1"""Generated message classes for secretmanager version v1. 2 3Stores sensitive data such as API keys, passwords, and certificates. Provides 4convenience while improving security. 5""" 6# NOTE: This file is autogenerated and should not be edited by hand. 7 8from __future__ import absolute_import 9 10from apitools.base.protorpclite import messages as _messages 11from apitools.base.py import encoding 12from apitools.base.py import extra_types 13 14 15package = 'secretmanager' 16 17 18class AccessSecretVersionResponse(_messages.Message): 19 r"""Response message for SecretManagerService.AccessSecretVersion. 20 21 Fields: 22 name: The resource name of the SecretVersion in the format 23 `projects/*/secrets/*/versions/*`. 24 payload: Secret payload 25 """ 26 27 name = _messages.StringField(1) 28 payload = _messages.MessageField('SecretPayload', 2) 29 30 31class AddSecretVersionRequest(_messages.Message): 32 r"""Request message for SecretManagerService.AddSecretVersion. 33 34 Fields: 35 payload: Required. The secret payload of the SecretVersion. 36 """ 37 38 payload = _messages.MessageField('SecretPayload', 1) 39 40 41class AuditConfig(_messages.Message): 42 r"""Specifies the audit configuration for a service. The configuration 43 determines which permission types are logged, and what identities, if any, 44 are exempted from logging. An AuditConfig must have one or more 45 AuditLogConfigs. If there are AuditConfigs for both `allServices` and a 46 specific service, the union of the two AuditConfigs is used for that 47 service: the log_types specified in each AuditConfig are enabled, and the 48 exempted_members in each AuditLogConfig are exempted. Example Policy with 49 multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", 50 "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ 51 "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": 52 "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", 53 "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": 54 "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For 55 sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 56 logging. It also exempts jose@example.com from DATA_READ logging, and 57 aliya@example.com from DATA_WRITE logging. 58 59 Fields: 60 auditLogConfigs: The configuration for logging of each type of permission. 61 service: Specifies a service that will be enabled for audit logging. For 62 example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 63 `allServices` is a special value that covers all services. 64 """ 65 66 auditLogConfigs = _messages.MessageField('AuditLogConfig', 1, repeated=True) 67 service = _messages.StringField(2) 68 69 70class AuditLogConfig(_messages.Message): 71 r"""Provides the configuration for logging a type of permissions. Example: { 72 "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ 73 "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 74 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from 75 DATA_READ logging. 76 77 Enums: 78 LogTypeValueValuesEnum: The log type that this config enables. 79 80 Fields: 81 exemptedMembers: Specifies the identities that do not cause logging for 82 this type of permission. Follows the same format of Binding.members. 83 logType: The log type that this config enables. 84 """ 85 86 class LogTypeValueValuesEnum(_messages.Enum): 87 r"""The log type that this config enables. 88 89 Values: 90 LOG_TYPE_UNSPECIFIED: Default case. Should never be this. 91 ADMIN_READ: Admin reads. Example: CloudIAM getIamPolicy 92 DATA_WRITE: Data writes. Example: CloudSQL Users create 93 DATA_READ: Data reads. Example: CloudSQL Users list 94 """ 95 LOG_TYPE_UNSPECIFIED = 0 96 ADMIN_READ = 1 97 DATA_WRITE = 2 98 DATA_READ = 3 99 100 exemptedMembers = _messages.StringField(1, repeated=True) 101 logType = _messages.EnumField('LogTypeValueValuesEnum', 2) 102 103 104class Automatic(_messages.Message): 105 r"""A replication policy that replicates the Secret payload without any 106 restrictions. 107 108 Fields: 109 customerManagedEncryption: Optional. The customer-managed encryption 110 configuration of the Secret. If no configuration is provided, Google- 111 managed default encryption is used. Updates to the Secret encryption 112 configuration only apply to SecretVersions added afterwards. They do not 113 apply retroactively to existing SecretVersions. 114 """ 115 116 customerManagedEncryption = _messages.MessageField('CustomerManagedEncryption', 1) 117 118 119class AutomaticStatus(_messages.Message): 120 r"""The replication status of a SecretVersion using automatic replication. 121 Only populated if the parent Secret has an automatic replication policy. 122 123 Fields: 124 customerManagedEncryption: Output only. The customer-managed encryption 125 status of the SecretVersion. Only populated if customer-managed 126 encryption is used. 127 """ 128 129 customerManagedEncryption = _messages.MessageField('CustomerManagedEncryptionStatus', 1) 130 131 132class Binding(_messages.Message): 133 r"""Associates `members` with a `role`. 134 135 Fields: 136 condition: The condition that is associated with this binding. If the 137 condition evaluates to `true`, then this binding applies to the current 138 request. If the condition evaluates to `false`, then this binding does 139 not apply to the current request. However, a different role binding 140 might grant the same role to one or more of the members in this binding. 141 To learn which resources support conditions in their IAM policies, see 142 the [IAM 143 documentation](https://cloud.google.com/iam/help/conditions/resource- 144 policies). 145 members: Specifies the identities requesting access for a Cloud Platform 146 resource. `members` can have the following values: * `allUsers`: A 147 special identifier that represents anyone who is on the internet; with 148 or without a Google account. * `allAuthenticatedUsers`: A special 149 identifier that represents anyone who is authenticated with a Google 150 account or a service account. * `user:{emailid}`: An email address that 151 represents a specific Google account. For example, `alice@example.com` . 152 * `serviceAccount:{emailid}`: An email address that represents a service 153 account. For example, `my-other-app@appspot.gserviceaccount.com`. * 154 `group:{emailid}`: An email address that represents a Google group. For 155 example, `admins@example.com`. * 156 `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique 157 identifier) representing a user that has been recently deleted. For 158 example, `alice@example.com?uid=123456789012345678901`. If the user is 159 recovered, this value reverts to `user:{emailid}` and the recovered user 160 retains the role in the binding. * 161 `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address 162 (plus unique identifier) representing a service account that has been 163 recently deleted. For example, `my-other- 164 app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the 165 service account is undeleted, this value reverts to 166 `serviceAccount:{emailid}` and the undeleted service account retains the 167 role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An 168 email address (plus unique identifier) representing a Google group that 169 has been recently deleted. For example, 170 `admins@example.com?uid=123456789012345678901`. If the group is 171 recovered, this value reverts to `group:{emailid}` and the recovered 172 group retains the role in the binding. * `domain:{domain}`: The G Suite 173 domain (primary) that represents all the users of that domain. For 174 example, `google.com` or `example.com`. 175 role: Role that is assigned to `members`. For example, `roles/viewer`, 176 `roles/editor`, or `roles/owner`. 177 """ 178 179 condition = _messages.MessageField('Expr', 1) 180 members = _messages.StringField(2, repeated=True) 181 role = _messages.StringField(3) 182 183 184class CustomerManagedEncryption(_messages.Message): 185 r"""Configuration for encrypting secret payloads using customer-managed 186 encryption keys (CMEK). 187 188 Fields: 189 kmsKeyName: Required. The resource name of the Cloud KMS CryptoKey used to 190 encrypt secret payloads. For secrets using the UserManaged replication 191 policy type, Cloud KMS CryptoKeys must reside in the same location as 192 the replica location. For secrets using the Automatic replication policy 193 type, Cloud KMS CryptoKeys must reside in `global`. The expected format 194 is `projects/*/locations/*/keyRings/*/cryptoKeys/*`. 195 """ 196 197 kmsKeyName = _messages.StringField(1) 198 199 200class CustomerManagedEncryptionStatus(_messages.Message): 201 r"""Describes the status of customer-managed encryption. 202 203 Fields: 204 kmsKeyVersionName: Required. The resource name of the Cloud KMS 205 CryptoKeyVersion used to encrypt the secret payload, in the following 206 format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`. 207 """ 208 209 kmsKeyVersionName = _messages.StringField(1) 210 211 212class DestroySecretVersionRequest(_messages.Message): 213 r"""Request message for SecretManagerService.DestroySecretVersion.""" 214 215 216class DisableSecretVersionRequest(_messages.Message): 217 r"""Request message for SecretManagerService.DisableSecretVersion.""" 218 219 220class Empty(_messages.Message): 221 r"""A generic empty message that you can re-use to avoid defining duplicated 222 empty messages in your APIs. A typical example is to use it as the request 223 or the response type of an API method. For instance: service Foo { rpc 224 Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON 225 representation for `Empty` is empty JSON object `{}`. 226 """ 227 228 229 230class EnableSecretVersionRequest(_messages.Message): 231 r"""Request message for SecretManagerService.EnableSecretVersion.""" 232 233 234class Expr(_messages.Message): 235 r"""Represents a textual expression in the Common Expression Language (CEL) 236 syntax. CEL is a C-like expression language. The syntax and semantics of CEL 237 are documented at https://github.com/google/cel-spec. Example (Comparison): 238 title: "Summary size limit" description: "Determines if a summary is less 239 than 100 chars" expression: "document.summary.size() < 100" Example 240 (Equality): title: "Requestor is owner" description: "Determines if 241 requestor is the document owner" expression: "document.owner == 242 request.auth.claims.email" Example (Logic): title: "Public documents" 243 description: "Determine whether the document should be publicly visible" 244 expression: "document.type != 'private' && document.type != 'internal'" 245 Example (Data Manipulation): title: "Notification string" description: 246 "Create a notification string with a timestamp." expression: "'New message 247 received at ' + string(document.create_time)" The exact variables and 248 functions that may be referenced within an expression are determined by the 249 service that evaluates it. See the service documentation for additional 250 information. 251 252 Fields: 253 description: Optional. Description of the expression. This is a longer 254 text which describes the expression, e.g. when hovered over it in a UI. 255 expression: Textual representation of an expression in Common Expression 256 Language syntax. 257 location: Optional. String indicating the location of the expression for 258 error reporting, e.g. a file name and a position in the file. 259 title: Optional. Title for the expression, i.e. a short string describing 260 its purpose. This can be used e.g. in UIs which allow to enter the 261 expression. 262 """ 263 264 description = _messages.StringField(1) 265 expression = _messages.StringField(2) 266 location = _messages.StringField(3) 267 title = _messages.StringField(4) 268 269 270class ListLocationsResponse(_messages.Message): 271 r"""The response message for Locations.ListLocations. 272 273 Fields: 274 locations: A list of locations that matches the specified filter in the 275 request. 276 nextPageToken: The standard List next-page token. 277 """ 278 279 locations = _messages.MessageField('Location', 1, repeated=True) 280 nextPageToken = _messages.StringField(2) 281 282 283class ListSecretVersionsResponse(_messages.Message): 284 r"""Response message for SecretManagerService.ListSecretVersions. 285 286 Fields: 287 nextPageToken: A token to retrieve the next page of results. Pass this 288 value in ListSecretVersionsRequest.page_token to retrieve the next page. 289 totalSize: The total number of SecretVersions. 290 versions: The list of SecretVersions sorted in reverse by create_time 291 (newest first). 292 """ 293 294 nextPageToken = _messages.StringField(1) 295 totalSize = _messages.IntegerField(2, variant=_messages.Variant.INT32) 296 versions = _messages.MessageField('SecretVersion', 3, repeated=True) 297 298 299class ListSecretsResponse(_messages.Message): 300 r"""Response message for SecretManagerService.ListSecrets. 301 302 Fields: 303 nextPageToken: A token to retrieve the next page of results. Pass this 304 value in ListSecretsRequest.page_token to retrieve the next page. 305 secrets: The list of Secrets sorted in reverse by create_time (newest 306 first). 307 totalSize: The total number of Secrets. 308 """ 309 310 nextPageToken = _messages.StringField(1) 311 secrets = _messages.MessageField('Secret', 2, repeated=True) 312 totalSize = _messages.IntegerField(3, variant=_messages.Variant.INT32) 313 314 315class Location(_messages.Message): 316 r"""A resource that represents Google Cloud Platform location. 317 318 Messages: 319 LabelsValue: Cross-service attributes for the location. For example 320 {"cloud.googleapis.com/region": "us-east1"} 321 MetadataValue: Service-specific metadata. For example the available 322 capacity at the given location. 323 324 Fields: 325 displayName: The friendly name for this location, typically a nearby city 326 name. For example, "Tokyo". 327 labels: Cross-service attributes for the location. For example 328 {"cloud.googleapis.com/region": "us-east1"} 329 locationId: The canonical id for this location. For example: `"us-east1"`. 330 metadata: Service-specific metadata. For example the available capacity at 331 the given location. 332 name: Resource name for the location, which may vary between 333 implementations. For example: `"projects/example-project/locations/us- 334 east1"` 335 """ 336 337 @encoding.MapUnrecognizedFields('additionalProperties') 338 class LabelsValue(_messages.Message): 339 r"""Cross-service attributes for the location. For example 340 {"cloud.googleapis.com/region": "us-east1"} 341 342 Messages: 343 AdditionalProperty: An additional property for a LabelsValue object. 344 345 Fields: 346 additionalProperties: Additional properties of type LabelsValue 347 """ 348 349 class AdditionalProperty(_messages.Message): 350 r"""An additional property for a LabelsValue object. 351 352 Fields: 353 key: Name of the additional property. 354 value: A string attribute. 355 """ 356 357 key = _messages.StringField(1) 358 value = _messages.StringField(2) 359 360 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 361 362 @encoding.MapUnrecognizedFields('additionalProperties') 363 class MetadataValue(_messages.Message): 364 r"""Service-specific metadata. For example the available capacity at the 365 given location. 366 367 Messages: 368 AdditionalProperty: An additional property for a MetadataValue object. 369 370 Fields: 371 additionalProperties: Properties of the object. Contains field @type 372 with type URL. 373 """ 374 375 class AdditionalProperty(_messages.Message): 376 r"""An additional property for a MetadataValue object. 377 378 Fields: 379 key: Name of the additional property. 380 value: A extra_types.JsonValue attribute. 381 """ 382 383 key = _messages.StringField(1) 384 value = _messages.MessageField('extra_types.JsonValue', 2) 385 386 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 387 388 displayName = _messages.StringField(1) 389 labels = _messages.MessageField('LabelsValue', 2) 390 locationId = _messages.StringField(3) 391 metadata = _messages.MessageField('MetadataValue', 4) 392 name = _messages.StringField(5) 393 394 395class Policy(_messages.Message): 396 r"""An Identity and Access Management (IAM) policy, which specifies access 397 controls for Google Cloud resources. A `Policy` is a collection of 398 `bindings`. A `binding` binds one or more `members` to a single `role`. 399 Members can be user accounts, service accounts, Google groups, and domains 400 (such as G Suite). A `role` is a named list of permissions; each `role` can 401 be an IAM predefined role or a user-created custom role. For some types of 402 Google Cloud resources, a `binding` can also specify a `condition`, which is 403 a logical expression that allows access to a resource only if the expression 404 evaluates to `true`. A condition can add constraints based on attributes of 405 the request, the resource, or both. To learn which resources support 406 conditions in their IAM policies, see the [IAM 407 documentation](https://cloud.google.com/iam/help/conditions/resource- 408 policies). **JSON example:** { "bindings": [ { "role": 409 "roles/resourcemanager.organizationAdmin", "members": [ 410 "user:mike@example.com", "group:admins@example.com", "domain:google.com", 411 "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": 412 "roles/resourcemanager.organizationViewer", "members": [ 413 "user:eve@example.com" ], "condition": { "title": "expirable access", 414 "description": "Does not grant access after Sep 2020", "expression": 415 "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": 416 "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - 417 user:mike@example.com - group:admins@example.com - domain:google.com - 418 serviceAccount:my-project-id@appspot.gserviceaccount.com role: 419 roles/resourcemanager.organizationAdmin - members: - user:eve@example.com 420 role: roles/resourcemanager.organizationViewer condition: title: expirable 421 access description: Does not grant access after Sep 2020 expression: 422 request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - 423 version: 3 For a description of IAM and its features, see the [IAM 424 documentation](https://cloud.google.com/iam/docs/). 425 426 Fields: 427 auditConfigs: Specifies cloud audit logging configuration for this policy. 428 bindings: Associates a list of `members` to a `role`. Optionally, may 429 specify a `condition` that determines how and when the `bindings` are 430 applied. Each of the `bindings` must contain at least one member. 431 etag: `etag` is used for optimistic concurrency control as a way to help 432 prevent simultaneous updates of a policy from overwriting each other. It 433 is strongly suggested that systems make use of the `etag` in the read- 434 modify-write cycle to perform policy updates in order to avoid race 435 conditions: An `etag` is returned in the response to `getIamPolicy`, and 436 systems are expected to put that etag in the request to `setIamPolicy` 437 to ensure that their change will be applied to the same version of the 438 policy. **Important:** If you use IAM Conditions, you must include the 439 `etag` field whenever you call `setIamPolicy`. If you omit this field, 440 then IAM allows you to overwrite a version `3` policy with a version `1` 441 policy, and all of the conditions in the version `3` policy are lost. 442 version: Specifies the format of the policy. Valid values are `0`, `1`, 443 and `3`. Requests that specify an invalid value are rejected. Any 444 operation that affects conditional role bindings must specify version 445 `3`. This requirement applies to the following operations: * Getting a 446 policy that includes a conditional role binding * Adding a conditional 447 role binding to a policy * Changing a conditional role binding in a 448 policy * Removing any role binding, with or without a condition, from a 449 policy that includes conditions **Important:** If you use IAM 450 Conditions, you must include the `etag` field whenever you call 451 `setIamPolicy`. If you omit this field, then IAM allows you to overwrite 452 a version `3` policy with a version `1` policy, and all of the 453 conditions in the version `3` policy are lost. If a policy does not 454 include any conditions, operations on that policy may specify any valid 455 version or leave the field unset. To learn which resources support 456 conditions in their IAM policies, see the [IAM 457 documentation](https://cloud.google.com/iam/help/conditions/resource- 458 policies). 459 """ 460 461 auditConfigs = _messages.MessageField('AuditConfig', 1, repeated=True) 462 bindings = _messages.MessageField('Binding', 2, repeated=True) 463 etag = _messages.BytesField(3) 464 version = _messages.IntegerField(4, variant=_messages.Variant.INT32) 465 466 467class Replica(_messages.Message): 468 r"""Represents a Replica for this Secret. 469 470 Fields: 471 customerManagedEncryption: Optional. The customer-managed encryption 472 configuration of the User-Managed Replica. If no configuration is 473 provided, Google-managed default encryption is used. Updates to the 474 Secret encryption configuration only apply to SecretVersions added 475 afterwards. They do not apply retroactively to existing SecretVersions. 476 location: The canonical IDs of the location to replicate data. For 477 example: `"us-east1"`. 478 """ 479 480 customerManagedEncryption = _messages.MessageField('CustomerManagedEncryption', 1) 481 location = _messages.StringField(2) 482 483 484class ReplicaStatus(_messages.Message): 485 r"""Describes the status of a user-managed replica for the SecretVersion. 486 487 Fields: 488 customerManagedEncryption: Output only. The customer-managed encryption 489 status of the SecretVersion. Only populated if customer-managed 490 encryption is used. 491 location: Output only. The canonical ID of the replica location. For 492 example: `"us-east1"`. 493 """ 494 495 customerManagedEncryption = _messages.MessageField('CustomerManagedEncryptionStatus', 1) 496 location = _messages.StringField(2) 497 498 499class Replication(_messages.Message): 500 r"""A policy that defines the replication and encryption configuration of 501 data. 502 503 Fields: 504 automatic: The Secret will automatically be replicated without any 505 restrictions. 506 userManaged: The Secret will only be replicated into the locations 507 specified. 508 """ 509 510 automatic = _messages.MessageField('Automatic', 1) 511 userManaged = _messages.MessageField('UserManaged', 2) 512 513 514class ReplicationStatus(_messages.Message): 515 r"""The replication status of a SecretVersion. 516 517 Fields: 518 automatic: Describes the replication status of a SecretVersion with 519 automatic replication. Only populated if the parent Secret has an 520 automatic replication policy. 521 userManaged: Describes the replication status of a SecretVersion with 522 user-managed replication. Only populated if the parent Secret has a 523 user-managed replication policy. 524 """ 525 526 automatic = _messages.MessageField('AutomaticStatus', 1) 527 userManaged = _messages.MessageField('UserManagedStatus', 2) 528 529 530class Rotation(_messages.Message): 531 r"""The rotation time and period for a Secret. At next_rotation_time, Secret 532 Manager will send a Pub/Sub notification to the topics configured on the 533 Secret. Secret.topics must be set to configure rotation. 534 535 Fields: 536 nextRotationTime: Optional. Timestamp in UTC at which the Secret is 537 scheduled to rotate. next_rotation_time MUST be set if rotation_period 538 is set. 539 rotationPeriod: Input only. The Duration between rotation notifications. 540 Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 541 years). If rotation_period is set, next_rotation_time must be set. 542 next_rotation_time will be advanced by this period when the service 543 automatically sends rotation notifications. 544 """ 545 546 nextRotationTime = _messages.StringField(1) 547 rotationPeriod = _messages.StringField(2) 548 549 550class Secret(_messages.Message): 551 r"""A Secret is a logical secret whose value and versions can be accessed. A 552 Secret is made up of zero or more SecretVersions that represent the secret 553 data. 554 555 Messages: 556 LabelsValue: The labels assigned to this Secret. Label keys must be 557 between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 558 bytes, and must conform to the following PCRE regular expression: 559 `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters 560 long, have a UTF-8 encoding of maximum 128 bytes, and must conform to 561 the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No 562 more than 64 labels can be assigned to a given resource. 563 564 Fields: 565 createTime: Output only. The time at which the Secret was created. 566 expireTime: Optional. Timestamp in UTC when the Secret is scheduled to 567 expire. This is always provided on output, regardless of what was sent 568 on input. 569 labels: The labels assigned to this Secret. Label keys must be between 1 570 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and 571 must conform to the following PCRE regular expression: 572 `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters 573 long, have a UTF-8 encoding of maximum 128 bytes, and must conform to 574 the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No 575 more than 64 labels can be assigned to a given resource. 576 name: Output only. The resource name of the Secret in the format 577 `projects/*/secrets/*`. 578 replication: Required. Immutable. The replication policy of the secret 579 data attached to the Secret. The replication policy cannot be changed 580 after the Secret has been created. 581 rotation: Optional. Rotation policy attached to the Secret. May be 582 excluded if there is no rotation policy. 583 topics: Optional. A list of up to 10 Pub/Sub topics to which messages are 584 published when control plane operations are called on the secret or its 585 versions. 586 ttl: Input only. The TTL for the Secret. 587 """ 588 589 @encoding.MapUnrecognizedFields('additionalProperties') 590 class LabelsValue(_messages.Message): 591 r"""The labels assigned to this Secret. Label keys must be between 1 and 592 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must 593 conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` 594 Label values must be between 0 and 63 characters long, have a UTF-8 595 encoding of maximum 128 bytes, and must conform to the following PCRE 596 regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels 597 can be assigned to a given resource. 598 599 Messages: 600 AdditionalProperty: An additional property for a LabelsValue object. 601 602 Fields: 603 additionalProperties: Additional properties of type LabelsValue 604 """ 605 606 class AdditionalProperty(_messages.Message): 607 r"""An additional property for a LabelsValue object. 608 609 Fields: 610 key: Name of the additional property. 611 value: A string attribute. 612 """ 613 614 key = _messages.StringField(1) 615 value = _messages.StringField(2) 616 617 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 618 619 createTime = _messages.StringField(1) 620 expireTime = _messages.StringField(2) 621 labels = _messages.MessageField('LabelsValue', 3) 622 name = _messages.StringField(4) 623 replication = _messages.MessageField('Replication', 5) 624 rotation = _messages.MessageField('Rotation', 6) 625 topics = _messages.MessageField('Topic', 7, repeated=True) 626 ttl = _messages.StringField(8) 627 628 629class SecretPayload(_messages.Message): 630 r"""A secret payload resource in the Secret Manager API. This contains the 631 sensitive secret payload that is associated with a SecretVersion. 632 633 Fields: 634 data: The secret data. Must be no larger than 64KiB. 635 """ 636 637 data = _messages.BytesField(1) 638 639 640class SecretVersion(_messages.Message): 641 r"""A secret version resource in the Secret Manager API. 642 643 Enums: 644 StateValueValuesEnum: Output only. The current state of the SecretVersion. 645 646 Fields: 647 createTime: Output only. The time at which the SecretVersion was created. 648 destroyTime: Output only. The time this SecretVersion was destroyed. Only 649 present if state is DESTROYED. 650 name: Output only. The resource name of the SecretVersion in the format 651 `projects/*/secrets/*/versions/*`. SecretVersion IDs in a Secret start 652 at 1 and are incremented for each subsequent version of the secret. 653 replicationStatus: The replication status of the SecretVersion. 654 state: Output only. The current state of the SecretVersion. 655 """ 656 657 class StateValueValuesEnum(_messages.Enum): 658 r"""Output only. The current state of the SecretVersion. 659 660 Values: 661 STATE_UNSPECIFIED: Not specified. This value is unused and invalid. 662 ENABLED: The SecretVersion may be accessed. 663 DISABLED: The SecretVersion may not be accessed, but the secret data is 664 still available and can be placed back into the ENABLED state. 665 DESTROYED: The SecretVersion is destroyed and the secret data is no 666 longer stored. A version may not leave this state once entered. 667 """ 668 STATE_UNSPECIFIED = 0 669 ENABLED = 1 670 DISABLED = 2 671 DESTROYED = 3 672 673 createTime = _messages.StringField(1) 674 destroyTime = _messages.StringField(2) 675 name = _messages.StringField(3) 676 replicationStatus = _messages.MessageField('ReplicationStatus', 4) 677 state = _messages.EnumField('StateValueValuesEnum', 5) 678 679 680class SecretmanagerProjectsLocationsGetRequest(_messages.Message): 681 r"""A SecretmanagerProjectsLocationsGetRequest object. 682 683 Fields: 684 name: Resource name for the location. 685 """ 686 687 name = _messages.StringField(1, required=True) 688 689 690class SecretmanagerProjectsLocationsListRequest(_messages.Message): 691 r"""A SecretmanagerProjectsLocationsListRequest object. 692 693 Fields: 694 filter: The standard list filter. 695 name: The resource that owns the locations collection, if applicable. 696 pageSize: The standard list page size. 697 pageToken: The standard list page token. 698 """ 699 700 filter = _messages.StringField(1) 701 name = _messages.StringField(2, required=True) 702 pageSize = _messages.IntegerField(3, variant=_messages.Variant.INT32) 703 pageToken = _messages.StringField(4) 704 705 706class SecretmanagerProjectsSecretsAddVersionRequest(_messages.Message): 707 r"""A SecretmanagerProjectsSecretsAddVersionRequest object. 708 709 Fields: 710 addSecretVersionRequest: A AddSecretVersionRequest resource to be passed 711 as the request body. 712 parent: Required. The resource name of the Secret to associate with the 713 SecretVersion in the format `projects/*/secrets/*`. 714 """ 715 716 addSecretVersionRequest = _messages.MessageField('AddSecretVersionRequest', 1) 717 parent = _messages.StringField(2, required=True) 718 719 720class SecretmanagerProjectsSecretsCreateRequest(_messages.Message): 721 r"""A SecretmanagerProjectsSecretsCreateRequest object. 722 723 Fields: 724 parent: Required. The resource name of the project to associate with the 725 Secret, in the format `projects/*`. 726 secret: A Secret resource to be passed as the request body. 727 secretId: Required. This must be unique within the project. A secret ID is 728 a string with a maximum length of 255 characters and can contain 729 uppercase and lowercase letters, numerals, and the hyphen (`-`) and 730 underscore (`_`) characters. 731 """ 732 733 parent = _messages.StringField(1, required=True) 734 secret = _messages.MessageField('Secret', 2) 735 secretId = _messages.StringField(3) 736 737 738class SecretmanagerProjectsSecretsDeleteRequest(_messages.Message): 739 r"""A SecretmanagerProjectsSecretsDeleteRequest object. 740 741 Fields: 742 name: Required. The resource name of the Secret to delete in the format 743 `projects/*/secrets/*`. 744 """ 745 746 name = _messages.StringField(1, required=True) 747 748 749class SecretmanagerProjectsSecretsGetIamPolicyRequest(_messages.Message): 750 r"""A SecretmanagerProjectsSecretsGetIamPolicyRequest object. 751 752 Fields: 753 options_requestedPolicyVersion: Optional. The policy format version to be 754 returned. Valid values are 0, 1, and 3. Requests specifying an invalid 755 value will be rejected. Requests for policies with any conditional 756 bindings must specify version 3. Policies without any conditional 757 bindings may specify any valid value or leave the field unset. To learn 758 which resources support conditions in their IAM policies, see the [IAM 759 documentation](https://cloud.google.com/iam/help/conditions/resource- 760 policies). 761 resource: REQUIRED: The resource for which the policy is being requested. 762 See the operation documentation for the appropriate value for this 763 field. 764 """ 765 766 options_requestedPolicyVersion = _messages.IntegerField(1, variant=_messages.Variant.INT32) 767 resource = _messages.StringField(2, required=True) 768 769 770class SecretmanagerProjectsSecretsGetRequest(_messages.Message): 771 r"""A SecretmanagerProjectsSecretsGetRequest object. 772 773 Fields: 774 name: Required. The resource name of the Secret, in the format 775 `projects/*/secrets/*`. 776 """ 777 778 name = _messages.StringField(1, required=True) 779 780 781class SecretmanagerProjectsSecretsListRequest(_messages.Message): 782 r"""A SecretmanagerProjectsSecretsListRequest object. 783 784 Fields: 785 pageSize: Optional. The maximum number of results to be returned in a 786 single page. If set to 0, the server decides the number of results to 787 return. If the number is greater than 25000, it is capped at 25000. 788 pageToken: Optional. Pagination token, returned earlier via 789 ListSecretsResponse.next_page_token. 790 parent: Required. The resource name of the project associated with the 791 Secrets, in the format `projects/*`. 792 """ 793 794 pageSize = _messages.IntegerField(1, variant=_messages.Variant.INT32) 795 pageToken = _messages.StringField(2) 796 parent = _messages.StringField(3, required=True) 797 798 799class SecretmanagerProjectsSecretsPatchRequest(_messages.Message): 800 r"""A SecretmanagerProjectsSecretsPatchRequest object. 801 802 Fields: 803 name: Output only. The resource name of the Secret in the format 804 `projects/*/secrets/*`. 805 secret: A Secret resource to be passed as the request body. 806 updateMask: Required. Specifies the fields to be updated. 807 """ 808 809 name = _messages.StringField(1, required=True) 810 secret = _messages.MessageField('Secret', 2) 811 updateMask = _messages.StringField(3) 812 813 814class SecretmanagerProjectsSecretsSetIamPolicyRequest(_messages.Message): 815 r"""A SecretmanagerProjectsSecretsSetIamPolicyRequest object. 816 817 Fields: 818 resource: REQUIRED: The resource for which the policy is being specified. 819 See the operation documentation for the appropriate value for this 820 field. 821 setIamPolicyRequest: A SetIamPolicyRequest resource to be passed as the 822 request body. 823 """ 824 825 resource = _messages.StringField(1, required=True) 826 setIamPolicyRequest = _messages.MessageField('SetIamPolicyRequest', 2) 827 828 829class SecretmanagerProjectsSecretsTestIamPermissionsRequest(_messages.Message): 830 r"""A SecretmanagerProjectsSecretsTestIamPermissionsRequest object. 831 832 Fields: 833 resource: REQUIRED: The resource for which the policy detail is being 834 requested. See the operation documentation for the appropriate value for 835 this field. 836 testIamPermissionsRequest: A TestIamPermissionsRequest resource to be 837 passed as the request body. 838 """ 839 840 resource = _messages.StringField(1, required=True) 841 testIamPermissionsRequest = _messages.MessageField('TestIamPermissionsRequest', 2) 842 843 844class SecretmanagerProjectsSecretsVersionsAccessRequest(_messages.Message): 845 r"""A SecretmanagerProjectsSecretsVersionsAccessRequest object. 846 847 Fields: 848 name: Required. The resource name of the SecretVersion in the format 849 `projects/*/secrets/*/versions/*`. 850 """ 851 852 name = _messages.StringField(1, required=True) 853 854 855class SecretmanagerProjectsSecretsVersionsDestroyRequest(_messages.Message): 856 r"""A SecretmanagerProjectsSecretsVersionsDestroyRequest object. 857 858 Fields: 859 destroySecretVersionRequest: A DestroySecretVersionRequest resource to be 860 passed as the request body. 861 name: Required. The resource name of the SecretVersion to destroy in the 862 format `projects/*/secrets/*/versions/*`. 863 """ 864 865 destroySecretVersionRequest = _messages.MessageField('DestroySecretVersionRequest', 1) 866 name = _messages.StringField(2, required=True) 867 868 869class SecretmanagerProjectsSecretsVersionsDisableRequest(_messages.Message): 870 r"""A SecretmanagerProjectsSecretsVersionsDisableRequest object. 871 872 Fields: 873 disableSecretVersionRequest: A DisableSecretVersionRequest resource to be 874 passed as the request body. 875 name: Required. The resource name of the SecretVersion to disable in the 876 format `projects/*/secrets/*/versions/*`. 877 """ 878 879 disableSecretVersionRequest = _messages.MessageField('DisableSecretVersionRequest', 1) 880 name = _messages.StringField(2, required=True) 881 882 883class SecretmanagerProjectsSecretsVersionsEnableRequest(_messages.Message): 884 r"""A SecretmanagerProjectsSecretsVersionsEnableRequest object. 885 886 Fields: 887 enableSecretVersionRequest: A EnableSecretVersionRequest resource to be 888 passed as the request body. 889 name: Required. The resource name of the SecretVersion to enable in the 890 format `projects/*/secrets/*/versions/*`. 891 """ 892 893 enableSecretVersionRequest = _messages.MessageField('EnableSecretVersionRequest', 1) 894 name = _messages.StringField(2, required=True) 895 896 897class SecretmanagerProjectsSecretsVersionsGetRequest(_messages.Message): 898 r"""A SecretmanagerProjectsSecretsVersionsGetRequest object. 899 900 Fields: 901 name: Required. The resource name of the SecretVersion in the format 902 `projects/*/secrets/*/versions/*`. 903 `projects/*/secrets/*/versions/latest` is an alias to the `latest` 904 SecretVersion. 905 """ 906 907 name = _messages.StringField(1, required=True) 908 909 910class SecretmanagerProjectsSecretsVersionsListRequest(_messages.Message): 911 r"""A SecretmanagerProjectsSecretsVersionsListRequest object. 912 913 Fields: 914 pageSize: Optional. The maximum number of results to be returned in a 915 single page. If set to 0, the server decides the number of results to 916 return. If the number is greater than 25000, it is capped at 25000. 917 pageToken: Optional. Pagination token, returned earlier via 918 ListSecretVersionsResponse.next_page_token][]. 919 parent: Required. The resource name of the Secret associated with the 920 SecretVersions to list, in the format `projects/*/secrets/*`. 921 """ 922 923 pageSize = _messages.IntegerField(1, variant=_messages.Variant.INT32) 924 pageToken = _messages.StringField(2) 925 parent = _messages.StringField(3, required=True) 926 927 928class SetIamPolicyRequest(_messages.Message): 929 r"""Request message for `SetIamPolicy` method. 930 931 Fields: 932 policy: REQUIRED: The complete policy to be applied to the `resource`. The 933 size of the policy is limited to a few 10s of KB. An empty policy is a 934 valid policy but certain Cloud Platform services (such as Projects) 935 might reject them. 936 updateMask: OPTIONAL: A FieldMask specifying which fields of the policy to 937 modify. Only the fields in the mask will be modified. If no mask is 938 provided, the following default mask is used: `paths: "bindings, etag"` 939 """ 940 941 policy = _messages.MessageField('Policy', 1) 942 updateMask = _messages.StringField(2) 943 944 945class StandardQueryParameters(_messages.Message): 946 r"""Query parameters accepted by all methods. 947 948 Enums: 949 FXgafvValueValuesEnum: V1 error format. 950 AltValueValuesEnum: Data format for response. 951 952 Fields: 953 f__xgafv: V1 error format. 954 access_token: OAuth access token. 955 alt: Data format for response. 956 callback: JSONP 957 fields: Selector specifying which fields to include in a partial response. 958 key: API key. Your API key identifies your project and provides you with 959 API access, quota, and reports. Required unless you provide an OAuth 2.0 960 token. 961 oauth_token: OAuth 2.0 token for the current user. 962 prettyPrint: Returns response with indentations and line breaks. 963 quotaUser: Available to use for quota purposes for server-side 964 applications. Can be any arbitrary string assigned to a user, but should 965 not exceed 40 characters. 966 trace: A tracing token of the form "token:<tokenid>" to include in api 967 requests. 968 uploadType: Legacy upload protocol for media (e.g. "media", "multipart"). 969 upload_protocol: Upload protocol for media (e.g. "raw", "multipart"). 970 """ 971 972 class AltValueValuesEnum(_messages.Enum): 973 r"""Data format for response. 974 975 Values: 976 json: Responses with Content-Type of application/json 977 media: Media download with context-dependent Content-Type 978 proto: Responses with Content-Type of application/x-protobuf 979 """ 980 json = 0 981 media = 1 982 proto = 2 983 984 class FXgafvValueValuesEnum(_messages.Enum): 985 r"""V1 error format. 986 987 Values: 988 _1: v1 error format 989 _2: v2 error format 990 """ 991 _1 = 0 992 _2 = 1 993 994 f__xgafv = _messages.EnumField('FXgafvValueValuesEnum', 1) 995 access_token = _messages.StringField(2) 996 alt = _messages.EnumField('AltValueValuesEnum', 3, default='json') 997 callback = _messages.StringField(4) 998 fields = _messages.StringField(5) 999 key = _messages.StringField(6) 1000 oauth_token = _messages.StringField(7) 1001 prettyPrint = _messages.BooleanField(8, default=True) 1002 quotaUser = _messages.StringField(9) 1003 trace = _messages.StringField(10) 1004 uploadType = _messages.StringField(11) 1005 upload_protocol = _messages.StringField(12) 1006 1007 1008class TestIamPermissionsRequest(_messages.Message): 1009 r"""Request message for `TestIamPermissions` method. 1010 1011 Fields: 1012 permissions: The set of permissions to check for the `resource`. 1013 Permissions with wildcards (such as '*' or 'storage.*') are not allowed. 1014 For more information see [IAM 1015 Overview](https://cloud.google.com/iam/docs/overview#permissions). 1016 """ 1017 1018 permissions = _messages.StringField(1, repeated=True) 1019 1020 1021class TestIamPermissionsResponse(_messages.Message): 1022 r"""Response message for `TestIamPermissions` method. 1023 1024 Fields: 1025 permissions: A subset of `TestPermissionsRequest.permissions` that the 1026 caller is allowed. 1027 """ 1028 1029 permissions = _messages.StringField(1, repeated=True) 1030 1031 1032class Topic(_messages.Message): 1033 r"""A Pub/Sub topic which Secret Manager will publish to when control plane 1034 events occur on this secret. 1035 1036 Fields: 1037 name: Required. The resource name of the Pub/Sub topic that will be 1038 published to, in the following format: `projects/*/topics/*`. For 1039 publication to succeed, the Secret Manager P4SA must have 1040 `pubsub.publisher` permissions on the topic. 1041 """ 1042 1043 name = _messages.StringField(1) 1044 1045 1046class UserManaged(_messages.Message): 1047 r"""A replication policy that replicates the Secret payload into the 1048 locations specified in Secret.replication.user_managed.replicas 1049 1050 Fields: 1051 replicas: Required. The list of Replicas for this Secret. Cannot be empty. 1052 """ 1053 1054 replicas = _messages.MessageField('Replica', 1, repeated=True) 1055 1056 1057class UserManagedStatus(_messages.Message): 1058 r"""The replication status of a SecretVersion using user-managed 1059 replication. Only populated if the parent Secret has a user-managed 1060 replication policy. 1061 1062 Fields: 1063 replicas: Output only. The list of replica statuses for the SecretVersion. 1064 """ 1065 1066 replicas = _messages.MessageField('ReplicaStatus', 1, repeated=True) 1067 1068 1069encoding.AddCustomJsonFieldMapping( 1070 StandardQueryParameters, 'f__xgafv', '$.xgafv') 1071encoding.AddCustomJsonEnumMapping( 1072 StandardQueryParameters.FXgafvValueValuesEnum, '_1', '1') 1073encoding.AddCustomJsonEnumMapping( 1074 StandardQueryParameters.FXgafvValueValuesEnum, '_2', '2') 1075