gcloud_googleapis/google.iam.v1.rs
1// This file is @generated by prost-build.
2/// Encapsulates settings provided to GetIamPolicy.
3#[derive(Clone, Copy, PartialEq, ::prost::Message)]
4pub struct GetPolicyOptions {
5 /// Optional. The maximum policy version that will be used to format the
6 /// policy.
7 ///
8 /// Valid values are 0, 1, and 3. Requests specifying an invalid value will be
9 /// rejected.
10 ///
11 /// Requests for policies with any conditional role bindings must specify
12 /// version 3. Policies with no conditional role bindings may specify any valid
13 /// value or leave the field unset.
14 ///
15 /// The policy in the response might use the policy version that you specified,
16 /// or it might use a lower policy version. For example, if you specify version
17 /// 3, but the policy has no conditional role bindings, the response uses
18 /// version 1.
19 ///
20 /// To learn which resources support conditions in their IAM policies, see the
21 /// [IAM
22 /// documentation](<https://cloud.google.com/iam/help/conditions/resource-policies>).
23 #[prost(int32, tag = "1")]
24 pub requested_policy_version: i32,
25}
26/// An Identity and Access Management (IAM) policy, which specifies access
27/// controls for Google Cloud resources.
28///
29///
30/// A `Policy` is a collection of `bindings`. A `binding` binds one or more
31/// `members`, or principals, to a single `role`. Principals can be user
32/// accounts, service accounts, Google groups, and domains (such as G Suite). A
33/// `role` is a named list of permissions; each `role` can be an IAM predefined
34/// role or a user-created custom role.
35///
36/// For some types of Google Cloud resources, a `binding` can also specify a
37/// `condition`, which is a logical expression that allows access to a resource
38/// only if the expression evaluates to `true`. A condition can add constraints
39/// based on attributes of the request, the resource, or both. To learn which
40/// resources support conditions in their IAM policies, see the
41/// [IAM
42/// documentation](<https://cloud.google.com/iam/help/conditions/resource-policies>).
43///
44/// **JSON example:**
45///
46/// ```
47/// {
48/// "bindings": [
49/// {
50/// "role": "roles/resourcemanager.organizationAdmin",
51/// "members": [
52/// "user:mike@example.com",
53/// "group:admins@example.com",
54/// "domain:google.com",
55/// "serviceAccount:my-project-id@appspot.gserviceaccount.com"
56/// ]
57/// },
58/// {
59/// "role": "roles/resourcemanager.organizationViewer",
60/// "members": [
61/// "user:eve@example.com"
62/// ],
63/// "condition": {
64/// "title": "expirable access",
65/// "description": "Does not grant access after Sep 2020",
66/// "expression": "request.time <
67/// timestamp('2020-10-01T00:00:00.000Z')",
68/// }
69/// }
70/// ],
71/// "etag": "BwWWja0YfJA=",
72/// "version": 3
73/// }
74/// ```
75///
76/// **YAML example:**
77///
78/// ```
79/// bindings:
80/// - members:
81/// - user:mike@example.com
82/// - group:admins@example.com
83/// - domain:google.com
84/// - serviceAccount:my-project-id@appspot.gserviceaccount.com
85/// role: roles/resourcemanager.organizationAdmin
86/// - members:
87/// - user:eve@example.com
88/// role: roles/resourcemanager.organizationViewer
89/// condition:
90/// title: expirable access
91/// description: Does not grant access after Sep 2020
92/// expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
93/// etag: BwWWja0YfJA=
94/// version: 3
95/// ```
96///
97/// For a description of IAM and its features, see the
98/// [IAM documentation](<https://cloud.google.com/iam/docs/>).
99#[derive(Clone, PartialEq, ::prost::Message)]
100pub struct Policy {
101 /// Specifies the format of the policy.
102 ///
103 /// Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
104 /// are rejected.
105 ///
106 /// Any operation that affects conditional role bindings must specify version
107 /// `3`. This requirement applies to the following operations:
108 ///
109 /// * Getting a policy that includes a conditional role binding
110 /// * Adding a conditional role binding to a policy
111 /// * Changing a conditional role binding in a policy
112 /// * Removing any role binding, with or without a condition, from a policy
113 /// that includes conditions
114 ///
115 /// **Important:** If you use IAM Conditions, you must include the `etag` field
116 /// whenever you call `setIamPolicy`. If you omit this field, then IAM allows
117 /// you to overwrite a version `3` policy with a version `1` policy, and all of
118 /// the conditions in the version `3` policy are lost.
119 ///
120 /// If a policy does not include any conditions, operations on that policy may
121 /// specify any valid version or leave the field unset.
122 ///
123 /// To learn which resources support conditions in their IAM policies, see the
124 /// [IAM
125 /// documentation](<https://cloud.google.com/iam/help/conditions/resource-policies>).
126 #[prost(int32, tag = "1")]
127 pub version: i32,
128 /// Associates a list of `members`, or principals, with a `role`. Optionally,
129 /// may specify a `condition` that determines how and when the `bindings` are
130 /// applied. Each of the `bindings` must contain at least one principal.
131 ///
132 /// The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
133 /// of these principals can be Google groups. Each occurrence of a principal
134 /// counts towards these limits. For example, if the `bindings` grant 50
135 /// different roles to `user:alice@example.com`, and not to any other
136 /// principal, then you can add another 1,450 principals to the `bindings` in
137 /// the `Policy`.
138 #[prost(message, repeated, tag = "4")]
139 pub bindings: ::prost::alloc::vec::Vec<Binding>,
140 /// Specifies cloud audit logging configuration for this policy.
141 #[prost(message, repeated, tag = "6")]
142 pub audit_configs: ::prost::alloc::vec::Vec<AuditConfig>,
143 /// `etag` is used for optimistic concurrency control as a way to help
144 /// prevent simultaneous updates of a policy from overwriting each other.
145 /// It is strongly suggested that systems make use of the `etag` in the
146 /// read-modify-write cycle to perform policy updates in order to avoid race
147 /// conditions: An `etag` is returned in the response to `getIamPolicy`, and
148 /// systems are expected to put that etag in the request to `setIamPolicy` to
149 /// ensure that their change will be applied to the same version of the policy.
150 ///
151 /// **Important:** If you use IAM Conditions, you must include the `etag` field
152 /// whenever you call `setIamPolicy`. If you omit this field, then IAM allows
153 /// you to overwrite a version `3` policy with a version `1` policy, and all of
154 /// the conditions in the version `3` policy are lost.
155 #[prost(bytes = "vec", tag = "3")]
156 pub etag: ::prost::alloc::vec::Vec<u8>,
157}
158/// Associates `members`, or principals, with a `role`.
159#[derive(Clone, PartialEq, ::prost::Message)]
160pub struct Binding {
161 /// Role that is assigned to the list of `members`, or principals.
162 /// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
163 #[prost(string, tag = "1")]
164 pub role: ::prost::alloc::string::String,
165 /// Specifies the principals requesting access for a Google Cloud resource.
166 /// `members` can have the following values:
167 ///
168 /// * `allUsers`: A special identifier that represents anyone who is
169 /// on the internet; with or without a Google account.
170 ///
171 /// * `allAuthenticatedUsers`: A special identifier that represents anyone
172 /// who is authenticated with a Google account or a service account.
173 ///
174 /// * `user:{emailid}`: An email address that represents a specific Google
175 /// account. For example, `alice@example.com` .
176 ///
177 ///
178 /// * `serviceAccount:{emailid}`: An email address that represents a service
179 /// account. For example, `my-other-app@appspot.gserviceaccount.com`.
180 ///
181 /// * `group:{emailid}`: An email address that represents a Google group.
182 /// For example, `admins@example.com`.
183 ///
184 /// * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
185 /// identifier) representing a user that has been recently deleted. For
186 /// example, `alice@example.com?uid=123456789012345678901`. If the user is
187 /// recovered, this value reverts to `user:{emailid}` and the recovered user
188 /// retains the role in the binding.
189 ///
190 /// * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
191 /// unique identifier) representing a service account that has been recently
192 /// deleted. For example,
193 /// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
194 /// If the service account is undeleted, this value reverts to
195 /// `serviceAccount:{emailid}` and the undeleted service account retains the
196 /// role in the binding.
197 ///
198 /// * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
199 /// identifier) representing a Google group that has been recently
200 /// deleted. For example, `admins@example.com?uid=123456789012345678901`. If
201 /// the group is recovered, this value reverts to `group:{emailid}` and the
202 /// recovered group retains the role in the binding.
203 ///
204 ///
205 /// * `domain:{domain}`: The G Suite domain (primary) that represents all the
206 /// users of that domain. For example, `google.com` or `example.com`.
207 ///
208 ///
209 #[prost(string, repeated, tag = "2")]
210 pub members: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
211 /// The condition that is associated with this binding.
212 ///
213 /// If the condition evaluates to `true`, then this binding applies to the
214 /// current request.
215 ///
216 /// If the condition evaluates to `false`, then this binding does not apply to
217 /// the current request. However, a different role binding might grant the same
218 /// role to one or more of the principals in this binding.
219 ///
220 /// To learn which resources support conditions in their IAM policies, see the
221 /// [IAM
222 /// documentation](<https://cloud.google.com/iam/help/conditions/resource-policies>).
223 #[prost(message, optional, tag = "3")]
224 pub condition: ::core::option::Option<super::super::r#type::Expr>,
225}
226/// Specifies the audit configuration for a service.
227/// The configuration determines which permission types are logged, and what
228/// identities, if any, are exempted from logging.
229/// An AuditConfig must have one or more AuditLogConfigs.
230///
231/// If there are AuditConfigs for both `allServices` and a specific service,
232/// the union of the two AuditConfigs is used for that service: the log_types
233/// specified in each AuditConfig are enabled, and the exempted_members in each
234/// AuditLogConfig are exempted.
235///
236/// Example Policy with multiple AuditConfigs:
237///
238/// {
239/// "audit_configs": [
240/// {
241/// "service": "allServices",
242/// "audit_log_configs": [
243/// {
244/// "log_type": "DATA_READ",
245/// "exempted_members": [
246/// "user:jose@example.com"
247/// ]
248/// },
249/// {
250/// "log_type": "DATA_WRITE"
251/// },
252/// {
253/// "log_type": "ADMIN_READ"
254/// }
255/// ]
256/// },
257/// {
258/// "service": "sampleservice.googleapis.com",
259/// "audit_log_configs": [
260/// {
261/// "log_type": "DATA_READ"
262/// },
263/// {
264/// "log_type": "DATA_WRITE",
265/// "exempted_members": [
266/// "user:aliya@example.com"
267/// ]
268/// }
269/// ]
270/// }
271/// ]
272/// }
273///
274/// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
275/// logging. It also exempts `jose@example.com` from DATA_READ logging, and
276/// `aliya@example.com` from DATA_WRITE logging.
277#[derive(Clone, PartialEq, ::prost::Message)]
278pub struct AuditConfig {
279 /// Specifies a service that will be enabled for audit logging.
280 /// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
281 /// `allServices` is a special value that covers all services.
282 #[prost(string, tag = "1")]
283 pub service: ::prost::alloc::string::String,
284 /// The configuration for logging of each type of permission.
285 #[prost(message, repeated, tag = "3")]
286 pub audit_log_configs: ::prost::alloc::vec::Vec<AuditLogConfig>,
287}
288/// Provides the configuration for logging a type of permissions.
289/// Example:
290///
291/// {
292/// "audit_log_configs": [
293/// {
294/// "log_type": "DATA_READ",
295/// "exempted_members": [
296/// "user:jose@example.com"
297/// ]
298/// },
299/// {
300/// "log_type": "DATA_WRITE"
301/// }
302/// ]
303/// }
304///
305/// This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
306/// jose@example.com from DATA_READ logging.
307#[derive(Clone, PartialEq, ::prost::Message)]
308pub struct AuditLogConfig {
309 /// The log type that this config enables.
310 #[prost(enumeration = "audit_log_config::LogType", tag = "1")]
311 pub log_type: i32,
312 /// Specifies the identities that do not cause logging for this type of
313 /// permission.
314 /// Follows the same format of
315 /// [Binding.members][google.iam.v1.Binding.members].
316 #[prost(string, repeated, tag = "2")]
317 pub exempted_members: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
318}
319/// Nested message and enum types in `AuditLogConfig`.
320pub mod audit_log_config {
321 /// The list of valid permission types for which logging can be configured.
322 /// Admin writes are always logged, and are not configurable.
323 #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
324 #[repr(i32)]
325 pub enum LogType {
326 /// Default case. Should never be this.
327 Unspecified = 0,
328 /// Admin reads. Example: CloudIAM getIamPolicy
329 AdminRead = 1,
330 /// Data writes. Example: CloudSQL Users create
331 DataWrite = 2,
332 /// Data reads. Example: CloudSQL Users list
333 DataRead = 3,
334 }
335 impl LogType {
336 /// String value of the enum field names used in the ProtoBuf definition.
337 ///
338 /// The values are not transformed in any way and thus are considered stable
339 /// (if the ProtoBuf definition does not change) and safe for programmatic use.
340 pub fn as_str_name(&self) -> &'static str {
341 match self {
342 Self::Unspecified => "LOG_TYPE_UNSPECIFIED",
343 Self::AdminRead => "ADMIN_READ",
344 Self::DataWrite => "DATA_WRITE",
345 Self::DataRead => "DATA_READ",
346 }
347 }
348 /// Creates an enum from field names used in the ProtoBuf definition.
349 pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
350 match value {
351 "LOG_TYPE_UNSPECIFIED" => Some(Self::Unspecified),
352 "ADMIN_READ" => Some(Self::AdminRead),
353 "DATA_WRITE" => Some(Self::DataWrite),
354 "DATA_READ" => Some(Self::DataRead),
355 _ => None,
356 }
357 }
358 }
359}
360/// The difference delta between two policies.
361#[derive(Clone, PartialEq, ::prost::Message)]
362pub struct PolicyDelta {
363 /// The delta for Bindings between two policies.
364 #[prost(message, repeated, tag = "1")]
365 pub binding_deltas: ::prost::alloc::vec::Vec<BindingDelta>,
366 /// The delta for AuditConfigs between two policies.
367 #[prost(message, repeated, tag = "2")]
368 pub audit_config_deltas: ::prost::alloc::vec::Vec<AuditConfigDelta>,
369}
370/// One delta entry for Binding. Each individual change (only one member in each
371/// entry) to a binding will be a separate entry.
372#[derive(Clone, PartialEq, ::prost::Message)]
373pub struct BindingDelta {
374 /// The action that was performed on a Binding.
375 /// Required
376 #[prost(enumeration = "binding_delta::Action", tag = "1")]
377 pub action: i32,
378 /// Role that is assigned to `members`.
379 /// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
380 /// Required
381 #[prost(string, tag = "2")]
382 pub role: ::prost::alloc::string::String,
383 /// A single identity requesting access for a Google Cloud resource.
384 /// Follows the same format of Binding.members.
385 /// Required
386 #[prost(string, tag = "3")]
387 pub member: ::prost::alloc::string::String,
388 /// The condition that is associated with this binding.
389 #[prost(message, optional, tag = "4")]
390 pub condition: ::core::option::Option<super::super::r#type::Expr>,
391}
392/// Nested message and enum types in `BindingDelta`.
393pub mod binding_delta {
394 /// The type of action performed on a Binding in a policy.
395 #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
396 #[repr(i32)]
397 pub enum Action {
398 /// Unspecified.
399 Unspecified = 0,
400 /// Addition of a Binding.
401 Add = 1,
402 /// Removal of a Binding.
403 Remove = 2,
404 }
405 impl Action {
406 /// String value of the enum field names used in the ProtoBuf definition.
407 ///
408 /// The values are not transformed in any way and thus are considered stable
409 /// (if the ProtoBuf definition does not change) and safe for programmatic use.
410 pub fn as_str_name(&self) -> &'static str {
411 match self {
412 Self::Unspecified => "ACTION_UNSPECIFIED",
413 Self::Add => "ADD",
414 Self::Remove => "REMOVE",
415 }
416 }
417 /// Creates an enum from field names used in the ProtoBuf definition.
418 pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
419 match value {
420 "ACTION_UNSPECIFIED" => Some(Self::Unspecified),
421 "ADD" => Some(Self::Add),
422 "REMOVE" => Some(Self::Remove),
423 _ => None,
424 }
425 }
426 }
427}
428/// One delta entry for AuditConfig. Each individual change (only one
429/// exempted_member in each entry) to a AuditConfig will be a separate entry.
430#[derive(Clone, PartialEq, ::prost::Message)]
431pub struct AuditConfigDelta {
432 /// The action that was performed on an audit configuration in a policy.
433 /// Required
434 #[prost(enumeration = "audit_config_delta::Action", tag = "1")]
435 pub action: i32,
436 /// Specifies a service that was configured for Cloud Audit Logging.
437 /// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
438 /// `allServices` is a special value that covers all services.
439 /// Required
440 #[prost(string, tag = "2")]
441 pub service: ::prost::alloc::string::String,
442 /// A single identity that is exempted from "data access" audit
443 /// logging for the `service` specified above.
444 /// Follows the same format of Binding.members.
445 #[prost(string, tag = "3")]
446 pub exempted_member: ::prost::alloc::string::String,
447 /// Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always
448 /// enabled, and cannot be configured.
449 /// Required
450 #[prost(string, tag = "4")]
451 pub log_type: ::prost::alloc::string::String,
452}
453/// Nested message and enum types in `AuditConfigDelta`.
454pub mod audit_config_delta {
455 /// The type of action performed on an audit configuration in a policy.
456 #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
457 #[repr(i32)]
458 pub enum Action {
459 /// Unspecified.
460 Unspecified = 0,
461 /// Addition of an audit configuration.
462 Add = 1,
463 /// Removal of an audit configuration.
464 Remove = 2,
465 }
466 impl Action {
467 /// String value of the enum field names used in the ProtoBuf definition.
468 ///
469 /// The values are not transformed in any way and thus are considered stable
470 /// (if the ProtoBuf definition does not change) and safe for programmatic use.
471 pub fn as_str_name(&self) -> &'static str {
472 match self {
473 Self::Unspecified => "ACTION_UNSPECIFIED",
474 Self::Add => "ADD",
475 Self::Remove => "REMOVE",
476 }
477 }
478 /// Creates an enum from field names used in the ProtoBuf definition.
479 pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
480 match value {
481 "ACTION_UNSPECIFIED" => Some(Self::Unspecified),
482 "ADD" => Some(Self::Add),
483 "REMOVE" => Some(Self::Remove),
484 _ => None,
485 }
486 }
487 }
488}
489/// Request message for `SetIamPolicy` method.
490#[derive(Clone, PartialEq, ::prost::Message)]
491pub struct SetIamPolicyRequest {
492 /// REQUIRED: The resource for which the policy is being specified.
493 /// See the operation documentation for the appropriate value for this field.
494 #[prost(string, tag = "1")]
495 pub resource: ::prost::alloc::string::String,
496 /// REQUIRED: The complete policy to be applied to the `resource`. The size of
497 /// the policy is limited to a few 10s of KB. An empty policy is a
498 /// valid policy but certain Cloud Platform services (such as Projects)
499 /// might reject them.
500 #[prost(message, optional, tag = "2")]
501 pub policy: ::core::option::Option<Policy>,
502 /// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
503 /// the fields in the mask will be modified. If no mask is provided, the
504 /// following default mask is used:
505 ///
506 /// `paths: "bindings, etag"`
507 #[prost(message, optional, tag = "3")]
508 pub update_mask: ::core::option::Option<::prost_types::FieldMask>,
509}
510/// Request message for `GetIamPolicy` method.
511#[derive(Clone, PartialEq, ::prost::Message)]
512pub struct GetIamPolicyRequest {
513 /// REQUIRED: The resource for which the policy is being requested.
514 /// See the operation documentation for the appropriate value for this field.
515 #[prost(string, tag = "1")]
516 pub resource: ::prost::alloc::string::String,
517 /// OPTIONAL: A `GetPolicyOptions` object for specifying options to
518 /// `GetIamPolicy`.
519 #[prost(message, optional, tag = "2")]
520 pub options: ::core::option::Option<GetPolicyOptions>,
521}
522/// Request message for `TestIamPermissions` method.
523#[derive(Clone, PartialEq, ::prost::Message)]
524pub struct TestIamPermissionsRequest {
525 /// REQUIRED: The resource for which the policy detail is being requested.
526 /// See the operation documentation for the appropriate value for this field.
527 #[prost(string, tag = "1")]
528 pub resource: ::prost::alloc::string::String,
529 /// The set of permissions to check for the `resource`. Permissions with
530 /// wildcards (such as '*' or 'storage.*') are not allowed. For more
531 /// information see
532 /// [IAM Overview](<https://cloud.google.com/iam/docs/overview#permissions>).
533 #[prost(string, repeated, tag = "2")]
534 pub permissions: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
535}
536/// Response message for `TestIamPermissions` method.
537#[derive(Clone, PartialEq, ::prost::Message)]
538pub struct TestIamPermissionsResponse {
539 /// A subset of `TestPermissionsRequest.permissions` that the caller is
540 /// allowed.
541 #[prost(string, repeated, tag = "1")]
542 pub permissions: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
543}
544/// Generated client implementations.
545pub mod iam_policy_client {
546 #![allow(
547 unused_variables,
548 dead_code,
549 missing_docs,
550 clippy::wildcard_imports,
551 clippy::let_unit_value
552 )]
553 use tonic::codegen::http::Uri;
554 use tonic::codegen::*;
555 /// API Overview
556 ///
557 /// Manages Identity and Access Management (IAM) policies.
558 ///
559 /// Any implementation of an API that offers access control features
560 /// implements the google.iam.v1.IAMPolicy interface.
561 ///
562 /// ## Data model
563 ///
564 /// Access control is applied when a principal (user or service account), takes
565 /// some action on a resource exposed by a service. Resources, identified by
566 /// URI-like names, are the unit of access control specification. Service
567 /// implementations can choose the granularity of access control and the
568 /// supported permissions for their resources.
569 /// For example one database service may allow access control to be
570 /// specified only at the Table level, whereas another might allow access control
571 /// to also be specified at the Column level.
572 ///
573 /// ## Policy Structure
574 ///
575 /// See google.iam.v1.Policy
576 ///
577 /// This is intentionally not a CRUD style API because access control policies
578 /// are created and deleted implicitly with the resources to which they are
579 /// attached.
580 #[derive(Debug, Clone)]
581 pub struct IamPolicyClient<T> {
582 inner: tonic::client::Grpc<T>,
583 }
584 impl IamPolicyClient<tonic::transport::Channel> {
585 /// Attempt to create a new client by connecting to a given endpoint.
586 pub async fn connect<D>(dst: D) -> Result<Self, tonic::transport::Error>
587 where
588 D: TryInto<tonic::transport::Endpoint>,
589 D::Error: Into<StdError>,
590 {
591 let conn = tonic::transport::Endpoint::new(dst)?.connect().await?;
592 Ok(Self::new(conn))
593 }
594 }
595 impl<T> IamPolicyClient<T>
596 where
597 T: tonic::client::GrpcService<tonic::body::Body>,
598 T::Error: Into<StdError>,
599 T::ResponseBody: Body<Data = Bytes> + std::marker::Send + 'static,
600 <T::ResponseBody as Body>::Error: Into<StdError> + std::marker::Send,
601 {
602 pub fn new(inner: T) -> Self {
603 let inner = tonic::client::Grpc::new(inner);
604 Self { inner }
605 }
606 pub fn with_origin(inner: T, origin: Uri) -> Self {
607 let inner = tonic::client::Grpc::with_origin(inner, origin);
608 Self { inner }
609 }
610 pub fn with_interceptor<F>(inner: T, interceptor: F) -> IamPolicyClient<InterceptedService<T, F>>
611 where
612 F: tonic::service::Interceptor,
613 T::ResponseBody: Default,
614 T: tonic::codegen::Service<
615 http::Request<tonic::body::Body>,
616 Response = http::Response<<T as tonic::client::GrpcService<tonic::body::Body>>::ResponseBody>,
617 >,
618 <T as tonic::codegen::Service<http::Request<tonic::body::Body>>>::Error:
619 Into<StdError> + std::marker::Send + std::marker::Sync,
620 {
621 IamPolicyClient::new(InterceptedService::new(inner, interceptor))
622 }
623 /// Compress requests with the given encoding.
624 ///
625 /// This requires the server to support it otherwise it might respond with an
626 /// error.
627 #[must_use]
628 pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
629 self.inner = self.inner.send_compressed(encoding);
630 self
631 }
632 /// Enable decompressing responses.
633 #[must_use]
634 pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
635 self.inner = self.inner.accept_compressed(encoding);
636 self
637 }
638 /// Limits the maximum size of a decoded message.
639 ///
640 /// Default: `4MB`
641 #[must_use]
642 pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
643 self.inner = self.inner.max_decoding_message_size(limit);
644 self
645 }
646 /// Limits the maximum size of an encoded message.
647 ///
648 /// Default: `usize::MAX`
649 #[must_use]
650 pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
651 self.inner = self.inner.max_encoding_message_size(limit);
652 self
653 }
654 /// Sets the access control policy on the specified resource. Replaces any
655 /// existing policy.
656 ///
657 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
658 pub async fn set_iam_policy(
659 &mut self,
660 request: impl tonic::IntoRequest<super::SetIamPolicyRequest>,
661 ) -> std::result::Result<tonic::Response<super::Policy>, tonic::Status> {
662 self.inner
663 .ready()
664 .await
665 .map_err(|e| tonic::Status::unknown(format!("Service was not ready: {}", e.into())))?;
666 let codec = tonic::codec::ProstCodec::default();
667 let path = http::uri::PathAndQuery::from_static("/google.iam.v1.IAMPolicy/SetIamPolicy");
668 let mut req = request.into_request();
669 req.extensions_mut()
670 .insert(GrpcMethod::new("google.iam.v1.IAMPolicy", "SetIamPolicy"));
671 self.inner.unary(req, path, codec).await
672 }
673 /// Gets the access control policy for a resource.
674 /// Returns an empty policy if the resource exists and does not have a policy
675 /// set.
676 pub async fn get_iam_policy(
677 &mut self,
678 request: impl tonic::IntoRequest<super::GetIamPolicyRequest>,
679 ) -> std::result::Result<tonic::Response<super::Policy>, tonic::Status> {
680 self.inner
681 .ready()
682 .await
683 .map_err(|e| tonic::Status::unknown(format!("Service was not ready: {}", e.into())))?;
684 let codec = tonic::codec::ProstCodec::default();
685 let path = http::uri::PathAndQuery::from_static("/google.iam.v1.IAMPolicy/GetIamPolicy");
686 let mut req = request.into_request();
687 req.extensions_mut()
688 .insert(GrpcMethod::new("google.iam.v1.IAMPolicy", "GetIamPolicy"));
689 self.inner.unary(req, path, codec).await
690 }
691 /// Returns permissions that a caller has on the specified resource.
692 /// If the resource does not exist, this will return an empty set of
693 /// permissions, not a `NOT_FOUND` error.
694 ///
695 /// Note: This operation is designed to be used for building permission-aware
696 /// UIs and command-line tools, not for authorization checking. This operation
697 /// may "fail open" without warning.
698 pub async fn test_iam_permissions(
699 &mut self,
700 request: impl tonic::IntoRequest<super::TestIamPermissionsRequest>,
701 ) -> std::result::Result<tonic::Response<super::TestIamPermissionsResponse>, tonic::Status> {
702 self.inner
703 .ready()
704 .await
705 .map_err(|e| tonic::Status::unknown(format!("Service was not ready: {}", e.into())))?;
706 let codec = tonic::codec::ProstCodec::default();
707 let path = http::uri::PathAndQuery::from_static("/google.iam.v1.IAMPolicy/TestIamPermissions");
708 let mut req = request.into_request();
709 req.extensions_mut()
710 .insert(GrpcMethod::new("google.iam.v1.IAMPolicy", "TestIamPermissions"));
711 self.inner.unary(req, path, codec).await
712 }
713 }
714}