrantRequest], + privilegedaccessmanager.Grant]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._GetGrant(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_entitlements(self) -> Callable[ + [privilegedaccessmanager.ListEntitlementsRequest], + privilegedaccessmanager.ListEntitlementsResponse]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListEntitlements(self._session, self._host, self._interceptor) # type: ignore + + @property + def list_grants(self) -> Callable[ + [privilegedaccessmanager.ListGrantsRequest], + privilegedaccessmanager.ListGrantsResponse]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._ListGrants(self._session, self._host, self._interceptor) # type: ignore + + @property + def revoke_grant(self) -> Callable[ + [privilegedaccessmanager.RevokeGrantRequest], + operations_pb2.Operation]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._RevokeGrant(self._session, self._host, self._interceptor) # type: ignore + + @property + def search_entitlements(self) -> Callable[ + [privilegedaccessmanager.SearchEntitlementsRequest], + privilegedaccessmanager.SearchEntitlementsResponse]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SearchEntitlements(self._session, self._host, self._interceptor) # type: ignore + + @property + def search_grants(self) -> Callable[ + [privilegedaccessmanager.SearchGrantsRequest], + privilegedaccessmanager.SearchGrantsResponse]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._SearchGrants(self._session, self._host, self._interceptor) # type: ignore + + @property + def update_entitlement(self) -> Callable[ + [privilegedaccessmanager.UpdateEntitlementRequest], + operations_pb2.Operation]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._UpdateEntitlement(self._session, self._host, self._interceptor) # type: ignore + + @property + def get_location(self): + return self._GetLocation(self._session, self._host, self._interceptor) # type: ignore + + class _GetLocation(_BasePrivilegedAccessManagerRestTransport._BaseGetLocation, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.GetLocation") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: locations_pb2.GetLocationRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> locations_pb2.Location: + + r"""Call the get location method over HTTP. + + Args: + request (locations_pb2.GetLocationRequest): + The request object for GetLocation method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + locations_pb2.Location: Response from GetLocation method. + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseGetLocation._get_http_options() + + request, metadata = self._interceptor.pre_get_location(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseGetLocation._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseGetLocation._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.GetLocation", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "GetLocation", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._GetLocation._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + content = response.content.decode("utf-8") + resp = locations_pb2.Location() + resp = json_format.Parse(content, resp) + resp = self._interceptor.post_get_location(resp) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = json_format.MessageToJson(resp) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.GetLocation", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "GetLocation", + "httpResponse": http_response, + "metadata": http_response["headers"], + }, + ) + return resp + + @property + def list_locations(self): + return self._ListLocations(self._session, self._host, self._interceptor) # type: ignore + + class _ListLocations(_BasePrivilegedAccessManagerRestTransport._BaseListLocations, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.ListLocations") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: locations_pb2.ListLocationsRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> locations_pb2.ListLocationsResponse: + + r"""Call the list locations method over HTTP. + + Args: + request (locations_pb2.ListLocationsRequest): + The request object for ListLocations method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + locations_pb2.ListLocationsResponse: Response from ListLocations method. + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseListLocations._get_http_options() + + request, metadata = self._interceptor.pre_list_locations(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseListLocations._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseListLocations._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ListLocations", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ListLocations", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._ListLocations._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + content = response.content.decode("utf-8") + resp = locations_pb2.ListLocationsResponse() + resp = json_format.Parse(content, resp) + resp = self._interceptor.post_list_locations(resp) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = json_format.MessageToJson(resp) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.ListLocations", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ListLocations", + "httpResponse": http_response, + "metadata": http_response["headers"], + }, + ) + return resp + + @property + def delete_operation(self): + return self._DeleteOperation(self._session, self._host, self._interceptor) # type: ignore + + class _DeleteOperation(_BasePrivilegedAccessManagerRestTransport._BaseDeleteOperation, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.DeleteOperation") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: operations_pb2.DeleteOperationRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> None: + + r"""Call the delete operation method over HTTP. + + Args: + request (operations_pb2.DeleteOperationRequest): + The request object for DeleteOperation method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseDeleteOperation._get_http_options() + + request, metadata = self._interceptor.pre_delete_operation(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseDeleteOperation._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseDeleteOperation._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.DeleteOperation", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "DeleteOperation", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._DeleteOperation._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + return self._interceptor.post_delete_operation(None) + + @property + def get_operation(self): + return self._GetOperation(self._session, self._host, self._interceptor) # type: ignore + + class _GetOperation(_BasePrivilegedAccessManagerRestTransport._BaseGetOperation, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.GetOperation") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: operations_pb2.GetOperationRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> operations_pb2.Operation: + + r"""Call the get operation method over HTTP. + + Args: + request (operations_pb2.GetOperationRequest): + The request object for GetOperation method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + operations_pb2.Operation: Response from GetOperation method. + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseGetOperation._get_http_options() + + request, metadata = self._interceptor.pre_get_operation(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseGetOperation._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseGetOperation._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.GetOperation", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "GetOperation", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._GetOperation._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + content = response.content.decode("utf-8") + resp = operations_pb2.Operation() + resp = json_format.Parse(content, resp) + resp = self._interceptor.post_get_operation(resp) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = json_format.MessageToJson(resp) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.GetOperation", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "GetOperation", + "httpResponse": http_response, + "metadata": http_response["headers"], + }, + ) + return resp + + @property + def list_operations(self): + return self._ListOperations(self._session, self._host, self._interceptor) # type: ignore + + class _ListOperations(_BasePrivilegedAccessManagerRestTransport._BaseListOperations, PrivilegedAccessManagerRestStub): + def __hash__(self): + return hash("PrivilegedAccessManagerRestTransport.ListOperations") + + @staticmethod + def _get_response( + host, + metadata, + query_params, + session, + timeout, + transcoded_request, + body=None): + + uri = transcoded_request['uri'] + method = transcoded_request['method'] + headers = dict(metadata) + headers['Content-Type'] = 'application/json' + response = getattr(session, method)( + "{host}{uri}".format(host=host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + ) + return response + + def __call__(self, + request: operations_pb2.ListOperationsRequest, *, + retry: OptionalRetry=gapic_v1.method.DEFAULT, + timeout: Optional[float]=None, + metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), + ) -> operations_pb2.ListOperationsResponse: + + r"""Call the list operations method over HTTP. + + Args: + request (operations_pb2.ListOperationsRequest): + The request object for ListOperations method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be + sent along with the request as metadata. Normally, each value must be of type `str`, + but for metadata keys ending with the suffix `-bin`, the corresponding values must + be of type `bytes`. + + Returns: + operations_pb2.ListOperationsResponse: Response from ListOperations method. + """ + + http_options = _BasePrivilegedAccessManagerRestTransport._BaseListOperations._get_http_options() + + request, metadata = self._interceptor.pre_list_operations(request, metadata) + transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseListOperations._get_transcoded_request(http_options, request) + + # Jsonify the query params + query_params = _BasePrivilegedAccessManagerRestTransport._BaseListOperations._get_query_params_json(transcoded_request) + + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) + method = transcoded_request['method'] + try: + request_payload = json_format.MessageToJson(request) + except: + request_payload = None + http_request = { + "payload": request_payload, + "requestMethod": method, + "requestUrl": request_url, + "headers": dict(metadata), + } + _LOGGER.debug( + f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ListOperations", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ListOperations", + "httpRequest": http_request, + "metadata": http_request["headers"], + }, + ) + + # Send the request + response = PrivilegedAccessManagerRestTransport._ListOperations._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + content = response.content.decode("utf-8") + resp = operations_pb2.ListOperationsResponse() + resp = json_format.Parse(content, resp) + resp = self._interceptor.post_list_operations(resp) + if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER + try: + response_payload = json_format.MessageToJson(resp) + except: + response_payload = None + http_response = { + "payload": response_payload, + "headers": dict(response.headers), + "status": response.status_code, + } + _LOGGER.debug( + "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.ListOperations", + extra = { + "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "rpcName": "ListOperations", + "httpResponse": http_response, + "metadata": http_response["headers"], + }, + ) + return resp + + @property + def kind(self) -> str: + return "rest" + + def close(self): + self._session.close() + + +__all__=( + 'PrivilegedAccessManagerRestTransport', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest_base.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest_base.py new file mode 100644 index 000000000000..3981acc8c7b0 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest_base.py @@ -0,0 +1,960 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import json # type: ignore +from google.api_core import path_template +from google.api_core import gapic_v1 + +from google.protobuf import json_format +from google.cloud.location import locations_pb2 # type: ignore +from .base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO + +import re +from typing import Any, Callable, Dict, List, Optional, Sequence, Tuple, Union + + +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager +from google.longrunning import operations_pb2 # type: ignore + + +class _BasePrivilegedAccessManagerRestTransport(PrivilegedAccessManagerTransport): + """Base REST backend transport for PrivilegedAccessManager. + + Note: This class is not meant to be used directly. Use its sync and + async sub-classes instead. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends JSON representations of protocol buffers over HTTP/1.1 + """ + + def __init__(self, *, + host: str = 'privilegedaccessmanager.googleapis.com', + credentials: Optional[Any] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, + always_use_jwt_access: Optional[bool] = False, + url_scheme: str = 'https', + api_audience: Optional[str] = None, + ) -> None: + """Instantiate the transport. + Args: + host (Optional[str]): + The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). + credentials (Optional[Any]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you are developing + your own client library. + always_use_jwt_access (Optional[bool]): Whether self signed JWT should + be used for service account credentials. + url_scheme: the protocol scheme for the API endpoint. Normally + "https", but for testing or local servers, + "http" can be specified. + """ + # Run the base constructor + maybe_url_match = re.match("^(?Phttp(?:s)?://)?(?P.*)$", host) + if maybe_url_match is None: + raise ValueError(f"Unexpected hostname structure: {host}") # pragma: NO COVER + + url_match_items = maybe_url_match.groupdict() + + host = f"{url_scheme}://{host}" if not url_match_items["scheme"] else host + + super().__init__( + host=host, + credentials=credentials, + client_info=client_info, + always_use_jwt_access=always_use_jwt_access, + api_audience=api_audience + ) + + class _BaseApproveGrant: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'post', + 'uri': '/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:approve', + 'body': '*', + }, + { + 'method': 'post', + 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:approve', + 'body': '*', + }, + { + 'method': 'post', + 'uri': '/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:approve', + 'body': '*', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.ApproveGrantRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_request_body_json(transcoded_request): + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request['body'], + use_integers_for_enums=True + ) + return body + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseCheckOnboardingStatus: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{parent=projects/*/locations/*}:checkOnboardingStatus', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=organizations/*/locations/*}:checkOnboardingStatus', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=folders/*/locations/*}:checkOnboardingStatus', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.CheckOnboardingStatusRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseCreateEntitlement: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "entitlementId" : "", } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'post', + 'uri': '/v1/{parent=projects/*/locations/*}/entitlements', + 'body': 'entitlement', + }, + { + 'method': 'post', + 'uri': '/v1/{parent=organizations/*/locations/*}/entitlements', + 'body': 'entitlement', + }, + { + 'method': 'post', + 'uri': '/v1/{parent=folders/*/locations/*}/entitlements', + 'body': 'entitlement', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.CreateEntitlementRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_request_body_json(transcoded_request): + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request['body'], + use_integers_for_enums=True + ) + return body + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseCreateGrant: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'post', + 'uri': '/v1/{parent=projects/*/locations/*/entitlements/*}/grants', + 'body': 'grant', + }, + { + 'method': 'post', + 'uri': '/v1/{parent=organizations/*/locations/*/entitlements/*}/grants', + 'body': 'grant', + }, + { + 'method': 'post', + 'uri': '/v1/{parent=folders/*/locations/*/entitlements/*}/grants', + 'body': 'grant', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.CreateGrantRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_request_body_json(transcoded_request): + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request['body'], + use_integers_for_enums=True + ) + return body + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseDeleteEntitlement: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'delete', + 'uri': '/v1/{name=projects/*/locations/*/entitlements/*}', + }, + { + 'method': 'delete', + 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*}', + }, + { + 'method': 'delete', + 'uri': '/v1/{name=folders/*/locations/*/entitlements/*}', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.DeleteEntitlementRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseDenyGrant: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'post', + 'uri': '/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:deny', + 'body': '*', + }, + { + 'method': 'post', + 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:deny', + 'body': '*', + }, + { + 'method': 'post', + 'uri': '/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:deny', + 'body': '*', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.DenyGrantRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_request_body_json(transcoded_request): + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request['body'], + use_integers_for_enums=True + ) + return body + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseGetEntitlement: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{name=projects/*/locations/*/entitlements/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=folders/*/locations/*/entitlements/*}', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.GetEntitlementRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseGetGrant: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{name=projects/*/locations/*/entitlements/*/grants/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=folders/*/locations/*/entitlements/*/grants/*}', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.GetGrantRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseGetGrant._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseListEntitlements: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{parent=projects/*/locations/*}/entitlements', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=organizations/*/locations/*}/entitlements', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=folders/*/locations/*}/entitlements', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.ListEntitlementsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseListEntitlements._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseListGrants: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{parent=projects/*/locations/*/entitlements/*}/grants', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=organizations/*/locations/*/entitlements/*}/grants', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=folders/*/locations/*/entitlements/*}/grants', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.ListGrantsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseListGrants._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseRevokeGrant: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'post', + 'uri': '/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:revoke', + 'body': '*', + }, + { + 'method': 'post', + 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:revoke', + 'body': '*', + }, + { + 'method': 'post', + 'uri': '/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:revoke', + 'body': '*', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.RevokeGrantRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_request_body_json(transcoded_request): + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request['body'], + use_integers_for_enums=True + ) + return body + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseSearchEntitlements: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "callerAccessType" : {}, } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{parent=projects/*/locations/*}/entitlements:search', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=organizations/*/locations/*}/entitlements:search', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=folders/*/locations/*}/entitlements:search', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.SearchEntitlementsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseSearchGrants: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "callerRelationship" : {}, } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{parent=projects/*/locations/*/entitlements/*}/grants:search', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=organizations/*/locations/*/entitlements/*}/grants:search', + }, + { + 'method': 'get', + 'uri': '/v1/{parent=folders/*/locations/*/entitlements/*}/grants:search', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.SearchGrantsRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseSearchGrants._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseUpdateEntitlement: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { + "updateMask" : {}, } + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'patch', + 'uri': '/v1/{entitlement.name=projects/*/locations/*/entitlements/*}', + 'body': 'entitlement', + }, + { + 'method': 'patch', + 'uri': '/v1/{entitlement.name=organizations/*/locations/*/entitlements/*}', + 'body': 'entitlement', + }, + { + 'method': 'patch', + 'uri': '/v1/{entitlement.name=folders/*/locations/*/entitlements/*}', + 'body': 'entitlement', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + pb_request = privilegedaccessmanager.UpdateEntitlementRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + return transcoded_request + + @staticmethod + def _get_request_body_json(transcoded_request): + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request['body'], + use_integers_for_enums=True + ) + return body + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json_format.MessageToJson( + transcoded_request['query_params'], + use_integers_for_enums=True, + )) + query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + return query_params + + class _BaseGetLocation: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{name=projects/*/locations/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=organizations/*/locations/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=folders/*/locations/*}', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode( + http_options, **request_kwargs) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json.dumps(transcoded_request['query_params'])) + return query_params + + class _BaseListLocations: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{name=projects/*}/locations', + }, + { + 'method': 'get', + 'uri': '/v1/{name=organizations/*}/locations', + }, + { + 'method': 'get', + 'uri': '/v1/{name=folders/*}/locations', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode( + http_options, **request_kwargs) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json.dumps(transcoded_request['query_params'])) + return query_params + + class _BaseDeleteOperation: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'delete', + 'uri': '/v1/{name=projects/*/locations/*/operations/*}', + }, + { + 'method': 'delete', + 'uri': '/v1/{name=organizations/*/locations/*/operations/*}', + }, + { + 'method': 'delete', + 'uri': '/v1/{name=folders/*/locations/*/operations/*}', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode( + http_options, **request_kwargs) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json.dumps(transcoded_request['query_params'])) + return query_params + + class _BaseGetOperation: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{name=projects/*/locations/*/operations/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=organizations/*/locations/*/operations/*}', + }, + { + 'method': 'get', + 'uri': '/v1/{name=folders/*/locations/*/operations/*}', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode( + http_options, **request_kwargs) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json.dumps(transcoded_request['query_params'])) + return query_params + + class _BaseListOperations: + def __hash__(self): # pragma: NO COVER + return NotImplementedError("__hash__ must be implemented.") + + @staticmethod + def _get_http_options(): + http_options: List[Dict[str, str]] = [{ + 'method': 'get', + 'uri': '/v1/{name=projects/*/locations/*}/operations', + }, + { + 'method': 'get', + 'uri': '/v1/{name=organizations/*/locations/*}/operations', + }, + { + 'method': 'get', + 'uri': '/v1/{name=folders/*/locations/*}/operations', + }, + ] + return http_options + + @staticmethod + def _get_transcoded_request(http_options, request): + request_kwargs = json_format.MessageToDict(request) + transcoded_request = path_template.transcode( + http_options, **request_kwargs) + return transcoded_request + + @staticmethod + def _get_query_params_json(transcoded_request): + query_params = json.loads(json.dumps(transcoded_request['query_params'])) + return query_params + + +__all__=( + '_BasePrivilegedAccessManagerRestTransport', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/__init__.py new file mode 100644 index 000000000000..d07dbf871098 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/__init__.py @@ -0,0 +1,74 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from .privilegedaccessmanager import ( + AccessControlEntry, + ApprovalWorkflow, + ApproveGrantRequest, + CheckOnboardingStatusRequest, + CheckOnboardingStatusResponse, + CreateEntitlementRequest, + CreateGrantRequest, + DeleteEntitlementRequest, + DenyGrantRequest, + Entitlement, + GetEntitlementRequest, + GetGrantRequest, + Grant, + Justification, + ListEntitlementsRequest, + ListEntitlementsResponse, + ListGrantsRequest, + ListGrantsResponse, + ManualApprovals, + OperationMetadata, + PrivilegedAccess, + RevokeGrantRequest, + SearchEntitlementsRequest, + SearchEntitlementsResponse, + SearchGrantsRequest, + SearchGrantsResponse, + UpdateEntitlementRequest, +) + +__all__ = ( + 'AccessControlEntry', + 'ApprovalWorkflow', + 'ApproveGrantRequest', + 'CheckOnboardingStatusRequest', + 'CheckOnboardingStatusResponse', + 'CreateEntitlementRequest', + 'CreateGrantRequest', + 'DeleteEntitlementRequest', + 'DenyGrantRequest', + 'Entitlement', + 'GetEntitlementRequest', + 'GetGrantRequest', + 'Grant', + 'Justification', + 'ListEntitlementsRequest', + 'ListEntitlementsResponse', + 'ListGrantsRequest', + 'ListGrantsResponse', + 'ManualApprovals', + 'OperationMetadata', + 'PrivilegedAccess', + 'RevokeGrantRequest', + 'SearchEntitlementsRequest', + 'SearchEntitlementsResponse', + 'SearchGrantsRequest', + 'SearchGrantsResponse', + 'UpdateEntitlementRequest', +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py new file mode 100644 index 000000000000..5b749a0d7acc --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py @@ -0,0 +1,1736 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from __future__ import annotations + +from typing import MutableMapping, MutableSequence + +import proto # type: ignore + +from google.protobuf import duration_pb2 # type: ignore +from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import timestamp_pb2 # type: ignore +from google.rpc import status_pb2 # type: ignore + + +__protobuf__ = proto.module( + package='google.cloud.privilegedaccessmanager.v1', + manifest={ + 'CheckOnboardingStatusRequest', + 'CheckOnboardingStatusResponse', + 'Entitlement', + 'AccessControlEntry', + 'ApprovalWorkflow', + 'ManualApprovals', + 'PrivilegedAccess', + 'ListEntitlementsRequest', + 'ListEntitlementsResponse', + 'SearchEntitlementsRequest', + 'SearchEntitlementsResponse', + 'GetEntitlementRequest', + 'CreateEntitlementRequest', + 'DeleteEntitlementRequest', + 'UpdateEntitlementRequest', + 'Grant', + 'Justification', + 'ListGrantsRequest', + 'ListGrantsResponse', + 'SearchGrantsRequest', + 'SearchGrantsResponse', + 'GetGrantRequest', + 'ApproveGrantRequest', + 'DenyGrantRequest', + 'RevokeGrantRequest', + 'CreateGrantRequest', + 'OperationMetadata', + }, +) + + +class CheckOnboardingStatusRequest(proto.Message): + r"""Request message for ``CheckOnboardingStatus`` method. + + Attributes: + parent (str): + Required. The resource for which the onboarding status + should be checked. Should be in one of the following + formats: + + - ``projects/{project-number|project-id}/locations/{region}`` + - ``folders/{folder-number}/locations/{region}`` + - ``organizations/{organization-number}/locations/{region}`` + """ + + parent: str = proto.Field( + proto.STRING, + number=1, + ) + + +class CheckOnboardingStatusResponse(proto.Message): + r"""Response message for ``CheckOnboardingStatus`` method. + + Attributes: + service_account (str): + The service account that PAM uses to act on + this resource. + findings (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse.Finding]): + List of issues that are preventing PAM from + functioning for this resource and need to be + fixed to complete onboarding. Some issues might + not be detected or reported. + """ + + class Finding(proto.Message): + r"""Finding represents an issue which prevents PAM from + functioning properly for this resource. + + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + iam_access_denied (google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse.Finding.IAMAccessDenied): + PAM's service account is being denied access + by Cloud IAM. + + This field is a member of `oneof`_ ``finding_type``. + """ + + class IAMAccessDenied(proto.Message): + r"""PAM's service account is being denied access by Cloud IAM. + This can be fixed by granting a role that contains the missing + permissions to the service account or exempting it from deny + policies if they are blocking the access. + + Attributes: + missing_permissions (MutableSequence[str]): + List of permissions that are being denied. + """ + + missing_permissions: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=1, + ) + + iam_access_denied: 'CheckOnboardingStatusResponse.Finding.IAMAccessDenied' = proto.Field( + proto.MESSAGE, + number=1, + oneof='finding_type', + message='CheckOnboardingStatusResponse.Finding.IAMAccessDenied', + ) + + service_account: str = proto.Field( + proto.STRING, + number=1, + ) + findings: MutableSequence[Finding] = proto.RepeatedField( + proto.MESSAGE, + number=2, + message=Finding, + ) + + +class Entitlement(proto.Message): + r"""An entitlement defines the eligibility of a set of users to + obtain predefined access for some time possibly after going + through an approval workflow. + + Attributes: + name (str): + Identifier. Name of the entitlement. Possible formats: + + - ``organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}`` + - ``folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}`` + - ``projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}`` + create_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. Create time stamp. + update_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. Update time stamp. + eligible_users (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.AccessControlEntry]): + Optional. Who can create grants using this + entitlement. This list should contain at most + one entry. + approval_workflow (google.cloud.privilegedaccessmanager_v1.types.ApprovalWorkflow): + Optional. The approvals needed before access + are granted to a requester. No approvals are + needed if this field is null. + privileged_access (google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess): + The access granted to a requester on + successful approval. + max_request_duration (google.protobuf.duration_pb2.Duration): + Required. The maximum amount of time that + access is granted for a request. A requester can + ask for a duration less than this, but never + more. + state (google.cloud.privilegedaccessmanager_v1.types.Entitlement.State): + Output only. Current state of this + entitlement. + requester_justification_config (google.cloud.privilegedaccessmanager_v1.types.Entitlement.RequesterJustificationConfig): + Required. The manner in which the requester + should provide a justification for requesting + access. + additional_notification_targets (google.cloud.privilegedaccessmanager_v1.types.Entitlement.AdditionalNotificationTargets): + Optional. Additional email addresses to be + notified based on actions taken. + etag (str): + An ``etag`` is used for optimistic concurrency control as a + way to prevent simultaneous updates to the same entitlement. + An ``etag`` is returned in the response to + ``GetEntitlement`` and the caller should put the ``etag`` in + the request to ``UpdateEntitlement`` so that their change is + applied on the same version. If this field is omitted or if + there is a mismatch while updating an entitlement, then the + server rejects the request. + """ + class State(proto.Enum): + r"""Different states an entitlement can be in. + + Values: + STATE_UNSPECIFIED (0): + Unspecified state. This value is never + returned by the server. + CREATING (1): + The entitlement is being created. + AVAILABLE (2): + The entitlement is available for requesting + access. + DELETING (3): + The entitlement is being deleted. + DELETED (4): + The entitlement has been deleted. + UPDATING (5): + The entitlement is being updated. + """ + STATE_UNSPECIFIED = 0 + CREATING = 1 + AVAILABLE = 2 + DELETING = 3 + DELETED = 4 + UPDATING = 5 + + class RequesterJustificationConfig(proto.Message): + r"""Defines how a requester must provide a justification when + requesting access. + + This message has `oneof`_ fields (mutually exclusive fields). + For each oneof, at most one member field can be set at the same time. + Setting any member of the oneof automatically clears all other + members. + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + not_mandatory (google.cloud.privilegedaccessmanager_v1.types.Entitlement.RequesterJustificationConfig.NotMandatory): + This option means the requester isn't + required to provide a justification. + + This field is a member of `oneof`_ ``justification_type``. + unstructured (google.cloud.privilegedaccessmanager_v1.types.Entitlement.RequesterJustificationConfig.Unstructured): + This option means the requester must provide + a string as justification. If this is selected, + the server allows the requester to provide a + justification but doesn't validate it. + + This field is a member of `oneof`_ ``justification_type``. + """ + + class NotMandatory(proto.Message): + r"""The justification is not mandatory but can be provided in any + of the supported formats. + + """ + + class Unstructured(proto.Message): + r"""The requester has to provide a justification in the form of a + string. + + """ + + not_mandatory: 'Entitlement.RequesterJustificationConfig.NotMandatory' = proto.Field( + proto.MESSAGE, + number=1, + oneof='justification_type', + message='Entitlement.RequesterJustificationConfig.NotMandatory', + ) + unstructured: 'Entitlement.RequesterJustificationConfig.Unstructured' = proto.Field( + proto.MESSAGE, + number=2, + oneof='justification_type', + message='Entitlement.RequesterJustificationConfig.Unstructured', + ) + + class AdditionalNotificationTargets(proto.Message): + r"""``AdditionalNotificationTargets`` includes email addresses to be + notified. + + Attributes: + admin_email_recipients (MutableSequence[str]): + Optional. Additional email addresses to be + notified when a principal (requester) is granted + access. + requester_email_recipients (MutableSequence[str]): + Optional. Additional email address to be + notified about an eligible entitlement. + """ + + admin_email_recipients: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=1, + ) + requester_email_recipients: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=2, + ) + + name: str = proto.Field( + proto.STRING, + number=1, + ) + create_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=2, + message=timestamp_pb2.Timestamp, + ) + update_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=3, + message=timestamp_pb2.Timestamp, + ) + eligible_users: MutableSequence['AccessControlEntry'] = proto.RepeatedField( + proto.MESSAGE, + number=5, + message='AccessControlEntry', + ) + approval_workflow: 'ApprovalWorkflow' = proto.Field( + proto.MESSAGE, + number=6, + message='ApprovalWorkflow', + ) + privileged_access: 'PrivilegedAccess' = proto.Field( + proto.MESSAGE, + number=7, + message='PrivilegedAccess', + ) + max_request_duration: duration_pb2.Duration = proto.Field( + proto.MESSAGE, + number=8, + message=duration_pb2.Duration, + ) + state: State = proto.Field( + proto.ENUM, + number=9, + enum=State, + ) + requester_justification_config: RequesterJustificationConfig = proto.Field( + proto.MESSAGE, + number=10, + message=RequesterJustificationConfig, + ) + additional_notification_targets: AdditionalNotificationTargets = proto.Field( + proto.MESSAGE, + number=11, + message=AdditionalNotificationTargets, + ) + etag: str = proto.Field( + proto.STRING, + number=12, + ) + + +class AccessControlEntry(proto.Message): + r"""``AccessControlEntry`` is used to control who can do some operation. + + Attributes: + principals (MutableSequence[str]): + Optional. Users who are allowed for the + operation. Each entry should be a valid v1 IAM + principal identifier. The format for these is + documented at: + + https://cloud.google.com/iam/docs/principal-identifiers#v1 + """ + + principals: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=1, + ) + + +class ApprovalWorkflow(proto.Message): + r"""Different types of approval workflows that can be used to + gate privileged access granting. + + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + manual_approvals (google.cloud.privilegedaccessmanager_v1.types.ManualApprovals): + An approval workflow where users designated + as approvers review and act on the grants. + + This field is a member of `oneof`_ ``approval_workflow``. + """ + + manual_approvals: 'ManualApprovals' = proto.Field( + proto.MESSAGE, + number=1, + oneof='approval_workflow', + message='ManualApprovals', + ) + + +class ManualApprovals(proto.Message): + r"""A manual approval workflow where users who are designated as + approvers need to call the ``ApproveGrant``/``DenyGrant`` APIs for a + grant. The workflow can consist of multiple serial steps where each + step defines who can act as approver in that step and how many of + those users should approve before the workflow moves to the next + step. + + This can be used to create approval workflows such as: + + - Require an approval from any user in a group G. + - Require an approval from any k number of users from a Group G. + - Require an approval from any user in a group G and then from a + user U. + + A single user might be part of the ``approvers`` ACL for multiple + steps in this workflow, but they can only approve once and that + approval is only considered to satisfy the approval step at which it + was granted. + + Attributes: + require_approver_justification (bool): + Optional. Do the approvers need to provide a + justification for their actions? + steps (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.ManualApprovals.Step]): + Optional. List of approval steps in this + workflow. These steps are followed in the + specified order sequentially. Only 1 step is + supported. + """ + + class Step(proto.Message): + r"""Step represents a logical step in a manual approval workflow. + + Attributes: + approvers (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.AccessControlEntry]): + Optional. The potential set of approvers in + this step. This list must contain at most one + entry. + approvals_needed (int): + Required. How many users from the above list + need to approve. If there aren't enough distinct + users in the list, then the workflow + indefinitely blocks. Should always be greater + than 0. 1 is the only supported value. + approver_email_recipients (MutableSequence[str]): + Optional. Additional email addresses to be + notified when a grant is pending approval. + """ + + approvers: MutableSequence['AccessControlEntry'] = proto.RepeatedField( + proto.MESSAGE, + number=1, + message='AccessControlEntry', + ) + approvals_needed: int = proto.Field( + proto.INT32, + number=2, + ) + approver_email_recipients: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=3, + ) + + require_approver_justification: bool = proto.Field( + proto.BOOL, + number=1, + ) + steps: MutableSequence[Step] = proto.RepeatedField( + proto.MESSAGE, + number=2, + message=Step, + ) + + +class PrivilegedAccess(proto.Message): + r"""Privileged access that this service can be used to gate. + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + gcp_iam_access (google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess.GcpIamAccess): + Access to a Google Cloud resource through + IAM. + + This field is a member of `oneof`_ ``access_type``. + """ + + class GcpIamAccess(proto.Message): + r"""``GcpIamAccess`` represents IAM based access control on a Google + Cloud resource. Refer to https://cloud.google.com/iam/docs to + understand more about IAM. + + Attributes: + resource_type (str): + Required. The type of this resource. + resource (str): + Required. Name of the resource. + role_bindings (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess.GcpIamAccess.RoleBinding]): + Required. Role bindings that are created on + successful grant. + """ + + class RoleBinding(proto.Message): + r"""IAM role bindings that are created after a successful grant. + + Attributes: + role (str): + Required. IAM role to be granted. + https://cloud.google.com/iam/docs/roles-overview. + condition_expression (str): + Optional. The expression field of the IAM + condition to be associated with the role. If + specified, a user with an active grant for this + entitlement is able to access the resource only + if this condition evaluates to true for their + request. + + This field uses the same CEL format as IAM and + supports all attributes that IAM supports, + except tags. + https://cloud.google.com/iam/docs/conditions-overview#attributes. + """ + + role: str = proto.Field( + proto.STRING, + number=1, + ) + condition_expression: str = proto.Field( + proto.STRING, + number=2, + ) + + resource_type: str = proto.Field( + proto.STRING, + number=1, + ) + resource: str = proto.Field( + proto.STRING, + number=2, + ) + role_bindings: MutableSequence['PrivilegedAccess.GcpIamAccess.RoleBinding'] = proto.RepeatedField( + proto.MESSAGE, + number=4, + message='PrivilegedAccess.GcpIamAccess.RoleBinding', + ) + + gcp_iam_access: GcpIamAccess = proto.Field( + proto.MESSAGE, + number=1, + oneof='access_type', + message=GcpIamAccess, + ) + + +class ListEntitlementsRequest(proto.Message): + r"""Message for requesting list of entitlements. + + Attributes: + parent (str): + Required. The parent which owns the + entitlement resources. + page_size (int): + Optional. Requested page size. Server may + return fewer items than requested. If + unspecified, the server picks an appropriate + default. + page_token (str): + Optional. A token identifying a page of + results the server should return. + filter (str): + Optional. Filtering results. + order_by (str): + Optional. Hint for how to order the results. + """ + + parent: str = proto.Field( + proto.STRING, + number=1, + ) + page_size: int = proto.Field( + proto.INT32, + number=2, + ) + page_token: str = proto.Field( + proto.STRING, + number=3, + ) + filter: str = proto.Field( + proto.STRING, + number=4, + ) + order_by: str = proto.Field( + proto.STRING, + number=5, + ) + + +class ListEntitlementsResponse(proto.Message): + r"""Message for response to listing entitlements. + + Attributes: + entitlements (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Entitlement]): + The list of entitlements. + next_page_token (str): + A token identifying a page of results the + server should return. + unreachable (MutableSequence[str]): + Locations that could not be reached. + """ + + @property + def raw_page(self): + return self + + entitlements: MutableSequence['Entitlement'] = proto.RepeatedField( + proto.MESSAGE, + number=1, + message='Entitlement', + ) + next_page_token: str = proto.Field( + proto.STRING, + number=2, + ) + unreachable: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=3, + ) + + +class SearchEntitlementsRequest(proto.Message): + r"""Request message for ``SearchEntitlements`` method. + + Attributes: + parent (str): + Required. The parent which owns the + entitlement resources. + caller_access_type (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest.CallerAccessType): + Required. Only entitlements where the calling + user has this access are returned. + filter (str): + Optional. Only entitlements matching this + filter are returned in the response. + page_size (int): + Optional. Requested page size. The server may + return fewer items than requested. If + unspecified, the server picks an appropriate + default. + page_token (str): + Optional. A token identifying a page of + results the server should return. + """ + class CallerAccessType(proto.Enum): + r"""Different types of access a user can have on the entitlement + resource. + + Values: + CALLER_ACCESS_TYPE_UNSPECIFIED (0): + Unspecified access type. + GRANT_REQUESTER (1): + The user has access to create grants using + this entitlement. + GRANT_APPROVER (2): + The user has access to approve/deny grants + created under this entitlement. + """ + CALLER_ACCESS_TYPE_UNSPECIFIED = 0 + GRANT_REQUESTER = 1 + GRANT_APPROVER = 2 + + parent: str = proto.Field( + proto.STRING, + number=1, + ) + caller_access_type: CallerAccessType = proto.Field( + proto.ENUM, + number=2, + enum=CallerAccessType, + ) + filter: str = proto.Field( + proto.STRING, + number=3, + ) + page_size: int = proto.Field( + proto.INT32, + number=4, + ) + page_token: str = proto.Field( + proto.STRING, + number=5, + ) + + +class SearchEntitlementsResponse(proto.Message): + r"""Response message for ``SearchEntitlements`` method. + + Attributes: + entitlements (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Entitlement]): + The list of entitlements. + next_page_token (str): + A token identifying a page of results the + server should return. + """ + + @property + def raw_page(self): + return self + + entitlements: MutableSequence['Entitlement'] = proto.RepeatedField( + proto.MESSAGE, + number=1, + message='Entitlement', + ) + next_page_token: str = proto.Field( + proto.STRING, + number=2, + ) + + +class GetEntitlementRequest(proto.Message): + r"""Message for getting an entitlement. + + Attributes: + name (str): + Required. Name of the resource. + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + + +class CreateEntitlementRequest(proto.Message): + r"""Message for creating an entitlement. + + Attributes: + parent (str): + Required. Name of the parent resource for the entitlement. + Possible formats: + + - ``organizations/{organization-number}/locations/{region}`` + - ``folders/{folder-number}/locations/{region}`` + - ``projects/{project-id|project-number}/locations/{region}`` + entitlement_id (str): + Required. The ID to use for this entitlement. This becomes + the last part of the resource name. + + This value should be 4-63 characters in length, and valid + characters are "[a-z]", "[0-9]", and "-". The first + character should be from [a-z]. + + This value should be unique among all other entitlements + under the specified ``parent``. + entitlement (google.cloud.privilegedaccessmanager_v1.types.Entitlement): + Required. The resource being created + request_id (str): + Optional. An optional request ID to identify + requests. Specify a unique request ID so that if + you must retry your request, the server knows to + ignore the request if it has already been + completed. The server guarantees this for at + least 60 minutes after the first request. + + For example, consider a situation where you make + an initial request and the request times out. If + you make the request again with the same request + ID, the server can check if original operation + with the same request ID was received, and if + so, ignores the second request and returns the + previous operation's response. This prevents + clients from accidentally creating duplicate + entitlements. + + The request ID must be a valid UUID with the + exception that zero UUID is not supported + (00000000-0000-0000-0000-000000000000). + """ + + parent: str = proto.Field( + proto.STRING, + number=1, + ) + entitlement_id: str = proto.Field( + proto.STRING, + number=2, + ) + entitlement: 'Entitlement' = proto.Field( + proto.MESSAGE, + number=3, + message='Entitlement', + ) + request_id: str = proto.Field( + proto.STRING, + number=4, + ) + + +class DeleteEntitlementRequest(proto.Message): + r"""Message for deleting an entitlement. + + Attributes: + name (str): + Required. Name of the resource. + request_id (str): + Optional. An optional request ID to identify + requests. Specify a unique request ID so that if + you must retry your request, the server knows to + ignore the request if it has already been + completed. The server guarantees this for at + least 60 minutes after the first request. + + For example, consider a situation where you make + an initial request and the request times out. If + you make the request again with the same request + ID, the server can check if original operation + with the same request ID was received, and if + so, ignores the second request. + + The request ID must be a valid UUID with the + exception that zero UUID is not supported + (00000000-0000-0000-0000-000000000000). + force (bool): + Optional. If set to true, any child grant + under this entitlement is also deleted. + (Otherwise, the request only works if the + entitlement has no child grant.) + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + request_id: str = proto.Field( + proto.STRING, + number=2, + ) + force: bool = proto.Field( + proto.BOOL, + number=3, + ) + + +class UpdateEntitlementRequest(proto.Message): + r"""Message for updating an entitlement. + + Attributes: + entitlement (google.cloud.privilegedaccessmanager_v1.types.Entitlement): + Required. The entitlement resource that is + updated. + update_mask (google.protobuf.field_mask_pb2.FieldMask): + Required. The list of fields to update. A field is + overwritten if, and only if, it is in the mask. Any + immutable fields set in the mask are ignored by the server. + Repeated fields and map fields are only allowed in the last + position of a ``paths`` string and overwrite the existing + values. Hence an update to a repeated field or a map should + contain the entire list of values. The fields specified in + the update_mask are relative to the resource and not to the + request. (e.g. ``MaxRequestDuration``; *not* + ``entitlement.MaxRequestDuration``) A value of '*' for this + field refers to full replacement of the resource. + """ + + entitlement: 'Entitlement' = proto.Field( + proto.MESSAGE, + number=1, + message='Entitlement', + ) + update_mask: field_mask_pb2.FieldMask = proto.Field( + proto.MESSAGE, + number=2, + message=field_mask_pb2.FieldMask, + ) + + +class Grant(proto.Message): + r"""A grant represents a request from a user for obtaining the + access specified in an entitlement they are eligible for. + + Attributes: + name (str): + Identifier. Name of this grant. Possible formats: + + - ``organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`` + - ``folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`` + - ``projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`` + + The last segment of this name (``{grant-id}``) is + autogenerated. + create_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. Create time stamp. + update_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. Update time stamp. + requester (str): + Output only. Username of the user who created + this grant. + requested_duration (google.protobuf.duration_pb2.Duration): + Required. The amount of time access is needed for. This + value should be less than the ``max_request_duration`` value + of the entitlement. + justification (google.cloud.privilegedaccessmanager_v1.types.Justification): + Optional. Justification of why this access is + needed. + state (google.cloud.privilegedaccessmanager_v1.types.Grant.State): + Output only. Current state of this grant. + timeline (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline): + Output only. Timeline of this grant. + privileged_access (google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess): + Output only. The access that would be granted + by this grant. + audit_trail (google.cloud.privilegedaccessmanager_v1.types.Grant.AuditTrail): + Output only. Audit trail of access provided + by this grant. If unspecified then access was + never granted. + additional_email_recipients (MutableSequence[str]): + Optional. Additional email addresses to + notify for all the actions performed on the + grant. + externally_modified (bool): + Output only. Flag set by the PAM system to indicate that + policy bindings made by this grant have been modified from + outside PAM. + + After it is set, this flag remains set forever irrespective + of the grant state. A ``true`` value here indicates that PAM + no longer has any certainty on the access a user has because + of this grant. + """ + class State(proto.Enum): + r"""Different states a grant can be in. + + Values: + STATE_UNSPECIFIED (0): + Unspecified state. This value is never + returned by the server. + APPROVAL_AWAITED (1): + The entitlement had an approval workflow + configured and this grant is waiting for the + workflow to complete. + DENIED (3): + The approval workflow completed with a denied + result. No access is granted for this grant. + This is a terminal state. + SCHEDULED (4): + The approval workflow completed successfully + with an approved result or none was configured. + Access is provided at an appropriate time. + ACTIVATING (5): + Access is being given. + ACTIVE (6): + Access was successfully given and is + currently active. + ACTIVATION_FAILED (7): + The system could not give access due to a + non-retriable error. This is a terminal state. + EXPIRED (8): + Expired after waiting for the approval + workflow to complete. This is a terminal state. + REVOKING (9): + Access is being revoked. + REVOKED (10): + Access was revoked by a user. This is a + terminal state. + ENDED (11): + System took back access as the requested + duration was over. This is a terminal state. + WITHDRAWING (12): + Access is being withdrawn. + WITHDRAWN (13): + Grant was withdrawn by the grant owner. This + is a terminal state. + """ + STATE_UNSPECIFIED = 0 + APPROVAL_AWAITED = 1 + DENIED = 3 + SCHEDULED = 4 + ACTIVATING = 5 + ACTIVE = 6 + ACTIVATION_FAILED = 7 + EXPIRED = 8 + REVOKING = 9 + REVOKED = 10 + ENDED = 11 + WITHDRAWING = 12 + WITHDRAWN = 13 + + class Timeline(proto.Message): + r"""Timeline of a grant describing what happened to it and when. + + Attributes: + events (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event]): + Output only. The events that have occurred on this grant. + This list contains entries in the same order as they + occurred. The first entry is always be of type ``Requested`` + and there is always at least one entry in this array. + """ + + class Event(proto.Message): + r"""A single operation on the grant. + + This message has `oneof`_ fields (mutually exclusive fields). + For each oneof, at most one member field can be set at the same time. + Setting any member of the oneof automatically clears all other + members. + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + requested (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Requested): + The grant was requested. + + This field is a member of `oneof`_ ``event``. + approved (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Approved): + The grant was approved. + + This field is a member of `oneof`_ ``event``. + denied (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Denied): + The grant was denied. + + This field is a member of `oneof`_ ``event``. + revoked (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Revoked): + The grant was revoked. + + This field is a member of `oneof`_ ``event``. + scheduled (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Scheduled): + The grant has been scheduled to give access. + + This field is a member of `oneof`_ ``event``. + activated (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Activated): + The grant was successfully activated to give + access. + + This field is a member of `oneof`_ ``event``. + activation_failed (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.ActivationFailed): + There was a non-retriable error while trying + to give access. + + This field is a member of `oneof`_ ``event``. + expired (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Expired): + The approval workflow did not complete in the + necessary duration, and so the grant is expired. + + This field is a member of `oneof`_ ``event``. + ended (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Ended): + Access given by the grant ended automatically + as the approved duration was over. + + This field is a member of `oneof`_ ``event``. + externally_modified (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.ExternallyModified): + The policy bindings made by grant have been + modified outside of PAM. + + This field is a member of `oneof`_ ``event``. + withdrawn (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Withdrawn): + The grant was withdrawn. + + This field is a member of `oneof`_ ``event``. + event_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time (as recorded at server) + when this event occurred. + """ + + class Requested(proto.Message): + r"""An event representing that a grant was requested. + + Attributes: + expire_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time at which this grant + expires unless the approval workflow completes. + If omitted, then the request never expires. + """ + + expire_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=1, + message=timestamp_pb2.Timestamp, + ) + + class Approved(proto.Message): + r"""An event representing that the grant was approved. + + Attributes: + reason (str): + Output only. The reason provided by the + approver for approving the grant. + actor (str): + Output only. Username of the user who + approved the grant. + """ + + reason: str = proto.Field( + proto.STRING, + number=1, + ) + actor: str = proto.Field( + proto.STRING, + number=2, + ) + + class Denied(proto.Message): + r"""An event representing that the grant was denied. + + Attributes: + reason (str): + Output only. The reason provided by the + approver for denying the grant. + actor (str): + Output only. Username of the user who denied + the grant. + """ + + reason: str = proto.Field( + proto.STRING, + number=1, + ) + actor: str = proto.Field( + proto.STRING, + number=2, + ) + + class Revoked(proto.Message): + r"""An event representing that the grant was revoked. + + Attributes: + reason (str): + Output only. The reason provided by the user + for revoking the grant. + actor (str): + Output only. Username of the user who revoked + the grant. + """ + + reason: str = proto.Field( + proto.STRING, + number=1, + ) + actor: str = proto.Field( + proto.STRING, + number=2, + ) + + class Withdrawn(proto.Message): + r"""An event representing that the grant was withdrawn. + """ + + class Scheduled(proto.Message): + r"""An event representing that the grant has been scheduled to be + activated later. + + Attributes: + scheduled_activation_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time at which the access is + granted. + """ + + scheduled_activation_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=1, + message=timestamp_pb2.Timestamp, + ) + + class Activated(proto.Message): + r"""An event representing that the grant was successfully + activated. + + """ + + class ActivationFailed(proto.Message): + r"""An event representing that the grant activation failed. + + Attributes: + error (google.rpc.status_pb2.Status): + Output only. The error that occurred while + activating the grant. + """ + + error: status_pb2.Status = proto.Field( + proto.MESSAGE, + number=1, + message=status_pb2.Status, + ) + + class Expired(proto.Message): + r"""An event representing that the grant was expired. + """ + + class Ended(proto.Message): + r"""An event representing that the grant has ended. + """ + + class ExternallyModified(proto.Message): + r"""An event representing that the policy bindings made by this + grant were modified externally. + + """ + + requested: 'Grant.Timeline.Event.Requested' = proto.Field( + proto.MESSAGE, + number=2, + oneof='event', + message='Grant.Timeline.Event.Requested', + ) + approved: 'Grant.Timeline.Event.Approved' = proto.Field( + proto.MESSAGE, + number=3, + oneof='event', + message='Grant.Timeline.Event.Approved', + ) + denied: 'Grant.Timeline.Event.Denied' = proto.Field( + proto.MESSAGE, + number=4, + oneof='event', + message='Grant.Timeline.Event.Denied', + ) + revoked: 'Grant.Timeline.Event.Revoked' = proto.Field( + proto.MESSAGE, + number=5, + oneof='event', + message='Grant.Timeline.Event.Revoked', + ) + scheduled: 'Grant.Timeline.Event.Scheduled' = proto.Field( + proto.MESSAGE, + number=6, + oneof='event', + message='Grant.Timeline.Event.Scheduled', + ) + activated: 'Grant.Timeline.Event.Activated' = proto.Field( + proto.MESSAGE, + number=7, + oneof='event', + message='Grant.Timeline.Event.Activated', + ) + activation_failed: 'Grant.Timeline.Event.ActivationFailed' = proto.Field( + proto.MESSAGE, + number=8, + oneof='event', + message='Grant.Timeline.Event.ActivationFailed', + ) + expired: 'Grant.Timeline.Event.Expired' = proto.Field( + proto.MESSAGE, + number=10, + oneof='event', + message='Grant.Timeline.Event.Expired', + ) + ended: 'Grant.Timeline.Event.Ended' = proto.Field( + proto.MESSAGE, + number=11, + oneof='event', + message='Grant.Timeline.Event.Ended', + ) + externally_modified: 'Grant.Timeline.Event.ExternallyModified' = proto.Field( + proto.MESSAGE, + number=12, + oneof='event', + message='Grant.Timeline.Event.ExternallyModified', + ) + withdrawn: 'Grant.Timeline.Event.Withdrawn' = proto.Field( + proto.MESSAGE, + number=13, + oneof='event', + message='Grant.Timeline.Event.Withdrawn', + ) + event_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=1, + message=timestamp_pb2.Timestamp, + ) + + events: MutableSequence['Grant.Timeline.Event'] = proto.RepeatedField( + proto.MESSAGE, + number=1, + message='Grant.Timeline.Event', + ) + + class AuditTrail(proto.Message): + r"""Audit trail for the access provided by this grant. + + Attributes: + access_grant_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time at which access was + given. + access_remove_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time at which the system + removed access. This could be because of an + automatic expiry or because of a revocation. + + If unspecified, then access hasn't been removed + yet. + """ + + access_grant_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=1, + message=timestamp_pb2.Timestamp, + ) + access_remove_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=2, + message=timestamp_pb2.Timestamp, + ) + + name: str = proto.Field( + proto.STRING, + number=1, + ) + create_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=2, + message=timestamp_pb2.Timestamp, + ) + update_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=3, + message=timestamp_pb2.Timestamp, + ) + requester: str = proto.Field( + proto.STRING, + number=4, + ) + requested_duration: duration_pb2.Duration = proto.Field( + proto.MESSAGE, + number=5, + message=duration_pb2.Duration, + ) + justification: 'Justification' = proto.Field( + proto.MESSAGE, + number=6, + message='Justification', + ) + state: State = proto.Field( + proto.ENUM, + number=7, + enum=State, + ) + timeline: Timeline = proto.Field( + proto.MESSAGE, + number=8, + message=Timeline, + ) + privileged_access: 'PrivilegedAccess' = proto.Field( + proto.MESSAGE, + number=9, + message='PrivilegedAccess', + ) + audit_trail: AuditTrail = proto.Field( + proto.MESSAGE, + number=10, + message=AuditTrail, + ) + additional_email_recipients: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=11, + ) + externally_modified: bool = proto.Field( + proto.BOOL, + number=12, + ) + + +class Justification(proto.Message): + r"""Justification represents a justification for requesting + access. + + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + unstructured_justification (str): + A free form textual justification. The system + only ensures that this is not empty. No other + kind of validation is performed on the string. + + This field is a member of `oneof`_ ``justification``. + """ + + unstructured_justification: str = proto.Field( + proto.STRING, + number=1, + oneof='justification', + ) + + +class ListGrantsRequest(proto.Message): + r"""Message for requesting list of grants. + + Attributes: + parent (str): + Required. The parent resource which owns the + grants. + page_size (int): + Optional. Requested page size. The server may + return fewer items than requested. If + unspecified, the server picks an appropriate + default. + page_token (str): + Optional. A token identifying a page of + results the server should return. + filter (str): + Optional. Filtering results. + order_by (str): + Optional. Hint for how to order the results + """ + + parent: str = proto.Field( + proto.STRING, + number=1, + ) + page_size: int = proto.Field( + proto.INT32, + number=2, + ) + page_token: str = proto.Field( + proto.STRING, + number=3, + ) + filter: str = proto.Field( + proto.STRING, + number=4, + ) + order_by: str = proto.Field( + proto.STRING, + number=5, + ) + + +class ListGrantsResponse(proto.Message): + r"""Message for response to listing grants. + + Attributes: + grants (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Grant]): + The list of grants. + next_page_token (str): + A token identifying a page of results the + server should return. + unreachable (MutableSequence[str]): + Locations that could not be reached. + """ + + @property + def raw_page(self): + return self + + grants: MutableSequence['Grant'] = proto.RepeatedField( + proto.MESSAGE, + number=1, + message='Grant', + ) + next_page_token: str = proto.Field( + proto.STRING, + number=2, + ) + unreachable: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=3, + ) + + +class SearchGrantsRequest(proto.Message): + r"""Request message for ``SearchGrants`` method. + + Attributes: + parent (str): + Required. The parent which owns the grant + resources. + caller_relationship (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest.CallerRelationshipType): + Required. Only grants which the caller is + related to by this relationship are returned in + the response. + filter (str): + Optional. Only grants matching this filter + are returned in the response. + page_size (int): + Optional. Requested page size. The server may + return fewer items than requested. If + unspecified, server picks an appropriate + default. + page_token (str): + Optional. A token identifying a page of + results the server should return. + """ + class CallerRelationshipType(proto.Enum): + r"""Different types of relationships a user can have with a + grant. + + Values: + CALLER_RELATIONSHIP_TYPE_UNSPECIFIED (0): + Unspecified caller relationship type. + HAD_CREATED (1): + The user created this grant by calling ``CreateGrant`` + earlier. + CAN_APPROVE (2): + The user is an approver for the entitlement + that this grant is parented under and can + currently approve/deny it. + HAD_APPROVED (3): + The caller had successfully approved/denied + this grant earlier. + """ + CALLER_RELATIONSHIP_TYPE_UNSPECIFIED = 0 + HAD_CREATED = 1 + CAN_APPROVE = 2 + HAD_APPROVED = 3 + + parent: str = proto.Field( + proto.STRING, + number=1, + ) + caller_relationship: CallerRelationshipType = proto.Field( + proto.ENUM, + number=2, + enum=CallerRelationshipType, + ) + filter: str = proto.Field( + proto.STRING, + number=3, + ) + page_size: int = proto.Field( + proto.INT32, + number=4, + ) + page_token: str = proto.Field( + proto.STRING, + number=5, + ) + + +class SearchGrantsResponse(proto.Message): + r"""Response message for ``SearchGrants`` method. + + Attributes: + grants (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Grant]): + The list of grants. + next_page_token (str): + A token identifying a page of results the + server should return. + """ + + @property + def raw_page(self): + return self + + grants: MutableSequence['Grant'] = proto.RepeatedField( + proto.MESSAGE, + number=1, + message='Grant', + ) + next_page_token: str = proto.Field( + proto.STRING, + number=2, + ) + + +class GetGrantRequest(proto.Message): + r"""Message for getting a grant. + + Attributes: + name (str): + Required. Name of the resource. + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + + +class ApproveGrantRequest(proto.Message): + r"""Request message for ``ApproveGrant`` method. + + Attributes: + name (str): + Required. Name of the grant resource which is + being approved. + reason (str): + Optional. The reason for approving this grant. This is + required if the ``require_approver_justification`` field of + the ``ManualApprovals`` workflow used in this grant is true. + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + reason: str = proto.Field( + proto.STRING, + number=2, + ) + + +class DenyGrantRequest(proto.Message): + r"""Request message for ``DenyGrant`` method. + + Attributes: + name (str): + Required. Name of the grant resource which is + being denied. + reason (str): + Optional. The reason for denying this grant. This is + required if ``require_approver_justification`` field of the + ``ManualApprovals`` workflow used in this grant is true. + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + reason: str = proto.Field( + proto.STRING, + number=2, + ) + + +class RevokeGrantRequest(proto.Message): + r"""Request message for ``RevokeGrant`` method. + + Attributes: + name (str): + Required. Name of the grant resource which is + being revoked. + reason (str): + Optional. The reason for revoking this grant. + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + reason: str = proto.Field( + proto.STRING, + number=2, + ) + + +class CreateGrantRequest(proto.Message): + r"""Message for creating a grant + + Attributes: + parent (str): + Required. Name of the parent entitlement for + which this grant is being requested. + grant (google.cloud.privilegedaccessmanager_v1.types.Grant): + Required. The resource being created. + request_id (str): + Optional. An optional request ID to identify + requests. Specify a unique request ID so that if + you must retry your request, the server knows to + ignore the request if it has already been + completed. The server guarantees this for at + least 60 minutes after the first request. + + For example, consider a situation where you make + an initial request and the request times out. If + you make the request again with the same request + ID, the server can check if original operation + with the same request ID was received, and if + so, ignores the second request. This prevents + clients from accidentally creating duplicate + grants. + + The request ID must be a valid UUID with the + exception that zero UUID is not supported + (00000000-0000-0000-0000-000000000000). + """ + + parent: str = proto.Field( + proto.STRING, + number=1, + ) + grant: 'Grant' = proto.Field( + proto.MESSAGE, + number=2, + message='Grant', + ) + request_id: str = proto.Field( + proto.STRING, + number=3, + ) + + +class OperationMetadata(proto.Message): + r"""Represents the metadata of the long-running operation. + + Attributes: + create_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time the operation was + created. + end_time (google.protobuf.timestamp_pb2.Timestamp): + Output only. The time the operation finished + running. + target (str): + Output only. Server-defined resource path for + the target of the operation. + verb (str): + Output only. Name of the verb executed by the + operation. + status_message (str): + Output only. Human-readable status of the + operation, if any. + requested_cancellation (bool): + Output only. Identifies whether the user has requested + cancellation of the operation. Operations that have been + cancelled successfully have [Operation.error][] value with a + [google.rpc.Status.code][google.rpc.Status.code] of 1, + corresponding to ``Code.CANCELLED``. + api_version (str): + Output only. API version used to start the + operation. + """ + + create_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=1, + message=timestamp_pb2.Timestamp, + ) + end_time: timestamp_pb2.Timestamp = proto.Field( + proto.MESSAGE, + number=2, + message=timestamp_pb2.Timestamp, + ) + target: str = proto.Field( + proto.STRING, + number=3, + ) + verb: str = proto.Field( + proto.STRING, + number=4, + ) + status_message: str = proto.Field( + proto.STRING, + number=5, + ) + requested_cancellation: bool = proto.Field( + proto.BOOL, + number=6, + ) + api_version: str = proto.Field( + proto.STRING, + number=7, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/mypy.ini b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/mypy.ini new file mode 100644 index 000000000000..574c5aed394b --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/mypy.ini @@ -0,0 +1,3 @@ +[mypy] +python_version = 3.7 +namespace_packages = True diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/noxfile.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/noxfile.py new file mode 100644 index 000000000000..1a9b77b0c1b5 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/noxfile.py @@ -0,0 +1,591 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import pathlib +import re +import shutil + +from typing import Dict, List +import warnings + +import nox + +BLACK_VERSION = "black[jupyter]==23.7.0" +ISORT_VERSION = "isort==5.11.0" + +LINT_PATHS = ["docs", "google", "tests", "noxfile.py", "setup.py"] + +ALL_PYTHON = [ + "3.7", + "3.8", + "3.9", + "3.10", + "3.11", + "3.12", + "3.13", +] + +DEFAULT_PYTHON_VERSION = ALL_PYTHON[-1] + +CURRENT_DIRECTORY = pathlib.Path(__file__).parent.absolute() + +LOWER_BOUND_CONSTRAINTS_FILE = CURRENT_DIRECTORY / "constraints.txt" +PACKAGE_NAME = "google-cloud-privilegedaccessmanager" + +UNIT_TEST_STANDARD_DEPENDENCIES = [ + "mock", + "asyncmock", + "pytest", + "pytest-cov", + "pytest-asyncio", +] +UNIT_TEST_EXTERNAL_DEPENDENCIES: List[str] = [] +UNIT_TEST_LOCAL_DEPENDENCIES: List[str] = [] +UNIT_TEST_DEPENDENCIES: List[str] = [] +UNIT_TEST_EXTRAS: List[str] = [] +UNIT_TEST_EXTRAS_BY_PYTHON: Dict[str, List[str]] = {} + +SYSTEM_TEST_PYTHON_VERSIONS: List[str] = ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"] +SYSTEM_TEST_STANDARD_DEPENDENCIES = [ + "mock", + "pytest", + "google-cloud-testutils", +] +SYSTEM_TEST_EXTERNAL_DEPENDENCIES: List[str] = [] +SYSTEM_TEST_LOCAL_DEPENDENCIES: List[str] = [] +SYSTEM_TEST_DEPENDENCIES: List[str] = [] +SYSTEM_TEST_EXTRAS: List[str] = [] +SYSTEM_TEST_EXTRAS_BY_PYTHON: Dict[str, List[str]] = {} + +nox.options.sessions = [ + "unit", + "system", + "cover", + "lint", + "lint_setup_py", + "blacken", + "docs", +] + +# Error if a python version is missing +nox.options.error_on_missing_interpreters = True + + +@nox.session(python=ALL_PYTHON) +def mypy(session): + """Run the type checker.""" + session.install( + "mypy", + "types-requests", + "types-protobuf", + ) + session.install(".") + session.run( + "mypy", + "-p", + "google", + ) + + +@nox.session +def update_lower_bounds(session): + """Update lower bounds in constraints.txt to match setup.py""" + session.install("google-cloud-testutils") + session.install(".") + + session.run( + "lower-bound-checker", + "update", + "--package-name", + PACKAGE_NAME, + "--constraints-file", + str(LOWER_BOUND_CONSTRAINTS_FILE), + ) + + +@nox.session +def check_lower_bounds(session): + """Check lower bounds in setup.py are reflected in constraints file""" + session.install("google-cloud-testutils") + session.install(".") + + session.run( + "lower-bound-checker", + "check", + "--package-name", + PACKAGE_NAME, + "--constraints-file", + str(LOWER_BOUND_CONSTRAINTS_FILE), + ) + + +@nox.session(python=DEFAULT_PYTHON_VERSION) +def lint(session): + """Run linters. + + Returns a failure if the linters find linting errors or sufficiently + serious code quality issues. + """ + session.install("flake8", BLACK_VERSION) + session.run( + "black", + "--check", + *LINT_PATHS, + ) + + session.run("flake8", "google", "tests") + + +@nox.session(python=DEFAULT_PYTHON_VERSION) +def blacken(session): + """Run black. Format code to uniform standard.""" + session.install(BLACK_VERSION) + session.run( + "black", + *LINT_PATHS, + ) + + +@nox.session(python=DEFAULT_PYTHON_VERSION) +def format(session): + """ + Run isort to sort imports. Then run black + to format code to uniform standard. + """ + session.install(BLACK_VERSION, ISORT_VERSION) + # Use the --fss option to sort imports using strict alphabetical order. + # See https://pycqa.github.io/isort/docs/configuration/options.html#force-sort-within-sections + session.run( + "isort", + "--fss", + *LINT_PATHS, + ) + session.run( + "black", + *LINT_PATHS, + ) + + +@nox.session(python=DEFAULT_PYTHON_VERSION) +def lint_setup_py(session): + """Verify that setup.py is valid (including RST check).""" + session.install("setuptools", "docutils", "pygments") + session.run("python", "setup.py", "check", "--restructuredtext", "--strict") + + +def install_unittest_dependencies(session, *constraints): + standard_deps = UNIT_TEST_STANDARD_DEPENDENCIES + UNIT_TEST_DEPENDENCIES + session.install(*standard_deps, *constraints) + + if UNIT_TEST_EXTERNAL_DEPENDENCIES: + warnings.warn( + "'unit_test_external_dependencies' is deprecated. Instead, please " + "use 'unit_test_dependencies' or 'unit_test_local_dependencies'.", + DeprecationWarning, + ) + session.install(*UNIT_TEST_EXTERNAL_DEPENDENCIES, *constraints) + + if UNIT_TEST_LOCAL_DEPENDENCIES: + session.install(*UNIT_TEST_LOCAL_DEPENDENCIES, *constraints) + + if UNIT_TEST_EXTRAS_BY_PYTHON: + extras = UNIT_TEST_EXTRAS_BY_PYTHON.get(session.python, []) + elif UNIT_TEST_EXTRAS: + extras = UNIT_TEST_EXTRAS + else: + extras = [] + + if extras: + session.install("-e", f".[{','.join(extras)}]", *constraints) + else: + session.install("-e", ".", *constraints) + + +@nox.session(python=ALL_PYTHON) +@nox.parametrize( + "protobuf_implementation", + ["python", "upb", "cpp"], +) +def unit(session, protobuf_implementation): + # Install all test dependencies, then install this package in-place. + + if protobuf_implementation == "cpp" and session.python in ("3.11", "3.12", "3.13"): + session.skip("cpp implementation is not supported in python 3.11+") + + constraints_path = str( + CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt" + ) + install_unittest_dependencies(session, "-c", constraints_path) + + # TODO(https://github.com/googleapis/synthtool/issues/1976): + # Remove the 'cpp' implementation once support for Protobuf 3.x is dropped. + # The 'cpp' implementation requires Protobuf<4. + if protobuf_implementation == "cpp": + session.install("protobuf<4") + + # Run py.test against the unit tests. + session.run( + "py.test", + "--quiet", + f"--junitxml=unit_{session.python}_sponge_log.xml", + "--cov=google", + "--cov=tests/unit", + "--cov-append", + "--cov-config=.coveragerc", + "--cov-report=", + "--cov-fail-under=0", + os.path.join("tests", "unit"), + *session.posargs, + env={ + "PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION": protobuf_implementation, + }, + ) + + +def install_systemtest_dependencies(session, *constraints): + session.install("--pre", "grpcio") + + session.install(*SYSTEM_TEST_STANDARD_DEPENDENCIES, *constraints) + + if SYSTEM_TEST_EXTERNAL_DEPENDENCIES: + session.install(*SYSTEM_TEST_EXTERNAL_DEPENDENCIES, *constraints) + + if SYSTEM_TEST_LOCAL_DEPENDENCIES: + session.install("-e", *SYSTEM_TEST_LOCAL_DEPENDENCIES, *constraints) + + if SYSTEM_TEST_DEPENDENCIES: + session.install("-e", *SYSTEM_TEST_DEPENDENCIES, *constraints) + + if SYSTEM_TEST_EXTRAS_BY_PYTHON: + extras = SYSTEM_TEST_EXTRAS_BY_PYTHON.get(session.python, []) + elif SYSTEM_TEST_EXTRAS: + extras = SYSTEM_TEST_EXTRAS + else: + extras = [] + + if extras: + session.install("-e", f".[{','.join(extras)}]", *constraints) + else: + session.install("-e", ".", *constraints) + + +@nox.session(python=SYSTEM_TEST_PYTHON_VERSIONS) +def system(session): + """Run the system test suite.""" + constraints_path = str( + CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt" + ) + system_test_path = os.path.join("tests", "system.py") + system_test_folder_path = os.path.join("tests", "system") + + # Check the value of `RUN_SYSTEM_TESTS` env var. It defaults to true. + if os.environ.get("RUN_SYSTEM_TESTS", "true") == "false": + session.skip("RUN_SYSTEM_TESTS is set to false, skipping") + # Install pyopenssl for mTLS testing. + if os.environ.get("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") == "true": + session.install("pyopenssl") + + system_test_exists = os.path.exists(system_test_path) + system_test_folder_exists = os.path.exists(system_test_folder_path) + # Sanity check: only run tests if found. + if not system_test_exists and not system_test_folder_exists: + session.skip("System tests were not found") + + install_systemtest_dependencies(session, "-c", constraints_path) + + # Run py.test against the system tests. + if system_test_exists: + session.run( + "py.test", + "--quiet", + f"--junitxml=system_{session.python}_sponge_log.xml", + system_test_path, + *session.posargs, + ) + if system_test_folder_exists: + session.run( + "py.test", + "--quiet", + f"--junitxml=system_{session.python}_sponge_log.xml", + system_test_folder_path, + *session.posargs, + ) + + +@nox.session(python=DEFAULT_PYTHON_VERSION) +def cover(session): + """Run the final coverage report. + + This outputs the coverage report aggregating coverage from the unit + test runs (not system test runs), and then erases coverage data. + """ + session.install("coverage", "pytest-cov") + session.run("coverage", "report", "--show-missing", "--fail-under=100") + + session.run("coverage", "erase") + + +@nox.session(python="3.10") +def docs(session): + """Build the docs for this library.""" + + session.install("-e", ".") + session.install( + # We need to pin to specific versions of the `sphinxcontrib-*` packages + # which still support sphinx 4.x. + # See https://github.com/googleapis/sphinx-docfx-yaml/issues/344 + # and https://github.com/googleapis/sphinx-docfx-yaml/issues/345. + "sphinxcontrib-applehelp==1.0.4", + "sphinxcontrib-devhelp==1.0.2", + "sphinxcontrib-htmlhelp==2.0.1", + "sphinxcontrib-qthelp==1.0.3", + "sphinxcontrib-serializinghtml==1.1.5", + "sphinx==4.5.0", + "alabaster", + "recommonmark", + ) + + shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) + session.run( + "sphinx-build", + "-W", # warnings as errors + "-T", # show full traceback on exception + "-N", # no colors + "-b", + "html", + "-d", + os.path.join("docs", "_build", "doctrees", ""), + os.path.join("docs", ""), + os.path.join("docs", "_build", "html", ""), + ) + + +@nox.session(python="3.10") +def docfx(session): + """Build the docfx yaml files for this library.""" + + session.install("-e", ".") + session.install( + # We need to pin to specific versions of the `sphinxcontrib-*` packages + # which still support sphinx 4.x. + # See https://github.com/googleapis/sphinx-docfx-yaml/issues/344 + # and https://github.com/googleapis/sphinx-docfx-yaml/issues/345. + "sphinxcontrib-applehelp==1.0.4", + "sphinxcontrib-devhelp==1.0.2", + "sphinxcontrib-htmlhelp==2.0.1", + "sphinxcontrib-qthelp==1.0.3", + "sphinxcontrib-serializinghtml==1.1.5", + "gcp-sphinx-docfx-yaml", + "alabaster", + "recommonmark", + ) + + shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) + session.run( + "sphinx-build", + "-T", # show full traceback on exception + "-N", # no colors + "-D", + ( + "extensions=sphinx.ext.autodoc," + "sphinx.ext.autosummary," + "docfx_yaml.extension," + "sphinx.ext.intersphinx," + "sphinx.ext.coverage," + "sphinx.ext.napoleon," + "sphinx.ext.todo," + "sphinx.ext.viewcode," + "recommonmark" + ), + "-b", + "html", + "-d", + os.path.join("docs", "_build", "doctrees", ""), + os.path.join("docs", ""), + os.path.join("docs", "_build", "html", ""), + ) + + +@nox.session(python=DEFAULT_PYTHON_VERSION) +@nox.parametrize( + "protobuf_implementation", + ["python", "upb", "cpp"], +) +def prerelease_deps(session, protobuf_implementation): + """ + Run all tests with pre-release versions of dependencies installed + rather than the standard non pre-release versions. + Pre-release versions can be installed using + `pip install --pre `. + """ + + if protobuf_implementation == "cpp" and session.python in ("3.11", "3.12", "3.13"): + session.skip("cpp implementation is not supported in python 3.11+") + + # Install all dependencies + session.install("-e", ".") + + # Install dependencies for the unit test environment + unit_deps_all = UNIT_TEST_STANDARD_DEPENDENCIES + UNIT_TEST_EXTERNAL_DEPENDENCIES + session.install(*unit_deps_all) + + # Install dependencies for the system test environment + system_deps_all = ( + SYSTEM_TEST_STANDARD_DEPENDENCIES + + SYSTEM_TEST_EXTERNAL_DEPENDENCIES + + SYSTEM_TEST_EXTRAS + ) + session.install(*system_deps_all) + + # Because we test minimum dependency versions on the minimum Python + # version, the first version we test with in the unit tests sessions has a + # constraints file containing all dependencies and extras. + with open( + CURRENT_DIRECTORY / "testing" / f"constraints-{ALL_PYTHON[0]}.txt", + encoding="utf-8", + ) as constraints_file: + constraints_text = constraints_file.read() + + # Ignore leading whitespace and comment lines. + constraints_deps = [ + match.group(1) + for match in re.finditer( + r"^\s*(\S+)(?===\S+)", constraints_text, flags=re.MULTILINE + ) + ] + + # Install dependencies specified in `testing/constraints-X.txt`. + session.install(*constraints_deps) + + # Note: If a dependency is added to the `prerel_deps` list, + # the `core_dependencies_from_source` list in the `core_deps_from_source` + # nox session should also be updated. + prerel_deps = [ + "googleapis-common-protos", + "google-api-core", + "google-auth", + "grpc-google-iam-v1", + "grpcio", + "grpcio-status", + "protobuf", + "proto-plus", + ] + + for dep in prerel_deps: + session.install("--pre", "--no-deps", "--ignore-installed", dep) + # TODO(https://github.com/grpc/grpc/issues/38965): Add `grpcio-status`` + # to the dictionary below once this bug is fixed. + # TODO(https://github.com/googleapis/google-cloud-python/issues/13643): Add + # `googleapis-common-protos` and `grpc-google-iam-v1` to the dictionary below + # once this bug is fixed. + package_namespaces = { + "google-api-core": "google.api_core", + "google-auth": "google.auth", + "grpcio": "grpc", + "protobuf": "google.protobuf", + "proto-plus": "proto", + } + + version_namespace = package_namespaces.get(dep) + + print(f"Installed {dep}") + if version_namespace: + session.run( + "python", + "-c", + f"import {version_namespace}; print({version_namespace}.__version__)", + ) + + session.run( + "py.test", + "tests/unit", + env={ + "PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION": protobuf_implementation, + }, + ) + + +@nox.session(python=DEFAULT_PYTHON_VERSION) +@nox.parametrize( + "protobuf_implementation", + ["python", "upb"], +) +def core_deps_from_source(session, protobuf_implementation): + """Run all tests with core dependencies installed from source + rather than pulling the dependencies from PyPI. + """ + + # Install all dependencies + session.install("-e", ".") + + # Install dependencies for the unit test environment + unit_deps_all = UNIT_TEST_STANDARD_DEPENDENCIES + UNIT_TEST_EXTERNAL_DEPENDENCIES + session.install(*unit_deps_all) + + # Install dependencies for the system test environment + system_deps_all = ( + SYSTEM_TEST_STANDARD_DEPENDENCIES + + SYSTEM_TEST_EXTERNAL_DEPENDENCIES + + SYSTEM_TEST_EXTRAS + ) + session.install(*system_deps_all) + + # Because we test minimum dependency versions on the minimum Python + # version, the first version we test with in the unit tests sessions has a + # constraints file containing all dependencies and extras. + with open( + CURRENT_DIRECTORY / "testing" / f"constraints-{ALL_PYTHON[0]}.txt", + encoding="utf-8", + ) as constraints_file: + constraints_text = constraints_file.read() + + # Ignore leading whitespace and comment lines. + constraints_deps = [ + match.group(1) + for match in re.finditer( + r"^\s*(\S+)(?===\S+)", constraints_text, flags=re.MULTILINE + ) + ] + + # Install dependencies specified in `testing/constraints-X.txt`. + session.install(*constraints_deps) + + # TODO(https://github.com/googleapis/gapic-generator-python/issues/2358): `grpcio` and + # `grpcio-status` should be added to the list below so that they are installed from source, + # rather than PyPI. + # TODO(https://github.com/googleapis/gapic-generator-python/issues/2357): `protobuf` should be + # added to the list below so that it is installed from source, rather than PyPI + # Note: If a dependency is added to the `core_dependencies_from_source` list, + # the `prerel_deps` list in the `prerelease_deps` nox session should also be updated. + core_dependencies_from_source = [ + "googleapis-common-protos @ git+https://github.com/googleapis/google-cloud-python#egg=googleapis-common-protos&subdirectory=packages/googleapis-common-protos", + "google-api-core @ git+https://github.com/googleapis/python-api-core.git", + "google-auth @ git+https://github.com/googleapis/google-auth-library-python.git", + "grpc-google-iam-v1 @ git+https://github.com/googleapis/google-cloud-python#egg=grpc-google-iam-v1&subdirectory=packages/grpc-google-iam-v1", + "proto-plus @ git+https://github.com/googleapis/proto-plus-python.git", + ] + + for dep in core_dependencies_from_source: + session.install(dep, "--no-deps", "--ignore-installed") + print(f"Installed {dep}") + + session.run( + "py.test", + "tests/unit", + env={ + "PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION": protobuf_implementation, + }, + ) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py new file mode 100644 index 000000000000..5a75f81645ac --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ApproveGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_approve_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ApproveGrantRequest( + name="name_value", + ) + + # Make the request + response = await client.approve_grant(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py new file mode 100644 index 000000000000..2f57c1a17b1d --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ApproveGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_approve_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ApproveGrantRequest( + name="name_value", + ) + + # Make the request + response = client.approve_grant(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py new file mode 100644 index 000000000000..96c44c94f93d --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for CheckOnboardingStatus +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_check_onboarding_status(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CheckOnboardingStatusRequest( + parent="parent_value", + ) + + # Make the request + response = await client.check_onboarding_status(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py new file mode 100644 index 000000000000..2dd1bc1e5fdc --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for CheckOnboardingStatus +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_check_onboarding_status(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CheckOnboardingStatusRequest( + parent="parent_value", + ) + + # Make the request + response = client.check_onboarding_status(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py new file mode 100644 index 000000000000..3fcae3e01510 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py @@ -0,0 +1,57 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for CreateEntitlement +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_create_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CreateEntitlementRequest( + parent="parent_value", + entitlement_id="entitlement_id_value", + ) + + # Make the request + operation = client.create_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = (await operation).result() + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py new file mode 100644 index 000000000000..6b36bf5670cb --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py @@ -0,0 +1,57 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for CreateEntitlement +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_create_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CreateEntitlementRequest( + parent="parent_value", + entitlement_id="entitlement_id_value", + ) + + # Make the request + operation = client.create_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py new file mode 100644 index 000000000000..191855495e33 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for CreateGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_create_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CreateGrantRequest( + parent="parent_value", + ) + + # Make the request + response = await client.create_grant(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py new file mode 100644 index 000000000000..70109a3e814e --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for CreateGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_create_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.CreateGrantRequest( + parent="parent_value", + ) + + # Make the request + response = client.create_grant(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py new file mode 100644 index 000000000000..a85572258434 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for DeleteEntitlement +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_delete_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.DeleteEntitlementRequest( + name="name_value", + ) + + # Make the request + operation = client.delete_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = (await operation).result() + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py new file mode 100644 index 000000000000..32adc7c84e4a --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for DeleteEntitlement +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_delete_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.DeleteEntitlementRequest( + name="name_value", + ) + + # Make the request + operation = client.delete_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py new file mode 100644 index 000000000000..08fbde7b44b0 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for DenyGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_deny_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.DenyGrantRequest( + name="name_value", + ) + + # Make the request + response = await client.deny_grant(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py new file mode 100644 index 000000000000..406db68e5b41 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for DenyGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_deny_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.DenyGrantRequest( + name="name_value", + ) + + # Make the request + response = client.deny_grant(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py new file mode 100644 index 000000000000..fc3d2337c859 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for GetEntitlement +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_get_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.GetEntitlementRequest( + name="name_value", + ) + + # Make the request + response = await client.get_entitlement(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py new file mode 100644 index 000000000000..509325637776 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for GetEntitlement +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_get_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.GetEntitlementRequest( + name="name_value", + ) + + # Make the request + response = client.get_entitlement(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py new file mode 100644 index 000000000000..7e24bdd98071 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for GetGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_get_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.GetGrantRequest( + name="name_value", + ) + + # Make the request + response = await client.get_grant(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py new file mode 100644 index 000000000000..41fd56d625ca --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for GetGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_get_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.GetGrantRequest( + name="name_value", + ) + + # Make the request + response = client.get_grant(request=request) + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py new file mode 100644 index 000000000000..43f03d2642c7 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ListEntitlements +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_list_entitlements(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ListEntitlementsRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_entitlements(request=request) + + # Handle the response + async for response in page_result: + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py new file mode 100644 index 000000000000..3314ae3f07de --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ListEntitlements +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_list_entitlements(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ListEntitlementsRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_entitlements(request=request) + + # Handle the response + for response in page_result: + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py new file mode 100644 index 000000000000..a470010da06a --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ListGrants +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_list_grants(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ListGrantsRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_grants(request=request) + + # Handle the response + async for response in page_result: + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py new file mode 100644 index 000000000000..d49514c9df13 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for ListGrants +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_list_grants(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.ListGrantsRequest( + parent="parent_value", + ) + + # Make the request + page_result = client.list_grants(request=request) + + # Handle the response + for response in page_result: + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py new file mode 100644 index 000000000000..ecc366ec8b6e --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for RevokeGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_revoke_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.RevokeGrantRequest( + name="name_value", + ) + + # Make the request + operation = client.revoke_grant(request=request) + + print("Waiting for operation to complete...") + + response = (await operation).result() + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py new file mode 100644 index 000000000000..1530273e05ca --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py @@ -0,0 +1,56 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for RevokeGrant +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_revoke_grant(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.RevokeGrantRequest( + name="name_value", + ) + + # Make the request + operation = client.revoke_grant(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py new file mode 100644 index 000000000000..7432db22ffb4 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for SearchEntitlements +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_search_entitlements(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.SearchEntitlementsRequest( + parent="parent_value", + caller_access_type="GRANT_APPROVER", + ) + + # Make the request + page_result = client.search_entitlements(request=request) + + # Handle the response + async for response in page_result: + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py new file mode 100644 index 000000000000..63d4a8135a87 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for SearchEntitlements +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_search_entitlements(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.SearchEntitlementsRequest( + parent="parent_value", + caller_access_type="GRANT_APPROVER", + ) + + # Make the request + page_result = client.search_entitlements(request=request) + + # Handle the response + for response in page_result: + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py new file mode 100644 index 000000000000..e6bbe7abdd47 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for SearchGrants +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_search_grants(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.SearchGrantsRequest( + parent="parent_value", + caller_relationship="HAD_APPROVED", + ) + + # Make the request + page_result = client.search_grants(request=request) + + # Handle the response + async for response in page_result: + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py new file mode 100644 index 000000000000..731624459399 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for SearchGrants +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_search_grants(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.SearchGrantsRequest( + parent="parent_value", + caller_relationship="HAD_APPROVED", + ) + + # Make the request + page_result = client.search_grants(request=request) + + # Handle the response + for response in page_result: + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py new file mode 100644 index 000000000000..eab4e647a970 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for UpdateEntitlement +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +async def sample_update_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.UpdateEntitlementRequest( + ) + + # Make the request + operation = client.update_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = (await operation).result() + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py new file mode 100644 index 000000000000..d10776a313d8 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py @@ -0,0 +1,55 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for UpdateEntitlement +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-privilegedaccessmanager + + +# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import privilegedaccessmanager_v1 + + +def sample_update_entitlement(): + # Create a client + client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() + + # Initialize request argument(s) + request = privilegedaccessmanager_v1.UpdateEntitlementRequest( + ) + + # Make the request + operation = client.update_entitlement(request=request) + + print("Waiting for operation to complete...") + + response = operation.result() + + # Handle the response + print(response) + +# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json new file mode 100644 index 000000000000..ec4443c5cbc9 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json @@ -0,0 +1,2253 @@ +{ + "clientLibrary": { + "apis": [ + { + "id": "google.cloud.privilegedaccessmanager.v1", + "version": "v1" + } + ], + "language": "PYTHON", + "name": "google-cloud-privilegedaccessmanager", + "version": "0.1.0" + }, + "snippets": [ + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.approve_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ApproveGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "ApproveGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.ApproveGrantRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", + "shortName": "approve_grant" + }, + "description": "Sample for ApproveGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_async", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.approve_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ApproveGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "ApproveGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.ApproveGrantRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", + "shortName": "approve_grant" + }, + "description": "Sample for ApproveGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_sync", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.check_onboarding_status", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CheckOnboardingStatus", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "CheckOnboardingStatus" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse", + "shortName": "check_onboarding_status" + }, + "description": "Sample for CheckOnboardingStatus", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_async", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.check_onboarding_status", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CheckOnboardingStatus", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "CheckOnboardingStatus" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse", + "shortName": "check_onboarding_status" + }, + "description": "Sample for CheckOnboardingStatus", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_sync", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.create_entitlement", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CreateEntitlement", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "CreateEntitlement" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.CreateEntitlementRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "entitlement", + "type": "google.cloud.privilegedaccessmanager_v1.types.Entitlement" + }, + { + "name": "entitlement_id", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.api_core.operation_async.AsyncOperation", + "shortName": "create_entitlement" + }, + "description": "Sample for CreateEntitlement", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_async", + "segments": [ + { + "end": 56, + "start": 27, + "type": "FULL" + }, + { + "end": 56, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 46, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 53, + "start": 47, + "type": "REQUEST_EXECUTION" + }, + { + "end": 57, + "start": 54, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.create_entitlement", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CreateEntitlement", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "CreateEntitlement" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.CreateEntitlementRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "entitlement", + "type": "google.cloud.privilegedaccessmanager_v1.types.Entitlement" + }, + { + "name": "entitlement_id", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.api_core.operation.Operation", + "shortName": "create_entitlement" + }, + "description": "Sample for CreateEntitlement", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_sync", + "segments": [ + { + "end": 56, + "start": 27, + "type": "FULL" + }, + { + "end": 56, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 46, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 53, + "start": 47, + "type": "REQUEST_EXECUTION" + }, + { + "end": 57, + "start": 54, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.create_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CreateGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "CreateGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.CreateGrantRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "grant", + "type": "google.cloud.privilegedaccessmanager_v1.types.Grant" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", + "shortName": "create_grant" + }, + "description": "Sample for CreateGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_async", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.create_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CreateGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "CreateGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.CreateGrantRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "grant", + "type": "google.cloud.privilegedaccessmanager_v1.types.Grant" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", + "shortName": "create_grant" + }, + "description": "Sample for CreateGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_sync", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.delete_entitlement", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.DeleteEntitlement", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "DeleteEntitlement" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.DeleteEntitlementRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.api_core.operation_async.AsyncOperation", + "shortName": "delete_entitlement" + }, + "description": "Sample for DeleteEntitlement", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_async", + "segments": [ + { + "end": 55, + "start": 27, + "type": "FULL" + }, + { + "end": 55, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 52, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 56, + "start": 53, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.delete_entitlement", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.DeleteEntitlement", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "DeleteEntitlement" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.DeleteEntitlementRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.api_core.operation.Operation", + "shortName": "delete_entitlement" + }, + "description": "Sample for DeleteEntitlement", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_sync", + "segments": [ + { + "end": 55, + "start": 27, + "type": "FULL" + }, + { + "end": 55, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 52, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 56, + "start": 53, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.deny_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.DenyGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "DenyGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.DenyGrantRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", + "shortName": "deny_grant" + }, + "description": "Sample for DenyGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_async", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.deny_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.DenyGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "DenyGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.DenyGrantRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", + "shortName": "deny_grant" + }, + "description": "Sample for DenyGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_sync", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.get_entitlement", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.GetEntitlement", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "GetEntitlement" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.GetEntitlementRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Entitlement", + "shortName": "get_entitlement" + }, + "description": "Sample for GetEntitlement", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_async", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.get_entitlement", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.GetEntitlement", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "GetEntitlement" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.GetEntitlementRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Entitlement", + "shortName": "get_entitlement" + }, + "description": "Sample for GetEntitlement", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_sync", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.get_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.GetGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "GetGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.GetGrantRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", + "shortName": "get_grant" + }, + "description": "Sample for GetGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_async", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.get_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.GetGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "GetGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.GetGrantRequest" + }, + { + "name": "name", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", + "shortName": "get_grant" + }, + "description": "Sample for GetGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_sync", + "segments": [ + { + "end": 51, + "start": 27, + "type": "FULL" + }, + { + "end": 51, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 52, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.list_entitlements", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ListEntitlements", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "ListEntitlements" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListEntitlementsAsyncPager", + "shortName": "list_entitlements" + }, + "description": "Sample for ListEntitlements", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_async", + "segments": [ + { + "end": 52, + "start": 27, + "type": "FULL" + }, + { + "end": 52, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 53, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.list_entitlements", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ListEntitlements", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "ListEntitlements" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListEntitlementsPager", + "shortName": "list_entitlements" + }, + "description": "Sample for ListEntitlements", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_sync", + "segments": [ + { + "end": 52, + "start": 27, + "type": "FULL" + }, + { + "end": 52, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 53, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.list_grants", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ListGrants", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "ListGrants" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListGrantsAsyncPager", + "shortName": "list_grants" + }, + "description": "Sample for ListGrants", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_async", + "segments": [ + { + "end": 52, + "start": 27, + "type": "FULL" + }, + { + "end": 52, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 53, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.list_grants", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ListGrants", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "ListGrants" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest" + }, + { + "name": "parent", + "type": "str" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListGrantsPager", + "shortName": "list_grants" + }, + "description": "Sample for ListGrants", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_sync", + "segments": [ + { + "end": 52, + "start": 27, + "type": "FULL" + }, + { + "end": 52, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 48, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 53, + "start": 49, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.revoke_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.RevokeGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "RevokeGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.RevokeGrantRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.api_core.operation_async.AsyncOperation", + "shortName": "revoke_grant" + }, + "description": "Sample for RevokeGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_async", + "segments": [ + { + "end": 55, + "start": 27, + "type": "FULL" + }, + { + "end": 55, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 52, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 56, + "start": 53, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.revoke_grant", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.RevokeGrant", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "RevokeGrant" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.RevokeGrantRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.api_core.operation.Operation", + "shortName": "revoke_grant" + }, + "description": "Sample for RevokeGrant", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_sync", + "segments": [ + { + "end": 55, + "start": 27, + "type": "FULL" + }, + { + "end": 55, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 45, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 52, + "start": 46, + "type": "REQUEST_EXECUTION" + }, + { + "end": 56, + "start": 53, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.search_entitlements", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.SearchEntitlements", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "SearchEntitlements" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchEntitlementsAsyncPager", + "shortName": "search_entitlements" + }, + "description": "Sample for SearchEntitlements", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_async", + "segments": [ + { + "end": 53, + "start": 27, + "type": "FULL" + }, + { + "end": 53, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 46, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 49, + "start": 47, + "type": "REQUEST_EXECUTION" + }, + { + "end": 54, + "start": 50, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.search_entitlements", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.SearchEntitlements", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "SearchEntitlements" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchEntitlementsPager", + "shortName": "search_entitlements" + }, + "description": "Sample for SearchEntitlements", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_sync", + "segments": [ + { + "end": 53, + "start": 27, + "type": "FULL" + }, + { + "end": 53, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 46, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 49, + "start": 47, + "type": "REQUEST_EXECUTION" + }, + { + "end": 54, + "start": 50, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.search_grants", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.SearchGrants", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "SearchGrants" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchGrantsAsyncPager", + "shortName": "search_grants" + }, + "description": "Sample for SearchGrants", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_async", + "segments": [ + { + "end": 53, + "start": 27, + "type": "FULL" + }, + { + "end": 53, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 46, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 49, + "start": 47, + "type": "REQUEST_EXECUTION" + }, + { + "end": 54, + "start": 50, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.search_grants", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.SearchGrants", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "SearchGrants" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchGrantsPager", + "shortName": "search_grants" + }, + "description": "Sample for SearchGrants", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_sync", + "segments": [ + { + "end": 53, + "start": 27, + "type": "FULL" + }, + { + "end": 53, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 46, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 49, + "start": 47, + "type": "REQUEST_EXECUTION" + }, + { + "end": 54, + "start": 50, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", + "shortName": "PrivilegedAccessManagerAsyncClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.update_entitlement", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.UpdateEntitlement", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "UpdateEntitlement" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.UpdateEntitlementRequest" + }, + { + "name": "entitlement", + "type": "google.cloud.privilegedaccessmanager_v1.types.Entitlement" + }, + { + "name": "update_mask", + "type": "google.protobuf.field_mask_pb2.FieldMask" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.api_core.operation_async.AsyncOperation", + "shortName": "update_entitlement" + }, + "description": "Sample for UpdateEntitlement", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_async", + "segments": [ + { + "end": 54, + "start": 27, + "type": "FULL" + }, + { + "end": 54, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 44, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 51, + "start": 45, + "type": "REQUEST_EXECUTION" + }, + { + "end": 55, + "start": 52, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", + "shortName": "PrivilegedAccessManagerClient" + }, + "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.update_entitlement", + "method": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.UpdateEntitlement", + "service": { + "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", + "shortName": "PrivilegedAccessManager" + }, + "shortName": "UpdateEntitlement" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.privilegedaccessmanager_v1.types.UpdateEntitlementRequest" + }, + { + "name": "entitlement", + "type": "google.cloud.privilegedaccessmanager_v1.types.Entitlement" + }, + { + "name": "update_mask", + "type": "google.protobuf.field_mask_pb2.FieldMask" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, Union[str, bytes]]]" + } + ], + "resultType": "google.api_core.operation.Operation", + "shortName": "update_entitlement" + }, + "description": "Sample for UpdateEntitlement", + "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_sync", + "segments": [ + { + "end": 54, + "start": 27, + "type": "FULL" + }, + { + "end": 54, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 44, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 51, + "start": 45, + "type": "REQUEST_EXECUTION" + }, + { + "end": 55, + "start": 52, + "type": "RESPONSE_HANDLING" + } + ], + "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py" + } + ] +} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/scripts/fixup_privilegedaccessmanager_v1_keywords.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/scripts/fixup_privilegedaccessmanager_v1_keywords.py new file mode 100644 index 000000000000..604b7286e56f --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/scripts/fixup_privilegedaccessmanager_v1_keywords.py @@ -0,0 +1,189 @@ +#! /usr/bin/env python3 +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import argparse +import os +import libcst as cst +import pathlib +import sys +from typing import (Any, Callable, Dict, List, Sequence, Tuple) + + +def partition( + predicate: Callable[[Any], bool], + iterator: Sequence[Any] +) -> Tuple[List[Any], List[Any]]: + """A stable, out-of-place partition.""" + results = ([], []) + + for i in iterator: + results[int(predicate(i))].append(i) + + # Returns trueList, falseList + return results[1], results[0] + + +class privilegedaccessmanagerCallTransformer(cst.CSTTransformer): + CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') + METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { + 'approve_grant': ('name', 'reason', ), + 'check_onboarding_status': ('parent', ), + 'create_entitlement': ('parent', 'entitlement_id', 'entitlement', 'request_id', ), + 'create_grant': ('parent', 'grant', 'request_id', ), + 'delete_entitlement': ('name', 'request_id', 'force', ), + 'deny_grant': ('name', 'reason', ), + 'get_entitlement': ('name', ), + 'get_grant': ('name', ), + 'list_entitlements': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ), + 'list_grants': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ), + 'revoke_grant': ('name', 'reason', ), + 'search_entitlements': ('parent', 'caller_access_type', 'filter', 'page_size', 'page_token', ), + 'search_grants': ('parent', 'caller_relationship', 'filter', 'page_size', 'page_token', ), + 'update_entitlement': ('entitlement', 'update_mask', ), + } + + def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: + try: + key = original.func.attr.value + kword_params = self.METHOD_TO_PARAMS[key] + except (AttributeError, KeyError): + # Either not a method from the API or too convoluted to be sure. + return updated + + # If the existing code is valid, keyword args come after positional args. + # Therefore, all positional args must map to the first parameters. + args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) + if any(k.keyword.value == "request" for k in kwargs): + # We've already fixed this file, don't fix it again. + return updated + + kwargs, ctrl_kwargs = partition( + lambda a: a.keyword.value not in self.CTRL_PARAMS, + kwargs + ) + + args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] + ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) + for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) + + request_arg = cst.Arg( + value=cst.Dict([ + cst.DictElement( + cst.SimpleString("'{}'".format(name)), +cst.Element(value=arg.value) + ) + # Note: the args + kwargs looks silly, but keep in mind that + # the control parameters had to be stripped out, and that + # those could have been passed positionally or by keyword. + for name, arg in zip(kword_params, args + kwargs)]), + keyword=cst.Name("request") + ) + + return updated.with_changes( + args=[request_arg] + ctrl_kwargs + ) + + +def fix_files( + in_dir: pathlib.Path, + out_dir: pathlib.Path, + *, + transformer=privilegedaccessmanagerCallTransformer(), +): + """Duplicate the input dir to the output dir, fixing file method calls. + + Preconditions: + * in_dir is a real directory + * out_dir is a real, empty directory + """ + pyfile_gen = ( + pathlib.Path(os.path.join(root, f)) + for root, _, files in os.walk(in_dir) + for f in files if os.path.splitext(f)[1] == ".py" + ) + + for fpath in pyfile_gen: + with open(fpath, 'r') as f: + src = f.read() + + # Parse the code and insert method call fixes. + tree = cst.parse_module(src) + updated = tree.visit(transformer) + + # Create the path and directory structure for the new file. + updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) + updated_path.parent.mkdir(parents=True, exist_ok=True) + + # Generate the updated source file at the corresponding path. + with open(updated_path, 'w') as f: + f.write(updated.code) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description="""Fix up source that uses the privilegedaccessmanager client library. + +The existing sources are NOT overwritten but are copied to output_dir with changes made. + +Note: This tool operates at a best-effort level at converting positional + parameters in client method calls to keyword based parameters. + Cases where it WILL FAIL include + A) * or ** expansion in a method call. + B) Calls via function or method alias (includes free function calls) + C) Indirect or dispatched calls (e.g. the method is looked up dynamically) + + These all constitute false negatives. The tool will also detect false + positives when an API method shares a name with another method. +""") + parser.add_argument( + '-d', + '--input-directory', + required=True, + dest='input_dir', + help='the input directory to walk for python files to fix up', + ) + parser.add_argument( + '-o', + '--output-directory', + required=True, + dest='output_dir', + help='the directory to output files fixed via un-flattening', + ) + args = parser.parse_args() + input_dir = pathlib.Path(args.input_dir) + output_dir = pathlib.Path(args.output_dir) + if not input_dir.is_dir(): + print( + f"input directory '{input_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if not output_dir.is_dir(): + print( + f"output directory '{output_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if os.listdir(output_dir): + print( + f"output directory '{output_dir}' is not empty", + file=sys.stderr, + ) + sys.exit(-1) + + fix_files(input_dir, output_dir) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/setup.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/setup.py new file mode 100644 index 000000000000..bbda8cc45dd7 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/setup.py @@ -0,0 +1,98 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import io +import os +import re + +import setuptools # type: ignore + +package_root = os.path.abspath(os.path.dirname(__file__)) + +name = 'google-cloud-privilegedaccessmanager' + + +description = "Google Cloud Privilegedaccessmanager API client library" + +version = None + +with open(os.path.join(package_root, 'google/cloud/privilegedaccessmanager/gapic_version.py')) as fp: + version_candidates = re.findall(r"(?<=\")\d+.\d+.\d+(?=\")", fp.read()) + assert (len(version_candidates) == 1) + version = version_candidates[0] + +if version[0] == "0": + release_status = "Development Status :: 4 - Beta" +else: + release_status = "Development Status :: 5 - Production/Stable" + +dependencies = [ + "google-api-core[grpc] >= 1.34.1, <3.0.0,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.*,!=2.4.*,!=2.5.*,!=2.6.*,!=2.7.*,!=2.8.*,!=2.9.*,!=2.10.*", + # Exclude incompatible versions of `google-auth` + # See https://github.com/googleapis/google-cloud-python/issues/12364 + "google-auth >= 2.14.1, <3.0.0,!=2.24.0,!=2.25.0", + "proto-plus >= 1.22.3, <2.0.0", + "proto-plus >= 1.25.0, <2.0.0; python_version >= '3.13'", + "protobuf>=3.20.2,<7.0.0,!=4.21.0,!=4.21.1,!=4.21.2,!=4.21.3,!=4.21.4,!=4.21.5", +] +extras = { +} +url = "https://github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-privilegedaccessmanager" + +package_root = os.path.abspath(os.path.dirname(__file__)) + +readme_filename = os.path.join(package_root, "README.rst") +with io.open(readme_filename, encoding="utf-8") as readme_file: + readme = readme_file.read() + +packages = [ + package + for package in setuptools.find_namespace_packages() + if package.startswith("google") +] + +setuptools.setup( + name=name, + version=version, + description=description, + long_description=readme, + author="Google LLC", + author_email="googleapis-packages@google.com", + license="Apache 2.0", + url=url, + classifiers=[ + release_status, + "Intended Audience :: Developers", + "License :: OSI Approved :: Apache Software License", + "Programming Language :: Python", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "Operating System :: OS Independent", + "Topic :: Internet", + ], + platforms="Posix; MacOS X; Windows", + packages=packages, + python_requires=">=3.7", + install_requires=dependencies, + extras_require=extras, + include_package_data=True, + zip_safe=False, +) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.10.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.10.txt new file mode 100644 index 000000000000..ed7f9aed2559 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.10.txt @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# This constraints file is required for unit tests. +# List all library dependencies and extras in this file. +google-api-core +proto-plus +protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.11.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.11.txt new file mode 100644 index 000000000000..ed7f9aed2559 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.11.txt @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# This constraints file is required for unit tests. +# List all library dependencies and extras in this file. +google-api-core +proto-plus +protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.12.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.12.txt new file mode 100644 index 000000000000..ed7f9aed2559 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.12.txt @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# This constraints file is required for unit tests. +# List all library dependencies and extras in this file. +google-api-core +proto-plus +protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.13.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.13.txt new file mode 100644 index 000000000000..c20a77817caa --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.13.txt @@ -0,0 +1,11 @@ +# We use the constraints file for the latest Python version +# (currently this file) to check that the latest +# major versions of dependencies are supported in setup.py. +# List all library dependencies and extras in this file. +# Require the latest major version be installed for each dependency. +# e.g., if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0", +# Then this file should have google-cloud-foo>=1 +google-api-core>=2 +google-auth>=2 +proto-plus>=1 +protobuf>=6 diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.7.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.7.txt new file mode 100644 index 000000000000..a77f12bc13e4 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.7.txt @@ -0,0 +1,10 @@ +# This constraints file is used to check that lower bounds +# are correct in setup.py +# List all library dependencies and extras in this file. +# Pin the version to the lower bound. +# e.g., if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0", +# Then this file should have google-cloud-foo==1.14.0 +google-api-core==1.34.1 +google-auth==2.14.1 +proto-plus==1.22.3 +protobuf==3.20.2 diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.8.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.8.txt new file mode 100644 index 000000000000..ed7f9aed2559 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.8.txt @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# This constraints file is required for unit tests. +# List all library dependencies and extras in this file. +google-api-core +proto-plus +protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.9.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.9.txt new file mode 100644 index 000000000000..ed7f9aed2559 --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.9.txt @@ -0,0 +1,6 @@ +# -*- coding: utf-8 -*- +# This constraints file is required for unit tests. +# List all library dependencies and extras in this file. +google-api-core +proto-plus +protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/__init__.py new file mode 100644 index 000000000000..191773d5572d --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/__init__.py @@ -0,0 +1,16 @@ + +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/__init__.py new file mode 100644 index 000000000000..191773d5572d --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/__init__.py @@ -0,0 +1,16 @@ + +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/__init__.py new file mode 100644 index 000000000000..191773d5572d --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/__init__.py @@ -0,0 +1,16 @@ + +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/__init__.py new file mode 100644 index 000000000000..191773d5572d --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/__init__.py @@ -0,0 +1,16 @@ + +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py new file mode 100644 index 000000000000..4e4ca2095a8f --- /dev/null +++ b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py @@ -0,0 +1,12358 @@ +# -*- coding: utf-8 -*- +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import re +# try/except added for compatibility with python < 3.8 +try: + from unittest import mock + from unittest.mock import AsyncMock # pragma: NO COVER +except ImportError: # pragma: NO COVER + import mock + +import grpc +from grpc.experimental import aio +from collections.abc import Iterable, AsyncIterable +from google.protobuf import json_format +import json +import math +import pytest +from google.api_core import api_core_version +from proto.marshal.rules.dates import DurationRule, TimestampRule +from proto.marshal.rules import wrappers +from requests import Response +from requests import Request, PreparedRequest +from requests.sessions import Session +from google.protobuf import json_format + +try: + from google.auth.aio import credentials as ga_credentials_async + HAS_GOOGLE_AUTH_AIO = True +except ImportError: # pragma: NO COVER + HAS_GOOGLE_AUTH_AIO = False + +from google.api_core import client_options +from google.api_core import exceptions as core_exceptions +from google.api_core import future +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers +from google.api_core import grpc_helpers_async +from google.api_core import operation +from google.api_core import operation_async # type: ignore +from google.api_core import operations_v1 +from google.api_core import path_template +from google.api_core import retry as retries +from google.auth import credentials as ga_credentials +from google.auth.exceptions import MutualTLSChannelError +from google.cloud.location import locations_pb2 +from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import PrivilegedAccessManagerAsyncClient +from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import PrivilegedAccessManagerClient +from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import pagers +from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import transports +from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager +from google.longrunning import operations_pb2 # type: ignore +from google.oauth2 import service_account +from google.protobuf import any_pb2 # type: ignore +from google.protobuf import duration_pb2 # type: ignore +from google.protobuf import field_mask_pb2 # type: ignore +from google.protobuf import timestamp_pb2 # type: ignore +from google.rpc import status_pb2 # type: ignore +import google.auth + + + +CRED_INFO_JSON = { + "credential_source": "/path/to/file", + "credential_type": "service account credentials", + "principal": "service-account@example.com", +} +CRED_INFO_STRING = json.dumps(CRED_INFO_JSON) + + +async def mock_async_gen(data, chunk_size=1): + for i in range(0, len(data)): # pragma: NO COVER + chunk = data[i : i + chunk_size] + yield chunk.encode("utf-8") + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + +# TODO: use async auth anon credentials by default once the minimum version of google-auth is upgraded. +# See related issue: https://github.com/googleapis/gapic-generator-python/issues/2107. +def async_anonymous_credentials(): + if HAS_GOOGLE_AUTH_AIO: + return ga_credentials_async.AnonymousCredentials() + return ga_credentials.AnonymousCredentials() + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return "foo.googleapis.com" if ("localhost" in client.DEFAULT_ENDPOINT) else client.DEFAULT_ENDPOINT + +# If default endpoint template is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint template so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint_template(client): + return "test.{UNIVERSE_DOMAIN}" if ("localhost" in client._DEFAULT_ENDPOINT_TEMPLATE) else client._DEFAULT_ENDPOINT_TEMPLATE + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(None) is None + assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(api_endpoint) == api_mtls_endpoint + assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(api_mtls_endpoint) == api_mtls_endpoint + assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(sandbox_endpoint) == sandbox_mtls_endpoint + assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) == sandbox_mtls_endpoint + assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi + +def test__read_environment_variables(): + assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "auto", None) + + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): + assert PrivilegedAccessManagerClient._read_environment_variables() == (True, "auto", None) + + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"}): + assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "auto", None) + + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): + with pytest.raises(ValueError) as excinfo: + PrivilegedAccessManagerClient._read_environment_variables() + assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" + + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "never", None) + + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "always", None) + + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}): + assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "auto", None) + + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError) as excinfo: + PrivilegedAccessManagerClient._read_environment_variables() + assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" + + with mock.patch.dict(os.environ, {"GOOGLE_CLOUD_UNIVERSE_DOMAIN": "foo.com"}): + assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "auto", "foo.com") + +def test__get_client_cert_source(): + mock_provided_cert_source = mock.Mock() + mock_default_cert_source = mock.Mock() + + assert PrivilegedAccessManagerClient._get_client_cert_source(None, False) is None + assert PrivilegedAccessManagerClient._get_client_cert_source(mock_provided_cert_source, False) is None + assert PrivilegedAccessManagerClient._get_client_cert_source(mock_provided_cert_source, True) == mock_provided_cert_source + + with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): + with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=mock_default_cert_source): + assert PrivilegedAccessManagerClient._get_client_cert_source(None, True) is mock_default_cert_source + assert PrivilegedAccessManagerClient._get_client_cert_source(mock_provided_cert_source, "true") is mock_provided_cert_source + +@mock.patch.object(PrivilegedAccessManagerClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerClient)) +@mock.patch.object(PrivilegedAccessManagerAsyncClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerAsyncClient)) +def test__get_api_endpoint(): + api_override = "foo.com" + mock_client_cert_source = mock.Mock() + default_universe = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE + default_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=default_universe) + mock_universe = "bar.com" + mock_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=mock_universe) + + assert PrivilegedAccessManagerClient._get_api_endpoint(api_override, mock_client_cert_source, default_universe, "always") == api_override + assert PrivilegedAccessManagerClient._get_api_endpoint(None, mock_client_cert_source, default_universe, "auto") == PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT + assert PrivilegedAccessManagerClient._get_api_endpoint(None, None, default_universe, "auto") == default_endpoint + assert PrivilegedAccessManagerClient._get_api_endpoint(None, None, default_universe, "always") == PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT + assert PrivilegedAccessManagerClient._get_api_endpoint(None, mock_client_cert_source, default_universe, "always") == PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT + assert PrivilegedAccessManagerClient._get_api_endpoint(None, None, mock_universe, "never") == mock_endpoint + assert PrivilegedAccessManagerClient._get_api_endpoint(None, None, default_universe, "never") == default_endpoint + + with pytest.raises(MutualTLSChannelError) as excinfo: + PrivilegedAccessManagerClient._get_api_endpoint(None, mock_client_cert_source, mock_universe, "auto") + assert str(excinfo.value) == "mTLS is not supported in any universe other than googleapis.com." + + +def test__get_universe_domain(): + client_universe_domain = "foo.com" + universe_domain_env = "bar.com" + + assert PrivilegedAccessManagerClient._get_universe_domain(client_universe_domain, universe_domain_env) == client_universe_domain + assert PrivilegedAccessManagerClient._get_universe_domain(None, universe_domain_env) == universe_domain_env + assert PrivilegedAccessManagerClient._get_universe_domain(None, None) == PrivilegedAccessManagerClient._DEFAULT_UNIVERSE + + with pytest.raises(ValueError) as excinfo: + PrivilegedAccessManagerClient._get_universe_domain("", None) + assert str(excinfo.value) == "Universe Domain cannot be an empty string." + +@pytest.mark.parametrize("error_code,cred_info_json,show_cred_info", [ + (401, CRED_INFO_JSON, True), + (403, CRED_INFO_JSON, True), + (404, CRED_INFO_JSON, True), + (500, CRED_INFO_JSON, False), + (401, None, False), + (403, None, False), + (404, None, False), + (500, None, False) +]) +def test__add_cred_info_for_auth_errors(error_code, cred_info_json, show_cred_info): + cred = mock.Mock(["get_cred_info"]) + cred.get_cred_info = mock.Mock(return_value=cred_info_json) + client = PrivilegedAccessManagerClient(credentials=cred) + client._transport._credentials = cred + + error = core_exceptions.GoogleAPICallError("message", details=["foo"]) + error.code = error_code + + client._add_cred_info_for_auth_errors(error) + if show_cred_info: + assert error.details == ["foo", CRED_INFO_STRING] + else: + assert error.details == ["foo"] + +@pytest.mark.parametrize("error_code", [401,403,404,500]) +def test__add_cred_info_for_auth_errors_no_get_cred_info(error_code): + cred = mock.Mock([]) + assert not hasattr(cred, "get_cred_info") + client = PrivilegedAccessManagerClient(credentials=cred) + client._transport._credentials = cred + + error = core_exceptions.GoogleAPICallError("message", details=[]) + error.code = error_code + + client._add_cred_info_for_auth_errors(error) + assert error.details == [] + +@pytest.mark.parametrize("client_class,transport_name", [ + (PrivilegedAccessManagerClient, "grpc"), + (PrivilegedAccessManagerAsyncClient, "grpc_asyncio"), + (PrivilegedAccessManagerClient, "rest"), +]) +def test_privileged_access_manager_client_from_service_account_info(client_class, transport_name): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object(service_account.Credentials, 'from_service_account_info') as factory: + factory.return_value = creds + info = {"valid": True} + client = client_class.from_service_account_info(info, transport=transport_name) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == ( + 'privilegedaccessmanager.googleapis.com:443' + if transport_name in ['grpc', 'grpc_asyncio'] + else + 'https://privilegedaccessmanager.googleapis.com' + ) + + +@pytest.mark.parametrize("transport_class,transport_name", [ + (transports.PrivilegedAccessManagerGrpcTransport, "grpc"), + (transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio"), + (transports.PrivilegedAccessManagerRestTransport, "rest"), +]) +def test_privileged_access_manager_client_service_account_always_use_jwt(transport_class, transport_name): + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=True) + use_jwt.assert_called_once_with(True) + + with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: + creds = service_account.Credentials(None, None, None) + transport = transport_class(credentials=creds, always_use_jwt_access=False) + use_jwt.assert_not_called() + + +@pytest.mark.parametrize("client_class,transport_name", [ + (PrivilegedAccessManagerClient, "grpc"), + (PrivilegedAccessManagerAsyncClient, "grpc_asyncio"), + (PrivilegedAccessManagerClient, "rest"), +]) +def test_privileged_access_manager_client_from_service_account_file(client_class, transport_name): + creds = ga_credentials.AnonymousCredentials() + with mock.patch.object(service_account.Credentials, 'from_service_account_file') as factory: + factory.return_value = creds + client = client_class.from_service_account_file("dummy/file/path.json", transport=transport_name) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + client = client_class.from_service_account_json("dummy/file/path.json", transport=transport_name) + assert client.transport._credentials == creds + assert isinstance(client, client_class) + + assert client.transport._host == ( + 'privilegedaccessmanager.googleapis.com:443' + if transport_name in ['grpc', 'grpc_asyncio'] + else + 'https://privilegedaccessmanager.googleapis.com' + ) + + +def test_privileged_access_manager_client_get_transport_class(): + transport = PrivilegedAccessManagerClient.get_transport_class() + available_transports = [ + transports.PrivilegedAccessManagerGrpcTransport, + transports.PrivilegedAccessManagerRestTransport, + ] + assert transport in available_transports + + transport = PrivilegedAccessManagerClient.get_transport_class("grpc") + assert transport == transports.PrivilegedAccessManagerGrpcTransport + + +@pytest.mark.parametrize("client_class,transport_class,transport_name", [ + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc"), + (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio"), + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest"), +]) +@mock.patch.object(PrivilegedAccessManagerClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerClient)) +@mock.patch.object(PrivilegedAccessManagerAsyncClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerAsyncClient)) +def test_privileged_access_manager_client_client_options(client_class, transport_class, transport_name): + # Check that if channel is provided we won't create a new one. + with mock.patch.object(PrivilegedAccessManagerClient, 'get_transport_class') as gtc: + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object(PrivilegedAccessManagerClient, 'get_transport_class') as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(transport=transport_name, client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError) as excinfo: + client = client_class(transport=transport_name) + assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): + with pytest.raises(ValueError) as excinfo: + client = client_class(transport=transport_name) + assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + # Check the case api_endpoint is provided + options = client_options.ClientOptions(api_audience="https://language.googleapis.com") + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience="https://language.googleapis.com" + ) + +@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [ + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc", "true"), + (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio", "true"), + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc", "false"), + (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio", "false"), + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest", "true"), + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest", "false"), +]) +@mock.patch.object(PrivilegedAccessManagerClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerClient)) +@mock.patch.object(PrivilegedAccessManagerAsyncClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerAsyncClient)) +@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) +def test_privileged_access_manager_client_mtls_env_auto(client_class, transport_class, transport_name, use_client_cert_env): + # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default + # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. + + # Check the case client_cert_source is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + options = client_options.ClientOptions(client_cert_source=client_cert_source_callback) + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + + if use_client_cert_env == "false": + expected_client_cert_source = None + expected_host = client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE) + else: + expected_client_cert_source = client_cert_source_callback + expected_host = client.DEFAULT_MTLS_ENDPOINT + + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case ADC client cert is provided. Whether client cert is used depends on + # GOOGLE_API_USE_CLIENT_CERTIFICATE value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + with mock.patch.object(transport_class, '__init__') as patched: + with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): + with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=client_cert_source_callback): + if use_client_cert_env == "false": + expected_host = client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE) + expected_client_cert_source = None + else: + expected_host = client.DEFAULT_MTLS_ENDPOINT + expected_client_cert_source = client_cert_source_callback + + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=expected_host, + scopes=None, + client_cert_source_for_mtls=expected_client_cert_source, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # Check the case client_cert_source and ADC client cert are not provided. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): + with mock.patch.object(transport_class, '__init__') as patched: + with mock.patch("google.auth.transport.mtls.has_default_client_cert_source", return_value=False): + patched.return_value = None + client = client_class(transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + +@pytest.mark.parametrize("client_class", [ + PrivilegedAccessManagerClient, PrivilegedAccessManagerAsyncClient +]) +@mock.patch.object(PrivilegedAccessManagerClient, "DEFAULT_ENDPOINT", modify_default_endpoint(PrivilegedAccessManagerClient)) +@mock.patch.object(PrivilegedAccessManagerAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(PrivilegedAccessManagerAsyncClient)) +def test_privileged_access_manager_client_get_mtls_endpoint_and_cert_source(client_class): + mock_client_cert_source = mock.Mock() + + # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "true". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): + mock_api_endpoint = "foo" + options = client_options.ClientOptions(client_cert_source=mock_client_cert_source, api_endpoint=mock_api_endpoint) + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source(options) + assert api_endpoint == mock_api_endpoint + assert cert_source == mock_client_cert_source + + # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "false". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"}): + mock_client_cert_source = mock.Mock() + mock_api_endpoint = "foo" + options = client_options.ClientOptions(client_cert_source=mock_client_cert_source, api_endpoint=mock_api_endpoint) + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source(options) + assert api_endpoint == mock_api_endpoint + assert cert_source is None + + # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() + assert api_endpoint == client_class.DEFAULT_ENDPOINT + assert cert_source is None + + # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() + assert api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT + assert cert_source is None + + # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "auto" and default cert doesn't exist. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): + with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=False): + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() + assert api_endpoint == client_class.DEFAULT_ENDPOINT + assert cert_source is None + + # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "auto" and default cert exists. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): + with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): + with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=mock_client_cert_source): + api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() + assert api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT + assert cert_source == mock_client_cert_source + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): + with pytest.raises(MutualTLSChannelError) as excinfo: + client_class.get_mtls_endpoint_and_cert_source() + + assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" + + # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): + with pytest.raises(ValueError) as excinfo: + client_class.get_mtls_endpoint_and_cert_source() + + assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" + +@pytest.mark.parametrize("client_class", [ + PrivilegedAccessManagerClient, PrivilegedAccessManagerAsyncClient +]) +@mock.patch.object(PrivilegedAccessManagerClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerClient)) +@mock.patch.object(PrivilegedAccessManagerAsyncClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerAsyncClient)) +def test_privileged_access_manager_client_client_api_endpoint(client_class): + mock_client_cert_source = client_cert_source_callback + api_override = "foo.com" + default_universe = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE + default_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=default_universe) + mock_universe = "bar.com" + mock_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=mock_universe) + + # If ClientOptions.api_endpoint is set and GOOGLE_API_USE_CLIENT_CERTIFICATE="true", + # use ClientOptions.api_endpoint as the api endpoint regardless. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): + with mock.patch("google.auth.transport.requests.AuthorizedSession.configure_mtls_channel"): + options = client_options.ClientOptions(client_cert_source=mock_client_cert_source, api_endpoint=api_override) + client = client_class(client_options=options, credentials=ga_credentials.AnonymousCredentials()) + assert client.api_endpoint == api_override + + # If ClientOptions.api_endpoint is not set and GOOGLE_API_USE_MTLS_ENDPOINT="never", + # use the _DEFAULT_ENDPOINT_TEMPLATE populated with GDU as the api endpoint. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + client = client_class(credentials=ga_credentials.AnonymousCredentials()) + assert client.api_endpoint == default_endpoint + + # If ClientOptions.api_endpoint is not set and GOOGLE_API_USE_MTLS_ENDPOINT="always", + # use the DEFAULT_MTLS_ENDPOINT as the api endpoint. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): + client = client_class(credentials=ga_credentials.AnonymousCredentials()) + assert client.api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT + + # If ClientOptions.api_endpoint is not set, GOOGLE_API_USE_MTLS_ENDPOINT="auto" (default), + # GOOGLE_API_USE_CLIENT_CERTIFICATE="false" (default), default cert source doesn't exist, + # and ClientOptions.universe_domain="bar.com", + # use the _DEFAULT_ENDPOINT_TEMPLATE populated with universe domain as the api endpoint. + options = client_options.ClientOptions() + universe_exists = hasattr(options, "universe_domain") + if universe_exists: + options = client_options.ClientOptions(universe_domain=mock_universe) + client = client_class(client_options=options, credentials=ga_credentials.AnonymousCredentials()) + else: + client = client_class(client_options=options, credentials=ga_credentials.AnonymousCredentials()) + assert client.api_endpoint == (mock_endpoint if universe_exists else default_endpoint) + assert client.universe_domain == (mock_universe if universe_exists else default_universe) + + # If ClientOptions does not have a universe domain attribute and GOOGLE_API_USE_MTLS_ENDPOINT="never", + # use the _DEFAULT_ENDPOINT_TEMPLATE populated with GDU as the api endpoint. + options = client_options.ClientOptions() + if hasattr(options, "universe_domain"): + delattr(options, "universe_domain") + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): + client = client_class(client_options=options, credentials=ga_credentials.AnonymousCredentials()) + assert client.api_endpoint == default_endpoint + + +@pytest.mark.parametrize("client_class,transport_class,transport_name", [ + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc"), + (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio"), + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest"), +]) +def test_privileged_access_manager_client_client_options_scopes(client_class, transport_class, transport_name): + # Check the case scopes are provided. + options = client_options.ClientOptions( + scopes=["1", "2"], + ) + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), + scopes=["1", "2"], + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + +@pytest.mark.parametrize("client_class,transport_class,transport_name,grpc_helpers", [ + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc", grpc_helpers), + (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio", grpc_helpers_async), + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest", None), +]) +def test_privileged_access_manager_client_client_options_credentials_file(client_class, transport_class, transport_name, grpc_helpers): + # Check the case credentials file is provided. + options = client_options.ClientOptions( + credentials_file="credentials.json" + ) + + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + +def test_privileged_access_manager_client_client_options_from_dict(): + with mock.patch('google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.transports.PrivilegedAccessManagerGrpcTransport.__init__') as grpc_transport: + grpc_transport.return_value = None + client = PrivilegedAccessManagerClient( + client_options={'api_endpoint': 'squid.clam.whelk'} + ) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + +@pytest.mark.parametrize("client_class,transport_class,transport_name,grpc_helpers", [ + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc", grpc_helpers), + (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio", grpc_helpers_async), +]) +def test_privileged_access_manager_client_create_channel_credentials_file(client_class, transport_class, transport_name, grpc_helpers): + # Check the case credentials file is provided. + options = client_options.ClientOptions( + credentials_file="credentials.json" + ) + + with mock.patch.object(transport_class, '__init__') as patched: + patched.return_value = None + client = client_class(client_options=options, transport=transport_name) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) + + # test that the credentials from file are saved and used as the credentials. + with mock.patch.object( + google.auth, "load_credentials_from_file", autospec=True + ) as load_creds, mock.patch.object( + google.auth, "default", autospec=True + ) as adc, mock.patch.object( + grpc_helpers, "create_channel" + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + file_creds = ga_credentials.AnonymousCredentials() + load_creds.return_value = (file_creds, None) + adc.return_value = (creds, None) + client = client_class(client_options=options, transport=transport_name) + create_channel.assert_called_with( + "privilegedaccessmanager.googleapis.com:443", + credentials=file_creds, + credentials_file=None, + quota_project_id=None, + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + scopes=None, + default_host="privilegedaccessmanager.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.CheckOnboardingStatusRequest, + dict, +]) +def test_check_onboarding_status(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.check_onboarding_status), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse( + service_account='service_account_value', + ) + response = client.check_onboarding_status(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.CheckOnboardingStatusRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.CheckOnboardingStatusResponse) + assert response.service_account == 'service_account_value' + + +def test_check_onboarding_status_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.CheckOnboardingStatusRequest( + parent='parent_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.check_onboarding_status), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.check_onboarding_status(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.CheckOnboardingStatusRequest( + parent='parent_value', + ) + +def test_check_onboarding_status_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.check_onboarding_status in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.check_onboarding_status] = mock_rpc + request = {} + client.check_onboarding_status(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.check_onboarding_status(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_check_onboarding_status_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.check_onboarding_status in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.check_onboarding_status] = mock_rpc + + request = {} + await client.check_onboarding_status(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.check_onboarding_status(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_check_onboarding_status_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.CheckOnboardingStatusRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.check_onboarding_status), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.CheckOnboardingStatusResponse( + service_account='service_account_value', + )) + response = await client.check_onboarding_status(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.CheckOnboardingStatusRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.CheckOnboardingStatusResponse) + assert response.service_account == 'service_account_value' + + +@pytest.mark.asyncio +async def test_check_onboarding_status_async_from_dict(): + await test_check_onboarding_status_async(request_type=dict) + +def test_check_onboarding_status_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.CheckOnboardingStatusRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.check_onboarding_status), + '__call__') as call: + call.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse() + client.check_onboarding_status(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_check_onboarding_status_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.CheckOnboardingStatusRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.check_onboarding_status), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.CheckOnboardingStatusResponse()) + await client.check_onboarding_status(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.ListEntitlementsRequest, + dict, +]) +def test_list_entitlements(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.ListEntitlementsResponse( + next_page_token='next_page_token_value', + unreachable=['unreachable_value'], + ) + response = client.list_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.ListEntitlementsRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListEntitlementsPager) + assert response.next_page_token == 'next_page_token_value' + assert response.unreachable == ['unreachable_value'] + + +def test_list_entitlements_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.ListEntitlementsRequest( + parent='parent_value', + page_token='page_token_value', + filter='filter_value', + order_by='order_by_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.list_entitlements(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.ListEntitlementsRequest( + parent='parent_value', + page_token='page_token_value', + filter='filter_value', + order_by='order_by_value', + ) + +def test_list_entitlements_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.list_entitlements in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.list_entitlements] = mock_rpc + request = {} + client.list_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.list_entitlements(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_list_entitlements_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.list_entitlements in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.list_entitlements] = mock_rpc + + request = {} + await client.list_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.list_entitlements(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_list_entitlements_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.ListEntitlementsRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListEntitlementsResponse( + next_page_token='next_page_token_value', + unreachable=['unreachable_value'], + )) + response = await client.list_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.ListEntitlementsRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListEntitlementsAsyncPager) + assert response.next_page_token == 'next_page_token_value' + assert response.unreachable == ['unreachable_value'] + + +@pytest.mark.asyncio +async def test_list_entitlements_async_from_dict(): + await test_list_entitlements_async(request_type=dict) + +def test_list_entitlements_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.ListEntitlementsRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + call.return_value = privilegedaccessmanager.ListEntitlementsResponse() + client.list_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_list_entitlements_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.ListEntitlementsRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListEntitlementsResponse()) + await client.list_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +def test_list_entitlements_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.ListEntitlementsResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.list_entitlements( + parent='parent_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = 'parent_value' + assert arg == mock_val + + +def test_list_entitlements_flattened_error(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_entitlements( + privilegedaccessmanager.ListEntitlementsRequest(), + parent='parent_value', + ) + +@pytest.mark.asyncio +async def test_list_entitlements_flattened_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.ListEntitlementsResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListEntitlementsResponse()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.list_entitlements( + parent='parent_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = 'parent_value' + assert arg == mock_val + +@pytest.mark.asyncio +async def test_list_entitlements_flattened_error_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.list_entitlements( + privilegedaccessmanager.ListEntitlementsRequest(), + parent='parent_value', + ) + + +def test_list_entitlements_pager(transport_name: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + RuntimeError, + ) + + expected_metadata = () + retry = retries.Retry() + timeout = 5 + expected_metadata = tuple(expected_metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ('parent', ''), + )), + ) + pager = client.list_entitlements(request={}, retry=retry, timeout=timeout) + + assert pager._metadata == expected_metadata + assert pager._retry == retry + assert pager._timeout == timeout + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, privilegedaccessmanager.Entitlement) + for i in results) +def test_list_entitlements_pages(transport_name: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + RuntimeError, + ) + pages = list(client.list_entitlements(request={}).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.asyncio +async def test_list_entitlements_async_pager(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + RuntimeError, + ) + async_pager = await client.list_entitlements(request={},) + assert async_pager.next_page_token == 'abc' + responses = [] + async for response in async_pager: # pragma: no branch + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, privilegedaccessmanager.Entitlement) + for i in responses) + + +@pytest.mark.asyncio +async def test_list_entitlements_async_pages(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + RuntimeError, + ) + pages = [] + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch + await client.list_entitlements(request={}) + ).pages: + pages.append(page_) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.SearchEntitlementsRequest, + dict, +]) +def test_search_entitlements(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.SearchEntitlementsResponse( + next_page_token='next_page_token_value', + ) + response = client.search_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.SearchEntitlementsRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.SearchEntitlementsPager) + assert response.next_page_token == 'next_page_token_value' + + +def test_search_entitlements_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.SearchEntitlementsRequest( + parent='parent_value', + filter='filter_value', + page_token='page_token_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.search_entitlements(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.SearchEntitlementsRequest( + parent='parent_value', + filter='filter_value', + page_token='page_token_value', + ) + +def test_search_entitlements_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.search_entitlements in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.search_entitlements] = mock_rpc + request = {} + client.search_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.search_entitlements(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_search_entitlements_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.search_entitlements in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.search_entitlements] = mock_rpc + + request = {} + await client.search_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.search_entitlements(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_search_entitlements_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.SearchEntitlementsRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchEntitlementsResponse( + next_page_token='next_page_token_value', + )) + response = await client.search_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.SearchEntitlementsRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.SearchEntitlementsAsyncPager) + assert response.next_page_token == 'next_page_token_value' + + +@pytest.mark.asyncio +async def test_search_entitlements_async_from_dict(): + await test_search_entitlements_async(request_type=dict) + +def test_search_entitlements_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.SearchEntitlementsRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + call.return_value = privilegedaccessmanager.SearchEntitlementsResponse() + client.search_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_search_entitlements_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.SearchEntitlementsRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchEntitlementsResponse()) + await client.search_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +def test_search_entitlements_pager(transport_name: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + RuntimeError, + ) + + expected_metadata = () + retry = retries.Retry() + timeout = 5 + expected_metadata = tuple(expected_metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ('parent', ''), + )), + ) + pager = client.search_entitlements(request={}, retry=retry, timeout=timeout) + + assert pager._metadata == expected_metadata + assert pager._retry == retry + assert pager._timeout == timeout + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, privilegedaccessmanager.Entitlement) + for i in results) +def test_search_entitlements_pages(transport_name: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + RuntimeError, + ) + pages = list(client.search_entitlements(request={}).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.asyncio +async def test_search_entitlements_async_pager(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + RuntimeError, + ) + async_pager = await client.search_entitlements(request={},) + assert async_pager.next_page_token == 'abc' + responses = [] + async for response in async_pager: # pragma: no branch + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, privilegedaccessmanager.Entitlement) + for i in responses) + + +@pytest.mark.asyncio +async def test_search_entitlements_async_pages(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + RuntimeError, + ) + pages = [] + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch + await client.search_entitlements(request={}) + ).pages: + pages.append(page_) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.GetEntitlementRequest, + dict, +]) +def test_get_entitlement(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Entitlement( + name='name_value', + state=privilegedaccessmanager.Entitlement.State.CREATING, + etag='etag_value', + ) + response = client.get_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.GetEntitlementRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Entitlement) + assert response.name == 'name_value' + assert response.state == privilegedaccessmanager.Entitlement.State.CREATING + assert response.etag == 'etag_value' + + +def test_get_entitlement_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.GetEntitlementRequest( + name='name_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.get_entitlement(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.GetEntitlementRequest( + name='name_value', + ) + +def test_get_entitlement_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.get_entitlement in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.get_entitlement] = mock_rpc + request = {} + client.get_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.get_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_get_entitlement_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.get_entitlement in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.get_entitlement] = mock_rpc + + request = {} + await client.get_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.get_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_get_entitlement_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.GetEntitlementRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Entitlement( + name='name_value', + state=privilegedaccessmanager.Entitlement.State.CREATING, + etag='etag_value', + )) + response = await client.get_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.GetEntitlementRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Entitlement) + assert response.name == 'name_value' + assert response.state == privilegedaccessmanager.Entitlement.State.CREATING + assert response.etag == 'etag_value' + + +@pytest.mark.asyncio +async def test_get_entitlement_async_from_dict(): + await test_get_entitlement_async(request_type=dict) + +def test_get_entitlement_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.GetEntitlementRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + call.return_value = privilegedaccessmanager.Entitlement() + client.get_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_get_entitlement_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.GetEntitlementRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Entitlement()) + await client.get_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +def test_get_entitlement_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Entitlement() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_entitlement( + name='name_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = 'name_value' + assert arg == mock_val + + +def test_get_entitlement_flattened_error(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_entitlement( + privilegedaccessmanager.GetEntitlementRequest(), + name='name_value', + ) + +@pytest.mark.asyncio +async def test_get_entitlement_flattened_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Entitlement() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Entitlement()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_entitlement( + name='name_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = 'name_value' + assert arg == mock_val + +@pytest.mark.asyncio +async def test_get_entitlement_flattened_error_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_entitlement( + privilegedaccessmanager.GetEntitlementRequest(), + name='name_value', + ) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.CreateEntitlementRequest, + dict, +]) +def test_create_entitlement(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/spam') + response = client.create_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.CreateEntitlementRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +def test_create_entitlement_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.CreateEntitlementRequest( + parent='parent_value', + entitlement_id='entitlement_id_value', + request_id='request_id_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.create_entitlement(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.CreateEntitlementRequest( + parent='parent_value', + entitlement_id='entitlement_id_value', + request_id='request_id_value', + ) + +def test_create_entitlement_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.create_entitlement in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.create_entitlement] = mock_rpc + request = {} + client.create_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods call wrapper_fn to build a cached + # client._transport.operations_client instance on first rpc call. + # Subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + client.create_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_create_entitlement_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.create_entitlement in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.create_entitlement] = mock_rpc + + request = {} + await client.create_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods call wrapper_fn to build a cached + # client._transport.operations_client instance on first rpc call. + # Subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + await client.create_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_create_entitlement_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.CreateEntitlementRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + response = await client.create_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.CreateEntitlementRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +@pytest.mark.asyncio +async def test_create_entitlement_async_from_dict(): + await test_create_entitlement_async(request_type=dict) + +def test_create_entitlement_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.CreateEntitlementRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + call.return_value = operations_pb2.Operation(name='operations/op') + client.create_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_create_entitlement_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.CreateEntitlementRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(operations_pb2.Operation(name='operations/op')) + await client.create_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +def test_create_entitlement_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/op') + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.create_entitlement( + parent='parent_value', + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + entitlement_id='entitlement_id_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = 'parent_value' + assert arg == mock_val + arg = args[0].entitlement + mock_val = privilegedaccessmanager.Entitlement(name='name_value') + assert arg == mock_val + arg = args[0].entitlement_id + mock_val = 'entitlement_id_value' + assert arg == mock_val + + +def test_create_entitlement_flattened_error(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_entitlement( + privilegedaccessmanager.CreateEntitlementRequest(), + parent='parent_value', + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + entitlement_id='entitlement_id_value', + ) + +@pytest.mark.asyncio +async def test_create_entitlement_flattened_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/op') + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.create_entitlement( + parent='parent_value', + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + entitlement_id='entitlement_id_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = 'parent_value' + assert arg == mock_val + arg = args[0].entitlement + mock_val = privilegedaccessmanager.Entitlement(name='name_value') + assert arg == mock_val + arg = args[0].entitlement_id + mock_val = 'entitlement_id_value' + assert arg == mock_val + +@pytest.mark.asyncio +async def test_create_entitlement_flattened_error_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.create_entitlement( + privilegedaccessmanager.CreateEntitlementRequest(), + parent='parent_value', + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + entitlement_id='entitlement_id_value', + ) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.DeleteEntitlementRequest, + dict, +]) +def test_delete_entitlement(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/spam') + response = client.delete_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.DeleteEntitlementRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +def test_delete_entitlement_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.DeleteEntitlementRequest( + name='name_value', + request_id='request_id_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.delete_entitlement(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.DeleteEntitlementRequest( + name='name_value', + request_id='request_id_value', + ) + +def test_delete_entitlement_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.delete_entitlement in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.delete_entitlement] = mock_rpc + request = {} + client.delete_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods call wrapper_fn to build a cached + # client._transport.operations_client instance on first rpc call. + # Subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + client.delete_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_delete_entitlement_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.delete_entitlement in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.delete_entitlement] = mock_rpc + + request = {} + await client.delete_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods call wrapper_fn to build a cached + # client._transport.operations_client instance on first rpc call. + # Subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + await client.delete_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_delete_entitlement_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.DeleteEntitlementRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + response = await client.delete_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.DeleteEntitlementRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +@pytest.mark.asyncio +async def test_delete_entitlement_async_from_dict(): + await test_delete_entitlement_async(request_type=dict) + +def test_delete_entitlement_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.DeleteEntitlementRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + call.return_value = operations_pb2.Operation(name='operations/op') + client.delete_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_delete_entitlement_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.DeleteEntitlementRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(operations_pb2.Operation(name='operations/op')) + await client.delete_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +def test_delete_entitlement_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/op') + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.delete_entitlement( + name='name_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = 'name_value' + assert arg == mock_val + + +def test_delete_entitlement_flattened_error(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.delete_entitlement( + privilegedaccessmanager.DeleteEntitlementRequest(), + name='name_value', + ) + +@pytest.mark.asyncio +async def test_delete_entitlement_flattened_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/op') + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.delete_entitlement( + name='name_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = 'name_value' + assert arg == mock_val + +@pytest.mark.asyncio +async def test_delete_entitlement_flattened_error_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.delete_entitlement( + privilegedaccessmanager.DeleteEntitlementRequest(), + name='name_value', + ) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.UpdateEntitlementRequest, + dict, +]) +def test_update_entitlement(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/spam') + response = client.update_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.UpdateEntitlementRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +def test_update_entitlement_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.UpdateEntitlementRequest( + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.update_entitlement(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.UpdateEntitlementRequest( + ) + +def test_update_entitlement_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.update_entitlement in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.update_entitlement] = mock_rpc + request = {} + client.update_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods call wrapper_fn to build a cached + # client._transport.operations_client instance on first rpc call. + # Subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + client.update_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_update_entitlement_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.update_entitlement in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.update_entitlement] = mock_rpc + + request = {} + await client.update_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods call wrapper_fn to build a cached + # client._transport.operations_client instance on first rpc call. + # Subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + await client.update_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_update_entitlement_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.UpdateEntitlementRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + response = await client.update_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.UpdateEntitlementRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +@pytest.mark.asyncio +async def test_update_entitlement_async_from_dict(): + await test_update_entitlement_async(request_type=dict) + +def test_update_entitlement_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.UpdateEntitlementRequest() + + request.entitlement.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + call.return_value = operations_pb2.Operation(name='operations/op') + client.update_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'entitlement.name=name_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_update_entitlement_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.UpdateEntitlementRequest() + + request.entitlement.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(operations_pb2.Operation(name='operations/op')) + await client.update_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'entitlement.name=name_value', + ) in kw['metadata'] + + +def test_update_entitlement_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/op') + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.update_entitlement( + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].entitlement + mock_val = privilegedaccessmanager.Entitlement(name='name_value') + assert arg == mock_val + arg = args[0].update_mask + mock_val = field_mask_pb2.FieldMask(paths=['paths_value']) + assert arg == mock_val + + +def test_update_entitlement_flattened_error(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_entitlement( + privilegedaccessmanager.UpdateEntitlementRequest(), + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), + ) + +@pytest.mark.asyncio +async def test_update_entitlement_flattened_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/op') + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.update_entitlement( + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].entitlement + mock_val = privilegedaccessmanager.Entitlement(name='name_value') + assert arg == mock_val + arg = args[0].update_mask + mock_val = field_mask_pb2.FieldMask(paths=['paths_value']) + assert arg == mock_val + +@pytest.mark.asyncio +async def test_update_entitlement_flattened_error_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.update_entitlement( + privilegedaccessmanager.UpdateEntitlementRequest(), + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), + ) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.ListGrantsRequest, + dict, +]) +def test_list_grants(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.ListGrantsResponse( + next_page_token='next_page_token_value', + unreachable=['unreachable_value'], + ) + response = client.list_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.ListGrantsRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListGrantsPager) + assert response.next_page_token == 'next_page_token_value' + assert response.unreachable == ['unreachable_value'] + + +def test_list_grants_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.ListGrantsRequest( + parent='parent_value', + page_token='page_token_value', + filter='filter_value', + order_by='order_by_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.list_grants(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.ListGrantsRequest( + parent='parent_value', + page_token='page_token_value', + filter='filter_value', + order_by='order_by_value', + ) + +def test_list_grants_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.list_grants in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.list_grants] = mock_rpc + request = {} + client.list_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.list_grants(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_list_grants_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.list_grants in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.list_grants] = mock_rpc + + request = {} + await client.list_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.list_grants(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_list_grants_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.ListGrantsRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListGrantsResponse( + next_page_token='next_page_token_value', + unreachable=['unreachable_value'], + )) + response = await client.list_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.ListGrantsRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListGrantsAsyncPager) + assert response.next_page_token == 'next_page_token_value' + assert response.unreachable == ['unreachable_value'] + + +@pytest.mark.asyncio +async def test_list_grants_async_from_dict(): + await test_list_grants_async(request_type=dict) + +def test_list_grants_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.ListGrantsRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + call.return_value = privilegedaccessmanager.ListGrantsResponse() + client.list_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_list_grants_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.ListGrantsRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListGrantsResponse()) + await client.list_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +def test_list_grants_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.ListGrantsResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.list_grants( + parent='parent_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = 'parent_value' + assert arg == mock_val + + +def test_list_grants_flattened_error(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_grants( + privilegedaccessmanager.ListGrantsRequest(), + parent='parent_value', + ) + +@pytest.mark.asyncio +async def test_list_grants_flattened_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.ListGrantsResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListGrantsResponse()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.list_grants( + parent='parent_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = 'parent_value' + assert arg == mock_val + +@pytest.mark.asyncio +async def test_list_grants_flattened_error_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.list_grants( + privilegedaccessmanager.ListGrantsRequest(), + parent='parent_value', + ) + + +def test_list_grants_pager(transport_name: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + RuntimeError, + ) + + expected_metadata = () + retry = retries.Retry() + timeout = 5 + expected_metadata = tuple(expected_metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ('parent', ''), + )), + ) + pager = client.list_grants(request={}, retry=retry, timeout=timeout) + + assert pager._metadata == expected_metadata + assert pager._retry == retry + assert pager._timeout == timeout + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, privilegedaccessmanager.Grant) + for i in results) +def test_list_grants_pages(transport_name: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + RuntimeError, + ) + pages = list(client.list_grants(request={}).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.asyncio +async def test_list_grants_async_pager(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + RuntimeError, + ) + async_pager = await client.list_grants(request={},) + assert async_pager.next_page_token == 'abc' + responses = [] + async for response in async_pager: # pragma: no branch + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, privilegedaccessmanager.Grant) + for i in responses) + + +@pytest.mark.asyncio +async def test_list_grants_async_pages(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + RuntimeError, + ) + pages = [] + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch + await client.list_grants(request={}) + ).pages: + pages.append(page_) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.SearchGrantsRequest, + dict, +]) +def test_search_grants(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.SearchGrantsResponse( + next_page_token='next_page_token_value', + ) + response = client.search_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.SearchGrantsRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.SearchGrantsPager) + assert response.next_page_token == 'next_page_token_value' + + +def test_search_grants_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.SearchGrantsRequest( + parent='parent_value', + filter='filter_value', + page_token='page_token_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.search_grants(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.SearchGrantsRequest( + parent='parent_value', + filter='filter_value', + page_token='page_token_value', + ) + +def test_search_grants_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.search_grants in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.search_grants] = mock_rpc + request = {} + client.search_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.search_grants(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_search_grants_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.search_grants in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.search_grants] = mock_rpc + + request = {} + await client.search_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.search_grants(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_search_grants_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.SearchGrantsRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchGrantsResponse( + next_page_token='next_page_token_value', + )) + response = await client.search_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.SearchGrantsRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.SearchGrantsAsyncPager) + assert response.next_page_token == 'next_page_token_value' + + +@pytest.mark.asyncio +async def test_search_grants_async_from_dict(): + await test_search_grants_async(request_type=dict) + +def test_search_grants_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.SearchGrantsRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + call.return_value = privilegedaccessmanager.SearchGrantsResponse() + client.search_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_search_grants_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.SearchGrantsRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchGrantsResponse()) + await client.search_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +def test_search_grants_pager(transport_name: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + RuntimeError, + ) + + expected_metadata = () + retry = retries.Retry() + timeout = 5 + expected_metadata = tuple(expected_metadata) + ( + gapic_v1.routing_header.to_grpc_metadata(( + ('parent', ''), + )), + ) + pager = client.search_grants(request={}, retry=retry, timeout=timeout) + + assert pager._metadata == expected_metadata + assert pager._retry == retry + assert pager._timeout == timeout + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, privilegedaccessmanager.Grant) + for i in results) +def test_search_grants_pages(transport_name: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport_name, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + RuntimeError, + ) + pages = list(client.search_grants(request={}).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.asyncio +async def test_search_grants_async_pager(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + RuntimeError, + ) + async_pager = await client.search_grants(request={},) + assert async_pager.next_page_token == 'abc' + responses = [] + async for response in async_pager: # pragma: no branch + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, privilegedaccessmanager.Grant) + for i in responses) + + +@pytest.mark.asyncio +async def test_search_grants_async_pages(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__', new_callable=mock.AsyncMock) as call: + # Set the response to a series of pages. + call.side_effect = ( + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + RuntimeError, + ) + pages = [] + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch + await client.search_grants(request={}) + ).pages: + pages.append(page_) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.GetGrantRequest, + dict, +]) +def test_get_grant(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + ) + response = client.get_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.GetGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +def test_get_grant_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.GetGrantRequest( + name='name_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.get_grant(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.GetGrantRequest( + name='name_value', + ) + +def test_get_grant_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.get_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.get_grant] = mock_rpc + request = {} + client.get_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.get_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_get_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.get_grant in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.get_grant] = mock_rpc + + request = {} + await client.get_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.get_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_get_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.GetGrantRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + )) + response = await client.get_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.GetGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +@pytest.mark.asyncio +async def test_get_grant_async_from_dict(): + await test_get_grant_async(request_type=dict) + +def test_get_grant_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.GetGrantRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + call.return_value = privilegedaccessmanager.Grant() + client.get_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_get_grant_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.GetGrantRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) + await client.get_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +def test_get_grant_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Grant() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_grant( + name='name_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = 'name_value' + assert arg == mock_val + + +def test_get_grant_flattened_error(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_grant( + privilegedaccessmanager.GetGrantRequest(), + name='name_value', + ) + +@pytest.mark.asyncio +async def test_get_grant_flattened_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Grant() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_grant( + name='name_value', + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = 'name_value' + assert arg == mock_val + +@pytest.mark.asyncio +async def test_get_grant_flattened_error_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_grant( + privilegedaccessmanager.GetGrantRequest(), + name='name_value', + ) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.CreateGrantRequest, + dict, +]) +def test_create_grant(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + ) + response = client.create_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.CreateGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +def test_create_grant_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.CreateGrantRequest( + parent='parent_value', + request_id='request_id_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.create_grant(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.CreateGrantRequest( + parent='parent_value', + request_id='request_id_value', + ) + +def test_create_grant_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.create_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.create_grant] = mock_rpc + request = {} + client.create_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.create_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_create_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.create_grant in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.create_grant] = mock_rpc + + request = {} + await client.create_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.create_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_create_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.CreateGrantRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + )) + response = await client.create_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.CreateGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +@pytest.mark.asyncio +async def test_create_grant_async_from_dict(): + await test_create_grant_async(request_type=dict) + +def test_create_grant_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.CreateGrantRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + call.return_value = privilegedaccessmanager.Grant() + client.create_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_create_grant_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.CreateGrantRequest() + + request.parent = 'parent_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) + await client.create_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'parent=parent_value', + ) in kw['metadata'] + + +def test_create_grant_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Grant() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.create_grant( + parent='parent_value', + grant=privilegedaccessmanager.Grant(name='name_value'), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = 'parent_value' + assert arg == mock_val + arg = args[0].grant + mock_val = privilegedaccessmanager.Grant(name='name_value') + assert arg == mock_val + + +def test_create_grant_flattened_error(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_grant( + privilegedaccessmanager.CreateGrantRequest(), + parent='parent_value', + grant=privilegedaccessmanager.Grant(name='name_value'), + ) + +@pytest.mark.asyncio +async def test_create_grant_flattened_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Grant() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.create_grant( + parent='parent_value', + grant=privilegedaccessmanager.Grant(name='name_value'), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].parent + mock_val = 'parent_value' + assert arg == mock_val + arg = args[0].grant + mock_val = privilegedaccessmanager.Grant(name='name_value') + assert arg == mock_val + +@pytest.mark.asyncio +async def test_create_grant_flattened_error_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.create_grant( + privilegedaccessmanager.CreateGrantRequest(), + parent='parent_value', + grant=privilegedaccessmanager.Grant(name='name_value'), + ) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.ApproveGrantRequest, + dict, +]) +def test_approve_grant(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.approve_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + ) + response = client.approve_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.ApproveGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +def test_approve_grant_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.ApproveGrantRequest( + name='name_value', + reason='reason_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.approve_grant), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.approve_grant(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.ApproveGrantRequest( + name='name_value', + reason='reason_value', + ) + +def test_approve_grant_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.approve_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.approve_grant] = mock_rpc + request = {} + client.approve_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.approve_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_approve_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.approve_grant in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.approve_grant] = mock_rpc + + request = {} + await client.approve_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.approve_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_approve_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.ApproveGrantRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.approve_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + )) + response = await client.approve_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.ApproveGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +@pytest.mark.asyncio +async def test_approve_grant_async_from_dict(): + await test_approve_grant_async(request_type=dict) + +def test_approve_grant_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.ApproveGrantRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.approve_grant), + '__call__') as call: + call.return_value = privilegedaccessmanager.Grant() + client.approve_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_approve_grant_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.ApproveGrantRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.approve_grant), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) + await client.approve_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.DenyGrantRequest, + dict, +]) +def test_deny_grant(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.deny_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + ) + response = client.deny_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.DenyGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +def test_deny_grant_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.DenyGrantRequest( + name='name_value', + reason='reason_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.deny_grant), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.deny_grant(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.DenyGrantRequest( + name='name_value', + reason='reason_value', + ) + +def test_deny_grant_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.deny_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.deny_grant] = mock_rpc + request = {} + client.deny_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.deny_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_deny_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.deny_grant in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.deny_grant] = mock_rpc + + request = {} + await client.deny_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + await client.deny_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_deny_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.DenyGrantRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.deny_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + )) + response = await client.deny_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.DenyGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +@pytest.mark.asyncio +async def test_deny_grant_async_from_dict(): + await test_deny_grant_async(request_type=dict) + +def test_deny_grant_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.DenyGrantRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.deny_grant), + '__call__') as call: + call.return_value = privilegedaccessmanager.Grant() + client.deny_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_deny_grant_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.DenyGrantRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.deny_grant), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) + await client.deny_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.RevokeGrantRequest, + dict, +]) +def test_revoke_grant(request_type, transport: str = 'grpc'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.revoke_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation(name='operations/spam') + response = client.revoke_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.RevokeGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +def test_revoke_grant_non_empty_request_with_auto_populated_field(): + # This test is a coverage failsafe to make sure that UUID4 fields are + # automatically populated, according to AIP-4235, with non-empty requests. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + + # Populate all string fields in the request which are not UUID4 + # since we want to check that UUID4 are populated automatically + # if they meet the requirements of AIP 4235. + request = privilegedaccessmanager.RevokeGrantRequest( + name='name_value', + reason='reason_value', + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.revoke_grant), + '__call__') as call: + call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client.revoke_grant(request=request) + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == privilegedaccessmanager.RevokeGrantRequest( + name='name_value', + reason='reason_value', + ) + +def test_revoke_grant_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.revoke_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.revoke_grant] = mock_rpc + request = {} + client.revoke_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods call wrapper_fn to build a cached + # client._transport.operations_client instance on first rpc call. + # Subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + client.revoke_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_revoke_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._client._transport.revoke_grant in client._client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.AsyncMock() + mock_rpc.return_value = mock.Mock() + client._client._transport._wrapped_methods[client._client._transport.revoke_grant] = mock_rpc + + request = {} + await client.revoke_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods call wrapper_fn to build a cached + # client._transport.operations_client instance on first rpc call. + # Subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + await client.revoke_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + +@pytest.mark.asyncio +async def test_revoke_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.RevokeGrantRequest): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.revoke_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + response = await client.revoke_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + request = privilegedaccessmanager.RevokeGrantRequest() + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, future.Future) + + +@pytest.mark.asyncio +async def test_revoke_grant_async_from_dict(): + await test_revoke_grant_async(request_type=dict) + +def test_revoke_grant_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.RevokeGrantRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.revoke_grant), + '__call__') as call: + call.return_value = operations_pb2.Operation(name='operations/op') + client.revoke_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +@pytest.mark.asyncio +async def test_revoke_grant_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = privilegedaccessmanager.RevokeGrantRequest() + + request.name = 'name_value' + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.revoke_grant), + '__call__') as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(operations_pb2.Operation(name='operations/op')) + await client.revoke_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + 'x-goog-request-params', + 'name=name_value', + ) in kw['metadata'] + + +def test_check_onboarding_status_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.check_onboarding_status in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.check_onboarding_status] = mock_rpc + + request = {} + client.check_onboarding_status(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.check_onboarding_status(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_check_onboarding_status_rest_required_fields(request_type=privilegedaccessmanager.CheckOnboardingStatusRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).check_onboarding_status._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = 'parent_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).check_onboarding_status._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == 'parent_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.CheckOnboardingStatusResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "get", + 'query_params': pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.CheckOnboardingStatusResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.check_onboarding_status(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_check_onboarding_status_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.check_onboarding_status._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("parent", ))) + + +def test_list_entitlements_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.list_entitlements in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.list_entitlements] = mock_rpc + + request = {} + client.list_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.list_entitlements(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_list_entitlements_rest_required_fields(request_type=privilegedaccessmanager.ListEntitlementsRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).list_entitlements._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = 'parent_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).list_entitlements._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("filter", "order_by", "page_size", "page_token", )) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == 'parent_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.ListEntitlementsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "get", + 'query_params': pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.ListEntitlementsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.list_entitlements(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_list_entitlements_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.list_entitlements._get_unset_required_fields({}) + assert set(unset_fields) == (set(("filter", "orderBy", "pageSize", "pageToken", )) & set(("parent", ))) + + +def test_list_entitlements_rest_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.ListEntitlementsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {'parent': 'projects/sample1/locations/sample2'} + + # get truthy value for each flattened field + mock_args = dict( + parent='parent_value', + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + # Convert return value to protobuf type + return_value = privilegedaccessmanager.ListEntitlementsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + client.list_entitlements(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate("%s/v1/{parent=projects/*/locations/*}/entitlements" % client.transport._host, args[1]) + + +def test_list_entitlements_rest_flattened_error(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_entitlements( + privilegedaccessmanager.ListEntitlementsRequest(), + parent='parent_value', + ) + + +def test_list_entitlements_rest_pager(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + #with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple(privilegedaccessmanager.ListEntitlementsResponse.to_json(x) for x in response) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode('UTF-8') + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {'parent': 'projects/sample1/locations/sample2'} + + pager = client.list_entitlements(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, privilegedaccessmanager.Entitlement) + for i in results) + + pages = list(client.list_entitlements(request=sample_request).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + + +def test_search_entitlements_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.search_entitlements in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.search_entitlements] = mock_rpc + + request = {} + client.search_entitlements(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.search_entitlements(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_search_entitlements_rest_required_fields(request_type=privilegedaccessmanager.SearchEntitlementsRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).search_entitlements._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = 'parent_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).search_entitlements._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("caller_access_type", "filter", "page_size", "page_token", )) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == 'parent_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.SearchEntitlementsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "get", + 'query_params': pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.SearchEntitlementsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.search_entitlements(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_search_entitlements_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.search_entitlements._get_unset_required_fields({}) + assert set(unset_fields) == (set(("callerAccessType", "filter", "pageSize", "pageToken", )) & set(("parent", "callerAccessType", ))) + + +def test_search_entitlements_rest_pager(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + #with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchEntitlementsResponse( + entitlements=[ + privilegedaccessmanager.Entitlement(), + privilegedaccessmanager.Entitlement(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple(privilegedaccessmanager.SearchEntitlementsResponse.to_json(x) for x in response) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode('UTF-8') + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {'parent': 'projects/sample1/locations/sample2'} + + pager = client.search_entitlements(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, privilegedaccessmanager.Entitlement) + for i in results) + + pages = list(client.search_entitlements(request=sample_request).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + + +def test_get_entitlement_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.get_entitlement in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.get_entitlement] = mock_rpc + + request = {} + client.get_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.get_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_get_entitlement_rest_required_fields(request_type=privilegedaccessmanager.GetEntitlementRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).get_entitlement._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = 'name_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).get_entitlement._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == 'name_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Entitlement() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "get", + 'query_params': pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Entitlement.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.get_entitlement(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_get_entitlement_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.get_entitlement._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name", ))) + + +def test_get_entitlement_rest_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Entitlement() + + # get arguments that satisfy an http rule for this method + sample_request = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} + + # get truthy value for each flattened field + mock_args = dict( + name='name_value', + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Entitlement.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + client.get_entitlement(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate("%s/v1/{name=projects/*/locations/*/entitlements/*}" % client.transport._host, args[1]) + + +def test_get_entitlement_rest_flattened_error(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_entitlement( + privilegedaccessmanager.GetEntitlementRequest(), + name='name_value', + ) + + +def test_create_entitlement_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.create_entitlement in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.create_entitlement] = mock_rpc + + request = {} + client.create_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods build a cached wrapper on first rpc call + # subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + client.create_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_create_entitlement_rest_required_fields(request_type=privilegedaccessmanager.CreateEntitlementRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["parent"] = "" + request_init["entitlement_id"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + assert "entitlementId" not in jsonified_request + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).create_entitlement._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + assert "entitlementId" in jsonified_request + assert jsonified_request["entitlementId"] == request_init["entitlement_id"] + + jsonified_request["parent"] = 'parent_value' + jsonified_request["entitlementId"] = 'entitlement_id_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).create_entitlement._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("entitlement_id", "request_id", )) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == 'parent_value' + assert "entitlementId" in jsonified_request + assert jsonified_request["entitlementId"] == 'entitlement_id_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "post", + 'query_params': pb_request, + } + transcode_result['body'] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.create_entitlement(request) + + expected_params = [ + ( + "entitlementId", + "", + ), + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_create_entitlement_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.create_entitlement._get_unset_required_fields({}) + assert set(unset_fields) == (set(("entitlementId", "requestId", )) & set(("parent", "entitlementId", "entitlement", ))) + + +def test_create_entitlement_rest_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + + # get arguments that satisfy an http rule for this method + sample_request = {'parent': 'projects/sample1/locations/sample2'} + + # get truthy value for each flattened field + mock_args = dict( + parent='parent_value', + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + entitlement_id='entitlement_id_value', + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + client.create_entitlement(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate("%s/v1/{parent=projects/*/locations/*}/entitlements" % client.transport._host, args[1]) + + +def test_create_entitlement_rest_flattened_error(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_entitlement( + privilegedaccessmanager.CreateEntitlementRequest(), + parent='parent_value', + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + entitlement_id='entitlement_id_value', + ) + + +def test_delete_entitlement_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.delete_entitlement in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.delete_entitlement] = mock_rpc + + request = {} + client.delete_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods build a cached wrapper on first rpc call + # subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + client.delete_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_delete_entitlement_rest_required_fields(request_type=privilegedaccessmanager.DeleteEntitlementRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).delete_entitlement._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = 'name_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).delete_entitlement._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("force", "request_id", )) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == 'name_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "delete", + 'query_params': pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.delete_entitlement(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_delete_entitlement_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.delete_entitlement._get_unset_required_fields({}) + assert set(unset_fields) == (set(("force", "requestId", )) & set(("name", ))) + + +def test_delete_entitlement_rest_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + + # get arguments that satisfy an http rule for this method + sample_request = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} + + # get truthy value for each flattened field + mock_args = dict( + name='name_value', + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + client.delete_entitlement(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate("%s/v1/{name=projects/*/locations/*/entitlements/*}" % client.transport._host, args[1]) + + +def test_delete_entitlement_rest_flattened_error(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.delete_entitlement( + privilegedaccessmanager.DeleteEntitlementRequest(), + name='name_value', + ) + + +def test_update_entitlement_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.update_entitlement in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.update_entitlement] = mock_rpc + + request = {} + client.update_entitlement(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods build a cached wrapper on first rpc call + # subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + client.update_entitlement(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_update_entitlement_rest_required_fields(request_type=privilegedaccessmanager.UpdateEntitlementRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).update_entitlement._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).update_entitlement._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask", )) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "patch", + 'query_params': pb_request, + } + transcode_result['body'] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.update_entitlement(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_update_entitlement_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.update_entitlement._get_unset_required_fields({}) + assert set(unset_fields) == (set(("updateMask", )) & set(("entitlement", "updateMask", ))) + + +def test_update_entitlement_rest_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + + # get arguments that satisfy an http rule for this method + sample_request = {'entitlement': {'name': 'projects/sample1/locations/sample2/entitlements/sample3'}} + + # get truthy value for each flattened field + mock_args = dict( + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + client.update_entitlement(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate("%s/v1/{entitlement.name=projects/*/locations/*/entitlements/*}" % client.transport._host, args[1]) + + +def test_update_entitlement_rest_flattened_error(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_entitlement( + privilegedaccessmanager.UpdateEntitlementRequest(), + entitlement=privilegedaccessmanager.Entitlement(name='name_value'), + update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), + ) + + +def test_list_grants_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.list_grants in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.list_grants] = mock_rpc + + request = {} + client.list_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.list_grants(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_list_grants_rest_required_fields(request_type=privilegedaccessmanager.ListGrantsRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).list_grants._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = 'parent_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).list_grants._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("filter", "order_by", "page_size", "page_token", )) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == 'parent_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.ListGrantsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "get", + 'query_params': pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.ListGrantsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.list_grants(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_list_grants_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.list_grants._get_unset_required_fields({}) + assert set(unset_fields) == (set(("filter", "orderBy", "pageSize", "pageToken", )) & set(("parent", ))) + + +def test_list_grants_rest_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.ListGrantsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + + # get truthy value for each flattened field + mock_args = dict( + parent='parent_value', + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + # Convert return value to protobuf type + return_value = privilegedaccessmanager.ListGrantsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + client.list_grants(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate("%s/v1/{parent=projects/*/locations/*/entitlements/*}/grants" % client.transport._host, args[1]) + + +def test_list_grants_rest_flattened_error(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_grants( + privilegedaccessmanager.ListGrantsRequest(), + parent='parent_value', + ) + + +def test_list_grants_rest_pager(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + #with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.ListGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple(privilegedaccessmanager.ListGrantsResponse.to_json(x) for x in response) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode('UTF-8') + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + + pager = client.list_grants(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, privilegedaccessmanager.Grant) + for i in results) + + pages = list(client.list_grants(request=sample_request).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + + +def test_search_grants_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.search_grants in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.search_grants] = mock_rpc + + request = {} + client.search_grants(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.search_grants(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_search_grants_rest_required_fields(request_type=privilegedaccessmanager.SearchGrantsRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).search_grants._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = 'parent_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).search_grants._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("caller_relationship", "filter", "page_size", "page_token", )) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == 'parent_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.SearchGrantsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "get", + 'query_params': pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.SearchGrantsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.search_grants(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_search_grants_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.search_grants._get_unset_required_fields({}) + assert set(unset_fields) == (set(("callerRelationship", "filter", "pageSize", "pageToken", )) & set(("parent", "callerRelationship", ))) + + +def test_search_grants_rest_pager(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + #with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + next_page_token='abc', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[], + next_page_token='def', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + ], + next_page_token='ghi', + ), + privilegedaccessmanager.SearchGrantsResponse( + grants=[ + privilegedaccessmanager.Grant(), + privilegedaccessmanager.Grant(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple(privilegedaccessmanager.SearchGrantsResponse.to_json(x) for x in response) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode('UTF-8') + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + + pager = client.search_grants(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, privilegedaccessmanager.Grant) + for i in results) + + pages = list(client.search_grants(request=sample_request).pages) + for page_, token in zip(pages, ['abc','def','ghi', '']): + assert page_.raw_page.next_page_token == token + + +def test_get_grant_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.get_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.get_grant] = mock_rpc + + request = {} + client.get_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.get_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_get_grant_rest_required_fields(request_type=privilegedaccessmanager.GetGrantRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).get_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = 'name_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).get_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == 'name_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "get", + 'query_params': pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.get_grant(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_get_grant_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.get_grant._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name", ))) + + +def test_get_grant_rest_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant() + + # get arguments that satisfy an http rule for this method + sample_request = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + + # get truthy value for each flattened field + mock_args = dict( + name='name_value', + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + client.get_grant(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate("%s/v1/{name=projects/*/locations/*/entitlements/*/grants/*}" % client.transport._host, args[1]) + + +def test_get_grant_rest_flattened_error(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_grant( + privilegedaccessmanager.GetGrantRequest(), + name='name_value', + ) + + +def test_create_grant_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.create_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.create_grant] = mock_rpc + + request = {} + client.create_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.create_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_create_grant_rest_required_fields(request_type=privilegedaccessmanager.CreateGrantRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).create_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = 'parent_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).create_grant._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("request_id", )) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == 'parent_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "post", + 'query_params': pb_request, + } + transcode_result['body'] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.create_grant(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_create_grant_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.create_grant._get_unset_required_fields({}) + assert set(unset_fields) == (set(("requestId", )) & set(("parent", "grant", ))) + + +def test_create_grant_rest_flattened(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant() + + # get arguments that satisfy an http rule for this method + sample_request = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + + # get truthy value for each flattened field + mock_args = dict( + parent='parent_value', + grant=privilegedaccessmanager.Grant(name='name_value'), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + client.create_grant(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate("%s/v1/{parent=projects/*/locations/*/entitlements/*}/grants" % client.transport._host, args[1]) + + +def test_create_grant_rest_flattened_error(transport: str = 'rest'): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_grant( + privilegedaccessmanager.CreateGrantRequest(), + parent='parent_value', + grant=privilegedaccessmanager.Grant(name='name_value'), + ) + + +def test_approve_grant_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.approve_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.approve_grant] = mock_rpc + + request = {} + client.approve_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.approve_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_approve_grant_rest_required_fields(request_type=privilegedaccessmanager.ApproveGrantRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).approve_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = 'name_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).approve_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == 'name_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "post", + 'query_params': pb_request, + } + transcode_result['body'] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.approve_grant(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_approve_grant_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.approve_grant._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name", ))) + + +def test_deny_grant_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.deny_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.deny_grant] = mock_rpc + + request = {} + client.deny_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + client.deny_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_deny_grant_rest_required_fields(request_type=privilegedaccessmanager.DenyGrantRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).deny_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = 'name_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).deny_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == 'name_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "post", + 'query_params': pb_request, + } + transcode_result['body'] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.deny_grant(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_deny_grant_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.deny_grant._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name", ))) + + +def test_revoke_grant_rest_use_cached_wrapped_rpc(): + # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, + # instead of constructing them on each call + with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Should wrap all calls on client creation + assert wrapper_fn.call_count > 0 + wrapper_fn.reset_mock() + + # Ensure method has been cached + assert client._transport.revoke_grant in client._transport._wrapped_methods + + # Replace cached wrapped function with mock + mock_rpc = mock.Mock() + mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. + client._transport._wrapped_methods[client._transport.revoke_grant] = mock_rpc + + request = {} + client.revoke_grant(request) + + # Establish that the underlying gRPC stub method was called. + assert mock_rpc.call_count == 1 + + # Operation methods build a cached wrapper on first rpc call + # subsequent calls should use the cached wrapper + wrapper_fn.reset_mock() + + client.revoke_grant(request) + + # Establish that a new wrapper was not created for this call + assert wrapper_fn.call_count == 0 + assert mock_rpc.call_count == 2 + + +def test_revoke_grant_rest_required_fields(request_type=privilegedaccessmanager.RevokeGrantRequest): + transport_class = transports.PrivilegedAccessManagerRestTransport + + request_init = {} + request_init["name"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads(json_format.MessageToJson( + pb_request, + use_integers_for_enums=False + )) + + # verify fields with default values are dropped + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).revoke_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["name"] = 'name_value' + + unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).revoke_grant._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == 'name_value' + + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='rest', + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, 'transcode') as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + 'uri': 'v1/sample_method', + 'method': "post", + 'query_params': pb_request, + } + transcode_result['body'] = pb_request + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + + response_value._content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.revoke_grant(request) + + expected_params = [ + ('$alt', 'json;enum-encoding=int') + ] + actual_params = req.call_args.kwargs['params'] + assert expected_params == actual_params + + +def test_revoke_grant_rest_unset_required_fields(): + transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) + + unset_fields = transport.revoke_grant._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name", ))) + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.PrivilegedAccessManagerGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.PrivilegedAccessManagerGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = PrivilegedAccessManagerClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide an api_key and a transport instance. + transport = transports.PrivilegedAccessManagerGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + options = client_options.ClientOptions() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = PrivilegedAccessManagerClient( + client_options=options, + transport=transport, + ) + + # It is an error to provide an api_key and a credential. + options = client_options.ClientOptions() + options.api_key = "api_key" + with pytest.raises(ValueError): + client = PrivilegedAccessManagerClient( + client_options=options, + credentials=ga_credentials.AnonymousCredentials() + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.PrivilegedAccessManagerGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = PrivilegedAccessManagerClient( + client_options={"scopes": ["1", "2"]}, + transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.PrivilegedAccessManagerGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + assert client.transport is transport + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.PrivilegedAccessManagerGrpcTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.PrivilegedAccessManagerGrpcAsyncIOTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + +@pytest.mark.parametrize("transport_class", [ + transports.PrivilegedAccessManagerGrpcTransport, + transports.PrivilegedAccessManagerGrpcAsyncIOTransport, + transports.PrivilegedAccessManagerRestTransport, +]) +def test_transport_adc(transport_class): + # Test default credentials are used if not provided. + with mock.patch.object(google.auth, 'default') as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class() + adc.assert_called_once() + +def test_transport_kind_grpc(): + transport = PrivilegedAccessManagerClient.get_transport_class("grpc")( + credentials=ga_credentials.AnonymousCredentials() + ) + assert transport.kind == "grpc" + + +def test_initialize_client_w_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc" + ) + assert client is not None + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_check_onboarding_status_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.check_onboarding_status), + '__call__') as call: + call.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse() + client.check_onboarding_status(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CheckOnboardingStatusRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_list_entitlements_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + call.return_value = privilegedaccessmanager.ListEntitlementsResponse() + client.list_entitlements(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ListEntitlementsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_search_entitlements_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + call.return_value = privilegedaccessmanager.SearchEntitlementsResponse() + client.search_entitlements(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.SearchEntitlementsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_get_entitlement_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + call.return_value = privilegedaccessmanager.Entitlement() + client.get_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.GetEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_create_entitlement_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + call.return_value = operations_pb2.Operation(name='operations/op') + client.create_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CreateEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_delete_entitlement_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + call.return_value = operations_pb2.Operation(name='operations/op') + client.delete_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.DeleteEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_update_entitlement_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + call.return_value = operations_pb2.Operation(name='operations/op') + client.update_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.UpdateEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_list_grants_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + call.return_value = privilegedaccessmanager.ListGrantsResponse() + client.list_grants(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ListGrantsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_search_grants_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + call.return_value = privilegedaccessmanager.SearchGrantsResponse() + client.search_grants(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.SearchGrantsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_get_grant_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + call.return_value = privilegedaccessmanager.Grant() + client.get_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.GetGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_create_grant_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + call.return_value = privilegedaccessmanager.Grant() + client.create_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CreateGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_approve_grant_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.approve_grant), + '__call__') as call: + call.return_value = privilegedaccessmanager.Grant() + client.approve_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ApproveGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_deny_grant_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.deny_grant), + '__call__') as call: + call.return_value = privilegedaccessmanager.Grant() + client.deny_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.DenyGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_revoke_grant_empty_call_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.revoke_grant), + '__call__') as call: + call.return_value = operations_pb2.Operation(name='operations/op') + client.revoke_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.RevokeGrantRequest() + + assert args[0] == request_msg + + +def test_transport_kind_grpc_asyncio(): + transport = PrivilegedAccessManagerAsyncClient.get_transport_class("grpc_asyncio")( + credentials=async_anonymous_credentials() + ) + assert transport.kind == "grpc_asyncio" + + +def test_initialize_client_w_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio" + ) + assert client is not None + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_check_onboarding_status_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.check_onboarding_status), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.CheckOnboardingStatusResponse( + service_account='service_account_value', + )) + await client.check_onboarding_status(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CheckOnboardingStatusRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_list_entitlements_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListEntitlementsResponse( + next_page_token='next_page_token_value', + unreachable=['unreachable_value'], + )) + await client.list_entitlements(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ListEntitlementsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_search_entitlements_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchEntitlementsResponse( + next_page_token='next_page_token_value', + )) + await client.search_entitlements(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.SearchEntitlementsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_get_entitlement_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Entitlement( + name='name_value', + state=privilegedaccessmanager.Entitlement.State.CREATING, + etag='etag_value', + )) + await client.get_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.GetEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_create_entitlement_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + await client.create_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CreateEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_delete_entitlement_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + await client.delete_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.DeleteEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_update_entitlement_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + await client.update_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.UpdateEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_list_grants_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListGrantsResponse( + next_page_token='next_page_token_value', + unreachable=['unreachable_value'], + )) + await client.list_grants(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ListGrantsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_search_grants_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchGrantsResponse( + next_page_token='next_page_token_value', + )) + await client.search_grants(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.SearchGrantsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_get_grant_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + )) + await client.get_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.GetGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_create_grant_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + )) + await client.create_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CreateGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_approve_grant_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.approve_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + )) + await client.approve_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ApproveGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_deny_grant_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.deny_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + )) + await client.deny_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.DenyGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +@pytest.mark.asyncio +async def test_revoke_grant_empty_call_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.revoke_grant), + '__call__') as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation(name='operations/spam') + ) + await client.revoke_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.RevokeGrantRequest() + + assert args[0] == request_msg + + +def test_transport_kind_rest(): + transport = PrivilegedAccessManagerClient.get_transport_class("rest")( + credentials=ga_credentials.AnonymousCredentials() + ) + assert transport.kind == "rest" + + +def test_check_onboarding_status_rest_bad_request(request_type=privilegedaccessmanager.CheckOnboardingStatusRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.check_onboarding_status(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.CheckOnboardingStatusRequest, + dict, +]) +def test_check_onboarding_status_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.CheckOnboardingStatusResponse( + service_account='service_account_value', + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.CheckOnboardingStatusResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.check_onboarding_status(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.CheckOnboardingStatusResponse) + assert response.service_account == 'service_account_value' + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_check_onboarding_status_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_check_onboarding_status") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_check_onboarding_status_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_check_onboarding_status") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.CheckOnboardingStatusRequest.pb(privilegedaccessmanager.CheckOnboardingStatusRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.CheckOnboardingStatusResponse.to_json(privilegedaccessmanager.CheckOnboardingStatusResponse()) + req.return_value.content = return_value + + request = privilegedaccessmanager.CheckOnboardingStatusRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse() + post_with_metadata.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse(), metadata + + client.check_onboarding_status(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_list_entitlements_rest_bad_request(request_type=privilegedaccessmanager.ListEntitlementsRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.list_entitlements(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.ListEntitlementsRequest, + dict, +]) +def test_list_entitlements_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.ListEntitlementsResponse( + next_page_token='next_page_token_value', + unreachable=['unreachable_value'], + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.ListEntitlementsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.list_entitlements(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListEntitlementsPager) + assert response.next_page_token == 'next_page_token_value' + assert response.unreachable == ['unreachable_value'] + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_entitlements_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_list_entitlements") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_list_entitlements_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_list_entitlements") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.ListEntitlementsRequest.pb(privilegedaccessmanager.ListEntitlementsRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.ListEntitlementsResponse.to_json(privilegedaccessmanager.ListEntitlementsResponse()) + req.return_value.content = return_value + + request = privilegedaccessmanager.ListEntitlementsRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.ListEntitlementsResponse() + post_with_metadata.return_value = privilegedaccessmanager.ListEntitlementsResponse(), metadata + + client.list_entitlements(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_search_entitlements_rest_bad_request(request_type=privilegedaccessmanager.SearchEntitlementsRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.search_entitlements(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.SearchEntitlementsRequest, + dict, +]) +def test_search_entitlements_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.SearchEntitlementsResponse( + next_page_token='next_page_token_value', + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.SearchEntitlementsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.search_entitlements(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.SearchEntitlementsPager) + assert response.next_page_token == 'next_page_token_value' + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_search_entitlements_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_search_entitlements") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_search_entitlements_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_search_entitlements") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.SearchEntitlementsRequest.pb(privilegedaccessmanager.SearchEntitlementsRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.SearchEntitlementsResponse.to_json(privilegedaccessmanager.SearchEntitlementsResponse()) + req.return_value.content = return_value + + request = privilegedaccessmanager.SearchEntitlementsRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.SearchEntitlementsResponse() + post_with_metadata.return_value = privilegedaccessmanager.SearchEntitlementsResponse(), metadata + + client.search_entitlements(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_get_entitlement_rest_bad_request(request_type=privilegedaccessmanager.GetEntitlementRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.get_entitlement(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.GetEntitlementRequest, + dict, +]) +def test_get_entitlement_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Entitlement( + name='name_value', + state=privilegedaccessmanager.Entitlement.State.CREATING, + etag='etag_value', + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Entitlement.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.get_entitlement(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Entitlement) + assert response.name == 'name_value' + assert response.state == privilegedaccessmanager.Entitlement.State.CREATING + assert response.etag == 'etag_value' + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_entitlement_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_get_entitlement") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_get_entitlement_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_get_entitlement") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.GetEntitlementRequest.pb(privilegedaccessmanager.GetEntitlementRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.Entitlement.to_json(privilegedaccessmanager.Entitlement()) + req.return_value.content = return_value + + request = privilegedaccessmanager.GetEntitlementRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.Entitlement() + post_with_metadata.return_value = privilegedaccessmanager.Entitlement(), metadata + + client.get_entitlement(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_create_entitlement_rest_bad_request(request_type=privilegedaccessmanager.CreateEntitlementRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.create_entitlement(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.CreateEntitlementRequest, + dict, +]) +def test_create_entitlement_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2'} + request_init["entitlement"] = {'name': 'name_value', 'create_time': {'seconds': 751, 'nanos': 543}, 'update_time': {}, 'eligible_users': [{'principals': ['principals_value1', 'principals_value2']}], 'approval_workflow': {'manual_approvals': {'require_approver_justification': True, 'steps': [{'approvers': {}, 'approvals_needed': 1692, 'approver_email_recipients': ['approver_email_recipients_value1', 'approver_email_recipients_value2']}]}}, 'privileged_access': {'gcp_iam_access': {'resource_type': 'resource_type_value', 'resource': 'resource_value', 'role_bindings': [{'role': 'role_value', 'condition_expression': 'condition_expression_value'}]}}, 'max_request_duration': {'seconds': 751, 'nanos': 543}, 'state': 1, 'requester_justification_config': {'not_mandatory': {}, 'unstructured': {}}, 'additional_notification_targets': {'admin_email_recipients': ['admin_email_recipients_value1', 'admin_email_recipients_value2'], 'requester_email_recipients': ['requester_email_recipients_value1', 'requester_email_recipients_value2']}, 'etag': 'etag_value'} + # The version of a generated dependency at test runtime may differ from the version used during generation. + # Delete any fields which are not present in the current runtime dependency + # See https://github.com/googleapis/gapic-generator-python/issues/1748 + + # Determine if the message type is proto-plus or protobuf + test_field = privilegedaccessmanager.CreateEntitlementRequest.meta.fields["entitlement"] + + def get_message_fields(field): + # Given a field which is a message (composite type), return a list with + # all the fields of the message. + # If the field is not a composite type, return an empty list. + message_fields = [] + + if hasattr(field, "message") and field.message: + is_field_type_proto_plus_type = not hasattr(field.message, "DESCRIPTOR") + + if is_field_type_proto_plus_type: + message_fields = field.message.meta.fields.values() + # Add `# pragma: NO COVER` because there may not be any `*_pb2` field types + else: # pragma: NO COVER + message_fields = field.message.DESCRIPTOR.fields + return message_fields + + runtime_nested_fields = [ + (field.name, nested_field.name) + for field in get_message_fields(test_field) + for nested_field in get_message_fields(field) + ] + + subfields_not_in_runtime = [] + + # For each item in the sample request, create a list of sub fields which are not present at runtime + # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime + for field, value in request_init["entitlement"].items(): # pragma: NO COVER + result = None + is_repeated = False + # For repeated fields + if isinstance(value, list) and len(value): + is_repeated = True + result = value[0] + # For fields where the type is another message + if isinstance(value, dict): + result = value + + if result and hasattr(result, "keys"): + for subfield in result.keys(): + if (field, subfield) not in runtime_nested_fields: + subfields_not_in_runtime.append( + {"field": field, "subfield": subfield, "is_repeated": is_repeated} + ) + + # Remove fields from the sample request which are not present in the runtime version of the dependency + # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime + for subfield_to_delete in subfields_not_in_runtime: # pragma: NO COVER + field = subfield_to_delete.get("field") + field_repeated = subfield_to_delete.get("is_repeated") + subfield = subfield_to_delete.get("subfield") + if subfield: + if field_repeated: + for i in range(0, len(request_init["entitlement"][field])): + del request_init["entitlement"][field][i][subfield] + else: + del request_init["entitlement"][field][subfield] + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.create_entitlement(request) + + # Establish that the response is the type that we expect. + json_return_value = json_format.MessageToJson(return_value) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_entitlement_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(operation.Operation, "_set_result_from_operation"), \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_create_entitlement") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_create_entitlement_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_create_entitlement") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.CreateEntitlementRequest.pb(privilegedaccessmanager.CreateEntitlementRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = json_format.MessageToJson(operations_pb2.Operation()) + req.return_value.content = return_value + + request = privilegedaccessmanager.CreateEntitlementRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = operations_pb2.Operation() + post_with_metadata.return_value = operations_pb2.Operation(), metadata + + client.create_entitlement(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_delete_entitlement_rest_bad_request(request_type=privilegedaccessmanager.DeleteEntitlementRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.delete_entitlement(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.DeleteEntitlementRequest, + dict, +]) +def test_delete_entitlement_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.delete_entitlement(request) + + # Establish that the response is the type that we expect. + json_return_value = json_format.MessageToJson(return_value) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_delete_entitlement_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(operation.Operation, "_set_result_from_operation"), \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_delete_entitlement") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_delete_entitlement_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_delete_entitlement") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.DeleteEntitlementRequest.pb(privilegedaccessmanager.DeleteEntitlementRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = json_format.MessageToJson(operations_pb2.Operation()) + req.return_value.content = return_value + + request = privilegedaccessmanager.DeleteEntitlementRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = operations_pb2.Operation() + post_with_metadata.return_value = operations_pb2.Operation(), metadata + + client.delete_entitlement(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_update_entitlement_rest_bad_request(request_type=privilegedaccessmanager.UpdateEntitlementRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'entitlement': {'name': 'projects/sample1/locations/sample2/entitlements/sample3'}} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.update_entitlement(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.UpdateEntitlementRequest, + dict, +]) +def test_update_entitlement_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'entitlement': {'name': 'projects/sample1/locations/sample2/entitlements/sample3'}} + request_init["entitlement"] = {'name': 'projects/sample1/locations/sample2/entitlements/sample3', 'create_time': {'seconds': 751, 'nanos': 543}, 'update_time': {}, 'eligible_users': [{'principals': ['principals_value1', 'principals_value2']}], 'approval_workflow': {'manual_approvals': {'require_approver_justification': True, 'steps': [{'approvers': {}, 'approvals_needed': 1692, 'approver_email_recipients': ['approver_email_recipients_value1', 'approver_email_recipients_value2']}]}}, 'privileged_access': {'gcp_iam_access': {'resource_type': 'resource_type_value', 'resource': 'resource_value', 'role_bindings': [{'role': 'role_value', 'condition_expression': 'condition_expression_value'}]}}, 'max_request_duration': {'seconds': 751, 'nanos': 543}, 'state': 1, 'requester_justification_config': {'not_mandatory': {}, 'unstructured': {}}, 'additional_notification_targets': {'admin_email_recipients': ['admin_email_recipients_value1', 'admin_email_recipients_value2'], 'requester_email_recipients': ['requester_email_recipients_value1', 'requester_email_recipients_value2']}, 'etag': 'etag_value'} + # The version of a generated dependency at test runtime may differ from the version used during generation. + # Delete any fields which are not present in the current runtime dependency + # See https://github.com/googleapis/gapic-generator-python/issues/1748 + + # Determine if the message type is proto-plus or protobuf + test_field = privilegedaccessmanager.UpdateEntitlementRequest.meta.fields["entitlement"] + + def get_message_fields(field): + # Given a field which is a message (composite type), return a list with + # all the fields of the message. + # If the field is not a composite type, return an empty list. + message_fields = [] + + if hasattr(field, "message") and field.message: + is_field_type_proto_plus_type = not hasattr(field.message, "DESCRIPTOR") + + if is_field_type_proto_plus_type: + message_fields = field.message.meta.fields.values() + # Add `# pragma: NO COVER` because there may not be any `*_pb2` field types + else: # pragma: NO COVER + message_fields = field.message.DESCRIPTOR.fields + return message_fields + + runtime_nested_fields = [ + (field.name, nested_field.name) + for field in get_message_fields(test_field) + for nested_field in get_message_fields(field) + ] + + subfields_not_in_runtime = [] + + # For each item in the sample request, create a list of sub fields which are not present at runtime + # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime + for field, value in request_init["entitlement"].items(): # pragma: NO COVER + result = None + is_repeated = False + # For repeated fields + if isinstance(value, list) and len(value): + is_repeated = True + result = value[0] + # For fields where the type is another message + if isinstance(value, dict): + result = value + + if result and hasattr(result, "keys"): + for subfield in result.keys(): + if (field, subfield) not in runtime_nested_fields: + subfields_not_in_runtime.append( + {"field": field, "subfield": subfield, "is_repeated": is_repeated} + ) + + # Remove fields from the sample request which are not present in the runtime version of the dependency + # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime + for subfield_to_delete in subfields_not_in_runtime: # pragma: NO COVER + field = subfield_to_delete.get("field") + field_repeated = subfield_to_delete.get("is_repeated") + subfield = subfield_to_delete.get("subfield") + if subfield: + if field_repeated: + for i in range(0, len(request_init["entitlement"][field])): + del request_init["entitlement"][field][i][subfield] + else: + del request_init["entitlement"][field][subfield] + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.update_entitlement(request) + + # Establish that the response is the type that we expect. + json_return_value = json_format.MessageToJson(return_value) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_update_entitlement_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(operation.Operation, "_set_result_from_operation"), \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_update_entitlement") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_update_entitlement_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_update_entitlement") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.UpdateEntitlementRequest.pb(privilegedaccessmanager.UpdateEntitlementRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = json_format.MessageToJson(operations_pb2.Operation()) + req.return_value.content = return_value + + request = privilegedaccessmanager.UpdateEntitlementRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = operations_pb2.Operation() + post_with_metadata.return_value = operations_pb2.Operation(), metadata + + client.update_entitlement(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_list_grants_rest_bad_request(request_type=privilegedaccessmanager.ListGrantsRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.list_grants(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.ListGrantsRequest, + dict, +]) +def test_list_grants_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.ListGrantsResponse( + next_page_token='next_page_token_value', + unreachable=['unreachable_value'], + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.ListGrantsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.list_grants(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListGrantsPager) + assert response.next_page_token == 'next_page_token_value' + assert response.unreachable == ['unreachable_value'] + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_grants_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_list_grants") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_list_grants_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_list_grants") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.ListGrantsRequest.pb(privilegedaccessmanager.ListGrantsRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.ListGrantsResponse.to_json(privilegedaccessmanager.ListGrantsResponse()) + req.return_value.content = return_value + + request = privilegedaccessmanager.ListGrantsRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.ListGrantsResponse() + post_with_metadata.return_value = privilegedaccessmanager.ListGrantsResponse(), metadata + + client.list_grants(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_search_grants_rest_bad_request(request_type=privilegedaccessmanager.SearchGrantsRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.search_grants(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.SearchGrantsRequest, + dict, +]) +def test_search_grants_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.SearchGrantsResponse( + next_page_token='next_page_token_value', + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.SearchGrantsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.search_grants(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.SearchGrantsPager) + assert response.next_page_token == 'next_page_token_value' + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_search_grants_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_search_grants") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_search_grants_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_search_grants") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.SearchGrantsRequest.pb(privilegedaccessmanager.SearchGrantsRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.SearchGrantsResponse.to_json(privilegedaccessmanager.SearchGrantsResponse()) + req.return_value.content = return_value + + request = privilegedaccessmanager.SearchGrantsRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.SearchGrantsResponse() + post_with_metadata.return_value = privilegedaccessmanager.SearchGrantsResponse(), metadata + + client.search_grants(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_get_grant_rest_bad_request(request_type=privilegedaccessmanager.GetGrantRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.get_grant(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.GetGrantRequest, + dict, +]) +def test_get_grant_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.get_grant(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_get_grant_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_get_grant") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_get_grant_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_get_grant") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.GetGrantRequest.pb(privilegedaccessmanager.GetGrantRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.Grant.to_json(privilegedaccessmanager.Grant()) + req.return_value.content = return_value + + request = privilegedaccessmanager.GetGrantRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.Grant() + post_with_metadata.return_value = privilegedaccessmanager.Grant(), metadata + + client.get_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_create_grant_rest_bad_request(request_type=privilegedaccessmanager.CreateGrantRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.create_grant(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.CreateGrantRequest, + dict, +]) +def test_create_grant_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} + request_init["grant"] = {'name': 'name_value', 'create_time': {'seconds': 751, 'nanos': 543}, 'update_time': {}, 'requester': 'requester_value', 'requested_duration': {'seconds': 751, 'nanos': 543}, 'justification': {'unstructured_justification': 'unstructured_justification_value'}, 'state': 1, 'timeline': {'events': [{'requested': {'expire_time': {}}, 'approved': {'reason': 'reason_value', 'actor': 'actor_value'}, 'denied': {'reason': 'reason_value', 'actor': 'actor_value'}, 'revoked': {'reason': 'reason_value', 'actor': 'actor_value'}, 'scheduled': {'scheduled_activation_time': {}}, 'activated': {}, 'activation_failed': {'error': {'code': 411, 'message': 'message_value', 'details': [{'type_url': 'type.googleapis.com/google.protobuf.Duration', 'value': b'\x08\x0c\x10\xdb\x07'}]}}, 'expired': {}, 'ended': {}, 'externally_modified': {}, 'withdrawn': {}, 'event_time': {}}]}, 'privileged_access': {'gcp_iam_access': {'resource_type': 'resource_type_value', 'resource': 'resource_value', 'role_bindings': [{'role': 'role_value', 'condition_expression': 'condition_expression_value'}]}}, 'audit_trail': {'access_grant_time': {}, 'access_remove_time': {}}, 'additional_email_recipients': ['additional_email_recipients_value1', 'additional_email_recipients_value2'], 'externally_modified': True} + # The version of a generated dependency at test runtime may differ from the version used during generation. + # Delete any fields which are not present in the current runtime dependency + # See https://github.com/googleapis/gapic-generator-python/issues/1748 + + # Determine if the message type is proto-plus or protobuf + test_field = privilegedaccessmanager.CreateGrantRequest.meta.fields["grant"] + + def get_message_fields(field): + # Given a field which is a message (composite type), return a list with + # all the fields of the message. + # If the field is not a composite type, return an empty list. + message_fields = [] + + if hasattr(field, "message") and field.message: + is_field_type_proto_plus_type = not hasattr(field.message, "DESCRIPTOR") + + if is_field_type_proto_plus_type: + message_fields = field.message.meta.fields.values() + # Add `# pragma: NO COVER` because there may not be any `*_pb2` field types + else: # pragma: NO COVER + message_fields = field.message.DESCRIPTOR.fields + return message_fields + + runtime_nested_fields = [ + (field.name, nested_field.name) + for field in get_message_fields(test_field) + for nested_field in get_message_fields(field) + ] + + subfields_not_in_runtime = [] + + # For each item in the sample request, create a list of sub fields which are not present at runtime + # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime + for field, value in request_init["grant"].items(): # pragma: NO COVER + result = None + is_repeated = False + # For repeated fields + if isinstance(value, list) and len(value): + is_repeated = True + result = value[0] + # For fields where the type is another message + if isinstance(value, dict): + result = value + + if result and hasattr(result, "keys"): + for subfield in result.keys(): + if (field, subfield) not in runtime_nested_fields: + subfields_not_in_runtime.append( + {"field": field, "subfield": subfield, "is_repeated": is_repeated} + ) + + # Remove fields from the sample request which are not present in the runtime version of the dependency + # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime + for subfield_to_delete in subfields_not_in_runtime: # pragma: NO COVER + field = subfield_to_delete.get("field") + field_repeated = subfield_to_delete.get("is_repeated") + subfield = subfield_to_delete.get("subfield") + if subfield: + if field_repeated: + for i in range(0, len(request_init["grant"][field])): + del request_init["grant"][field][i][subfield] + else: + del request_init["grant"][field][subfield] + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.create_grant(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_create_grant_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_create_grant") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_create_grant_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_create_grant") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.CreateGrantRequest.pb(privilegedaccessmanager.CreateGrantRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.Grant.to_json(privilegedaccessmanager.Grant()) + req.return_value.content = return_value + + request = privilegedaccessmanager.CreateGrantRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.Grant() + post_with_metadata.return_value = privilegedaccessmanager.Grant(), metadata + + client.create_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_approve_grant_rest_bad_request(request_type=privilegedaccessmanager.ApproveGrantRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.approve_grant(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.ApproveGrantRequest, + dict, +]) +def test_approve_grant_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.approve_grant(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_approve_grant_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_approve_grant") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_approve_grant_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_approve_grant") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.ApproveGrantRequest.pb(privilegedaccessmanager.ApproveGrantRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.Grant.to_json(privilegedaccessmanager.Grant()) + req.return_value.content = return_value + + request = privilegedaccessmanager.ApproveGrantRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.Grant() + post_with_metadata.return_value = privilegedaccessmanager.Grant(), metadata + + client.approve_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_deny_grant_rest_bad_request(request_type=privilegedaccessmanager.DenyGrantRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.deny_grant(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.DenyGrantRequest, + dict, +]) +def test_deny_grant_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = privilegedaccessmanager.Grant( + name='name_value', + requester='requester_value', + state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, + additional_email_recipients=['additional_email_recipients_value'], + externally_modified=True, + ) + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + + # Convert return value to protobuf type + return_value = privilegedaccessmanager.Grant.pb(return_value) + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.deny_grant(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, privilegedaccessmanager.Grant) + assert response.name == 'name_value' + assert response.requester == 'requester_value' + assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED + assert response.additional_email_recipients == ['additional_email_recipients_value'] + assert response.externally_modified is True + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_deny_grant_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_deny_grant") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_deny_grant_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_deny_grant") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.DenyGrantRequest.pb(privilegedaccessmanager.DenyGrantRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = privilegedaccessmanager.Grant.to_json(privilegedaccessmanager.Grant()) + req.return_value.content = return_value + + request = privilegedaccessmanager.DenyGrantRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = privilegedaccessmanager.Grant() + post_with_metadata.return_value = privilegedaccessmanager.Grant(), metadata + + client.deny_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_revoke_grant_rest_bad_request(request_type=privilegedaccessmanager.RevokeGrantRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = mock.Mock() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = mock.Mock() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.revoke_grant(request) + + +@pytest.mark.parametrize("request_type", [ + privilegedaccessmanager.RevokeGrantRequest, + dict, +]) +def test_revoke_grant_rest_call_success(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + + # send a request that will satisfy transcoding + request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation(name='operations/spam') + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + response = client.revoke_grant(request) + + # Establish that the response is the type that we expect. + json_return_value = json_format.MessageToJson(return_value) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_revoke_grant_rest_interceptors(null_interceptor): + transport = transports.PrivilegedAccessManagerRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), + ) + client = PrivilegedAccessManagerClient(transport=transport) + + with mock.patch.object(type(client.transport._session), "request") as req, \ + mock.patch.object(path_template, "transcode") as transcode, \ + mock.patch.object(operation.Operation, "_set_result_from_operation"), \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_revoke_grant") as post, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_revoke_grant_with_metadata") as post_with_metadata, \ + mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_revoke_grant") as pre: + pre.assert_not_called() + post.assert_not_called() + post_with_metadata.assert_not_called() + pb_message = privilegedaccessmanager.RevokeGrantRequest.pb(privilegedaccessmanager.RevokeGrantRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = mock.Mock() + req.return_value.status_code = 200 + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + return_value = json_format.MessageToJson(operations_pb2.Operation()) + req.return_value.content = return_value + + request = privilegedaccessmanager.RevokeGrantRequest() + metadata =[ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = operations_pb2.Operation() + post_with_metadata.return_value = operations_pb2.Operation(), metadata + + client.revoke_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) + + pre.assert_called_once() + post.assert_called_once() + post_with_metadata.assert_called_once() + + +def test_get_location_rest_bad_request(request_type=locations_pb2.GetLocationRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type() + request = json_format.ParseDict({'name': 'projects/sample1/locations/sample2'}, request) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = Response() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.get_location(request) + + +@pytest.mark.parametrize("request_type", [ + locations_pb2.GetLocationRequest, + dict, +]) +def test_get_location_rest(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + request_init = {'name': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # Designate an appropriate value for the returned response. + return_value = locations_pb2.Location() + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.get_location(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, locations_pb2.Location) + + +def test_list_locations_rest_bad_request(request_type=locations_pb2.ListLocationsRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type() + request = json_format.ParseDict({'name': 'projects/sample1'}, request) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = Response() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.list_locations(request) + + +@pytest.mark.parametrize("request_type", [ + locations_pb2.ListLocationsRequest, + dict, +]) +def test_list_locations_rest(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + request_init = {'name': 'projects/sample1'} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # Designate an appropriate value for the returned response. + return_value = locations_pb2.ListLocationsResponse() + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.list_locations(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, locations_pb2.ListLocationsResponse) + + +def test_delete_operation_rest_bad_request(request_type=operations_pb2.DeleteOperationRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type() + request = json_format.ParseDict({'name': 'projects/sample1/locations/sample2/operations/sample3'}, request) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = Response() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.delete_operation(request) + + +@pytest.mark.parametrize("request_type", [ + operations_pb2.DeleteOperationRequest, + dict, +]) +def test_delete_operation_rest(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + request_init = {'name': 'projects/sample1/locations/sample2/operations/sample3'} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # Designate an appropriate value for the returned response. + return_value = None + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = '{}' + response_value.content = json_return_value.encode('UTF-8') + + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.delete_operation(request) + + # Establish that the response is the type that we expect. + assert response is None + + +def test_get_operation_rest_bad_request(request_type=operations_pb2.GetOperationRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type() + request = json_format.ParseDict({'name': 'projects/sample1/locations/sample2/operations/sample3'}, request) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = Response() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.get_operation(request) + + +@pytest.mark.parametrize("request_type", [ + operations_pb2.GetOperationRequest, + dict, +]) +def test_get_operation_rest(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + request_init = {'name': 'projects/sample1/locations/sample2/operations/sample3'} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.Operation() + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.get_operation(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.Operation) + + +def test_list_operations_rest_bad_request(request_type=operations_pb2.ListOperationsRequest): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type() + request = json_format.ParseDict({'name': 'projects/sample1/locations/sample2'}, request) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): + # Wrap the value into a proper Response obj + response_value = Response() + json_return_value = '' + response_value.json = mock.Mock(return_value={}) + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + client.list_operations(request) + + +@pytest.mark.parametrize("request_type", [ + operations_pb2.ListOperationsRequest, + dict, +]) +def test_list_operations_rest(request_type): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + request_init = {'name': 'projects/sample1/locations/sample2'} + request = request_type(**request_init) + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, 'request') as req: + # Designate an appropriate value for the returned response. + return_value = operations_pb2.ListOperationsResponse() + + # Wrap the value into a proper Response obj + response_value = mock.Mock() + response_value.status_code = 200 + json_return_value = json_format.MessageToJson(return_value) + response_value.content = json_return_value.encode('UTF-8') + + req.return_value = response_value + req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} + + response = client.list_operations(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.ListOperationsResponse) + +def test_initialize_client_w_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + assert client is not None + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_check_onboarding_status_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.check_onboarding_status), + '__call__') as call: + client.check_onboarding_status(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CheckOnboardingStatusRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_list_entitlements_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.list_entitlements), + '__call__') as call: + client.list_entitlements(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ListEntitlementsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_search_entitlements_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.search_entitlements), + '__call__') as call: + client.search_entitlements(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.SearchEntitlementsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_get_entitlement_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.get_entitlement), + '__call__') as call: + client.get_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.GetEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_create_entitlement_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.create_entitlement), + '__call__') as call: + client.create_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CreateEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_delete_entitlement_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.delete_entitlement), + '__call__') as call: + client.delete_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.DeleteEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_update_entitlement_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.update_entitlement), + '__call__') as call: + client.update_entitlement(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.UpdateEntitlementRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_list_grants_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.list_grants), + '__call__') as call: + client.list_grants(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ListGrantsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_search_grants_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.search_grants), + '__call__') as call: + client.search_grants(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.SearchGrantsRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_get_grant_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.get_grant), + '__call__') as call: + client.get_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.GetGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_create_grant_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.create_grant), + '__call__') as call: + client.create_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.CreateGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_approve_grant_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.approve_grant), + '__call__') as call: + client.approve_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.ApproveGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_deny_grant_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.deny_grant), + '__call__') as call: + client.deny_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.DenyGrantRequest() + + assert args[0] == request_msg + + +# This test is a coverage failsafe to make sure that totally empty calls, +# i.e. request == None and no flattened fields passed, work. +def test_revoke_grant_empty_call_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the actual call, and fake the request. + with mock.patch.object( + type(client.transport.revoke_grant), + '__call__') as call: + client.revoke_grant(request=None) + + # Establish that the underlying stub method was called. + call.assert_called() + _, args, _ = call.mock_calls[0] + request_msg = privilegedaccessmanager.RevokeGrantRequest() + + assert args[0] == request_msg + + +def test_privileged_access_manager_rest_lro_client(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + transport = client.transport + + # Ensure that we have an api-core operations client. + assert isinstance( + transport.operations_client, +operations_v1.AbstractOperationsClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + assert isinstance( + client.transport, + transports.PrivilegedAccessManagerGrpcTransport, + ) + +def test_privileged_access_manager_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(core_exceptions.DuplicateCredentialArgs): + transport = transports.PrivilegedAccessManagerTransport( + credentials=ga_credentials.AnonymousCredentials(), + credentials_file="credentials.json" + ) + + +def test_privileged_access_manager_base_transport(): + # Instantiate the base transport. + with mock.patch('google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.transports.PrivilegedAccessManagerTransport.__init__') as Transport: + Transport.return_value = None + transport = transports.PrivilegedAccessManagerTransport( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + 'check_onboarding_status', + 'list_entitlements', + 'search_entitlements', + 'get_entitlement', + 'create_entitlement', + 'delete_entitlement', + 'update_entitlement', + 'list_grants', + 'search_grants', + 'get_grant', + 'create_grant', + 'approve_grant', + 'deny_grant', + 'revoke_grant', + 'get_location', + 'list_locations', + 'get_operation', + 'delete_operation', + 'list_operations', + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + with pytest.raises(NotImplementedError): + transport.close() + + # Additionally, the LRO client (a property) should + # also raise NotImplementedError + with pytest.raises(NotImplementedError): + transport.operations_client + + # Catch all for all remaining methods and properties + remainder = [ + 'kind', + ] + for r in remainder: + with pytest.raises(NotImplementedError): + getattr(transport, r)() + + +def test_privileged_access_manager_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.transports.PrivilegedAccessManagerTransport._prep_wrapped_messages') as Transport: + Transport.return_value = None + load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.PrivilegedAccessManagerTransport( + credentials_file="credentials.json", + quota_project_id="octopus", + ) + load_creds.assert_called_once_with("credentials.json", + scopes=None, + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + quota_project_id="octopus", + ) + + +def test_privileged_access_manager_base_transport_with_adc(): + # Test the default credentials are used if credentials and credentials_file are None. + with mock.patch.object(google.auth, 'default', autospec=True) as adc, mock.patch('google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.transports.PrivilegedAccessManagerTransport._prep_wrapped_messages') as Transport: + Transport.return_value = None + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport = transports.PrivilegedAccessManagerTransport() + adc.assert_called_once() + + +def test_privileged_access_manager_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + PrivilegedAccessManagerClient() + adc.assert_called_once_with( + scopes=None, + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.PrivilegedAccessManagerGrpcTransport, + transports.PrivilegedAccessManagerGrpcAsyncIOTransport, + ], +) +def test_privileged_access_manager_transport_auth_adc(transport_class): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + adc.return_value = (ga_credentials.AnonymousCredentials(), None) + transport_class(quota_project_id="octopus", scopes=["1", "2"]) + adc.assert_called_once_with( + scopes=["1", "2"], + default_scopes=( 'https://www.googleapis.com/auth/cloud-platform',), + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "transport_class", + [ + transports.PrivilegedAccessManagerGrpcTransport, + transports.PrivilegedAccessManagerGrpcAsyncIOTransport, + transports.PrivilegedAccessManagerRestTransport, + ], +) +def test_privileged_access_manager_transport_auth_gdch_credentials(transport_class): + host = 'https://language.com' + api_audience_tests = [None, 'https://language2.com'] + api_audience_expect = [host, 'https://language2.com'] + for t, e in zip(api_audience_tests, api_audience_expect): + with mock.patch.object(google.auth, 'default', autospec=True) as adc: + gdch_mock = mock.MagicMock() + type(gdch_mock).with_gdch_audience = mock.PropertyMock(return_value=gdch_mock) + adc.return_value = (gdch_mock, None) + transport_class(host=host, api_audience=t) + gdch_mock.with_gdch_audience.assert_called_once_with( + e + ) + + +@pytest.mark.parametrize( + "transport_class,grpc_helpers", + [ + (transports.PrivilegedAccessManagerGrpcTransport, grpc_helpers), + (transports.PrivilegedAccessManagerGrpcAsyncIOTransport, grpc_helpers_async) + ], +) +def test_privileged_access_manager_transport_create_channel(transport_class, grpc_helpers): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch.object( + grpc_helpers, "create_channel", autospec=True + ) as create_channel: + creds = ga_credentials.AnonymousCredentials() + adc.return_value = (creds, None) + transport_class( + quota_project_id="octopus", + scopes=["1", "2"] + ) + + create_channel.assert_called_with( + "privilegedaccessmanager.googleapis.com:443", + credentials=creds, + credentials_file=None, + quota_project_id="octopus", + default_scopes=( + 'https://www.googleapis.com/auth/cloud-platform', +), + scopes=["1", "2"], + default_host="privilegedaccessmanager.googleapis.com", + ssl_credentials=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + +@pytest.mark.parametrize("transport_class", [transports.PrivilegedAccessManagerGrpcTransport, transports.PrivilegedAccessManagerGrpcAsyncIOTransport]) +def test_privileged_access_manager_grpc_transport_client_cert_source_for_mtls( + transport_class +): + cred = ga_credentials.AnonymousCredentials() + + # Check ssl_channel_credentials is used if provided. + with mock.patch.object(transport_class, "create_channel") as mock_create_channel: + mock_ssl_channel_creds = mock.Mock() + transport_class( + host="squid.clam.whelk", + credentials=cred, + ssl_channel_credentials=mock_ssl_channel_creds + ) + mock_create_channel.assert_called_once_with( + "squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_channel_creds, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + + # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls + # is used. + with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): + with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: + transport_class( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback + ) + expected_cert, expected_key = client_cert_source_callback() + mock_ssl_cred.assert_called_once_with( + certificate_chain=expected_cert, + private_key=expected_key + ) + +def test_privileged_access_manager_http_transport_client_cert_source_for_mtls(): + cred = ga_credentials.AnonymousCredentials() + with mock.patch("google.auth.transport.requests.AuthorizedSession.configure_mtls_channel") as mock_configure_mtls_channel: + transports.PrivilegedAccessManagerRestTransport ( + credentials=cred, + client_cert_source_for_mtls=client_cert_source_callback + ) + mock_configure_mtls_channel.assert_called_once_with(client_cert_source_callback) + + +@pytest.mark.parametrize("transport_name", [ + "grpc", + "grpc_asyncio", + "rest", +]) +def test_privileged_access_manager_host_no_port(transport_name): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions(api_endpoint='privilegedaccessmanager.googleapis.com'), + transport=transport_name, + ) + assert client.transport._host == ( + 'privilegedaccessmanager.googleapis.com:443' + if transport_name in ['grpc', 'grpc_asyncio'] + else 'https://privilegedaccessmanager.googleapis.com' + ) + +@pytest.mark.parametrize("transport_name", [ + "grpc", + "grpc_asyncio", + "rest", +]) +def test_privileged_access_manager_host_with_port(transport_name): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions(api_endpoint='privilegedaccessmanager.googleapis.com:8000'), + transport=transport_name, + ) + assert client.transport._host == ( + 'privilegedaccessmanager.googleapis.com:8000' + if transport_name in ['grpc', 'grpc_asyncio'] + else 'https://privilegedaccessmanager.googleapis.com:8000' + ) + +@pytest.mark.parametrize("transport_name", [ + "rest", +]) +def test_privileged_access_manager_client_transport_session_collision(transport_name): + creds1 = ga_credentials.AnonymousCredentials() + creds2 = ga_credentials.AnonymousCredentials() + client1 = PrivilegedAccessManagerClient( + credentials=creds1, + transport=transport_name, + ) + client2 = PrivilegedAccessManagerClient( + credentials=creds2, + transport=transport_name, + ) + session1 = client1.transport.check_onboarding_status._session + session2 = client2.transport.check_onboarding_status._session + assert session1 != session2 + session1 = client1.transport.list_entitlements._session + session2 = client2.transport.list_entitlements._session + assert session1 != session2 + session1 = client1.transport.search_entitlements._session + session2 = client2.transport.search_entitlements._session + assert session1 != session2 + session1 = client1.transport.get_entitlement._session + session2 = client2.transport.get_entitlement._session + assert session1 != session2 + session1 = client1.transport.create_entitlement._session + session2 = client2.transport.create_entitlement._session + assert session1 != session2 + session1 = client1.transport.delete_entitlement._session + session2 = client2.transport.delete_entitlement._session + assert session1 != session2 + session1 = client1.transport.update_entitlement._session + session2 = client2.transport.update_entitlement._session + assert session1 != session2 + session1 = client1.transport.list_grants._session + session2 = client2.transport.list_grants._session + assert session1 != session2 + session1 = client1.transport.search_grants._session + session2 = client2.transport.search_grants._session + assert session1 != session2 + session1 = client1.transport.get_grant._session + session2 = client2.transport.get_grant._session + assert session1 != session2 + session1 = client1.transport.create_grant._session + session2 = client2.transport.create_grant._session + assert session1 != session2 + session1 = client1.transport.approve_grant._session + session2 = client2.transport.approve_grant._session + assert session1 != session2 + session1 = client1.transport.deny_grant._session + session2 = client2.transport.deny_grant._session + assert session1 != session2 + session1 = client1.transport.revoke_grant._session + session2 = client2.transport.revoke_grant._session + assert session1 != session2 +def test_privileged_access_manager_grpc_transport_channel(): + channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.PrivilegedAccessManagerGrpcTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +def test_privileged_access_manager_grpc_asyncio_transport_channel(): + channel = aio.secure_channel('http://localhost/', grpc.local_channel_credentials()) + + # Check that channel is used if provided. + transport = transports.PrivilegedAccessManagerGrpcAsyncIOTransport( + host="squid.clam.whelk", + channel=channel, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert transport._ssl_channel_credentials == None + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize("transport_class", [transports.PrivilegedAccessManagerGrpcTransport, transports.PrivilegedAccessManagerGrpcAsyncIOTransport]) +def test_privileged_access_manager_transport_channel_mtls_with_client_cert_source( + transport_class +): + with mock.patch("grpc.ssl_channel_credentials", autospec=True) as grpc_ssl_channel_cred: + with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + cred = ga_credentials.AnonymousCredentials() + with pytest.warns(DeprecationWarning): + with mock.patch.object(google.auth, 'default') as adc: + adc.return_value = (cred, None) + transport = transport_class( + host="squid.clam.whelk", + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + adc.assert_called_once() + + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + assert transport._ssl_channel_credentials == mock_ssl_cred + + +# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are +# removed from grpc/grpc_asyncio transport constructor. +@pytest.mark.parametrize("transport_class", [transports.PrivilegedAccessManagerGrpcTransport, transports.PrivilegedAccessManagerGrpcAsyncIOTransport]) +def test_privileged_access_manager_transport_channel_mtls_with_adc( + transport_class +): + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + mock_cred = mock.Mock() + + with pytest.warns(DeprecationWarning): + transport = transport_class( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=None, + ) + + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=None, + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + options=[ + ("grpc.max_send_message_length", -1), + ("grpc.max_receive_message_length", -1), + ], + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_privileged_access_manager_grpc_lro_client(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc', + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.OperationsClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + +def test_privileged_access_manager_grpc_lro_async_client(): + client = PrivilegedAccessManagerAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport='grpc_asyncio', + ) + transport = client.transport + + # Ensure that we have a api-core operations client. + assert isinstance( + transport.operations_client, + operations_v1.OperationsAsyncClient, + ) + + # Ensure that subsequent calls to the property send the exact same object. + assert transport.operations_client is transport.operations_client + + +def test_entitlement_path(): + project = "squid" + location = "clam" + entitlement = "whelk" + expected = "projects/{project}/locations/{location}/entitlements/{entitlement}".format(project=project, location=location, entitlement=entitlement, ) + actual = PrivilegedAccessManagerClient.entitlement_path(project, location, entitlement) + assert expected == actual + + +def test_parse_entitlement_path(): + expected = { + "project": "octopus", + "location": "oyster", + "entitlement": "nudibranch", + } + path = PrivilegedAccessManagerClient.entitlement_path(**expected) + + # Check that the path construction is reversible. + actual = PrivilegedAccessManagerClient.parse_entitlement_path(path) + assert expected == actual + +def test_grant_path(): + project = "cuttlefish" + location = "mussel" + entitlement = "winkle" + grant = "nautilus" + expected = "projects/{project}/locations/{location}/entitlements/{entitlement}/grants/{grant}".format(project=project, location=location, entitlement=entitlement, grant=grant, ) + actual = PrivilegedAccessManagerClient.grant_path(project, location, entitlement, grant) + assert expected == actual + + +def test_parse_grant_path(): + expected = { + "project": "scallop", + "location": "abalone", + "entitlement": "squid", + "grant": "clam", + } + path = PrivilegedAccessManagerClient.grant_path(**expected) + + # Check that the path construction is reversible. + actual = PrivilegedAccessManagerClient.parse_grant_path(path) + assert expected == actual + +def test_common_billing_account_path(): + billing_account = "whelk" + expected = "billingAccounts/{billing_account}".format(billing_account=billing_account, ) + actual = PrivilegedAccessManagerClient.common_billing_account_path(billing_account) + assert expected == actual + + +def test_parse_common_billing_account_path(): + expected = { + "billing_account": "octopus", + } + path = PrivilegedAccessManagerClient.common_billing_account_path(**expected) + + # Check that the path construction is reversible. + actual = PrivilegedAccessManagerClient.parse_common_billing_account_path(path) + assert expected == actual + +def test_common_folder_path(): + folder = "oyster" + expected = "folders/{folder}".format(folder=folder, ) + actual = PrivilegedAccessManagerClient.common_folder_path(folder) + assert expected == actual + + +def test_parse_common_folder_path(): + expected = { + "folder": "nudibranch", + } + path = PrivilegedAccessManagerClient.common_folder_path(**expected) + + # Check that the path construction is reversible. + actual = PrivilegedAccessManagerClient.parse_common_folder_path(path) + assert expected == actual + +def test_common_organization_path(): + organization = "cuttlefish" + expected = "organizations/{organization}".format(organization=organization, ) + actual = PrivilegedAccessManagerClient.common_organization_path(organization) + assert expected == actual + + +def test_parse_common_organization_path(): + expected = { + "organization": "mussel", + } + path = PrivilegedAccessManagerClient.common_organization_path(**expected) + + # Check that the path construction is reversible. + actual = PrivilegedAccessManagerClient.parse_common_organization_path(path) + assert expected == actual + +def test_common_project_path(): + project = "winkle" + expected = "projects/{project}".format(project=project, ) + actual = PrivilegedAccessManagerClient.common_project_path(project) + assert expected == actual + + +def test_parse_common_project_path(): + expected = { + "project": "nautilus", + } + path = PrivilegedAccessManagerClient.common_project_path(**expected) + + # Check that the path construction is reversible. + actual = PrivilegedAccessManagerClient.parse_common_project_path(path) + assert expected == actual + +def test_common_location_path(): + project = "scallop" + location = "abalone" + expected = "projects/{project}/locations/{location}".format(project=project, location=location, ) + actual = PrivilegedAccessManagerClient.common_location_path(project, location) + assert expected == actual + + +def test_parse_common_location_path(): + expected = { + "project": "squid", + "location": "clam", + } + path = PrivilegedAccessManagerClient.common_location_path(**expected) + + # Check that the path construction is reversible. + actual = PrivilegedAccessManagerClient.parse_common_location_path(path) + assert expected == actual + + +def test_client_with_default_client_info(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object(transports.PrivilegedAccessManagerTransport, '_prep_wrapped_messages') as prep: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object(transports.PrivilegedAccessManagerTransport, '_prep_wrapped_messages') as prep: + transport_class = PrivilegedAccessManagerClient.get_transport_class() + transport = transport_class( + credentials=ga_credentials.AnonymousCredentials(), + client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + +def test_delete_operation(transport: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.DeleteOperationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + response = client.delete_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert response is None +@pytest.mark.asyncio +async def test_delete_operation_async(transport: str = "grpc_asyncio"): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.DeleteOperationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + None + ) + response = await client.delete_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert response is None + +def test_delete_operation_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.DeleteOperationRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + call.return_value = None + + client.delete_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations",) in kw["metadata"] +@pytest.mark.asyncio +async def test_delete_operation_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.DeleteOperationRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + None + ) + await client.delete_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations",) in kw["metadata"] + +def test_delete_operation_from_dict(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = None + + response = client.delete_operation( + request={ + "name": "locations", + } + ) + call.assert_called() +@pytest.mark.asyncio +async def test_delete_operation_from_dict_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + None + ) + response = await client.delete_operation( + request={ + "name": "locations", + } + ) + call.assert_called() + + +def test_get_operation(transport: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.GetOperationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation() + response = client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.Operation) +@pytest.mark.asyncio +async def test_get_operation_async(transport: str = "grpc_asyncio"): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.GetOperationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + response = await client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.Operation) + +def test_get_operation_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.GetOperationRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + call.return_value = operations_pb2.Operation() + + client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations",) in kw["metadata"] +@pytest.mark.asyncio +async def test_get_operation_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.GetOperationRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + await client.get_operation(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations",) in kw["metadata"] + +def test_get_operation_from_dict(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.Operation() + + response = client.get_operation( + request={ + "name": "locations", + } + ) + call.assert_called() +@pytest.mark.asyncio +async def test_get_operation_from_dict_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_operation), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.Operation() + ) + response = await client.get_operation( + request={ + "name": "locations", + } + ) + call.assert_called() + + +def test_list_operations(transport: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.ListOperationsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.ListOperationsResponse() + response = client.list_operations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.ListOperationsResponse) +@pytest.mark.asyncio +async def test_list_operations_async(transport: str = "grpc_asyncio"): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = operations_pb2.ListOperationsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.ListOperationsResponse() + ) + response = await client.list_operations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, operations_pb2.ListOperationsResponse) + +def test_list_operations_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.ListOperationsRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + call.return_value = operations_pb2.ListOperationsResponse() + + client.list_operations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations",) in kw["metadata"] +@pytest.mark.asyncio +async def test_list_operations_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = operations_pb2.ListOperationsRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.ListOperationsResponse() + ) + await client.list_operations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations",) in kw["metadata"] + +def test_list_operations_from_dict(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = operations_pb2.ListOperationsResponse() + + response = client.list_operations( + request={ + "name": "locations", + } + ) + call.assert_called() +@pytest.mark.asyncio +async def test_list_operations_from_dict_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_operations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + operations_pb2.ListOperationsResponse() + ) + response = await client.list_operations( + request={ + "name": "locations", + } + ) + call.assert_called() + + +def test_list_locations(transport: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = locations_pb2.ListLocationsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_locations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = locations_pb2.ListLocationsResponse() + response = client.list_locations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, locations_pb2.ListLocationsResponse) +@pytest.mark.asyncio +async def test_list_locations_async(transport: str = "grpc_asyncio"): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = locations_pb2.ListLocationsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_locations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + locations_pb2.ListLocationsResponse() + ) + response = await client.list_locations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, locations_pb2.ListLocationsResponse) + +def test_list_locations_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = locations_pb2.ListLocationsRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_locations), "__call__") as call: + call.return_value = locations_pb2.ListLocationsResponse() + + client.list_locations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations",) in kw["metadata"] +@pytest.mark.asyncio +async def test_list_locations_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = locations_pb2.ListLocationsRequest() + request.name = "locations" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_locations), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + locations_pb2.ListLocationsResponse() + ) + await client.list_locations(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations",) in kw["metadata"] + +def test_list_locations_from_dict(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_locations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = locations_pb2.ListLocationsResponse() + + response = client.list_locations( + request={ + "name": "locations", + } + ) + call.assert_called() +@pytest.mark.asyncio +async def test_list_locations_from_dict_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_locations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + locations_pb2.ListLocationsResponse() + ) + response = await client.list_locations( + request={ + "name": "locations", + } + ) + call.assert_called() + + +def test_get_location(transport: str = "grpc"): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = locations_pb2.GetLocationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_location), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = locations_pb2.Location() + response = client.get_location(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, locations_pb2.Location) +@pytest.mark.asyncio +async def test_get_location_async(transport: str = "grpc_asyncio"): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = locations_pb2.GetLocationRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_location), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + locations_pb2.Location() + ) + response = await client.get_location(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, locations_pb2.Location) + +def test_get_location_field_headers(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials()) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = locations_pb2.GetLocationRequest() + request.name = "locations/abc" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_location), "__call__") as call: + call.return_value = locations_pb2.Location() + + client.get_location(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations/abc",) in kw["metadata"] +@pytest.mark.asyncio +async def test_get_location_field_headers_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials() + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = locations_pb2.GetLocationRequest() + request.name = "locations/abc" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.get_location), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + locations_pb2.Location() + ) + await client.get_location(request) + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=locations/abc",) in kw["metadata"] + +def test_get_location_from_dict(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_locations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = locations_pb2.Location() + + response = client.get_location( + request={ + "name": "locations/abc", + } + ) + call.assert_called() +@pytest.mark.asyncio +async def test_get_location_from_dict_async(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + ) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.list_locations), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + locations_pb2.Location() + ) + response = await client.get_location( + request={ + "name": "locations", + } + ) + call.assert_called() + + +def test_transport_close_grpc(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc" + ) + with mock.patch.object(type(getattr(client.transport, "_grpc_channel")), "close") as close: + with client: + close.assert_not_called() + close.assert_called_once() + + +@pytest.mark.asyncio +async def test_transport_close_grpc_asyncio(): + client = PrivilegedAccessManagerAsyncClient( + credentials=async_anonymous_credentials(), + transport="grpc_asyncio" + ) + with mock.patch.object(type(getattr(client.transport, "_grpc_channel")), "close") as close: + async with client: + close.assert_not_called() + close.assert_called_once() + + +def test_transport_close_rest(): + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest" + ) + with mock.patch.object(type(getattr(client.transport, "_session")), "close") as close: + with client: + close.assert_not_called() + close.assert_called_once() + + +def test_client_ctx(): + transports = [ + 'rest', + 'grpc', + ] + for transport in transports: + client = PrivilegedAccessManagerClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport + ) + # Test client calls underlying transport. + with mock.patch.object(type(client.transport), "close") as close: + close.assert_not_called() + with client: + pass + close.assert_called() + +@pytest.mark.parametrize("client_class,transport_class", [ + (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport), + (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport), +]) +def test_api_key_credentials(client_class, transport_class): + with mock.patch.object( + google.auth._default, "get_api_key_credentials", create=True + ) as get_api_key_credentials: + mock_cred = mock.Mock() + get_api_key_credentials.return_value = mock_cred + options = client_options.ClientOptions() + options.api_key = "api_key" + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=mock_cred, + credentials_file=None, + host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), + scopes=None, + client_cert_source_for_mtls=None, + quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, + always_use_jwt_access=True, + api_audience=None, + ) From d6f88a708dde063c311a11125bcf746d696448e3 Mon Sep 17 00:00:00 2001 From: Owl Bot Date: Thu, 31 Jul 2025 09:02:04 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=A6=89=20Updates=20from=20OwlBot=20po?= =?UTF-8?q?st-processor?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --- .../v1/.coveragerc | 13 - .../v1/.flake8 | 34 - .../v1/LICENSE | 202 - .../v1/MANIFEST.in | 20 - .../v1/README.rst | 143 - .../v1/docs/_static/custom.css | 20 - .../v1/docs/_templates/layout.html | 50 - .../v1/docs/conf.py | 385 - .../v1/docs/index.rst | 10 - .../v1/docs/multiprocessing.rst | 7 - .../privileged_access_manager.rst | 10 - .../privilegedaccessmanager_v1/services_.rst | 6 - .../privilegedaccessmanager_v1/types_.rst | 6 - .../cloud/privilegedaccessmanager/__init__.py | 81 - .../privilegedaccessmanager/gapic_version.py | 16 - .../cloud/privilegedaccessmanager/py.typed | 2 - .../privilegedaccessmanager_v1/__init__.py | 82 - .../gapic_metadata.json | 238 - .../gapic_version.py | 16 - .../cloud/privilegedaccessmanager_v1/py.typed | 2 - .../services/__init__.py | 15 - .../privileged_access_manager/__init__.py | 22 - .../privileged_access_manager/async_client.py | 2115 --- .../privileged_access_manager/client.py | 2488 ---- .../privileged_access_manager/pagers.py | 583 - .../transports/README.rst | 9 - .../transports/__init__.py | 38 - .../transports/base.py | 417 - .../transports/grpc.py | 852 -- .../transports/grpc_asyncio.py | 963 -- .../transports/rest.py | 3381 ----- .../transports/rest_base.py | 960 -- .../types/__init__.py | 74 - .../types/privilegedaccessmanager.py | 1736 --- .../v1/mypy.ini | 3 - .../v1/noxfile.py | 591 - ...eged_access_manager_approve_grant_async.py | 52 - ...leged_access_manager_approve_grant_sync.py | 52 - ...s_manager_check_onboarding_status_async.py | 52 - ...ss_manager_check_onboarding_status_sync.py | 52 - ...access_manager_create_entitlement_async.py | 57 - ..._access_manager_create_entitlement_sync.py | 57 - ...leged_access_manager_create_grant_async.py | 52 - ...ileged_access_manager_create_grant_sync.py | 52 - ...access_manager_delete_entitlement_async.py | 56 - ..._access_manager_delete_entitlement_sync.py | 56 - ...vileged_access_manager_deny_grant_async.py | 52 - ...ivileged_access_manager_deny_grant_sync.py | 52 - ...ed_access_manager_get_entitlement_async.py | 52 - ...ged_access_manager_get_entitlement_sync.py | 52 - ...ivileged_access_manager_get_grant_async.py | 52 - ...rivileged_access_manager_get_grant_sync.py | 52 - ..._access_manager_list_entitlements_async.py | 53 - ...d_access_manager_list_entitlements_sync.py | 53 - ...ileged_access_manager_list_grants_async.py | 53 - ...vileged_access_manager_list_grants_sync.py | 53 - ...leged_access_manager_revoke_grant_async.py | 56 - ...ileged_access_manager_revoke_grant_sync.py | 56 - ...ccess_manager_search_entitlements_async.py | 54 - ...access_manager_search_entitlements_sync.py | 54 - ...eged_access_manager_search_grants_async.py | 54 - ...leged_access_manager_search_grants_sync.py | 54 - ...access_manager_update_entitlement_async.py | 55 - ..._access_manager_update_entitlement_sync.py | 55 - ...ogle.cloud.privilegedaccessmanager.v1.json | 2253 --- ...xup_privilegedaccessmanager_v1_keywords.py | 189 - .../v1/setup.py | 98 - .../v1/testing/constraints-3.10.txt | 6 - .../v1/testing/constraints-3.11.txt | 6 - .../v1/testing/constraints-3.12.txt | 6 - .../v1/testing/constraints-3.13.txt | 11 - .../v1/testing/constraints-3.7.txt | 10 - .../v1/testing/constraints-3.8.txt | 6 - .../v1/testing/constraints-3.9.txt | 6 - .../v1/tests/__init__.py | 16 - .../v1/tests/unit/__init__.py | 16 - .../v1/tests/unit/gapic/__init__.py | 16 - .../privilegedaccessmanager_v1/__init__.py | 16 - .../test_privileged_access_manager.py | 12358 ---------------- .../privilegedaccessmanager/gapic_version.py | 2 +- .../gapic_version.py | 2 +- .../privileged_access_manager/async_client.py | 1 + .../privileged_access_manager/client.py | 1 + .../types/privilegedaccessmanager.py | 20 + ...ogle.cloud.privilegedaccessmanager.v1.json | 2 +- .../test_privileged_access_manager.py | 2 + 86 files changed, 27 insertions(+), 32106 deletions(-) delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.coveragerc delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.flake8 delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/LICENSE delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/MANIFEST.in delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/README.rst delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_static/custom.css delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_templates/layout.html delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/conf.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/index.rst delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/multiprocessing.rst delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/privileged_access_manager.rst delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/services_.rst delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/types_.rst delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/gapic_version.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/py.typed delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_metadata.json delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_version.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/py.typed delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/pagers.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/README.rst delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/base.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc_asyncio.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest_base.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/mypy.ini delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/noxfile.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/scripts/fixup_privilegedaccessmanager_v1_keywords.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/setup.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.10.txt delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.11.txt delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.12.txt delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.13.txt delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.7.txt delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.8.txt delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.9.txt delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/__init__.py delete mode 100644 owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.coveragerc b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.coveragerc deleted file mode 100644 index 85ba59bc71ba..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.coveragerc +++ /dev/null @@ -1,13 +0,0 @@ -[run] -branch = True - -[report] -show_missing = True -omit = - google/cloud/privilegedaccessmanager/__init__.py - google/cloud/privilegedaccessmanager/gapic_version.py -exclude_lines = - # Re-enable the standard pragma - pragma: NO COVER - # Ignore debug-only repr - def __repr__ diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.flake8 b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.flake8 deleted file mode 100644 index 90316de21489..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/.flake8 +++ /dev/null @@ -1,34 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -[flake8] -# TODO(https://github.com/googleapis/gapic-generator-python/issues/2333): -# Resolve flake8 lint issues -ignore = E203, E231, E266, E501, W503 -exclude = - # TODO(https://github.com/googleapis/gapic-generator-python/issues/2333): - # Ensure that generated code passes flake8 lint - **/gapic/** - **/services/** - **/types/** - # Exclude Protobuf gencode - *_pb2.py - - # Standard linting exemptions. - **/.nox/** - __pycache__, - .git, - *.pyc, - conf.py diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/LICENSE b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/LICENSE deleted file mode 100644 index d64569567334..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/MANIFEST.in b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/MANIFEST.in deleted file mode 100644 index dae249ec8976..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/MANIFEST.in +++ /dev/null @@ -1,20 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -include README.rst LICENSE -recursive-include google *.py *.pyi *.json *.proto py.typed -recursive-include tests * -global-exclude *.py[co] -global-exclude __pycache__ diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/README.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/README.rst deleted file mode 100644 index 5dd6962db8d2..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/README.rst +++ /dev/null @@ -1,143 +0,0 @@ -Python Client for Google Cloud Privilegedaccessmanager API -================================================= - -Quick Start ------------ - -In order to use this library, you first need to go through the following steps: - -1. `Select or create a Cloud Platform project.`_ -2. `Enable billing for your project.`_ -3. Enable the Google Cloud Privilegedaccessmanager API. -4. `Setup Authentication.`_ - -.. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project -.. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project -.. _Setup Authentication.: https://googleapis.dev/python/google-api-core/latest/auth.html - -Installation -~~~~~~~~~~~~ - -Install this library in a `virtualenv`_ using pip. `virtualenv`_ is a tool to -create isolated Python environments. The basic problem it addresses is one of -dependencies and versions, and indirectly permissions. - -With `virtualenv`_, it's possible to install this library without needing system -install permissions, and without clashing with the installed system -dependencies. - -.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/ - - -Mac/Linux -^^^^^^^^^ - -.. code-block:: console - - python3 -m venv - source /bin/activate - /bin/pip install /path/to/library - - -Windows -^^^^^^^ - -.. code-block:: console - - python3 -m venv - \Scripts\activate - \Scripts\pip.exe install \path\to\library - - -Logging -------- - -This library uses the standard Python :code:`logging` functionality to log some RPC events that could be of interest for debugging and monitoring purposes. -Note the following: - -#. Logs may contain sensitive information. Take care to **restrict access to the logs** if they are saved, whether it be on local storage or on Google Cloud Logging. -#. Google may refine the occurrence, level, and content of various log messages in this library without flagging such changes as breaking. **Do not depend on immutability of the logging events**. -#. By default, the logging events from this library are not handled. You must **explicitly configure log handling** using one of the mechanisms below. - - -Simple, environment-based configuration -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To enable logging for this library without any changes in your code, set the :code:`GOOGLE_SDK_PYTHON_LOGGING_SCOPE` environment variable to a valid Google -logging scope. This configures handling of logging events (at level :code:`logging.DEBUG` or higher) from this library in a default manner, emitting the logged -messages in a structured format. It does not currently allow customizing the logging levels captured nor the handlers, formatters, etc. used for any logging -event. - -A logging scope is a period-separated namespace that begins with :code:`google`, identifying the Python module or package to log. - -- Valid logging scopes: :code:`google`, :code:`google.cloud.asset.v1`, :code:`google.api`, :code:`google.auth`, etc. -- Invalid logging scopes: :code:`foo`, :code:`123`, etc. - -**NOTE**: If the logging scope is invalid, the library does not set up any logging handlers. - - -Examples -^^^^^^^^ - -- Enabling the default handler for all Google-based loggers - -.. code-block:: console - - export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google - -- Enabling the default handler for a specific Google module (for a client library called :code:`library_v1`): - -.. code-block:: console - - export GOOGLE_SDK_PYTHON_LOGGING_SCOPE=google.cloud.library_v1 - - -Advanced, code-based configuration -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -You can also configure a valid logging scope using Python's standard `logging` mechanism. - - -Examples -^^^^^^^^ - -- Configuring a handler for all Google-based loggers - -.. code-block:: python - - import logging - - from google.cloud.translate_v3 import translate - - base_logger = logging.getLogger("google") - base_logger.addHandler(logging.StreamHandler()) - base_logger.setLevel(logging.DEBUG) - -- Configuring a handler for a specific Google module (for a client library called :code:`library_v1`): - -.. code-block:: python - - import logging - - from google.cloud.translate_v3 import translate - - base_logger = logging.getLogger("google.cloud.library_v1") - base_logger.addHandler(logging.StreamHandler()) - base_logger.setLevel(logging.DEBUG) - - -Logging details -~~~~~~~~~~~~~~~ - -#. Regardless of which of the mechanisms above you use to configure logging for this library, by default logging events are not propagated up to the root - logger from the `google`-level logger. If you need the events to be propagated to the root logger, you must explicitly set - :code:`logging.getLogger("google").propagate = True` in your code. -#. You can mix the different logging configurations above for different Google modules. For example, you may want use a code-based logging configuration for - one library, but decide you need to also set up environment-based logging configuration for another library. - - #. If you attempt to use both code-based and environment-based configuration for the same module, the environment-based configuration will be ineffectual - if the code -based configuration gets applied first. - -#. The Google-specific logging configurations (default handlers for environment-based configuration; not propagating logging events to the root logger) get - executed the first time *any* client library is instantiated in your application, and only if the affected loggers have not been previously configured. - (This is the reason for 2.i. above.) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_static/custom.css b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_static/custom.css deleted file mode 100644 index b0a295464b23..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_static/custom.css +++ /dev/null @@ -1,20 +0,0 @@ -div#python2-eol { - border-color: red; - border-width: medium; -} - -/* Ensure minimum width for 'Parameters' / 'Returns' column */ -dl.field-list > dt { - min-width: 100px -} - -/* Insert space between methods for readability */ -dl.method { - padding-top: 10px; - padding-bottom: 10px -} - -/* Insert empty space between classes */ -dl.class { - padding-bottom: 50px -} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_templates/layout.html b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_templates/layout.html deleted file mode 100644 index 95e9c77fcfe1..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/_templates/layout.html +++ /dev/null @@ -1,50 +0,0 @@ - -{% extends "!layout.html" %} -{%- block content %} -{%- if theme_fixed_sidebar|lower == 'true' %} -
- {{ sidebar() }} - {%- block document %} -
- {%- if render_sidebar %} -
- {%- endif %} - - {%- block relbar_top %} - {%- if theme_show_relbar_top|tobool %} -
-   - {{- rellink_markup () }} -
- {%- endif %} - {% endblock %} - -
-
- As of January 1, 2020 this library no longer supports Python 2 on the latest released version. - Library versions released prior to that date will continue to be available. For more information please - visit Python 2 support on Google Cloud. -
- {% block body %} {% endblock %} -
- - {%- block relbar_bottom %} - {%- if theme_show_relbar_bottom|tobool %} -
-   - {{- rellink_markup () }} -
- {%- endif %} - {% endblock %} - - {%- if render_sidebar %} -
- {%- endif %} -
- {%- endblock %} -
-
-{%- else %} -{{ super() }} -{%- endif %} -{%- endblock %} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/conf.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/conf.py deleted file mode 100644 index 0e6041a4ac82..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/conf.py +++ /dev/null @@ -1,385 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# google-cloud-privilegedaccessmanager documentation build configuration file -# -# This file is execfile()d with the current directory set to its -# containing dir. -# -# Note that not all possible configuration values are present in this -# autogenerated file. -# -# All configuration values have a default; values that are commented out -# serve to show the default. - -import sys -import os -import shlex - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -sys.path.insert(0, os.path.abspath("..")) - -# For plugins that can not read conf.py. -# See also: https://github.com/docascode/sphinx-docfx-yaml/issues/85 -sys.path.insert(0, os.path.abspath(".")) - -__version__ = "" - -# -- General configuration ------------------------------------------------ - -# If your documentation needs a minimal Sphinx version, state it here. -needs_sphinx = "4.5.0" - -# Add any Sphinx extension module names here, as strings. They can be -# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom -# ones. -extensions = [ - "sphinx.ext.autodoc", - "sphinx.ext.autosummary", - "sphinx.ext.intersphinx", - "sphinx.ext.coverage", - "sphinx.ext.doctest", - "sphinx.ext.napoleon", - "sphinx.ext.todo", - "sphinx.ext.viewcode", - "recommonmark", -] - -# autodoc/autosummary flags -autoclass_content = "both" -autodoc_default_options = {"members": True} -autosummary_generate = True - - -# Add any paths that contain templates here, relative to this directory. -templates_path = ["_templates"] - -# The suffix(es) of source filenames. -# You can specify multiple suffix as a list of string: -# source_suffix = ['.rst', '.md'] -source_suffix = [".rst", ".md"] - -# The encoding of source files. -# source_encoding = 'utf-8-sig' - -# The root toctree document. -root_doc = "index" - -# General information about the project. -project = u"google-cloud-privilegedaccessmanager" -copyright = u"2025, Google, LLC" -author = u"Google APIs" - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The full version, including alpha/beta/rc tags. -release = __version__ -# The short X.Y version. -version = ".".join(release.split(".")[0:2]) - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -# -# This is also used if you do content translation via gettext catalogs. -# Usually you set "language" from the command line for these cases. -language = None - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -# today = '' -# Else, today_fmt is used as the format for a strftime call. -# today_fmt = '%B %d, %Y' - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = [ - "_build", - "**/.nox/**/*", - "samples/AUTHORING_GUIDE.md", - "samples/CONTRIBUTING.md", - "samples/snippets/README.rst", -] - -# The reST default role (used for this markup: `text`) to use for all -# documents. -# default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -# add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -# add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -# show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = "sphinx" - -# A list of ignored prefixes for module index sorting. -# modindex_common_prefix = [] - -# If true, keep warnings as "system message" paragraphs in the built documents. -# keep_warnings = False - -# If true, `todo` and `todoList` produce output, else they produce nothing. -todo_include_todos = True - - -# -- Options for HTML output ---------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -html_theme = "alabaster" - -# Theme options are theme-specific and customize the look and feel of a theme -# further. For a list of options available for each theme, see the -# documentation. -html_theme_options = { - "description": "Google Cloud Client Libraries for google-cloud-privilegedaccessmanager", - "github_user": "googleapis", - "github_repo": "google-cloud-python", - "github_banner": True, - "font_family": "'Roboto', Georgia, sans", - "head_font_family": "'Roboto', Georgia, serif", - "code_font_family": "'Roboto Mono', 'Consolas', monospace", -} - -# Add any paths that contain custom themes here, relative to this directory. -# html_theme_path = [] - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -# html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -# html_short_title = None - -# The name of an image file (relative to this directory) to place at the top -# of the sidebar. -# html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. -# html_favicon = None - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ["_static"] - -# Add any extra paths that contain custom files (such as robots.txt or -# .htaccess) here, relative to this directory. These files are copied -# directly to the root of the documentation. -# html_extra_path = [] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -# html_last_updated_fmt = '%b %d, %Y' - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -# html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -# html_sidebars = {} - -# Additional templates that should be rendered to pages, maps page names to -# template names. -# html_additional_pages = {} - -# If false, no module index is generated. -# html_domain_indices = True - -# If false, no index is generated. -# html_use_index = True - -# If true, the index is split into individual pages for each letter. -# html_split_index = False - -# If true, links to the reST sources are added to the pages. -# html_show_sourcelink = True - -# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -# html_show_sphinx = True - -# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -# html_show_copyright = True - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -# html_use_opensearch = '' - -# This is the file name suffix for HTML files (e.g. ".xhtml"). -# html_file_suffix = None - -# Language to be used for generating the HTML full-text search index. -# Sphinx supports the following languages: -# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja' -# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr' -# html_search_language = 'en' - -# A dictionary with options for the search language support, empty by default. -# Now only 'ja' uses this config value -# html_search_options = {'type': 'default'} - -# The name of a javascript file (relative to the configuration directory) that -# implements a search results scorer. If empty, the default will be used. -# html_search_scorer = 'scorer.js' - -# Output file base name for HTML help builder. -htmlhelp_basename = "google-cloud-privilegedaccessmanager-doc" - -# -- Options for warnings ------------------------------------------------------ - - -suppress_warnings = [ - # Temporarily suppress this to avoid "more than one target found for - # cross-reference" warning, which are intractable for us to avoid while in - # a mono-repo. - # See https://github.com/sphinx-doc/sphinx/blob - # /2a65ffeef5c107c19084fabdd706cdff3f52d93c/sphinx/domains/python.py#L843 - "ref.python" -] - -# -- Options for LaTeX output --------------------------------------------- - -latex_elements = { - # The paper size ('letterpaper' or 'a4paper'). - # 'papersize': 'letterpaper', - # The font size ('10pt', '11pt' or '12pt'). - # 'pointsize': '10pt', - # Additional stuff for the LaTeX preamble. - # 'preamble': '', - # Latex figure (float) alignment - # 'figure_align': 'htbp', -} - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, -# author, documentclass [howto, manual, or own class]). -latex_documents = [ - ( - root_doc, - "google-cloud-privilegedaccessmanager.tex", - u"google-cloud-privilegedaccessmanager Documentation", - author, - "manual", - ) -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -# latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -# latex_use_parts = False - -# If true, show page references after internal links. -# latex_show_pagerefs = False - -# If true, show URL addresses after external links. -# latex_show_urls = False - -# Documents to append as an appendix to all manuals. -# latex_appendices = [] - -# If false, no module index is generated. -# latex_domain_indices = True - - -# -- Options for manual page output --------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -man_pages = [ - ( - root_doc, - "google-cloud-privilegedaccessmanager", - "google-cloud-privilegedaccessmanager Documentation", - [author], - 1, - ) -] - -# If true, show URL addresses after external links. -# man_show_urls = False - - -# -- Options for Texinfo output ------------------------------------------- - -# Grouping the document tree into Texinfo files. List of tuples -# (source start file, target name, title, author, -# dir menu entry, description, category) -texinfo_documents = [ - ( - root_doc, - "google-cloud-privilegedaccessmanager", - "google-cloud-privilegedaccessmanager Documentation", - author, - "google-cloud-privilegedaccessmanager", - "google-cloud-privilegedaccessmanager Library", - "APIs", - ) -] - -# Documents to append as an appendix to all manuals. -# texinfo_appendices = [] - -# If false, no module index is generated. -# texinfo_domain_indices = True - -# How to display URL addresses: 'footnote', 'no', or 'inline'. -# texinfo_show_urls = 'footnote' - -# If true, do not generate a @detailmenu in the "Top" node's menu. -# texinfo_no_detailmenu = False - - -# Example configuration for intersphinx: refer to the Python standard library. -intersphinx_mapping = { - "python": ("https://python.readthedocs.org/en/latest/", None), - "google-auth": ("https://googleapis.dev/python/google-auth/latest/", None), - "google.api_core": ( - "https://googleapis.dev/python/google-api-core/latest/", - None, - ), - "grpc": ("https://grpc.github.io/grpc/python/", None), - "proto-plus": ("https://proto-plus-python.readthedocs.io/en/latest/", None), - "protobuf": ("https://googleapis.dev/python/protobuf/latest/", None), -} - - -# Napoleon settings -napoleon_google_docstring = True -napoleon_numpy_docstring = True -napoleon_include_private_with_doc = False -napoleon_include_special_with_doc = True -napoleon_use_admonition_for_examples = False -napoleon_use_admonition_for_notes = False -napoleon_use_admonition_for_references = False -napoleon_use_ivar = False -napoleon_use_param = True -napoleon_use_rtype = True diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/index.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/index.rst deleted file mode 100644 index fc20400a4b9b..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. include:: multiprocessing.rst - - -API Reference -------------- -.. toctree:: - :maxdepth: 2 - - privilegedaccessmanager_v1/services_ - privilegedaccessmanager_v1/types_ diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/multiprocessing.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/multiprocessing.rst deleted file mode 100644 index 536d17b2ea65..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/multiprocessing.rst +++ /dev/null @@ -1,7 +0,0 @@ -.. note:: - - Because this client uses :mod:`grpc` library, it is safe to - share instances across threads. In multiprocessing scenarios, the best - practice is to create client instances *after* the invocation of - :func:`os.fork` by :class:`multiprocessing.pool.Pool` or - :class:`multiprocessing.Process`. diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/privileged_access_manager.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/privileged_access_manager.rst deleted file mode 100644 index c4b9e31774b7..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/privileged_access_manager.rst +++ /dev/null @@ -1,10 +0,0 @@ -PrivilegedAccessManager ------------------------------------------ - -.. automodule:: google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager - :members: - :inherited-members: - -.. automodule:: google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers - :members: - :inherited-members: diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/services_.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/services_.rst deleted file mode 100644 index df1e04dc45f3..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/services_.rst +++ /dev/null @@ -1,6 +0,0 @@ -Services for Google Cloud Privilegedaccessmanager v1 API -======================================================== -.. toctree:: - :maxdepth: 2 - - privileged_access_manager diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/types_.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/types_.rst deleted file mode 100644 index 4c609f05f1d8..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/docs/privilegedaccessmanager_v1/types_.rst +++ /dev/null @@ -1,6 +0,0 @@ -Types for Google Cloud Privilegedaccessmanager v1 API -===================================================== - -.. automodule:: google.cloud.privilegedaccessmanager_v1.types - :members: - :show-inheritance: diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/__init__.py deleted file mode 100644 index 34bdc03a2a64..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/__init__.py +++ /dev/null @@ -1,81 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from google.cloud.privilegedaccessmanager import gapic_version as package_version - -__version__ = package_version.__version__ - - -from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.client import PrivilegedAccessManagerClient -from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.async_client import PrivilegedAccessManagerAsyncClient - -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import AccessControlEntry -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ApprovalWorkflow -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ApproveGrantRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import CheckOnboardingStatusRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import CheckOnboardingStatusResponse -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import CreateEntitlementRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import CreateGrantRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import DeleteEntitlementRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import DenyGrantRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import Entitlement -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import GetEntitlementRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import GetGrantRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import Grant -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import Justification -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ListEntitlementsRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ListEntitlementsResponse -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ListGrantsRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ListGrantsResponse -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import ManualApprovals -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import OperationMetadata -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import PrivilegedAccess -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import RevokeGrantRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import SearchEntitlementsRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import SearchEntitlementsResponse -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import SearchGrantsRequest -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import SearchGrantsResponse -from google.cloud.privilegedaccessmanager_v1.types.privilegedaccessmanager import UpdateEntitlementRequest - -__all__ = ('PrivilegedAccessManagerClient', - 'PrivilegedAccessManagerAsyncClient', - 'AccessControlEntry', - 'ApprovalWorkflow', - 'ApproveGrantRequest', - 'CheckOnboardingStatusRequest', - 'CheckOnboardingStatusResponse', - 'CreateEntitlementRequest', - 'CreateGrantRequest', - 'DeleteEntitlementRequest', - 'DenyGrantRequest', - 'Entitlement', - 'GetEntitlementRequest', - 'GetGrantRequest', - 'Grant', - 'Justification', - 'ListEntitlementsRequest', - 'ListEntitlementsResponse', - 'ListGrantsRequest', - 'ListGrantsResponse', - 'ManualApprovals', - 'OperationMetadata', - 'PrivilegedAccess', - 'RevokeGrantRequest', - 'SearchEntitlementsRequest', - 'SearchEntitlementsResponse', - 'SearchGrantsRequest', - 'SearchGrantsResponse', - 'UpdateEntitlementRequest', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/gapic_version.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/gapic_version.py deleted file mode 100644 index 20a9cd975b02..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/gapic_version.py +++ /dev/null @@ -1,16 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -__version__ = "0.0.0" # {x-release-please-version} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/py.typed b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/py.typed deleted file mode 100644 index 835028116f75..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager/py.typed +++ /dev/null @@ -1,2 +0,0 @@ -# Marker file for PEP 561. -# The google-cloud-privilegedaccessmanager package uses inline types. diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/__init__.py deleted file mode 100644 index f6fe77c6fee7..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/__init__.py +++ /dev/null @@ -1,82 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from google.cloud.privilegedaccessmanager_v1 import gapic_version as package_version - -__version__ = package_version.__version__ - - -from .services.privileged_access_manager import PrivilegedAccessManagerClient -from .services.privileged_access_manager import PrivilegedAccessManagerAsyncClient - -from .types.privilegedaccessmanager import AccessControlEntry -from .types.privilegedaccessmanager import ApprovalWorkflow -from .types.privilegedaccessmanager import ApproveGrantRequest -from .types.privilegedaccessmanager import CheckOnboardingStatusRequest -from .types.privilegedaccessmanager import CheckOnboardingStatusResponse -from .types.privilegedaccessmanager import CreateEntitlementRequest -from .types.privilegedaccessmanager import CreateGrantRequest -from .types.privilegedaccessmanager import DeleteEntitlementRequest -from .types.privilegedaccessmanager import DenyGrantRequest -from .types.privilegedaccessmanager import Entitlement -from .types.privilegedaccessmanager import GetEntitlementRequest -from .types.privilegedaccessmanager import GetGrantRequest -from .types.privilegedaccessmanager import Grant -from .types.privilegedaccessmanager import Justification -from .types.privilegedaccessmanager import ListEntitlementsRequest -from .types.privilegedaccessmanager import ListEntitlementsResponse -from .types.privilegedaccessmanager import ListGrantsRequest -from .types.privilegedaccessmanager import ListGrantsResponse -from .types.privilegedaccessmanager import ManualApprovals -from .types.privilegedaccessmanager import OperationMetadata -from .types.privilegedaccessmanager import PrivilegedAccess -from .types.privilegedaccessmanager import RevokeGrantRequest -from .types.privilegedaccessmanager import SearchEntitlementsRequest -from .types.privilegedaccessmanager import SearchEntitlementsResponse -from .types.privilegedaccessmanager import SearchGrantsRequest -from .types.privilegedaccessmanager import SearchGrantsResponse -from .types.privilegedaccessmanager import UpdateEntitlementRequest - -__all__ = ( - 'PrivilegedAccessManagerAsyncClient', -'AccessControlEntry', -'ApprovalWorkflow', -'ApproveGrantRequest', -'CheckOnboardingStatusRequest', -'CheckOnboardingStatusResponse', -'CreateEntitlementRequest', -'CreateGrantRequest', -'DeleteEntitlementRequest', -'DenyGrantRequest', -'Entitlement', -'GetEntitlementRequest', -'GetGrantRequest', -'Grant', -'Justification', -'ListEntitlementsRequest', -'ListEntitlementsResponse', -'ListGrantsRequest', -'ListGrantsResponse', -'ManualApprovals', -'OperationMetadata', -'PrivilegedAccess', -'PrivilegedAccessManagerClient', -'RevokeGrantRequest', -'SearchEntitlementsRequest', -'SearchEntitlementsResponse', -'SearchGrantsRequest', -'SearchGrantsResponse', -'UpdateEntitlementRequest', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_metadata.json b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_metadata.json deleted file mode 100644 index 0a486b55a4ef..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_metadata.json +++ /dev/null @@ -1,238 +0,0 @@ - { - "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", - "language": "python", - "libraryPackage": "google.cloud.privilegedaccessmanager_v1", - "protoPackage": "google.cloud.privilegedaccessmanager.v1", - "schema": "1.0", - "services": { - "PrivilegedAccessManager": { - "clients": { - "grpc": { - "libraryClient": "PrivilegedAccessManagerClient", - "rpcs": { - "ApproveGrant": { - "methods": [ - "approve_grant" - ] - }, - "CheckOnboardingStatus": { - "methods": [ - "check_onboarding_status" - ] - }, - "CreateEntitlement": { - "methods": [ - "create_entitlement" - ] - }, - "CreateGrant": { - "methods": [ - "create_grant" - ] - }, - "DeleteEntitlement": { - "methods": [ - "delete_entitlement" - ] - }, - "DenyGrant": { - "methods": [ - "deny_grant" - ] - }, - "GetEntitlement": { - "methods": [ - "get_entitlement" - ] - }, - "GetGrant": { - "methods": [ - "get_grant" - ] - }, - "ListEntitlements": { - "methods": [ - "list_entitlements" - ] - }, - "ListGrants": { - "methods": [ - "list_grants" - ] - }, - "RevokeGrant": { - "methods": [ - "revoke_grant" - ] - }, - "SearchEntitlements": { - "methods": [ - "search_entitlements" - ] - }, - "SearchGrants": { - "methods": [ - "search_grants" - ] - }, - "UpdateEntitlement": { - "methods": [ - "update_entitlement" - ] - } - } - }, - "grpc-async": { - "libraryClient": "PrivilegedAccessManagerAsyncClient", - "rpcs": { - "ApproveGrant": { - "methods": [ - "approve_grant" - ] - }, - "CheckOnboardingStatus": { - "methods": [ - "check_onboarding_status" - ] - }, - "CreateEntitlement": { - "methods": [ - "create_entitlement" - ] - }, - "CreateGrant": { - "methods": [ - "create_grant" - ] - }, - "DeleteEntitlement": { - "methods": [ - "delete_entitlement" - ] - }, - "DenyGrant": { - "methods": [ - "deny_grant" - ] - }, - "GetEntitlement": { - "methods": [ - "get_entitlement" - ] - }, - "GetGrant": { - "methods": [ - "get_grant" - ] - }, - "ListEntitlements": { - "methods": [ - "list_entitlements" - ] - }, - "ListGrants": { - "methods": [ - "list_grants" - ] - }, - "RevokeGrant": { - "methods": [ - "revoke_grant" - ] - }, - "SearchEntitlements": { - "methods": [ - "search_entitlements" - ] - }, - "SearchGrants": { - "methods": [ - "search_grants" - ] - }, - "UpdateEntitlement": { - "methods": [ - "update_entitlement" - ] - } - } - }, - "rest": { - "libraryClient": "PrivilegedAccessManagerClient", - "rpcs": { - "ApproveGrant": { - "methods": [ - "approve_grant" - ] - }, - "CheckOnboardingStatus": { - "methods": [ - "check_onboarding_status" - ] - }, - "CreateEntitlement": { - "methods": [ - "create_entitlement" - ] - }, - "CreateGrant": { - "methods": [ - "create_grant" - ] - }, - "DeleteEntitlement": { - "methods": [ - "delete_entitlement" - ] - }, - "DenyGrant": { - "methods": [ - "deny_grant" - ] - }, - "GetEntitlement": { - "methods": [ - "get_entitlement" - ] - }, - "GetGrant": { - "methods": [ - "get_grant" - ] - }, - "ListEntitlements": { - "methods": [ - "list_entitlements" - ] - }, - "ListGrants": { - "methods": [ - "list_grants" - ] - }, - "RevokeGrant": { - "methods": [ - "revoke_grant" - ] - }, - "SearchEntitlements": { - "methods": [ - "search_entitlements" - ] - }, - "SearchGrants": { - "methods": [ - "search_grants" - ] - }, - "UpdateEntitlement": { - "methods": [ - "update_entitlement" - ] - } - } - } - } - } - } -} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_version.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_version.py deleted file mode 100644 index 20a9cd975b02..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/gapic_version.py +++ /dev/null @@ -1,16 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -__version__ = "0.0.0" # {x-release-please-version} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/py.typed b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/py.typed deleted file mode 100644 index 835028116f75..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/py.typed +++ /dev/null @@ -1,2 +0,0 @@ -# Marker file for PEP 561. -# The google-cloud-privilegedaccessmanager package uses inline types. diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/__init__.py deleted file mode 100644 index cbf94b283c70..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/__init__.py deleted file mode 100644 index 5b4aaccfc804..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/__init__.py +++ /dev/null @@ -1,22 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from .client import PrivilegedAccessManagerClient -from .async_client import PrivilegedAccessManagerAsyncClient - -__all__ = ( - 'PrivilegedAccessManagerClient', - 'PrivilegedAccessManagerAsyncClient', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py deleted file mode 100644 index 14fcbde8b0b5..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py +++ /dev/null @@ -1,2115 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import logging as std_logging -from collections import OrderedDict -import re -from typing import Dict, Callable, Mapping, MutableMapping, MutableSequence, Optional, Sequence, Tuple, Type, Union -import uuid - -from google.cloud.privilegedaccessmanager_v1 import gapic_version as package_version - -from google.api_core.client_options import ClientOptions -from google.api_core import exceptions as core_exceptions -from google.api_core import gapic_v1 -from google.api_core import retry_async as retries -from google.auth import credentials as ga_credentials # type: ignore -from google.oauth2 import service_account # type: ignore -import google.protobuf - - -try: - OptionalRetry = Union[retries.AsyncRetry, gapic_v1.method._MethodDefault, None] -except AttributeError: # pragma: NO COVER - OptionalRetry = Union[retries.AsyncRetry, object, None] # type: ignore - -from google.api_core import operation # type: ignore -from google.api_core import operation_async # type: ignore -from google.cloud.location import locations_pb2 # type: ignore -from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import pagers -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager -from google.longrunning import operations_pb2 # type: ignore -from google.protobuf import duration_pb2 # type: ignore -from google.protobuf import field_mask_pb2 # type: ignore -from google.protobuf import timestamp_pb2 # type: ignore -from .transports.base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO -from .transports.grpc_asyncio import PrivilegedAccessManagerGrpcAsyncIOTransport -from .client import PrivilegedAccessManagerClient - -try: - from google.api_core import client_logging # type: ignore - CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER -except ImportError: # pragma: NO COVER - CLIENT_LOGGING_SUPPORTED = False - -_LOGGER = std_logging.getLogger(__name__) - -class PrivilegedAccessManagerAsyncClient: - """This API allows customers to manage temporary, request based - privileged access to their resources. - - It defines the following resource model: - - - A collection of ``Entitlement`` resources. An entitlement allows - configuring (among other things): - - - Some kind of privileged access that users can request. - - A set of users called *requesters* who can request this - access. - - A maximum duration for which the access can be requested. - - An optional approval workflow which must be satisfied before - access is granted. - - - A collection of ``Grant`` resources. A grant is a request by a - requester to get the privileged access specified in an - entitlement for some duration. - - After the approval workflow as specified in the entitlement is - satisfied, the specified access is given to the requester. The - access is automatically taken back after the requested duration - is over. - """ - - _client: PrivilegedAccessManagerClient - - # Copy defaults from the synchronous client for use here. - # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead. - DEFAULT_ENDPOINT = PrivilegedAccessManagerClient.DEFAULT_ENDPOINT - DEFAULT_MTLS_ENDPOINT = PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT - _DEFAULT_ENDPOINT_TEMPLATE = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE - _DEFAULT_UNIVERSE = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE - - entitlement_path = staticmethod(PrivilegedAccessManagerClient.entitlement_path) - parse_entitlement_path = staticmethod(PrivilegedAccessManagerClient.parse_entitlement_path) - grant_path = staticmethod(PrivilegedAccessManagerClient.grant_path) - parse_grant_path = staticmethod(PrivilegedAccessManagerClient.parse_grant_path) - common_billing_account_path = staticmethod(PrivilegedAccessManagerClient.common_billing_account_path) - parse_common_billing_account_path = staticmethod(PrivilegedAccessManagerClient.parse_common_billing_account_path) - common_folder_path = staticmethod(PrivilegedAccessManagerClient.common_folder_path) - parse_common_folder_path = staticmethod(PrivilegedAccessManagerClient.parse_common_folder_path) - common_organization_path = staticmethod(PrivilegedAccessManagerClient.common_organization_path) - parse_common_organization_path = staticmethod(PrivilegedAccessManagerClient.parse_common_organization_path) - common_project_path = staticmethod(PrivilegedAccessManagerClient.common_project_path) - parse_common_project_path = staticmethod(PrivilegedAccessManagerClient.parse_common_project_path) - common_location_path = staticmethod(PrivilegedAccessManagerClient.common_location_path) - parse_common_location_path = staticmethod(PrivilegedAccessManagerClient.parse_common_location_path) - - @classmethod - def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials - info. - - Args: - info (dict): The service account private key info. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - PrivilegedAccessManagerAsyncClient: The constructed client. - """ - return PrivilegedAccessManagerClient.from_service_account_info.__func__(PrivilegedAccessManagerAsyncClient, info, *args, **kwargs) # type: ignore - - @classmethod - def from_service_account_file(cls, filename: str, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - PrivilegedAccessManagerAsyncClient: The constructed client. - """ - return PrivilegedAccessManagerClient.from_service_account_file.__func__(PrivilegedAccessManagerAsyncClient, filename, *args, **kwargs) # type: ignore - - from_service_account_json = from_service_account_file - - @classmethod - def get_mtls_endpoint_and_cert_source(cls, client_options: Optional[ClientOptions] = None): - """Return the API endpoint and client cert source for mutual TLS. - - The client cert source is determined in the following order: - (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the - client cert source is None. - (2) if `client_options.client_cert_source` is provided, use the provided one; if the - default client cert source exists, use the default one; otherwise the client cert - source is None. - - The API endpoint is determined in the following order: - (1) if `client_options.api_endpoint` if provided, use the provided one. - (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the - default mTLS endpoint; if the environment variable is "never", use the default API - endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise - use the default API endpoint. - - More details can be found at https://google.aip.dev/auth/4114. - - Args: - client_options (google.api_core.client_options.ClientOptions): Custom options for the - client. Only the `api_endpoint` and `client_cert_source` properties may be used - in this method. - - Returns: - Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the - client cert source to use. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If any errors happen. - """ - return PrivilegedAccessManagerClient.get_mtls_endpoint_and_cert_source(client_options) # type: ignore - - @property - def transport(self) -> PrivilegedAccessManagerTransport: - """Returns the transport used by the client instance. - - Returns: - PrivilegedAccessManagerTransport: The transport used by the client instance. - """ - return self._client.transport - - @property - def api_endpoint(self): - """Return the API endpoint used by the client instance. - - Returns: - str: The API endpoint used by the client instance. - """ - return self._client._api_endpoint - - @property - def universe_domain(self) -> str: - """Return the universe domain used by the client instance. - - Returns: - str: The universe domain used - by the client instance. - """ - return self._client._universe_domain - - get_transport_class = PrivilegedAccessManagerClient.get_transport_class - - def __init__(self, *, - credentials: Optional[ga_credentials.Credentials] = None, - transport: Optional[Union[str, PrivilegedAccessManagerTransport, Callable[..., PrivilegedAccessManagerTransport]]] = "grpc_asyncio", - client_options: Optional[ClientOptions] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - ) -> None: - """Instantiates the privileged access manager async client. - - Args: - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - transport (Optional[Union[str,PrivilegedAccessManagerTransport,Callable[..., PrivilegedAccessManagerTransport]]]): - The transport to use, or a Callable that constructs and returns a new transport to use. - If a Callable is given, it will be called with the same set of initialization - arguments as used in the PrivilegedAccessManagerTransport constructor. - If set to None, a transport is chosen automatically. - client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]): - Custom options for the client. - - 1. The ``api_endpoint`` property can be used to override the - default endpoint provided by the client when ``transport`` is - not explicitly provided. Only if this property is not set and - ``transport`` was not explicitly provided, the endpoint is - determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment - variable, which have one of the following values: - "always" (always use the default mTLS endpoint), "never" (always - use the default regular endpoint) and "auto" (auto-switch to the - default mTLS endpoint if client certificate is present; this is - the default value). - - 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable - is "true", then the ``client_cert_source`` property can be used - to provide a client certificate for mTLS transport. If - not provided, the default SSL client certificate will be used if - present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not - set, no client certificate will be used. - - 3. The ``universe_domain`` property can be used to override the - default "googleapis.com" universe. Note that ``api_endpoint`` - property still takes precedence; and ``universe_domain`` is - currently not supported for mTLS. - - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - - Raises: - google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport - creation failed for any reason. - """ - self._client = PrivilegedAccessManagerClient( - credentials=credentials, - transport=transport, - client_options=client_options, - client_info=client_info, - - ) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(std_logging.DEBUG): # pragma: NO COVER - _LOGGER.debug( - "Created client `google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient`.", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "universeDomain": getattr(self._client._transport._credentials, "universe_domain", ""), - "credentialsType": f"{type(self._client._transport._credentials).__module__}.{type(self._client._transport._credentials).__qualname__}", - "credentialsInfo": getattr(self.transport._credentials, "get_cred_info", lambda: None)(), - } if hasattr(self._client._transport, "_credentials") else { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "credentialsType": None, - } - ) - - async def check_onboarding_status(self, - request: Optional[Union[privilegedaccessmanager.CheckOnboardingStatusRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.CheckOnboardingStatusResponse: - r"""``CheckOnboardingStatus`` reports the onboarding status for a - project/folder/organization. Any findings reported by this API - need to be fixed before PAM can be used on the resource. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_check_onboarding_status(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CheckOnboardingStatusRequest( - parent="parent_value", - ) - - # Make the request - response = await client.check_onboarding_status(request=request) - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusRequest, dict]]): - The request object. Request message for ``CheckOnboardingStatus`` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse: - Response message for CheckOnboardingStatus method. - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.CheckOnboardingStatusRequest): - request = privilegedaccessmanager.CheckOnboardingStatusRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.check_onboarding_status] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def list_entitlements(self, - request: Optional[Union[privilegedaccessmanager.ListEntitlementsRequest, dict]] = None, - *, - parent: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> pagers.ListEntitlementsAsyncPager: - r"""Lists entitlements in a given - project/folder/organization and location. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_list_entitlements(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ListEntitlementsRequest( - parent="parent_value", - ) - - # Make the request - page_result = client.list_entitlements(request=request) - - # Handle the response - async for response in page_result: - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest, dict]]): - The request object. Message for requesting list of - entitlements. - parent (:class:`str`): - Required. The parent which owns the - entitlement resources. - - This corresponds to the ``parent`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListEntitlementsAsyncPager: - Message for response to listing - entitlements. - Iterating over this object will yield - results and resolve additional pages - automatically. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [parent] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError("If the `request` argument is set, then none of " - "the individual field arguments should be set.") - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.ListEntitlementsRequest): - request = privilegedaccessmanager.ListEntitlementsRequest(request) - - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if parent is not None: - request.parent = parent - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.list_entitlements] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__aiter__` convenience method. - response = pagers.ListEntitlementsAsyncPager( - method=rpc, - request=request, - response=response, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def search_entitlements(self, - request: Optional[Union[privilegedaccessmanager.SearchEntitlementsRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> pagers.SearchEntitlementsAsyncPager: - r"""``SearchEntitlements`` returns entitlements on which the caller - has the specified access. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_search_entitlements(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.SearchEntitlementsRequest( - parent="parent_value", - caller_access_type="GRANT_APPROVER", - ) - - # Make the request - page_result = client.search_entitlements(request=request) - - # Handle the response - async for response in page_result: - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest, dict]]): - The request object. Request message for ``SearchEntitlements`` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchEntitlementsAsyncPager: - Response message for SearchEntitlements method. - - Iterating over this object will yield results and - resolve additional pages automatically. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.SearchEntitlementsRequest): - request = privilegedaccessmanager.SearchEntitlementsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.search_entitlements] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__aiter__` convenience method. - response = pagers.SearchEntitlementsAsyncPager( - method=rpc, - request=request, - response=response, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def get_entitlement(self, - request: Optional[Union[privilegedaccessmanager.GetEntitlementRequest, dict]] = None, - *, - name: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Entitlement: - r"""Gets details of a single entitlement. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_get_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.GetEntitlementRequest( - name="name_value", - ) - - # Make the request - response = await client.get_entitlement(request=request) - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.GetEntitlementRequest, dict]]): - The request object. Message for getting an entitlement. - name (:class:`str`): - Required. Name of the resource. - This corresponds to the ``name`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Entitlement: - An entitlement defines the - eligibility of a set of users to obtain - predefined access for some time possibly - after going through an approval - workflow. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [name] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError("If the `request` argument is set, then none of " - "the individual field arguments should be set.") - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.GetEntitlementRequest): - request = privilegedaccessmanager.GetEntitlementRequest(request) - - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if name is not None: - request.name = name - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.get_entitlement] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def create_entitlement(self, - request: Optional[Union[privilegedaccessmanager.CreateEntitlementRequest, dict]] = None, - *, - parent: Optional[str] = None, - entitlement: Optional[privilegedaccessmanager.Entitlement] = None, - entitlement_id: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operation_async.AsyncOperation: - r"""Creates a new entitlement in a given - project/folder/organization and location. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_create_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CreateEntitlementRequest( - parent="parent_value", - entitlement_id="entitlement_id_value", - ) - - # Make the request - operation = client.create_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = (await operation).result() - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.CreateEntitlementRequest, dict]]): - The request object. Message for creating an entitlement. - parent (:class:`str`): - Required. Name of the parent resource for the - entitlement. Possible formats: - - - ``organizations/{organization-number}/locations/{region}`` - - ``folders/{folder-number}/locations/{region}`` - - ``projects/{project-id|project-number}/locations/{region}`` - - This corresponds to the ``parent`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - entitlement (:class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement`): - Required. The resource being created - This corresponds to the ``entitlement`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - entitlement_id (:class:`str`): - Required. The ID to use for this entitlement. This - becomes the last part of the resource name. - - This value should be 4-63 characters in length, and - valid characters are "[a-z]", "[0-9]", and "-". The - first character should be from [a-z]. - - This value should be unique among all other entitlements - under the specified ``parent``. - - This corresponds to the ``entitlement_id`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.api_core.operation_async.AsyncOperation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain - predefined access for some time possibly after going - through an approval workflow. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [parent, entitlement, entitlement_id] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError("If the `request` argument is set, then none of " - "the individual field arguments should be set.") - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.CreateEntitlementRequest): - request = privilegedaccessmanager.CreateEntitlementRequest(request) - - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if parent is not None: - request.parent = parent - if entitlement is not None: - request.entitlement = entitlement - if entitlement_id is not None: - request.entitlement_id = entitlement_id - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.create_entitlement] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation_async.from_gapic( - response, - self._client._transport.operations_client, - privilegedaccessmanager.Entitlement, - metadata_type=privilegedaccessmanager.OperationMetadata, - ) - - # Done; return the response. - return response - - async def delete_entitlement(self, - request: Optional[Union[privilegedaccessmanager.DeleteEntitlementRequest, dict]] = None, - *, - name: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operation_async.AsyncOperation: - r"""Deletes a single entitlement. This method can only be called - when there are no in-progress - (``ACTIVE``/``ACTIVATING``/``REVOKING``) grants under the - entitlement. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_delete_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.DeleteEntitlementRequest( - name="name_value", - ) - - # Make the request - operation = client.delete_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = (await operation).result() - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.DeleteEntitlementRequest, dict]]): - The request object. Message for deleting an entitlement. - name (:class:`str`): - Required. Name of the resource. - This corresponds to the ``name`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.api_core.operation_async.AsyncOperation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain - predefined access for some time possibly after going - through an approval workflow. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [name] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError("If the `request` argument is set, then none of " - "the individual field arguments should be set.") - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.DeleteEntitlementRequest): - request = privilegedaccessmanager.DeleteEntitlementRequest(request) - - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if name is not None: - request.name = name - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.delete_entitlement] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation_async.from_gapic( - response, - self._client._transport.operations_client, - privilegedaccessmanager.Entitlement, - metadata_type=privilegedaccessmanager.OperationMetadata, - ) - - # Done; return the response. - return response - - async def update_entitlement(self, - request: Optional[Union[privilegedaccessmanager.UpdateEntitlementRequest, dict]] = None, - *, - entitlement: Optional[privilegedaccessmanager.Entitlement] = None, - update_mask: Optional[field_mask_pb2.FieldMask] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operation_async.AsyncOperation: - r"""Updates the entitlement specified in the request. Updated fields - in the entitlement need to be specified in an update mask. The - changes made to an entitlement are applicable only on future - grants of the entitlement. However, if new approvers are added - or existing approvers are removed from the approval workflow, - the changes are effective on existing grants. - - The following fields are not supported for updates: - - - All immutable fields - - Entitlement name - - Resource name - - Resource type - - Adding an approval workflow in an entitlement which - previously had no approval workflow. - - Deleting the approval workflow from an entitlement. - - Adding or deleting a step in the approval workflow (only one - step is supported) - - Note that updates are allowed on the list of approvers in an - approval workflow step. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_update_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.UpdateEntitlementRequest( - ) - - # Make the request - operation = client.update_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = (await operation).result() - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.UpdateEntitlementRequest, dict]]): - The request object. Message for updating an entitlement. - entitlement (:class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement`): - Required. The entitlement resource - that is updated. - - This corresponds to the ``entitlement`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - update_mask (:class:`google.protobuf.field_mask_pb2.FieldMask`): - Required. The list of fields to update. A field is - overwritten if, and only if, it is in the mask. Any - immutable fields set in the mask are ignored by the - server. Repeated fields and map fields are only allowed - in the last position of a ``paths`` string and overwrite - the existing values. Hence an update to a repeated field - or a map should contain the entire list of values. The - fields specified in the update_mask are relative to the - resource and not to the request. (e.g. - ``MaxRequestDuration``; *not* - ``entitlement.MaxRequestDuration``) A value of '*' for - this field refers to full replacement of the resource. - - This corresponds to the ``update_mask`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.api_core.operation_async.AsyncOperation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain - predefined access for some time possibly after going - through an approval workflow. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [entitlement, update_mask] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError("If the `request` argument is set, then none of " - "the individual field arguments should be set.") - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.UpdateEntitlementRequest): - request = privilegedaccessmanager.UpdateEntitlementRequest(request) - - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if entitlement is not None: - request.entitlement = entitlement - if update_mask is not None: - request.update_mask = update_mask - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.update_entitlement] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("entitlement.name", request.entitlement.name), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation_async.from_gapic( - response, - self._client._transport.operations_client, - privilegedaccessmanager.Entitlement, - metadata_type=privilegedaccessmanager.OperationMetadata, - ) - - # Done; return the response. - return response - - async def list_grants(self, - request: Optional[Union[privilegedaccessmanager.ListGrantsRequest, dict]] = None, - *, - parent: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> pagers.ListGrantsAsyncPager: - r"""Lists grants for a given entitlement. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_list_grants(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ListGrantsRequest( - parent="parent_value", - ) - - # Make the request - page_result = client.list_grants(request=request) - - # Handle the response - async for response in page_result: - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest, dict]]): - The request object. Message for requesting list of - grants. - parent (:class:`str`): - Required. The parent resource which - owns the grants. - - This corresponds to the ``parent`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListGrantsAsyncPager: - Message for response to listing - grants. - Iterating over this object will yield - results and resolve additional pages - automatically. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [parent] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError("If the `request` argument is set, then none of " - "the individual field arguments should be set.") - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.ListGrantsRequest): - request = privilegedaccessmanager.ListGrantsRequest(request) - - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if parent is not None: - request.parent = parent - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.list_grants] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__aiter__` convenience method. - response = pagers.ListGrantsAsyncPager( - method=rpc, - request=request, - response=response, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def search_grants(self, - request: Optional[Union[privilegedaccessmanager.SearchGrantsRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> pagers.SearchGrantsAsyncPager: - r"""``SearchGrants`` returns grants that are related to the calling - user in the specified way. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_search_grants(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.SearchGrantsRequest( - parent="parent_value", - caller_relationship="HAD_APPROVED", - ) - - # Make the request - page_result = client.search_grants(request=request) - - # Handle the response - async for response in page_result: - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest, dict]]): - The request object. Request message for ``SearchGrants`` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchGrantsAsyncPager: - Response message for SearchGrants method. - - Iterating over this object will yield results and - resolve additional pages automatically. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.SearchGrantsRequest): - request = privilegedaccessmanager.SearchGrantsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.search_grants] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__aiter__` convenience method. - response = pagers.SearchGrantsAsyncPager( - method=rpc, - request=request, - response=response, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def get_grant(self, - request: Optional[Union[privilegedaccessmanager.GetGrantRequest, dict]] = None, - *, - name: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Grant: - r"""Get details of a single grant. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_get_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.GetGrantRequest( - name="name_value", - ) - - # Make the request - response = await client.get_grant(request=request) - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.GetGrantRequest, dict]]): - The request object. Message for getting a grant. - name (:class:`str`): - Required. Name of the resource. - This corresponds to the ``name`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [name] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError("If the `request` argument is set, then none of " - "the individual field arguments should be set.") - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.GetGrantRequest): - request = privilegedaccessmanager.GetGrantRequest(request) - - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if name is not None: - request.name = name - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.get_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def create_grant(self, - request: Optional[Union[privilegedaccessmanager.CreateGrantRequest, dict]] = None, - *, - parent: Optional[str] = None, - grant: Optional[privilegedaccessmanager.Grant] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Grant: - r"""Creates a new grant in a given - project/folder/organization and location. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_create_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CreateGrantRequest( - parent="parent_value", - ) - - # Make the request - response = await client.create_grant(request=request) - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.CreateGrantRequest, dict]]): - The request object. Message for creating a grant - parent (:class:`str`): - Required. Name of the parent - entitlement for which this grant is - being requested. - - This corresponds to the ``parent`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - grant (:class:`google.cloud.privilegedaccessmanager_v1.types.Grant`): - Required. The resource being created. - This corresponds to the ``grant`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [parent, grant] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError("If the `request` argument is set, then none of " - "the individual field arguments should be set.") - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.CreateGrantRequest): - request = privilegedaccessmanager.CreateGrantRequest(request) - - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if parent is not None: - request.parent = parent - if grant is not None: - request.grant = grant - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.create_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def approve_grant(self, - request: Optional[Union[privilegedaccessmanager.ApproveGrantRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Grant: - r"""``ApproveGrant`` is used to approve a grant. This method can - only be called on a grant when it's in the ``APPROVAL_AWAITED`` - state. This operation can't be undone. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_approve_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ApproveGrantRequest( - name="name_value", - ) - - # Make the request - response = await client.approve_grant(request=request) - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.ApproveGrantRequest, dict]]): - The request object. Request message for ``ApproveGrant`` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.ApproveGrantRequest): - request = privilegedaccessmanager.ApproveGrantRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.approve_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def deny_grant(self, - request: Optional[Union[privilegedaccessmanager.DenyGrantRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Grant: - r"""``DenyGrant`` is used to deny a grant. This method can only be - called on a grant when it's in the ``APPROVAL_AWAITED`` state. - This operation can't be undone. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_deny_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.DenyGrantRequest( - name="name_value", - ) - - # Make the request - response = await client.deny_grant(request=request) - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.DenyGrantRequest, dict]]): - The request object. Request message for ``DenyGrant`` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.DenyGrantRequest): - request = privilegedaccessmanager.DenyGrantRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.deny_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - async def revoke_grant(self, - request: Optional[Union[privilegedaccessmanager.RevokeGrantRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operation_async.AsyncOperation: - r"""``RevokeGrant`` is used to immediately revoke access for a - grant. This method can be called when the grant is in a - non-terminal state. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - async def sample_revoke_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.RevokeGrantRequest( - name="name_value", - ) - - # Make the request - operation = client.revoke_grant(request=request) - - print("Waiting for operation to complete...") - - response = (await operation).result() - - # Handle the response - print(response) - - Args: - request (Optional[Union[google.cloud.privilegedaccessmanager_v1.types.RevokeGrantRequest, dict]]): - The request object. Request message for ``RevokeGrant`` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.api_core.operation_async.AsyncOperation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Grant` A grant represents a request from a user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.RevokeGrantRequest): - request = privilegedaccessmanager.RevokeGrantRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._client._transport._wrapped_methods[self._client._transport.revoke_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation_async.from_gapic( - response, - self._client._transport.operations_client, - privilegedaccessmanager.Grant, - metadata_type=privilegedaccessmanager.OperationMetadata, - ) - - # Done; return the response. - return response - - async def list_operations( - self, - request: Optional[operations_pb2.ListOperationsRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operations_pb2.ListOperationsResponse: - r"""Lists operations that match the specified filter in the request. - - Args: - request (:class:`~.operations_pb2.ListOperationsRequest`): - The request object. Request message for - `ListOperations` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - ~.operations_pb2.ListOperationsResponse: - Response message for ``ListOperations`` method. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = operations_pb2.ListOperationsRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self.transport._wrapped_methods[self._client._transport.list_operations] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, retry=retry, timeout=timeout, metadata=metadata,) - - # Done; return the response. - return response - - async def get_operation( - self, - request: Optional[operations_pb2.GetOperationRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operations_pb2.Operation: - r"""Gets the latest state of a long-running operation. - - Args: - request (:class:`~.operations_pb2.GetOperationRequest`): - The request object. Request message for - `GetOperation` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - ~.operations_pb2.Operation: - An ``Operation`` object. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = operations_pb2.GetOperationRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self.transport._wrapped_methods[self._client._transport.get_operation] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, retry=retry, timeout=timeout, metadata=metadata,) - - # Done; return the response. - return response - - async def delete_operation( - self, - request: Optional[operations_pb2.DeleteOperationRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> None: - r"""Deletes a long-running operation. - - This method indicates that the client is no longer interested - in the operation result. It does not cancel the operation. - If the server doesn't support this method, it returns - `google.rpc.Code.UNIMPLEMENTED`. - - Args: - request (:class:`~.operations_pb2.DeleteOperationRequest`): - The request object. Request message for - `DeleteOperation` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - None - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = operations_pb2.DeleteOperationRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self.transport._wrapped_methods[self._client._transport.delete_operation] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) - - async def get_location( - self, - request: Optional[locations_pb2.GetLocationRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> locations_pb2.Location: - r"""Gets information about a location. - - Args: - request (:class:`~.location_pb2.GetLocationRequest`): - The request object. Request message for - `GetLocation` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - ~.location_pb2.Location: - Location object. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = locations_pb2.GetLocationRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self.transport._wrapped_methods[self._client._transport.get_location] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, retry=retry, timeout=timeout, metadata=metadata,) - - # Done; return the response. - return response - - async def list_locations( - self, - request: Optional[locations_pb2.ListLocationsRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> locations_pb2.ListLocationsResponse: - r"""Lists information about the supported locations for this service. - - Args: - request (:class:`~.location_pb2.ListLocationsRequest`): - The request object. Request message for - `ListLocations` method. - retry (google.api_core.retry_async.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - ~.location_pb2.ListLocationsResponse: - Response message for ``ListLocations`` method. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = locations_pb2.ListLocationsRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self.transport._wrapped_methods[self._client._transport.list_locations] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._client._validate_universe_domain() - - # Send the request. - response = await rpc( - request, retry=retry, timeout=timeout, metadata=metadata,) - - # Done; return the response. - return response - - async def __aenter__(self) -> "PrivilegedAccessManagerAsyncClient": - return self - - async def __aexit__(self, exc_type, exc, tb): - await self.transport.close() - -DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(gapic_version=package_version.__version__) - -if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER - DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__ - - -__all__ = ( - "PrivilegedAccessManagerAsyncClient", -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py deleted file mode 100644 index 707e549d0437..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py +++ /dev/null @@ -1,2488 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -from http import HTTPStatus -import json -import logging as std_logging -import os -import re -from typing import Dict, Callable, Mapping, MutableMapping, MutableSequence, Optional, Sequence, Tuple, Type, Union, cast -import uuid -import warnings - -from google.cloud.privilegedaccessmanager_v1 import gapic_version as package_version - -from google.api_core import client_options as client_options_lib -from google.api_core import exceptions as core_exceptions -from google.api_core import gapic_v1 -from google.api_core import retry as retries -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport import mtls # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -from google.auth.exceptions import MutualTLSChannelError # type: ignore -from google.oauth2 import service_account # type: ignore -import google.protobuf - -try: - OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None] -except AttributeError: # pragma: NO COVER - OptionalRetry = Union[retries.Retry, object, None] # type: ignore - -try: - from google.api_core import client_logging # type: ignore - CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER -except ImportError: # pragma: NO COVER - CLIENT_LOGGING_SUPPORTED = False - -_LOGGER = std_logging.getLogger(__name__) - -from google.api_core import operation # type: ignore -from google.api_core import operation_async # type: ignore -from google.cloud.location import locations_pb2 # type: ignore -from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import pagers -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager -from google.longrunning import operations_pb2 # type: ignore -from google.protobuf import duration_pb2 # type: ignore -from google.protobuf import field_mask_pb2 # type: ignore -from google.protobuf import timestamp_pb2 # type: ignore -from .transports.base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO -from .transports.grpc import PrivilegedAccessManagerGrpcTransport -from .transports.grpc_asyncio import PrivilegedAccessManagerGrpcAsyncIOTransport -from .transports.rest import PrivilegedAccessManagerRestTransport - - -class PrivilegedAccessManagerClientMeta(type): - """Metaclass for the PrivilegedAccessManager client. - - This provides class-level methods for building and retrieving - support objects (e.g. transport) without polluting the client instance - objects. - """ - _transport_registry = OrderedDict() # type: Dict[str, Type[PrivilegedAccessManagerTransport]] - _transport_registry["grpc"] = PrivilegedAccessManagerGrpcTransport - _transport_registry["grpc_asyncio"] = PrivilegedAccessManagerGrpcAsyncIOTransport - _transport_registry["rest"] = PrivilegedAccessManagerRestTransport - - def get_transport_class(cls, - label: Optional[str] = None, - ) -> Type[PrivilegedAccessManagerTransport]: - """Returns an appropriate transport class. - - Args: - label: The name of the desired transport. If none is - provided, then the first transport in the registry is used. - - Returns: - The transport class to use. - """ - # If a specific transport is requested, return that one. - if label: - return cls._transport_registry[label] - - # No transport is requested; return the default (that is, the first one - # in the dictionary). - return next(iter(cls._transport_registry.values())) - - -class PrivilegedAccessManagerClient(metaclass=PrivilegedAccessManagerClientMeta): - """This API allows customers to manage temporary, request based - privileged access to their resources. - - It defines the following resource model: - - - A collection of ``Entitlement`` resources. An entitlement allows - configuring (among other things): - - - Some kind of privileged access that users can request. - - A set of users called *requesters* who can request this - access. - - A maximum duration for which the access can be requested. - - An optional approval workflow which must be satisfied before - access is granted. - - - A collection of ``Grant`` resources. A grant is a request by a - requester to get the privileged access specified in an - entitlement for some duration. - - After the approval workflow as specified in the entitlement is - satisfied, the specified access is given to the requester. The - access is automatically taken back after the requested duration - is over. - """ - - @staticmethod - def _get_default_mtls_endpoint(api_endpoint): - """Converts api endpoint to mTLS endpoint. - - Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to - "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. - Args: - api_endpoint (Optional[str]): the api endpoint to convert. - Returns: - str: converted mTLS api endpoint. - """ - if not api_endpoint: - return api_endpoint - - mtls_endpoint_re = re.compile( - r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" - ) - - m = mtls_endpoint_re.match(api_endpoint) - name, mtls, sandbox, googledomain = m.groups() - if mtls or not googledomain: - return api_endpoint - - if sandbox: - return api_endpoint.replace( - "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" - ) - - return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") - - # Note: DEFAULT_ENDPOINT is deprecated. Use _DEFAULT_ENDPOINT_TEMPLATE instead. - DEFAULT_ENDPOINT = "privilegedaccessmanager.googleapis.com" - DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore - DEFAULT_ENDPOINT - ) - - _DEFAULT_ENDPOINT_TEMPLATE = "privilegedaccessmanager.{UNIVERSE_DOMAIN}" - _DEFAULT_UNIVERSE = "googleapis.com" - - @classmethod - def from_service_account_info(cls, info: dict, *args, **kwargs): - """Creates an instance of this client using the provided credentials - info. - - Args: - info (dict): The service account private key info. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - PrivilegedAccessManagerClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_info(info) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - @classmethod - def from_service_account_file(cls, filename: str, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - PrivilegedAccessManagerClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_file( - filename) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - from_service_account_json = from_service_account_file - - @property - def transport(self) -> PrivilegedAccessManagerTransport: - """Returns the transport used by the client instance. - - Returns: - PrivilegedAccessManagerTransport: The transport used by the client - instance. - """ - return self._transport - - @staticmethod - def entitlement_path(project: str,location: str,entitlement: str,) -> str: - """Returns a fully-qualified entitlement string.""" - return "projects/{project}/locations/{location}/entitlements/{entitlement}".format(project=project, location=location, entitlement=entitlement, ) - - @staticmethod - def parse_entitlement_path(path: str) -> Dict[str,str]: - """Parses a entitlement path into its component segments.""" - m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)/entitlements/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def grant_path(project: str,location: str,entitlement: str,grant: str,) -> str: - """Returns a fully-qualified grant string.""" - return "projects/{project}/locations/{location}/entitlements/{entitlement}/grants/{grant}".format(project=project, location=location, entitlement=entitlement, grant=grant, ) - - @staticmethod - def parse_grant_path(path: str) -> Dict[str,str]: - """Parses a grant path into its component segments.""" - m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)/entitlements/(?P.+?)/grants/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_billing_account_path(billing_account: str, ) -> str: - """Returns a fully-qualified billing_account string.""" - return "billingAccounts/{billing_account}".format(billing_account=billing_account, ) - - @staticmethod - def parse_common_billing_account_path(path: str) -> Dict[str,str]: - """Parse a billing_account path into its component segments.""" - m = re.match(r"^billingAccounts/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_folder_path(folder: str, ) -> str: - """Returns a fully-qualified folder string.""" - return "folders/{folder}".format(folder=folder, ) - - @staticmethod - def parse_common_folder_path(path: str) -> Dict[str,str]: - """Parse a folder path into its component segments.""" - m = re.match(r"^folders/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_organization_path(organization: str, ) -> str: - """Returns a fully-qualified organization string.""" - return "organizations/{organization}".format(organization=organization, ) - - @staticmethod - def parse_common_organization_path(path: str) -> Dict[str,str]: - """Parse a organization path into its component segments.""" - m = re.match(r"^organizations/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_project_path(project: str, ) -> str: - """Returns a fully-qualified project string.""" - return "projects/{project}".format(project=project, ) - - @staticmethod - def parse_common_project_path(path: str) -> Dict[str,str]: - """Parse a project path into its component segments.""" - m = re.match(r"^projects/(?P.+?)$", path) - return m.groupdict() if m else {} - - @staticmethod - def common_location_path(project: str, location: str, ) -> str: - """Returns a fully-qualified location string.""" - return "projects/{project}/locations/{location}".format(project=project, location=location, ) - - @staticmethod - def parse_common_location_path(path: str) -> Dict[str,str]: - """Parse a location path into its component segments.""" - m = re.match(r"^projects/(?P.+?)/locations/(?P.+?)$", path) - return m.groupdict() if m else {} - - @classmethod - def get_mtls_endpoint_and_cert_source(cls, client_options: Optional[client_options_lib.ClientOptions] = None): - """Deprecated. Return the API endpoint and client cert source for mutual TLS. - - The client cert source is determined in the following order: - (1) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is not "true", the - client cert source is None. - (2) if `client_options.client_cert_source` is provided, use the provided one; if the - default client cert source exists, use the default one; otherwise the client cert - source is None. - - The API endpoint is determined in the following order: - (1) if `client_options.api_endpoint` if provided, use the provided one. - (2) if `GOOGLE_API_USE_CLIENT_CERTIFICATE` environment variable is "always", use the - default mTLS endpoint; if the environment variable is "never", use the default API - endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise - use the default API endpoint. - - More details can be found at https://google.aip.dev/auth/4114. - - Args: - client_options (google.api_core.client_options.ClientOptions): Custom options for the - client. Only the `api_endpoint` and `client_cert_source` properties may be used - in this method. - - Returns: - Tuple[str, Callable[[], Tuple[bytes, bytes]]]: returns the API endpoint and the - client cert source to use. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If any errors happen. - """ - - warnings.warn("get_mtls_endpoint_and_cert_source is deprecated. Use the api_endpoint property instead.", - DeprecationWarning) - if client_options is None: - client_options = client_options_lib.ClientOptions() - use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") - use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto") - if use_client_cert not in ("true", "false"): - raise ValueError("Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`") - if use_mtls_endpoint not in ("auto", "never", "always"): - raise MutualTLSChannelError("Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`") - - # Figure out the client cert source to use. - client_cert_source = None - if use_client_cert == "true": - if client_options.client_cert_source: - client_cert_source = client_options.client_cert_source - elif mtls.has_default_client_cert_source(): - client_cert_source = mtls.default_client_cert_source() - - # Figure out which api endpoint to use. - if client_options.api_endpoint is not None: - api_endpoint = client_options.api_endpoint - elif use_mtls_endpoint == "always" or (use_mtls_endpoint == "auto" and client_cert_source): - api_endpoint = cls.DEFAULT_MTLS_ENDPOINT - else: - api_endpoint = cls.DEFAULT_ENDPOINT - - return api_endpoint, client_cert_source - - @staticmethod - def _read_environment_variables(): - """Returns the environment variables used by the client. - - Returns: - Tuple[bool, str, str]: returns the GOOGLE_API_USE_CLIENT_CERTIFICATE, - GOOGLE_API_USE_MTLS_ENDPOINT, and GOOGLE_CLOUD_UNIVERSE_DOMAIN environment variables. - - Raises: - ValueError: If GOOGLE_API_USE_CLIENT_CERTIFICATE is not - any of ["true", "false"]. - google.auth.exceptions.MutualTLSChannelError: If GOOGLE_API_USE_MTLS_ENDPOINT - is not any of ["auto", "never", "always"]. - """ - use_client_cert = os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false").lower() - use_mtls_endpoint = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto").lower() - universe_domain_env = os.getenv("GOOGLE_CLOUD_UNIVERSE_DOMAIN") - if use_client_cert not in ("true", "false"): - raise ValueError("Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`") - if use_mtls_endpoint not in ("auto", "never", "always"): - raise MutualTLSChannelError("Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`") - return use_client_cert == "true", use_mtls_endpoint, universe_domain_env - - @staticmethod - def _get_client_cert_source(provided_cert_source, use_cert_flag): - """Return the client cert source to be used by the client. - - Args: - provided_cert_source (bytes): The client certificate source provided. - use_cert_flag (bool): A flag indicating whether to use the client certificate. - - Returns: - bytes or None: The client cert source to be used by the client. - """ - client_cert_source = None - if use_cert_flag: - if provided_cert_source: - client_cert_source = provided_cert_source - elif mtls.has_default_client_cert_source(): - client_cert_source = mtls.default_client_cert_source() - return client_cert_source - - @staticmethod - def _get_api_endpoint(api_override, client_cert_source, universe_domain, use_mtls_endpoint): - """Return the API endpoint used by the client. - - Args: - api_override (str): The API endpoint override. If specified, this is always - the return value of this function and the other arguments are not used. - client_cert_source (bytes): The client certificate source used by the client. - universe_domain (str): The universe domain used by the client. - use_mtls_endpoint (str): How to use the mTLS endpoint, which depends also on the other parameters. - Possible values are "always", "auto", or "never". - - Returns: - str: The API endpoint to be used by the client. - """ - if api_override is not None: - api_endpoint = api_override - elif use_mtls_endpoint == "always" or (use_mtls_endpoint == "auto" and client_cert_source): - _default_universe = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE - if universe_domain != _default_universe: - raise MutualTLSChannelError(f"mTLS is not supported in any universe other than {_default_universe}.") - api_endpoint = PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT - else: - api_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=universe_domain) - return api_endpoint - - @staticmethod - def _get_universe_domain(client_universe_domain: Optional[str], universe_domain_env: Optional[str]) -> str: - """Return the universe domain used by the client. - - Args: - client_universe_domain (Optional[str]): The universe domain configured via the client options. - universe_domain_env (Optional[str]): The universe domain configured via the "GOOGLE_CLOUD_UNIVERSE_DOMAIN" environment variable. - - Returns: - str: The universe domain to be used by the client. - - Raises: - ValueError: If the universe domain is an empty string. - """ - universe_domain = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE - if client_universe_domain is not None: - universe_domain = client_universe_domain - elif universe_domain_env is not None: - universe_domain = universe_domain_env - if len(universe_domain.strip()) == 0: - raise ValueError("Universe Domain cannot be an empty string.") - return universe_domain - - def _validate_universe_domain(self): - """Validates client's and credentials' universe domains are consistent. - - Returns: - bool: True iff the configured universe domain is valid. - - Raises: - ValueError: If the configured universe domain is not valid. - """ - - # NOTE (b/349488459): universe validation is disabled until further notice. - return True - - def _add_cred_info_for_auth_errors( - self, - error: core_exceptions.GoogleAPICallError - ) -> None: - """Adds credential info string to error details for 401/403/404 errors. - - Args: - error (google.api_core.exceptions.GoogleAPICallError): The error to add the cred info. - """ - if error.code not in [HTTPStatus.UNAUTHORIZED, HTTPStatus.FORBIDDEN, HTTPStatus.NOT_FOUND]: - return - - cred = self._transport._credentials - - # get_cred_info is only available in google-auth>=2.35.0 - if not hasattr(cred, "get_cred_info"): - return - - # ignore the type check since pypy test fails when get_cred_info - # is not available - cred_info = cred.get_cred_info() # type: ignore - if cred_info and hasattr(error._details, "append"): - error._details.append(json.dumps(cred_info)) - - @property - def api_endpoint(self): - """Return the API endpoint used by the client instance. - - Returns: - str: The API endpoint used by the client instance. - """ - return self._api_endpoint - - @property - def universe_domain(self) -> str: - """Return the universe domain used by the client instance. - - Returns: - str: The universe domain used by the client instance. - """ - return self._universe_domain - - def __init__(self, *, - credentials: Optional[ga_credentials.Credentials] = None, - transport: Optional[Union[str, PrivilegedAccessManagerTransport, Callable[..., PrivilegedAccessManagerTransport]]] = None, - client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - ) -> None: - """Instantiates the privileged access manager client. - - Args: - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - transport (Optional[Union[str,PrivilegedAccessManagerTransport,Callable[..., PrivilegedAccessManagerTransport]]]): - The transport to use, or a Callable that constructs and returns a new transport. - If a Callable is given, it will be called with the same set of initialization - arguments as used in the PrivilegedAccessManagerTransport constructor. - If set to None, a transport is chosen automatically. - client_options (Optional[Union[google.api_core.client_options.ClientOptions, dict]]): - Custom options for the client. - - 1. The ``api_endpoint`` property can be used to override the - default endpoint provided by the client when ``transport`` is - not explicitly provided. Only if this property is not set and - ``transport`` was not explicitly provided, the endpoint is - determined by the GOOGLE_API_USE_MTLS_ENDPOINT environment - variable, which have one of the following values: - "always" (always use the default mTLS endpoint), "never" (always - use the default regular endpoint) and "auto" (auto-switch to the - default mTLS endpoint if client certificate is present; this is - the default value). - - 2. If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable - is "true", then the ``client_cert_source`` property can be used - to provide a client certificate for mTLS transport. If - not provided, the default SSL client certificate will be used if - present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not - set, no client certificate will be used. - - 3. The ``universe_domain`` property can be used to override the - default "googleapis.com" universe. Note that the ``api_endpoint`` - property still takes precedence; and ``universe_domain`` is - currently not supported for mTLS. - - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport - creation failed for any reason. - """ - self._client_options = client_options - if isinstance(self._client_options, dict): - self._client_options = client_options_lib.from_dict(self._client_options) - if self._client_options is None: - self._client_options = client_options_lib.ClientOptions() - self._client_options = cast(client_options_lib.ClientOptions, self._client_options) - - universe_domain_opt = getattr(self._client_options, 'universe_domain', None) - - self._use_client_cert, self._use_mtls_endpoint, self._universe_domain_env = PrivilegedAccessManagerClient._read_environment_variables() - self._client_cert_source = PrivilegedAccessManagerClient._get_client_cert_source(self._client_options.client_cert_source, self._use_client_cert) - self._universe_domain = PrivilegedAccessManagerClient._get_universe_domain(universe_domain_opt, self._universe_domain_env) - self._api_endpoint = None # updated below, depending on `transport` - - # Initialize the universe domain validation. - self._is_universe_domain_valid = False - - if CLIENT_LOGGING_SUPPORTED: # pragma: NO COVER - # Setup logging. - client_logging.initialize_logging() - - api_key_value = getattr(self._client_options, "api_key", None) - if api_key_value and credentials: - raise ValueError("client_options.api_key and credentials are mutually exclusive") - - # Save or instantiate the transport. - # Ordinarily, we provide the transport, but allowing a custom transport - # instance provides an extensibility point for unusual situations. - transport_provided = isinstance(transport, PrivilegedAccessManagerTransport) - if transport_provided: - # transport is a PrivilegedAccessManagerTransport instance. - if credentials or self._client_options.credentials_file or api_key_value: - raise ValueError("When providing a transport instance, " - "provide its credentials directly.") - if self._client_options.scopes: - raise ValueError( - "When providing a transport instance, provide its scopes " - "directly." - ) - self._transport = cast(PrivilegedAccessManagerTransport, transport) - self._api_endpoint = self._transport.host - - self._api_endpoint = (self._api_endpoint or - PrivilegedAccessManagerClient._get_api_endpoint( - self._client_options.api_endpoint, - self._client_cert_source, - self._universe_domain, - self._use_mtls_endpoint)) - - if not transport_provided: - import google.auth._default # type: ignore - - if api_key_value and hasattr(google.auth._default, "get_api_key_credentials"): - credentials = google.auth._default.get_api_key_credentials(api_key_value) - - transport_init: Union[Type[PrivilegedAccessManagerTransport], Callable[..., PrivilegedAccessManagerTransport]] = ( - PrivilegedAccessManagerClient.get_transport_class(transport) - if isinstance(transport, str) or transport is None - else cast(Callable[..., PrivilegedAccessManagerTransport], transport) - ) - # initialize with the provided callable or the passed in class - self._transport = transport_init( - credentials=credentials, - credentials_file=self._client_options.credentials_file, - host=self._api_endpoint, - scopes=self._client_options.scopes, - client_cert_source_for_mtls=self._client_cert_source, - quota_project_id=self._client_options.quota_project_id, - client_info=client_info, - always_use_jwt_access=True, - api_audience=self._client_options.api_audience, - ) - - if "async" not in str(self._transport): - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(std_logging.DEBUG): # pragma: NO COVER - _LOGGER.debug( - "Created client `google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient`.", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "universeDomain": getattr(self._transport._credentials, "universe_domain", ""), - "credentialsType": f"{type(self._transport._credentials).__module__}.{type(self._transport._credentials).__qualname__}", - "credentialsInfo": getattr(self.transport._credentials, "get_cred_info", lambda: None)(), - } if hasattr(self._transport, "_credentials") else { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "credentialsType": None, - } - ) - - def check_onboarding_status(self, - request: Optional[Union[privilegedaccessmanager.CheckOnboardingStatusRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.CheckOnboardingStatusResponse: - r"""``CheckOnboardingStatus`` reports the onboarding status for a - project/folder/organization. Any findings reported by this API - need to be fixed before PAM can be used on the resource. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_check_onboarding_status(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CheckOnboardingStatusRequest( - parent="parent_value", - ) - - # Make the request - response = client.check_onboarding_status(request=request) - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusRequest, dict]): - The request object. Request message for ``CheckOnboardingStatus`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse: - Response message for CheckOnboardingStatus method. - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.CheckOnboardingStatusRequest): - request = privilegedaccessmanager.CheckOnboardingStatusRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.check_onboarding_status] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def list_entitlements(self, - request: Optional[Union[privilegedaccessmanager.ListEntitlementsRequest, dict]] = None, - *, - parent: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> pagers.ListEntitlementsPager: - r"""Lists entitlements in a given - project/folder/organization and location. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_list_entitlements(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ListEntitlementsRequest( - parent="parent_value", - ) - - # Make the request - page_result = client.list_entitlements(request=request) - - # Handle the response - for response in page_result: - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest, dict]): - The request object. Message for requesting list of - entitlements. - parent (str): - Required. The parent which owns the - entitlement resources. - - This corresponds to the ``parent`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListEntitlementsPager: - Message for response to listing - entitlements. - Iterating over this object will yield - results and resolve additional pages - automatically. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [parent] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError('If the `request` argument is set, then none of ' - 'the individual field arguments should be set.') - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.ListEntitlementsRequest): - request = privilegedaccessmanager.ListEntitlementsRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if parent is not None: - request.parent = parent - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.list_entitlements] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__iter__` convenience method. - response = pagers.ListEntitlementsPager( - method=rpc, - request=request, - response=response, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def search_entitlements(self, - request: Optional[Union[privilegedaccessmanager.SearchEntitlementsRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> pagers.SearchEntitlementsPager: - r"""``SearchEntitlements`` returns entitlements on which the caller - has the specified access. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_search_entitlements(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.SearchEntitlementsRequest( - parent="parent_value", - caller_access_type="GRANT_APPROVER", - ) - - # Make the request - page_result = client.search_entitlements(request=request) - - # Handle the response - for response in page_result: - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest, dict]): - The request object. Request message for ``SearchEntitlements`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchEntitlementsPager: - Response message for SearchEntitlements method. - - Iterating over this object will yield results and - resolve additional pages automatically. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.SearchEntitlementsRequest): - request = privilegedaccessmanager.SearchEntitlementsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.search_entitlements] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__iter__` convenience method. - response = pagers.SearchEntitlementsPager( - method=rpc, - request=request, - response=response, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def get_entitlement(self, - request: Optional[Union[privilegedaccessmanager.GetEntitlementRequest, dict]] = None, - *, - name: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Entitlement: - r"""Gets details of a single entitlement. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_get_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.GetEntitlementRequest( - name="name_value", - ) - - # Make the request - response = client.get_entitlement(request=request) - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.GetEntitlementRequest, dict]): - The request object. Message for getting an entitlement. - name (str): - Required. Name of the resource. - This corresponds to the ``name`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Entitlement: - An entitlement defines the - eligibility of a set of users to obtain - predefined access for some time possibly - after going through an approval - workflow. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [name] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError('If the `request` argument is set, then none of ' - 'the individual field arguments should be set.') - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.GetEntitlementRequest): - request = privilegedaccessmanager.GetEntitlementRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if name is not None: - request.name = name - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.get_entitlement] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def create_entitlement(self, - request: Optional[Union[privilegedaccessmanager.CreateEntitlementRequest, dict]] = None, - *, - parent: Optional[str] = None, - entitlement: Optional[privilegedaccessmanager.Entitlement] = None, - entitlement_id: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operation.Operation: - r"""Creates a new entitlement in a given - project/folder/organization and location. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_create_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CreateEntitlementRequest( - parent="parent_value", - entitlement_id="entitlement_id_value", - ) - - # Make the request - operation = client.create_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.CreateEntitlementRequest, dict]): - The request object. Message for creating an entitlement. - parent (str): - Required. Name of the parent resource for the - entitlement. Possible formats: - - - ``organizations/{organization-number}/locations/{region}`` - - ``folders/{folder-number}/locations/{region}`` - - ``projects/{project-id|project-number}/locations/{region}`` - - This corresponds to the ``parent`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - entitlement (google.cloud.privilegedaccessmanager_v1.types.Entitlement): - Required. The resource being created - This corresponds to the ``entitlement`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - entitlement_id (str): - Required. The ID to use for this entitlement. This - becomes the last part of the resource name. - - This value should be 4-63 characters in length, and - valid characters are "[a-z]", "[0-9]", and "-". The - first character should be from [a-z]. - - This value should be unique among all other entitlements - under the specified ``parent``. - - This corresponds to the ``entitlement_id`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.api_core.operation.Operation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain - predefined access for some time possibly after going - through an approval workflow. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [parent, entitlement, entitlement_id] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError('If the `request` argument is set, then none of ' - 'the individual field arguments should be set.') - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.CreateEntitlementRequest): - request = privilegedaccessmanager.CreateEntitlementRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if parent is not None: - request.parent = parent - if entitlement is not None: - request.entitlement = entitlement - if entitlement_id is not None: - request.entitlement_id = entitlement_id - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.create_entitlement] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation.from_gapic( - response, - self._transport.operations_client, - privilegedaccessmanager.Entitlement, - metadata_type=privilegedaccessmanager.OperationMetadata, - ) - - # Done; return the response. - return response - - def delete_entitlement(self, - request: Optional[Union[privilegedaccessmanager.DeleteEntitlementRequest, dict]] = None, - *, - name: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operation.Operation: - r"""Deletes a single entitlement. This method can only be called - when there are no in-progress - (``ACTIVE``/``ACTIVATING``/``REVOKING``) grants under the - entitlement. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_delete_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.DeleteEntitlementRequest( - name="name_value", - ) - - # Make the request - operation = client.delete_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.DeleteEntitlementRequest, dict]): - The request object. Message for deleting an entitlement. - name (str): - Required. Name of the resource. - This corresponds to the ``name`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.api_core.operation.Operation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain - predefined access for some time possibly after going - through an approval workflow. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [name] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError('If the `request` argument is set, then none of ' - 'the individual field arguments should be set.') - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.DeleteEntitlementRequest): - request = privilegedaccessmanager.DeleteEntitlementRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if name is not None: - request.name = name - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.delete_entitlement] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation.from_gapic( - response, - self._transport.operations_client, - privilegedaccessmanager.Entitlement, - metadata_type=privilegedaccessmanager.OperationMetadata, - ) - - # Done; return the response. - return response - - def update_entitlement(self, - request: Optional[Union[privilegedaccessmanager.UpdateEntitlementRequest, dict]] = None, - *, - entitlement: Optional[privilegedaccessmanager.Entitlement] = None, - update_mask: Optional[field_mask_pb2.FieldMask] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operation.Operation: - r"""Updates the entitlement specified in the request. Updated fields - in the entitlement need to be specified in an update mask. The - changes made to an entitlement are applicable only on future - grants of the entitlement. However, if new approvers are added - or existing approvers are removed from the approval workflow, - the changes are effective on existing grants. - - The following fields are not supported for updates: - - - All immutable fields - - Entitlement name - - Resource name - - Resource type - - Adding an approval workflow in an entitlement which - previously had no approval workflow. - - Deleting the approval workflow from an entitlement. - - Adding or deleting a step in the approval workflow (only one - step is supported) - - Note that updates are allowed on the list of approvers in an - approval workflow step. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_update_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.UpdateEntitlementRequest( - ) - - # Make the request - operation = client.update_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.UpdateEntitlementRequest, dict]): - The request object. Message for updating an entitlement. - entitlement (google.cloud.privilegedaccessmanager_v1.types.Entitlement): - Required. The entitlement resource - that is updated. - - This corresponds to the ``entitlement`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - update_mask (google.protobuf.field_mask_pb2.FieldMask): - Required. The list of fields to update. A field is - overwritten if, and only if, it is in the mask. Any - immutable fields set in the mask are ignored by the - server. Repeated fields and map fields are only allowed - in the last position of a ``paths`` string and overwrite - the existing values. Hence an update to a repeated field - or a map should contain the entire list of values. The - fields specified in the update_mask are relative to the - resource and not to the request. (e.g. - ``MaxRequestDuration``; *not* - ``entitlement.MaxRequestDuration``) A value of '*' for - this field refers to full replacement of the resource. - - This corresponds to the ``update_mask`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.api_core.operation.Operation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Entitlement` An entitlement defines the eligibility of a set of users to obtain - predefined access for some time possibly after going - through an approval workflow. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [entitlement, update_mask] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError('If the `request` argument is set, then none of ' - 'the individual field arguments should be set.') - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.UpdateEntitlementRequest): - request = privilegedaccessmanager.UpdateEntitlementRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if entitlement is not None: - request.entitlement = entitlement - if update_mask is not None: - request.update_mask = update_mask - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.update_entitlement] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("entitlement.name", request.entitlement.name), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation.from_gapic( - response, - self._transport.operations_client, - privilegedaccessmanager.Entitlement, - metadata_type=privilegedaccessmanager.OperationMetadata, - ) - - # Done; return the response. - return response - - def list_grants(self, - request: Optional[Union[privilegedaccessmanager.ListGrantsRequest, dict]] = None, - *, - parent: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> pagers.ListGrantsPager: - r"""Lists grants for a given entitlement. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_list_grants(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ListGrantsRequest( - parent="parent_value", - ) - - # Make the request - page_result = client.list_grants(request=request) - - # Handle the response - for response in page_result: - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest, dict]): - The request object. Message for requesting list of - grants. - parent (str): - Required. The parent resource which - owns the grants. - - This corresponds to the ``parent`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListGrantsPager: - Message for response to listing - grants. - Iterating over this object will yield - results and resolve additional pages - automatically. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [parent] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError('If the `request` argument is set, then none of ' - 'the individual field arguments should be set.') - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.ListGrantsRequest): - request = privilegedaccessmanager.ListGrantsRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if parent is not None: - request.parent = parent - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.list_grants] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__iter__` convenience method. - response = pagers.ListGrantsPager( - method=rpc, - request=request, - response=response, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def search_grants(self, - request: Optional[Union[privilegedaccessmanager.SearchGrantsRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> pagers.SearchGrantsPager: - r"""``SearchGrants`` returns grants that are related to the calling - user in the specified way. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_search_grants(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.SearchGrantsRequest( - parent="parent_value", - caller_relationship="HAD_APPROVED", - ) - - # Make the request - page_result = client.search_grants(request=request) - - # Handle the response - for response in page_result: - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest, dict]): - The request object. Request message for ``SearchGrants`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchGrantsPager: - Response message for SearchGrants method. - - Iterating over this object will yield results and - resolve additional pages automatically. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.SearchGrantsRequest): - request = privilegedaccessmanager.SearchGrantsRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.search_grants] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # This method is paged; wrap the response in a pager, which provides - # an `__iter__` convenience method. - response = pagers.SearchGrantsPager( - method=rpc, - request=request, - response=response, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def get_grant(self, - request: Optional[Union[privilegedaccessmanager.GetGrantRequest, dict]] = None, - *, - name: Optional[str] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Grant: - r"""Get details of a single grant. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_get_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.GetGrantRequest( - name="name_value", - ) - - # Make the request - response = client.get_grant(request=request) - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.GetGrantRequest, dict]): - The request object. Message for getting a grant. - name (str): - Required. Name of the resource. - This corresponds to the ``name`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [name] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError('If the `request` argument is set, then none of ' - 'the individual field arguments should be set.') - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.GetGrantRequest): - request = privilegedaccessmanager.GetGrantRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if name is not None: - request.name = name - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.get_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def create_grant(self, - request: Optional[Union[privilegedaccessmanager.CreateGrantRequest, dict]] = None, - *, - parent: Optional[str] = None, - grant: Optional[privilegedaccessmanager.Grant] = None, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Grant: - r"""Creates a new grant in a given - project/folder/organization and location. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_create_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CreateGrantRequest( - parent="parent_value", - ) - - # Make the request - response = client.create_grant(request=request) - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.CreateGrantRequest, dict]): - The request object. Message for creating a grant - parent (str): - Required. Name of the parent - entitlement for which this grant is - being requested. - - This corresponds to the ``parent`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - grant (google.cloud.privilegedaccessmanager_v1.types.Grant): - Required. The resource being created. - This corresponds to the ``grant`` field - on the ``request`` instance; if ``request`` is provided, this - should not be set. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Quick check: If we got a request object, we should *not* have - # gotten any keyword arguments that map to the request. - flattened_params = [parent, grant] - has_flattened_params = len([param for param in flattened_params if param is not None]) > 0 - if request is not None and has_flattened_params: - raise ValueError('If the `request` argument is set, then none of ' - 'the individual field arguments should be set.') - - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.CreateGrantRequest): - request = privilegedaccessmanager.CreateGrantRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. - if parent is not None: - request.parent = parent - if grant is not None: - request.grant = grant - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.create_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("parent", request.parent), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def approve_grant(self, - request: Optional[Union[privilegedaccessmanager.ApproveGrantRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Grant: - r"""``ApproveGrant`` is used to approve a grant. This method can - only be called on a grant when it's in the ``APPROVAL_AWAITED`` - state. This operation can't be undone. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_approve_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ApproveGrantRequest( - name="name_value", - ) - - # Make the request - response = client.approve_grant(request=request) - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.ApproveGrantRequest, dict]): - The request object. Request message for ``ApproveGrant`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.ApproveGrantRequest): - request = privilegedaccessmanager.ApproveGrantRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.approve_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def deny_grant(self, - request: Optional[Union[privilegedaccessmanager.DenyGrantRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> privilegedaccessmanager.Grant: - r"""``DenyGrant`` is used to deny a grant. This method can only be - called on a grant when it's in the ``APPROVAL_AWAITED`` state. - This operation can't be undone. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_deny_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.DenyGrantRequest( - name="name_value", - ) - - # Make the request - response = client.deny_grant(request=request) - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.DenyGrantRequest, dict]): - The request object. Request message for ``DenyGrant`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.cloud.privilegedaccessmanager_v1.types.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.DenyGrantRequest): - request = privilegedaccessmanager.DenyGrantRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.deny_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Done; return the response. - return response - - def revoke_grant(self, - request: Optional[Union[privilegedaccessmanager.RevokeGrantRequest, dict]] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operation.Operation: - r"""``RevokeGrant`` is used to immediately revoke access for a - grant. This method can be called when the grant is in a - non-terminal state. - - .. code-block:: python - - # This snippet has been automatically generated and should be regarded as a - # code template only. - # It will require modifications to work: - # - It may require correct/in-range values for request initialization. - # - It may require specifying regional endpoints when creating the service - # client as shown in: - # https://googleapis.dev/python/google-api-core/latest/client_options.html - from google.cloud import privilegedaccessmanager_v1 - - def sample_revoke_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.RevokeGrantRequest( - name="name_value", - ) - - # Make the request - operation = client.revoke_grant(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - - Args: - request (Union[google.cloud.privilegedaccessmanager_v1.types.RevokeGrantRequest, dict]): - The request object. Request message for ``RevokeGrant`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - google.api_core.operation.Operation: - An object representing a long-running operation. - - The result type for the operation will be :class:`google.cloud.privilegedaccessmanager_v1.types.Grant` A grant represents a request from a user for obtaining the access specified - in an entitlement they are eligible for. - - """ - # Create or coerce a protobuf request object. - # - Use the request object if provided (there's no risk of modifying the input as - # there are no flattened fields), or create one. - if not isinstance(request, privilegedaccessmanager.RevokeGrantRequest): - request = privilegedaccessmanager.RevokeGrantRequest(request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.revoke_grant] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ("name", request.name), - )), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - response = rpc( - request, - retry=retry, - timeout=timeout, - metadata=metadata, - ) - - # Wrap the response in an operation future. - response = operation.from_gapic( - response, - self._transport.operations_client, - privilegedaccessmanager.Grant, - metadata_type=privilegedaccessmanager.OperationMetadata, - ) - - # Done; return the response. - return response - - def __enter__(self) -> "PrivilegedAccessManagerClient": - return self - - def __exit__(self, type, value, traceback): - """Releases underlying transport's resources. - - .. warning:: - ONLY use as a context manager if the transport is NOT shared - with other clients! Exiting the with block will CLOSE the transport - and may cause errors in other clients! - """ - self.transport.close() - - def list_operations( - self, - request: Optional[operations_pb2.ListOperationsRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operations_pb2.ListOperationsResponse: - r"""Lists operations that match the specified filter in the request. - - Args: - request (:class:`~.operations_pb2.ListOperationsRequest`): - The request object. Request message for - `ListOperations` method. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - ~.operations_pb2.ListOperationsResponse: - Response message for ``ListOperations`` method. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = operations_pb2.ListOperationsRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.list_operations] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - try: - # Send the request. - response = rpc( - request, retry=retry, timeout=timeout, metadata=metadata,) - - # Done; return the response. - return response - except core_exceptions.GoogleAPICallError as e: - self._add_cred_info_for_auth_errors(e) - raise e - - def get_operation( - self, - request: Optional[operations_pb2.GetOperationRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> operations_pb2.Operation: - r"""Gets the latest state of a long-running operation. - - Args: - request (:class:`~.operations_pb2.GetOperationRequest`): - The request object. Request message for - `GetOperation` method. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - ~.operations_pb2.Operation: - An ``Operation`` object. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = operations_pb2.GetOperationRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.get_operation] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - try: - # Send the request. - response = rpc( - request, retry=retry, timeout=timeout, metadata=metadata,) - - # Done; return the response. - return response - except core_exceptions.GoogleAPICallError as e: - self._add_cred_info_for_auth_errors(e) - raise e - - def delete_operation( - self, - request: Optional[operations_pb2.DeleteOperationRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> None: - r"""Deletes a long-running operation. - - This method indicates that the client is no longer interested - in the operation result. It does not cancel the operation. - If the server doesn't support this method, it returns - `google.rpc.Code.UNIMPLEMENTED`. - - Args: - request (:class:`~.operations_pb2.DeleteOperationRequest`): - The request object. Request message for - `DeleteOperation` method. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - None - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = operations_pb2.DeleteOperationRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.delete_operation] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - # Send the request. - rpc(request, retry=retry, timeout=timeout, metadata=metadata,) - - def get_location( - self, - request: Optional[locations_pb2.GetLocationRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> locations_pb2.Location: - r"""Gets information about a location. - - Args: - request (:class:`~.location_pb2.GetLocationRequest`): - The request object. Request message for - `GetLocation` method. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - ~.location_pb2.Location: - Location object. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = locations_pb2.GetLocationRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.get_location] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - try: - # Send the request. - response = rpc( - request, retry=retry, timeout=timeout, metadata=metadata,) - - # Done; return the response. - return response - except core_exceptions.GoogleAPICallError as e: - self._add_cred_info_for_auth_errors(e) - raise e - - def list_locations( - self, - request: Optional[locations_pb2.ListLocationsRequest] = None, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = (), - ) -> locations_pb2.ListLocationsResponse: - r"""Lists information about the supported locations for this service. - - Args: - request (:class:`~.location_pb2.ListLocationsRequest`): - The request object. Request message for - `ListLocations` method. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - Returns: - ~.location_pb2.ListLocationsResponse: - Response message for ``ListLocations`` method. - """ - # Create or coerce a protobuf request object. - # The request isn't a proto-plus wrapped type, - # so it must be constructed via keyword expansion. - if isinstance(request, dict): - request = locations_pb2.ListLocationsRequest(**request) - - # Wrap the RPC method; this adds retry and timeout information, - # and friendly error handling. - rpc = self._transport._wrapped_methods[self._transport.list_locations] - - # Certain fields should be provided within the metadata header; - # add these here. - metadata = tuple(metadata) + ( - gapic_v1.routing_header.to_grpc_metadata( - (("name", request.name),)), - ) - - # Validate the universe domain. - self._validate_universe_domain() - - try: - # Send the request. - response = rpc( - request, retry=retry, timeout=timeout, metadata=metadata,) - - # Done; return the response. - return response - except core_exceptions.GoogleAPICallError as e: - self._add_cred_info_for_auth_errors(e) - raise e - - -DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(gapic_version=package_version.__version__) - -if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER - DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__ - -__all__ = ( - "PrivilegedAccessManagerClient", -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/pagers.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/pagers.py deleted file mode 100644 index 574887b30413..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/pagers.py +++ /dev/null @@ -1,583 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from google.api_core import gapic_v1 -from google.api_core import retry as retries -from google.api_core import retry_async as retries_async -from typing import Any, AsyncIterator, Awaitable, Callable, Sequence, Tuple, Optional, Iterator, Union -try: - OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None] - OptionalAsyncRetry = Union[retries_async.AsyncRetry, gapic_v1.method._MethodDefault, None] -except AttributeError: # pragma: NO COVER - OptionalRetry = Union[retries.Retry, object, None] # type: ignore - OptionalAsyncRetry = Union[retries_async.AsyncRetry, object, None] # type: ignore - -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager - - -class ListEntitlementsPager: - """A pager for iterating through ``list_entitlements`` requests. - - This class thinly wraps an initial - :class:`google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse` object, and - provides an ``__iter__`` method to iterate through its - ``entitlements`` field. - - If there are more pages, the ``__iter__`` method will make additional - ``ListEntitlements`` requests and continue to iterate - through the ``entitlements`` field on the - corresponding responses. - - All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., privilegedaccessmanager.ListEntitlementsResponse], - request: privilegedaccessmanager.ListEntitlementsRequest, - response: privilegedaccessmanager.ListEntitlementsResponse, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): - """Instantiate the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest): - The initial request object. - response (google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse): - The initial response object. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - self._method = method - self._request = privilegedaccessmanager.ListEntitlementsRequest(request) - self._response = response - self._retry = retry - self._timeout = timeout - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - def pages(self) -> Iterator[privilegedaccessmanager.ListEntitlementsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) - yield self._response - - def __iter__(self) -> Iterator[privilegedaccessmanager.Entitlement]: - for page in self.pages: - yield from page.entitlements - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) - - -class ListEntitlementsAsyncPager: - """A pager for iterating through ``list_entitlements`` requests. - - This class thinly wraps an initial - :class:`google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse` object, and - provides an ``__aiter__`` method to iterate through its - ``entitlements`` field. - - If there are more pages, the ``__aiter__`` method will make additional - ``ListEntitlements`` requests and continue to iterate - through the ``entitlements`` field on the - corresponding responses. - - All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., Awaitable[privilegedaccessmanager.ListEntitlementsResponse]], - request: privilegedaccessmanager.ListEntitlementsRequest, - response: privilegedaccessmanager.ListEntitlementsResponse, - *, - retry: OptionalAsyncRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): - """Instantiates the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest): - The initial request object. - response (google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsResponse): - The initial response object. - retry (google.api_core.retry.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - self._method = method - self._request = privilegedaccessmanager.ListEntitlementsRequest(request) - self._response = response - self._retry = retry - self._timeout = timeout - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - async def pages(self) -> AsyncIterator[privilegedaccessmanager.ListEntitlementsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = await self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) - yield self._response - def __aiter__(self) -> AsyncIterator[privilegedaccessmanager.Entitlement]: - async def async_generator(): - async for page in self.pages: - for response in page.entitlements: - yield response - - return async_generator() - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) - - -class SearchEntitlementsPager: - """A pager for iterating through ``search_entitlements`` requests. - - This class thinly wraps an initial - :class:`google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse` object, and - provides an ``__iter__`` method to iterate through its - ``entitlements`` field. - - If there are more pages, the ``__iter__`` method will make additional - ``SearchEntitlements`` requests and continue to iterate - through the ``entitlements`` field on the - corresponding responses. - - All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., privilegedaccessmanager.SearchEntitlementsResponse], - request: privilegedaccessmanager.SearchEntitlementsRequest, - response: privilegedaccessmanager.SearchEntitlementsResponse, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): - """Instantiate the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest): - The initial request object. - response (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse): - The initial response object. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - self._method = method - self._request = privilegedaccessmanager.SearchEntitlementsRequest(request) - self._response = response - self._retry = retry - self._timeout = timeout - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - def pages(self) -> Iterator[privilegedaccessmanager.SearchEntitlementsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) - yield self._response - - def __iter__(self) -> Iterator[privilegedaccessmanager.Entitlement]: - for page in self.pages: - yield from page.entitlements - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) - - -class SearchEntitlementsAsyncPager: - """A pager for iterating through ``search_entitlements`` requests. - - This class thinly wraps an initial - :class:`google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse` object, and - provides an ``__aiter__`` method to iterate through its - ``entitlements`` field. - - If there are more pages, the ``__aiter__`` method will make additional - ``SearchEntitlements`` requests and continue to iterate - through the ``entitlements`` field on the - corresponding responses. - - All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., Awaitable[privilegedaccessmanager.SearchEntitlementsResponse]], - request: privilegedaccessmanager.SearchEntitlementsRequest, - response: privilegedaccessmanager.SearchEntitlementsResponse, - *, - retry: OptionalAsyncRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): - """Instantiates the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest): - The initial request object. - response (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsResponse): - The initial response object. - retry (google.api_core.retry.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - self._method = method - self._request = privilegedaccessmanager.SearchEntitlementsRequest(request) - self._response = response - self._retry = retry - self._timeout = timeout - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - async def pages(self) -> AsyncIterator[privilegedaccessmanager.SearchEntitlementsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = await self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) - yield self._response - def __aiter__(self) -> AsyncIterator[privilegedaccessmanager.Entitlement]: - async def async_generator(): - async for page in self.pages: - for response in page.entitlements: - yield response - - return async_generator() - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) - - -class ListGrantsPager: - """A pager for iterating through ``list_grants`` requests. - - This class thinly wraps an initial - :class:`google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse` object, and - provides an ``__iter__`` method to iterate through its - ``grants`` field. - - If there are more pages, the ``__iter__`` method will make additional - ``ListGrants`` requests and continue to iterate - through the ``grants`` field on the - corresponding responses. - - All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., privilegedaccessmanager.ListGrantsResponse], - request: privilegedaccessmanager.ListGrantsRequest, - response: privilegedaccessmanager.ListGrantsResponse, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): - """Instantiate the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest): - The initial request object. - response (google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse): - The initial response object. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - self._method = method - self._request = privilegedaccessmanager.ListGrantsRequest(request) - self._response = response - self._retry = retry - self._timeout = timeout - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - def pages(self) -> Iterator[privilegedaccessmanager.ListGrantsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) - yield self._response - - def __iter__(self) -> Iterator[privilegedaccessmanager.Grant]: - for page in self.pages: - yield from page.grants - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) - - -class ListGrantsAsyncPager: - """A pager for iterating through ``list_grants`` requests. - - This class thinly wraps an initial - :class:`google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse` object, and - provides an ``__aiter__`` method to iterate through its - ``grants`` field. - - If there are more pages, the ``__aiter__`` method will make additional - ``ListGrants`` requests and continue to iterate - through the ``grants`` field on the - corresponding responses. - - All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., Awaitable[privilegedaccessmanager.ListGrantsResponse]], - request: privilegedaccessmanager.ListGrantsRequest, - response: privilegedaccessmanager.ListGrantsResponse, - *, - retry: OptionalAsyncRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): - """Instantiates the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest): - The initial request object. - response (google.cloud.privilegedaccessmanager_v1.types.ListGrantsResponse): - The initial response object. - retry (google.api_core.retry.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - self._method = method - self._request = privilegedaccessmanager.ListGrantsRequest(request) - self._response = response - self._retry = retry - self._timeout = timeout - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - async def pages(self) -> AsyncIterator[privilegedaccessmanager.ListGrantsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = await self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) - yield self._response - def __aiter__(self) -> AsyncIterator[privilegedaccessmanager.Grant]: - async def async_generator(): - async for page in self.pages: - for response in page.grants: - yield response - - return async_generator() - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) - - -class SearchGrantsPager: - """A pager for iterating through ``search_grants`` requests. - - This class thinly wraps an initial - :class:`google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse` object, and - provides an ``__iter__`` method to iterate through its - ``grants`` field. - - If there are more pages, the ``__iter__`` method will make additional - ``SearchGrants`` requests and continue to iterate - through the ``grants`` field on the - corresponding responses. - - All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., privilegedaccessmanager.SearchGrantsResponse], - request: privilegedaccessmanager.SearchGrantsRequest, - response: privilegedaccessmanager.SearchGrantsResponse, - *, - retry: OptionalRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): - """Instantiate the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest): - The initial request object. - response (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse): - The initial response object. - retry (google.api_core.retry.Retry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - self._method = method - self._request = privilegedaccessmanager.SearchGrantsRequest(request) - self._response = response - self._retry = retry - self._timeout = timeout - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - def pages(self) -> Iterator[privilegedaccessmanager.SearchGrantsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) - yield self._response - - def __iter__(self) -> Iterator[privilegedaccessmanager.Grant]: - for page in self.pages: - yield from page.grants - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) - - -class SearchGrantsAsyncPager: - """A pager for iterating through ``search_grants`` requests. - - This class thinly wraps an initial - :class:`google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse` object, and - provides an ``__aiter__`` method to iterate through its - ``grants`` field. - - If there are more pages, the ``__aiter__`` method will make additional - ``SearchGrants`` requests and continue to iterate - through the ``grants`` field on the - corresponding responses. - - All the usual :class:`google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse` - attributes are available on the pager. If multiple requests are made, only - the most recent response is retained, and thus used for attribute lookup. - """ - def __init__(self, - method: Callable[..., Awaitable[privilegedaccessmanager.SearchGrantsResponse]], - request: privilegedaccessmanager.SearchGrantsRequest, - response: privilegedaccessmanager.SearchGrantsResponse, - *, - retry: OptionalAsyncRetry = gapic_v1.method.DEFAULT, - timeout: Union[float, object] = gapic_v1.method.DEFAULT, - metadata: Sequence[Tuple[str, Union[str, bytes]]] = ()): - """Instantiates the pager. - - Args: - method (Callable): The method that was originally called, and - which instantiated this pager. - request (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest): - The initial request object. - response (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsResponse): - The initial response object. - retry (google.api_core.retry.AsyncRetry): Designation of what errors, - if any, should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - self._method = method - self._request = privilegedaccessmanager.SearchGrantsRequest(request) - self._response = response - self._retry = retry - self._timeout = timeout - self._metadata = metadata - - def __getattr__(self, name: str) -> Any: - return getattr(self._response, name) - - @property - async def pages(self) -> AsyncIterator[privilegedaccessmanager.SearchGrantsResponse]: - yield self._response - while self._response.next_page_token: - self._request.page_token = self._response.next_page_token - self._response = await self._method(self._request, retry=self._retry, timeout=self._timeout, metadata=self._metadata) - yield self._response - def __aiter__(self) -> AsyncIterator[privilegedaccessmanager.Grant]: - async def async_generator(): - async for page in self.pages: - for response in page.grants: - yield response - - return async_generator() - - def __repr__(self) -> str: - return '{0}<{1!r}>'.format(self.__class__.__name__, self._response) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/README.rst b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/README.rst deleted file mode 100644 index 7ab2494d17da..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/README.rst +++ /dev/null @@ -1,9 +0,0 @@ - -transport inheritance structure -_______________________________ - -`PrivilegedAccessManagerTransport` is the ABC for all transports. -- public child `PrivilegedAccessManagerGrpcTransport` for sync gRPC transport (defined in `grpc.py`). -- public child `PrivilegedAccessManagerGrpcAsyncIOTransport` for async gRPC transport (defined in `grpc_asyncio.py`). -- private child `_BasePrivilegedAccessManagerRestTransport` for base REST transport with inner classes `_BaseMETHOD` (defined in `rest_base.py`). -- public child `PrivilegedAccessManagerRestTransport` for sync REST transport with inner classes `METHOD` derived from the parent's corresponding `_BaseMETHOD` classes (defined in `rest.py`). diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/__init__.py deleted file mode 100644 index a69a112bc5d0..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/__init__.py +++ /dev/null @@ -1,38 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from collections import OrderedDict -from typing import Dict, Type - -from .base import PrivilegedAccessManagerTransport -from .grpc import PrivilegedAccessManagerGrpcTransport -from .grpc_asyncio import PrivilegedAccessManagerGrpcAsyncIOTransport -from .rest import PrivilegedAccessManagerRestTransport -from .rest import PrivilegedAccessManagerRestInterceptor - - -# Compile a registry of transports. -_transport_registry = OrderedDict() # type: Dict[str, Type[PrivilegedAccessManagerTransport]] -_transport_registry['grpc'] = PrivilegedAccessManagerGrpcTransport -_transport_registry['grpc_asyncio'] = PrivilegedAccessManagerGrpcAsyncIOTransport -_transport_registry['rest'] = PrivilegedAccessManagerRestTransport - -__all__ = ( - 'PrivilegedAccessManagerTransport', - 'PrivilegedAccessManagerGrpcTransport', - 'PrivilegedAccessManagerGrpcAsyncIOTransport', - 'PrivilegedAccessManagerRestTransport', - 'PrivilegedAccessManagerRestInterceptor', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/base.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/base.py deleted file mode 100644 index 4fd8201cac98..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/base.py +++ /dev/null @@ -1,417 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import abc -from typing import Awaitable, Callable, Dict, Optional, Sequence, Union - -from google.cloud.privilegedaccessmanager_v1 import gapic_version as package_version - -import google.auth # type: ignore -import google.api_core -from google.api_core import exceptions as core_exceptions -from google.api_core import gapic_v1 -from google.api_core import retry as retries -from google.api_core import operations_v1 -from google.auth import credentials as ga_credentials # type: ignore -from google.oauth2 import service_account # type: ignore -import google.protobuf - -from google.cloud.location import locations_pb2 # type: ignore -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager -from google.longrunning import operations_pb2 # type: ignore - -DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo(gapic_version=package_version.__version__) - -if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER - DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__ - - -class PrivilegedAccessManagerTransport(abc.ABC): - """Abstract transport class for PrivilegedAccessManager.""" - - AUTH_SCOPES = ( - 'https://www.googleapis.com/auth/cloud-platform', - ) - - DEFAULT_HOST: str = 'privilegedaccessmanager.googleapis.com' - - def __init__( - self, *, - host: str = DEFAULT_HOST, - credentials: Optional[ga_credentials.Credentials] = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - api_audience: Optional[str] = None, - **kwargs, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is mutually exclusive with credentials. - scopes (Optional[Sequence[str]]): A list of scopes. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - """ - - scopes_kwargs = {"scopes": scopes, "default_scopes": self.AUTH_SCOPES} - - # Save the scopes. - self._scopes = scopes - if not hasattr(self, "_ignore_credentials"): - self._ignore_credentials: bool = False - - # If no credentials are provided, then determine the appropriate - # defaults. - if credentials and credentials_file: - raise core_exceptions.DuplicateCredentialArgs("'credentials_file' and 'credentials' are mutually exclusive") - - if credentials_file is not None: - credentials, _ = google.auth.load_credentials_from_file( - credentials_file, - **scopes_kwargs, - quota_project_id=quota_project_id - ) - elif credentials is None and not self._ignore_credentials: - credentials, _ = google.auth.default(**scopes_kwargs, quota_project_id=quota_project_id) - # Don't apply audience if the credentials file passed from user. - if hasattr(credentials, "with_gdch_audience"): - credentials = credentials.with_gdch_audience(api_audience if api_audience else host) - - # If the credentials are service account credentials, then always try to use self signed JWT. - if always_use_jwt_access and isinstance(credentials, service_account.Credentials) and hasattr(service_account.Credentials, "with_always_use_jwt_access"): - credentials = credentials.with_always_use_jwt_access(True) - - # Save the credentials. - self._credentials = credentials - - # Save the hostname. Default to port 443 (HTTPS) if none is specified. - if ':' not in host: - host += ':443' - self._host = host - - @property - def host(self): - return self._host - - def _prep_wrapped_messages(self, client_info): - # Precompute the wrapped methods. - self._wrapped_methods = { - self.check_onboarding_status: gapic_v1.method.wrap_method( - self.check_onboarding_status, - default_timeout=None, - client_info=client_info, - ), - self.list_entitlements: gapic_v1.method.wrap_method( - self.list_entitlements, - default_timeout=None, - client_info=client_info, - ), - self.search_entitlements: gapic_v1.method.wrap_method( - self.search_entitlements, - default_timeout=None, - client_info=client_info, - ), - self.get_entitlement: gapic_v1.method.wrap_method( - self.get_entitlement, - default_timeout=None, - client_info=client_info, - ), - self.create_entitlement: gapic_v1.method.wrap_method( - self.create_entitlement, - default_timeout=None, - client_info=client_info, - ), - self.delete_entitlement: gapic_v1.method.wrap_method( - self.delete_entitlement, - default_timeout=None, - client_info=client_info, - ), - self.update_entitlement: gapic_v1.method.wrap_method( - self.update_entitlement, - default_timeout=None, - client_info=client_info, - ), - self.list_grants: gapic_v1.method.wrap_method( - self.list_grants, - default_timeout=None, - client_info=client_info, - ), - self.search_grants: gapic_v1.method.wrap_method( - self.search_grants, - default_timeout=None, - client_info=client_info, - ), - self.get_grant: gapic_v1.method.wrap_method( - self.get_grant, - default_timeout=None, - client_info=client_info, - ), - self.create_grant: gapic_v1.method.wrap_method( - self.create_grant, - default_timeout=None, - client_info=client_info, - ), - self.approve_grant: gapic_v1.method.wrap_method( - self.approve_grant, - default_timeout=None, - client_info=client_info, - ), - self.deny_grant: gapic_v1.method.wrap_method( - self.deny_grant, - default_timeout=None, - client_info=client_info, - ), - self.revoke_grant: gapic_v1.method.wrap_method( - self.revoke_grant, - default_timeout=None, - client_info=client_info, - ), - self.get_location: gapic_v1.method.wrap_method( - self.get_location, - default_timeout=None, - client_info=client_info, - ), - self.list_locations: gapic_v1.method.wrap_method( - self.list_locations, - default_timeout=None, - client_info=client_info, - ), - self.delete_operation: gapic_v1.method.wrap_method( - self.delete_operation, - default_timeout=None, - client_info=client_info, - ), - self.get_operation: gapic_v1.method.wrap_method( - self.get_operation, - default_timeout=None, - client_info=client_info, - ), - self.list_operations: gapic_v1.method.wrap_method( - self.list_operations, - default_timeout=None, - client_info=client_info, - ), - } - - def close(self): - """Closes resources associated with the transport. - - .. warning:: - Only call this method if the transport is NOT shared - with other clients - this may cause errors in other clients! - """ - raise NotImplementedError() - - @property - def operations_client(self): - """Return the client designed to process long-running operations.""" - raise NotImplementedError() - - @property - def check_onboarding_status(self) -> Callable[ - [privilegedaccessmanager.CheckOnboardingStatusRequest], - Union[ - privilegedaccessmanager.CheckOnboardingStatusResponse, - Awaitable[privilegedaccessmanager.CheckOnboardingStatusResponse] - ]]: - raise NotImplementedError() - - @property - def list_entitlements(self) -> Callable[ - [privilegedaccessmanager.ListEntitlementsRequest], - Union[ - privilegedaccessmanager.ListEntitlementsResponse, - Awaitable[privilegedaccessmanager.ListEntitlementsResponse] - ]]: - raise NotImplementedError() - - @property - def search_entitlements(self) -> Callable[ - [privilegedaccessmanager.SearchEntitlementsRequest], - Union[ - privilegedaccessmanager.SearchEntitlementsResponse, - Awaitable[privilegedaccessmanager.SearchEntitlementsResponse] - ]]: - raise NotImplementedError() - - @property - def get_entitlement(self) -> Callable[ - [privilegedaccessmanager.GetEntitlementRequest], - Union[ - privilegedaccessmanager.Entitlement, - Awaitable[privilegedaccessmanager.Entitlement] - ]]: - raise NotImplementedError() - - @property - def create_entitlement(self) -> Callable[ - [privilegedaccessmanager.CreateEntitlementRequest], - Union[ - operations_pb2.Operation, - Awaitable[operations_pb2.Operation] - ]]: - raise NotImplementedError() - - @property - def delete_entitlement(self) -> Callable[ - [privilegedaccessmanager.DeleteEntitlementRequest], - Union[ - operations_pb2.Operation, - Awaitable[operations_pb2.Operation] - ]]: - raise NotImplementedError() - - @property - def update_entitlement(self) -> Callable[ - [privilegedaccessmanager.UpdateEntitlementRequest], - Union[ - operations_pb2.Operation, - Awaitable[operations_pb2.Operation] - ]]: - raise NotImplementedError() - - @property - def list_grants(self) -> Callable[ - [privilegedaccessmanager.ListGrantsRequest], - Union[ - privilegedaccessmanager.ListGrantsResponse, - Awaitable[privilegedaccessmanager.ListGrantsResponse] - ]]: - raise NotImplementedError() - - @property - def search_grants(self) -> Callable[ - [privilegedaccessmanager.SearchGrantsRequest], - Union[ - privilegedaccessmanager.SearchGrantsResponse, - Awaitable[privilegedaccessmanager.SearchGrantsResponse] - ]]: - raise NotImplementedError() - - @property - def get_grant(self) -> Callable[ - [privilegedaccessmanager.GetGrantRequest], - Union[ - privilegedaccessmanager.Grant, - Awaitable[privilegedaccessmanager.Grant] - ]]: - raise NotImplementedError() - - @property - def create_grant(self) -> Callable[ - [privilegedaccessmanager.CreateGrantRequest], - Union[ - privilegedaccessmanager.Grant, - Awaitable[privilegedaccessmanager.Grant] - ]]: - raise NotImplementedError() - - @property - def approve_grant(self) -> Callable[ - [privilegedaccessmanager.ApproveGrantRequest], - Union[ - privilegedaccessmanager.Grant, - Awaitable[privilegedaccessmanager.Grant] - ]]: - raise NotImplementedError() - - @property - def deny_grant(self) -> Callable[ - [privilegedaccessmanager.DenyGrantRequest], - Union[ - privilegedaccessmanager.Grant, - Awaitable[privilegedaccessmanager.Grant] - ]]: - raise NotImplementedError() - - @property - def revoke_grant(self) -> Callable[ - [privilegedaccessmanager.RevokeGrantRequest], - Union[ - operations_pb2.Operation, - Awaitable[operations_pb2.Operation] - ]]: - raise NotImplementedError() - - @property - def list_operations( - self, - ) -> Callable[ - [operations_pb2.ListOperationsRequest], - Union[operations_pb2.ListOperationsResponse, Awaitable[operations_pb2.ListOperationsResponse]], - ]: - raise NotImplementedError() - - @property - def get_operation( - self, - ) -> Callable[ - [operations_pb2.GetOperationRequest], - Union[operations_pb2.Operation, Awaitable[operations_pb2.Operation]], - ]: - raise NotImplementedError() - - @property - def delete_operation( - self, - ) -> Callable[ - [operations_pb2.DeleteOperationRequest], - None, - ]: - raise NotImplementedError() - - @property - def get_location(self, - ) -> Callable[ - [locations_pb2.GetLocationRequest], - Union[locations_pb2.Location, Awaitable[locations_pb2.Location]], - ]: - raise NotImplementedError() - - @property - def list_locations(self, - ) -> Callable[ - [locations_pb2.ListLocationsRequest], - Union[locations_pb2.ListLocationsResponse, Awaitable[locations_pb2.ListLocationsResponse]], - ]: - raise NotImplementedError() - - @property - def kind(self) -> str: - raise NotImplementedError() - - -__all__ = ( - 'PrivilegedAccessManagerTransport', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc.py deleted file mode 100644 index a330fcf8a5e0..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc.py +++ /dev/null @@ -1,852 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import json -import logging as std_logging -import pickle -import warnings -from typing import Callable, Dict, Optional, Sequence, Tuple, Union - -from google.api_core import grpc_helpers -from google.api_core import operations_v1 -from google.api_core import gapic_v1 -import google.auth # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -from google.protobuf.json_format import MessageToJson -import google.protobuf.message - -import grpc # type: ignore -import proto # type: ignore - -from google.cloud.location import locations_pb2 # type: ignore -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager -from google.longrunning import operations_pb2 # type: ignore -from .base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO - -try: - from google.api_core import client_logging # type: ignore - CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER -except ImportError: # pragma: NO COVER - CLIENT_LOGGING_SUPPORTED = False - -_LOGGER = std_logging.getLogger(__name__) - - -class _LoggingClientInterceptor(grpc.UnaryUnaryClientInterceptor): # pragma: NO COVER - def intercept_unary_unary(self, continuation, client_call_details, request): - logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(std_logging.DEBUG) - if logging_enabled: # pragma: NO COVER - request_metadata = client_call_details.metadata - if isinstance(request, proto.Message): - request_payload = type(request).to_json(request) - elif isinstance(request, google.protobuf.message.Message): - request_payload = MessageToJson(request) - else: - request_payload = f"{type(request).__name__}: {pickle.dumps(request)}" - - request_metadata = { - key: value.decode("utf-8") if isinstance(value, bytes) else value - for key, value in request_metadata - } - grpc_request = { - "payload": request_payload, - "requestMethod": "grpc", - "metadata": dict(request_metadata), - } - _LOGGER.debug( - f"Sending request for {client_call_details.method}", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": str(client_call_details.method), - "request": grpc_request, - "metadata": grpc_request["metadata"], - }, - ) - response = continuation(client_call_details, request) - if logging_enabled: # pragma: NO COVER - response_metadata = response.trailing_metadata() - # Convert gRPC metadata `` to list of tuples - metadata = dict([(k, str(v)) for k, v in response_metadata]) if response_metadata else None - result = response.result() - if isinstance(result, proto.Message): - response_payload = type(result).to_json(result) - elif isinstance(result, google.protobuf.message.Message): - response_payload = MessageToJson(result) - else: - response_payload = f"{type(result).__name__}: {pickle.dumps(result)}" - grpc_response = { - "payload": response_payload, - "metadata": metadata, - "status": "OK", - } - _LOGGER.debug( - f"Received response for {client_call_details.method}.", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": client_call_details.method, - "response": grpc_response, - "metadata": grpc_response["metadata"], - }, - ) - return response - - -class PrivilegedAccessManagerGrpcTransport(PrivilegedAccessManagerTransport): - """gRPC backend transport for PrivilegedAccessManager. - - This API allows customers to manage temporary, request based - privileged access to their resources. - - It defines the following resource model: - - - A collection of ``Entitlement`` resources. An entitlement allows - configuring (among other things): - - - Some kind of privileged access that users can request. - - A set of users called *requesters* who can request this - access. - - A maximum duration for which the access can be requested. - - An optional approval workflow which must be satisfied before - access is granted. - - - A collection of ``Grant`` resources. A grant is a request by a - requester to get the privileged access specified in an - entitlement for some duration. - - After the approval workflow as specified in the entitlement is - satisfied, the specified access is given to the requester. The - access is automatically taken back after the requested duration - is over. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends protocol buffers over the wire using gRPC (which is built on - top of HTTP/2); the ``grpcio`` package must be installed. - """ - _stubs: Dict[str, Callable] - - def __init__(self, *, - host: str = 'privilegedaccessmanager.googleapis.com', - credentials: Optional[ga_credentials.Credentials] = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - channel: Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]] = None, - api_mtls_endpoint: Optional[str] = None, - client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None, - ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None, - client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - api_audience: Optional[str] = None, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is ignored if a ``channel`` instance is provided. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if a ``channel`` instance is provided. - scopes (Optional(Sequence[str])): A list of scopes. This argument is - ignored if a ``channel`` instance is provided. - channel (Optional[Union[grpc.Channel, Callable[..., grpc.Channel]]]): - A ``Channel`` instance through which to make calls, or a Callable - that constructs and returns one. If set to None, ``self.create_channel`` - is used to create the channel. If a Callable is given, it will be called - with the same arguments as used in ``self.create_channel``. - api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. - If provided, it overrides the ``host`` argument and tries to create - a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or application default SSL credentials. - client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): - Deprecated. A callback to provide client SSL certificate bytes and - private key bytes, both in PEM format. It is ignored if - ``api_mtls_endpoint`` is None. - ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for the grpc channel. It is ignored if a ``channel`` instance is provided. - client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): - A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure a mutual TLS channel. It is - ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - - Raises: - google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport - creation failed for any reason. - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - self._grpc_channel = None - self._ssl_channel_credentials = ssl_channel_credentials - self._stubs: Dict[str, Callable] = {} - self._operations_client: Optional[operations_v1.OperationsClient] = None - - if api_mtls_endpoint: - warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) - if client_cert_source: - warnings.warn("client_cert_source is deprecated", DeprecationWarning) - - if isinstance(channel, grpc.Channel): - # Ignore credentials if a channel was passed. - credentials = None - self._ignore_credentials = True - # If a channel was explicitly provided, set it. - self._grpc_channel = channel - self._ssl_channel_credentials = None - - else: - if api_mtls_endpoint: - host = api_mtls_endpoint - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - else: - self._ssl_channel_credentials = SslCredentials().ssl_credentials - - else: - if client_cert_source_for_mtls and not ssl_channel_credentials: - cert, key = client_cert_source_for_mtls() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - - # The base transport sets the host, credentials and scopes - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes, - quota_project_id=quota_project_id, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - api_audience=api_audience, - ) - - if not self._grpc_channel: - # initialize with the provided callable or the default channel - channel_init = channel or type(self).create_channel - self._grpc_channel = channel_init( - self._host, - # use the credentials which are saved - credentials=self._credentials, - # Set ``credentials_file`` to ``None`` here as - # the credentials that we saved earlier should be used. - credentials_file=None, - scopes=self._scopes, - ssl_credentials=self._ssl_channel_credentials, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - self._interceptor = _LoggingClientInterceptor() - self._logged_channel = grpc.intercept_channel(self._grpc_channel, self._interceptor) - - # Wrap messages. This must be done after self._logged_channel exists - self._prep_wrapped_messages(client_info) - - @classmethod - def create_channel(cls, - host: str = 'privilegedaccessmanager.googleapis.com', - credentials: Optional[ga_credentials.Credentials] = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - **kwargs) -> grpc.Channel: - """Create and return a gRPC channel object. - Args: - host (Optional[str]): The host for the channel to use. - credentials (Optional[~.Credentials]): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is mutually exclusive with credentials. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - kwargs (Optional[dict]): Keyword arguments, which are passed to the - channel creation. - Returns: - grpc.Channel: A gRPC channel object. - - Raises: - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - - return grpc_helpers.create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - quota_project_id=quota_project_id, - default_scopes=cls.AUTH_SCOPES, - scopes=scopes, - default_host=cls.DEFAULT_HOST, - **kwargs - ) - - @property - def grpc_channel(self) -> grpc.Channel: - """Return the channel designed to connect to this service. - """ - return self._grpc_channel - - @property - def operations_client(self) -> operations_v1.OperationsClient: - """Create the client designed to process long-running operations. - - This property caches on the instance; repeated calls return the same - client. - """ - # Quick check: Only create a new client if we do not already have one. - if self._operations_client is None: - self._operations_client = operations_v1.OperationsClient( - self._logged_channel - ) - - # Return the client from cache. - return self._operations_client - - @property - def check_onboarding_status(self) -> Callable[ - [privilegedaccessmanager.CheckOnboardingStatusRequest], - privilegedaccessmanager.CheckOnboardingStatusResponse]: - r"""Return a callable for the check onboarding status method over gRPC. - - ``CheckOnboardingStatus`` reports the onboarding status for a - project/folder/organization. Any findings reported by this API - need to be fixed before PAM can be used on the resource. - - Returns: - Callable[[~.CheckOnboardingStatusRequest], - ~.CheckOnboardingStatusResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'check_onboarding_status' not in self._stubs: - self._stubs['check_onboarding_status'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CheckOnboardingStatus', - request_serializer=privilegedaccessmanager.CheckOnboardingStatusRequest.serialize, - response_deserializer=privilegedaccessmanager.CheckOnboardingStatusResponse.deserialize, - ) - return self._stubs['check_onboarding_status'] - - @property - def list_entitlements(self) -> Callable[ - [privilegedaccessmanager.ListEntitlementsRequest], - privilegedaccessmanager.ListEntitlementsResponse]: - r"""Return a callable for the list entitlements method over gRPC. - - Lists entitlements in a given - project/folder/organization and location. - - Returns: - Callable[[~.ListEntitlementsRequest], - ~.ListEntitlementsResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'list_entitlements' not in self._stubs: - self._stubs['list_entitlements'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ListEntitlements', - request_serializer=privilegedaccessmanager.ListEntitlementsRequest.serialize, - response_deserializer=privilegedaccessmanager.ListEntitlementsResponse.deserialize, - ) - return self._stubs['list_entitlements'] - - @property - def search_entitlements(self) -> Callable[ - [privilegedaccessmanager.SearchEntitlementsRequest], - privilegedaccessmanager.SearchEntitlementsResponse]: - r"""Return a callable for the search entitlements method over gRPC. - - ``SearchEntitlements`` returns entitlements on which the caller - has the specified access. - - Returns: - Callable[[~.SearchEntitlementsRequest], - ~.SearchEntitlementsResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'search_entitlements' not in self._stubs: - self._stubs['search_entitlements'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/SearchEntitlements', - request_serializer=privilegedaccessmanager.SearchEntitlementsRequest.serialize, - response_deserializer=privilegedaccessmanager.SearchEntitlementsResponse.deserialize, - ) - return self._stubs['search_entitlements'] - - @property - def get_entitlement(self) -> Callable[ - [privilegedaccessmanager.GetEntitlementRequest], - privilegedaccessmanager.Entitlement]: - r"""Return a callable for the get entitlement method over gRPC. - - Gets details of a single entitlement. - - Returns: - Callable[[~.GetEntitlementRequest], - ~.Entitlement]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_entitlement' not in self._stubs: - self._stubs['get_entitlement'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/GetEntitlement', - request_serializer=privilegedaccessmanager.GetEntitlementRequest.serialize, - response_deserializer=privilegedaccessmanager.Entitlement.deserialize, - ) - return self._stubs['get_entitlement'] - - @property - def create_entitlement(self) -> Callable[ - [privilegedaccessmanager.CreateEntitlementRequest], - operations_pb2.Operation]: - r"""Return a callable for the create entitlement method over gRPC. - - Creates a new entitlement in a given - project/folder/organization and location. - - Returns: - Callable[[~.CreateEntitlementRequest], - ~.Operation]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'create_entitlement' not in self._stubs: - self._stubs['create_entitlement'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CreateEntitlement', - request_serializer=privilegedaccessmanager.CreateEntitlementRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs['create_entitlement'] - - @property - def delete_entitlement(self) -> Callable[ - [privilegedaccessmanager.DeleteEntitlementRequest], - operations_pb2.Operation]: - r"""Return a callable for the delete entitlement method over gRPC. - - Deletes a single entitlement. This method can only be called - when there are no in-progress - (``ACTIVE``/``ACTIVATING``/``REVOKING``) grants under the - entitlement. - - Returns: - Callable[[~.DeleteEntitlementRequest], - ~.Operation]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'delete_entitlement' not in self._stubs: - self._stubs['delete_entitlement'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/DeleteEntitlement', - request_serializer=privilegedaccessmanager.DeleteEntitlementRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs['delete_entitlement'] - - @property - def update_entitlement(self) -> Callable[ - [privilegedaccessmanager.UpdateEntitlementRequest], - operations_pb2.Operation]: - r"""Return a callable for the update entitlement method over gRPC. - - Updates the entitlement specified in the request. Updated fields - in the entitlement need to be specified in an update mask. The - changes made to an entitlement are applicable only on future - grants of the entitlement. However, if new approvers are added - or existing approvers are removed from the approval workflow, - the changes are effective on existing grants. - - The following fields are not supported for updates: - - - All immutable fields - - Entitlement name - - Resource name - - Resource type - - Adding an approval workflow in an entitlement which - previously had no approval workflow. - - Deleting the approval workflow from an entitlement. - - Adding or deleting a step in the approval workflow (only one - step is supported) - - Note that updates are allowed on the list of approvers in an - approval workflow step. - - Returns: - Callable[[~.UpdateEntitlementRequest], - ~.Operation]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'update_entitlement' not in self._stubs: - self._stubs['update_entitlement'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/UpdateEntitlement', - request_serializer=privilegedaccessmanager.UpdateEntitlementRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs['update_entitlement'] - - @property - def list_grants(self) -> Callable[ - [privilegedaccessmanager.ListGrantsRequest], - privilegedaccessmanager.ListGrantsResponse]: - r"""Return a callable for the list grants method over gRPC. - - Lists grants for a given entitlement. - - Returns: - Callable[[~.ListGrantsRequest], - ~.ListGrantsResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'list_grants' not in self._stubs: - self._stubs['list_grants'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ListGrants', - request_serializer=privilegedaccessmanager.ListGrantsRequest.serialize, - response_deserializer=privilegedaccessmanager.ListGrantsResponse.deserialize, - ) - return self._stubs['list_grants'] - - @property - def search_grants(self) -> Callable[ - [privilegedaccessmanager.SearchGrantsRequest], - privilegedaccessmanager.SearchGrantsResponse]: - r"""Return a callable for the search grants method over gRPC. - - ``SearchGrants`` returns grants that are related to the calling - user in the specified way. - - Returns: - Callable[[~.SearchGrantsRequest], - ~.SearchGrantsResponse]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'search_grants' not in self._stubs: - self._stubs['search_grants'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/SearchGrants', - request_serializer=privilegedaccessmanager.SearchGrantsRequest.serialize, - response_deserializer=privilegedaccessmanager.SearchGrantsResponse.deserialize, - ) - return self._stubs['search_grants'] - - @property - def get_grant(self) -> Callable[ - [privilegedaccessmanager.GetGrantRequest], - privilegedaccessmanager.Grant]: - r"""Return a callable for the get grant method over gRPC. - - Get details of a single grant. - - Returns: - Callable[[~.GetGrantRequest], - ~.Grant]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_grant' not in self._stubs: - self._stubs['get_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/GetGrant', - request_serializer=privilegedaccessmanager.GetGrantRequest.serialize, - response_deserializer=privilegedaccessmanager.Grant.deserialize, - ) - return self._stubs['get_grant'] - - @property - def create_grant(self) -> Callable[ - [privilegedaccessmanager.CreateGrantRequest], - privilegedaccessmanager.Grant]: - r"""Return a callable for the create grant method over gRPC. - - Creates a new grant in a given - project/folder/organization and location. - - Returns: - Callable[[~.CreateGrantRequest], - ~.Grant]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'create_grant' not in self._stubs: - self._stubs['create_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CreateGrant', - request_serializer=privilegedaccessmanager.CreateGrantRequest.serialize, - response_deserializer=privilegedaccessmanager.Grant.deserialize, - ) - return self._stubs['create_grant'] - - @property - def approve_grant(self) -> Callable[ - [privilegedaccessmanager.ApproveGrantRequest], - privilegedaccessmanager.Grant]: - r"""Return a callable for the approve grant method over gRPC. - - ``ApproveGrant`` is used to approve a grant. This method can - only be called on a grant when it's in the ``APPROVAL_AWAITED`` - state. This operation can't be undone. - - Returns: - Callable[[~.ApproveGrantRequest], - ~.Grant]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'approve_grant' not in self._stubs: - self._stubs['approve_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ApproveGrant', - request_serializer=privilegedaccessmanager.ApproveGrantRequest.serialize, - response_deserializer=privilegedaccessmanager.Grant.deserialize, - ) - return self._stubs['approve_grant'] - - @property - def deny_grant(self) -> Callable[ - [privilegedaccessmanager.DenyGrantRequest], - privilegedaccessmanager.Grant]: - r"""Return a callable for the deny grant method over gRPC. - - ``DenyGrant`` is used to deny a grant. This method can only be - called on a grant when it's in the ``APPROVAL_AWAITED`` state. - This operation can't be undone. - - Returns: - Callable[[~.DenyGrantRequest], - ~.Grant]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'deny_grant' not in self._stubs: - self._stubs['deny_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/DenyGrant', - request_serializer=privilegedaccessmanager.DenyGrantRequest.serialize, - response_deserializer=privilegedaccessmanager.Grant.deserialize, - ) - return self._stubs['deny_grant'] - - @property - def revoke_grant(self) -> Callable[ - [privilegedaccessmanager.RevokeGrantRequest], - operations_pb2.Operation]: - r"""Return a callable for the revoke grant method over gRPC. - - ``RevokeGrant`` is used to immediately revoke access for a - grant. This method can be called when the grant is in a - non-terminal state. - - Returns: - Callable[[~.RevokeGrantRequest], - ~.Operation]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'revoke_grant' not in self._stubs: - self._stubs['revoke_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/RevokeGrant', - request_serializer=privilegedaccessmanager.RevokeGrantRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs['revoke_grant'] - - def close(self): - self._logged_channel.close() - - @property - def delete_operation( - self, - ) -> Callable[[operations_pb2.DeleteOperationRequest], None]: - r"""Return a callable for the delete_operation method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "delete_operation" not in self._stubs: - self._stubs["delete_operation"] = self._logged_channel.unary_unary( - "/google.longrunning.Operations/DeleteOperation", - request_serializer=operations_pb2.DeleteOperationRequest.SerializeToString, - response_deserializer=None, - ) - return self._stubs["delete_operation"] - - @property - def get_operation( - self, - ) -> Callable[[operations_pb2.GetOperationRequest], operations_pb2.Operation]: - r"""Return a callable for the get_operation method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "get_operation" not in self._stubs: - self._stubs["get_operation"] = self._logged_channel.unary_unary( - "/google.longrunning.Operations/GetOperation", - request_serializer=operations_pb2.GetOperationRequest.SerializeToString, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs["get_operation"] - - @property - def list_operations( - self, - ) -> Callable[[operations_pb2.ListOperationsRequest], operations_pb2.ListOperationsResponse]: - r"""Return a callable for the list_operations method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "list_operations" not in self._stubs: - self._stubs["list_operations"] = self._logged_channel.unary_unary( - "/google.longrunning.Operations/ListOperations", - request_serializer=operations_pb2.ListOperationsRequest.SerializeToString, - response_deserializer=operations_pb2.ListOperationsResponse.FromString, - ) - return self._stubs["list_operations"] - - @property - def list_locations( - self, - ) -> Callable[[locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse]: - r"""Return a callable for the list locations method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "list_locations" not in self._stubs: - self._stubs["list_locations"] = self._logged_channel.unary_unary( - "/google.cloud.location.Locations/ListLocations", - request_serializer=locations_pb2.ListLocationsRequest.SerializeToString, - response_deserializer=locations_pb2.ListLocationsResponse.FromString, - ) - return self._stubs["list_locations"] - - @property - def get_location( - self, - ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]: - r"""Return a callable for the list locations method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "get_location" not in self._stubs: - self._stubs["get_location"] = self._logged_channel.unary_unary( - "/google.cloud.location.Locations/GetLocation", - request_serializer=locations_pb2.GetLocationRequest.SerializeToString, - response_deserializer=locations_pb2.Location.FromString, - ) - return self._stubs["get_location"] - - @property - def kind(self) -> str: - return "grpc" - - -__all__ = ( - 'PrivilegedAccessManagerGrpcTransport', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc_asyncio.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc_asyncio.py deleted file mode 100644 index 5c10ae7bfbb9..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/grpc_asyncio.py +++ /dev/null @@ -1,963 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import inspect -import json -import pickle -import logging as std_logging -import warnings -from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple, Union - -from google.api_core import gapic_v1 -from google.api_core import grpc_helpers_async -from google.api_core import exceptions as core_exceptions -from google.api_core import retry_async as retries -from google.api_core import operations_v1 -from google.auth import credentials as ga_credentials # type: ignore -from google.auth.transport.grpc import SslCredentials # type: ignore -from google.protobuf.json_format import MessageToJson -import google.protobuf.message - -import grpc # type: ignore -import proto # type: ignore -from grpc.experimental import aio # type: ignore - -from google.cloud.location import locations_pb2 # type: ignore -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager -from google.longrunning import operations_pb2 # type: ignore -from .base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO -from .grpc import PrivilegedAccessManagerGrpcTransport - -try: - from google.api_core import client_logging # type: ignore - CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER -except ImportError: # pragma: NO COVER - CLIENT_LOGGING_SUPPORTED = False - -_LOGGER = std_logging.getLogger(__name__) - - -class _LoggingClientAIOInterceptor(grpc.aio.UnaryUnaryClientInterceptor): # pragma: NO COVER - async def intercept_unary_unary(self, continuation, client_call_details, request): - logging_enabled = CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(std_logging.DEBUG) - if logging_enabled: # pragma: NO COVER - request_metadata = client_call_details.metadata - if isinstance(request, proto.Message): - request_payload = type(request).to_json(request) - elif isinstance(request, google.protobuf.message.Message): - request_payload = MessageToJson(request) - else: - request_payload = f"{type(request).__name__}: {pickle.dumps(request)}" - - request_metadata = { - key: value.decode("utf-8") if isinstance(value, bytes) else value - for key, value in request_metadata - } - grpc_request = { - "payload": request_payload, - "requestMethod": "grpc", - "metadata": dict(request_metadata), - } - _LOGGER.debug( - f"Sending request for {client_call_details.method}", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": str(client_call_details.method), - "request": grpc_request, - "metadata": grpc_request["metadata"], - }, - ) - response = await continuation(client_call_details, request) - if logging_enabled: # pragma: NO COVER - response_metadata = await response.trailing_metadata() - # Convert gRPC metadata `` to list of tuples - metadata = dict([(k, str(v)) for k, v in response_metadata]) if response_metadata else None - result = await response - if isinstance(result, proto.Message): - response_payload = type(result).to_json(result) - elif isinstance(result, google.protobuf.message.Message): - response_payload = MessageToJson(result) - else: - response_payload = f"{type(result).__name__}: {pickle.dumps(result)}" - grpc_response = { - "payload": response_payload, - "metadata": metadata, - "status": "OK", - } - _LOGGER.debug( - f"Received response to rpc {client_call_details.method}.", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": str(client_call_details.method), - "response": grpc_response, - "metadata": grpc_response["metadata"], - }, - ) - return response - - -class PrivilegedAccessManagerGrpcAsyncIOTransport(PrivilegedAccessManagerTransport): - """gRPC AsyncIO backend transport for PrivilegedAccessManager. - - This API allows customers to manage temporary, request based - privileged access to their resources. - - It defines the following resource model: - - - A collection of ``Entitlement`` resources. An entitlement allows - configuring (among other things): - - - Some kind of privileged access that users can request. - - A set of users called *requesters* who can request this - access. - - A maximum duration for which the access can be requested. - - An optional approval workflow which must be satisfied before - access is granted. - - - A collection of ``Grant`` resources. A grant is a request by a - requester to get the privileged access specified in an - entitlement for some duration. - - After the approval workflow as specified in the entitlement is - satisfied, the specified access is given to the requester. The - access is automatically taken back after the requested duration - is over. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends protocol buffers over the wire using gRPC (which is built on - top of HTTP/2); the ``grpcio`` package must be installed. - """ - - _grpc_channel: aio.Channel - _stubs: Dict[str, Callable] = {} - - @classmethod - def create_channel(cls, - host: str = 'privilegedaccessmanager.googleapis.com', - credentials: Optional[ga_credentials.Credentials] = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - quota_project_id: Optional[str] = None, - **kwargs) -> aio.Channel: - """Create and return a gRPC AsyncIO channel object. - Args: - host (Optional[str]): The host for the channel to use. - credentials (Optional[~.Credentials]): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - kwargs (Optional[dict]): Keyword arguments, which are passed to the - channel creation. - Returns: - aio.Channel: A gRPC AsyncIO channel object. - """ - - return grpc_helpers_async.create_channel( - host, - credentials=credentials, - credentials_file=credentials_file, - quota_project_id=quota_project_id, - default_scopes=cls.AUTH_SCOPES, - scopes=scopes, - default_host=cls.DEFAULT_HOST, - **kwargs - ) - - def __init__(self, *, - host: str = 'privilegedaccessmanager.googleapis.com', - credentials: Optional[ga_credentials.Credentials] = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - channel: Optional[Union[aio.Channel, Callable[..., aio.Channel]]] = None, - api_mtls_endpoint: Optional[str] = None, - client_cert_source: Optional[Callable[[], Tuple[bytes, bytes]]] = None, - ssl_channel_credentials: Optional[grpc.ChannelCredentials] = None, - client_cert_source_for_mtls: Optional[Callable[[], Tuple[bytes, bytes]]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - api_audience: Optional[str] = None, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is ignored if a ``channel`` instance is provided. - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if a ``channel`` instance is provided. - scopes (Optional[Sequence[str]]): A optional list of scopes needed for this - service. These are only used when credentials are not specified and - are passed to :func:`google.auth.default`. - channel (Optional[Union[aio.Channel, Callable[..., aio.Channel]]]): - A ``Channel`` instance through which to make calls, or a Callable - that constructs and returns one. If set to None, ``self.create_channel`` - is used to create the channel. If a Callable is given, it will be called - with the same arguments as used in ``self.create_channel``. - api_mtls_endpoint (Optional[str]): Deprecated. The mutual TLS endpoint. - If provided, it overrides the ``host`` argument and tries to create - a mutual TLS channel with client SSL credentials from - ``client_cert_source`` or application default SSL credentials. - client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): - Deprecated. A callback to provide client SSL certificate bytes and - private key bytes, both in PEM format. It is ignored if - ``api_mtls_endpoint`` is None. - ssl_channel_credentials (grpc.ChannelCredentials): SSL credentials - for the grpc channel. It is ignored if a ``channel`` instance is provided. - client_cert_source_for_mtls (Optional[Callable[[], Tuple[bytes, bytes]]]): - A callback to provide client certificate bytes and private key bytes, - both in PEM format. It is used to configure a mutual TLS channel. It is - ignored if a ``channel`` instance or ``ssl_channel_credentials`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - - Raises: - google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport - creation failed for any reason. - google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` - and ``credentials_file`` are passed. - """ - self._grpc_channel = None - self._ssl_channel_credentials = ssl_channel_credentials - self._stubs: Dict[str, Callable] = {} - self._operations_client: Optional[operations_v1.OperationsAsyncClient] = None - - if api_mtls_endpoint: - warnings.warn("api_mtls_endpoint is deprecated", DeprecationWarning) - if client_cert_source: - warnings.warn("client_cert_source is deprecated", DeprecationWarning) - - if isinstance(channel, aio.Channel): - # Ignore credentials if a channel was passed. - credentials = None - self._ignore_credentials = True - # If a channel was explicitly provided, set it. - self._grpc_channel = channel - self._ssl_channel_credentials = None - else: - if api_mtls_endpoint: - host = api_mtls_endpoint - - # Create SSL credentials with client_cert_source or application - # default SSL credentials. - if client_cert_source: - cert, key = client_cert_source() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - else: - self._ssl_channel_credentials = SslCredentials().ssl_credentials - - else: - if client_cert_source_for_mtls and not ssl_channel_credentials: - cert, key = client_cert_source_for_mtls() - self._ssl_channel_credentials = grpc.ssl_channel_credentials( - certificate_chain=cert, private_key=key - ) - - # The base transport sets the host, credentials and scopes - super().__init__( - host=host, - credentials=credentials, - credentials_file=credentials_file, - scopes=scopes, - quota_project_id=quota_project_id, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - api_audience=api_audience, - ) - - if not self._grpc_channel: - # initialize with the provided callable or the default channel - channel_init = channel or type(self).create_channel - self._grpc_channel = channel_init( - self._host, - # use the credentials which are saved - credentials=self._credentials, - # Set ``credentials_file`` to ``None`` here as - # the credentials that we saved earlier should be used. - credentials_file=None, - scopes=self._scopes, - ssl_credentials=self._ssl_channel_credentials, - quota_project_id=quota_project_id, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - self._interceptor = _LoggingClientAIOInterceptor() - self._grpc_channel._unary_unary_interceptors.append(self._interceptor) - self._logged_channel = self._grpc_channel - self._wrap_with_kind = "kind" in inspect.signature(gapic_v1.method_async.wrap_method).parameters - # Wrap messages. This must be done after self._logged_channel exists - self._prep_wrapped_messages(client_info) - - @property - def grpc_channel(self) -> aio.Channel: - """Create the channel designed to connect to this service. - - This property caches on the instance; repeated calls return - the same channel. - """ - # Return the channel from cache. - return self._grpc_channel - - @property - def operations_client(self) -> operations_v1.OperationsAsyncClient: - """Create the client designed to process long-running operations. - - This property caches on the instance; repeated calls return the same - client. - """ - # Quick check: Only create a new client if we do not already have one. - if self._operations_client is None: - self._operations_client = operations_v1.OperationsAsyncClient( - self._logged_channel - ) - - # Return the client from cache. - return self._operations_client - - @property - def check_onboarding_status(self) -> Callable[ - [privilegedaccessmanager.CheckOnboardingStatusRequest], - Awaitable[privilegedaccessmanager.CheckOnboardingStatusResponse]]: - r"""Return a callable for the check onboarding status method over gRPC. - - ``CheckOnboardingStatus`` reports the onboarding status for a - project/folder/organization. Any findings reported by this API - need to be fixed before PAM can be used on the resource. - - Returns: - Callable[[~.CheckOnboardingStatusRequest], - Awaitable[~.CheckOnboardingStatusResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'check_onboarding_status' not in self._stubs: - self._stubs['check_onboarding_status'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CheckOnboardingStatus', - request_serializer=privilegedaccessmanager.CheckOnboardingStatusRequest.serialize, - response_deserializer=privilegedaccessmanager.CheckOnboardingStatusResponse.deserialize, - ) - return self._stubs['check_onboarding_status'] - - @property - def list_entitlements(self) -> Callable[ - [privilegedaccessmanager.ListEntitlementsRequest], - Awaitable[privilegedaccessmanager.ListEntitlementsResponse]]: - r"""Return a callable for the list entitlements method over gRPC. - - Lists entitlements in a given - project/folder/organization and location. - - Returns: - Callable[[~.ListEntitlementsRequest], - Awaitable[~.ListEntitlementsResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'list_entitlements' not in self._stubs: - self._stubs['list_entitlements'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ListEntitlements', - request_serializer=privilegedaccessmanager.ListEntitlementsRequest.serialize, - response_deserializer=privilegedaccessmanager.ListEntitlementsResponse.deserialize, - ) - return self._stubs['list_entitlements'] - - @property - def search_entitlements(self) -> Callable[ - [privilegedaccessmanager.SearchEntitlementsRequest], - Awaitable[privilegedaccessmanager.SearchEntitlementsResponse]]: - r"""Return a callable for the search entitlements method over gRPC. - - ``SearchEntitlements`` returns entitlements on which the caller - has the specified access. - - Returns: - Callable[[~.SearchEntitlementsRequest], - Awaitable[~.SearchEntitlementsResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'search_entitlements' not in self._stubs: - self._stubs['search_entitlements'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/SearchEntitlements', - request_serializer=privilegedaccessmanager.SearchEntitlementsRequest.serialize, - response_deserializer=privilegedaccessmanager.SearchEntitlementsResponse.deserialize, - ) - return self._stubs['search_entitlements'] - - @property - def get_entitlement(self) -> Callable[ - [privilegedaccessmanager.GetEntitlementRequest], - Awaitable[privilegedaccessmanager.Entitlement]]: - r"""Return a callable for the get entitlement method over gRPC. - - Gets details of a single entitlement. - - Returns: - Callable[[~.GetEntitlementRequest], - Awaitable[~.Entitlement]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_entitlement' not in self._stubs: - self._stubs['get_entitlement'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/GetEntitlement', - request_serializer=privilegedaccessmanager.GetEntitlementRequest.serialize, - response_deserializer=privilegedaccessmanager.Entitlement.deserialize, - ) - return self._stubs['get_entitlement'] - - @property - def create_entitlement(self) -> Callable[ - [privilegedaccessmanager.CreateEntitlementRequest], - Awaitable[operations_pb2.Operation]]: - r"""Return a callable for the create entitlement method over gRPC. - - Creates a new entitlement in a given - project/folder/organization and location. - - Returns: - Callable[[~.CreateEntitlementRequest], - Awaitable[~.Operation]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'create_entitlement' not in self._stubs: - self._stubs['create_entitlement'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CreateEntitlement', - request_serializer=privilegedaccessmanager.CreateEntitlementRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs['create_entitlement'] - - @property - def delete_entitlement(self) -> Callable[ - [privilegedaccessmanager.DeleteEntitlementRequest], - Awaitable[operations_pb2.Operation]]: - r"""Return a callable for the delete entitlement method over gRPC. - - Deletes a single entitlement. This method can only be called - when there are no in-progress - (``ACTIVE``/``ACTIVATING``/``REVOKING``) grants under the - entitlement. - - Returns: - Callable[[~.DeleteEntitlementRequest], - Awaitable[~.Operation]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'delete_entitlement' not in self._stubs: - self._stubs['delete_entitlement'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/DeleteEntitlement', - request_serializer=privilegedaccessmanager.DeleteEntitlementRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs['delete_entitlement'] - - @property - def update_entitlement(self) -> Callable[ - [privilegedaccessmanager.UpdateEntitlementRequest], - Awaitable[operations_pb2.Operation]]: - r"""Return a callable for the update entitlement method over gRPC. - - Updates the entitlement specified in the request. Updated fields - in the entitlement need to be specified in an update mask. The - changes made to an entitlement are applicable only on future - grants of the entitlement. However, if new approvers are added - or existing approvers are removed from the approval workflow, - the changes are effective on existing grants. - - The following fields are not supported for updates: - - - All immutable fields - - Entitlement name - - Resource name - - Resource type - - Adding an approval workflow in an entitlement which - previously had no approval workflow. - - Deleting the approval workflow from an entitlement. - - Adding or deleting a step in the approval workflow (only one - step is supported) - - Note that updates are allowed on the list of approvers in an - approval workflow step. - - Returns: - Callable[[~.UpdateEntitlementRequest], - Awaitable[~.Operation]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'update_entitlement' not in self._stubs: - self._stubs['update_entitlement'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/UpdateEntitlement', - request_serializer=privilegedaccessmanager.UpdateEntitlementRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs['update_entitlement'] - - @property - def list_grants(self) -> Callable[ - [privilegedaccessmanager.ListGrantsRequest], - Awaitable[privilegedaccessmanager.ListGrantsResponse]]: - r"""Return a callable for the list grants method over gRPC. - - Lists grants for a given entitlement. - - Returns: - Callable[[~.ListGrantsRequest], - Awaitable[~.ListGrantsResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'list_grants' not in self._stubs: - self._stubs['list_grants'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ListGrants', - request_serializer=privilegedaccessmanager.ListGrantsRequest.serialize, - response_deserializer=privilegedaccessmanager.ListGrantsResponse.deserialize, - ) - return self._stubs['list_grants'] - - @property - def search_grants(self) -> Callable[ - [privilegedaccessmanager.SearchGrantsRequest], - Awaitable[privilegedaccessmanager.SearchGrantsResponse]]: - r"""Return a callable for the search grants method over gRPC. - - ``SearchGrants`` returns grants that are related to the calling - user in the specified way. - - Returns: - Callable[[~.SearchGrantsRequest], - Awaitable[~.SearchGrantsResponse]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'search_grants' not in self._stubs: - self._stubs['search_grants'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/SearchGrants', - request_serializer=privilegedaccessmanager.SearchGrantsRequest.serialize, - response_deserializer=privilegedaccessmanager.SearchGrantsResponse.deserialize, - ) - return self._stubs['search_grants'] - - @property - def get_grant(self) -> Callable[ - [privilegedaccessmanager.GetGrantRequest], - Awaitable[privilegedaccessmanager.Grant]]: - r"""Return a callable for the get grant method over gRPC. - - Get details of a single grant. - - Returns: - Callable[[~.GetGrantRequest], - Awaitable[~.Grant]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'get_grant' not in self._stubs: - self._stubs['get_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/GetGrant', - request_serializer=privilegedaccessmanager.GetGrantRequest.serialize, - response_deserializer=privilegedaccessmanager.Grant.deserialize, - ) - return self._stubs['get_grant'] - - @property - def create_grant(self) -> Callable[ - [privilegedaccessmanager.CreateGrantRequest], - Awaitable[privilegedaccessmanager.Grant]]: - r"""Return a callable for the create grant method over gRPC. - - Creates a new grant in a given - project/folder/organization and location. - - Returns: - Callable[[~.CreateGrantRequest], - Awaitable[~.Grant]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'create_grant' not in self._stubs: - self._stubs['create_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/CreateGrant', - request_serializer=privilegedaccessmanager.CreateGrantRequest.serialize, - response_deserializer=privilegedaccessmanager.Grant.deserialize, - ) - return self._stubs['create_grant'] - - @property - def approve_grant(self) -> Callable[ - [privilegedaccessmanager.ApproveGrantRequest], - Awaitable[privilegedaccessmanager.Grant]]: - r"""Return a callable for the approve grant method over gRPC. - - ``ApproveGrant`` is used to approve a grant. This method can - only be called on a grant when it's in the ``APPROVAL_AWAITED`` - state. This operation can't be undone. - - Returns: - Callable[[~.ApproveGrantRequest], - Awaitable[~.Grant]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'approve_grant' not in self._stubs: - self._stubs['approve_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/ApproveGrant', - request_serializer=privilegedaccessmanager.ApproveGrantRequest.serialize, - response_deserializer=privilegedaccessmanager.Grant.deserialize, - ) - return self._stubs['approve_grant'] - - @property - def deny_grant(self) -> Callable[ - [privilegedaccessmanager.DenyGrantRequest], - Awaitable[privilegedaccessmanager.Grant]]: - r"""Return a callable for the deny grant method over gRPC. - - ``DenyGrant`` is used to deny a grant. This method can only be - called on a grant when it's in the ``APPROVAL_AWAITED`` state. - This operation can't be undone. - - Returns: - Callable[[~.DenyGrantRequest], - Awaitable[~.Grant]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'deny_grant' not in self._stubs: - self._stubs['deny_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/DenyGrant', - request_serializer=privilegedaccessmanager.DenyGrantRequest.serialize, - response_deserializer=privilegedaccessmanager.Grant.deserialize, - ) - return self._stubs['deny_grant'] - - @property - def revoke_grant(self) -> Callable[ - [privilegedaccessmanager.RevokeGrantRequest], - Awaitable[operations_pb2.Operation]]: - r"""Return a callable for the revoke grant method over gRPC. - - ``RevokeGrant`` is used to immediately revoke access for a - grant. This method can be called when the grant is in a - non-terminal state. - - Returns: - Callable[[~.RevokeGrantRequest], - Awaitable[~.Operation]]: - A function that, when called, will call the underlying RPC - on the server. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if 'revoke_grant' not in self._stubs: - self._stubs['revoke_grant'] = self._logged_channel.unary_unary( - '/google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager/RevokeGrant', - request_serializer=privilegedaccessmanager.RevokeGrantRequest.serialize, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs['revoke_grant'] - - def _prep_wrapped_messages(self, client_info): - """ Precompute the wrapped methods, overriding the base class method to use async wrappers.""" - self._wrapped_methods = { - self.check_onboarding_status: self._wrap_method( - self.check_onboarding_status, - default_timeout=None, - client_info=client_info, - ), - self.list_entitlements: self._wrap_method( - self.list_entitlements, - default_timeout=None, - client_info=client_info, - ), - self.search_entitlements: self._wrap_method( - self.search_entitlements, - default_timeout=None, - client_info=client_info, - ), - self.get_entitlement: self._wrap_method( - self.get_entitlement, - default_timeout=None, - client_info=client_info, - ), - self.create_entitlement: self._wrap_method( - self.create_entitlement, - default_timeout=None, - client_info=client_info, - ), - self.delete_entitlement: self._wrap_method( - self.delete_entitlement, - default_timeout=None, - client_info=client_info, - ), - self.update_entitlement: self._wrap_method( - self.update_entitlement, - default_timeout=None, - client_info=client_info, - ), - self.list_grants: self._wrap_method( - self.list_grants, - default_timeout=None, - client_info=client_info, - ), - self.search_grants: self._wrap_method( - self.search_grants, - default_timeout=None, - client_info=client_info, - ), - self.get_grant: self._wrap_method( - self.get_grant, - default_timeout=None, - client_info=client_info, - ), - self.create_grant: self._wrap_method( - self.create_grant, - default_timeout=None, - client_info=client_info, - ), - self.approve_grant: self._wrap_method( - self.approve_grant, - default_timeout=None, - client_info=client_info, - ), - self.deny_grant: self._wrap_method( - self.deny_grant, - default_timeout=None, - client_info=client_info, - ), - self.revoke_grant: self._wrap_method( - self.revoke_grant, - default_timeout=None, - client_info=client_info, - ), - self.get_location: self._wrap_method( - self.get_location, - default_timeout=None, - client_info=client_info, - ), - self.list_locations: self._wrap_method( - self.list_locations, - default_timeout=None, - client_info=client_info, - ), - self.delete_operation: self._wrap_method( - self.delete_operation, - default_timeout=None, - client_info=client_info, - ), - self.get_operation: self._wrap_method( - self.get_operation, - default_timeout=None, - client_info=client_info, - ), - self.list_operations: self._wrap_method( - self.list_operations, - default_timeout=None, - client_info=client_info, - ), - } - - def _wrap_method(self, func, *args, **kwargs): - if self._wrap_with_kind: # pragma: NO COVER - kwargs["kind"] = self.kind - return gapic_v1.method_async.wrap_method(func, *args, **kwargs) - - def close(self): - return self._logged_channel.close() - - @property - def kind(self) -> str: - return "grpc_asyncio" - - @property - def delete_operation( - self, - ) -> Callable[[operations_pb2.DeleteOperationRequest], None]: - r"""Return a callable for the delete_operation method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "delete_operation" not in self._stubs: - self._stubs["delete_operation"] = self._logged_channel.unary_unary( - "/google.longrunning.Operations/DeleteOperation", - request_serializer=operations_pb2.DeleteOperationRequest.SerializeToString, - response_deserializer=None, - ) - return self._stubs["delete_operation"] - - @property - def get_operation( - self, - ) -> Callable[[operations_pb2.GetOperationRequest], operations_pb2.Operation]: - r"""Return a callable for the get_operation method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "get_operation" not in self._stubs: - self._stubs["get_operation"] = self._logged_channel.unary_unary( - "/google.longrunning.Operations/GetOperation", - request_serializer=operations_pb2.GetOperationRequest.SerializeToString, - response_deserializer=operations_pb2.Operation.FromString, - ) - return self._stubs["get_operation"] - - @property - def list_operations( - self, - ) -> Callable[[operations_pb2.ListOperationsRequest], operations_pb2.ListOperationsResponse]: - r"""Return a callable for the list_operations method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "list_operations" not in self._stubs: - self._stubs["list_operations"] = self._logged_channel.unary_unary( - "/google.longrunning.Operations/ListOperations", - request_serializer=operations_pb2.ListOperationsRequest.SerializeToString, - response_deserializer=operations_pb2.ListOperationsResponse.FromString, - ) - return self._stubs["list_operations"] - - @property - def list_locations( - self, - ) -> Callable[[locations_pb2.ListLocationsRequest], locations_pb2.ListLocationsResponse]: - r"""Return a callable for the list locations method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "list_locations" not in self._stubs: - self._stubs["list_locations"] = self._logged_channel.unary_unary( - "/google.cloud.location.Locations/ListLocations", - request_serializer=locations_pb2.ListLocationsRequest.SerializeToString, - response_deserializer=locations_pb2.ListLocationsResponse.FromString, - ) - return self._stubs["list_locations"] - - @property - def get_location( - self, - ) -> Callable[[locations_pb2.GetLocationRequest], locations_pb2.Location]: - r"""Return a callable for the list locations method over gRPC. - """ - # Generate a "stub function" on-the-fly which will actually make - # the request. - # gRPC handles serialization and deserialization, so we just need - # to pass in the functions for each. - if "get_location" not in self._stubs: - self._stubs["get_location"] = self._logged_channel.unary_unary( - "/google.cloud.location.Locations/GetLocation", - request_serializer=locations_pb2.GetLocationRequest.SerializeToString, - response_deserializer=locations_pb2.Location.FromString, - ) - return self._stubs["get_location"] - - -__all__ = ( - 'PrivilegedAccessManagerGrpcAsyncIOTransport', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest.py deleted file mode 100644 index 51cf90ec39a8..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest.py +++ /dev/null @@ -1,3381 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import logging -import json # type: ignore - -from google.auth.transport.requests import AuthorizedSession # type: ignore -from google.auth import credentials as ga_credentials # type: ignore -from google.api_core import exceptions as core_exceptions -from google.api_core import retry as retries -from google.api_core import rest_helpers -from google.api_core import rest_streaming -from google.api_core import gapic_v1 -import google.protobuf - -from google.protobuf import json_format -from google.api_core import operations_v1 -from google.cloud.location import locations_pb2 # type: ignore - -from requests import __version__ as requests_version -import dataclasses -from typing import Any, Callable, Dict, List, Optional, Sequence, Tuple, Union -import warnings - - -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager -from google.longrunning import operations_pb2 # type: ignore - - -from .rest_base import _BasePrivilegedAccessManagerRestTransport -from .base import DEFAULT_CLIENT_INFO as BASE_DEFAULT_CLIENT_INFO - -try: - OptionalRetry = Union[retries.Retry, gapic_v1.method._MethodDefault, None] -except AttributeError: # pragma: NO COVER - OptionalRetry = Union[retries.Retry, object, None] # type: ignore - -try: - from google.api_core import client_logging # type: ignore - CLIENT_LOGGING_SUPPORTED = True # pragma: NO COVER -except ImportError: # pragma: NO COVER - CLIENT_LOGGING_SUPPORTED = False - -_LOGGER = logging.getLogger(__name__) - -DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( - gapic_version=BASE_DEFAULT_CLIENT_INFO.gapic_version, - grpc_version=None, - rest_version=f"requests@{requests_version}", -) - -if hasattr(DEFAULT_CLIENT_INFO, "protobuf_runtime_version"): # pragma: NO COVER - DEFAULT_CLIENT_INFO.protobuf_runtime_version = google.protobuf.__version__ - - -class PrivilegedAccessManagerRestInterceptor: - """Interceptor for PrivilegedAccessManager. - - Interceptors are used to manipulate requests, request metadata, and responses - in arbitrary ways. - Example use cases include: - * Logging - * Verifying requests according to service or custom semantics - * Stripping extraneous information from responses - - These use cases and more can be enabled by injecting an - instance of a custom subclass when constructing the PrivilegedAccessManagerRestTransport. - - .. code-block:: python - class MyCustomPrivilegedAccessManagerInterceptor(PrivilegedAccessManagerRestInterceptor): - def pre_approve_grant(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_approve_grant(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_check_onboarding_status(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_check_onboarding_status(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_create_entitlement(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_create_entitlement(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_create_grant(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_create_grant(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_delete_entitlement(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_delete_entitlement(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_deny_grant(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_deny_grant(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_get_entitlement(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_get_entitlement(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_get_grant(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_get_grant(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_list_entitlements(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_list_entitlements(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_list_grants(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_list_grants(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_revoke_grant(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_revoke_grant(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_search_entitlements(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_search_entitlements(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_search_grants(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_search_grants(self, response): - logging.log(f"Received response: {response}") - return response - - def pre_update_entitlement(self, request, metadata): - logging.log(f"Received request: {request}") - return request, metadata - - def post_update_entitlement(self, response): - logging.log(f"Received response: {response}") - return response - - transport = PrivilegedAccessManagerRestTransport(interceptor=MyCustomPrivilegedAccessManagerInterceptor()) - client = PrivilegedAccessManagerClient(transport=transport) - - - """ - def pre_approve_grant(self, request: privilegedaccessmanager.ApproveGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ApproveGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for approve_grant - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_approve_grant(self, response: privilegedaccessmanager.Grant) -> privilegedaccessmanager.Grant: - """Post-rpc interceptor for approve_grant - - DEPRECATED. Please use the `post_approve_grant_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_approve_grant` interceptor runs - before the `post_approve_grant_with_metadata` interceptor. - """ - return response - - def post_approve_grant_with_metadata(self, response: privilegedaccessmanager.Grant, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Grant, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for approve_grant - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_approve_grant_with_metadata` - interceptor in new development instead of the `post_approve_grant` interceptor. - When both interceptors are used, this `post_approve_grant_with_metadata` interceptor runs after the - `post_approve_grant` interceptor. The (possibly modified) response returned by - `post_approve_grant` will be passed to - `post_approve_grant_with_metadata`. - """ - return response, metadata - - def pre_check_onboarding_status(self, request: privilegedaccessmanager.CheckOnboardingStatusRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.CheckOnboardingStatusRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for check_onboarding_status - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_check_onboarding_status(self, response: privilegedaccessmanager.CheckOnboardingStatusResponse) -> privilegedaccessmanager.CheckOnboardingStatusResponse: - """Post-rpc interceptor for check_onboarding_status - - DEPRECATED. Please use the `post_check_onboarding_status_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_check_onboarding_status` interceptor runs - before the `post_check_onboarding_status_with_metadata` interceptor. - """ - return response - - def post_check_onboarding_status_with_metadata(self, response: privilegedaccessmanager.CheckOnboardingStatusResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.CheckOnboardingStatusResponse, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for check_onboarding_status - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_check_onboarding_status_with_metadata` - interceptor in new development instead of the `post_check_onboarding_status` interceptor. - When both interceptors are used, this `post_check_onboarding_status_with_metadata` interceptor runs after the - `post_check_onboarding_status` interceptor. The (possibly modified) response returned by - `post_check_onboarding_status` will be passed to - `post_check_onboarding_status_with_metadata`. - """ - return response, metadata - - def pre_create_entitlement(self, request: privilegedaccessmanager.CreateEntitlementRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.CreateEntitlementRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for create_entitlement - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_create_entitlement(self, response: operations_pb2.Operation) -> operations_pb2.Operation: - """Post-rpc interceptor for create_entitlement - - DEPRECATED. Please use the `post_create_entitlement_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_create_entitlement` interceptor runs - before the `post_create_entitlement_with_metadata` interceptor. - """ - return response - - def post_create_entitlement_with_metadata(self, response: operations_pb2.Operation, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[operations_pb2.Operation, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for create_entitlement - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_create_entitlement_with_metadata` - interceptor in new development instead of the `post_create_entitlement` interceptor. - When both interceptors are used, this `post_create_entitlement_with_metadata` interceptor runs after the - `post_create_entitlement` interceptor. The (possibly modified) response returned by - `post_create_entitlement` will be passed to - `post_create_entitlement_with_metadata`. - """ - return response, metadata - - def pre_create_grant(self, request: privilegedaccessmanager.CreateGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.CreateGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for create_grant - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_create_grant(self, response: privilegedaccessmanager.Grant) -> privilegedaccessmanager.Grant: - """Post-rpc interceptor for create_grant - - DEPRECATED. Please use the `post_create_grant_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_create_grant` interceptor runs - before the `post_create_grant_with_metadata` interceptor. - """ - return response - - def post_create_grant_with_metadata(self, response: privilegedaccessmanager.Grant, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Grant, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for create_grant - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_create_grant_with_metadata` - interceptor in new development instead of the `post_create_grant` interceptor. - When both interceptors are used, this `post_create_grant_with_metadata` interceptor runs after the - `post_create_grant` interceptor. The (possibly modified) response returned by - `post_create_grant` will be passed to - `post_create_grant_with_metadata`. - """ - return response, metadata - - def pre_delete_entitlement(self, request: privilegedaccessmanager.DeleteEntitlementRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.DeleteEntitlementRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for delete_entitlement - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_delete_entitlement(self, response: operations_pb2.Operation) -> operations_pb2.Operation: - """Post-rpc interceptor for delete_entitlement - - DEPRECATED. Please use the `post_delete_entitlement_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_delete_entitlement` interceptor runs - before the `post_delete_entitlement_with_metadata` interceptor. - """ - return response - - def post_delete_entitlement_with_metadata(self, response: operations_pb2.Operation, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[operations_pb2.Operation, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for delete_entitlement - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_delete_entitlement_with_metadata` - interceptor in new development instead of the `post_delete_entitlement` interceptor. - When both interceptors are used, this `post_delete_entitlement_with_metadata` interceptor runs after the - `post_delete_entitlement` interceptor. The (possibly modified) response returned by - `post_delete_entitlement` will be passed to - `post_delete_entitlement_with_metadata`. - """ - return response, metadata - - def pre_deny_grant(self, request: privilegedaccessmanager.DenyGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.DenyGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for deny_grant - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_deny_grant(self, response: privilegedaccessmanager.Grant) -> privilegedaccessmanager.Grant: - """Post-rpc interceptor for deny_grant - - DEPRECATED. Please use the `post_deny_grant_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_deny_grant` interceptor runs - before the `post_deny_grant_with_metadata` interceptor. - """ - return response - - def post_deny_grant_with_metadata(self, response: privilegedaccessmanager.Grant, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Grant, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for deny_grant - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_deny_grant_with_metadata` - interceptor in new development instead of the `post_deny_grant` interceptor. - When both interceptors are used, this `post_deny_grant_with_metadata` interceptor runs after the - `post_deny_grant` interceptor. The (possibly modified) response returned by - `post_deny_grant` will be passed to - `post_deny_grant_with_metadata`. - """ - return response, metadata - - def pre_get_entitlement(self, request: privilegedaccessmanager.GetEntitlementRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.GetEntitlementRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for get_entitlement - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_get_entitlement(self, response: privilegedaccessmanager.Entitlement) -> privilegedaccessmanager.Entitlement: - """Post-rpc interceptor for get_entitlement - - DEPRECATED. Please use the `post_get_entitlement_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_get_entitlement` interceptor runs - before the `post_get_entitlement_with_metadata` interceptor. - """ - return response - - def post_get_entitlement_with_metadata(self, response: privilegedaccessmanager.Entitlement, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Entitlement, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for get_entitlement - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_get_entitlement_with_metadata` - interceptor in new development instead of the `post_get_entitlement` interceptor. - When both interceptors are used, this `post_get_entitlement_with_metadata` interceptor runs after the - `post_get_entitlement` interceptor. The (possibly modified) response returned by - `post_get_entitlement` will be passed to - `post_get_entitlement_with_metadata`. - """ - return response, metadata - - def pre_get_grant(self, request: privilegedaccessmanager.GetGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.GetGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for get_grant - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_get_grant(self, response: privilegedaccessmanager.Grant) -> privilegedaccessmanager.Grant: - """Post-rpc interceptor for get_grant - - DEPRECATED. Please use the `post_get_grant_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_get_grant` interceptor runs - before the `post_get_grant_with_metadata` interceptor. - """ - return response - - def post_get_grant_with_metadata(self, response: privilegedaccessmanager.Grant, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.Grant, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for get_grant - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_get_grant_with_metadata` - interceptor in new development instead of the `post_get_grant` interceptor. - When both interceptors are used, this `post_get_grant_with_metadata` interceptor runs after the - `post_get_grant` interceptor. The (possibly modified) response returned by - `post_get_grant` will be passed to - `post_get_grant_with_metadata`. - """ - return response, metadata - - def pre_list_entitlements(self, request: privilegedaccessmanager.ListEntitlementsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ListEntitlementsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for list_entitlements - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_list_entitlements(self, response: privilegedaccessmanager.ListEntitlementsResponse) -> privilegedaccessmanager.ListEntitlementsResponse: - """Post-rpc interceptor for list_entitlements - - DEPRECATED. Please use the `post_list_entitlements_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_list_entitlements` interceptor runs - before the `post_list_entitlements_with_metadata` interceptor. - """ - return response - - def post_list_entitlements_with_metadata(self, response: privilegedaccessmanager.ListEntitlementsResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ListEntitlementsResponse, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for list_entitlements - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_list_entitlements_with_metadata` - interceptor in new development instead of the `post_list_entitlements` interceptor. - When both interceptors are used, this `post_list_entitlements_with_metadata` interceptor runs after the - `post_list_entitlements` interceptor. The (possibly modified) response returned by - `post_list_entitlements` will be passed to - `post_list_entitlements_with_metadata`. - """ - return response, metadata - - def pre_list_grants(self, request: privilegedaccessmanager.ListGrantsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ListGrantsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for list_grants - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_list_grants(self, response: privilegedaccessmanager.ListGrantsResponse) -> privilegedaccessmanager.ListGrantsResponse: - """Post-rpc interceptor for list_grants - - DEPRECATED. Please use the `post_list_grants_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_list_grants` interceptor runs - before the `post_list_grants_with_metadata` interceptor. - """ - return response - - def post_list_grants_with_metadata(self, response: privilegedaccessmanager.ListGrantsResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.ListGrantsResponse, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for list_grants - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_list_grants_with_metadata` - interceptor in new development instead of the `post_list_grants` interceptor. - When both interceptors are used, this `post_list_grants_with_metadata` interceptor runs after the - `post_list_grants` interceptor. The (possibly modified) response returned by - `post_list_grants` will be passed to - `post_list_grants_with_metadata`. - """ - return response, metadata - - def pre_revoke_grant(self, request: privilegedaccessmanager.RevokeGrantRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.RevokeGrantRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for revoke_grant - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_revoke_grant(self, response: operations_pb2.Operation) -> operations_pb2.Operation: - """Post-rpc interceptor for revoke_grant - - DEPRECATED. Please use the `post_revoke_grant_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_revoke_grant` interceptor runs - before the `post_revoke_grant_with_metadata` interceptor. - """ - return response - - def post_revoke_grant_with_metadata(self, response: operations_pb2.Operation, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[operations_pb2.Operation, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for revoke_grant - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_revoke_grant_with_metadata` - interceptor in new development instead of the `post_revoke_grant` interceptor. - When both interceptors are used, this `post_revoke_grant_with_metadata` interceptor runs after the - `post_revoke_grant` interceptor. The (possibly modified) response returned by - `post_revoke_grant` will be passed to - `post_revoke_grant_with_metadata`. - """ - return response, metadata - - def pre_search_entitlements(self, request: privilegedaccessmanager.SearchEntitlementsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.SearchEntitlementsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for search_entitlements - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_search_entitlements(self, response: privilegedaccessmanager.SearchEntitlementsResponse) -> privilegedaccessmanager.SearchEntitlementsResponse: - """Post-rpc interceptor for search_entitlements - - DEPRECATED. Please use the `post_search_entitlements_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_search_entitlements` interceptor runs - before the `post_search_entitlements_with_metadata` interceptor. - """ - return response - - def post_search_entitlements_with_metadata(self, response: privilegedaccessmanager.SearchEntitlementsResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.SearchEntitlementsResponse, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for search_entitlements - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_search_entitlements_with_metadata` - interceptor in new development instead of the `post_search_entitlements` interceptor. - When both interceptors are used, this `post_search_entitlements_with_metadata` interceptor runs after the - `post_search_entitlements` interceptor. The (possibly modified) response returned by - `post_search_entitlements` will be passed to - `post_search_entitlements_with_metadata`. - """ - return response, metadata - - def pre_search_grants(self, request: privilegedaccessmanager.SearchGrantsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.SearchGrantsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for search_grants - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_search_grants(self, response: privilegedaccessmanager.SearchGrantsResponse) -> privilegedaccessmanager.SearchGrantsResponse: - """Post-rpc interceptor for search_grants - - DEPRECATED. Please use the `post_search_grants_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_search_grants` interceptor runs - before the `post_search_grants_with_metadata` interceptor. - """ - return response - - def post_search_grants_with_metadata(self, response: privilegedaccessmanager.SearchGrantsResponse, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.SearchGrantsResponse, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for search_grants - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_search_grants_with_metadata` - interceptor in new development instead of the `post_search_grants` interceptor. - When both interceptors are used, this `post_search_grants_with_metadata` interceptor runs after the - `post_search_grants` interceptor. The (possibly modified) response returned by - `post_search_grants` will be passed to - `post_search_grants_with_metadata`. - """ - return response, metadata - - def pre_update_entitlement(self, request: privilegedaccessmanager.UpdateEntitlementRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[privilegedaccessmanager.UpdateEntitlementRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for update_entitlement - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_update_entitlement(self, response: operations_pb2.Operation) -> operations_pb2.Operation: - """Post-rpc interceptor for update_entitlement - - DEPRECATED. Please use the `post_update_entitlement_with_metadata` - interceptor instead. - - Override in a subclass to read or manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. This `post_update_entitlement` interceptor runs - before the `post_update_entitlement_with_metadata` interceptor. - """ - return response - - def post_update_entitlement_with_metadata(self, response: operations_pb2.Operation, metadata: Sequence[Tuple[str, Union[str, bytes]]]) -> Tuple[operations_pb2.Operation, Sequence[Tuple[str, Union[str, bytes]]]]: - """Post-rpc interceptor for update_entitlement - - Override in a subclass to read or manipulate the response or metadata after it - is returned by the PrivilegedAccessManager server but before it is returned to user code. - - We recommend only using this `post_update_entitlement_with_metadata` - interceptor in new development instead of the `post_update_entitlement` interceptor. - When both interceptors are used, this `post_update_entitlement_with_metadata` interceptor runs after the - `post_update_entitlement` interceptor. The (possibly modified) response returned by - `post_update_entitlement` will be passed to - `post_update_entitlement_with_metadata`. - """ - return response, metadata - - def pre_get_location( - self, request: locations_pb2.GetLocationRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] - ) -> Tuple[locations_pb2.GetLocationRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for get_location - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_get_location( - self, response: locations_pb2.Location - ) -> locations_pb2.Location: - """Post-rpc interceptor for get_location - - Override in a subclass to manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. - """ - return response - - def pre_list_locations( - self, request: locations_pb2.ListLocationsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] - ) -> Tuple[locations_pb2.ListLocationsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for list_locations - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_list_locations( - self, response: locations_pb2.ListLocationsResponse - ) -> locations_pb2.ListLocationsResponse: - """Post-rpc interceptor for list_locations - - Override in a subclass to manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. - """ - return response - - def pre_delete_operation( - self, request: operations_pb2.DeleteOperationRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] - ) -> Tuple[operations_pb2.DeleteOperationRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for delete_operation - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_delete_operation( - self, response: None - ) -> None: - """Post-rpc interceptor for delete_operation - - Override in a subclass to manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. - """ - return response - - def pre_get_operation( - self, request: operations_pb2.GetOperationRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] - ) -> Tuple[operations_pb2.GetOperationRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for get_operation - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_get_operation( - self, response: operations_pb2.Operation - ) -> operations_pb2.Operation: - """Post-rpc interceptor for get_operation - - Override in a subclass to manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. - """ - return response - - def pre_list_operations( - self, request: operations_pb2.ListOperationsRequest, metadata: Sequence[Tuple[str, Union[str, bytes]]] - ) -> Tuple[operations_pb2.ListOperationsRequest, Sequence[Tuple[str, Union[str, bytes]]]]: - """Pre-rpc interceptor for list_operations - - Override in a subclass to manipulate the request or metadata - before they are sent to the PrivilegedAccessManager server. - """ - return request, metadata - - def post_list_operations( - self, response: operations_pb2.ListOperationsResponse - ) -> operations_pb2.ListOperationsResponse: - """Post-rpc interceptor for list_operations - - Override in a subclass to manipulate the response - after it is returned by the PrivilegedAccessManager server but before - it is returned to user code. - """ - return response - - -@dataclasses.dataclass -class PrivilegedAccessManagerRestStub: - _session: AuthorizedSession - _host: str - _interceptor: PrivilegedAccessManagerRestInterceptor - - -class PrivilegedAccessManagerRestTransport(_BasePrivilegedAccessManagerRestTransport): - """REST backend synchronous transport for PrivilegedAccessManager. - - This API allows customers to manage temporary, request based - privileged access to their resources. - - It defines the following resource model: - - - A collection of ``Entitlement`` resources. An entitlement allows - configuring (among other things): - - - Some kind of privileged access that users can request. - - A set of users called *requesters* who can request this - access. - - A maximum duration for which the access can be requested. - - An optional approval workflow which must be satisfied before - access is granted. - - - A collection of ``Grant`` resources. A grant is a request by a - requester to get the privileged access specified in an - entitlement for some duration. - - After the approval workflow as specified in the entitlement is - satisfied, the specified access is given to the requester. The - access is automatically taken back after the requested duration - is over. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends JSON representations of protocol buffers over HTTP/1.1 - """ - - def __init__(self, *, - host: str = 'privilegedaccessmanager.googleapis.com', - credentials: Optional[ga_credentials.Credentials] = None, - credentials_file: Optional[str] = None, - scopes: Optional[Sequence[str]] = None, - client_cert_source_for_mtls: Optional[Callable[[ - ], Tuple[bytes, bytes]]] = None, - quota_project_id: Optional[str] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - url_scheme: str = 'https', - interceptor: Optional[PrivilegedAccessManagerRestInterceptor] = None, - api_audience: Optional[str] = None, - ) -> None: - """Instantiate the transport. - - Args: - host (Optional[str]): - The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). - credentials (Optional[google.auth.credentials.Credentials]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - - credentials_file (Optional[str]): A file with credentials that can - be loaded with :func:`google.auth.load_credentials_from_file`. - This argument is ignored if ``channel`` is provided. - scopes (Optional(Sequence[str])): A list of scopes. This argument is - ignored if ``channel`` is provided. - client_cert_source_for_mtls (Callable[[], Tuple[bytes, bytes]]): Client - certificate to configure mutual TLS HTTP channel. It is ignored - if ``channel`` is provided. - quota_project_id (Optional[str]): An optional project to use for billing - and quota. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you are developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - url_scheme: the protocol scheme for the API endpoint. Normally - "https", but for testing or local servers, - "http" can be specified. - """ - # Run the base constructor - # TODO(yon-mg): resolve other ctor params i.e. scopes, quota, etc. - # TODO: When custom host (api_endpoint) is set, `scopes` must *also* be set on the - # credentials object - super().__init__( - host=host, - credentials=credentials, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - url_scheme=url_scheme, - api_audience=api_audience - ) - self._session = AuthorizedSession( - self._credentials, default_host=self.DEFAULT_HOST) - self._operations_client: Optional[operations_v1.AbstractOperationsClient] = None - if client_cert_source_for_mtls: - self._session.configure_mtls_channel(client_cert_source_for_mtls) - self._interceptor = interceptor or PrivilegedAccessManagerRestInterceptor() - self._prep_wrapped_messages(client_info) - - @property - def operations_client(self) -> operations_v1.AbstractOperationsClient: - """Create the client designed to process long-running operations. - - This property caches on the instance; repeated calls return the same - client. - """ - # Only create a new client if we do not already have one. - if self._operations_client is None: - http_options: Dict[str, List[Dict[str, str]]] = { - 'google.longrunning.Operations.DeleteOperation': [ - { - 'method': 'delete', - 'uri': '/v1/{name=projects/*/locations/*/operations/*}', - }, - { - 'method': 'delete', - 'uri': '/v1/{name=organizations/*/locations/*/operations/*}', - }, - { - 'method': 'delete', - 'uri': '/v1/{name=folders/*/locations/*/operations/*}', - }, - ], - 'google.longrunning.Operations.GetOperation': [ - { - 'method': 'get', - 'uri': '/v1/{name=projects/*/locations/*/operations/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=organizations/*/locations/*/operations/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=folders/*/locations/*/operations/*}', - }, - ], - 'google.longrunning.Operations.ListOperations': [ - { - 'method': 'get', - 'uri': '/v1/{name=projects/*/locations/*}/operations', - }, - { - 'method': 'get', - 'uri': '/v1/{name=organizations/*/locations/*}/operations', - }, - { - 'method': 'get', - 'uri': '/v1/{name=folders/*/locations/*}/operations', - }, - ], - } - - rest_transport = operations_v1.OperationsRestTransport( - host=self._host, - # use the credentials which are saved - credentials=self._credentials, - scopes=self._scopes, - http_options=http_options, - path_prefix="v1") - - self._operations_client = operations_v1.AbstractOperationsClient(transport=rest_transport) - - # Return the client from cache. - return self._operations_client - - class _ApproveGrant(_BasePrivilegedAccessManagerRestTransport._BaseApproveGrant, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.ApproveGrant") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - data=body, - ) - return response - - def __call__(self, - request: privilegedaccessmanager.ApproveGrantRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.Grant: - r"""Call the approve grant method over HTTP. - - Args: - request (~.privilegedaccessmanager.ApproveGrantRequest): - The request object. Request message for ``ApproveGrant`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_http_options() - - request, metadata = self._interceptor.pre_approve_grant(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_transcoded_request(http_options, request) - - body = _BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_request_body_json(transcoded_request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ApproveGrant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ApproveGrant", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._ApproveGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.Grant() - pb_resp = privilegedaccessmanager.Grant.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_approve_grant(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_approve_grant_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.Grant.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.approve_grant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ApproveGrant", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _CheckOnboardingStatus(_BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.CheckOnboardingStatus") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: privilegedaccessmanager.CheckOnboardingStatusRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.CheckOnboardingStatusResponse: - r"""Call the check onboarding status method over HTTP. - - Args: - request (~.privilegedaccessmanager.CheckOnboardingStatusRequest): - The request object. Request message for ``CheckOnboardingStatus`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.CheckOnboardingStatusResponse: - Response message for ``CheckOnboardingStatus`` method. - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus._get_http_options() - - request, metadata = self._interceptor.pre_check_onboarding_status(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.CheckOnboardingStatus", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "CheckOnboardingStatus", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._CheckOnboardingStatus._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.CheckOnboardingStatusResponse() - pb_resp = privilegedaccessmanager.CheckOnboardingStatusResponse.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_check_onboarding_status(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_check_onboarding_status_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.CheckOnboardingStatusResponse.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.check_onboarding_status", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "CheckOnboardingStatus", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _CreateEntitlement(_BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.CreateEntitlement") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - data=body, - ) - return response - - def __call__(self, - request: privilegedaccessmanager.CreateEntitlementRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> operations_pb2.Operation: - r"""Call the create entitlement method over HTTP. - - Args: - request (~.privilegedaccessmanager.CreateEntitlementRequest): - The request object. Message for creating an entitlement. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.operations_pb2.Operation: - This resource represents a - long-running operation that is the - result of a network API call. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_http_options() - - request, metadata = self._interceptor.pre_create_entitlement(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_transcoded_request(http_options, request) - - body = _BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_request_body_json(transcoded_request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.CreateEntitlement", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "CreateEntitlement", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._CreateEntitlement._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = operations_pb2.Operation() - json_format.Parse(response.content, resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_create_entitlement(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_create_entitlement_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = json_format.MessageToJson(resp) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.create_entitlement", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "CreateEntitlement", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _CreateGrant(_BasePrivilegedAccessManagerRestTransport._BaseCreateGrant, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.CreateGrant") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - data=body, - ) - return response - - def __call__(self, - request: privilegedaccessmanager.CreateGrantRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.Grant: - r"""Call the create grant method over HTTP. - - Args: - request (~.privilegedaccessmanager.CreateGrantRequest): - The request object. Message for creating a grant - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_http_options() - - request, metadata = self._interceptor.pre_create_grant(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_transcoded_request(http_options, request) - - body = _BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_request_body_json(transcoded_request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.CreateGrant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "CreateGrant", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._CreateGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.Grant() - pb_resp = privilegedaccessmanager.Grant.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_create_grant(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_create_grant_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.Grant.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.create_grant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "CreateGrant", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _DeleteEntitlement(_BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.DeleteEntitlement") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: privilegedaccessmanager.DeleteEntitlementRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> operations_pb2.Operation: - r"""Call the delete entitlement method over HTTP. - - Args: - request (~.privilegedaccessmanager.DeleteEntitlementRequest): - The request object. Message for deleting an entitlement. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.operations_pb2.Operation: - This resource represents a - long-running operation that is the - result of a network API call. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement._get_http_options() - - request, metadata = self._interceptor.pre_delete_entitlement(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.DeleteEntitlement", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "DeleteEntitlement", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._DeleteEntitlement._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = operations_pb2.Operation() - json_format.Parse(response.content, resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_delete_entitlement(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_delete_entitlement_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = json_format.MessageToJson(resp) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.delete_entitlement", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "DeleteEntitlement", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _DenyGrant(_BasePrivilegedAccessManagerRestTransport._BaseDenyGrant, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.DenyGrant") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - data=body, - ) - return response - - def __call__(self, - request: privilegedaccessmanager.DenyGrantRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.Grant: - r"""Call the deny grant method over HTTP. - - Args: - request (~.privilegedaccessmanager.DenyGrantRequest): - The request object. Request message for ``DenyGrant`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_http_options() - - request, metadata = self._interceptor.pre_deny_grant(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_transcoded_request(http_options, request) - - body = _BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_request_body_json(transcoded_request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.DenyGrant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "DenyGrant", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._DenyGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.Grant() - pb_resp = privilegedaccessmanager.Grant.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_deny_grant(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_deny_grant_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.Grant.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.deny_grant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "DenyGrant", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _GetEntitlement(_BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.GetEntitlement") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: privilegedaccessmanager.GetEntitlementRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.Entitlement: - r"""Call the get entitlement method over HTTP. - - Args: - request (~.privilegedaccessmanager.GetEntitlementRequest): - The request object. Message for getting an entitlement. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.Entitlement: - An entitlement defines the - eligibility of a set of users to obtain - predefined access for some time possibly - after going through an approval - workflow. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement._get_http_options() - - request, metadata = self._interceptor.pre_get_entitlement(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.GetEntitlement", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "GetEntitlement", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._GetEntitlement._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.Entitlement() - pb_resp = privilegedaccessmanager.Entitlement.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_get_entitlement(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_get_entitlement_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.Entitlement.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.get_entitlement", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "GetEntitlement", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _GetGrant(_BasePrivilegedAccessManagerRestTransport._BaseGetGrant, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.GetGrant") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: privilegedaccessmanager.GetGrantRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.Grant: - r"""Call the get grant method over HTTP. - - Args: - request (~.privilegedaccessmanager.GetGrantRequest): - The request object. Message for getting a grant. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.Grant: - A grant represents a request from a - user for obtaining the access specified - in an entitlement they are eligible for. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseGetGrant._get_http_options() - - request, metadata = self._interceptor.pre_get_grant(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseGetGrant._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseGetGrant._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.GetGrant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "GetGrant", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._GetGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.Grant() - pb_resp = privilegedaccessmanager.Grant.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_get_grant(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_get_grant_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.Grant.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.get_grant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "GetGrant", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _ListEntitlements(_BasePrivilegedAccessManagerRestTransport._BaseListEntitlements, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.ListEntitlements") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: privilegedaccessmanager.ListEntitlementsRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.ListEntitlementsResponse: - r"""Call the list entitlements method over HTTP. - - Args: - request (~.privilegedaccessmanager.ListEntitlementsRequest): - The request object. Message for requesting list of - entitlements. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.ListEntitlementsResponse: - Message for response to listing - entitlements. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseListEntitlements._get_http_options() - - request, metadata = self._interceptor.pre_list_entitlements(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseListEntitlements._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseListEntitlements._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ListEntitlements", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ListEntitlements", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._ListEntitlements._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.ListEntitlementsResponse() - pb_resp = privilegedaccessmanager.ListEntitlementsResponse.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_list_entitlements(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_list_entitlements_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.ListEntitlementsResponse.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.list_entitlements", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ListEntitlements", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _ListGrants(_BasePrivilegedAccessManagerRestTransport._BaseListGrants, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.ListGrants") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: privilegedaccessmanager.ListGrantsRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.ListGrantsResponse: - r"""Call the list grants method over HTTP. - - Args: - request (~.privilegedaccessmanager.ListGrantsRequest): - The request object. Message for requesting list of - grants. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.ListGrantsResponse: - Message for response to listing - grants. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseListGrants._get_http_options() - - request, metadata = self._interceptor.pre_list_grants(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseListGrants._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseListGrants._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ListGrants", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ListGrants", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._ListGrants._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.ListGrantsResponse() - pb_resp = privilegedaccessmanager.ListGrantsResponse.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_list_grants(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_list_grants_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.ListGrantsResponse.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.list_grants", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ListGrants", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _RevokeGrant(_BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.RevokeGrant") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - data=body, - ) - return response - - def __call__(self, - request: privilegedaccessmanager.RevokeGrantRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> operations_pb2.Operation: - r"""Call the revoke grant method over HTTP. - - Args: - request (~.privilegedaccessmanager.RevokeGrantRequest): - The request object. Request message for ``RevokeGrant`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.operations_pb2.Operation: - This resource represents a - long-running operation that is the - result of a network API call. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_http_options() - - request, metadata = self._interceptor.pre_revoke_grant(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_transcoded_request(http_options, request) - - body = _BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_request_body_json(transcoded_request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.RevokeGrant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "RevokeGrant", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._RevokeGrant._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = operations_pb2.Operation() - json_format.Parse(response.content, resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_revoke_grant(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_revoke_grant_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = json_format.MessageToJson(resp) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.revoke_grant", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "RevokeGrant", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _SearchEntitlements(_BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.SearchEntitlements") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: privilegedaccessmanager.SearchEntitlementsRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.SearchEntitlementsResponse: - r"""Call the search entitlements method over HTTP. - - Args: - request (~.privilegedaccessmanager.SearchEntitlementsRequest): - The request object. Request message for ``SearchEntitlements`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.SearchEntitlementsResponse: - Response message for ``SearchEntitlements`` method. - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements._get_http_options() - - request, metadata = self._interceptor.pre_search_entitlements(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.SearchEntitlements", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "SearchEntitlements", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._SearchEntitlements._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.SearchEntitlementsResponse() - pb_resp = privilegedaccessmanager.SearchEntitlementsResponse.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_search_entitlements(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_search_entitlements_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.SearchEntitlementsResponse.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.search_entitlements", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "SearchEntitlements", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _SearchGrants(_BasePrivilegedAccessManagerRestTransport._BaseSearchGrants, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.SearchGrants") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: privilegedaccessmanager.SearchGrantsRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> privilegedaccessmanager.SearchGrantsResponse: - r"""Call the search grants method over HTTP. - - Args: - request (~.privilegedaccessmanager.SearchGrantsRequest): - The request object. Request message for ``SearchGrants`` method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.privilegedaccessmanager.SearchGrantsResponse: - Response message for ``SearchGrants`` method. - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseSearchGrants._get_http_options() - - request, metadata = self._interceptor.pre_search_grants(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseSearchGrants._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseSearchGrants._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = type(request).to_json(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.SearchGrants", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "SearchGrants", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._SearchGrants._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = privilegedaccessmanager.SearchGrantsResponse() - pb_resp = privilegedaccessmanager.SearchGrantsResponse.pb(resp) - - json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_search_grants(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_search_grants_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = privilegedaccessmanager.SearchGrantsResponse.to_json(response) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.search_grants", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "SearchGrants", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - class _UpdateEntitlement(_BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.UpdateEntitlement") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - data=body, - ) - return response - - def __call__(self, - request: privilegedaccessmanager.UpdateEntitlementRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> operations_pb2.Operation: - r"""Call the update entitlement method over HTTP. - - Args: - request (~.privilegedaccessmanager.UpdateEntitlementRequest): - The request object. Message for updating an entitlement. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - ~.operations_pb2.Operation: - This resource represents a - long-running operation that is the - result of a network API call. - - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_http_options() - - request, metadata = self._interceptor.pre_update_entitlement(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_transcoded_request(http_options, request) - - body = _BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_request_body_json(transcoded_request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.UpdateEntitlement", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "UpdateEntitlement", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._UpdateEntitlement._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request, body) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - # Return the response - resp = operations_pb2.Operation() - json_format.Parse(response.content, resp, ignore_unknown_fields=True) - - resp = self._interceptor.post_update_entitlement(resp) - response_metadata = [(k, str(v)) for k, v in response.headers.items()] - resp, _ = self._interceptor.post_update_entitlement_with_metadata(resp, response_metadata) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = json_format.MessageToJson(resp) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.update_entitlement", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "UpdateEntitlement", - "metadata": http_response["headers"], - "httpResponse": http_response, - }, - ) - return resp - - @property - def approve_grant(self) -> Callable[ - [privilegedaccessmanager.ApproveGrantRequest], - privilegedaccessmanager.Grant]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._ApproveGrant(self._session, self._host, self._interceptor) # type: ignore - - @property - def check_onboarding_status(self) -> Callable[ - [privilegedaccessmanager.CheckOnboardingStatusRequest], - privilegedaccessmanager.CheckOnboardingStatusResponse]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._CheckOnboardingStatus(self._session, self._host, self._interceptor) # type: ignore - - @property - def create_entitlement(self) -> Callable[ - [privilegedaccessmanager.CreateEntitlementRequest], - operations_pb2.Operation]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._CreateEntitlement(self._session, self._host, self._interceptor) # type: ignore - - @property - def create_grant(self) -> Callable[ - [privilegedaccessmanager.CreateGrantRequest], - privilegedaccessmanager.Grant]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._CreateGrant(self._session, self._host, self._interceptor) # type: ignore - - @property - def delete_entitlement(self) -> Callable[ - [privilegedaccessmanager.DeleteEntitlementRequest], - operations_pb2.Operation]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._DeleteEntitlement(self._session, self._host, self._interceptor) # type: ignore - - @property - def deny_grant(self) -> Callable[ - [privilegedaccessmanager.DenyGrantRequest], - privilegedaccessmanager.Grant]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._DenyGrant(self._session, self._host, self._interceptor) # type: ignore - - @property - def get_entitlement(self) -> Callable[ - [privilegedaccessmanager.GetEntitlementRequest], - privilegedaccessmanager.Entitlement]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._GetEntitlement(self._session, self._host, self._interceptor) # type: ignore - - @property - def get_grant(self) -> Callable[ - [privilegedaccessmanager.GetGrantRequest], - privilegedaccessmanager.Grant]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._GetGrant(self._session, self._host, self._interceptor) # type: ignore - - @property - def list_entitlements(self) -> Callable[ - [privilegedaccessmanager.ListEntitlementsRequest], - privilegedaccessmanager.ListEntitlementsResponse]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._ListEntitlements(self._session, self._host, self._interceptor) # type: ignore - - @property - def list_grants(self) -> Callable[ - [privilegedaccessmanager.ListGrantsRequest], - privilegedaccessmanager.ListGrantsResponse]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._ListGrants(self._session, self._host, self._interceptor) # type: ignore - - @property - def revoke_grant(self) -> Callable[ - [privilegedaccessmanager.RevokeGrantRequest], - operations_pb2.Operation]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._RevokeGrant(self._session, self._host, self._interceptor) # type: ignore - - @property - def search_entitlements(self) -> Callable[ - [privilegedaccessmanager.SearchEntitlementsRequest], - privilegedaccessmanager.SearchEntitlementsResponse]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._SearchEntitlements(self._session, self._host, self._interceptor) # type: ignore - - @property - def search_grants(self) -> Callable[ - [privilegedaccessmanager.SearchGrantsRequest], - privilegedaccessmanager.SearchGrantsResponse]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._SearchGrants(self._session, self._host, self._interceptor) # type: ignore - - @property - def update_entitlement(self) -> Callable[ - [privilegedaccessmanager.UpdateEntitlementRequest], - operations_pb2.Operation]: - # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. - # In C++ this would require a dynamic_cast - return self._UpdateEntitlement(self._session, self._host, self._interceptor) # type: ignore - - @property - def get_location(self): - return self._GetLocation(self._session, self._host, self._interceptor) # type: ignore - - class _GetLocation(_BasePrivilegedAccessManagerRestTransport._BaseGetLocation, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.GetLocation") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: locations_pb2.GetLocationRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> locations_pb2.Location: - - r"""Call the get location method over HTTP. - - Args: - request (locations_pb2.GetLocationRequest): - The request object for GetLocation method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - locations_pb2.Location: Response from GetLocation method. - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseGetLocation._get_http_options() - - request, metadata = self._interceptor.pre_get_location(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseGetLocation._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseGetLocation._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.GetLocation", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "GetLocation", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._GetLocation._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - content = response.content.decode("utf-8") - resp = locations_pb2.Location() - resp = json_format.Parse(content, resp) - resp = self._interceptor.post_get_location(resp) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = json_format.MessageToJson(resp) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.GetLocation", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "GetLocation", - "httpResponse": http_response, - "metadata": http_response["headers"], - }, - ) - return resp - - @property - def list_locations(self): - return self._ListLocations(self._session, self._host, self._interceptor) # type: ignore - - class _ListLocations(_BasePrivilegedAccessManagerRestTransport._BaseListLocations, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.ListLocations") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: locations_pb2.ListLocationsRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> locations_pb2.ListLocationsResponse: - - r"""Call the list locations method over HTTP. - - Args: - request (locations_pb2.ListLocationsRequest): - The request object for ListLocations method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - locations_pb2.ListLocationsResponse: Response from ListLocations method. - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseListLocations._get_http_options() - - request, metadata = self._interceptor.pre_list_locations(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseListLocations._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseListLocations._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ListLocations", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ListLocations", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._ListLocations._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - content = response.content.decode("utf-8") - resp = locations_pb2.ListLocationsResponse() - resp = json_format.Parse(content, resp) - resp = self._interceptor.post_list_locations(resp) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = json_format.MessageToJson(resp) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.ListLocations", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ListLocations", - "httpResponse": http_response, - "metadata": http_response["headers"], - }, - ) - return resp - - @property - def delete_operation(self): - return self._DeleteOperation(self._session, self._host, self._interceptor) # type: ignore - - class _DeleteOperation(_BasePrivilegedAccessManagerRestTransport._BaseDeleteOperation, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.DeleteOperation") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: operations_pb2.DeleteOperationRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> None: - - r"""Call the delete operation method over HTTP. - - Args: - request (operations_pb2.DeleteOperationRequest): - The request object for DeleteOperation method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseDeleteOperation._get_http_options() - - request, metadata = self._interceptor.pre_delete_operation(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseDeleteOperation._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseDeleteOperation._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.DeleteOperation", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "DeleteOperation", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._DeleteOperation._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - return self._interceptor.post_delete_operation(None) - - @property - def get_operation(self): - return self._GetOperation(self._session, self._host, self._interceptor) # type: ignore - - class _GetOperation(_BasePrivilegedAccessManagerRestTransport._BaseGetOperation, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.GetOperation") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: operations_pb2.GetOperationRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> operations_pb2.Operation: - - r"""Call the get operation method over HTTP. - - Args: - request (operations_pb2.GetOperationRequest): - The request object for GetOperation method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - operations_pb2.Operation: Response from GetOperation method. - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseGetOperation._get_http_options() - - request, metadata = self._interceptor.pre_get_operation(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseGetOperation._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseGetOperation._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.GetOperation", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "GetOperation", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._GetOperation._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - content = response.content.decode("utf-8") - resp = operations_pb2.Operation() - resp = json_format.Parse(content, resp) - resp = self._interceptor.post_get_operation(resp) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = json_format.MessageToJson(resp) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.GetOperation", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "GetOperation", - "httpResponse": http_response, - "metadata": http_response["headers"], - }, - ) - return resp - - @property - def list_operations(self): - return self._ListOperations(self._session, self._host, self._interceptor) # type: ignore - - class _ListOperations(_BasePrivilegedAccessManagerRestTransport._BaseListOperations, PrivilegedAccessManagerRestStub): - def __hash__(self): - return hash("PrivilegedAccessManagerRestTransport.ListOperations") - - @staticmethod - def _get_response( - host, - metadata, - query_params, - session, - timeout, - transcoded_request, - body=None): - - uri = transcoded_request['uri'] - method = transcoded_request['method'] - headers = dict(metadata) - headers['Content-Type'] = 'application/json' - response = getattr(session, method)( - "{host}{uri}".format(host=host, uri=uri), - timeout=timeout, - headers=headers, - params=rest_helpers.flatten_query_params(query_params, strict=True), - ) - return response - - def __call__(self, - request: operations_pb2.ListOperationsRequest, *, - retry: OptionalRetry=gapic_v1.method.DEFAULT, - timeout: Optional[float]=None, - metadata: Sequence[Tuple[str, Union[str, bytes]]]=(), - ) -> operations_pb2.ListOperationsResponse: - - r"""Call the list operations method over HTTP. - - Args: - request (operations_pb2.ListOperationsRequest): - The request object for ListOperations method. - retry (google.api_core.retry.Retry): Designation of what errors, if any, - should be retried. - timeout (float): The timeout for this request. - metadata (Sequence[Tuple[str, Union[str, bytes]]]): Key/value pairs which should be - sent along with the request as metadata. Normally, each value must be of type `str`, - but for metadata keys ending with the suffix `-bin`, the corresponding values must - be of type `bytes`. - - Returns: - operations_pb2.ListOperationsResponse: Response from ListOperations method. - """ - - http_options = _BasePrivilegedAccessManagerRestTransport._BaseListOperations._get_http_options() - - request, metadata = self._interceptor.pre_list_operations(request, metadata) - transcoded_request = _BasePrivilegedAccessManagerRestTransport._BaseListOperations._get_transcoded_request(http_options, request) - - # Jsonify the query params - query_params = _BasePrivilegedAccessManagerRestTransport._BaseListOperations._get_query_params_json(transcoded_request) - - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - request_url = "{host}{uri}".format(host=self._host, uri=transcoded_request['uri']) - method = transcoded_request['method'] - try: - request_payload = json_format.MessageToJson(request) - except: - request_payload = None - http_request = { - "payload": request_payload, - "requestMethod": method, - "requestUrl": request_url, - "headers": dict(metadata), - } - _LOGGER.debug( - f"Sending request for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.ListOperations", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ListOperations", - "httpRequest": http_request, - "metadata": http_request["headers"], - }, - ) - - # Send the request - response = PrivilegedAccessManagerRestTransport._ListOperations._get_response(self._host, metadata, query_params, self._session, timeout, transcoded_request) - - # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception - # subclass. - if response.status_code >= 400: - raise core_exceptions.from_http_response(response) - - content = response.content.decode("utf-8") - resp = operations_pb2.ListOperationsResponse() - resp = json_format.Parse(content, resp) - resp = self._interceptor.post_list_operations(resp) - if CLIENT_LOGGING_SUPPORTED and _LOGGER.isEnabledFor(logging.DEBUG): # pragma: NO COVER - try: - response_payload = json_format.MessageToJson(resp) - except: - response_payload = None - http_response = { - "payload": response_payload, - "headers": dict(response.headers), - "status": response.status_code, - } - _LOGGER.debug( - "Received response for google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.ListOperations", - extra = { - "serviceName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "rpcName": "ListOperations", - "httpResponse": http_response, - "metadata": http_response["headers"], - }, - ) - return resp - - @property - def kind(self) -> str: - return "rest" - - def close(self): - self._session.close() - - -__all__=( - 'PrivilegedAccessManagerRestTransport', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest_base.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest_base.py deleted file mode 100644 index 3981acc8c7b0..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/transports/rest_base.py +++ /dev/null @@ -1,960 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import json # type: ignore -from google.api_core import path_template -from google.api_core import gapic_v1 - -from google.protobuf import json_format -from google.cloud.location import locations_pb2 # type: ignore -from .base import PrivilegedAccessManagerTransport, DEFAULT_CLIENT_INFO - -import re -from typing import Any, Callable, Dict, List, Optional, Sequence, Tuple, Union - - -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager -from google.longrunning import operations_pb2 # type: ignore - - -class _BasePrivilegedAccessManagerRestTransport(PrivilegedAccessManagerTransport): - """Base REST backend transport for PrivilegedAccessManager. - - Note: This class is not meant to be used directly. Use its sync and - async sub-classes instead. - - This class defines the same methods as the primary client, so the - primary client can load the underlying transport implementation - and call it. - - It sends JSON representations of protocol buffers over HTTP/1.1 - """ - - def __init__(self, *, - host: str = 'privilegedaccessmanager.googleapis.com', - credentials: Optional[Any] = None, - client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, - always_use_jwt_access: Optional[bool] = False, - url_scheme: str = 'https', - api_audience: Optional[str] = None, - ) -> None: - """Instantiate the transport. - Args: - host (Optional[str]): - The hostname to connect to (default: 'privilegedaccessmanager.googleapis.com'). - credentials (Optional[Any]): The - authorization credentials to attach to requests. These - credentials identify the application to the service; if none - are specified, the client will attempt to ascertain the - credentials from the environment. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you are developing - your own client library. - always_use_jwt_access (Optional[bool]): Whether self signed JWT should - be used for service account credentials. - url_scheme: the protocol scheme for the API endpoint. Normally - "https", but for testing or local servers, - "http" can be specified. - """ - # Run the base constructor - maybe_url_match = re.match("^(?Phttp(?:s)?://)?(?P.*)$", host) - if maybe_url_match is None: - raise ValueError(f"Unexpected hostname structure: {host}") # pragma: NO COVER - - url_match_items = maybe_url_match.groupdict() - - host = f"{url_scheme}://{host}" if not url_match_items["scheme"] else host - - super().__init__( - host=host, - credentials=credentials, - client_info=client_info, - always_use_jwt_access=always_use_jwt_access, - api_audience=api_audience - ) - - class _BaseApproveGrant: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'post', - 'uri': '/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:approve', - 'body': '*', - }, - { - 'method': 'post', - 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:approve', - 'body': '*', - }, - { - 'method': 'post', - 'uri': '/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:approve', - 'body': '*', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.ApproveGrantRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_request_body_json(transcoded_request): - # Jsonify the request body - - body = json_format.MessageToJson( - transcoded_request['body'], - use_integers_for_enums=True - ) - return body - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseApproveGrant._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseCheckOnboardingStatus: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{parent=projects/*/locations/*}:checkOnboardingStatus', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=organizations/*/locations/*}:checkOnboardingStatus', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=folders/*/locations/*}:checkOnboardingStatus', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.CheckOnboardingStatusRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseCheckOnboardingStatus._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseCreateEntitlement: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - "entitlementId" : "", } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'post', - 'uri': '/v1/{parent=projects/*/locations/*}/entitlements', - 'body': 'entitlement', - }, - { - 'method': 'post', - 'uri': '/v1/{parent=organizations/*/locations/*}/entitlements', - 'body': 'entitlement', - }, - { - 'method': 'post', - 'uri': '/v1/{parent=folders/*/locations/*}/entitlements', - 'body': 'entitlement', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.CreateEntitlementRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_request_body_json(transcoded_request): - # Jsonify the request body - - body = json_format.MessageToJson( - transcoded_request['body'], - use_integers_for_enums=True - ) - return body - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseCreateEntitlement._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseCreateGrant: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'post', - 'uri': '/v1/{parent=projects/*/locations/*/entitlements/*}/grants', - 'body': 'grant', - }, - { - 'method': 'post', - 'uri': '/v1/{parent=organizations/*/locations/*/entitlements/*}/grants', - 'body': 'grant', - }, - { - 'method': 'post', - 'uri': '/v1/{parent=folders/*/locations/*/entitlements/*}/grants', - 'body': 'grant', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.CreateGrantRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_request_body_json(transcoded_request): - # Jsonify the request body - - body = json_format.MessageToJson( - transcoded_request['body'], - use_integers_for_enums=True - ) - return body - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseCreateGrant._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseDeleteEntitlement: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'delete', - 'uri': '/v1/{name=projects/*/locations/*/entitlements/*}', - }, - { - 'method': 'delete', - 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*}', - }, - { - 'method': 'delete', - 'uri': '/v1/{name=folders/*/locations/*/entitlements/*}', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.DeleteEntitlementRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseDeleteEntitlement._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseDenyGrant: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'post', - 'uri': '/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:deny', - 'body': '*', - }, - { - 'method': 'post', - 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:deny', - 'body': '*', - }, - { - 'method': 'post', - 'uri': '/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:deny', - 'body': '*', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.DenyGrantRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_request_body_json(transcoded_request): - # Jsonify the request body - - body = json_format.MessageToJson( - transcoded_request['body'], - use_integers_for_enums=True - ) - return body - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseDenyGrant._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseGetEntitlement: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{name=projects/*/locations/*/entitlements/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=folders/*/locations/*/entitlements/*}', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.GetEntitlementRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseGetEntitlement._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseGetGrant: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{name=projects/*/locations/*/entitlements/*/grants/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=folders/*/locations/*/entitlements/*/grants/*}', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.GetGrantRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseGetGrant._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseListEntitlements: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{parent=projects/*/locations/*}/entitlements', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=organizations/*/locations/*}/entitlements', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=folders/*/locations/*}/entitlements', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.ListEntitlementsRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseListEntitlements._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseListGrants: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{parent=projects/*/locations/*/entitlements/*}/grants', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=organizations/*/locations/*/entitlements/*}/grants', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=folders/*/locations/*/entitlements/*}/grants', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.ListGrantsRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseListGrants._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseRevokeGrant: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'post', - 'uri': '/v1/{name=projects/*/locations/*/entitlements/*/grants/*}:revoke', - 'body': '*', - }, - { - 'method': 'post', - 'uri': '/v1/{name=organizations/*/locations/*/entitlements/*/grants/*}:revoke', - 'body': '*', - }, - { - 'method': 'post', - 'uri': '/v1/{name=folders/*/locations/*/entitlements/*/grants/*}:revoke', - 'body': '*', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.RevokeGrantRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_request_body_json(transcoded_request): - # Jsonify the request body - - body = json_format.MessageToJson( - transcoded_request['body'], - use_integers_for_enums=True - ) - return body - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseRevokeGrant._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseSearchEntitlements: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - "callerAccessType" : {}, } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{parent=projects/*/locations/*}/entitlements:search', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=organizations/*/locations/*}/entitlements:search', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=folders/*/locations/*}/entitlements:search', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.SearchEntitlementsRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseSearchEntitlements._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseSearchGrants: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - "callerRelationship" : {}, } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{parent=projects/*/locations/*/entitlements/*}/grants:search', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=organizations/*/locations/*/entitlements/*}/grants:search', - }, - { - 'method': 'get', - 'uri': '/v1/{parent=folders/*/locations/*/entitlements/*}/grants:search', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.SearchGrantsRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseSearchGrants._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseUpdateEntitlement: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = { - "updateMask" : {}, } - - @classmethod - def _get_unset_required_fields(cls, message_dict): - return {k: v for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() if k not in message_dict} - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'patch', - 'uri': '/v1/{entitlement.name=projects/*/locations/*/entitlements/*}', - 'body': 'entitlement', - }, - { - 'method': 'patch', - 'uri': '/v1/{entitlement.name=organizations/*/locations/*/entitlements/*}', - 'body': 'entitlement', - }, - { - 'method': 'patch', - 'uri': '/v1/{entitlement.name=folders/*/locations/*/entitlements/*}', - 'body': 'entitlement', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - pb_request = privilegedaccessmanager.UpdateEntitlementRequest.pb(request) - transcoded_request = path_template.transcode(http_options, pb_request) - return transcoded_request - - @staticmethod - def _get_request_body_json(transcoded_request): - # Jsonify the request body - - body = json_format.MessageToJson( - transcoded_request['body'], - use_integers_for_enums=True - ) - return body - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json_format.MessageToJson( - transcoded_request['query_params'], - use_integers_for_enums=True, - )) - query_params.update(_BasePrivilegedAccessManagerRestTransport._BaseUpdateEntitlement._get_unset_required_fields(query_params)) - - query_params["$alt"] = "json;enum-encoding=int" - return query_params - - class _BaseGetLocation: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{name=projects/*/locations/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=organizations/*/locations/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=folders/*/locations/*}', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - request_kwargs = json_format.MessageToDict(request) - transcoded_request = path_template.transcode( - http_options, **request_kwargs) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json.dumps(transcoded_request['query_params'])) - return query_params - - class _BaseListLocations: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{name=projects/*}/locations', - }, - { - 'method': 'get', - 'uri': '/v1/{name=organizations/*}/locations', - }, - { - 'method': 'get', - 'uri': '/v1/{name=folders/*}/locations', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - request_kwargs = json_format.MessageToDict(request) - transcoded_request = path_template.transcode( - http_options, **request_kwargs) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json.dumps(transcoded_request['query_params'])) - return query_params - - class _BaseDeleteOperation: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'delete', - 'uri': '/v1/{name=projects/*/locations/*/operations/*}', - }, - { - 'method': 'delete', - 'uri': '/v1/{name=organizations/*/locations/*/operations/*}', - }, - { - 'method': 'delete', - 'uri': '/v1/{name=folders/*/locations/*/operations/*}', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - request_kwargs = json_format.MessageToDict(request) - transcoded_request = path_template.transcode( - http_options, **request_kwargs) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json.dumps(transcoded_request['query_params'])) - return query_params - - class _BaseGetOperation: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{name=projects/*/locations/*/operations/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=organizations/*/locations/*/operations/*}', - }, - { - 'method': 'get', - 'uri': '/v1/{name=folders/*/locations/*/operations/*}', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - request_kwargs = json_format.MessageToDict(request) - transcoded_request = path_template.transcode( - http_options, **request_kwargs) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json.dumps(transcoded_request['query_params'])) - return query_params - - class _BaseListOperations: - def __hash__(self): # pragma: NO COVER - return NotImplementedError("__hash__ must be implemented.") - - @staticmethod - def _get_http_options(): - http_options: List[Dict[str, str]] = [{ - 'method': 'get', - 'uri': '/v1/{name=projects/*/locations/*}/operations', - }, - { - 'method': 'get', - 'uri': '/v1/{name=organizations/*/locations/*}/operations', - }, - { - 'method': 'get', - 'uri': '/v1/{name=folders/*/locations/*}/operations', - }, - ] - return http_options - - @staticmethod - def _get_transcoded_request(http_options, request): - request_kwargs = json_format.MessageToDict(request) - transcoded_request = path_template.transcode( - http_options, **request_kwargs) - return transcoded_request - - @staticmethod - def _get_query_params_json(transcoded_request): - query_params = json.loads(json.dumps(transcoded_request['query_params'])) - return query_params - - -__all__=( - '_BasePrivilegedAccessManagerRestTransport', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/__init__.py deleted file mode 100644 index d07dbf871098..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/__init__.py +++ /dev/null @@ -1,74 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from .privilegedaccessmanager import ( - AccessControlEntry, - ApprovalWorkflow, - ApproveGrantRequest, - CheckOnboardingStatusRequest, - CheckOnboardingStatusResponse, - CreateEntitlementRequest, - CreateGrantRequest, - DeleteEntitlementRequest, - DenyGrantRequest, - Entitlement, - GetEntitlementRequest, - GetGrantRequest, - Grant, - Justification, - ListEntitlementsRequest, - ListEntitlementsResponse, - ListGrantsRequest, - ListGrantsResponse, - ManualApprovals, - OperationMetadata, - PrivilegedAccess, - RevokeGrantRequest, - SearchEntitlementsRequest, - SearchEntitlementsResponse, - SearchGrantsRequest, - SearchGrantsResponse, - UpdateEntitlementRequest, -) - -__all__ = ( - 'AccessControlEntry', - 'ApprovalWorkflow', - 'ApproveGrantRequest', - 'CheckOnboardingStatusRequest', - 'CheckOnboardingStatusResponse', - 'CreateEntitlementRequest', - 'CreateGrantRequest', - 'DeleteEntitlementRequest', - 'DenyGrantRequest', - 'Entitlement', - 'GetEntitlementRequest', - 'GetGrantRequest', - 'Grant', - 'Justification', - 'ListEntitlementsRequest', - 'ListEntitlementsResponse', - 'ListGrantsRequest', - 'ListGrantsResponse', - 'ManualApprovals', - 'OperationMetadata', - 'PrivilegedAccess', - 'RevokeGrantRequest', - 'SearchEntitlementsRequest', - 'SearchEntitlementsResponse', - 'SearchGrantsRequest', - 'SearchGrantsResponse', - 'UpdateEntitlementRequest', -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py deleted file mode 100644 index 5b749a0d7acc..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py +++ /dev/null @@ -1,1736 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -from __future__ import annotations - -from typing import MutableMapping, MutableSequence - -import proto # type: ignore - -from google.protobuf import duration_pb2 # type: ignore -from google.protobuf import field_mask_pb2 # type: ignore -from google.protobuf import timestamp_pb2 # type: ignore -from google.rpc import status_pb2 # type: ignore - - -__protobuf__ = proto.module( - package='google.cloud.privilegedaccessmanager.v1', - manifest={ - 'CheckOnboardingStatusRequest', - 'CheckOnboardingStatusResponse', - 'Entitlement', - 'AccessControlEntry', - 'ApprovalWorkflow', - 'ManualApprovals', - 'PrivilegedAccess', - 'ListEntitlementsRequest', - 'ListEntitlementsResponse', - 'SearchEntitlementsRequest', - 'SearchEntitlementsResponse', - 'GetEntitlementRequest', - 'CreateEntitlementRequest', - 'DeleteEntitlementRequest', - 'UpdateEntitlementRequest', - 'Grant', - 'Justification', - 'ListGrantsRequest', - 'ListGrantsResponse', - 'SearchGrantsRequest', - 'SearchGrantsResponse', - 'GetGrantRequest', - 'ApproveGrantRequest', - 'DenyGrantRequest', - 'RevokeGrantRequest', - 'CreateGrantRequest', - 'OperationMetadata', - }, -) - - -class CheckOnboardingStatusRequest(proto.Message): - r"""Request message for ``CheckOnboardingStatus`` method. - - Attributes: - parent (str): - Required. The resource for which the onboarding status - should be checked. Should be in one of the following - formats: - - - ``projects/{project-number|project-id}/locations/{region}`` - - ``folders/{folder-number}/locations/{region}`` - - ``organizations/{organization-number}/locations/{region}`` - """ - - parent: str = proto.Field( - proto.STRING, - number=1, - ) - - -class CheckOnboardingStatusResponse(proto.Message): - r"""Response message for ``CheckOnboardingStatus`` method. - - Attributes: - service_account (str): - The service account that PAM uses to act on - this resource. - findings (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse.Finding]): - List of issues that are preventing PAM from - functioning for this resource and need to be - fixed to complete onboarding. Some issues might - not be detected or reported. - """ - - class Finding(proto.Message): - r"""Finding represents an issue which prevents PAM from - functioning properly for this resource. - - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - iam_access_denied (google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse.Finding.IAMAccessDenied): - PAM's service account is being denied access - by Cloud IAM. - - This field is a member of `oneof`_ ``finding_type``. - """ - - class IAMAccessDenied(proto.Message): - r"""PAM's service account is being denied access by Cloud IAM. - This can be fixed by granting a role that contains the missing - permissions to the service account or exempting it from deny - policies if they are blocking the access. - - Attributes: - missing_permissions (MutableSequence[str]): - List of permissions that are being denied. - """ - - missing_permissions: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=1, - ) - - iam_access_denied: 'CheckOnboardingStatusResponse.Finding.IAMAccessDenied' = proto.Field( - proto.MESSAGE, - number=1, - oneof='finding_type', - message='CheckOnboardingStatusResponse.Finding.IAMAccessDenied', - ) - - service_account: str = proto.Field( - proto.STRING, - number=1, - ) - findings: MutableSequence[Finding] = proto.RepeatedField( - proto.MESSAGE, - number=2, - message=Finding, - ) - - -class Entitlement(proto.Message): - r"""An entitlement defines the eligibility of a set of users to - obtain predefined access for some time possibly after going - through an approval workflow. - - Attributes: - name (str): - Identifier. Name of the entitlement. Possible formats: - - - ``organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}`` - - ``folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}`` - - ``projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}`` - create_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. Create time stamp. - update_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. Update time stamp. - eligible_users (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.AccessControlEntry]): - Optional. Who can create grants using this - entitlement. This list should contain at most - one entry. - approval_workflow (google.cloud.privilegedaccessmanager_v1.types.ApprovalWorkflow): - Optional. The approvals needed before access - are granted to a requester. No approvals are - needed if this field is null. - privileged_access (google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess): - The access granted to a requester on - successful approval. - max_request_duration (google.protobuf.duration_pb2.Duration): - Required. The maximum amount of time that - access is granted for a request. A requester can - ask for a duration less than this, but never - more. - state (google.cloud.privilegedaccessmanager_v1.types.Entitlement.State): - Output only. Current state of this - entitlement. - requester_justification_config (google.cloud.privilegedaccessmanager_v1.types.Entitlement.RequesterJustificationConfig): - Required. The manner in which the requester - should provide a justification for requesting - access. - additional_notification_targets (google.cloud.privilegedaccessmanager_v1.types.Entitlement.AdditionalNotificationTargets): - Optional. Additional email addresses to be - notified based on actions taken. - etag (str): - An ``etag`` is used for optimistic concurrency control as a - way to prevent simultaneous updates to the same entitlement. - An ``etag`` is returned in the response to - ``GetEntitlement`` and the caller should put the ``etag`` in - the request to ``UpdateEntitlement`` so that their change is - applied on the same version. If this field is omitted or if - there is a mismatch while updating an entitlement, then the - server rejects the request. - """ - class State(proto.Enum): - r"""Different states an entitlement can be in. - - Values: - STATE_UNSPECIFIED (0): - Unspecified state. This value is never - returned by the server. - CREATING (1): - The entitlement is being created. - AVAILABLE (2): - The entitlement is available for requesting - access. - DELETING (3): - The entitlement is being deleted. - DELETED (4): - The entitlement has been deleted. - UPDATING (5): - The entitlement is being updated. - """ - STATE_UNSPECIFIED = 0 - CREATING = 1 - AVAILABLE = 2 - DELETING = 3 - DELETED = 4 - UPDATING = 5 - - class RequesterJustificationConfig(proto.Message): - r"""Defines how a requester must provide a justification when - requesting access. - - This message has `oneof`_ fields (mutually exclusive fields). - For each oneof, at most one member field can be set at the same time. - Setting any member of the oneof automatically clears all other - members. - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - not_mandatory (google.cloud.privilegedaccessmanager_v1.types.Entitlement.RequesterJustificationConfig.NotMandatory): - This option means the requester isn't - required to provide a justification. - - This field is a member of `oneof`_ ``justification_type``. - unstructured (google.cloud.privilegedaccessmanager_v1.types.Entitlement.RequesterJustificationConfig.Unstructured): - This option means the requester must provide - a string as justification. If this is selected, - the server allows the requester to provide a - justification but doesn't validate it. - - This field is a member of `oneof`_ ``justification_type``. - """ - - class NotMandatory(proto.Message): - r"""The justification is not mandatory but can be provided in any - of the supported formats. - - """ - - class Unstructured(proto.Message): - r"""The requester has to provide a justification in the form of a - string. - - """ - - not_mandatory: 'Entitlement.RequesterJustificationConfig.NotMandatory' = proto.Field( - proto.MESSAGE, - number=1, - oneof='justification_type', - message='Entitlement.RequesterJustificationConfig.NotMandatory', - ) - unstructured: 'Entitlement.RequesterJustificationConfig.Unstructured' = proto.Field( - proto.MESSAGE, - number=2, - oneof='justification_type', - message='Entitlement.RequesterJustificationConfig.Unstructured', - ) - - class AdditionalNotificationTargets(proto.Message): - r"""``AdditionalNotificationTargets`` includes email addresses to be - notified. - - Attributes: - admin_email_recipients (MutableSequence[str]): - Optional. Additional email addresses to be - notified when a principal (requester) is granted - access. - requester_email_recipients (MutableSequence[str]): - Optional. Additional email address to be - notified about an eligible entitlement. - """ - - admin_email_recipients: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=1, - ) - requester_email_recipients: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=2, - ) - - name: str = proto.Field( - proto.STRING, - number=1, - ) - create_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=2, - message=timestamp_pb2.Timestamp, - ) - update_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=3, - message=timestamp_pb2.Timestamp, - ) - eligible_users: MutableSequence['AccessControlEntry'] = proto.RepeatedField( - proto.MESSAGE, - number=5, - message='AccessControlEntry', - ) - approval_workflow: 'ApprovalWorkflow' = proto.Field( - proto.MESSAGE, - number=6, - message='ApprovalWorkflow', - ) - privileged_access: 'PrivilegedAccess' = proto.Field( - proto.MESSAGE, - number=7, - message='PrivilegedAccess', - ) - max_request_duration: duration_pb2.Duration = proto.Field( - proto.MESSAGE, - number=8, - message=duration_pb2.Duration, - ) - state: State = proto.Field( - proto.ENUM, - number=9, - enum=State, - ) - requester_justification_config: RequesterJustificationConfig = proto.Field( - proto.MESSAGE, - number=10, - message=RequesterJustificationConfig, - ) - additional_notification_targets: AdditionalNotificationTargets = proto.Field( - proto.MESSAGE, - number=11, - message=AdditionalNotificationTargets, - ) - etag: str = proto.Field( - proto.STRING, - number=12, - ) - - -class AccessControlEntry(proto.Message): - r"""``AccessControlEntry`` is used to control who can do some operation. - - Attributes: - principals (MutableSequence[str]): - Optional. Users who are allowed for the - operation. Each entry should be a valid v1 IAM - principal identifier. The format for these is - documented at: - - https://cloud.google.com/iam/docs/principal-identifiers#v1 - """ - - principals: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=1, - ) - - -class ApprovalWorkflow(proto.Message): - r"""Different types of approval workflows that can be used to - gate privileged access granting. - - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - manual_approvals (google.cloud.privilegedaccessmanager_v1.types.ManualApprovals): - An approval workflow where users designated - as approvers review and act on the grants. - - This field is a member of `oneof`_ ``approval_workflow``. - """ - - manual_approvals: 'ManualApprovals' = proto.Field( - proto.MESSAGE, - number=1, - oneof='approval_workflow', - message='ManualApprovals', - ) - - -class ManualApprovals(proto.Message): - r"""A manual approval workflow where users who are designated as - approvers need to call the ``ApproveGrant``/``DenyGrant`` APIs for a - grant. The workflow can consist of multiple serial steps where each - step defines who can act as approver in that step and how many of - those users should approve before the workflow moves to the next - step. - - This can be used to create approval workflows such as: - - - Require an approval from any user in a group G. - - Require an approval from any k number of users from a Group G. - - Require an approval from any user in a group G and then from a - user U. - - A single user might be part of the ``approvers`` ACL for multiple - steps in this workflow, but they can only approve once and that - approval is only considered to satisfy the approval step at which it - was granted. - - Attributes: - require_approver_justification (bool): - Optional. Do the approvers need to provide a - justification for their actions? - steps (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.ManualApprovals.Step]): - Optional. List of approval steps in this - workflow. These steps are followed in the - specified order sequentially. Only 1 step is - supported. - """ - - class Step(proto.Message): - r"""Step represents a logical step in a manual approval workflow. - - Attributes: - approvers (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.AccessControlEntry]): - Optional. The potential set of approvers in - this step. This list must contain at most one - entry. - approvals_needed (int): - Required. How many users from the above list - need to approve. If there aren't enough distinct - users in the list, then the workflow - indefinitely blocks. Should always be greater - than 0. 1 is the only supported value. - approver_email_recipients (MutableSequence[str]): - Optional. Additional email addresses to be - notified when a grant is pending approval. - """ - - approvers: MutableSequence['AccessControlEntry'] = proto.RepeatedField( - proto.MESSAGE, - number=1, - message='AccessControlEntry', - ) - approvals_needed: int = proto.Field( - proto.INT32, - number=2, - ) - approver_email_recipients: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=3, - ) - - require_approver_justification: bool = proto.Field( - proto.BOOL, - number=1, - ) - steps: MutableSequence[Step] = proto.RepeatedField( - proto.MESSAGE, - number=2, - message=Step, - ) - - -class PrivilegedAccess(proto.Message): - r"""Privileged access that this service can be used to gate. - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - gcp_iam_access (google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess.GcpIamAccess): - Access to a Google Cloud resource through - IAM. - - This field is a member of `oneof`_ ``access_type``. - """ - - class GcpIamAccess(proto.Message): - r"""``GcpIamAccess`` represents IAM based access control on a Google - Cloud resource. Refer to https://cloud.google.com/iam/docs to - understand more about IAM. - - Attributes: - resource_type (str): - Required. The type of this resource. - resource (str): - Required. Name of the resource. - role_bindings (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess.GcpIamAccess.RoleBinding]): - Required. Role bindings that are created on - successful grant. - """ - - class RoleBinding(proto.Message): - r"""IAM role bindings that are created after a successful grant. - - Attributes: - role (str): - Required. IAM role to be granted. - https://cloud.google.com/iam/docs/roles-overview. - condition_expression (str): - Optional. The expression field of the IAM - condition to be associated with the role. If - specified, a user with an active grant for this - entitlement is able to access the resource only - if this condition evaluates to true for their - request. - - This field uses the same CEL format as IAM and - supports all attributes that IAM supports, - except tags. - https://cloud.google.com/iam/docs/conditions-overview#attributes. - """ - - role: str = proto.Field( - proto.STRING, - number=1, - ) - condition_expression: str = proto.Field( - proto.STRING, - number=2, - ) - - resource_type: str = proto.Field( - proto.STRING, - number=1, - ) - resource: str = proto.Field( - proto.STRING, - number=2, - ) - role_bindings: MutableSequence['PrivilegedAccess.GcpIamAccess.RoleBinding'] = proto.RepeatedField( - proto.MESSAGE, - number=4, - message='PrivilegedAccess.GcpIamAccess.RoleBinding', - ) - - gcp_iam_access: GcpIamAccess = proto.Field( - proto.MESSAGE, - number=1, - oneof='access_type', - message=GcpIamAccess, - ) - - -class ListEntitlementsRequest(proto.Message): - r"""Message for requesting list of entitlements. - - Attributes: - parent (str): - Required. The parent which owns the - entitlement resources. - page_size (int): - Optional. Requested page size. Server may - return fewer items than requested. If - unspecified, the server picks an appropriate - default. - page_token (str): - Optional. A token identifying a page of - results the server should return. - filter (str): - Optional. Filtering results. - order_by (str): - Optional. Hint for how to order the results. - """ - - parent: str = proto.Field( - proto.STRING, - number=1, - ) - page_size: int = proto.Field( - proto.INT32, - number=2, - ) - page_token: str = proto.Field( - proto.STRING, - number=3, - ) - filter: str = proto.Field( - proto.STRING, - number=4, - ) - order_by: str = proto.Field( - proto.STRING, - number=5, - ) - - -class ListEntitlementsResponse(proto.Message): - r"""Message for response to listing entitlements. - - Attributes: - entitlements (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Entitlement]): - The list of entitlements. - next_page_token (str): - A token identifying a page of results the - server should return. - unreachable (MutableSequence[str]): - Locations that could not be reached. - """ - - @property - def raw_page(self): - return self - - entitlements: MutableSequence['Entitlement'] = proto.RepeatedField( - proto.MESSAGE, - number=1, - message='Entitlement', - ) - next_page_token: str = proto.Field( - proto.STRING, - number=2, - ) - unreachable: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=3, - ) - - -class SearchEntitlementsRequest(proto.Message): - r"""Request message for ``SearchEntitlements`` method. - - Attributes: - parent (str): - Required. The parent which owns the - entitlement resources. - caller_access_type (google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest.CallerAccessType): - Required. Only entitlements where the calling - user has this access are returned. - filter (str): - Optional. Only entitlements matching this - filter are returned in the response. - page_size (int): - Optional. Requested page size. The server may - return fewer items than requested. If - unspecified, the server picks an appropriate - default. - page_token (str): - Optional. A token identifying a page of - results the server should return. - """ - class CallerAccessType(proto.Enum): - r"""Different types of access a user can have on the entitlement - resource. - - Values: - CALLER_ACCESS_TYPE_UNSPECIFIED (0): - Unspecified access type. - GRANT_REQUESTER (1): - The user has access to create grants using - this entitlement. - GRANT_APPROVER (2): - The user has access to approve/deny grants - created under this entitlement. - """ - CALLER_ACCESS_TYPE_UNSPECIFIED = 0 - GRANT_REQUESTER = 1 - GRANT_APPROVER = 2 - - parent: str = proto.Field( - proto.STRING, - number=1, - ) - caller_access_type: CallerAccessType = proto.Field( - proto.ENUM, - number=2, - enum=CallerAccessType, - ) - filter: str = proto.Field( - proto.STRING, - number=3, - ) - page_size: int = proto.Field( - proto.INT32, - number=4, - ) - page_token: str = proto.Field( - proto.STRING, - number=5, - ) - - -class SearchEntitlementsResponse(proto.Message): - r"""Response message for ``SearchEntitlements`` method. - - Attributes: - entitlements (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Entitlement]): - The list of entitlements. - next_page_token (str): - A token identifying a page of results the - server should return. - """ - - @property - def raw_page(self): - return self - - entitlements: MutableSequence['Entitlement'] = proto.RepeatedField( - proto.MESSAGE, - number=1, - message='Entitlement', - ) - next_page_token: str = proto.Field( - proto.STRING, - number=2, - ) - - -class GetEntitlementRequest(proto.Message): - r"""Message for getting an entitlement. - - Attributes: - name (str): - Required. Name of the resource. - """ - - name: str = proto.Field( - proto.STRING, - number=1, - ) - - -class CreateEntitlementRequest(proto.Message): - r"""Message for creating an entitlement. - - Attributes: - parent (str): - Required. Name of the parent resource for the entitlement. - Possible formats: - - - ``organizations/{organization-number}/locations/{region}`` - - ``folders/{folder-number}/locations/{region}`` - - ``projects/{project-id|project-number}/locations/{region}`` - entitlement_id (str): - Required. The ID to use for this entitlement. This becomes - the last part of the resource name. - - This value should be 4-63 characters in length, and valid - characters are "[a-z]", "[0-9]", and "-". The first - character should be from [a-z]. - - This value should be unique among all other entitlements - under the specified ``parent``. - entitlement (google.cloud.privilegedaccessmanager_v1.types.Entitlement): - Required. The resource being created - request_id (str): - Optional. An optional request ID to identify - requests. Specify a unique request ID so that if - you must retry your request, the server knows to - ignore the request if it has already been - completed. The server guarantees this for at - least 60 minutes after the first request. - - For example, consider a situation where you make - an initial request and the request times out. If - you make the request again with the same request - ID, the server can check if original operation - with the same request ID was received, and if - so, ignores the second request and returns the - previous operation's response. This prevents - clients from accidentally creating duplicate - entitlements. - - The request ID must be a valid UUID with the - exception that zero UUID is not supported - (00000000-0000-0000-0000-000000000000). - """ - - parent: str = proto.Field( - proto.STRING, - number=1, - ) - entitlement_id: str = proto.Field( - proto.STRING, - number=2, - ) - entitlement: 'Entitlement' = proto.Field( - proto.MESSAGE, - number=3, - message='Entitlement', - ) - request_id: str = proto.Field( - proto.STRING, - number=4, - ) - - -class DeleteEntitlementRequest(proto.Message): - r"""Message for deleting an entitlement. - - Attributes: - name (str): - Required. Name of the resource. - request_id (str): - Optional. An optional request ID to identify - requests. Specify a unique request ID so that if - you must retry your request, the server knows to - ignore the request if it has already been - completed. The server guarantees this for at - least 60 minutes after the first request. - - For example, consider a situation where you make - an initial request and the request times out. If - you make the request again with the same request - ID, the server can check if original operation - with the same request ID was received, and if - so, ignores the second request. - - The request ID must be a valid UUID with the - exception that zero UUID is not supported - (00000000-0000-0000-0000-000000000000). - force (bool): - Optional. If set to true, any child grant - under this entitlement is also deleted. - (Otherwise, the request only works if the - entitlement has no child grant.) - """ - - name: str = proto.Field( - proto.STRING, - number=1, - ) - request_id: str = proto.Field( - proto.STRING, - number=2, - ) - force: bool = proto.Field( - proto.BOOL, - number=3, - ) - - -class UpdateEntitlementRequest(proto.Message): - r"""Message for updating an entitlement. - - Attributes: - entitlement (google.cloud.privilegedaccessmanager_v1.types.Entitlement): - Required. The entitlement resource that is - updated. - update_mask (google.protobuf.field_mask_pb2.FieldMask): - Required. The list of fields to update. A field is - overwritten if, and only if, it is in the mask. Any - immutable fields set in the mask are ignored by the server. - Repeated fields and map fields are only allowed in the last - position of a ``paths`` string and overwrite the existing - values. Hence an update to a repeated field or a map should - contain the entire list of values. The fields specified in - the update_mask are relative to the resource and not to the - request. (e.g. ``MaxRequestDuration``; *not* - ``entitlement.MaxRequestDuration``) A value of '*' for this - field refers to full replacement of the resource. - """ - - entitlement: 'Entitlement' = proto.Field( - proto.MESSAGE, - number=1, - message='Entitlement', - ) - update_mask: field_mask_pb2.FieldMask = proto.Field( - proto.MESSAGE, - number=2, - message=field_mask_pb2.FieldMask, - ) - - -class Grant(proto.Message): - r"""A grant represents a request from a user for obtaining the - access specified in an entitlement they are eligible for. - - Attributes: - name (str): - Identifier. Name of this grant. Possible formats: - - - ``organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`` - - ``folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`` - - ``projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}`` - - The last segment of this name (``{grant-id}``) is - autogenerated. - create_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. Create time stamp. - update_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. Update time stamp. - requester (str): - Output only. Username of the user who created - this grant. - requested_duration (google.protobuf.duration_pb2.Duration): - Required. The amount of time access is needed for. This - value should be less than the ``max_request_duration`` value - of the entitlement. - justification (google.cloud.privilegedaccessmanager_v1.types.Justification): - Optional. Justification of why this access is - needed. - state (google.cloud.privilegedaccessmanager_v1.types.Grant.State): - Output only. Current state of this grant. - timeline (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline): - Output only. Timeline of this grant. - privileged_access (google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess): - Output only. The access that would be granted - by this grant. - audit_trail (google.cloud.privilegedaccessmanager_v1.types.Grant.AuditTrail): - Output only. Audit trail of access provided - by this grant. If unspecified then access was - never granted. - additional_email_recipients (MutableSequence[str]): - Optional. Additional email addresses to - notify for all the actions performed on the - grant. - externally_modified (bool): - Output only. Flag set by the PAM system to indicate that - policy bindings made by this grant have been modified from - outside PAM. - - After it is set, this flag remains set forever irrespective - of the grant state. A ``true`` value here indicates that PAM - no longer has any certainty on the access a user has because - of this grant. - """ - class State(proto.Enum): - r"""Different states a grant can be in. - - Values: - STATE_UNSPECIFIED (0): - Unspecified state. This value is never - returned by the server. - APPROVAL_AWAITED (1): - The entitlement had an approval workflow - configured and this grant is waiting for the - workflow to complete. - DENIED (3): - The approval workflow completed with a denied - result. No access is granted for this grant. - This is a terminal state. - SCHEDULED (4): - The approval workflow completed successfully - with an approved result or none was configured. - Access is provided at an appropriate time. - ACTIVATING (5): - Access is being given. - ACTIVE (6): - Access was successfully given and is - currently active. - ACTIVATION_FAILED (7): - The system could not give access due to a - non-retriable error. This is a terminal state. - EXPIRED (8): - Expired after waiting for the approval - workflow to complete. This is a terminal state. - REVOKING (9): - Access is being revoked. - REVOKED (10): - Access was revoked by a user. This is a - terminal state. - ENDED (11): - System took back access as the requested - duration was over. This is a terminal state. - WITHDRAWING (12): - Access is being withdrawn. - WITHDRAWN (13): - Grant was withdrawn by the grant owner. This - is a terminal state. - """ - STATE_UNSPECIFIED = 0 - APPROVAL_AWAITED = 1 - DENIED = 3 - SCHEDULED = 4 - ACTIVATING = 5 - ACTIVE = 6 - ACTIVATION_FAILED = 7 - EXPIRED = 8 - REVOKING = 9 - REVOKED = 10 - ENDED = 11 - WITHDRAWING = 12 - WITHDRAWN = 13 - - class Timeline(proto.Message): - r"""Timeline of a grant describing what happened to it and when. - - Attributes: - events (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event]): - Output only. The events that have occurred on this grant. - This list contains entries in the same order as they - occurred. The first entry is always be of type ``Requested`` - and there is always at least one entry in this array. - """ - - class Event(proto.Message): - r"""A single operation on the grant. - - This message has `oneof`_ fields (mutually exclusive fields). - For each oneof, at most one member field can be set at the same time. - Setting any member of the oneof automatically clears all other - members. - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - requested (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Requested): - The grant was requested. - - This field is a member of `oneof`_ ``event``. - approved (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Approved): - The grant was approved. - - This field is a member of `oneof`_ ``event``. - denied (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Denied): - The grant was denied. - - This field is a member of `oneof`_ ``event``. - revoked (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Revoked): - The grant was revoked. - - This field is a member of `oneof`_ ``event``. - scheduled (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Scheduled): - The grant has been scheduled to give access. - - This field is a member of `oneof`_ ``event``. - activated (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Activated): - The grant was successfully activated to give - access. - - This field is a member of `oneof`_ ``event``. - activation_failed (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.ActivationFailed): - There was a non-retriable error while trying - to give access. - - This field is a member of `oneof`_ ``event``. - expired (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Expired): - The approval workflow did not complete in the - necessary duration, and so the grant is expired. - - This field is a member of `oneof`_ ``event``. - ended (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Ended): - Access given by the grant ended automatically - as the approved duration was over. - - This field is a member of `oneof`_ ``event``. - externally_modified (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.ExternallyModified): - The policy bindings made by grant have been - modified outside of PAM. - - This field is a member of `oneof`_ ``event``. - withdrawn (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Withdrawn): - The grant was withdrawn. - - This field is a member of `oneof`_ ``event``. - event_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. The time (as recorded at server) - when this event occurred. - """ - - class Requested(proto.Message): - r"""An event representing that a grant was requested. - - Attributes: - expire_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. The time at which this grant - expires unless the approval workflow completes. - If omitted, then the request never expires. - """ - - expire_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=1, - message=timestamp_pb2.Timestamp, - ) - - class Approved(proto.Message): - r"""An event representing that the grant was approved. - - Attributes: - reason (str): - Output only. The reason provided by the - approver for approving the grant. - actor (str): - Output only. Username of the user who - approved the grant. - """ - - reason: str = proto.Field( - proto.STRING, - number=1, - ) - actor: str = proto.Field( - proto.STRING, - number=2, - ) - - class Denied(proto.Message): - r"""An event representing that the grant was denied. - - Attributes: - reason (str): - Output only. The reason provided by the - approver for denying the grant. - actor (str): - Output only. Username of the user who denied - the grant. - """ - - reason: str = proto.Field( - proto.STRING, - number=1, - ) - actor: str = proto.Field( - proto.STRING, - number=2, - ) - - class Revoked(proto.Message): - r"""An event representing that the grant was revoked. - - Attributes: - reason (str): - Output only. The reason provided by the user - for revoking the grant. - actor (str): - Output only. Username of the user who revoked - the grant. - """ - - reason: str = proto.Field( - proto.STRING, - number=1, - ) - actor: str = proto.Field( - proto.STRING, - number=2, - ) - - class Withdrawn(proto.Message): - r"""An event representing that the grant was withdrawn. - """ - - class Scheduled(proto.Message): - r"""An event representing that the grant has been scheduled to be - activated later. - - Attributes: - scheduled_activation_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. The time at which the access is - granted. - """ - - scheduled_activation_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=1, - message=timestamp_pb2.Timestamp, - ) - - class Activated(proto.Message): - r"""An event representing that the grant was successfully - activated. - - """ - - class ActivationFailed(proto.Message): - r"""An event representing that the grant activation failed. - - Attributes: - error (google.rpc.status_pb2.Status): - Output only. The error that occurred while - activating the grant. - """ - - error: status_pb2.Status = proto.Field( - proto.MESSAGE, - number=1, - message=status_pb2.Status, - ) - - class Expired(proto.Message): - r"""An event representing that the grant was expired. - """ - - class Ended(proto.Message): - r"""An event representing that the grant has ended. - """ - - class ExternallyModified(proto.Message): - r"""An event representing that the policy bindings made by this - grant were modified externally. - - """ - - requested: 'Grant.Timeline.Event.Requested' = proto.Field( - proto.MESSAGE, - number=2, - oneof='event', - message='Grant.Timeline.Event.Requested', - ) - approved: 'Grant.Timeline.Event.Approved' = proto.Field( - proto.MESSAGE, - number=3, - oneof='event', - message='Grant.Timeline.Event.Approved', - ) - denied: 'Grant.Timeline.Event.Denied' = proto.Field( - proto.MESSAGE, - number=4, - oneof='event', - message='Grant.Timeline.Event.Denied', - ) - revoked: 'Grant.Timeline.Event.Revoked' = proto.Field( - proto.MESSAGE, - number=5, - oneof='event', - message='Grant.Timeline.Event.Revoked', - ) - scheduled: 'Grant.Timeline.Event.Scheduled' = proto.Field( - proto.MESSAGE, - number=6, - oneof='event', - message='Grant.Timeline.Event.Scheduled', - ) - activated: 'Grant.Timeline.Event.Activated' = proto.Field( - proto.MESSAGE, - number=7, - oneof='event', - message='Grant.Timeline.Event.Activated', - ) - activation_failed: 'Grant.Timeline.Event.ActivationFailed' = proto.Field( - proto.MESSAGE, - number=8, - oneof='event', - message='Grant.Timeline.Event.ActivationFailed', - ) - expired: 'Grant.Timeline.Event.Expired' = proto.Field( - proto.MESSAGE, - number=10, - oneof='event', - message='Grant.Timeline.Event.Expired', - ) - ended: 'Grant.Timeline.Event.Ended' = proto.Field( - proto.MESSAGE, - number=11, - oneof='event', - message='Grant.Timeline.Event.Ended', - ) - externally_modified: 'Grant.Timeline.Event.ExternallyModified' = proto.Field( - proto.MESSAGE, - number=12, - oneof='event', - message='Grant.Timeline.Event.ExternallyModified', - ) - withdrawn: 'Grant.Timeline.Event.Withdrawn' = proto.Field( - proto.MESSAGE, - number=13, - oneof='event', - message='Grant.Timeline.Event.Withdrawn', - ) - event_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=1, - message=timestamp_pb2.Timestamp, - ) - - events: MutableSequence['Grant.Timeline.Event'] = proto.RepeatedField( - proto.MESSAGE, - number=1, - message='Grant.Timeline.Event', - ) - - class AuditTrail(proto.Message): - r"""Audit trail for the access provided by this grant. - - Attributes: - access_grant_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. The time at which access was - given. - access_remove_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. The time at which the system - removed access. This could be because of an - automatic expiry or because of a revocation. - - If unspecified, then access hasn't been removed - yet. - """ - - access_grant_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=1, - message=timestamp_pb2.Timestamp, - ) - access_remove_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=2, - message=timestamp_pb2.Timestamp, - ) - - name: str = proto.Field( - proto.STRING, - number=1, - ) - create_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=2, - message=timestamp_pb2.Timestamp, - ) - update_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=3, - message=timestamp_pb2.Timestamp, - ) - requester: str = proto.Field( - proto.STRING, - number=4, - ) - requested_duration: duration_pb2.Duration = proto.Field( - proto.MESSAGE, - number=5, - message=duration_pb2.Duration, - ) - justification: 'Justification' = proto.Field( - proto.MESSAGE, - number=6, - message='Justification', - ) - state: State = proto.Field( - proto.ENUM, - number=7, - enum=State, - ) - timeline: Timeline = proto.Field( - proto.MESSAGE, - number=8, - message=Timeline, - ) - privileged_access: 'PrivilegedAccess' = proto.Field( - proto.MESSAGE, - number=9, - message='PrivilegedAccess', - ) - audit_trail: AuditTrail = proto.Field( - proto.MESSAGE, - number=10, - message=AuditTrail, - ) - additional_email_recipients: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=11, - ) - externally_modified: bool = proto.Field( - proto.BOOL, - number=12, - ) - - -class Justification(proto.Message): - r"""Justification represents a justification for requesting - access. - - - .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields - - Attributes: - unstructured_justification (str): - A free form textual justification. The system - only ensures that this is not empty. No other - kind of validation is performed on the string. - - This field is a member of `oneof`_ ``justification``. - """ - - unstructured_justification: str = proto.Field( - proto.STRING, - number=1, - oneof='justification', - ) - - -class ListGrantsRequest(proto.Message): - r"""Message for requesting list of grants. - - Attributes: - parent (str): - Required. The parent resource which owns the - grants. - page_size (int): - Optional. Requested page size. The server may - return fewer items than requested. If - unspecified, the server picks an appropriate - default. - page_token (str): - Optional. A token identifying a page of - results the server should return. - filter (str): - Optional. Filtering results. - order_by (str): - Optional. Hint for how to order the results - """ - - parent: str = proto.Field( - proto.STRING, - number=1, - ) - page_size: int = proto.Field( - proto.INT32, - number=2, - ) - page_token: str = proto.Field( - proto.STRING, - number=3, - ) - filter: str = proto.Field( - proto.STRING, - number=4, - ) - order_by: str = proto.Field( - proto.STRING, - number=5, - ) - - -class ListGrantsResponse(proto.Message): - r"""Message for response to listing grants. - - Attributes: - grants (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Grant]): - The list of grants. - next_page_token (str): - A token identifying a page of results the - server should return. - unreachable (MutableSequence[str]): - Locations that could not be reached. - """ - - @property - def raw_page(self): - return self - - grants: MutableSequence['Grant'] = proto.RepeatedField( - proto.MESSAGE, - number=1, - message='Grant', - ) - next_page_token: str = proto.Field( - proto.STRING, - number=2, - ) - unreachable: MutableSequence[str] = proto.RepeatedField( - proto.STRING, - number=3, - ) - - -class SearchGrantsRequest(proto.Message): - r"""Request message for ``SearchGrants`` method. - - Attributes: - parent (str): - Required. The parent which owns the grant - resources. - caller_relationship (google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest.CallerRelationshipType): - Required. Only grants which the caller is - related to by this relationship are returned in - the response. - filter (str): - Optional. Only grants matching this filter - are returned in the response. - page_size (int): - Optional. Requested page size. The server may - return fewer items than requested. If - unspecified, server picks an appropriate - default. - page_token (str): - Optional. A token identifying a page of - results the server should return. - """ - class CallerRelationshipType(proto.Enum): - r"""Different types of relationships a user can have with a - grant. - - Values: - CALLER_RELATIONSHIP_TYPE_UNSPECIFIED (0): - Unspecified caller relationship type. - HAD_CREATED (1): - The user created this grant by calling ``CreateGrant`` - earlier. - CAN_APPROVE (2): - The user is an approver for the entitlement - that this grant is parented under and can - currently approve/deny it. - HAD_APPROVED (3): - The caller had successfully approved/denied - this grant earlier. - """ - CALLER_RELATIONSHIP_TYPE_UNSPECIFIED = 0 - HAD_CREATED = 1 - CAN_APPROVE = 2 - HAD_APPROVED = 3 - - parent: str = proto.Field( - proto.STRING, - number=1, - ) - caller_relationship: CallerRelationshipType = proto.Field( - proto.ENUM, - number=2, - enum=CallerRelationshipType, - ) - filter: str = proto.Field( - proto.STRING, - number=3, - ) - page_size: int = proto.Field( - proto.INT32, - number=4, - ) - page_token: str = proto.Field( - proto.STRING, - number=5, - ) - - -class SearchGrantsResponse(proto.Message): - r"""Response message for ``SearchGrants`` method. - - Attributes: - grants (MutableSequence[google.cloud.privilegedaccessmanager_v1.types.Grant]): - The list of grants. - next_page_token (str): - A token identifying a page of results the - server should return. - """ - - @property - def raw_page(self): - return self - - grants: MutableSequence['Grant'] = proto.RepeatedField( - proto.MESSAGE, - number=1, - message='Grant', - ) - next_page_token: str = proto.Field( - proto.STRING, - number=2, - ) - - -class GetGrantRequest(proto.Message): - r"""Message for getting a grant. - - Attributes: - name (str): - Required. Name of the resource. - """ - - name: str = proto.Field( - proto.STRING, - number=1, - ) - - -class ApproveGrantRequest(proto.Message): - r"""Request message for ``ApproveGrant`` method. - - Attributes: - name (str): - Required. Name of the grant resource which is - being approved. - reason (str): - Optional. The reason for approving this grant. This is - required if the ``require_approver_justification`` field of - the ``ManualApprovals`` workflow used in this grant is true. - """ - - name: str = proto.Field( - proto.STRING, - number=1, - ) - reason: str = proto.Field( - proto.STRING, - number=2, - ) - - -class DenyGrantRequest(proto.Message): - r"""Request message for ``DenyGrant`` method. - - Attributes: - name (str): - Required. Name of the grant resource which is - being denied. - reason (str): - Optional. The reason for denying this grant. This is - required if ``require_approver_justification`` field of the - ``ManualApprovals`` workflow used in this grant is true. - """ - - name: str = proto.Field( - proto.STRING, - number=1, - ) - reason: str = proto.Field( - proto.STRING, - number=2, - ) - - -class RevokeGrantRequest(proto.Message): - r"""Request message for ``RevokeGrant`` method. - - Attributes: - name (str): - Required. Name of the grant resource which is - being revoked. - reason (str): - Optional. The reason for revoking this grant. - """ - - name: str = proto.Field( - proto.STRING, - number=1, - ) - reason: str = proto.Field( - proto.STRING, - number=2, - ) - - -class CreateGrantRequest(proto.Message): - r"""Message for creating a grant - - Attributes: - parent (str): - Required. Name of the parent entitlement for - which this grant is being requested. - grant (google.cloud.privilegedaccessmanager_v1.types.Grant): - Required. The resource being created. - request_id (str): - Optional. An optional request ID to identify - requests. Specify a unique request ID so that if - you must retry your request, the server knows to - ignore the request if it has already been - completed. The server guarantees this for at - least 60 minutes after the first request. - - For example, consider a situation where you make - an initial request and the request times out. If - you make the request again with the same request - ID, the server can check if original operation - with the same request ID was received, and if - so, ignores the second request. This prevents - clients from accidentally creating duplicate - grants. - - The request ID must be a valid UUID with the - exception that zero UUID is not supported - (00000000-0000-0000-0000-000000000000). - """ - - parent: str = proto.Field( - proto.STRING, - number=1, - ) - grant: 'Grant' = proto.Field( - proto.MESSAGE, - number=2, - message='Grant', - ) - request_id: str = proto.Field( - proto.STRING, - number=3, - ) - - -class OperationMetadata(proto.Message): - r"""Represents the metadata of the long-running operation. - - Attributes: - create_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. The time the operation was - created. - end_time (google.protobuf.timestamp_pb2.Timestamp): - Output only. The time the operation finished - running. - target (str): - Output only. Server-defined resource path for - the target of the operation. - verb (str): - Output only. Name of the verb executed by the - operation. - status_message (str): - Output only. Human-readable status of the - operation, if any. - requested_cancellation (bool): - Output only. Identifies whether the user has requested - cancellation of the operation. Operations that have been - cancelled successfully have [Operation.error][] value with a - [google.rpc.Status.code][google.rpc.Status.code] of 1, - corresponding to ``Code.CANCELLED``. - api_version (str): - Output only. API version used to start the - operation. - """ - - create_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=1, - message=timestamp_pb2.Timestamp, - ) - end_time: timestamp_pb2.Timestamp = proto.Field( - proto.MESSAGE, - number=2, - message=timestamp_pb2.Timestamp, - ) - target: str = proto.Field( - proto.STRING, - number=3, - ) - verb: str = proto.Field( - proto.STRING, - number=4, - ) - status_message: str = proto.Field( - proto.STRING, - number=5, - ) - requested_cancellation: bool = proto.Field( - proto.BOOL, - number=6, - ) - api_version: str = proto.Field( - proto.STRING, - number=7, - ) - - -__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/mypy.ini b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/mypy.ini deleted file mode 100644 index 574c5aed394b..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/mypy.ini +++ /dev/null @@ -1,3 +0,0 @@ -[mypy] -python_version = 3.7 -namespace_packages = True diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/noxfile.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/noxfile.py deleted file mode 100644 index 1a9b77b0c1b5..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/noxfile.py +++ /dev/null @@ -1,591 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import os -import pathlib -import re -import shutil - -from typing import Dict, List -import warnings - -import nox - -BLACK_VERSION = "black[jupyter]==23.7.0" -ISORT_VERSION = "isort==5.11.0" - -LINT_PATHS = ["docs", "google", "tests", "noxfile.py", "setup.py"] - -ALL_PYTHON = [ - "3.7", - "3.8", - "3.9", - "3.10", - "3.11", - "3.12", - "3.13", -] - -DEFAULT_PYTHON_VERSION = ALL_PYTHON[-1] - -CURRENT_DIRECTORY = pathlib.Path(__file__).parent.absolute() - -LOWER_BOUND_CONSTRAINTS_FILE = CURRENT_DIRECTORY / "constraints.txt" -PACKAGE_NAME = "google-cloud-privilegedaccessmanager" - -UNIT_TEST_STANDARD_DEPENDENCIES = [ - "mock", - "asyncmock", - "pytest", - "pytest-cov", - "pytest-asyncio", -] -UNIT_TEST_EXTERNAL_DEPENDENCIES: List[str] = [] -UNIT_TEST_LOCAL_DEPENDENCIES: List[str] = [] -UNIT_TEST_DEPENDENCIES: List[str] = [] -UNIT_TEST_EXTRAS: List[str] = [] -UNIT_TEST_EXTRAS_BY_PYTHON: Dict[str, List[str]] = {} - -SYSTEM_TEST_PYTHON_VERSIONS: List[str] = ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"] -SYSTEM_TEST_STANDARD_DEPENDENCIES = [ - "mock", - "pytest", - "google-cloud-testutils", -] -SYSTEM_TEST_EXTERNAL_DEPENDENCIES: List[str] = [] -SYSTEM_TEST_LOCAL_DEPENDENCIES: List[str] = [] -SYSTEM_TEST_DEPENDENCIES: List[str] = [] -SYSTEM_TEST_EXTRAS: List[str] = [] -SYSTEM_TEST_EXTRAS_BY_PYTHON: Dict[str, List[str]] = {} - -nox.options.sessions = [ - "unit", - "system", - "cover", - "lint", - "lint_setup_py", - "blacken", - "docs", -] - -# Error if a python version is missing -nox.options.error_on_missing_interpreters = True - - -@nox.session(python=ALL_PYTHON) -def mypy(session): - """Run the type checker.""" - session.install( - "mypy", - "types-requests", - "types-protobuf", - ) - session.install(".") - session.run( - "mypy", - "-p", - "google", - ) - - -@nox.session -def update_lower_bounds(session): - """Update lower bounds in constraints.txt to match setup.py""" - session.install("google-cloud-testutils") - session.install(".") - - session.run( - "lower-bound-checker", - "update", - "--package-name", - PACKAGE_NAME, - "--constraints-file", - str(LOWER_BOUND_CONSTRAINTS_FILE), - ) - - -@nox.session -def check_lower_bounds(session): - """Check lower bounds in setup.py are reflected in constraints file""" - session.install("google-cloud-testutils") - session.install(".") - - session.run( - "lower-bound-checker", - "check", - "--package-name", - PACKAGE_NAME, - "--constraints-file", - str(LOWER_BOUND_CONSTRAINTS_FILE), - ) - - -@nox.session(python=DEFAULT_PYTHON_VERSION) -def lint(session): - """Run linters. - - Returns a failure if the linters find linting errors or sufficiently - serious code quality issues. - """ - session.install("flake8", BLACK_VERSION) - session.run( - "black", - "--check", - *LINT_PATHS, - ) - - session.run("flake8", "google", "tests") - - -@nox.session(python=DEFAULT_PYTHON_VERSION) -def blacken(session): - """Run black. Format code to uniform standard.""" - session.install(BLACK_VERSION) - session.run( - "black", - *LINT_PATHS, - ) - - -@nox.session(python=DEFAULT_PYTHON_VERSION) -def format(session): - """ - Run isort to sort imports. Then run black - to format code to uniform standard. - """ - session.install(BLACK_VERSION, ISORT_VERSION) - # Use the --fss option to sort imports using strict alphabetical order. - # See https://pycqa.github.io/isort/docs/configuration/options.html#force-sort-within-sections - session.run( - "isort", - "--fss", - *LINT_PATHS, - ) - session.run( - "black", - *LINT_PATHS, - ) - - -@nox.session(python=DEFAULT_PYTHON_VERSION) -def lint_setup_py(session): - """Verify that setup.py is valid (including RST check).""" - session.install("setuptools", "docutils", "pygments") - session.run("python", "setup.py", "check", "--restructuredtext", "--strict") - - -def install_unittest_dependencies(session, *constraints): - standard_deps = UNIT_TEST_STANDARD_DEPENDENCIES + UNIT_TEST_DEPENDENCIES - session.install(*standard_deps, *constraints) - - if UNIT_TEST_EXTERNAL_DEPENDENCIES: - warnings.warn( - "'unit_test_external_dependencies' is deprecated. Instead, please " - "use 'unit_test_dependencies' or 'unit_test_local_dependencies'.", - DeprecationWarning, - ) - session.install(*UNIT_TEST_EXTERNAL_DEPENDENCIES, *constraints) - - if UNIT_TEST_LOCAL_DEPENDENCIES: - session.install(*UNIT_TEST_LOCAL_DEPENDENCIES, *constraints) - - if UNIT_TEST_EXTRAS_BY_PYTHON: - extras = UNIT_TEST_EXTRAS_BY_PYTHON.get(session.python, []) - elif UNIT_TEST_EXTRAS: - extras = UNIT_TEST_EXTRAS - else: - extras = [] - - if extras: - session.install("-e", f".[{','.join(extras)}]", *constraints) - else: - session.install("-e", ".", *constraints) - - -@nox.session(python=ALL_PYTHON) -@nox.parametrize( - "protobuf_implementation", - ["python", "upb", "cpp"], -) -def unit(session, protobuf_implementation): - # Install all test dependencies, then install this package in-place. - - if protobuf_implementation == "cpp" and session.python in ("3.11", "3.12", "3.13"): - session.skip("cpp implementation is not supported in python 3.11+") - - constraints_path = str( - CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt" - ) - install_unittest_dependencies(session, "-c", constraints_path) - - # TODO(https://github.com/googleapis/synthtool/issues/1976): - # Remove the 'cpp' implementation once support for Protobuf 3.x is dropped. - # The 'cpp' implementation requires Protobuf<4. - if protobuf_implementation == "cpp": - session.install("protobuf<4") - - # Run py.test against the unit tests. - session.run( - "py.test", - "--quiet", - f"--junitxml=unit_{session.python}_sponge_log.xml", - "--cov=google", - "--cov=tests/unit", - "--cov-append", - "--cov-config=.coveragerc", - "--cov-report=", - "--cov-fail-under=0", - os.path.join("tests", "unit"), - *session.posargs, - env={ - "PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION": protobuf_implementation, - }, - ) - - -def install_systemtest_dependencies(session, *constraints): - session.install("--pre", "grpcio") - - session.install(*SYSTEM_TEST_STANDARD_DEPENDENCIES, *constraints) - - if SYSTEM_TEST_EXTERNAL_DEPENDENCIES: - session.install(*SYSTEM_TEST_EXTERNAL_DEPENDENCIES, *constraints) - - if SYSTEM_TEST_LOCAL_DEPENDENCIES: - session.install("-e", *SYSTEM_TEST_LOCAL_DEPENDENCIES, *constraints) - - if SYSTEM_TEST_DEPENDENCIES: - session.install("-e", *SYSTEM_TEST_DEPENDENCIES, *constraints) - - if SYSTEM_TEST_EXTRAS_BY_PYTHON: - extras = SYSTEM_TEST_EXTRAS_BY_PYTHON.get(session.python, []) - elif SYSTEM_TEST_EXTRAS: - extras = SYSTEM_TEST_EXTRAS - else: - extras = [] - - if extras: - session.install("-e", f".[{','.join(extras)}]", *constraints) - else: - session.install("-e", ".", *constraints) - - -@nox.session(python=SYSTEM_TEST_PYTHON_VERSIONS) -def system(session): - """Run the system test suite.""" - constraints_path = str( - CURRENT_DIRECTORY / "testing" / f"constraints-{session.python}.txt" - ) - system_test_path = os.path.join("tests", "system.py") - system_test_folder_path = os.path.join("tests", "system") - - # Check the value of `RUN_SYSTEM_TESTS` env var. It defaults to true. - if os.environ.get("RUN_SYSTEM_TESTS", "true") == "false": - session.skip("RUN_SYSTEM_TESTS is set to false, skipping") - # Install pyopenssl for mTLS testing. - if os.environ.get("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false") == "true": - session.install("pyopenssl") - - system_test_exists = os.path.exists(system_test_path) - system_test_folder_exists = os.path.exists(system_test_folder_path) - # Sanity check: only run tests if found. - if not system_test_exists and not system_test_folder_exists: - session.skip("System tests were not found") - - install_systemtest_dependencies(session, "-c", constraints_path) - - # Run py.test against the system tests. - if system_test_exists: - session.run( - "py.test", - "--quiet", - f"--junitxml=system_{session.python}_sponge_log.xml", - system_test_path, - *session.posargs, - ) - if system_test_folder_exists: - session.run( - "py.test", - "--quiet", - f"--junitxml=system_{session.python}_sponge_log.xml", - system_test_folder_path, - *session.posargs, - ) - - -@nox.session(python=DEFAULT_PYTHON_VERSION) -def cover(session): - """Run the final coverage report. - - This outputs the coverage report aggregating coverage from the unit - test runs (not system test runs), and then erases coverage data. - """ - session.install("coverage", "pytest-cov") - session.run("coverage", "report", "--show-missing", "--fail-under=100") - - session.run("coverage", "erase") - - -@nox.session(python="3.10") -def docs(session): - """Build the docs for this library.""" - - session.install("-e", ".") - session.install( - # We need to pin to specific versions of the `sphinxcontrib-*` packages - # which still support sphinx 4.x. - # See https://github.com/googleapis/sphinx-docfx-yaml/issues/344 - # and https://github.com/googleapis/sphinx-docfx-yaml/issues/345. - "sphinxcontrib-applehelp==1.0.4", - "sphinxcontrib-devhelp==1.0.2", - "sphinxcontrib-htmlhelp==2.0.1", - "sphinxcontrib-qthelp==1.0.3", - "sphinxcontrib-serializinghtml==1.1.5", - "sphinx==4.5.0", - "alabaster", - "recommonmark", - ) - - shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) - session.run( - "sphinx-build", - "-W", # warnings as errors - "-T", # show full traceback on exception - "-N", # no colors - "-b", - "html", - "-d", - os.path.join("docs", "_build", "doctrees", ""), - os.path.join("docs", ""), - os.path.join("docs", "_build", "html", ""), - ) - - -@nox.session(python="3.10") -def docfx(session): - """Build the docfx yaml files for this library.""" - - session.install("-e", ".") - session.install( - # We need to pin to specific versions of the `sphinxcontrib-*` packages - # which still support sphinx 4.x. - # See https://github.com/googleapis/sphinx-docfx-yaml/issues/344 - # and https://github.com/googleapis/sphinx-docfx-yaml/issues/345. - "sphinxcontrib-applehelp==1.0.4", - "sphinxcontrib-devhelp==1.0.2", - "sphinxcontrib-htmlhelp==2.0.1", - "sphinxcontrib-qthelp==1.0.3", - "sphinxcontrib-serializinghtml==1.1.5", - "gcp-sphinx-docfx-yaml", - "alabaster", - "recommonmark", - ) - - shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) - session.run( - "sphinx-build", - "-T", # show full traceback on exception - "-N", # no colors - "-D", - ( - "extensions=sphinx.ext.autodoc," - "sphinx.ext.autosummary," - "docfx_yaml.extension," - "sphinx.ext.intersphinx," - "sphinx.ext.coverage," - "sphinx.ext.napoleon," - "sphinx.ext.todo," - "sphinx.ext.viewcode," - "recommonmark" - ), - "-b", - "html", - "-d", - os.path.join("docs", "_build", "doctrees", ""), - os.path.join("docs", ""), - os.path.join("docs", "_build", "html", ""), - ) - - -@nox.session(python=DEFAULT_PYTHON_VERSION) -@nox.parametrize( - "protobuf_implementation", - ["python", "upb", "cpp"], -) -def prerelease_deps(session, protobuf_implementation): - """ - Run all tests with pre-release versions of dependencies installed - rather than the standard non pre-release versions. - Pre-release versions can be installed using - `pip install --pre `. - """ - - if protobuf_implementation == "cpp" and session.python in ("3.11", "3.12", "3.13"): - session.skip("cpp implementation is not supported in python 3.11+") - - # Install all dependencies - session.install("-e", ".") - - # Install dependencies for the unit test environment - unit_deps_all = UNIT_TEST_STANDARD_DEPENDENCIES + UNIT_TEST_EXTERNAL_DEPENDENCIES - session.install(*unit_deps_all) - - # Install dependencies for the system test environment - system_deps_all = ( - SYSTEM_TEST_STANDARD_DEPENDENCIES - + SYSTEM_TEST_EXTERNAL_DEPENDENCIES - + SYSTEM_TEST_EXTRAS - ) - session.install(*system_deps_all) - - # Because we test minimum dependency versions on the minimum Python - # version, the first version we test with in the unit tests sessions has a - # constraints file containing all dependencies and extras. - with open( - CURRENT_DIRECTORY / "testing" / f"constraints-{ALL_PYTHON[0]}.txt", - encoding="utf-8", - ) as constraints_file: - constraints_text = constraints_file.read() - - # Ignore leading whitespace and comment lines. - constraints_deps = [ - match.group(1) - for match in re.finditer( - r"^\s*(\S+)(?===\S+)", constraints_text, flags=re.MULTILINE - ) - ] - - # Install dependencies specified in `testing/constraints-X.txt`. - session.install(*constraints_deps) - - # Note: If a dependency is added to the `prerel_deps` list, - # the `core_dependencies_from_source` list in the `core_deps_from_source` - # nox session should also be updated. - prerel_deps = [ - "googleapis-common-protos", - "google-api-core", - "google-auth", - "grpc-google-iam-v1", - "grpcio", - "grpcio-status", - "protobuf", - "proto-plus", - ] - - for dep in prerel_deps: - session.install("--pre", "--no-deps", "--ignore-installed", dep) - # TODO(https://github.com/grpc/grpc/issues/38965): Add `grpcio-status`` - # to the dictionary below once this bug is fixed. - # TODO(https://github.com/googleapis/google-cloud-python/issues/13643): Add - # `googleapis-common-protos` and `grpc-google-iam-v1` to the dictionary below - # once this bug is fixed. - package_namespaces = { - "google-api-core": "google.api_core", - "google-auth": "google.auth", - "grpcio": "grpc", - "protobuf": "google.protobuf", - "proto-plus": "proto", - } - - version_namespace = package_namespaces.get(dep) - - print(f"Installed {dep}") - if version_namespace: - session.run( - "python", - "-c", - f"import {version_namespace}; print({version_namespace}.__version__)", - ) - - session.run( - "py.test", - "tests/unit", - env={ - "PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION": protobuf_implementation, - }, - ) - - -@nox.session(python=DEFAULT_PYTHON_VERSION) -@nox.parametrize( - "protobuf_implementation", - ["python", "upb"], -) -def core_deps_from_source(session, protobuf_implementation): - """Run all tests with core dependencies installed from source - rather than pulling the dependencies from PyPI. - """ - - # Install all dependencies - session.install("-e", ".") - - # Install dependencies for the unit test environment - unit_deps_all = UNIT_TEST_STANDARD_DEPENDENCIES + UNIT_TEST_EXTERNAL_DEPENDENCIES - session.install(*unit_deps_all) - - # Install dependencies for the system test environment - system_deps_all = ( - SYSTEM_TEST_STANDARD_DEPENDENCIES - + SYSTEM_TEST_EXTERNAL_DEPENDENCIES - + SYSTEM_TEST_EXTRAS - ) - session.install(*system_deps_all) - - # Because we test minimum dependency versions on the minimum Python - # version, the first version we test with in the unit tests sessions has a - # constraints file containing all dependencies and extras. - with open( - CURRENT_DIRECTORY / "testing" / f"constraints-{ALL_PYTHON[0]}.txt", - encoding="utf-8", - ) as constraints_file: - constraints_text = constraints_file.read() - - # Ignore leading whitespace and comment lines. - constraints_deps = [ - match.group(1) - for match in re.finditer( - r"^\s*(\S+)(?===\S+)", constraints_text, flags=re.MULTILINE - ) - ] - - # Install dependencies specified in `testing/constraints-X.txt`. - session.install(*constraints_deps) - - # TODO(https://github.com/googleapis/gapic-generator-python/issues/2358): `grpcio` and - # `grpcio-status` should be added to the list below so that they are installed from source, - # rather than PyPI. - # TODO(https://github.com/googleapis/gapic-generator-python/issues/2357): `protobuf` should be - # added to the list below so that it is installed from source, rather than PyPI - # Note: If a dependency is added to the `core_dependencies_from_source` list, - # the `prerel_deps` list in the `prerelease_deps` nox session should also be updated. - core_dependencies_from_source = [ - "googleapis-common-protos @ git+https://github.com/googleapis/google-cloud-python#egg=googleapis-common-protos&subdirectory=packages/googleapis-common-protos", - "google-api-core @ git+https://github.com/googleapis/python-api-core.git", - "google-auth @ git+https://github.com/googleapis/google-auth-library-python.git", - "grpc-google-iam-v1 @ git+https://github.com/googleapis/google-cloud-python#egg=grpc-google-iam-v1&subdirectory=packages/grpc-google-iam-v1", - "proto-plus @ git+https://github.com/googleapis/proto-plus-python.git", - ] - - for dep in core_dependencies_from_source: - session.install(dep, "--no-deps", "--ignore-installed") - print(f"Installed {dep}") - - session.run( - "py.test", - "tests/unit", - env={ - "PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION": protobuf_implementation, - }, - ) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py deleted file mode 100644 index 5a75f81645ac..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for ApproveGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_approve_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ApproveGrantRequest( - name="name_value", - ) - - # Make the request - response = await client.approve_grant(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py deleted file mode 100644 index 2f57c1a17b1d..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for ApproveGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_approve_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ApproveGrantRequest( - name="name_value", - ) - - # Make the request - response = client.approve_grant(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py deleted file mode 100644 index 96c44c94f93d..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for CheckOnboardingStatus -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_check_onboarding_status(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CheckOnboardingStatusRequest( - parent="parent_value", - ) - - # Make the request - response = await client.check_onboarding_status(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py deleted file mode 100644 index 2dd1bc1e5fdc..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for CheckOnboardingStatus -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_check_onboarding_status(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CheckOnboardingStatusRequest( - parent="parent_value", - ) - - # Make the request - response = client.check_onboarding_status(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py deleted file mode 100644 index 3fcae3e01510..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py +++ /dev/null @@ -1,57 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for CreateEntitlement -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_create_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CreateEntitlementRequest( - parent="parent_value", - entitlement_id="entitlement_id_value", - ) - - # Make the request - operation = client.create_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = (await operation).result() - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py deleted file mode 100644 index 6b36bf5670cb..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py +++ /dev/null @@ -1,57 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for CreateEntitlement -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_create_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CreateEntitlementRequest( - parent="parent_value", - entitlement_id="entitlement_id_value", - ) - - # Make the request - operation = client.create_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py deleted file mode 100644 index 191855495e33..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for CreateGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_create_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CreateGrantRequest( - parent="parent_value", - ) - - # Make the request - response = await client.create_grant(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py deleted file mode 100644 index 70109a3e814e..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for CreateGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_create_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.CreateGrantRequest( - parent="parent_value", - ) - - # Make the request - response = client.create_grant(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py deleted file mode 100644 index a85572258434..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py +++ /dev/null @@ -1,56 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for DeleteEntitlement -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_delete_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.DeleteEntitlementRequest( - name="name_value", - ) - - # Make the request - operation = client.delete_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = (await operation).result() - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py deleted file mode 100644 index 32adc7c84e4a..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py +++ /dev/null @@ -1,56 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for DeleteEntitlement -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_delete_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.DeleteEntitlementRequest( - name="name_value", - ) - - # Make the request - operation = client.delete_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py deleted file mode 100644 index 08fbde7b44b0..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for DenyGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_deny_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.DenyGrantRequest( - name="name_value", - ) - - # Make the request - response = await client.deny_grant(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py deleted file mode 100644 index 406db68e5b41..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for DenyGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_deny_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.DenyGrantRequest( - name="name_value", - ) - - # Make the request - response = client.deny_grant(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py deleted file mode 100644 index fc3d2337c859..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for GetEntitlement -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_get_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.GetEntitlementRequest( - name="name_value", - ) - - # Make the request - response = await client.get_entitlement(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py deleted file mode 100644 index 509325637776..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for GetEntitlement -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_get_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.GetEntitlementRequest( - name="name_value", - ) - - # Make the request - response = client.get_entitlement(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py deleted file mode 100644 index 7e24bdd98071..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for GetGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_get_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.GetGrantRequest( - name="name_value", - ) - - # Make the request - response = await client.get_grant(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py deleted file mode 100644 index 41fd56d625ca..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py +++ /dev/null @@ -1,52 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for GetGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_get_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.GetGrantRequest( - name="name_value", - ) - - # Make the request - response = client.get_grant(request=request) - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py deleted file mode 100644 index 43f03d2642c7..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py +++ /dev/null @@ -1,53 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for ListEntitlements -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_list_entitlements(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ListEntitlementsRequest( - parent="parent_value", - ) - - # Make the request - page_result = client.list_entitlements(request=request) - - # Handle the response - async for response in page_result: - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py deleted file mode 100644 index 3314ae3f07de..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py +++ /dev/null @@ -1,53 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for ListEntitlements -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_list_entitlements(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ListEntitlementsRequest( - parent="parent_value", - ) - - # Make the request - page_result = client.list_entitlements(request=request) - - # Handle the response - for response in page_result: - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py deleted file mode 100644 index a470010da06a..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py +++ /dev/null @@ -1,53 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for ListGrants -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_list_grants(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ListGrantsRequest( - parent="parent_value", - ) - - # Make the request - page_result = client.list_grants(request=request) - - # Handle the response - async for response in page_result: - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py deleted file mode 100644 index d49514c9df13..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py +++ /dev/null @@ -1,53 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for ListGrants -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_list_grants(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.ListGrantsRequest( - parent="parent_value", - ) - - # Make the request - page_result = client.list_grants(request=request) - - # Handle the response - for response in page_result: - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py deleted file mode 100644 index ecc366ec8b6e..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py +++ /dev/null @@ -1,56 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for RevokeGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_revoke_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.RevokeGrantRequest( - name="name_value", - ) - - # Make the request - operation = client.revoke_grant(request=request) - - print("Waiting for operation to complete...") - - response = (await operation).result() - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py deleted file mode 100644 index 1530273e05ca..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py +++ /dev/null @@ -1,56 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for RevokeGrant -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_revoke_grant(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.RevokeGrantRequest( - name="name_value", - ) - - # Make the request - operation = client.revoke_grant(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py deleted file mode 100644 index 7432db22ffb4..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py +++ /dev/null @@ -1,54 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for SearchEntitlements -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_search_entitlements(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.SearchEntitlementsRequest( - parent="parent_value", - caller_access_type="GRANT_APPROVER", - ) - - # Make the request - page_result = client.search_entitlements(request=request) - - # Handle the response - async for response in page_result: - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py deleted file mode 100644 index 63d4a8135a87..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py +++ /dev/null @@ -1,54 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for SearchEntitlements -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_search_entitlements(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.SearchEntitlementsRequest( - parent="parent_value", - caller_access_type="GRANT_APPROVER", - ) - - # Make the request - page_result = client.search_entitlements(request=request) - - # Handle the response - for response in page_result: - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py deleted file mode 100644 index e6bbe7abdd47..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py +++ /dev/null @@ -1,54 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for SearchGrants -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_search_grants(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.SearchGrantsRequest( - parent="parent_value", - caller_relationship="HAD_APPROVED", - ) - - # Make the request - page_result = client.search_grants(request=request) - - # Handle the response - async for response in page_result: - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py deleted file mode 100644 index 731624459399..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py +++ /dev/null @@ -1,54 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for SearchGrants -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_search_grants(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.SearchGrantsRequest( - parent="parent_value", - caller_relationship="HAD_APPROVED", - ) - - # Make the request - page_result = client.search_grants(request=request) - - # Handle the response - for response in page_result: - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py deleted file mode 100644 index eab4e647a970..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py +++ /dev/null @@ -1,55 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for UpdateEntitlement -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_async] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -async def sample_update_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.UpdateEntitlementRequest( - ) - - # Make the request - operation = client.update_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = (await operation).result() - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_async] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py deleted file mode 100644 index d10776a313d8..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py +++ /dev/null @@ -1,55 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Generated code. DO NOT EDIT! -# -# Snippet for UpdateEntitlement -# NOTE: This snippet has been automatically generated for illustrative purposes only. -# It may require modifications to work in your environment. - -# To install the latest published package dependency, execute the following: -# python3 -m pip install google-cloud-privilegedaccessmanager - - -# [START privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_sync] -# This snippet has been automatically generated and should be regarded as a -# code template only. -# It will require modifications to work: -# - It may require correct/in-range values for request initialization. -# - It may require specifying regional endpoints when creating the service -# client as shown in: -# https://googleapis.dev/python/google-api-core/latest/client_options.html -from google.cloud import privilegedaccessmanager_v1 - - -def sample_update_entitlement(): - # Create a client - client = privilegedaccessmanager_v1.PrivilegedAccessManagerClient() - - # Initialize request argument(s) - request = privilegedaccessmanager_v1.UpdateEntitlementRequest( - ) - - # Make the request - operation = client.update_entitlement(request=request) - - print("Waiting for operation to complete...") - - response = operation.result() - - # Handle the response - print(response) - -# [END privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_sync] diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json deleted file mode 100644 index ec4443c5cbc9..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json +++ /dev/null @@ -1,2253 +0,0 @@ -{ - "clientLibrary": { - "apis": [ - { - "id": "google.cloud.privilegedaccessmanager.v1", - "version": "v1" - } - ], - "language": "PYTHON", - "name": "google-cloud-privilegedaccessmanager", - "version": "0.1.0" - }, - "snippets": [ - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.approve_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ApproveGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "ApproveGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.ApproveGrantRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", - "shortName": "approve_grant" - }, - "description": "Sample for ApproveGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_async", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.approve_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ApproveGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "ApproveGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.ApproveGrantRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", - "shortName": "approve_grant" - }, - "description": "Sample for ApproveGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ApproveGrant_sync", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_approve_grant_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.check_onboarding_status", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CheckOnboardingStatus", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "CheckOnboardingStatus" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse", - "shortName": "check_onboarding_status" - }, - "description": "Sample for CheckOnboardingStatus", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_async", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.check_onboarding_status", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CheckOnboardingStatus", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "CheckOnboardingStatus" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.CheckOnboardingStatusResponse", - "shortName": "check_onboarding_status" - }, - "description": "Sample for CheckOnboardingStatus", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CheckOnboardingStatus_sync", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_check_onboarding_status_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.create_entitlement", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CreateEntitlement", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "CreateEntitlement" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.CreateEntitlementRequest" - }, - { - "name": "parent", - "type": "str" - }, - { - "name": "entitlement", - "type": "google.cloud.privilegedaccessmanager_v1.types.Entitlement" - }, - { - "name": "entitlement_id", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.api_core.operation_async.AsyncOperation", - "shortName": "create_entitlement" - }, - "description": "Sample for CreateEntitlement", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_async", - "segments": [ - { - "end": 56, - "start": 27, - "type": "FULL" - }, - { - "end": 56, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 46, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 53, - "start": 47, - "type": "REQUEST_EXECUTION" - }, - { - "end": 57, - "start": 54, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.create_entitlement", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CreateEntitlement", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "CreateEntitlement" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.CreateEntitlementRequest" - }, - { - "name": "parent", - "type": "str" - }, - { - "name": "entitlement", - "type": "google.cloud.privilegedaccessmanager_v1.types.Entitlement" - }, - { - "name": "entitlement_id", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.api_core.operation.Operation", - "shortName": "create_entitlement" - }, - "description": "Sample for CreateEntitlement", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateEntitlement_sync", - "segments": [ - { - "end": 56, - "start": 27, - "type": "FULL" - }, - { - "end": 56, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 46, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 53, - "start": 47, - "type": "REQUEST_EXECUTION" - }, - { - "end": 57, - "start": 54, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_entitlement_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.create_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CreateGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "CreateGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.CreateGrantRequest" - }, - { - "name": "parent", - "type": "str" - }, - { - "name": "grant", - "type": "google.cloud.privilegedaccessmanager_v1.types.Grant" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", - "shortName": "create_grant" - }, - "description": "Sample for CreateGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_async", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.create_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.CreateGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "CreateGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.CreateGrantRequest" - }, - { - "name": "parent", - "type": "str" - }, - { - "name": "grant", - "type": "google.cloud.privilegedaccessmanager_v1.types.Grant" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", - "shortName": "create_grant" - }, - "description": "Sample for CreateGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_CreateGrant_sync", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_create_grant_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.delete_entitlement", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.DeleteEntitlement", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "DeleteEntitlement" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.DeleteEntitlementRequest" - }, - { - "name": "name", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.api_core.operation_async.AsyncOperation", - "shortName": "delete_entitlement" - }, - "description": "Sample for DeleteEntitlement", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_async", - "segments": [ - { - "end": 55, - "start": 27, - "type": "FULL" - }, - { - "end": 55, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 52, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 56, - "start": 53, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.delete_entitlement", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.DeleteEntitlement", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "DeleteEntitlement" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.DeleteEntitlementRequest" - }, - { - "name": "name", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.api_core.operation.Operation", - "shortName": "delete_entitlement" - }, - "description": "Sample for DeleteEntitlement", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DeleteEntitlement_sync", - "segments": [ - { - "end": 55, - "start": 27, - "type": "FULL" - }, - { - "end": 55, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 52, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 56, - "start": 53, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_delete_entitlement_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.deny_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.DenyGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "DenyGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.DenyGrantRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", - "shortName": "deny_grant" - }, - "description": "Sample for DenyGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_async", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.deny_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.DenyGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "DenyGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.DenyGrantRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", - "shortName": "deny_grant" - }, - "description": "Sample for DenyGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_DenyGrant_sync", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_deny_grant_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.get_entitlement", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.GetEntitlement", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "GetEntitlement" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.GetEntitlementRequest" - }, - { - "name": "name", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Entitlement", - "shortName": "get_entitlement" - }, - "description": "Sample for GetEntitlement", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_async", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.get_entitlement", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.GetEntitlement", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "GetEntitlement" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.GetEntitlementRequest" - }, - { - "name": "name", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Entitlement", - "shortName": "get_entitlement" - }, - "description": "Sample for GetEntitlement", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetEntitlement_sync", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_entitlement_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.get_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.GetGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "GetGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.GetGrantRequest" - }, - { - "name": "name", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", - "shortName": "get_grant" - }, - "description": "Sample for GetGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_async", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.get_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.GetGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "GetGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.GetGrantRequest" - }, - { - "name": "name", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.types.Grant", - "shortName": "get_grant" - }, - "description": "Sample for GetGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_GetGrant_sync", - "segments": [ - { - "end": 51, - "start": 27, - "type": "FULL" - }, - { - "end": 51, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 52, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_get_grant_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.list_entitlements", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ListEntitlements", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "ListEntitlements" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest" - }, - { - "name": "parent", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListEntitlementsAsyncPager", - "shortName": "list_entitlements" - }, - "description": "Sample for ListEntitlements", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_async", - "segments": [ - { - "end": 52, - "start": 27, - "type": "FULL" - }, - { - "end": 52, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 53, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.list_entitlements", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ListEntitlements", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "ListEntitlements" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.ListEntitlementsRequest" - }, - { - "name": "parent", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListEntitlementsPager", - "shortName": "list_entitlements" - }, - "description": "Sample for ListEntitlements", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListEntitlements_sync", - "segments": [ - { - "end": 52, - "start": 27, - "type": "FULL" - }, - { - "end": 52, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 53, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_entitlements_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.list_grants", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ListGrants", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "ListGrants" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest" - }, - { - "name": "parent", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListGrantsAsyncPager", - "shortName": "list_grants" - }, - "description": "Sample for ListGrants", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_async", - "segments": [ - { - "end": 52, - "start": 27, - "type": "FULL" - }, - { - "end": 52, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 53, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.list_grants", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.ListGrants", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "ListGrants" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.ListGrantsRequest" - }, - { - "name": "parent", - "type": "str" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.ListGrantsPager", - "shortName": "list_grants" - }, - "description": "Sample for ListGrants", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_ListGrants_sync", - "segments": [ - { - "end": 52, - "start": 27, - "type": "FULL" - }, - { - "end": 52, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 48, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 53, - "start": 49, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_list_grants_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.revoke_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.RevokeGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "RevokeGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.RevokeGrantRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.api_core.operation_async.AsyncOperation", - "shortName": "revoke_grant" - }, - "description": "Sample for RevokeGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_async", - "segments": [ - { - "end": 55, - "start": 27, - "type": "FULL" - }, - { - "end": 55, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 52, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 56, - "start": 53, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.revoke_grant", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.RevokeGrant", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "RevokeGrant" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.RevokeGrantRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.api_core.operation.Operation", - "shortName": "revoke_grant" - }, - "description": "Sample for RevokeGrant", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_RevokeGrant_sync", - "segments": [ - { - "end": 55, - "start": 27, - "type": "FULL" - }, - { - "end": 55, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 45, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 52, - "start": 46, - "type": "REQUEST_EXECUTION" - }, - { - "end": 56, - "start": 53, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_revoke_grant_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.search_entitlements", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.SearchEntitlements", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "SearchEntitlements" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchEntitlementsAsyncPager", - "shortName": "search_entitlements" - }, - "description": "Sample for SearchEntitlements", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_async", - "segments": [ - { - "end": 53, - "start": 27, - "type": "FULL" - }, - { - "end": 53, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 46, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 49, - "start": 47, - "type": "REQUEST_EXECUTION" - }, - { - "end": 54, - "start": 50, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.search_entitlements", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.SearchEntitlements", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "SearchEntitlements" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.SearchEntitlementsRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchEntitlementsPager", - "shortName": "search_entitlements" - }, - "description": "Sample for SearchEntitlements", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchEntitlements_sync", - "segments": [ - { - "end": 53, - "start": 27, - "type": "FULL" - }, - { - "end": 53, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 46, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 49, - "start": 47, - "type": "REQUEST_EXECUTION" - }, - { - "end": 54, - "start": 50, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_entitlements_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.search_grants", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.SearchGrants", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "SearchGrants" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchGrantsAsyncPager", - "shortName": "search_grants" - }, - "description": "Sample for SearchGrants", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_async", - "segments": [ - { - "end": 53, - "start": 27, - "type": "FULL" - }, - { - "end": 53, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 46, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 49, - "start": 47, - "type": "REQUEST_EXECUTION" - }, - { - "end": 54, - "start": 50, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.search_grants", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.SearchGrants", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "SearchGrants" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.SearchGrantsRequest" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.pagers.SearchGrantsPager", - "shortName": "search_grants" - }, - "description": "Sample for SearchGrants", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_SearchGrants_sync", - "segments": [ - { - "end": 53, - "start": 27, - "type": "FULL" - }, - { - "end": 53, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 46, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 49, - "start": 47, - "type": "REQUEST_EXECUTION" - }, - { - "end": 54, - "start": 50, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_search_grants_sync.py" - }, - { - "canonical": true, - "clientMethod": { - "async": true, - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient", - "shortName": "PrivilegedAccessManagerAsyncClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerAsyncClient.update_entitlement", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.UpdateEntitlement", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "UpdateEntitlement" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.UpdateEntitlementRequest" - }, - { - "name": "entitlement", - "type": "google.cloud.privilegedaccessmanager_v1.types.Entitlement" - }, - { - "name": "update_mask", - "type": "google.protobuf.field_mask_pb2.FieldMask" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.api_core.operation_async.AsyncOperation", - "shortName": "update_entitlement" - }, - "description": "Sample for UpdateEntitlement", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_async", - "segments": [ - { - "end": 54, - "start": 27, - "type": "FULL" - }, - { - "end": 54, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 44, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 51, - "start": 45, - "type": "REQUEST_EXECUTION" - }, - { - "end": 55, - "start": 52, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_async.py" - }, - { - "canonical": true, - "clientMethod": { - "client": { - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient", - "shortName": "PrivilegedAccessManagerClient" - }, - "fullName": "google.cloud.privilegedaccessmanager_v1.PrivilegedAccessManagerClient.update_entitlement", - "method": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager.UpdateEntitlement", - "service": { - "fullName": "google.cloud.privilegedaccessmanager.v1.PrivilegedAccessManager", - "shortName": "PrivilegedAccessManager" - }, - "shortName": "UpdateEntitlement" - }, - "parameters": [ - { - "name": "request", - "type": "google.cloud.privilegedaccessmanager_v1.types.UpdateEntitlementRequest" - }, - { - "name": "entitlement", - "type": "google.cloud.privilegedaccessmanager_v1.types.Entitlement" - }, - { - "name": "update_mask", - "type": "google.protobuf.field_mask_pb2.FieldMask" - }, - { - "name": "retry", - "type": "google.api_core.retry.Retry" - }, - { - "name": "timeout", - "type": "float" - }, - { - "name": "metadata", - "type": "Sequence[Tuple[str, Union[str, bytes]]]" - } - ], - "resultType": "google.api_core.operation.Operation", - "shortName": "update_entitlement" - }, - "description": "Sample for UpdateEntitlement", - "file": "privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py", - "language": "PYTHON", - "origin": "API_DEFINITION", - "regionTag": "privilegedaccessmanager_v1_generated_PrivilegedAccessManager_UpdateEntitlement_sync", - "segments": [ - { - "end": 54, - "start": 27, - "type": "FULL" - }, - { - "end": 54, - "start": 27, - "type": "SHORT" - }, - { - "end": 40, - "start": 38, - "type": "CLIENT_INITIALIZATION" - }, - { - "end": 44, - "start": 41, - "type": "REQUEST_INITIALIZATION" - }, - { - "end": 51, - "start": 45, - "type": "REQUEST_EXECUTION" - }, - { - "end": 55, - "start": 52, - "type": "RESPONSE_HANDLING" - } - ], - "title": "privilegedaccessmanager_v1_generated_privileged_access_manager_update_entitlement_sync.py" - } - ] -} diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/scripts/fixup_privilegedaccessmanager_v1_keywords.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/scripts/fixup_privilegedaccessmanager_v1_keywords.py deleted file mode 100644 index 604b7286e56f..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/scripts/fixup_privilegedaccessmanager_v1_keywords.py +++ /dev/null @@ -1,189 +0,0 @@ -#! /usr/bin/env python3 -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import argparse -import os -import libcst as cst -import pathlib -import sys -from typing import (Any, Callable, Dict, List, Sequence, Tuple) - - -def partition( - predicate: Callable[[Any], bool], - iterator: Sequence[Any] -) -> Tuple[List[Any], List[Any]]: - """A stable, out-of-place partition.""" - results = ([], []) - - for i in iterator: - results[int(predicate(i))].append(i) - - # Returns trueList, falseList - return results[1], results[0] - - -class privilegedaccessmanagerCallTransformer(cst.CSTTransformer): - CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') - METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { - 'approve_grant': ('name', 'reason', ), - 'check_onboarding_status': ('parent', ), - 'create_entitlement': ('parent', 'entitlement_id', 'entitlement', 'request_id', ), - 'create_grant': ('parent', 'grant', 'request_id', ), - 'delete_entitlement': ('name', 'request_id', 'force', ), - 'deny_grant': ('name', 'reason', ), - 'get_entitlement': ('name', ), - 'get_grant': ('name', ), - 'list_entitlements': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ), - 'list_grants': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ), - 'revoke_grant': ('name', 'reason', ), - 'search_entitlements': ('parent', 'caller_access_type', 'filter', 'page_size', 'page_token', ), - 'search_grants': ('parent', 'caller_relationship', 'filter', 'page_size', 'page_token', ), - 'update_entitlement': ('entitlement', 'update_mask', ), - } - - def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: - try: - key = original.func.attr.value - kword_params = self.METHOD_TO_PARAMS[key] - except (AttributeError, KeyError): - # Either not a method from the API or too convoluted to be sure. - return updated - - # If the existing code is valid, keyword args come after positional args. - # Therefore, all positional args must map to the first parameters. - args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) - if any(k.keyword.value == "request" for k in kwargs): - # We've already fixed this file, don't fix it again. - return updated - - kwargs, ctrl_kwargs = partition( - lambda a: a.keyword.value not in self.CTRL_PARAMS, - kwargs - ) - - args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] - ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) - for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) - - request_arg = cst.Arg( - value=cst.Dict([ - cst.DictElement( - cst.SimpleString("'{}'".format(name)), -cst.Element(value=arg.value) - ) - # Note: the args + kwargs looks silly, but keep in mind that - # the control parameters had to be stripped out, and that - # those could have been passed positionally or by keyword. - for name, arg in zip(kword_params, args + kwargs)]), - keyword=cst.Name("request") - ) - - return updated.with_changes( - args=[request_arg] + ctrl_kwargs - ) - - -def fix_files( - in_dir: pathlib.Path, - out_dir: pathlib.Path, - *, - transformer=privilegedaccessmanagerCallTransformer(), -): - """Duplicate the input dir to the output dir, fixing file method calls. - - Preconditions: - * in_dir is a real directory - * out_dir is a real, empty directory - """ - pyfile_gen = ( - pathlib.Path(os.path.join(root, f)) - for root, _, files in os.walk(in_dir) - for f in files if os.path.splitext(f)[1] == ".py" - ) - - for fpath in pyfile_gen: - with open(fpath, 'r') as f: - src = f.read() - - # Parse the code and insert method call fixes. - tree = cst.parse_module(src) - updated = tree.visit(transformer) - - # Create the path and directory structure for the new file. - updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) - updated_path.parent.mkdir(parents=True, exist_ok=True) - - # Generate the updated source file at the corresponding path. - with open(updated_path, 'w') as f: - f.write(updated.code) - - -if __name__ == '__main__': - parser = argparse.ArgumentParser( - description="""Fix up source that uses the privilegedaccessmanager client library. - -The existing sources are NOT overwritten but are copied to output_dir with changes made. - -Note: This tool operates at a best-effort level at converting positional - parameters in client method calls to keyword based parameters. - Cases where it WILL FAIL include - A) * or ** expansion in a method call. - B) Calls via function or method alias (includes free function calls) - C) Indirect or dispatched calls (e.g. the method is looked up dynamically) - - These all constitute false negatives. The tool will also detect false - positives when an API method shares a name with another method. -""") - parser.add_argument( - '-d', - '--input-directory', - required=True, - dest='input_dir', - help='the input directory to walk for python files to fix up', - ) - parser.add_argument( - '-o', - '--output-directory', - required=True, - dest='output_dir', - help='the directory to output files fixed via un-flattening', - ) - args = parser.parse_args() - input_dir = pathlib.Path(args.input_dir) - output_dir = pathlib.Path(args.output_dir) - if not input_dir.is_dir(): - print( - f"input directory '{input_dir}' does not exist or is not a directory", - file=sys.stderr, - ) - sys.exit(-1) - - if not output_dir.is_dir(): - print( - f"output directory '{output_dir}' does not exist or is not a directory", - file=sys.stderr, - ) - sys.exit(-1) - - if os.listdir(output_dir): - print( - f"output directory '{output_dir}' is not empty", - file=sys.stderr, - ) - sys.exit(-1) - - fix_files(input_dir, output_dir) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/setup.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/setup.py deleted file mode 100644 index bbda8cc45dd7..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/setup.py +++ /dev/null @@ -1,98 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import io -import os -import re - -import setuptools # type: ignore - -package_root = os.path.abspath(os.path.dirname(__file__)) - -name = 'google-cloud-privilegedaccessmanager' - - -description = "Google Cloud Privilegedaccessmanager API client library" - -version = None - -with open(os.path.join(package_root, 'google/cloud/privilegedaccessmanager/gapic_version.py')) as fp: - version_candidates = re.findall(r"(?<=\")\d+.\d+.\d+(?=\")", fp.read()) - assert (len(version_candidates) == 1) - version = version_candidates[0] - -if version[0] == "0": - release_status = "Development Status :: 4 - Beta" -else: - release_status = "Development Status :: 5 - Production/Stable" - -dependencies = [ - "google-api-core[grpc] >= 1.34.1, <3.0.0,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.*,!=2.4.*,!=2.5.*,!=2.6.*,!=2.7.*,!=2.8.*,!=2.9.*,!=2.10.*", - # Exclude incompatible versions of `google-auth` - # See https://github.com/googleapis/google-cloud-python/issues/12364 - "google-auth >= 2.14.1, <3.0.0,!=2.24.0,!=2.25.0", - "proto-plus >= 1.22.3, <2.0.0", - "proto-plus >= 1.25.0, <2.0.0; python_version >= '3.13'", - "protobuf>=3.20.2,<7.0.0,!=4.21.0,!=4.21.1,!=4.21.2,!=4.21.3,!=4.21.4,!=4.21.5", -] -extras = { -} -url = "https://github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-privilegedaccessmanager" - -package_root = os.path.abspath(os.path.dirname(__file__)) - -readme_filename = os.path.join(package_root, "README.rst") -with io.open(readme_filename, encoding="utf-8") as readme_file: - readme = readme_file.read() - -packages = [ - package - for package in setuptools.find_namespace_packages() - if package.startswith("google") -] - -setuptools.setup( - name=name, - version=version, - description=description, - long_description=readme, - author="Google LLC", - author_email="googleapis-packages@google.com", - license="Apache 2.0", - url=url, - classifiers=[ - release_status, - "Intended Audience :: Developers", - "License :: OSI Approved :: Apache Software License", - "Programming Language :: Python", - "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.7", - "Programming Language :: Python :: 3.8", - "Programming Language :: Python :: 3.9", - "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.11", - "Programming Language :: Python :: 3.12", - "Programming Language :: Python :: 3.13", - "Operating System :: OS Independent", - "Topic :: Internet", - ], - platforms="Posix; MacOS X; Windows", - packages=packages, - python_requires=">=3.7", - install_requires=dependencies, - extras_require=extras, - include_package_data=True, - zip_safe=False, -) diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.10.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.10.txt deleted file mode 100644 index ed7f9aed2559..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.10.txt +++ /dev/null @@ -1,6 +0,0 @@ -# -*- coding: utf-8 -*- -# This constraints file is required for unit tests. -# List all library dependencies and extras in this file. -google-api-core -proto-plus -protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.11.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.11.txt deleted file mode 100644 index ed7f9aed2559..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.11.txt +++ /dev/null @@ -1,6 +0,0 @@ -# -*- coding: utf-8 -*- -# This constraints file is required for unit tests. -# List all library dependencies and extras in this file. -google-api-core -proto-plus -protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.12.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.12.txt deleted file mode 100644 index ed7f9aed2559..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.12.txt +++ /dev/null @@ -1,6 +0,0 @@ -# -*- coding: utf-8 -*- -# This constraints file is required for unit tests. -# List all library dependencies and extras in this file. -google-api-core -proto-plus -protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.13.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.13.txt deleted file mode 100644 index c20a77817caa..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.13.txt +++ /dev/null @@ -1,11 +0,0 @@ -# We use the constraints file for the latest Python version -# (currently this file) to check that the latest -# major versions of dependencies are supported in setup.py. -# List all library dependencies and extras in this file. -# Require the latest major version be installed for each dependency. -# e.g., if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0", -# Then this file should have google-cloud-foo>=1 -google-api-core>=2 -google-auth>=2 -proto-plus>=1 -protobuf>=6 diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.7.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.7.txt deleted file mode 100644 index a77f12bc13e4..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.7.txt +++ /dev/null @@ -1,10 +0,0 @@ -# This constraints file is used to check that lower bounds -# are correct in setup.py -# List all library dependencies and extras in this file. -# Pin the version to the lower bound. -# e.g., if setup.py has "google-cloud-foo >= 1.14.0, < 2.0.0", -# Then this file should have google-cloud-foo==1.14.0 -google-api-core==1.34.1 -google-auth==2.14.1 -proto-plus==1.22.3 -protobuf==3.20.2 diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.8.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.8.txt deleted file mode 100644 index ed7f9aed2559..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.8.txt +++ /dev/null @@ -1,6 +0,0 @@ -# -*- coding: utf-8 -*- -# This constraints file is required for unit tests. -# List all library dependencies and extras in this file. -google-api-core -proto-plus -protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.9.txt b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.9.txt deleted file mode 100644 index ed7f9aed2559..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/testing/constraints-3.9.txt +++ /dev/null @@ -1,6 +0,0 @@ -# -*- coding: utf-8 -*- -# This constraints file is required for unit tests. -# List all library dependencies and extras in this file. -google-api-core -proto-plus -protobuf diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/__init__.py deleted file mode 100644 index 191773d5572d..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ - -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/__init__.py deleted file mode 100644 index 191773d5572d..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ - -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/__init__.py deleted file mode 100644 index 191773d5572d..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ - -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/__init__.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/__init__.py deleted file mode 100644 index 191773d5572d..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ - -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# diff --git a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py b/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py deleted file mode 100644 index 4e4ca2095a8f..000000000000 --- a/owl-bot-staging/google-cloud-privilegedaccessmanager/v1/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py +++ /dev/null @@ -1,12358 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -import os -import re -# try/except added for compatibility with python < 3.8 -try: - from unittest import mock - from unittest.mock import AsyncMock # pragma: NO COVER -except ImportError: # pragma: NO COVER - import mock - -import grpc -from grpc.experimental import aio -from collections.abc import Iterable, AsyncIterable -from google.protobuf import json_format -import json -import math -import pytest -from google.api_core import api_core_version -from proto.marshal.rules.dates import DurationRule, TimestampRule -from proto.marshal.rules import wrappers -from requests import Response -from requests import Request, PreparedRequest -from requests.sessions import Session -from google.protobuf import json_format - -try: - from google.auth.aio import credentials as ga_credentials_async - HAS_GOOGLE_AUTH_AIO = True -except ImportError: # pragma: NO COVER - HAS_GOOGLE_AUTH_AIO = False - -from google.api_core import client_options -from google.api_core import exceptions as core_exceptions -from google.api_core import future -from google.api_core import gapic_v1 -from google.api_core import grpc_helpers -from google.api_core import grpc_helpers_async -from google.api_core import operation -from google.api_core import operation_async # type: ignore -from google.api_core import operations_v1 -from google.api_core import path_template -from google.api_core import retry as retries -from google.auth import credentials as ga_credentials -from google.auth.exceptions import MutualTLSChannelError -from google.cloud.location import locations_pb2 -from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import PrivilegedAccessManagerAsyncClient -from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import PrivilegedAccessManagerClient -from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import pagers -from google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager import transports -from google.cloud.privilegedaccessmanager_v1.types import privilegedaccessmanager -from google.longrunning import operations_pb2 # type: ignore -from google.oauth2 import service_account -from google.protobuf import any_pb2 # type: ignore -from google.protobuf import duration_pb2 # type: ignore -from google.protobuf import field_mask_pb2 # type: ignore -from google.protobuf import timestamp_pb2 # type: ignore -from google.rpc import status_pb2 # type: ignore -import google.auth - - - -CRED_INFO_JSON = { - "credential_source": "/path/to/file", - "credential_type": "service account credentials", - "principal": "service-account@example.com", -} -CRED_INFO_STRING = json.dumps(CRED_INFO_JSON) - - -async def mock_async_gen(data, chunk_size=1): - for i in range(0, len(data)): # pragma: NO COVER - chunk = data[i : i + chunk_size] - yield chunk.encode("utf-8") - -def client_cert_source_callback(): - return b"cert bytes", b"key bytes" - -# TODO: use async auth anon credentials by default once the minimum version of google-auth is upgraded. -# See related issue: https://github.com/googleapis/gapic-generator-python/issues/2107. -def async_anonymous_credentials(): - if HAS_GOOGLE_AUTH_AIO: - return ga_credentials_async.AnonymousCredentials() - return ga_credentials.AnonymousCredentials() - -# If default endpoint is localhost, then default mtls endpoint will be the same. -# This method modifies the default endpoint so the client can produce a different -# mtls endpoint for endpoint testing purposes. -def modify_default_endpoint(client): - return "foo.googleapis.com" if ("localhost" in client.DEFAULT_ENDPOINT) else client.DEFAULT_ENDPOINT - -# If default endpoint template is localhost, then default mtls endpoint will be the same. -# This method modifies the default endpoint template so the client can produce a different -# mtls endpoint for endpoint testing purposes. -def modify_default_endpoint_template(client): - return "test.{UNIVERSE_DOMAIN}" if ("localhost" in client._DEFAULT_ENDPOINT_TEMPLATE) else client._DEFAULT_ENDPOINT_TEMPLATE - - -def test__get_default_mtls_endpoint(): - api_endpoint = "example.googleapis.com" - api_mtls_endpoint = "example.mtls.googleapis.com" - sandbox_endpoint = "example.sandbox.googleapis.com" - sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" - non_googleapi = "api.example.com" - - assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(None) is None - assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(api_endpoint) == api_mtls_endpoint - assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(api_mtls_endpoint) == api_mtls_endpoint - assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(sandbox_endpoint) == sandbox_mtls_endpoint - assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) == sandbox_mtls_endpoint - assert PrivilegedAccessManagerClient._get_default_mtls_endpoint(non_googleapi) == non_googleapi - -def test__read_environment_variables(): - assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "auto", None) - - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): - assert PrivilegedAccessManagerClient._read_environment_variables() == (True, "auto", None) - - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"}): - assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "auto", None) - - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): - with pytest.raises(ValueError) as excinfo: - PrivilegedAccessManagerClient._read_environment_variables() - assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" - - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "never", None) - - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): - assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "always", None) - - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}): - assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "auto", None) - - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): - with pytest.raises(MutualTLSChannelError) as excinfo: - PrivilegedAccessManagerClient._read_environment_variables() - assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" - - with mock.patch.dict(os.environ, {"GOOGLE_CLOUD_UNIVERSE_DOMAIN": "foo.com"}): - assert PrivilegedAccessManagerClient._read_environment_variables() == (False, "auto", "foo.com") - -def test__get_client_cert_source(): - mock_provided_cert_source = mock.Mock() - mock_default_cert_source = mock.Mock() - - assert PrivilegedAccessManagerClient._get_client_cert_source(None, False) is None - assert PrivilegedAccessManagerClient._get_client_cert_source(mock_provided_cert_source, False) is None - assert PrivilegedAccessManagerClient._get_client_cert_source(mock_provided_cert_source, True) == mock_provided_cert_source - - with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): - with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=mock_default_cert_source): - assert PrivilegedAccessManagerClient._get_client_cert_source(None, True) is mock_default_cert_source - assert PrivilegedAccessManagerClient._get_client_cert_source(mock_provided_cert_source, "true") is mock_provided_cert_source - -@mock.patch.object(PrivilegedAccessManagerClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerClient)) -@mock.patch.object(PrivilegedAccessManagerAsyncClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerAsyncClient)) -def test__get_api_endpoint(): - api_override = "foo.com" - mock_client_cert_source = mock.Mock() - default_universe = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE - default_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=default_universe) - mock_universe = "bar.com" - mock_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=mock_universe) - - assert PrivilegedAccessManagerClient._get_api_endpoint(api_override, mock_client_cert_source, default_universe, "always") == api_override - assert PrivilegedAccessManagerClient._get_api_endpoint(None, mock_client_cert_source, default_universe, "auto") == PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT - assert PrivilegedAccessManagerClient._get_api_endpoint(None, None, default_universe, "auto") == default_endpoint - assert PrivilegedAccessManagerClient._get_api_endpoint(None, None, default_universe, "always") == PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT - assert PrivilegedAccessManagerClient._get_api_endpoint(None, mock_client_cert_source, default_universe, "always") == PrivilegedAccessManagerClient.DEFAULT_MTLS_ENDPOINT - assert PrivilegedAccessManagerClient._get_api_endpoint(None, None, mock_universe, "never") == mock_endpoint - assert PrivilegedAccessManagerClient._get_api_endpoint(None, None, default_universe, "never") == default_endpoint - - with pytest.raises(MutualTLSChannelError) as excinfo: - PrivilegedAccessManagerClient._get_api_endpoint(None, mock_client_cert_source, mock_universe, "auto") - assert str(excinfo.value) == "mTLS is not supported in any universe other than googleapis.com." - - -def test__get_universe_domain(): - client_universe_domain = "foo.com" - universe_domain_env = "bar.com" - - assert PrivilegedAccessManagerClient._get_universe_domain(client_universe_domain, universe_domain_env) == client_universe_domain - assert PrivilegedAccessManagerClient._get_universe_domain(None, universe_domain_env) == universe_domain_env - assert PrivilegedAccessManagerClient._get_universe_domain(None, None) == PrivilegedAccessManagerClient._DEFAULT_UNIVERSE - - with pytest.raises(ValueError) as excinfo: - PrivilegedAccessManagerClient._get_universe_domain("", None) - assert str(excinfo.value) == "Universe Domain cannot be an empty string." - -@pytest.mark.parametrize("error_code,cred_info_json,show_cred_info", [ - (401, CRED_INFO_JSON, True), - (403, CRED_INFO_JSON, True), - (404, CRED_INFO_JSON, True), - (500, CRED_INFO_JSON, False), - (401, None, False), - (403, None, False), - (404, None, False), - (500, None, False) -]) -def test__add_cred_info_for_auth_errors(error_code, cred_info_json, show_cred_info): - cred = mock.Mock(["get_cred_info"]) - cred.get_cred_info = mock.Mock(return_value=cred_info_json) - client = PrivilegedAccessManagerClient(credentials=cred) - client._transport._credentials = cred - - error = core_exceptions.GoogleAPICallError("message", details=["foo"]) - error.code = error_code - - client._add_cred_info_for_auth_errors(error) - if show_cred_info: - assert error.details == ["foo", CRED_INFO_STRING] - else: - assert error.details == ["foo"] - -@pytest.mark.parametrize("error_code", [401,403,404,500]) -def test__add_cred_info_for_auth_errors_no_get_cred_info(error_code): - cred = mock.Mock([]) - assert not hasattr(cred, "get_cred_info") - client = PrivilegedAccessManagerClient(credentials=cred) - client._transport._credentials = cred - - error = core_exceptions.GoogleAPICallError("message", details=[]) - error.code = error_code - - client._add_cred_info_for_auth_errors(error) - assert error.details == [] - -@pytest.mark.parametrize("client_class,transport_name", [ - (PrivilegedAccessManagerClient, "grpc"), - (PrivilegedAccessManagerAsyncClient, "grpc_asyncio"), - (PrivilegedAccessManagerClient, "rest"), -]) -def test_privileged_access_manager_client_from_service_account_info(client_class, transport_name): - creds = ga_credentials.AnonymousCredentials() - with mock.patch.object(service_account.Credentials, 'from_service_account_info') as factory: - factory.return_value = creds - info = {"valid": True} - client = client_class.from_service_account_info(info, transport=transport_name) - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - assert client.transport._host == ( - 'privilegedaccessmanager.googleapis.com:443' - if transport_name in ['grpc', 'grpc_asyncio'] - else - 'https://privilegedaccessmanager.googleapis.com' - ) - - -@pytest.mark.parametrize("transport_class,transport_name", [ - (transports.PrivilegedAccessManagerGrpcTransport, "grpc"), - (transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio"), - (transports.PrivilegedAccessManagerRestTransport, "rest"), -]) -def test_privileged_access_manager_client_service_account_always_use_jwt(transport_class, transport_name): - with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: - creds = service_account.Credentials(None, None, None) - transport = transport_class(credentials=creds, always_use_jwt_access=True) - use_jwt.assert_called_once_with(True) - - with mock.patch.object(service_account.Credentials, 'with_always_use_jwt_access', create=True) as use_jwt: - creds = service_account.Credentials(None, None, None) - transport = transport_class(credentials=creds, always_use_jwt_access=False) - use_jwt.assert_not_called() - - -@pytest.mark.parametrize("client_class,transport_name", [ - (PrivilegedAccessManagerClient, "grpc"), - (PrivilegedAccessManagerAsyncClient, "grpc_asyncio"), - (PrivilegedAccessManagerClient, "rest"), -]) -def test_privileged_access_manager_client_from_service_account_file(client_class, transport_name): - creds = ga_credentials.AnonymousCredentials() - with mock.patch.object(service_account.Credentials, 'from_service_account_file') as factory: - factory.return_value = creds - client = client_class.from_service_account_file("dummy/file/path.json", transport=transport_name) - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - client = client_class.from_service_account_json("dummy/file/path.json", transport=transport_name) - assert client.transport._credentials == creds - assert isinstance(client, client_class) - - assert client.transport._host == ( - 'privilegedaccessmanager.googleapis.com:443' - if transport_name in ['grpc', 'grpc_asyncio'] - else - 'https://privilegedaccessmanager.googleapis.com' - ) - - -def test_privileged_access_manager_client_get_transport_class(): - transport = PrivilegedAccessManagerClient.get_transport_class() - available_transports = [ - transports.PrivilegedAccessManagerGrpcTransport, - transports.PrivilegedAccessManagerRestTransport, - ] - assert transport in available_transports - - transport = PrivilegedAccessManagerClient.get_transport_class("grpc") - assert transport == transports.PrivilegedAccessManagerGrpcTransport - - -@pytest.mark.parametrize("client_class,transport_class,transport_name", [ - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc"), - (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio"), - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest"), -]) -@mock.patch.object(PrivilegedAccessManagerClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerClient)) -@mock.patch.object(PrivilegedAccessManagerAsyncClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerAsyncClient)) -def test_privileged_access_manager_client_client_options(client_class, transport_class, transport_name): - # Check that if channel is provided we won't create a new one. - with mock.patch.object(PrivilegedAccessManagerClient, 'get_transport_class') as gtc: - transport = transport_class( - credentials=ga_credentials.AnonymousCredentials() - ) - client = client_class(transport=transport) - gtc.assert_not_called() - - # Check that if channel is provided via str we will create a new one. - with mock.patch.object(PrivilegedAccessManagerClient, 'get_transport_class') as gtc: - client = client_class(transport=transport_name) - gtc.assert_called() - - # Check the case api_endpoint is provided. - options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(transport=transport_name, client_options=options) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host="squid.clam.whelk", - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is - # "never". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT is - # "always". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client.DEFAULT_MTLS_ENDPOINT, - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has - # unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): - with pytest.raises(MutualTLSChannelError) as excinfo: - client = client_class(transport=transport_name) - assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" - - # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): - with pytest.raises(ValueError) as excinfo: - client = client_class(transport=transport_name) - assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" - - # Check the case quota_project_id is provided - options = client_options.ClientOptions(quota_project_id="octopus") - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id="octopus", - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - # Check the case api_endpoint is provided - options = client_options.ClientOptions(api_audience="https://language.googleapis.com") - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience="https://language.googleapis.com" - ) - -@pytest.mark.parametrize("client_class,transport_class,transport_name,use_client_cert_env", [ - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc", "true"), - (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio", "true"), - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc", "false"), - (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio", "false"), - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest", "true"), - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest", "false"), -]) -@mock.patch.object(PrivilegedAccessManagerClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerClient)) -@mock.patch.object(PrivilegedAccessManagerAsyncClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerAsyncClient)) -@mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "auto"}) -def test_privileged_access_manager_client_mtls_env_auto(client_class, transport_class, transport_name, use_client_cert_env): - # This tests the endpoint autoswitch behavior. Endpoint is autoswitched to the default - # mtls endpoint, if GOOGLE_API_USE_CLIENT_CERTIFICATE is "true" and client cert exists. - - # Check the case client_cert_source is provided. Whether client cert is used depends on - # GOOGLE_API_USE_CLIENT_CERTIFICATE value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - options = client_options.ClientOptions(client_cert_source=client_cert_source_callback) - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - - if use_client_cert_env == "false": - expected_client_cert_source = None - expected_host = client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE) - else: - expected_client_cert_source = client_cert_source_callback - expected_host = client.DEFAULT_MTLS_ENDPOINT - - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - client_cert_source_for_mtls=expected_client_cert_source, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case ADC client cert is provided. Whether client cert is used depends on - # GOOGLE_API_USE_CLIENT_CERTIFICATE value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - with mock.patch.object(transport_class, '__init__') as patched: - with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): - with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=client_cert_source_callback): - if use_client_cert_env == "false": - expected_host = client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE) - expected_client_cert_source = None - else: - expected_host = client.DEFAULT_MTLS_ENDPOINT - expected_client_cert_source = client_cert_source_callback - - patched.return_value = None - client = client_class(transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=expected_host, - scopes=None, - client_cert_source_for_mtls=expected_client_cert_source, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # Check the case client_cert_source and ADC client cert are not provided. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": use_client_cert_env}): - with mock.patch.object(transport_class, '__init__') as patched: - with mock.patch("google.auth.transport.mtls.has_default_client_cert_source", return_value=False): - patched.return_value = None - client = client_class(transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - -@pytest.mark.parametrize("client_class", [ - PrivilegedAccessManagerClient, PrivilegedAccessManagerAsyncClient -]) -@mock.patch.object(PrivilegedAccessManagerClient, "DEFAULT_ENDPOINT", modify_default_endpoint(PrivilegedAccessManagerClient)) -@mock.patch.object(PrivilegedAccessManagerAsyncClient, "DEFAULT_ENDPOINT", modify_default_endpoint(PrivilegedAccessManagerAsyncClient)) -def test_privileged_access_manager_client_get_mtls_endpoint_and_cert_source(client_class): - mock_client_cert_source = mock.Mock() - - # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "true". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): - mock_api_endpoint = "foo" - options = client_options.ClientOptions(client_cert_source=mock_client_cert_source, api_endpoint=mock_api_endpoint) - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source(options) - assert api_endpoint == mock_api_endpoint - assert cert_source == mock_client_cert_source - - # Test the case GOOGLE_API_USE_CLIENT_CERTIFICATE is "false". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "false"}): - mock_client_cert_source = mock.Mock() - mock_api_endpoint = "foo" - options = client_options.ClientOptions(client_cert_source=mock_client_cert_source, api_endpoint=mock_api_endpoint) - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source(options) - assert api_endpoint == mock_api_endpoint - assert cert_source is None - - # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "never". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() - assert api_endpoint == client_class.DEFAULT_ENDPOINT - assert cert_source is None - - # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "always". - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() - assert api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT - assert cert_source is None - - # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "auto" and default cert doesn't exist. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): - with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=False): - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() - assert api_endpoint == client_class.DEFAULT_ENDPOINT - assert cert_source is None - - # Test the case GOOGLE_API_USE_MTLS_ENDPOINT is "auto" and default cert exists. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): - with mock.patch('google.auth.transport.mtls.has_default_client_cert_source', return_value=True): - with mock.patch('google.auth.transport.mtls.default_client_cert_source', return_value=mock_client_cert_source): - api_endpoint, cert_source = client_class.get_mtls_endpoint_and_cert_source() - assert api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT - assert cert_source == mock_client_cert_source - - # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS_ENDPOINT has - # unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "Unsupported"}): - with pytest.raises(MutualTLSChannelError) as excinfo: - client_class.get_mtls_endpoint_and_cert_source() - - assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_MTLS_ENDPOINT` must be `never`, `auto` or `always`" - - # Check the case GOOGLE_API_USE_CLIENT_CERTIFICATE has unsupported value. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "Unsupported"}): - with pytest.raises(ValueError) as excinfo: - client_class.get_mtls_endpoint_and_cert_source() - - assert str(excinfo.value) == "Environment variable `GOOGLE_API_USE_CLIENT_CERTIFICATE` must be either `true` or `false`" - -@pytest.mark.parametrize("client_class", [ - PrivilegedAccessManagerClient, PrivilegedAccessManagerAsyncClient -]) -@mock.patch.object(PrivilegedAccessManagerClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerClient)) -@mock.patch.object(PrivilegedAccessManagerAsyncClient, "_DEFAULT_ENDPOINT_TEMPLATE", modify_default_endpoint_template(PrivilegedAccessManagerAsyncClient)) -def test_privileged_access_manager_client_client_api_endpoint(client_class): - mock_client_cert_source = client_cert_source_callback - api_override = "foo.com" - default_universe = PrivilegedAccessManagerClient._DEFAULT_UNIVERSE - default_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=default_universe) - mock_universe = "bar.com" - mock_endpoint = PrivilegedAccessManagerClient._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=mock_universe) - - # If ClientOptions.api_endpoint is set and GOOGLE_API_USE_CLIENT_CERTIFICATE="true", - # use ClientOptions.api_endpoint as the api endpoint regardless. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_CLIENT_CERTIFICATE": "true"}): - with mock.patch("google.auth.transport.requests.AuthorizedSession.configure_mtls_channel"): - options = client_options.ClientOptions(client_cert_source=mock_client_cert_source, api_endpoint=api_override) - client = client_class(client_options=options, credentials=ga_credentials.AnonymousCredentials()) - assert client.api_endpoint == api_override - - # If ClientOptions.api_endpoint is not set and GOOGLE_API_USE_MTLS_ENDPOINT="never", - # use the _DEFAULT_ENDPOINT_TEMPLATE populated with GDU as the api endpoint. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - client = client_class(credentials=ga_credentials.AnonymousCredentials()) - assert client.api_endpoint == default_endpoint - - # If ClientOptions.api_endpoint is not set and GOOGLE_API_USE_MTLS_ENDPOINT="always", - # use the DEFAULT_MTLS_ENDPOINT as the api endpoint. - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "always"}): - client = client_class(credentials=ga_credentials.AnonymousCredentials()) - assert client.api_endpoint == client_class.DEFAULT_MTLS_ENDPOINT - - # If ClientOptions.api_endpoint is not set, GOOGLE_API_USE_MTLS_ENDPOINT="auto" (default), - # GOOGLE_API_USE_CLIENT_CERTIFICATE="false" (default), default cert source doesn't exist, - # and ClientOptions.universe_domain="bar.com", - # use the _DEFAULT_ENDPOINT_TEMPLATE populated with universe domain as the api endpoint. - options = client_options.ClientOptions() - universe_exists = hasattr(options, "universe_domain") - if universe_exists: - options = client_options.ClientOptions(universe_domain=mock_universe) - client = client_class(client_options=options, credentials=ga_credentials.AnonymousCredentials()) - else: - client = client_class(client_options=options, credentials=ga_credentials.AnonymousCredentials()) - assert client.api_endpoint == (mock_endpoint if universe_exists else default_endpoint) - assert client.universe_domain == (mock_universe if universe_exists else default_universe) - - # If ClientOptions does not have a universe domain attribute and GOOGLE_API_USE_MTLS_ENDPOINT="never", - # use the _DEFAULT_ENDPOINT_TEMPLATE populated with GDU as the api endpoint. - options = client_options.ClientOptions() - if hasattr(options, "universe_domain"): - delattr(options, "universe_domain") - with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS_ENDPOINT": "never"}): - client = client_class(client_options=options, credentials=ga_credentials.AnonymousCredentials()) - assert client.api_endpoint == default_endpoint - - -@pytest.mark.parametrize("client_class,transport_class,transport_name", [ - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc"), - (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio"), - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest"), -]) -def test_privileged_access_manager_client_client_options_scopes(client_class, transport_class, transport_name): - # Check the case scopes are provided. - options = client_options.ClientOptions( - scopes=["1", "2"], - ) - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file=None, - host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), - scopes=["1", "2"], - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - -@pytest.mark.parametrize("client_class,transport_class,transport_name,grpc_helpers", [ - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc", grpc_helpers), - (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio", grpc_helpers_async), - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerRestTransport, "rest", None), -]) -def test_privileged_access_manager_client_client_options_credentials_file(client_class, transport_class, transport_name, grpc_helpers): - # Check the case credentials file is provided. - options = client_options.ClientOptions( - credentials_file="credentials.json" - ) - - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file="credentials.json", - host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - -def test_privileged_access_manager_client_client_options_from_dict(): - with mock.patch('google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.transports.PrivilegedAccessManagerGrpcTransport.__init__') as grpc_transport: - grpc_transport.return_value = None - client = PrivilegedAccessManagerClient( - client_options={'api_endpoint': 'squid.clam.whelk'} - ) - grpc_transport.assert_called_once_with( - credentials=None, - credentials_file=None, - host="squid.clam.whelk", - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - -@pytest.mark.parametrize("client_class,transport_class,transport_name,grpc_helpers", [ - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport, "grpc", grpc_helpers), - (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport, "grpc_asyncio", grpc_helpers_async), -]) -def test_privileged_access_manager_client_create_channel_credentials_file(client_class, transport_class, transport_name, grpc_helpers): - # Check the case credentials file is provided. - options = client_options.ClientOptions( - credentials_file="credentials.json" - ) - - with mock.patch.object(transport_class, '__init__') as patched: - patched.return_value = None - client = client_class(client_options=options, transport=transport_name) - patched.assert_called_once_with( - credentials=None, - credentials_file="credentials.json", - host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) - - # test that the credentials from file are saved and used as the credentials. - with mock.patch.object( - google.auth, "load_credentials_from_file", autospec=True - ) as load_creds, mock.patch.object( - google.auth, "default", autospec=True - ) as adc, mock.patch.object( - grpc_helpers, "create_channel" - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - file_creds = ga_credentials.AnonymousCredentials() - load_creds.return_value = (file_creds, None) - adc.return_value = (creds, None) - client = client_class(client_options=options, transport=transport_name) - create_channel.assert_called_with( - "privilegedaccessmanager.googleapis.com:443", - credentials=file_creds, - credentials_file=None, - quota_project_id=None, - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - scopes=None, - default_host="privilegedaccessmanager.googleapis.com", - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.CheckOnboardingStatusRequest, - dict, -]) -def test_check_onboarding_status(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.check_onboarding_status), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse( - service_account='service_account_value', - ) - response = client.check_onboarding_status(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.CheckOnboardingStatusRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.CheckOnboardingStatusResponse) - assert response.service_account == 'service_account_value' - - -def test_check_onboarding_status_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.CheckOnboardingStatusRequest( - parent='parent_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.check_onboarding_status), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.check_onboarding_status(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.CheckOnboardingStatusRequest( - parent='parent_value', - ) - -def test_check_onboarding_status_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.check_onboarding_status in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.check_onboarding_status] = mock_rpc - request = {} - client.check_onboarding_status(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.check_onboarding_status(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_check_onboarding_status_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.check_onboarding_status in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.check_onboarding_status] = mock_rpc - - request = {} - await client.check_onboarding_status(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.check_onboarding_status(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_check_onboarding_status_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.CheckOnboardingStatusRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.check_onboarding_status), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.CheckOnboardingStatusResponse( - service_account='service_account_value', - )) - response = await client.check_onboarding_status(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.CheckOnboardingStatusRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.CheckOnboardingStatusResponse) - assert response.service_account == 'service_account_value' - - -@pytest.mark.asyncio -async def test_check_onboarding_status_async_from_dict(): - await test_check_onboarding_status_async(request_type=dict) - -def test_check_onboarding_status_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.CheckOnboardingStatusRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.check_onboarding_status), - '__call__') as call: - call.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse() - client.check_onboarding_status(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_check_onboarding_status_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.CheckOnboardingStatusRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.check_onboarding_status), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.CheckOnboardingStatusResponse()) - await client.check_onboarding_status(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.ListEntitlementsRequest, - dict, -]) -def test_list_entitlements(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.ListEntitlementsResponse( - next_page_token='next_page_token_value', - unreachable=['unreachable_value'], - ) - response = client.list_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.ListEntitlementsRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListEntitlementsPager) - assert response.next_page_token == 'next_page_token_value' - assert response.unreachable == ['unreachable_value'] - - -def test_list_entitlements_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.ListEntitlementsRequest( - parent='parent_value', - page_token='page_token_value', - filter='filter_value', - order_by='order_by_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.list_entitlements(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.ListEntitlementsRequest( - parent='parent_value', - page_token='page_token_value', - filter='filter_value', - order_by='order_by_value', - ) - -def test_list_entitlements_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.list_entitlements in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.list_entitlements] = mock_rpc - request = {} - client.list_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.list_entitlements(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_list_entitlements_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.list_entitlements in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.list_entitlements] = mock_rpc - - request = {} - await client.list_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.list_entitlements(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_list_entitlements_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.ListEntitlementsRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListEntitlementsResponse( - next_page_token='next_page_token_value', - unreachable=['unreachable_value'], - )) - response = await client.list_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.ListEntitlementsRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListEntitlementsAsyncPager) - assert response.next_page_token == 'next_page_token_value' - assert response.unreachable == ['unreachable_value'] - - -@pytest.mark.asyncio -async def test_list_entitlements_async_from_dict(): - await test_list_entitlements_async(request_type=dict) - -def test_list_entitlements_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.ListEntitlementsRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - call.return_value = privilegedaccessmanager.ListEntitlementsResponse() - client.list_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_list_entitlements_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.ListEntitlementsRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListEntitlementsResponse()) - await client.list_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -def test_list_entitlements_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.ListEntitlementsResponse() - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.list_entitlements( - parent='parent_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].parent - mock_val = 'parent_value' - assert arg == mock_val - - -def test_list_entitlements_flattened_error(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.list_entitlements( - privilegedaccessmanager.ListEntitlementsRequest(), - parent='parent_value', - ) - -@pytest.mark.asyncio -async def test_list_entitlements_flattened_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.ListEntitlementsResponse() - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListEntitlementsResponse()) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.list_entitlements( - parent='parent_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].parent - mock_val = 'parent_value' - assert arg == mock_val - -@pytest.mark.asyncio -async def test_list_entitlements_flattened_error_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.list_entitlements( - privilegedaccessmanager.ListEntitlementsRequest(), - parent='parent_value', - ) - - -def test_list_entitlements_pager(transport_name: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport_name, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - RuntimeError, - ) - - expected_metadata = () - retry = retries.Retry() - timeout = 5 - expected_metadata = tuple(expected_metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ('parent', ''), - )), - ) - pager = client.list_entitlements(request={}, retry=retry, timeout=timeout) - - assert pager._metadata == expected_metadata - assert pager._retry == retry - assert pager._timeout == timeout - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, privilegedaccessmanager.Entitlement) - for i in results) -def test_list_entitlements_pages(transport_name: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport_name, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - RuntimeError, - ) - pages = list(client.list_entitlements(request={}).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.asyncio -async def test_list_entitlements_async_pager(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - RuntimeError, - ) - async_pager = await client.list_entitlements(request={},) - assert async_pager.next_page_token == 'abc' - responses = [] - async for response in async_pager: # pragma: no branch - responses.append(response) - - assert len(responses) == 6 - assert all(isinstance(i, privilegedaccessmanager.Entitlement) - for i in responses) - - -@pytest.mark.asyncio -async def test_list_entitlements_async_pages(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - RuntimeError, - ) - pages = [] - # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` - # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 - async for page_ in ( # pragma: no branch - await client.list_entitlements(request={}) - ).pages: - pages.append(page_) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.SearchEntitlementsRequest, - dict, -]) -def test_search_entitlements(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.SearchEntitlementsResponse( - next_page_token='next_page_token_value', - ) - response = client.search_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.SearchEntitlementsRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.SearchEntitlementsPager) - assert response.next_page_token == 'next_page_token_value' - - -def test_search_entitlements_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.SearchEntitlementsRequest( - parent='parent_value', - filter='filter_value', - page_token='page_token_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.search_entitlements(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.SearchEntitlementsRequest( - parent='parent_value', - filter='filter_value', - page_token='page_token_value', - ) - -def test_search_entitlements_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.search_entitlements in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.search_entitlements] = mock_rpc - request = {} - client.search_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.search_entitlements(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_search_entitlements_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.search_entitlements in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.search_entitlements] = mock_rpc - - request = {} - await client.search_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.search_entitlements(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_search_entitlements_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.SearchEntitlementsRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchEntitlementsResponse( - next_page_token='next_page_token_value', - )) - response = await client.search_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.SearchEntitlementsRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.SearchEntitlementsAsyncPager) - assert response.next_page_token == 'next_page_token_value' - - -@pytest.mark.asyncio -async def test_search_entitlements_async_from_dict(): - await test_search_entitlements_async(request_type=dict) - -def test_search_entitlements_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.SearchEntitlementsRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - call.return_value = privilegedaccessmanager.SearchEntitlementsResponse() - client.search_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_search_entitlements_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.SearchEntitlementsRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchEntitlementsResponse()) - await client.search_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -def test_search_entitlements_pager(transport_name: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport_name, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - RuntimeError, - ) - - expected_metadata = () - retry = retries.Retry() - timeout = 5 - expected_metadata = tuple(expected_metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ('parent', ''), - )), - ) - pager = client.search_entitlements(request={}, retry=retry, timeout=timeout) - - assert pager._metadata == expected_metadata - assert pager._retry == retry - assert pager._timeout == timeout - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, privilegedaccessmanager.Entitlement) - for i in results) -def test_search_entitlements_pages(transport_name: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport_name, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - RuntimeError, - ) - pages = list(client.search_entitlements(request={}).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.asyncio -async def test_search_entitlements_async_pager(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - RuntimeError, - ) - async_pager = await client.search_entitlements(request={},) - assert async_pager.next_page_token == 'abc' - responses = [] - async for response in async_pager: # pragma: no branch - responses.append(response) - - assert len(responses) == 6 - assert all(isinstance(i, privilegedaccessmanager.Entitlement) - for i in responses) - - -@pytest.mark.asyncio -async def test_search_entitlements_async_pages(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - RuntimeError, - ) - pages = [] - # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` - # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 - async for page_ in ( # pragma: no branch - await client.search_entitlements(request={}) - ).pages: - pages.append(page_) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.GetEntitlementRequest, - dict, -]) -def test_get_entitlement(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Entitlement( - name='name_value', - state=privilegedaccessmanager.Entitlement.State.CREATING, - etag='etag_value', - ) - response = client.get_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.GetEntitlementRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Entitlement) - assert response.name == 'name_value' - assert response.state == privilegedaccessmanager.Entitlement.State.CREATING - assert response.etag == 'etag_value' - - -def test_get_entitlement_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.GetEntitlementRequest( - name='name_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.get_entitlement(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.GetEntitlementRequest( - name='name_value', - ) - -def test_get_entitlement_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.get_entitlement in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.get_entitlement] = mock_rpc - request = {} - client.get_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.get_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_get_entitlement_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.get_entitlement in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.get_entitlement] = mock_rpc - - request = {} - await client.get_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.get_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_get_entitlement_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.GetEntitlementRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Entitlement( - name='name_value', - state=privilegedaccessmanager.Entitlement.State.CREATING, - etag='etag_value', - )) - response = await client.get_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.GetEntitlementRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Entitlement) - assert response.name == 'name_value' - assert response.state == privilegedaccessmanager.Entitlement.State.CREATING - assert response.etag == 'etag_value' - - -@pytest.mark.asyncio -async def test_get_entitlement_async_from_dict(): - await test_get_entitlement_async(request_type=dict) - -def test_get_entitlement_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.GetEntitlementRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - call.return_value = privilegedaccessmanager.Entitlement() - client.get_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_get_entitlement_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.GetEntitlementRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Entitlement()) - await client.get_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -def test_get_entitlement_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Entitlement() - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.get_entitlement( - name='name_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = 'name_value' - assert arg == mock_val - - -def test_get_entitlement_flattened_error(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.get_entitlement( - privilegedaccessmanager.GetEntitlementRequest(), - name='name_value', - ) - -@pytest.mark.asyncio -async def test_get_entitlement_flattened_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Entitlement() - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Entitlement()) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.get_entitlement( - name='name_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = 'name_value' - assert arg == mock_val - -@pytest.mark.asyncio -async def test_get_entitlement_flattened_error_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.get_entitlement( - privilegedaccessmanager.GetEntitlementRequest(), - name='name_value', - ) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.CreateEntitlementRequest, - dict, -]) -def test_create_entitlement(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/spam') - response = client.create_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.CreateEntitlementRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -def test_create_entitlement_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.CreateEntitlementRequest( - parent='parent_value', - entitlement_id='entitlement_id_value', - request_id='request_id_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.create_entitlement(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.CreateEntitlementRequest( - parent='parent_value', - entitlement_id='entitlement_id_value', - request_id='request_id_value', - ) - -def test_create_entitlement_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.create_entitlement in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.create_entitlement] = mock_rpc - request = {} - client.create_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods call wrapper_fn to build a cached - # client._transport.operations_client instance on first rpc call. - # Subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - client.create_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_create_entitlement_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.create_entitlement in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.create_entitlement] = mock_rpc - - request = {} - await client.create_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods call wrapper_fn to build a cached - # client._transport.operations_client instance on first rpc call. - # Subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - await client.create_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_create_entitlement_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.CreateEntitlementRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - response = await client.create_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.CreateEntitlementRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -@pytest.mark.asyncio -async def test_create_entitlement_async_from_dict(): - await test_create_entitlement_async(request_type=dict) - -def test_create_entitlement_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.CreateEntitlementRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - call.return_value = operations_pb2.Operation(name='operations/op') - client.create_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_create_entitlement_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.CreateEntitlementRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(operations_pb2.Operation(name='operations/op')) - await client.create_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -def test_create_entitlement_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/op') - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.create_entitlement( - parent='parent_value', - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - entitlement_id='entitlement_id_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].parent - mock_val = 'parent_value' - assert arg == mock_val - arg = args[0].entitlement - mock_val = privilegedaccessmanager.Entitlement(name='name_value') - assert arg == mock_val - arg = args[0].entitlement_id - mock_val = 'entitlement_id_value' - assert arg == mock_val - - -def test_create_entitlement_flattened_error(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.create_entitlement( - privilegedaccessmanager.CreateEntitlementRequest(), - parent='parent_value', - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - entitlement_id='entitlement_id_value', - ) - -@pytest.mark.asyncio -async def test_create_entitlement_flattened_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/op') - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.create_entitlement( - parent='parent_value', - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - entitlement_id='entitlement_id_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].parent - mock_val = 'parent_value' - assert arg == mock_val - arg = args[0].entitlement - mock_val = privilegedaccessmanager.Entitlement(name='name_value') - assert arg == mock_val - arg = args[0].entitlement_id - mock_val = 'entitlement_id_value' - assert arg == mock_val - -@pytest.mark.asyncio -async def test_create_entitlement_flattened_error_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.create_entitlement( - privilegedaccessmanager.CreateEntitlementRequest(), - parent='parent_value', - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - entitlement_id='entitlement_id_value', - ) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.DeleteEntitlementRequest, - dict, -]) -def test_delete_entitlement(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/spam') - response = client.delete_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.DeleteEntitlementRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -def test_delete_entitlement_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.DeleteEntitlementRequest( - name='name_value', - request_id='request_id_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.delete_entitlement(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.DeleteEntitlementRequest( - name='name_value', - request_id='request_id_value', - ) - -def test_delete_entitlement_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.delete_entitlement in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.delete_entitlement] = mock_rpc - request = {} - client.delete_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods call wrapper_fn to build a cached - # client._transport.operations_client instance on first rpc call. - # Subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - client.delete_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_delete_entitlement_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.delete_entitlement in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.delete_entitlement] = mock_rpc - - request = {} - await client.delete_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods call wrapper_fn to build a cached - # client._transport.operations_client instance on first rpc call. - # Subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - await client.delete_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_delete_entitlement_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.DeleteEntitlementRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - response = await client.delete_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.DeleteEntitlementRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -@pytest.mark.asyncio -async def test_delete_entitlement_async_from_dict(): - await test_delete_entitlement_async(request_type=dict) - -def test_delete_entitlement_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.DeleteEntitlementRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - call.return_value = operations_pb2.Operation(name='operations/op') - client.delete_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_delete_entitlement_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.DeleteEntitlementRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(operations_pb2.Operation(name='operations/op')) - await client.delete_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -def test_delete_entitlement_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/op') - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.delete_entitlement( - name='name_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = 'name_value' - assert arg == mock_val - - -def test_delete_entitlement_flattened_error(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.delete_entitlement( - privilegedaccessmanager.DeleteEntitlementRequest(), - name='name_value', - ) - -@pytest.mark.asyncio -async def test_delete_entitlement_flattened_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/op') - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.delete_entitlement( - name='name_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = 'name_value' - assert arg == mock_val - -@pytest.mark.asyncio -async def test_delete_entitlement_flattened_error_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.delete_entitlement( - privilegedaccessmanager.DeleteEntitlementRequest(), - name='name_value', - ) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.UpdateEntitlementRequest, - dict, -]) -def test_update_entitlement(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/spam') - response = client.update_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.UpdateEntitlementRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -def test_update_entitlement_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.UpdateEntitlementRequest( - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.update_entitlement(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.UpdateEntitlementRequest( - ) - -def test_update_entitlement_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.update_entitlement in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.update_entitlement] = mock_rpc - request = {} - client.update_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods call wrapper_fn to build a cached - # client._transport.operations_client instance on first rpc call. - # Subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - client.update_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_update_entitlement_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.update_entitlement in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.update_entitlement] = mock_rpc - - request = {} - await client.update_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods call wrapper_fn to build a cached - # client._transport.operations_client instance on first rpc call. - # Subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - await client.update_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_update_entitlement_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.UpdateEntitlementRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - response = await client.update_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.UpdateEntitlementRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -@pytest.mark.asyncio -async def test_update_entitlement_async_from_dict(): - await test_update_entitlement_async(request_type=dict) - -def test_update_entitlement_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.UpdateEntitlementRequest() - - request.entitlement.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - call.return_value = operations_pb2.Operation(name='operations/op') - client.update_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'entitlement.name=name_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_update_entitlement_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.UpdateEntitlementRequest() - - request.entitlement.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(operations_pb2.Operation(name='operations/op')) - await client.update_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'entitlement.name=name_value', - ) in kw['metadata'] - - -def test_update_entitlement_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/op') - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.update_entitlement( - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].entitlement - mock_val = privilegedaccessmanager.Entitlement(name='name_value') - assert arg == mock_val - arg = args[0].update_mask - mock_val = field_mask_pb2.FieldMask(paths=['paths_value']) - assert arg == mock_val - - -def test_update_entitlement_flattened_error(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.update_entitlement( - privilegedaccessmanager.UpdateEntitlementRequest(), - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), - ) - -@pytest.mark.asyncio -async def test_update_entitlement_flattened_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/op') - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.update_entitlement( - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].entitlement - mock_val = privilegedaccessmanager.Entitlement(name='name_value') - assert arg == mock_val - arg = args[0].update_mask - mock_val = field_mask_pb2.FieldMask(paths=['paths_value']) - assert arg == mock_val - -@pytest.mark.asyncio -async def test_update_entitlement_flattened_error_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.update_entitlement( - privilegedaccessmanager.UpdateEntitlementRequest(), - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), - ) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.ListGrantsRequest, - dict, -]) -def test_list_grants(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.ListGrantsResponse( - next_page_token='next_page_token_value', - unreachable=['unreachable_value'], - ) - response = client.list_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.ListGrantsRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListGrantsPager) - assert response.next_page_token == 'next_page_token_value' - assert response.unreachable == ['unreachable_value'] - - -def test_list_grants_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.ListGrantsRequest( - parent='parent_value', - page_token='page_token_value', - filter='filter_value', - order_by='order_by_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.list_grants(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.ListGrantsRequest( - parent='parent_value', - page_token='page_token_value', - filter='filter_value', - order_by='order_by_value', - ) - -def test_list_grants_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.list_grants in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.list_grants] = mock_rpc - request = {} - client.list_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.list_grants(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_list_grants_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.list_grants in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.list_grants] = mock_rpc - - request = {} - await client.list_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.list_grants(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_list_grants_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.ListGrantsRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListGrantsResponse( - next_page_token='next_page_token_value', - unreachable=['unreachable_value'], - )) - response = await client.list_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.ListGrantsRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListGrantsAsyncPager) - assert response.next_page_token == 'next_page_token_value' - assert response.unreachable == ['unreachable_value'] - - -@pytest.mark.asyncio -async def test_list_grants_async_from_dict(): - await test_list_grants_async(request_type=dict) - -def test_list_grants_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.ListGrantsRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - call.return_value = privilegedaccessmanager.ListGrantsResponse() - client.list_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_list_grants_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.ListGrantsRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListGrantsResponse()) - await client.list_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -def test_list_grants_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.ListGrantsResponse() - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.list_grants( - parent='parent_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].parent - mock_val = 'parent_value' - assert arg == mock_val - - -def test_list_grants_flattened_error(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.list_grants( - privilegedaccessmanager.ListGrantsRequest(), - parent='parent_value', - ) - -@pytest.mark.asyncio -async def test_list_grants_flattened_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.ListGrantsResponse() - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListGrantsResponse()) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.list_grants( - parent='parent_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].parent - mock_val = 'parent_value' - assert arg == mock_val - -@pytest.mark.asyncio -async def test_list_grants_flattened_error_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.list_grants( - privilegedaccessmanager.ListGrantsRequest(), - parent='parent_value', - ) - - -def test_list_grants_pager(transport_name: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport_name, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - RuntimeError, - ) - - expected_metadata = () - retry = retries.Retry() - timeout = 5 - expected_metadata = tuple(expected_metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ('parent', ''), - )), - ) - pager = client.list_grants(request={}, retry=retry, timeout=timeout) - - assert pager._metadata == expected_metadata - assert pager._retry == retry - assert pager._timeout == timeout - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, privilegedaccessmanager.Grant) - for i in results) -def test_list_grants_pages(transport_name: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport_name, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - RuntimeError, - ) - pages = list(client.list_grants(request={}).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.asyncio -async def test_list_grants_async_pager(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - RuntimeError, - ) - async_pager = await client.list_grants(request={},) - assert async_pager.next_page_token == 'abc' - responses = [] - async for response in async_pager: # pragma: no branch - responses.append(response) - - assert len(responses) == 6 - assert all(isinstance(i, privilegedaccessmanager.Grant) - for i in responses) - - -@pytest.mark.asyncio -async def test_list_grants_async_pages(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - RuntimeError, - ) - pages = [] - # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` - # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 - async for page_ in ( # pragma: no branch - await client.list_grants(request={}) - ).pages: - pages.append(page_) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.SearchGrantsRequest, - dict, -]) -def test_search_grants(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.SearchGrantsResponse( - next_page_token='next_page_token_value', - ) - response = client.search_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.SearchGrantsRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.SearchGrantsPager) - assert response.next_page_token == 'next_page_token_value' - - -def test_search_grants_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.SearchGrantsRequest( - parent='parent_value', - filter='filter_value', - page_token='page_token_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.search_grants(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.SearchGrantsRequest( - parent='parent_value', - filter='filter_value', - page_token='page_token_value', - ) - -def test_search_grants_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.search_grants in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.search_grants] = mock_rpc - request = {} - client.search_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.search_grants(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_search_grants_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.search_grants in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.search_grants] = mock_rpc - - request = {} - await client.search_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.search_grants(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_search_grants_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.SearchGrantsRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchGrantsResponse( - next_page_token='next_page_token_value', - )) - response = await client.search_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.SearchGrantsRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.SearchGrantsAsyncPager) - assert response.next_page_token == 'next_page_token_value' - - -@pytest.mark.asyncio -async def test_search_grants_async_from_dict(): - await test_search_grants_async(request_type=dict) - -def test_search_grants_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.SearchGrantsRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - call.return_value = privilegedaccessmanager.SearchGrantsResponse() - client.search_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_search_grants_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.SearchGrantsRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchGrantsResponse()) - await client.search_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -def test_search_grants_pager(transport_name: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport_name, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - RuntimeError, - ) - - expected_metadata = () - retry = retries.Retry() - timeout = 5 - expected_metadata = tuple(expected_metadata) + ( - gapic_v1.routing_header.to_grpc_metadata(( - ('parent', ''), - )), - ) - pager = client.search_grants(request={}, retry=retry, timeout=timeout) - - assert pager._metadata == expected_metadata - assert pager._retry == retry - assert pager._timeout == timeout - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, privilegedaccessmanager.Grant) - for i in results) -def test_search_grants_pages(transport_name: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport_name, - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - RuntimeError, - ) - pages = list(client.search_grants(request={}).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.asyncio -async def test_search_grants_async_pager(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - RuntimeError, - ) - async_pager = await client.search_grants(request={},) - assert async_pager.next_page_token == 'abc' - responses = [] - async for response in async_pager: # pragma: no branch - responses.append(response) - - assert len(responses) == 6 - assert all(isinstance(i, privilegedaccessmanager.Grant) - for i in responses) - - -@pytest.mark.asyncio -async def test_search_grants_async_pages(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__', new_callable=mock.AsyncMock) as call: - # Set the response to a series of pages. - call.side_effect = ( - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - RuntimeError, - ) - pages = [] - # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` - # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 - async for page_ in ( # pragma: no branch - await client.search_grants(request={}) - ).pages: - pages.append(page_) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.GetGrantRequest, - dict, -]) -def test_get_grant(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - ) - response = client.get_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.GetGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -def test_get_grant_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.GetGrantRequest( - name='name_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.get_grant(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.GetGrantRequest( - name='name_value', - ) - -def test_get_grant_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.get_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.get_grant] = mock_rpc - request = {} - client.get_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.get_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_get_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.get_grant in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.get_grant] = mock_rpc - - request = {} - await client.get_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.get_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_get_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.GetGrantRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - )) - response = await client.get_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.GetGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -@pytest.mark.asyncio -async def test_get_grant_async_from_dict(): - await test_get_grant_async(request_type=dict) - -def test_get_grant_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.GetGrantRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - call.return_value = privilegedaccessmanager.Grant() - client.get_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_get_grant_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.GetGrantRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) - await client.get_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -def test_get_grant_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Grant() - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.get_grant( - name='name_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = 'name_value' - assert arg == mock_val - - -def test_get_grant_flattened_error(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.get_grant( - privilegedaccessmanager.GetGrantRequest(), - name='name_value', - ) - -@pytest.mark.asyncio -async def test_get_grant_flattened_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Grant() - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.get_grant( - name='name_value', - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = 'name_value' - assert arg == mock_val - -@pytest.mark.asyncio -async def test_get_grant_flattened_error_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.get_grant( - privilegedaccessmanager.GetGrantRequest(), - name='name_value', - ) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.CreateGrantRequest, - dict, -]) -def test_create_grant(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - ) - response = client.create_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.CreateGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -def test_create_grant_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.CreateGrantRequest( - parent='parent_value', - request_id='request_id_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.create_grant(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.CreateGrantRequest( - parent='parent_value', - request_id='request_id_value', - ) - -def test_create_grant_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.create_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.create_grant] = mock_rpc - request = {} - client.create_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.create_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_create_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.create_grant in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.create_grant] = mock_rpc - - request = {} - await client.create_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.create_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_create_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.CreateGrantRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - )) - response = await client.create_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.CreateGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -@pytest.mark.asyncio -async def test_create_grant_async_from_dict(): - await test_create_grant_async(request_type=dict) - -def test_create_grant_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.CreateGrantRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - call.return_value = privilegedaccessmanager.Grant() - client.create_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_create_grant_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.CreateGrantRequest() - - request.parent = 'parent_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) - await client.create_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'parent=parent_value', - ) in kw['metadata'] - - -def test_create_grant_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Grant() - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.create_grant( - parent='parent_value', - grant=privilegedaccessmanager.Grant(name='name_value'), - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].parent - mock_val = 'parent_value' - assert arg == mock_val - arg = args[0].grant - mock_val = privilegedaccessmanager.Grant(name='name_value') - assert arg == mock_val - - -def test_create_grant_flattened_error(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.create_grant( - privilegedaccessmanager.CreateGrantRequest(), - parent='parent_value', - grant=privilegedaccessmanager.Grant(name='name_value'), - ) - -@pytest.mark.asyncio -async def test_create_grant_flattened_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Grant() - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.create_grant( - parent='parent_value', - grant=privilegedaccessmanager.Grant(name='name_value'), - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].parent - mock_val = 'parent_value' - assert arg == mock_val - arg = args[0].grant - mock_val = privilegedaccessmanager.Grant(name='name_value') - assert arg == mock_val - -@pytest.mark.asyncio -async def test_create_grant_flattened_error_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.create_grant( - privilegedaccessmanager.CreateGrantRequest(), - parent='parent_value', - grant=privilegedaccessmanager.Grant(name='name_value'), - ) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.ApproveGrantRequest, - dict, -]) -def test_approve_grant(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.approve_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - ) - response = client.approve_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.ApproveGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -def test_approve_grant_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.ApproveGrantRequest( - name='name_value', - reason='reason_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.approve_grant), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.approve_grant(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.ApproveGrantRequest( - name='name_value', - reason='reason_value', - ) - -def test_approve_grant_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.approve_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.approve_grant] = mock_rpc - request = {} - client.approve_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.approve_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_approve_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.approve_grant in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.approve_grant] = mock_rpc - - request = {} - await client.approve_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.approve_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_approve_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.ApproveGrantRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.approve_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - )) - response = await client.approve_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.ApproveGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -@pytest.mark.asyncio -async def test_approve_grant_async_from_dict(): - await test_approve_grant_async(request_type=dict) - -def test_approve_grant_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.ApproveGrantRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.approve_grant), - '__call__') as call: - call.return_value = privilegedaccessmanager.Grant() - client.approve_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_approve_grant_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.ApproveGrantRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.approve_grant), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) - await client.approve_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.DenyGrantRequest, - dict, -]) -def test_deny_grant(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.deny_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - ) - response = client.deny_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.DenyGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -def test_deny_grant_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.DenyGrantRequest( - name='name_value', - reason='reason_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.deny_grant), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.deny_grant(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.DenyGrantRequest( - name='name_value', - reason='reason_value', - ) - -def test_deny_grant_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.deny_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.deny_grant] = mock_rpc - request = {} - client.deny_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.deny_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_deny_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.deny_grant in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.deny_grant] = mock_rpc - - request = {} - await client.deny_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - await client.deny_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_deny_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.DenyGrantRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.deny_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value =grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - )) - response = await client.deny_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.DenyGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -@pytest.mark.asyncio -async def test_deny_grant_async_from_dict(): - await test_deny_grant_async(request_type=dict) - -def test_deny_grant_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.DenyGrantRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.deny_grant), - '__call__') as call: - call.return_value = privilegedaccessmanager.Grant() - client.deny_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_deny_grant_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.DenyGrantRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.deny_grant), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant()) - await client.deny_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.RevokeGrantRequest, - dict, -]) -def test_revoke_grant(request_type, transport: str = 'grpc'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.revoke_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation(name='operations/spam') - response = client.revoke_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.RevokeGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -def test_revoke_grant_non_empty_request_with_auto_populated_field(): - # This test is a coverage failsafe to make sure that UUID4 fields are - # automatically populated, according to AIP-4235, with non-empty requests. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - - # Populate all string fields in the request which are not UUID4 - # since we want to check that UUID4 are populated automatically - # if they meet the requirements of AIP 4235. - request = privilegedaccessmanager.RevokeGrantRequest( - name='name_value', - reason='reason_value', - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.revoke_grant), - '__call__') as call: - call.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client.revoke_grant(request=request) - call.assert_called() - _, args, _ = call.mock_calls[0] - assert args[0] == privilegedaccessmanager.RevokeGrantRequest( - name='name_value', - reason='reason_value', - ) - -def test_revoke_grant_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.revoke_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.revoke_grant] = mock_rpc - request = {} - client.revoke_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods call wrapper_fn to build a cached - # client._transport.operations_client instance on first rpc call. - # Subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - client.revoke_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_revoke_grant_async_use_cached_wrapped_rpc(transport: str = "grpc_asyncio"): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method_async.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._client._transport.revoke_grant in client._client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.AsyncMock() - mock_rpc.return_value = mock.Mock() - client._client._transport._wrapped_methods[client._client._transport.revoke_grant] = mock_rpc - - request = {} - await client.revoke_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods call wrapper_fn to build a cached - # client._transport.operations_client instance on first rpc call. - # Subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - await client.revoke_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - -@pytest.mark.asyncio -async def test_revoke_grant_async(transport: str = 'grpc_asyncio', request_type=privilegedaccessmanager.RevokeGrantRequest): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.revoke_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - response = await client.revoke_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - request = privilegedaccessmanager.RevokeGrantRequest() - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, future.Future) - - -@pytest.mark.asyncio -async def test_revoke_grant_async_from_dict(): - await test_revoke_grant_async(request_type=dict) - -def test_revoke_grant_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.RevokeGrantRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.revoke_grant), - '__call__') as call: - call.return_value = operations_pb2.Operation(name='operations/op') - client.revoke_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -@pytest.mark.asyncio -async def test_revoke_grant_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = privilegedaccessmanager.RevokeGrantRequest() - - request.name = 'name_value' - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.revoke_grant), - '__call__') as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(operations_pb2.Operation(name='operations/op')) - await client.revoke_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ( - 'x-goog-request-params', - 'name=name_value', - ) in kw['metadata'] - - -def test_check_onboarding_status_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.check_onboarding_status in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.check_onboarding_status] = mock_rpc - - request = {} - client.check_onboarding_status(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.check_onboarding_status(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_check_onboarding_status_rest_required_fields(request_type=privilegedaccessmanager.CheckOnboardingStatusRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["parent"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).check_onboarding_status._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["parent"] = 'parent_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).check_onboarding_status._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == 'parent_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.CheckOnboardingStatusResponse() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "get", - 'query_params': pb_request, - } - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.CheckOnboardingStatusResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.check_onboarding_status(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_check_onboarding_status_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.check_onboarding_status._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("parent", ))) - - -def test_list_entitlements_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.list_entitlements in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.list_entitlements] = mock_rpc - - request = {} - client.list_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.list_entitlements(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_list_entitlements_rest_required_fields(request_type=privilegedaccessmanager.ListEntitlementsRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["parent"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).list_entitlements._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["parent"] = 'parent_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).list_entitlements._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("filter", "order_by", "page_size", "page_token", )) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == 'parent_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.ListEntitlementsResponse() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "get", - 'query_params': pb_request, - } - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.ListEntitlementsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.list_entitlements(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_list_entitlements_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.list_entitlements._get_unset_required_fields({}) - assert set(unset_fields) == (set(("filter", "orderBy", "pageSize", "pageToken", )) & set(("parent", ))) - - -def test_list_entitlements_rest_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.ListEntitlementsResponse() - - # get arguments that satisfy an http rule for this method - sample_request = {'parent': 'projects/sample1/locations/sample2'} - - # get truthy value for each flattened field - mock_args = dict( - parent='parent_value', - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - # Convert return value to protobuf type - return_value = privilegedaccessmanager.ListEntitlementsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - client.list_entitlements(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate("%s/v1/{parent=projects/*/locations/*}/entitlements" % client.transport._host, args[1]) - - -def test_list_entitlements_rest_flattened_error(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.list_entitlements( - privilegedaccessmanager.ListEntitlementsRequest(), - parent='parent_value', - ) - - -def test_list_entitlements_rest_pager(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # TODO(kbandes): remove this mock unless there's a good reason for it. - #with mock.patch.object(path_template, 'transcode') as transcode: - # Set the response as a series of pages - response = ( - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - ) - # Two responses for two calls - response = response + response - - # Wrap the values into proper Response objs - response = tuple(privilegedaccessmanager.ListEntitlementsResponse.to_json(x) for x in response) - return_values = tuple(Response() for i in response) - for return_val, response_val in zip(return_values, response): - return_val._content = response_val.encode('UTF-8') - return_val.status_code = 200 - req.side_effect = return_values - - sample_request = {'parent': 'projects/sample1/locations/sample2'} - - pager = client.list_entitlements(request=sample_request) - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, privilegedaccessmanager.Entitlement) - for i in results) - - pages = list(client.list_entitlements(request=sample_request).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - - -def test_search_entitlements_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.search_entitlements in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.search_entitlements] = mock_rpc - - request = {} - client.search_entitlements(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.search_entitlements(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_search_entitlements_rest_required_fields(request_type=privilegedaccessmanager.SearchEntitlementsRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["parent"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).search_entitlements._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["parent"] = 'parent_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).search_entitlements._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("caller_access_type", "filter", "page_size", "page_token", )) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == 'parent_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.SearchEntitlementsResponse() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "get", - 'query_params': pb_request, - } - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.SearchEntitlementsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.search_entitlements(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_search_entitlements_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.search_entitlements._get_unset_required_fields({}) - assert set(unset_fields) == (set(("callerAccessType", "filter", "pageSize", "pageToken", )) & set(("parent", "callerAccessType", ))) - - -def test_search_entitlements_rest_pager(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # TODO(kbandes): remove this mock unless there's a good reason for it. - #with mock.patch.object(path_template, 'transcode') as transcode: - # Set the response as a series of pages - response = ( - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchEntitlementsResponse( - entitlements=[ - privilegedaccessmanager.Entitlement(), - privilegedaccessmanager.Entitlement(), - ], - ), - ) - # Two responses for two calls - response = response + response - - # Wrap the values into proper Response objs - response = tuple(privilegedaccessmanager.SearchEntitlementsResponse.to_json(x) for x in response) - return_values = tuple(Response() for i in response) - for return_val, response_val in zip(return_values, response): - return_val._content = response_val.encode('UTF-8') - return_val.status_code = 200 - req.side_effect = return_values - - sample_request = {'parent': 'projects/sample1/locations/sample2'} - - pager = client.search_entitlements(request=sample_request) - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, privilegedaccessmanager.Entitlement) - for i in results) - - pages = list(client.search_entitlements(request=sample_request).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - - -def test_get_entitlement_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.get_entitlement in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.get_entitlement] = mock_rpc - - request = {} - client.get_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.get_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_get_entitlement_rest_required_fields(request_type=privilegedaccessmanager.GetEntitlementRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["name"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).get_entitlement._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["name"] = 'name_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).get_entitlement._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "name" in jsonified_request - assert jsonified_request["name"] == 'name_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Entitlement() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "get", - 'query_params': pb_request, - } - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Entitlement.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.get_entitlement(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_get_entitlement_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.get_entitlement._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name", ))) - - -def test_get_entitlement_rest_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Entitlement() - - # get arguments that satisfy an http rule for this method - sample_request = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} - - # get truthy value for each flattened field - mock_args = dict( - name='name_value', - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Entitlement.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - client.get_entitlement(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate("%s/v1/{name=projects/*/locations/*/entitlements/*}" % client.transport._host, args[1]) - - -def test_get_entitlement_rest_flattened_error(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.get_entitlement( - privilegedaccessmanager.GetEntitlementRequest(), - name='name_value', - ) - - -def test_create_entitlement_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.create_entitlement in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.create_entitlement] = mock_rpc - - request = {} - client.create_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods build a cached wrapper on first rpc call - # subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - client.create_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_create_entitlement_rest_required_fields(request_type=privilegedaccessmanager.CreateEntitlementRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["parent"] = "" - request_init["entitlement_id"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - assert "entitlementId" not in jsonified_request - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).create_entitlement._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - assert "entitlementId" in jsonified_request - assert jsonified_request["entitlementId"] == request_init["entitlement_id"] - - jsonified_request["parent"] = 'parent_value' - jsonified_request["entitlementId"] = 'entitlement_id_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).create_entitlement._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("entitlement_id", "request_id", )) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == 'parent_value' - assert "entitlementId" in jsonified_request - assert jsonified_request["entitlementId"] == 'entitlement_id_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "post", - 'query_params': pb_request, - } - transcode_result['body'] = pb_request - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.create_entitlement(request) - - expected_params = [ - ( - "entitlementId", - "", - ), - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_create_entitlement_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.create_entitlement._get_unset_required_fields({}) - assert set(unset_fields) == (set(("entitlementId", "requestId", )) & set(("parent", "entitlementId", "entitlement", ))) - - -def test_create_entitlement_rest_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - - # get arguments that satisfy an http rule for this method - sample_request = {'parent': 'projects/sample1/locations/sample2'} - - # get truthy value for each flattened field - mock_args = dict( - parent='parent_value', - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - entitlement_id='entitlement_id_value', - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - client.create_entitlement(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate("%s/v1/{parent=projects/*/locations/*}/entitlements" % client.transport._host, args[1]) - - -def test_create_entitlement_rest_flattened_error(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.create_entitlement( - privilegedaccessmanager.CreateEntitlementRequest(), - parent='parent_value', - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - entitlement_id='entitlement_id_value', - ) - - -def test_delete_entitlement_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.delete_entitlement in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.delete_entitlement] = mock_rpc - - request = {} - client.delete_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods build a cached wrapper on first rpc call - # subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - client.delete_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_delete_entitlement_rest_required_fields(request_type=privilegedaccessmanager.DeleteEntitlementRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["name"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).delete_entitlement._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["name"] = 'name_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).delete_entitlement._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("force", "request_id", )) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "name" in jsonified_request - assert jsonified_request["name"] == 'name_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "delete", - 'query_params': pb_request, - } - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.delete_entitlement(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_delete_entitlement_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.delete_entitlement._get_unset_required_fields({}) - assert set(unset_fields) == (set(("force", "requestId", )) & set(("name", ))) - - -def test_delete_entitlement_rest_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - - # get arguments that satisfy an http rule for this method - sample_request = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} - - # get truthy value for each flattened field - mock_args = dict( - name='name_value', - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - client.delete_entitlement(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate("%s/v1/{name=projects/*/locations/*/entitlements/*}" % client.transport._host, args[1]) - - -def test_delete_entitlement_rest_flattened_error(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.delete_entitlement( - privilegedaccessmanager.DeleteEntitlementRequest(), - name='name_value', - ) - - -def test_update_entitlement_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.update_entitlement in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.update_entitlement] = mock_rpc - - request = {} - client.update_entitlement(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods build a cached wrapper on first rpc call - # subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - client.update_entitlement(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_update_entitlement_rest_required_fields(request_type=privilegedaccessmanager.UpdateEntitlementRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).update_entitlement._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).update_entitlement._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("update_mask", )) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "patch", - 'query_params': pb_request, - } - transcode_result['body'] = pb_request - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.update_entitlement(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_update_entitlement_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.update_entitlement._get_unset_required_fields({}) - assert set(unset_fields) == (set(("updateMask", )) & set(("entitlement", "updateMask", ))) - - -def test_update_entitlement_rest_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - - # get arguments that satisfy an http rule for this method - sample_request = {'entitlement': {'name': 'projects/sample1/locations/sample2/entitlements/sample3'}} - - # get truthy value for each flattened field - mock_args = dict( - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - client.update_entitlement(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate("%s/v1/{entitlement.name=projects/*/locations/*/entitlements/*}" % client.transport._host, args[1]) - - -def test_update_entitlement_rest_flattened_error(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.update_entitlement( - privilegedaccessmanager.UpdateEntitlementRequest(), - entitlement=privilegedaccessmanager.Entitlement(name='name_value'), - update_mask=field_mask_pb2.FieldMask(paths=['paths_value']), - ) - - -def test_list_grants_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.list_grants in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.list_grants] = mock_rpc - - request = {} - client.list_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.list_grants(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_list_grants_rest_required_fields(request_type=privilegedaccessmanager.ListGrantsRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["parent"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).list_grants._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["parent"] = 'parent_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).list_grants._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("filter", "order_by", "page_size", "page_token", )) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == 'parent_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.ListGrantsResponse() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "get", - 'query_params': pb_request, - } - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.ListGrantsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.list_grants(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_list_grants_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.list_grants._get_unset_required_fields({}) - assert set(unset_fields) == (set(("filter", "orderBy", "pageSize", "pageToken", )) & set(("parent", ))) - - -def test_list_grants_rest_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.ListGrantsResponse() - - # get arguments that satisfy an http rule for this method - sample_request = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - - # get truthy value for each flattened field - mock_args = dict( - parent='parent_value', - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - # Convert return value to protobuf type - return_value = privilegedaccessmanager.ListGrantsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - client.list_grants(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate("%s/v1/{parent=projects/*/locations/*/entitlements/*}/grants" % client.transport._host, args[1]) - - -def test_list_grants_rest_flattened_error(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.list_grants( - privilegedaccessmanager.ListGrantsRequest(), - parent='parent_value', - ) - - -def test_list_grants_rest_pager(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # TODO(kbandes): remove this mock unless there's a good reason for it. - #with mock.patch.object(path_template, 'transcode') as transcode: - # Set the response as a series of pages - response = ( - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.ListGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - ) - # Two responses for two calls - response = response + response - - # Wrap the values into proper Response objs - response = tuple(privilegedaccessmanager.ListGrantsResponse.to_json(x) for x in response) - return_values = tuple(Response() for i in response) - for return_val, response_val in zip(return_values, response): - return_val._content = response_val.encode('UTF-8') - return_val.status_code = 200 - req.side_effect = return_values - - sample_request = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - - pager = client.list_grants(request=sample_request) - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, privilegedaccessmanager.Grant) - for i in results) - - pages = list(client.list_grants(request=sample_request).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - - -def test_search_grants_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.search_grants in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.search_grants] = mock_rpc - - request = {} - client.search_grants(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.search_grants(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_search_grants_rest_required_fields(request_type=privilegedaccessmanager.SearchGrantsRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["parent"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).search_grants._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["parent"] = 'parent_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).search_grants._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("caller_relationship", "filter", "page_size", "page_token", )) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == 'parent_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.SearchGrantsResponse() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "get", - 'query_params': pb_request, - } - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.SearchGrantsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.search_grants(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_search_grants_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.search_grants._get_unset_required_fields({}) - assert set(unset_fields) == (set(("callerRelationship", "filter", "pageSize", "pageToken", )) & set(("parent", "callerRelationship", ))) - - -def test_search_grants_rest_pager(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # TODO(kbandes): remove this mock unless there's a good reason for it. - #with mock.patch.object(path_template, 'transcode') as transcode: - # Set the response as a series of pages - response = ( - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - next_page_token='abc', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[], - next_page_token='def', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - ], - next_page_token='ghi', - ), - privilegedaccessmanager.SearchGrantsResponse( - grants=[ - privilegedaccessmanager.Grant(), - privilegedaccessmanager.Grant(), - ], - ), - ) - # Two responses for two calls - response = response + response - - # Wrap the values into proper Response objs - response = tuple(privilegedaccessmanager.SearchGrantsResponse.to_json(x) for x in response) - return_values = tuple(Response() for i in response) - for return_val, response_val in zip(return_values, response): - return_val._content = response_val.encode('UTF-8') - return_val.status_code = 200 - req.side_effect = return_values - - sample_request = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - - pager = client.search_grants(request=sample_request) - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, privilegedaccessmanager.Grant) - for i in results) - - pages = list(client.search_grants(request=sample_request).pages) - for page_, token in zip(pages, ['abc','def','ghi', '']): - assert page_.raw_page.next_page_token == token - - -def test_get_grant_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.get_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.get_grant] = mock_rpc - - request = {} - client.get_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.get_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_get_grant_rest_required_fields(request_type=privilegedaccessmanager.GetGrantRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["name"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).get_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["name"] = 'name_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).get_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "name" in jsonified_request - assert jsonified_request["name"] == 'name_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "get", - 'query_params': pb_request, - } - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.get_grant(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_get_grant_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.get_grant._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name", ))) - - -def test_get_grant_rest_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant() - - # get arguments that satisfy an http rule for this method - sample_request = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - - # get truthy value for each flattened field - mock_args = dict( - name='name_value', - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - client.get_grant(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate("%s/v1/{name=projects/*/locations/*/entitlements/*/grants/*}" % client.transport._host, args[1]) - - -def test_get_grant_rest_flattened_error(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.get_grant( - privilegedaccessmanager.GetGrantRequest(), - name='name_value', - ) - - -def test_create_grant_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.create_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.create_grant] = mock_rpc - - request = {} - client.create_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.create_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_create_grant_rest_required_fields(request_type=privilegedaccessmanager.CreateGrantRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["parent"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).create_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["parent"] = 'parent_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).create_grant._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("request_id", )) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == 'parent_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "post", - 'query_params': pb_request, - } - transcode_result['body'] = pb_request - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.create_grant(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_create_grant_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.create_grant._get_unset_required_fields({}) - assert set(unset_fields) == (set(("requestId", )) & set(("parent", "grant", ))) - - -def test_create_grant_rest_flattened(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant() - - # get arguments that satisfy an http rule for this method - sample_request = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - - # get truthy value for each flattened field - mock_args = dict( - parent='parent_value', - grant=privilegedaccessmanager.Grant(name='name_value'), - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - client.create_grant(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate("%s/v1/{parent=projects/*/locations/*/entitlements/*}/grants" % client.transport._host, args[1]) - - -def test_create_grant_rest_flattened_error(transport: str = 'rest'): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.create_grant( - privilegedaccessmanager.CreateGrantRequest(), - parent='parent_value', - grant=privilegedaccessmanager.Grant(name='name_value'), - ) - - -def test_approve_grant_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.approve_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.approve_grant] = mock_rpc - - request = {} - client.approve_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.approve_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_approve_grant_rest_required_fields(request_type=privilegedaccessmanager.ApproveGrantRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["name"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).approve_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["name"] = 'name_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).approve_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "name" in jsonified_request - assert jsonified_request["name"] == 'name_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "post", - 'query_params': pb_request, - } - transcode_result['body'] = pb_request - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.approve_grant(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_approve_grant_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.approve_grant._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name", ))) - - -def test_deny_grant_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.deny_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.deny_grant] = mock_rpc - - request = {} - client.deny_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - client.deny_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_deny_grant_rest_required_fields(request_type=privilegedaccessmanager.DenyGrantRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["name"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).deny_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["name"] = 'name_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).deny_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "name" in jsonified_request - assert jsonified_request["name"] == 'name_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant() - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "post", - 'query_params': pb_request, - } - transcode_result['body'] = pb_request - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.deny_grant(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_deny_grant_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.deny_grant._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name", ))) - - -def test_revoke_grant_rest_use_cached_wrapped_rpc(): - # Clients should use _prep_wrapped_messages to create cached wrapped rpcs, - # instead of constructing them on each call - with mock.patch("google.api_core.gapic_v1.method.wrap_method") as wrapper_fn: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Should wrap all calls on client creation - assert wrapper_fn.call_count > 0 - wrapper_fn.reset_mock() - - # Ensure method has been cached - assert client._transport.revoke_grant in client._transport._wrapped_methods - - # Replace cached wrapped function with mock - mock_rpc = mock.Mock() - mock_rpc.return_value.name = "foo" # operation_request.operation in compute client(s) expect a string. - client._transport._wrapped_methods[client._transport.revoke_grant] = mock_rpc - - request = {} - client.revoke_grant(request) - - # Establish that the underlying gRPC stub method was called. - assert mock_rpc.call_count == 1 - - # Operation methods build a cached wrapper on first rpc call - # subsequent calls should use the cached wrapper - wrapper_fn.reset_mock() - - client.revoke_grant(request) - - # Establish that a new wrapper was not created for this call - assert wrapper_fn.call_count == 0 - assert mock_rpc.call_count == 2 - - -def test_revoke_grant_rest_required_fields(request_type=privilegedaccessmanager.RevokeGrantRequest): - transport_class = transports.PrivilegedAccessManagerRestTransport - - request_init = {} - request_init["name"] = "" - request = request_type(**request_init) - pb_request = request_type.pb(request) - jsonified_request = json.loads(json_format.MessageToJson( - pb_request, - use_integers_for_enums=False - )) - - # verify fields with default values are dropped - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).revoke_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with default values are now present - - jsonified_request["name"] = 'name_value' - - unset_fields = transport_class(credentials=ga_credentials.AnonymousCredentials()).revoke_grant._get_unset_required_fields(jsonified_request) - jsonified_request.update(unset_fields) - - # verify required fields with non-default values are left alone - assert "name" in jsonified_request - assert jsonified_request["name"] == 'name_value' - - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='rest', - ) - request = request_type(**request_init) - - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # We need to mock transcode() because providing default values - # for required fields will fail the real version if the http_options - # expect actual values for those fields. - with mock.patch.object(path_template, 'transcode') as transcode: - # A uri without fields and an empty body will force all the - # request fields to show up in the query_params. - pb_request = request_type.pb(request) - transcode_result = { - 'uri': 'v1/sample_method', - 'method': "post", - 'query_params': pb_request, - } - transcode_result['body'] = pb_request - transcode.return_value = transcode_result - - response_value = Response() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - - response_value._content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.revoke_grant(request) - - expected_params = [ - ('$alt', 'json;enum-encoding=int') - ] - actual_params = req.call_args.kwargs['params'] - assert expected_params == actual_params - - -def test_revoke_grant_rest_unset_required_fields(): - transport = transports.PrivilegedAccessManagerRestTransport(credentials=ga_credentials.AnonymousCredentials) - - unset_fields = transport.revoke_grant._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name", ))) - - -def test_credentials_transport_error(): - # It is an error to provide credentials and a transport instance. - transport = transports.PrivilegedAccessManagerGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # It is an error to provide a credentials file and a transport instance. - transport = transports.PrivilegedAccessManagerGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = PrivilegedAccessManagerClient( - client_options={"credentials_file": "credentials.json"}, - transport=transport, - ) - - # It is an error to provide an api_key and a transport instance. - transport = transports.PrivilegedAccessManagerGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - options = client_options.ClientOptions() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = PrivilegedAccessManagerClient( - client_options=options, - transport=transport, - ) - - # It is an error to provide an api_key and a credential. - options = client_options.ClientOptions() - options.api_key = "api_key" - with pytest.raises(ValueError): - client = PrivilegedAccessManagerClient( - client_options=options, - credentials=ga_credentials.AnonymousCredentials() - ) - - # It is an error to provide scopes and a transport instance. - transport = transports.PrivilegedAccessManagerGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - with pytest.raises(ValueError): - client = PrivilegedAccessManagerClient( - client_options={"scopes": ["1", "2"]}, - transport=transport, - ) - - -def test_transport_instance(): - # A client may be instantiated with a custom transport instance. - transport = transports.PrivilegedAccessManagerGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - assert client.transport is transport - -def test_transport_get_channel(): - # A client may be instantiated with a custom transport instance. - transport = transports.PrivilegedAccessManagerGrpcTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - channel = transport.grpc_channel - assert channel - - transport = transports.PrivilegedAccessManagerGrpcAsyncIOTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - channel = transport.grpc_channel - assert channel - -@pytest.mark.parametrize("transport_class", [ - transports.PrivilegedAccessManagerGrpcTransport, - transports.PrivilegedAccessManagerGrpcAsyncIOTransport, - transports.PrivilegedAccessManagerRestTransport, -]) -def test_transport_adc(transport_class): - # Test default credentials are used if not provided. - with mock.patch.object(google.auth, 'default') as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class() - adc.assert_called_once() - -def test_transport_kind_grpc(): - transport = PrivilegedAccessManagerClient.get_transport_class("grpc")( - credentials=ga_credentials.AnonymousCredentials() - ) - assert transport.kind == "grpc" - - -def test_initialize_client_w_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc" - ) - assert client is not None - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_check_onboarding_status_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.check_onboarding_status), - '__call__') as call: - call.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse() - client.check_onboarding_status(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CheckOnboardingStatusRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_list_entitlements_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - call.return_value = privilegedaccessmanager.ListEntitlementsResponse() - client.list_entitlements(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ListEntitlementsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_search_entitlements_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - call.return_value = privilegedaccessmanager.SearchEntitlementsResponse() - client.search_entitlements(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.SearchEntitlementsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_get_entitlement_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - call.return_value = privilegedaccessmanager.Entitlement() - client.get_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.GetEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_create_entitlement_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - call.return_value = operations_pb2.Operation(name='operations/op') - client.create_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CreateEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_delete_entitlement_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - call.return_value = operations_pb2.Operation(name='operations/op') - client.delete_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.DeleteEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_update_entitlement_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - call.return_value = operations_pb2.Operation(name='operations/op') - client.update_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.UpdateEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_list_grants_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - call.return_value = privilegedaccessmanager.ListGrantsResponse() - client.list_grants(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ListGrantsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_search_grants_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - call.return_value = privilegedaccessmanager.SearchGrantsResponse() - client.search_grants(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.SearchGrantsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_get_grant_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - call.return_value = privilegedaccessmanager.Grant() - client.get_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.GetGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_create_grant_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - call.return_value = privilegedaccessmanager.Grant() - client.create_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CreateGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_approve_grant_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.approve_grant), - '__call__') as call: - call.return_value = privilegedaccessmanager.Grant() - client.approve_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ApproveGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_deny_grant_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.deny_grant), - '__call__') as call: - call.return_value = privilegedaccessmanager.Grant() - client.deny_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.DenyGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_revoke_grant_empty_call_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.revoke_grant), - '__call__') as call: - call.return_value = operations_pb2.Operation(name='operations/op') - client.revoke_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.RevokeGrantRequest() - - assert args[0] == request_msg - - -def test_transport_kind_grpc_asyncio(): - transport = PrivilegedAccessManagerAsyncClient.get_transport_class("grpc_asyncio")( - credentials=async_anonymous_credentials() - ) - assert transport.kind == "grpc_asyncio" - - -def test_initialize_client_w_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio" - ) - assert client is not None - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_check_onboarding_status_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.check_onboarding_status), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.CheckOnboardingStatusResponse( - service_account='service_account_value', - )) - await client.check_onboarding_status(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CheckOnboardingStatusRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_list_entitlements_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListEntitlementsResponse( - next_page_token='next_page_token_value', - unreachable=['unreachable_value'], - )) - await client.list_entitlements(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ListEntitlementsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_search_entitlements_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchEntitlementsResponse( - next_page_token='next_page_token_value', - )) - await client.search_entitlements(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.SearchEntitlementsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_get_entitlement_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Entitlement( - name='name_value', - state=privilegedaccessmanager.Entitlement.State.CREATING, - etag='etag_value', - )) - await client.get_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.GetEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_create_entitlement_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - await client.create_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CreateEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_delete_entitlement_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - await client.delete_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.DeleteEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_update_entitlement_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - await client.update_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.UpdateEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_list_grants_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.ListGrantsResponse( - next_page_token='next_page_token_value', - unreachable=['unreachable_value'], - )) - await client.list_grants(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ListGrantsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_search_grants_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.SearchGrantsResponse( - next_page_token='next_page_token_value', - )) - await client.search_grants(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.SearchGrantsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_get_grant_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - )) - await client.get_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.GetGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_create_grant_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - )) - await client.create_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CreateGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_approve_grant_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.approve_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - )) - await client.approve_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ApproveGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_deny_grant_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.deny_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - )) - await client.deny_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.DenyGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -@pytest.mark.asyncio -async def test_revoke_grant_empty_call_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.revoke_grant), - '__call__') as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation(name='operations/spam') - ) - await client.revoke_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.RevokeGrantRequest() - - assert args[0] == request_msg - - -def test_transport_kind_rest(): - transport = PrivilegedAccessManagerClient.get_transport_class("rest")( - credentials=ga_credentials.AnonymousCredentials() - ) - assert transport.kind == "rest" - - -def test_check_onboarding_status_rest_bad_request(request_type=privilegedaccessmanager.CheckOnboardingStatusRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.check_onboarding_status(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.CheckOnboardingStatusRequest, - dict, -]) -def test_check_onboarding_status_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.CheckOnboardingStatusResponse( - service_account='service_account_value', - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.CheckOnboardingStatusResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.check_onboarding_status(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.CheckOnboardingStatusResponse) - assert response.service_account == 'service_account_value' - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_check_onboarding_status_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_check_onboarding_status") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_check_onboarding_status_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_check_onboarding_status") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.CheckOnboardingStatusRequest.pb(privilegedaccessmanager.CheckOnboardingStatusRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.CheckOnboardingStatusResponse.to_json(privilegedaccessmanager.CheckOnboardingStatusResponse()) - req.return_value.content = return_value - - request = privilegedaccessmanager.CheckOnboardingStatusRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse() - post_with_metadata.return_value = privilegedaccessmanager.CheckOnboardingStatusResponse(), metadata - - client.check_onboarding_status(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_list_entitlements_rest_bad_request(request_type=privilegedaccessmanager.ListEntitlementsRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.list_entitlements(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.ListEntitlementsRequest, - dict, -]) -def test_list_entitlements_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.ListEntitlementsResponse( - next_page_token='next_page_token_value', - unreachable=['unreachable_value'], - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.ListEntitlementsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.list_entitlements(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListEntitlementsPager) - assert response.next_page_token == 'next_page_token_value' - assert response.unreachable == ['unreachable_value'] - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_list_entitlements_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_list_entitlements") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_list_entitlements_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_list_entitlements") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.ListEntitlementsRequest.pb(privilegedaccessmanager.ListEntitlementsRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.ListEntitlementsResponse.to_json(privilegedaccessmanager.ListEntitlementsResponse()) - req.return_value.content = return_value - - request = privilegedaccessmanager.ListEntitlementsRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.ListEntitlementsResponse() - post_with_metadata.return_value = privilegedaccessmanager.ListEntitlementsResponse(), metadata - - client.list_entitlements(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_search_entitlements_rest_bad_request(request_type=privilegedaccessmanager.SearchEntitlementsRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.search_entitlements(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.SearchEntitlementsRequest, - dict, -]) -def test_search_entitlements_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.SearchEntitlementsResponse( - next_page_token='next_page_token_value', - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.SearchEntitlementsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.search_entitlements(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.SearchEntitlementsPager) - assert response.next_page_token == 'next_page_token_value' - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_search_entitlements_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_search_entitlements") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_search_entitlements_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_search_entitlements") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.SearchEntitlementsRequest.pb(privilegedaccessmanager.SearchEntitlementsRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.SearchEntitlementsResponse.to_json(privilegedaccessmanager.SearchEntitlementsResponse()) - req.return_value.content = return_value - - request = privilegedaccessmanager.SearchEntitlementsRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.SearchEntitlementsResponse() - post_with_metadata.return_value = privilegedaccessmanager.SearchEntitlementsResponse(), metadata - - client.search_entitlements(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_get_entitlement_rest_bad_request(request_type=privilegedaccessmanager.GetEntitlementRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.get_entitlement(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.GetEntitlementRequest, - dict, -]) -def test_get_entitlement_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Entitlement( - name='name_value', - state=privilegedaccessmanager.Entitlement.State.CREATING, - etag='etag_value', - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Entitlement.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.get_entitlement(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Entitlement) - assert response.name == 'name_value' - assert response.state == privilegedaccessmanager.Entitlement.State.CREATING - assert response.etag == 'etag_value' - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_get_entitlement_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_get_entitlement") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_get_entitlement_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_get_entitlement") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.GetEntitlementRequest.pb(privilegedaccessmanager.GetEntitlementRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.Entitlement.to_json(privilegedaccessmanager.Entitlement()) - req.return_value.content = return_value - - request = privilegedaccessmanager.GetEntitlementRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.Entitlement() - post_with_metadata.return_value = privilegedaccessmanager.Entitlement(), metadata - - client.get_entitlement(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_create_entitlement_rest_bad_request(request_type=privilegedaccessmanager.CreateEntitlementRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.create_entitlement(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.CreateEntitlementRequest, - dict, -]) -def test_create_entitlement_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2'} - request_init["entitlement"] = {'name': 'name_value', 'create_time': {'seconds': 751, 'nanos': 543}, 'update_time': {}, 'eligible_users': [{'principals': ['principals_value1', 'principals_value2']}], 'approval_workflow': {'manual_approvals': {'require_approver_justification': True, 'steps': [{'approvers': {}, 'approvals_needed': 1692, 'approver_email_recipients': ['approver_email_recipients_value1', 'approver_email_recipients_value2']}]}}, 'privileged_access': {'gcp_iam_access': {'resource_type': 'resource_type_value', 'resource': 'resource_value', 'role_bindings': [{'role': 'role_value', 'condition_expression': 'condition_expression_value'}]}}, 'max_request_duration': {'seconds': 751, 'nanos': 543}, 'state': 1, 'requester_justification_config': {'not_mandatory': {}, 'unstructured': {}}, 'additional_notification_targets': {'admin_email_recipients': ['admin_email_recipients_value1', 'admin_email_recipients_value2'], 'requester_email_recipients': ['requester_email_recipients_value1', 'requester_email_recipients_value2']}, 'etag': 'etag_value'} - # The version of a generated dependency at test runtime may differ from the version used during generation. - # Delete any fields which are not present in the current runtime dependency - # See https://github.com/googleapis/gapic-generator-python/issues/1748 - - # Determine if the message type is proto-plus or protobuf - test_field = privilegedaccessmanager.CreateEntitlementRequest.meta.fields["entitlement"] - - def get_message_fields(field): - # Given a field which is a message (composite type), return a list with - # all the fields of the message. - # If the field is not a composite type, return an empty list. - message_fields = [] - - if hasattr(field, "message") and field.message: - is_field_type_proto_plus_type = not hasattr(field.message, "DESCRIPTOR") - - if is_field_type_proto_plus_type: - message_fields = field.message.meta.fields.values() - # Add `# pragma: NO COVER` because there may not be any `*_pb2` field types - else: # pragma: NO COVER - message_fields = field.message.DESCRIPTOR.fields - return message_fields - - runtime_nested_fields = [ - (field.name, nested_field.name) - for field in get_message_fields(test_field) - for nested_field in get_message_fields(field) - ] - - subfields_not_in_runtime = [] - - # For each item in the sample request, create a list of sub fields which are not present at runtime - # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime - for field, value in request_init["entitlement"].items(): # pragma: NO COVER - result = None - is_repeated = False - # For repeated fields - if isinstance(value, list) and len(value): - is_repeated = True - result = value[0] - # For fields where the type is another message - if isinstance(value, dict): - result = value - - if result and hasattr(result, "keys"): - for subfield in result.keys(): - if (field, subfield) not in runtime_nested_fields: - subfields_not_in_runtime.append( - {"field": field, "subfield": subfield, "is_repeated": is_repeated} - ) - - # Remove fields from the sample request which are not present in the runtime version of the dependency - # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime - for subfield_to_delete in subfields_not_in_runtime: # pragma: NO COVER - field = subfield_to_delete.get("field") - field_repeated = subfield_to_delete.get("is_repeated") - subfield = subfield_to_delete.get("subfield") - if subfield: - if field_repeated: - for i in range(0, len(request_init["entitlement"][field])): - del request_init["entitlement"][field][i][subfield] - else: - del request_init["entitlement"][field][subfield] - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.create_entitlement(request) - - # Establish that the response is the type that we expect. - json_return_value = json_format.MessageToJson(return_value) - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_create_entitlement_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(operation.Operation, "_set_result_from_operation"), \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_create_entitlement") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_create_entitlement_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_create_entitlement") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.CreateEntitlementRequest.pb(privilegedaccessmanager.CreateEntitlementRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = json_format.MessageToJson(operations_pb2.Operation()) - req.return_value.content = return_value - - request = privilegedaccessmanager.CreateEntitlementRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = operations_pb2.Operation() - post_with_metadata.return_value = operations_pb2.Operation(), metadata - - client.create_entitlement(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_delete_entitlement_rest_bad_request(request_type=privilegedaccessmanager.DeleteEntitlementRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.delete_entitlement(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.DeleteEntitlementRequest, - dict, -]) -def test_delete_entitlement_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.delete_entitlement(request) - - # Establish that the response is the type that we expect. - json_return_value = json_format.MessageToJson(return_value) - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_delete_entitlement_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(operation.Operation, "_set_result_from_operation"), \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_delete_entitlement") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_delete_entitlement_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_delete_entitlement") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.DeleteEntitlementRequest.pb(privilegedaccessmanager.DeleteEntitlementRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = json_format.MessageToJson(operations_pb2.Operation()) - req.return_value.content = return_value - - request = privilegedaccessmanager.DeleteEntitlementRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = operations_pb2.Operation() - post_with_metadata.return_value = operations_pb2.Operation(), metadata - - client.delete_entitlement(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_update_entitlement_rest_bad_request(request_type=privilegedaccessmanager.UpdateEntitlementRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'entitlement': {'name': 'projects/sample1/locations/sample2/entitlements/sample3'}} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.update_entitlement(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.UpdateEntitlementRequest, - dict, -]) -def test_update_entitlement_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'entitlement': {'name': 'projects/sample1/locations/sample2/entitlements/sample3'}} - request_init["entitlement"] = {'name': 'projects/sample1/locations/sample2/entitlements/sample3', 'create_time': {'seconds': 751, 'nanos': 543}, 'update_time': {}, 'eligible_users': [{'principals': ['principals_value1', 'principals_value2']}], 'approval_workflow': {'manual_approvals': {'require_approver_justification': True, 'steps': [{'approvers': {}, 'approvals_needed': 1692, 'approver_email_recipients': ['approver_email_recipients_value1', 'approver_email_recipients_value2']}]}}, 'privileged_access': {'gcp_iam_access': {'resource_type': 'resource_type_value', 'resource': 'resource_value', 'role_bindings': [{'role': 'role_value', 'condition_expression': 'condition_expression_value'}]}}, 'max_request_duration': {'seconds': 751, 'nanos': 543}, 'state': 1, 'requester_justification_config': {'not_mandatory': {}, 'unstructured': {}}, 'additional_notification_targets': {'admin_email_recipients': ['admin_email_recipients_value1', 'admin_email_recipients_value2'], 'requester_email_recipients': ['requester_email_recipients_value1', 'requester_email_recipients_value2']}, 'etag': 'etag_value'} - # The version of a generated dependency at test runtime may differ from the version used during generation. - # Delete any fields which are not present in the current runtime dependency - # See https://github.com/googleapis/gapic-generator-python/issues/1748 - - # Determine if the message type is proto-plus or protobuf - test_field = privilegedaccessmanager.UpdateEntitlementRequest.meta.fields["entitlement"] - - def get_message_fields(field): - # Given a field which is a message (composite type), return a list with - # all the fields of the message. - # If the field is not a composite type, return an empty list. - message_fields = [] - - if hasattr(field, "message") and field.message: - is_field_type_proto_plus_type = not hasattr(field.message, "DESCRIPTOR") - - if is_field_type_proto_plus_type: - message_fields = field.message.meta.fields.values() - # Add `# pragma: NO COVER` because there may not be any `*_pb2` field types - else: # pragma: NO COVER - message_fields = field.message.DESCRIPTOR.fields - return message_fields - - runtime_nested_fields = [ - (field.name, nested_field.name) - for field in get_message_fields(test_field) - for nested_field in get_message_fields(field) - ] - - subfields_not_in_runtime = [] - - # For each item in the sample request, create a list of sub fields which are not present at runtime - # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime - for field, value in request_init["entitlement"].items(): # pragma: NO COVER - result = None - is_repeated = False - # For repeated fields - if isinstance(value, list) and len(value): - is_repeated = True - result = value[0] - # For fields where the type is another message - if isinstance(value, dict): - result = value - - if result and hasattr(result, "keys"): - for subfield in result.keys(): - if (field, subfield) not in runtime_nested_fields: - subfields_not_in_runtime.append( - {"field": field, "subfield": subfield, "is_repeated": is_repeated} - ) - - # Remove fields from the sample request which are not present in the runtime version of the dependency - # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime - for subfield_to_delete in subfields_not_in_runtime: # pragma: NO COVER - field = subfield_to_delete.get("field") - field_repeated = subfield_to_delete.get("is_repeated") - subfield = subfield_to_delete.get("subfield") - if subfield: - if field_repeated: - for i in range(0, len(request_init["entitlement"][field])): - del request_init["entitlement"][field][i][subfield] - else: - del request_init["entitlement"][field][subfield] - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.update_entitlement(request) - - # Establish that the response is the type that we expect. - json_return_value = json_format.MessageToJson(return_value) - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_update_entitlement_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(operation.Operation, "_set_result_from_operation"), \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_update_entitlement") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_update_entitlement_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_update_entitlement") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.UpdateEntitlementRequest.pb(privilegedaccessmanager.UpdateEntitlementRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = json_format.MessageToJson(operations_pb2.Operation()) - req.return_value.content = return_value - - request = privilegedaccessmanager.UpdateEntitlementRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = operations_pb2.Operation() - post_with_metadata.return_value = operations_pb2.Operation(), metadata - - client.update_entitlement(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_list_grants_rest_bad_request(request_type=privilegedaccessmanager.ListGrantsRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.list_grants(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.ListGrantsRequest, - dict, -]) -def test_list_grants_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.ListGrantsResponse( - next_page_token='next_page_token_value', - unreachable=['unreachable_value'], - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.ListGrantsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.list_grants(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListGrantsPager) - assert response.next_page_token == 'next_page_token_value' - assert response.unreachable == ['unreachable_value'] - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_list_grants_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_list_grants") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_list_grants_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_list_grants") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.ListGrantsRequest.pb(privilegedaccessmanager.ListGrantsRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.ListGrantsResponse.to_json(privilegedaccessmanager.ListGrantsResponse()) - req.return_value.content = return_value - - request = privilegedaccessmanager.ListGrantsRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.ListGrantsResponse() - post_with_metadata.return_value = privilegedaccessmanager.ListGrantsResponse(), metadata - - client.list_grants(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_search_grants_rest_bad_request(request_type=privilegedaccessmanager.SearchGrantsRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.search_grants(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.SearchGrantsRequest, - dict, -]) -def test_search_grants_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.SearchGrantsResponse( - next_page_token='next_page_token_value', - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.SearchGrantsResponse.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.search_grants(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, pagers.SearchGrantsPager) - assert response.next_page_token == 'next_page_token_value' - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_search_grants_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_search_grants") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_search_grants_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_search_grants") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.SearchGrantsRequest.pb(privilegedaccessmanager.SearchGrantsRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.SearchGrantsResponse.to_json(privilegedaccessmanager.SearchGrantsResponse()) - req.return_value.content = return_value - - request = privilegedaccessmanager.SearchGrantsRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.SearchGrantsResponse() - post_with_metadata.return_value = privilegedaccessmanager.SearchGrantsResponse(), metadata - - client.search_grants(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_get_grant_rest_bad_request(request_type=privilegedaccessmanager.GetGrantRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.get_grant(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.GetGrantRequest, - dict, -]) -def test_get_grant_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.get_grant(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_get_grant_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_get_grant") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_get_grant_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_get_grant") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.GetGrantRequest.pb(privilegedaccessmanager.GetGrantRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.Grant.to_json(privilegedaccessmanager.Grant()) - req.return_value.content = return_value - - request = privilegedaccessmanager.GetGrantRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.Grant() - post_with_metadata.return_value = privilegedaccessmanager.Grant(), metadata - - client.get_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_create_grant_rest_bad_request(request_type=privilegedaccessmanager.CreateGrantRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.create_grant(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.CreateGrantRequest, - dict, -]) -def test_create_grant_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'parent': 'projects/sample1/locations/sample2/entitlements/sample3'} - request_init["grant"] = {'name': 'name_value', 'create_time': {'seconds': 751, 'nanos': 543}, 'update_time': {}, 'requester': 'requester_value', 'requested_duration': {'seconds': 751, 'nanos': 543}, 'justification': {'unstructured_justification': 'unstructured_justification_value'}, 'state': 1, 'timeline': {'events': [{'requested': {'expire_time': {}}, 'approved': {'reason': 'reason_value', 'actor': 'actor_value'}, 'denied': {'reason': 'reason_value', 'actor': 'actor_value'}, 'revoked': {'reason': 'reason_value', 'actor': 'actor_value'}, 'scheduled': {'scheduled_activation_time': {}}, 'activated': {}, 'activation_failed': {'error': {'code': 411, 'message': 'message_value', 'details': [{'type_url': 'type.googleapis.com/google.protobuf.Duration', 'value': b'\x08\x0c\x10\xdb\x07'}]}}, 'expired': {}, 'ended': {}, 'externally_modified': {}, 'withdrawn': {}, 'event_time': {}}]}, 'privileged_access': {'gcp_iam_access': {'resource_type': 'resource_type_value', 'resource': 'resource_value', 'role_bindings': [{'role': 'role_value', 'condition_expression': 'condition_expression_value'}]}}, 'audit_trail': {'access_grant_time': {}, 'access_remove_time': {}}, 'additional_email_recipients': ['additional_email_recipients_value1', 'additional_email_recipients_value2'], 'externally_modified': True} - # The version of a generated dependency at test runtime may differ from the version used during generation. - # Delete any fields which are not present in the current runtime dependency - # See https://github.com/googleapis/gapic-generator-python/issues/1748 - - # Determine if the message type is proto-plus or protobuf - test_field = privilegedaccessmanager.CreateGrantRequest.meta.fields["grant"] - - def get_message_fields(field): - # Given a field which is a message (composite type), return a list with - # all the fields of the message. - # If the field is not a composite type, return an empty list. - message_fields = [] - - if hasattr(field, "message") and field.message: - is_field_type_proto_plus_type = not hasattr(field.message, "DESCRIPTOR") - - if is_field_type_proto_plus_type: - message_fields = field.message.meta.fields.values() - # Add `# pragma: NO COVER` because there may not be any `*_pb2` field types - else: # pragma: NO COVER - message_fields = field.message.DESCRIPTOR.fields - return message_fields - - runtime_nested_fields = [ - (field.name, nested_field.name) - for field in get_message_fields(test_field) - for nested_field in get_message_fields(field) - ] - - subfields_not_in_runtime = [] - - # For each item in the sample request, create a list of sub fields which are not present at runtime - # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime - for field, value in request_init["grant"].items(): # pragma: NO COVER - result = None - is_repeated = False - # For repeated fields - if isinstance(value, list) and len(value): - is_repeated = True - result = value[0] - # For fields where the type is another message - if isinstance(value, dict): - result = value - - if result and hasattr(result, "keys"): - for subfield in result.keys(): - if (field, subfield) not in runtime_nested_fields: - subfields_not_in_runtime.append( - {"field": field, "subfield": subfield, "is_repeated": is_repeated} - ) - - # Remove fields from the sample request which are not present in the runtime version of the dependency - # Add `# pragma: NO COVER` because this test code will not run if all subfields are present at runtime - for subfield_to_delete in subfields_not_in_runtime: # pragma: NO COVER - field = subfield_to_delete.get("field") - field_repeated = subfield_to_delete.get("is_repeated") - subfield = subfield_to_delete.get("subfield") - if subfield: - if field_repeated: - for i in range(0, len(request_init["grant"][field])): - del request_init["grant"][field][i][subfield] - else: - del request_init["grant"][field][subfield] - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.create_grant(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_create_grant_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_create_grant") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_create_grant_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_create_grant") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.CreateGrantRequest.pb(privilegedaccessmanager.CreateGrantRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.Grant.to_json(privilegedaccessmanager.Grant()) - req.return_value.content = return_value - - request = privilegedaccessmanager.CreateGrantRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.Grant() - post_with_metadata.return_value = privilegedaccessmanager.Grant(), metadata - - client.create_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_approve_grant_rest_bad_request(request_type=privilegedaccessmanager.ApproveGrantRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.approve_grant(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.ApproveGrantRequest, - dict, -]) -def test_approve_grant_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.approve_grant(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_approve_grant_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_approve_grant") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_approve_grant_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_approve_grant") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.ApproveGrantRequest.pb(privilegedaccessmanager.ApproveGrantRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.Grant.to_json(privilegedaccessmanager.Grant()) - req.return_value.content = return_value - - request = privilegedaccessmanager.ApproveGrantRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.Grant() - post_with_metadata.return_value = privilegedaccessmanager.Grant(), metadata - - client.approve_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_deny_grant_rest_bad_request(request_type=privilegedaccessmanager.DenyGrantRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.deny_grant(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.DenyGrantRequest, - dict, -]) -def test_deny_grant_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = privilegedaccessmanager.Grant( - name='name_value', - requester='requester_value', - state=privilegedaccessmanager.Grant.State.APPROVAL_AWAITED, - additional_email_recipients=['additional_email_recipients_value'], - externally_modified=True, - ) - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - - # Convert return value to protobuf type - return_value = privilegedaccessmanager.Grant.pb(return_value) - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.deny_grant(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, privilegedaccessmanager.Grant) - assert response.name == 'name_value' - assert response.requester == 'requester_value' - assert response.state == privilegedaccessmanager.Grant.State.APPROVAL_AWAITED - assert response.additional_email_recipients == ['additional_email_recipients_value'] - assert response.externally_modified is True - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_deny_grant_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_deny_grant") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_deny_grant_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_deny_grant") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.DenyGrantRequest.pb(privilegedaccessmanager.DenyGrantRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = privilegedaccessmanager.Grant.to_json(privilegedaccessmanager.Grant()) - req.return_value.content = return_value - - request = privilegedaccessmanager.DenyGrantRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = privilegedaccessmanager.Grant() - post_with_metadata.return_value = privilegedaccessmanager.Grant(), metadata - - client.deny_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_revoke_grant_rest_bad_request(request_type=privilegedaccessmanager.RevokeGrantRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = mock.Mock() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = mock.Mock() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.revoke_grant(request) - - -@pytest.mark.parametrize("request_type", [ - privilegedaccessmanager.RevokeGrantRequest, - dict, -]) -def test_revoke_grant_rest_call_success(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - - # send a request that will satisfy transcoding - request_init = {'name': 'projects/sample1/locations/sample2/entitlements/sample3/grants/sample4'} - request = request_type(**request_init) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation(name='operations/spam') - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - response = client.revoke_grant(request) - - # Establish that the response is the type that we expect. - json_return_value = json_format.MessageToJson(return_value) - - -@pytest.mark.parametrize("null_interceptor", [True, False]) -def test_revoke_grant_rest_interceptors(null_interceptor): - transport = transports.PrivilegedAccessManagerRestTransport( - credentials=ga_credentials.AnonymousCredentials(), - interceptor=None if null_interceptor else transports.PrivilegedAccessManagerRestInterceptor(), - ) - client = PrivilegedAccessManagerClient(transport=transport) - - with mock.patch.object(type(client.transport._session), "request") as req, \ - mock.patch.object(path_template, "transcode") as transcode, \ - mock.patch.object(operation.Operation, "_set_result_from_operation"), \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_revoke_grant") as post, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "post_revoke_grant_with_metadata") as post_with_metadata, \ - mock.patch.object(transports.PrivilegedAccessManagerRestInterceptor, "pre_revoke_grant") as pre: - pre.assert_not_called() - post.assert_not_called() - post_with_metadata.assert_not_called() - pb_message = privilegedaccessmanager.RevokeGrantRequest.pb(privilegedaccessmanager.RevokeGrantRequest()) - transcode.return_value = { - "method": "post", - "uri": "my_uri", - "body": pb_message, - "query_params": pb_message, - } - - req.return_value = mock.Mock() - req.return_value.status_code = 200 - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - return_value = json_format.MessageToJson(operations_pb2.Operation()) - req.return_value.content = return_value - - request = privilegedaccessmanager.RevokeGrantRequest() - metadata =[ - ("key", "val"), - ("cephalopod", "squid"), - ] - pre.return_value = request, metadata - post.return_value = operations_pb2.Operation() - post_with_metadata.return_value = operations_pb2.Operation(), metadata - - client.revoke_grant(request, metadata=[("key", "val"), ("cephalopod", "squid"),]) - - pre.assert_called_once() - post.assert_called_once() - post_with_metadata.assert_called_once() - - -def test_get_location_rest_bad_request(request_type=locations_pb2.GetLocationRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - request = request_type() - request = json_format.ParseDict({'name': 'projects/sample1/locations/sample2'}, request) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = Response() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = Request() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.get_location(request) - - -@pytest.mark.parametrize("request_type", [ - locations_pb2.GetLocationRequest, - dict, -]) -def test_get_location_rest(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - request_init = {'name': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # Designate an appropriate value for the returned response. - return_value = locations_pb2.Location() - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.get_location(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, locations_pb2.Location) - - -def test_list_locations_rest_bad_request(request_type=locations_pb2.ListLocationsRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - request = request_type() - request = json_format.ParseDict({'name': 'projects/sample1'}, request) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = Response() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = Request() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.list_locations(request) - - -@pytest.mark.parametrize("request_type", [ - locations_pb2.ListLocationsRequest, - dict, -]) -def test_list_locations_rest(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - request_init = {'name': 'projects/sample1'} - request = request_type(**request_init) - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # Designate an appropriate value for the returned response. - return_value = locations_pb2.ListLocationsResponse() - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.list_locations(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, locations_pb2.ListLocationsResponse) - - -def test_delete_operation_rest_bad_request(request_type=operations_pb2.DeleteOperationRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - request = request_type() - request = json_format.ParseDict({'name': 'projects/sample1/locations/sample2/operations/sample3'}, request) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = Response() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = Request() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.delete_operation(request) - - -@pytest.mark.parametrize("request_type", [ - operations_pb2.DeleteOperationRequest, - dict, -]) -def test_delete_operation_rest(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - request_init = {'name': 'projects/sample1/locations/sample2/operations/sample3'} - request = request_type(**request_init) - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # Designate an appropriate value for the returned response. - return_value = None - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = '{}' - response_value.content = json_return_value.encode('UTF-8') - - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.delete_operation(request) - - # Establish that the response is the type that we expect. - assert response is None - - -def test_get_operation_rest_bad_request(request_type=operations_pb2.GetOperationRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - request = request_type() - request = json_format.ParseDict({'name': 'projects/sample1/locations/sample2/operations/sample3'}, request) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = Response() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = Request() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.get_operation(request) - - -@pytest.mark.parametrize("request_type", [ - operations_pb2.GetOperationRequest, - dict, -]) -def test_get_operation_rest(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - request_init = {'name': 'projects/sample1/locations/sample2/operations/sample3'} - request = request_type(**request_init) - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.Operation() - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.get_operation(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, operations_pb2.Operation) - - -def test_list_operations_rest_bad_request(request_type=operations_pb2.ListOperationsRequest): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - request = request_type() - request = json_format.ParseDict({'name': 'projects/sample1/locations/sample2'}, request) - - # Mock the http request call within the method and fake a BadRequest error. - with mock.patch.object(Session, 'request') as req, pytest.raises(core_exceptions.BadRequest): - # Wrap the value into a proper Response obj - response_value = Response() - json_return_value = '' - response_value.json = mock.Mock(return_value={}) - response_value.status_code = 400 - response_value.request = Request() - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - client.list_operations(request) - - -@pytest.mark.parametrize("request_type", [ - operations_pb2.ListOperationsRequest, - dict, -]) -def test_list_operations_rest(request_type): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - request_init = {'name': 'projects/sample1/locations/sample2'} - request = request_type(**request_init) - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, 'request') as req: - # Designate an appropriate value for the returned response. - return_value = operations_pb2.ListOperationsResponse() - - # Wrap the value into a proper Response obj - response_value = mock.Mock() - response_value.status_code = 200 - json_return_value = json_format.MessageToJson(return_value) - response_value.content = json_return_value.encode('UTF-8') - - req.return_value = response_value - req.return_value.headers = {"header-1": "value-1", "header-2": "value-2"} - - response = client.list_operations(request) - - # Establish that the response is the type that we expect. - assert isinstance(response, operations_pb2.ListOperationsResponse) - -def test_initialize_client_w_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - assert client is not None - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_check_onboarding_status_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.check_onboarding_status), - '__call__') as call: - client.check_onboarding_status(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CheckOnboardingStatusRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_list_entitlements_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.list_entitlements), - '__call__') as call: - client.list_entitlements(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ListEntitlementsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_search_entitlements_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.search_entitlements), - '__call__') as call: - client.search_entitlements(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.SearchEntitlementsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_get_entitlement_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.get_entitlement), - '__call__') as call: - client.get_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.GetEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_create_entitlement_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.create_entitlement), - '__call__') as call: - client.create_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CreateEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_delete_entitlement_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.delete_entitlement), - '__call__') as call: - client.delete_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.DeleteEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_update_entitlement_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.update_entitlement), - '__call__') as call: - client.update_entitlement(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.UpdateEntitlementRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_list_grants_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.list_grants), - '__call__') as call: - client.list_grants(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ListGrantsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_search_grants_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.search_grants), - '__call__') as call: - client.search_grants(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.SearchGrantsRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_get_grant_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.get_grant), - '__call__') as call: - client.get_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.GetGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_create_grant_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.create_grant), - '__call__') as call: - client.create_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.CreateGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_approve_grant_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.approve_grant), - '__call__') as call: - client.approve_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.ApproveGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_deny_grant_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.deny_grant), - '__call__') as call: - client.deny_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.DenyGrantRequest() - - assert args[0] == request_msg - - -# This test is a coverage failsafe to make sure that totally empty calls, -# i.e. request == None and no flattened fields passed, work. -def test_revoke_grant_empty_call_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the actual call, and fake the request. - with mock.patch.object( - type(client.transport.revoke_grant), - '__call__') as call: - client.revoke_grant(request=None) - - # Establish that the underlying stub method was called. - call.assert_called() - _, args, _ = call.mock_calls[0] - request_msg = privilegedaccessmanager.RevokeGrantRequest() - - assert args[0] == request_msg - - -def test_privileged_access_manager_rest_lro_client(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - transport = client.transport - - # Ensure that we have an api-core operations client. - assert isinstance( - transport.operations_client, -operations_v1.AbstractOperationsClient, - ) - - # Ensure that subsequent calls to the property send the exact same object. - assert transport.operations_client is transport.operations_client - -def test_transport_grpc_default(): - # A client should use the gRPC transport by default. - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - assert isinstance( - client.transport, - transports.PrivilegedAccessManagerGrpcTransport, - ) - -def test_privileged_access_manager_base_transport_error(): - # Passing both a credentials object and credentials_file should raise an error - with pytest.raises(core_exceptions.DuplicateCredentialArgs): - transport = transports.PrivilegedAccessManagerTransport( - credentials=ga_credentials.AnonymousCredentials(), - credentials_file="credentials.json" - ) - - -def test_privileged_access_manager_base_transport(): - # Instantiate the base transport. - with mock.patch('google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.transports.PrivilegedAccessManagerTransport.__init__') as Transport: - Transport.return_value = None - transport = transports.PrivilegedAccessManagerTransport( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Every method on the transport should just blindly - # raise NotImplementedError. - methods = ( - 'check_onboarding_status', - 'list_entitlements', - 'search_entitlements', - 'get_entitlement', - 'create_entitlement', - 'delete_entitlement', - 'update_entitlement', - 'list_grants', - 'search_grants', - 'get_grant', - 'create_grant', - 'approve_grant', - 'deny_grant', - 'revoke_grant', - 'get_location', - 'list_locations', - 'get_operation', - 'delete_operation', - 'list_operations', - ) - for method in methods: - with pytest.raises(NotImplementedError): - getattr(transport, method)(request=object()) - - with pytest.raises(NotImplementedError): - transport.close() - - # Additionally, the LRO client (a property) should - # also raise NotImplementedError - with pytest.raises(NotImplementedError): - transport.operations_client - - # Catch all for all remaining methods and properties - remainder = [ - 'kind', - ] - for r in remainder: - with pytest.raises(NotImplementedError): - getattr(transport, r)() - - -def test_privileged_access_manager_base_transport_with_credentials_file(): - # Instantiate the base transport with a credentials file - with mock.patch.object(google.auth, 'load_credentials_from_file', autospec=True) as load_creds, mock.patch('google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.transports.PrivilegedAccessManagerTransport._prep_wrapped_messages') as Transport: - Transport.return_value = None - load_creds.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.PrivilegedAccessManagerTransport( - credentials_file="credentials.json", - quota_project_id="octopus", - ) - load_creds.assert_called_once_with("credentials.json", - scopes=None, - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - quota_project_id="octopus", - ) - - -def test_privileged_access_manager_base_transport_with_adc(): - # Test the default credentials are used if credentials and credentials_file are None. - with mock.patch.object(google.auth, 'default', autospec=True) as adc, mock.patch('google.cloud.privilegedaccessmanager_v1.services.privileged_access_manager.transports.PrivilegedAccessManagerTransport._prep_wrapped_messages') as Transport: - Transport.return_value = None - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport = transports.PrivilegedAccessManagerTransport() - adc.assert_called_once() - - -def test_privileged_access_manager_auth_adc(): - # If no credentials are provided, we should use ADC credentials. - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - PrivilegedAccessManagerClient() - adc.assert_called_once_with( - scopes=None, - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - quota_project_id=None, - ) - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.PrivilegedAccessManagerGrpcTransport, - transports.PrivilegedAccessManagerGrpcAsyncIOTransport, - ], -) -def test_privileged_access_manager_transport_auth_adc(transport_class): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - adc.return_value = (ga_credentials.AnonymousCredentials(), None) - transport_class(quota_project_id="octopus", scopes=["1", "2"]) - adc.assert_called_once_with( - scopes=["1", "2"], - default_scopes=( 'https://www.googleapis.com/auth/cloud-platform',), - quota_project_id="octopus", - ) - - -@pytest.mark.parametrize( - "transport_class", - [ - transports.PrivilegedAccessManagerGrpcTransport, - transports.PrivilegedAccessManagerGrpcAsyncIOTransport, - transports.PrivilegedAccessManagerRestTransport, - ], -) -def test_privileged_access_manager_transport_auth_gdch_credentials(transport_class): - host = 'https://language.com' - api_audience_tests = [None, 'https://language2.com'] - api_audience_expect = [host, 'https://language2.com'] - for t, e in zip(api_audience_tests, api_audience_expect): - with mock.patch.object(google.auth, 'default', autospec=True) as adc: - gdch_mock = mock.MagicMock() - type(gdch_mock).with_gdch_audience = mock.PropertyMock(return_value=gdch_mock) - adc.return_value = (gdch_mock, None) - transport_class(host=host, api_audience=t) - gdch_mock.with_gdch_audience.assert_called_once_with( - e - ) - - -@pytest.mark.parametrize( - "transport_class,grpc_helpers", - [ - (transports.PrivilegedAccessManagerGrpcTransport, grpc_helpers), - (transports.PrivilegedAccessManagerGrpcAsyncIOTransport, grpc_helpers_async) - ], -) -def test_privileged_access_manager_transport_create_channel(transport_class, grpc_helpers): - # If credentials and host are not provided, the transport class should use - # ADC credentials. - with mock.patch.object(google.auth, "default", autospec=True) as adc, mock.patch.object( - grpc_helpers, "create_channel", autospec=True - ) as create_channel: - creds = ga_credentials.AnonymousCredentials() - adc.return_value = (creds, None) - transport_class( - quota_project_id="octopus", - scopes=["1", "2"] - ) - - create_channel.assert_called_with( - "privilegedaccessmanager.googleapis.com:443", - credentials=creds, - credentials_file=None, - quota_project_id="octopus", - default_scopes=( - 'https://www.googleapis.com/auth/cloud-platform', -), - scopes=["1", "2"], - default_host="privilegedaccessmanager.googleapis.com", - ssl_credentials=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - -@pytest.mark.parametrize("transport_class", [transports.PrivilegedAccessManagerGrpcTransport, transports.PrivilegedAccessManagerGrpcAsyncIOTransport]) -def test_privileged_access_manager_grpc_transport_client_cert_source_for_mtls( - transport_class -): - cred = ga_credentials.AnonymousCredentials() - - # Check ssl_channel_credentials is used if provided. - with mock.patch.object(transport_class, "create_channel") as mock_create_channel: - mock_ssl_channel_creds = mock.Mock() - transport_class( - host="squid.clam.whelk", - credentials=cred, - ssl_channel_credentials=mock_ssl_channel_creds - ) - mock_create_channel.assert_called_once_with( - "squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_channel_creds, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - - # Check if ssl_channel_credentials is not provided, then client_cert_source_for_mtls - # is used. - with mock.patch.object(transport_class, "create_channel", return_value=mock.Mock()): - with mock.patch("grpc.ssl_channel_credentials") as mock_ssl_cred: - transport_class( - credentials=cred, - client_cert_source_for_mtls=client_cert_source_callback - ) - expected_cert, expected_key = client_cert_source_callback() - mock_ssl_cred.assert_called_once_with( - certificate_chain=expected_cert, - private_key=expected_key - ) - -def test_privileged_access_manager_http_transport_client_cert_source_for_mtls(): - cred = ga_credentials.AnonymousCredentials() - with mock.patch("google.auth.transport.requests.AuthorizedSession.configure_mtls_channel") as mock_configure_mtls_channel: - transports.PrivilegedAccessManagerRestTransport ( - credentials=cred, - client_cert_source_for_mtls=client_cert_source_callback - ) - mock_configure_mtls_channel.assert_called_once_with(client_cert_source_callback) - - -@pytest.mark.parametrize("transport_name", [ - "grpc", - "grpc_asyncio", - "rest", -]) -def test_privileged_access_manager_host_no_port(transport_name): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions(api_endpoint='privilegedaccessmanager.googleapis.com'), - transport=transport_name, - ) - assert client.transport._host == ( - 'privilegedaccessmanager.googleapis.com:443' - if transport_name in ['grpc', 'grpc_asyncio'] - else 'https://privilegedaccessmanager.googleapis.com' - ) - -@pytest.mark.parametrize("transport_name", [ - "grpc", - "grpc_asyncio", - "rest", -]) -def test_privileged_access_manager_host_with_port(transport_name): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - client_options=client_options.ClientOptions(api_endpoint='privilegedaccessmanager.googleapis.com:8000'), - transport=transport_name, - ) - assert client.transport._host == ( - 'privilegedaccessmanager.googleapis.com:8000' - if transport_name in ['grpc', 'grpc_asyncio'] - else 'https://privilegedaccessmanager.googleapis.com:8000' - ) - -@pytest.mark.parametrize("transport_name", [ - "rest", -]) -def test_privileged_access_manager_client_transport_session_collision(transport_name): - creds1 = ga_credentials.AnonymousCredentials() - creds2 = ga_credentials.AnonymousCredentials() - client1 = PrivilegedAccessManagerClient( - credentials=creds1, - transport=transport_name, - ) - client2 = PrivilegedAccessManagerClient( - credentials=creds2, - transport=transport_name, - ) - session1 = client1.transport.check_onboarding_status._session - session2 = client2.transport.check_onboarding_status._session - assert session1 != session2 - session1 = client1.transport.list_entitlements._session - session2 = client2.transport.list_entitlements._session - assert session1 != session2 - session1 = client1.transport.search_entitlements._session - session2 = client2.transport.search_entitlements._session - assert session1 != session2 - session1 = client1.transport.get_entitlement._session - session2 = client2.transport.get_entitlement._session - assert session1 != session2 - session1 = client1.transport.create_entitlement._session - session2 = client2.transport.create_entitlement._session - assert session1 != session2 - session1 = client1.transport.delete_entitlement._session - session2 = client2.transport.delete_entitlement._session - assert session1 != session2 - session1 = client1.transport.update_entitlement._session - session2 = client2.transport.update_entitlement._session - assert session1 != session2 - session1 = client1.transport.list_grants._session - session2 = client2.transport.list_grants._session - assert session1 != session2 - session1 = client1.transport.search_grants._session - session2 = client2.transport.search_grants._session - assert session1 != session2 - session1 = client1.transport.get_grant._session - session2 = client2.transport.get_grant._session - assert session1 != session2 - session1 = client1.transport.create_grant._session - session2 = client2.transport.create_grant._session - assert session1 != session2 - session1 = client1.transport.approve_grant._session - session2 = client2.transport.approve_grant._session - assert session1 != session2 - session1 = client1.transport.deny_grant._session - session2 = client2.transport.deny_grant._session - assert session1 != session2 - session1 = client1.transport.revoke_grant._session - session2 = client2.transport.revoke_grant._session - assert session1 != session2 -def test_privileged_access_manager_grpc_transport_channel(): - channel = grpc.secure_channel('http://localhost/', grpc.local_channel_credentials()) - - # Check that channel is used if provided. - transport = transports.PrivilegedAccessManagerGrpcTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None - - -def test_privileged_access_manager_grpc_asyncio_transport_channel(): - channel = aio.secure_channel('http://localhost/', grpc.local_channel_credentials()) - - # Check that channel is used if provided. - transport = transports.PrivilegedAccessManagerGrpcAsyncIOTransport( - host="squid.clam.whelk", - channel=channel, - ) - assert transport.grpc_channel == channel - assert transport._host == "squid.clam.whelk:443" - assert transport._ssl_channel_credentials == None - - -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize("transport_class", [transports.PrivilegedAccessManagerGrpcTransport, transports.PrivilegedAccessManagerGrpcAsyncIOTransport]) -def test_privileged_access_manager_transport_channel_mtls_with_client_cert_source( - transport_class -): - with mock.patch("grpc.ssl_channel_credentials", autospec=True) as grpc_ssl_channel_cred: - with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: - mock_ssl_cred = mock.Mock() - grpc_ssl_channel_cred.return_value = mock_ssl_cred - - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - - cred = ga_credentials.AnonymousCredentials() - with pytest.warns(DeprecationWarning): - with mock.patch.object(google.auth, 'default') as adc: - adc.return_value = (cred, None) - transport = transport_class( - host="squid.clam.whelk", - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=client_cert_source_callback, - ) - adc.assert_called_once() - - grpc_ssl_channel_cred.assert_called_once_with( - certificate_chain=b"cert bytes", private_key=b"key bytes" - ) - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - assert transport._ssl_channel_credentials == mock_ssl_cred - - -# Remove this test when deprecated arguments (api_mtls_endpoint, client_cert_source) are -# removed from grpc/grpc_asyncio transport constructor. -@pytest.mark.parametrize("transport_class", [transports.PrivilegedAccessManagerGrpcTransport, transports.PrivilegedAccessManagerGrpcAsyncIOTransport]) -def test_privileged_access_manager_transport_channel_mtls_with_adc( - transport_class -): - mock_ssl_cred = mock.Mock() - with mock.patch.multiple( - "google.auth.transport.grpc.SslCredentials", - __init__=mock.Mock(return_value=None), - ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), - ): - with mock.patch.object(transport_class, "create_channel") as grpc_create_channel: - mock_grpc_channel = mock.Mock() - grpc_create_channel.return_value = mock_grpc_channel - mock_cred = mock.Mock() - - with pytest.warns(DeprecationWarning): - transport = transport_class( - host="squid.clam.whelk", - credentials=mock_cred, - api_mtls_endpoint="mtls.squid.clam.whelk", - client_cert_source=None, - ) - - grpc_create_channel.assert_called_once_with( - "mtls.squid.clam.whelk:443", - credentials=mock_cred, - credentials_file=None, - scopes=None, - ssl_credentials=mock_ssl_cred, - quota_project_id=None, - options=[ - ("grpc.max_send_message_length", -1), - ("grpc.max_receive_message_length", -1), - ], - ) - assert transport.grpc_channel == mock_grpc_channel - - -def test_privileged_access_manager_grpc_lro_client(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc', - ) - transport = client.transport - - # Ensure that we have a api-core operations client. - assert isinstance( - transport.operations_client, - operations_v1.OperationsClient, - ) - - # Ensure that subsequent calls to the property send the exact same object. - assert transport.operations_client is transport.operations_client - - -def test_privileged_access_manager_grpc_lro_async_client(): - client = PrivilegedAccessManagerAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - transport='grpc_asyncio', - ) - transport = client.transport - - # Ensure that we have a api-core operations client. - assert isinstance( - transport.operations_client, - operations_v1.OperationsAsyncClient, - ) - - # Ensure that subsequent calls to the property send the exact same object. - assert transport.operations_client is transport.operations_client - - -def test_entitlement_path(): - project = "squid" - location = "clam" - entitlement = "whelk" - expected = "projects/{project}/locations/{location}/entitlements/{entitlement}".format(project=project, location=location, entitlement=entitlement, ) - actual = PrivilegedAccessManagerClient.entitlement_path(project, location, entitlement) - assert expected == actual - - -def test_parse_entitlement_path(): - expected = { - "project": "octopus", - "location": "oyster", - "entitlement": "nudibranch", - } - path = PrivilegedAccessManagerClient.entitlement_path(**expected) - - # Check that the path construction is reversible. - actual = PrivilegedAccessManagerClient.parse_entitlement_path(path) - assert expected == actual - -def test_grant_path(): - project = "cuttlefish" - location = "mussel" - entitlement = "winkle" - grant = "nautilus" - expected = "projects/{project}/locations/{location}/entitlements/{entitlement}/grants/{grant}".format(project=project, location=location, entitlement=entitlement, grant=grant, ) - actual = PrivilegedAccessManagerClient.grant_path(project, location, entitlement, grant) - assert expected == actual - - -def test_parse_grant_path(): - expected = { - "project": "scallop", - "location": "abalone", - "entitlement": "squid", - "grant": "clam", - } - path = PrivilegedAccessManagerClient.grant_path(**expected) - - # Check that the path construction is reversible. - actual = PrivilegedAccessManagerClient.parse_grant_path(path) - assert expected == actual - -def test_common_billing_account_path(): - billing_account = "whelk" - expected = "billingAccounts/{billing_account}".format(billing_account=billing_account, ) - actual = PrivilegedAccessManagerClient.common_billing_account_path(billing_account) - assert expected == actual - - -def test_parse_common_billing_account_path(): - expected = { - "billing_account": "octopus", - } - path = PrivilegedAccessManagerClient.common_billing_account_path(**expected) - - # Check that the path construction is reversible. - actual = PrivilegedAccessManagerClient.parse_common_billing_account_path(path) - assert expected == actual - -def test_common_folder_path(): - folder = "oyster" - expected = "folders/{folder}".format(folder=folder, ) - actual = PrivilegedAccessManagerClient.common_folder_path(folder) - assert expected == actual - - -def test_parse_common_folder_path(): - expected = { - "folder": "nudibranch", - } - path = PrivilegedAccessManagerClient.common_folder_path(**expected) - - # Check that the path construction is reversible. - actual = PrivilegedAccessManagerClient.parse_common_folder_path(path) - assert expected == actual - -def test_common_organization_path(): - organization = "cuttlefish" - expected = "organizations/{organization}".format(organization=organization, ) - actual = PrivilegedAccessManagerClient.common_organization_path(organization) - assert expected == actual - - -def test_parse_common_organization_path(): - expected = { - "organization": "mussel", - } - path = PrivilegedAccessManagerClient.common_organization_path(**expected) - - # Check that the path construction is reversible. - actual = PrivilegedAccessManagerClient.parse_common_organization_path(path) - assert expected == actual - -def test_common_project_path(): - project = "winkle" - expected = "projects/{project}".format(project=project, ) - actual = PrivilegedAccessManagerClient.common_project_path(project) - assert expected == actual - - -def test_parse_common_project_path(): - expected = { - "project": "nautilus", - } - path = PrivilegedAccessManagerClient.common_project_path(**expected) - - # Check that the path construction is reversible. - actual = PrivilegedAccessManagerClient.parse_common_project_path(path) - assert expected == actual - -def test_common_location_path(): - project = "scallop" - location = "abalone" - expected = "projects/{project}/locations/{location}".format(project=project, location=location, ) - actual = PrivilegedAccessManagerClient.common_location_path(project, location) - assert expected == actual - - -def test_parse_common_location_path(): - expected = { - "project": "squid", - "location": "clam", - } - path = PrivilegedAccessManagerClient.common_location_path(**expected) - - # Check that the path construction is reversible. - actual = PrivilegedAccessManagerClient.parse_common_location_path(path) - assert expected == actual - - -def test_client_with_default_client_info(): - client_info = gapic_v1.client_info.ClientInfo() - - with mock.patch.object(transports.PrivilegedAccessManagerTransport, '_prep_wrapped_messages') as prep: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) - - with mock.patch.object(transports.PrivilegedAccessManagerTransport, '_prep_wrapped_messages') as prep: - transport_class = PrivilegedAccessManagerClient.get_transport_class() - transport = transport_class( - credentials=ga_credentials.AnonymousCredentials(), - client_info=client_info, - ) - prep.assert_called_once_with(client_info) - - -def test_delete_operation(transport: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = operations_pb2.DeleteOperationRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = None - response = client.delete_operation(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert response is None -@pytest.mark.asyncio -async def test_delete_operation_async(transport: str = "grpc_asyncio"): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = operations_pb2.DeleteOperationRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - None - ) - response = await client.delete_operation(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert response is None - -def test_delete_operation_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = operations_pb2.DeleteOperationRequest() - request.name = "locations" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: - call.return_value = None - - client.delete_operation(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations",) in kw["metadata"] -@pytest.mark.asyncio -async def test_delete_operation_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = operations_pb2.DeleteOperationRequest() - request.name = "locations" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - None - ) - await client.delete_operation(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations",) in kw["metadata"] - -def test_delete_operation_from_dict(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = None - - response = client.delete_operation( - request={ - "name": "locations", - } - ) - call.assert_called() -@pytest.mark.asyncio -async def test_delete_operation_from_dict_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.delete_operation), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - None - ) - response = await client.delete_operation( - request={ - "name": "locations", - } - ) - call.assert_called() - - -def test_get_operation(transport: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = operations_pb2.GetOperationRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_operation), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation() - response = client.get_operation(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, operations_pb2.Operation) -@pytest.mark.asyncio -async def test_get_operation_async(transport: str = "grpc_asyncio"): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = operations_pb2.GetOperationRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_operation), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation() - ) - response = await client.get_operation(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, operations_pb2.Operation) - -def test_get_operation_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = operations_pb2.GetOperationRequest() - request.name = "locations" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_operation), "__call__") as call: - call.return_value = operations_pb2.Operation() - - client.get_operation(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations",) in kw["metadata"] -@pytest.mark.asyncio -async def test_get_operation_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = operations_pb2.GetOperationRequest() - request.name = "locations" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_operation), "__call__") as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation() - ) - await client.get_operation(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations",) in kw["metadata"] - -def test_get_operation_from_dict(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_operation), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.Operation() - - response = client.get_operation( - request={ - "name": "locations", - } - ) - call.assert_called() -@pytest.mark.asyncio -async def test_get_operation_from_dict_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_operation), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.Operation() - ) - response = await client.get_operation( - request={ - "name": "locations", - } - ) - call.assert_called() - - -def test_list_operations(transport: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = operations_pb2.ListOperationsRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_operations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.ListOperationsResponse() - response = client.list_operations(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, operations_pb2.ListOperationsResponse) -@pytest.mark.asyncio -async def test_list_operations_async(transport: str = "grpc_asyncio"): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = operations_pb2.ListOperationsRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_operations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.ListOperationsResponse() - ) - response = await client.list_operations(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, operations_pb2.ListOperationsResponse) - -def test_list_operations_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = operations_pb2.ListOperationsRequest() - request.name = "locations" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_operations), "__call__") as call: - call.return_value = operations_pb2.ListOperationsResponse() - - client.list_operations(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations",) in kw["metadata"] -@pytest.mark.asyncio -async def test_list_operations_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = operations_pb2.ListOperationsRequest() - request.name = "locations" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_operations), "__call__") as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.ListOperationsResponse() - ) - await client.list_operations(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations",) in kw["metadata"] - -def test_list_operations_from_dict(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_operations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = operations_pb2.ListOperationsResponse() - - response = client.list_operations( - request={ - "name": "locations", - } - ) - call.assert_called() -@pytest.mark.asyncio -async def test_list_operations_from_dict_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_operations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - operations_pb2.ListOperationsResponse() - ) - response = await client.list_operations( - request={ - "name": "locations", - } - ) - call.assert_called() - - -def test_list_locations(transport: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = locations_pb2.ListLocationsRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_locations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = locations_pb2.ListLocationsResponse() - response = client.list_locations(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, locations_pb2.ListLocationsResponse) -@pytest.mark.asyncio -async def test_list_locations_async(transport: str = "grpc_asyncio"): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = locations_pb2.ListLocationsRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_locations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - locations_pb2.ListLocationsResponse() - ) - response = await client.list_locations(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, locations_pb2.ListLocationsResponse) - -def test_list_locations_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = locations_pb2.ListLocationsRequest() - request.name = "locations" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_locations), "__call__") as call: - call.return_value = locations_pb2.ListLocationsResponse() - - client.list_locations(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations",) in kw["metadata"] -@pytest.mark.asyncio -async def test_list_locations_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = locations_pb2.ListLocationsRequest() - request.name = "locations" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_locations), "__call__") as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - locations_pb2.ListLocationsResponse() - ) - await client.list_locations(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations",) in kw["metadata"] - -def test_list_locations_from_dict(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_locations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = locations_pb2.ListLocationsResponse() - - response = client.list_locations( - request={ - "name": "locations", - } - ) - call.assert_called() -@pytest.mark.asyncio -async def test_list_locations_from_dict_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_locations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - locations_pb2.ListLocationsResponse() - ) - response = await client.list_locations( - request={ - "name": "locations", - } - ) - call.assert_called() - - -def test_get_location(transport: str = "grpc"): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = locations_pb2.GetLocationRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_location), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = locations_pb2.Location() - response = client.get_location(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, locations_pb2.Location) -@pytest.mark.asyncio -async def test_get_location_async(transport: str = "grpc_asyncio"): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = locations_pb2.GetLocationRequest() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_location), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - locations_pb2.Location() - ) - response = await client.get_location(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the response is the type that we expect. - assert isinstance(response, locations_pb2.Location) - -def test_get_location_field_headers(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials()) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = locations_pb2.GetLocationRequest() - request.name = "locations/abc" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_location), "__call__") as call: - call.return_value = locations_pb2.Location() - - client.get_location(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations/abc",) in kw["metadata"] -@pytest.mark.asyncio -async def test_get_location_field_headers_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials() - ) - - # Any value that is part of the HTTP/1.1 URI should be sent as - # a field header. Set these to a non-empty value. - request = locations_pb2.GetLocationRequest() - request.name = "locations/abc" - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.get_location), "__call__") as call: - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - locations_pb2.Location() - ) - await client.get_location(request) - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == request - - # Establish that the field header was sent. - _, _, kw = call.mock_calls[0] - assert ("x-goog-request-params", "name=locations/abc",) in kw["metadata"] - -def test_get_location_from_dict(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_locations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = locations_pb2.Location() - - response = client.get_location( - request={ - "name": "locations/abc", - } - ) - call.assert_called() -@pytest.mark.asyncio -async def test_get_location_from_dict_async(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - ) - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.list_locations), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - locations_pb2.Location() - ) - response = await client.get_location( - request={ - "name": "locations", - } - ) - call.assert_called() - - -def test_transport_close_grpc(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc" - ) - with mock.patch.object(type(getattr(client.transport, "_grpc_channel")), "close") as close: - with client: - close.assert_not_called() - close.assert_called_once() - - -@pytest.mark.asyncio -async def test_transport_close_grpc_asyncio(): - client = PrivilegedAccessManagerAsyncClient( - credentials=async_anonymous_credentials(), - transport="grpc_asyncio" - ) - with mock.patch.object(type(getattr(client.transport, "_grpc_channel")), "close") as close: - async with client: - close.assert_not_called() - close.assert_called_once() - - -def test_transport_close_rest(): - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest" - ) - with mock.patch.object(type(getattr(client.transport, "_session")), "close") as close: - with client: - close.assert_not_called() - close.assert_called_once() - - -def test_client_ctx(): - transports = [ - 'rest', - 'grpc', - ] - for transport in transports: - client = PrivilegedAccessManagerClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport - ) - # Test client calls underlying transport. - with mock.patch.object(type(client.transport), "close") as close: - close.assert_not_called() - with client: - pass - close.assert_called() - -@pytest.mark.parametrize("client_class,transport_class", [ - (PrivilegedAccessManagerClient, transports.PrivilegedAccessManagerGrpcTransport), - (PrivilegedAccessManagerAsyncClient, transports.PrivilegedAccessManagerGrpcAsyncIOTransport), -]) -def test_api_key_credentials(client_class, transport_class): - with mock.patch.object( - google.auth._default, "get_api_key_credentials", create=True - ) as get_api_key_credentials: - mock_cred = mock.Mock() - get_api_key_credentials.return_value = mock_cred - options = client_options.ClientOptions() - options.api_key = "api_key" - with mock.patch.object(transport_class, "__init__") as patched: - patched.return_value = None - client = client_class(client_options=options) - patched.assert_called_once_with( - credentials=mock_cred, - credentials_file=None, - host=client._DEFAULT_ENDPOINT_TEMPLATE.format(UNIVERSE_DOMAIN=client._DEFAULT_UNIVERSE), - scopes=None, - client_cert_source_for_mtls=None, - quota_project_id=None, - client_info=transports.base.DEFAULT_CLIENT_INFO, - always_use_jwt_access=True, - api_audience=None, - ) diff --git a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager/gapic_version.py b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager/gapic_version.py index 9a1da44d2468..20a9cd975b02 100644 --- a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager/gapic_version.py +++ b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager/gapic_version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -__version__ = "0.1.8" # {x-release-please-version} +__version__ = "0.0.0" # {x-release-please-version} diff --git a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/gapic_version.py b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/gapic_version.py index 9a1da44d2468..20a9cd975b02 100644 --- a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/gapic_version.py +++ b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/gapic_version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -__version__ = "0.1.8" # {x-release-please-version} +__version__ = "0.0.0" # {x-release-please-version} diff --git a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py index fa838ec2f56c..5b3bea22a544 100644 --- a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py +++ b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/async_client.py @@ -28,6 +28,7 @@ Type, Union, ) +import uuid from google.api_core import exceptions as core_exceptions from google.api_core import gapic_v1 diff --git a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py index 3b7b347afc47..9feea7529b73 100644 --- a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py +++ b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/services/privileged_access_manager/client.py @@ -32,6 +32,7 @@ Union, cast, ) +import uuid import warnings from google.api_core import client_options as client_options_lib diff --git a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py index bb52d31aa17d..db8a73c1fc32 100644 --- a/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py +++ b/packages/google-cloud-privilegedaccessmanager/google/cloud/privilegedaccessmanager_v1/types/privilegedaccessmanager.py @@ -967,6 +967,11 @@ class State(proto.Enum): ENDED (11): System took back access as the requested duration was over. This is a terminal state. + WITHDRAWING (12): + Access is being withdrawn. + WITHDRAWN (13): + Grant was withdrawn by the grant owner. This + is a terminal state. """ STATE_UNSPECIFIED = 0 APPROVAL_AWAITED = 1 @@ -979,6 +984,8 @@ class State(proto.Enum): REVOKING = 9 REVOKED = 10 ENDED = 11 + WITHDRAWING = 12 + WITHDRAWN = 13 class Timeline(proto.Message): r"""Timeline of a grant describing what happened to it and when. @@ -1046,6 +1053,10 @@ class Event(proto.Message): The policy bindings made by grant have been modified outside of PAM. + This field is a member of `oneof`_ ``event``. + withdrawn (google.cloud.privilegedaccessmanager_v1.types.Grant.Timeline.Event.Withdrawn): + The grant was withdrawn. + This field is a member of `oneof`_ ``event``. event_time (google.protobuf.timestamp_pb2.Timestamp): Output only. The time (as recorded at server) @@ -1131,6 +1142,9 @@ class Revoked(proto.Message): number=2, ) + class Withdrawn(proto.Message): + r"""An event representing that the grant was withdrawn.""" + class Scheduled(proto.Message): r"""An event representing that the grant has been scheduled to be activated later. @@ -1242,6 +1256,12 @@ class ExternallyModified(proto.Message): message="Grant.Timeline.Event.ExternallyModified", ) ) + withdrawn: "Grant.Timeline.Event.Withdrawn" = proto.Field( + proto.MESSAGE, + number=13, + oneof="event", + message="Grant.Timeline.Event.Withdrawn", + ) event_time: timestamp_pb2.Timestamp = proto.Field( proto.MESSAGE, number=1, diff --git a/packages/google-cloud-privilegedaccessmanager/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json b/packages/google-cloud-privilegedaccessmanager/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json index ee7cd6a77013..ec4443c5cbc9 100644 --- a/packages/google-cloud-privilegedaccessmanager/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json +++ b/packages/google-cloud-privilegedaccessmanager/samples/generated_samples/snippet_metadata_google.cloud.privilegedaccessmanager.v1.json @@ -8,7 +8,7 @@ ], "language": "PYTHON", "name": "google-cloud-privilegedaccessmanager", - "version": "0.1.8" + "version": "0.1.0" }, "snippets": [ { diff --git a/packages/google-cloud-privilegedaccessmanager/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py b/packages/google-cloud-privilegedaccessmanager/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py index 85e3ebd6f2b0..0dd26a0ce25c 100644 --- a/packages/google-cloud-privilegedaccessmanager/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py +++ b/packages/google-cloud-privilegedaccessmanager/tests/unit/gapic/privilegedaccessmanager_v1/test_privileged_access_manager.py @@ -14,6 +14,7 @@ # limitations under the License. # import os +import re # try/except added for compatibility with python < 3.8 try: @@ -11371,6 +11372,7 @@ def test_create_grant_rest_call_success(request_type): "expired": {}, "ended": {}, "externally_modified": {}, + "withdrawn": {}, "event_time": {}, } ]