google-cloud-iap-v1 1.5.0

Google Cloud Client Libraries for Rust - Cloud Identity-Aware Proxy API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410

// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.
#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]

/// Implements a client for the Cloud Identity-Aware Proxy API.
///
/// # Example
/// ```
/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
/// # use google_cloud_iap_v1::client::IdentityAwareProxyAdminService;
/// let client = IdentityAwareProxyAdminService::builder().build().await?;
/// // use `client` to make requests to the Cloud Identity-Aware Proxy API.
/// # Ok(()) }
/// ```
///
/// # Service Description
///
/// APIs for Identity-Aware Proxy Admin configurations.
///
/// # Configuration
///
/// To configure `IdentityAwareProxyAdminService` use the `with_*` methods in the type returned
/// by [builder()][IdentityAwareProxyAdminService::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://iap.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::identity_aware_proxy_admin_service::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::identity_aware_proxy_admin_service::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `IdentityAwareProxyAdminService` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `IdentityAwareProxyAdminService` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct IdentityAwareProxyAdminService {
    inner: std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyAdminService>,
}

impl IdentityAwareProxyAdminService {
    /// Returns a builder for [IdentityAwareProxyAdminService].
    ///
    /// ```
    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
    /// # use google_cloud_iap_v1::client::IdentityAwareProxyAdminService;
    /// let client = IdentityAwareProxyAdminService::builder().build().await?;
    /// # Ok(()) }
    /// ```
    pub fn builder() -> super::builder::identity_aware_proxy_admin_service::ClientBuilder {
        crate::new_client_builder(
            super::builder::identity_aware_proxy_admin_service::client::Factory,
        )
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::IdentityAwareProxyAdminService + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<
        std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyAdminService>,
    > {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::IdentityAwareProxyAdminService> {
        super::transport::IdentityAwareProxyAdminService::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::IdentityAwareProxyAdminService> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::IdentityAwareProxyAdminService::new)
    }

    /// Sets the access control policy for an Identity-Aware Proxy protected
    /// resource. Replaces any existing policy.
    /// More information about managing access via IAP can be found at:
    /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
    pub fn set_iam_policy(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::SetIamPolicy {
        super::builder::identity_aware_proxy_admin_service::SetIamPolicy::new(self.inner.clone())
    }

    /// Gets the access control policy for an Identity-Aware Proxy protected
    /// resource.
    /// More information about managing access via IAP can be found at:
    /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
    pub fn get_iam_policy(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::GetIamPolicy {
        super::builder::identity_aware_proxy_admin_service::GetIamPolicy::new(self.inner.clone())
    }

    /// Returns permissions that a caller has on the Identity-Aware Proxy protected
    /// resource.
    /// More information about managing access via IAP can be found at:
    /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
    pub fn test_iam_permissions(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::TestIamPermissions {
        super::builder::identity_aware_proxy_admin_service::TestIamPermissions::new(
            self.inner.clone(),
        )
    }

    /// Gets the IAP settings on a particular IAP protected resource.
    pub fn get_iap_settings(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::GetIapSettings {
        super::builder::identity_aware_proxy_admin_service::GetIapSettings::new(self.inner.clone())
    }

    /// Updates the IAP settings on a particular IAP protected resource. It
    /// replaces all fields unless the `update_mask` is set.
    pub fn update_iap_settings(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::UpdateIapSettings {
        super::builder::identity_aware_proxy_admin_service::UpdateIapSettings::new(
            self.inner.clone(),
        )
    }

    /// Validates that a given CEL expression conforms to IAP restrictions.
    pub fn validate_iap_attribute_expression(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::ValidateIapAttributeExpression {
        super::builder::identity_aware_proxy_admin_service::ValidateIapAttributeExpression::new(
            self.inner.clone(),
        )
    }

    /// Lists the existing TunnelDestGroups. To group across all locations, use a
    /// `-` as the location ID. For example:
    /// `/v1/projects/123/iap_tunnel/locations/-/destGroups`
    pub fn list_tunnel_dest_groups(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::ListTunnelDestGroups {
        super::builder::identity_aware_proxy_admin_service::ListTunnelDestGroups::new(
            self.inner.clone(),
        )
    }

    /// Creates a new TunnelDestGroup.
    pub fn create_tunnel_dest_group(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::CreateTunnelDestGroup {
        super::builder::identity_aware_proxy_admin_service::CreateTunnelDestGroup::new(
            self.inner.clone(),
        )
    }

    /// Retrieves an existing TunnelDestGroup.
    pub fn get_tunnel_dest_group(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::GetTunnelDestGroup {
        super::builder::identity_aware_proxy_admin_service::GetTunnelDestGroup::new(
            self.inner.clone(),
        )
    }

    /// Deletes a TunnelDestGroup.
    pub fn delete_tunnel_dest_group(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::DeleteTunnelDestGroup {
        super::builder::identity_aware_proxy_admin_service::DeleteTunnelDestGroup::new(
            self.inner.clone(),
        )
    }

    /// Updates a TunnelDestGroup.
    pub fn update_tunnel_dest_group(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::UpdateTunnelDestGroup {
        super::builder::identity_aware_proxy_admin_service::UpdateTunnelDestGroup::new(
            self.inner.clone(),
        )
    }
}

/// Implements a client for the Cloud Identity-Aware Proxy API.
///
/// # Example
/// ```
/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
/// # use google_cloud_iap_v1::client::IdentityAwareProxyOAuthService;
/// let client = IdentityAwareProxyOAuthService::builder().build().await?;
/// // use `client` to make requests to the Cloud Identity-Aware Proxy API.
/// # Ok(()) }
/// ```
///
/// # Service Description
///
/// API to programmatically create, list and retrieve Identity Aware Proxy (IAP)
/// OAuth brands; and create, retrieve, delete and reset-secret of IAP OAuth
/// clients.
///
/// # Configuration
///
/// To configure `IdentityAwareProxyOAuthService` use the `with_*` methods in the type returned
/// by [builder()][IdentityAwareProxyOAuthService::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://iap.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::identity_aware_proxy_o_auth_service::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::identity_aware_proxy_o_auth_service::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `IdentityAwareProxyOAuthService` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `IdentityAwareProxyOAuthService` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct IdentityAwareProxyOAuthService {
    inner: std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyOAuthService>,
}

impl IdentityAwareProxyOAuthService {
    /// Returns a builder for [IdentityAwareProxyOAuthService].
    ///
    /// ```
    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
    /// # use google_cloud_iap_v1::client::IdentityAwareProxyOAuthService;
    /// let client = IdentityAwareProxyOAuthService::builder().build().await?;
    /// # Ok(()) }
    /// ```
    pub fn builder() -> super::builder::identity_aware_proxy_o_auth_service::ClientBuilder {
        crate::new_client_builder(
            super::builder::identity_aware_proxy_o_auth_service::client::Factory,
        )
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::IdentityAwareProxyOAuthService + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<
        std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyOAuthService>,
    > {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::IdentityAwareProxyOAuthService> {
        super::transport::IdentityAwareProxyOAuthService::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::IdentityAwareProxyOAuthService> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::IdentityAwareProxyOAuthService::new)
    }

    /// Lists the existing brands for the project.
    pub fn list_brands(&self) -> super::builder::identity_aware_proxy_o_auth_service::ListBrands {
        super::builder::identity_aware_proxy_o_auth_service::ListBrands::new(self.inner.clone())
    }

    /// Constructs a new OAuth brand for the project if one does not exist.
    /// The created brand is "internal only", meaning that OAuth clients created
    /// under it only accept requests from users who belong to the same Google
    /// Workspace organization as the project. The brand is created in an
    /// un-reviewed status. NOTE: The "internal only" status can be manually
    /// changed in the Google Cloud Console. Requires that a brand does not already
    /// exist for the project, and that the specified support email is owned by the
    /// caller.
    pub fn create_brand(&self) -> super::builder::identity_aware_proxy_o_auth_service::CreateBrand {
        super::builder::identity_aware_proxy_o_auth_service::CreateBrand::new(self.inner.clone())
    }

    /// Retrieves the OAuth brand of the project.
    pub fn get_brand(&self) -> super::builder::identity_aware_proxy_o_auth_service::GetBrand {
        super::builder::identity_aware_proxy_o_auth_service::GetBrand::new(self.inner.clone())
    }

    /// Creates an Identity Aware Proxy (IAP) OAuth client. The client is owned
    /// by IAP. Requires that the brand for the project exists and that it is
    /// set for internal-only use.
    pub fn create_identity_aware_proxy_client(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::CreateIdentityAwareProxyClient {
        super::builder::identity_aware_proxy_o_auth_service::CreateIdentityAwareProxyClient::new(
            self.inner.clone(),
        )
    }

    /// Lists the existing clients for the brand.
    pub fn list_identity_aware_proxy_clients(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::ListIdentityAwareProxyClients {
        super::builder::identity_aware_proxy_o_auth_service::ListIdentityAwareProxyClients::new(
            self.inner.clone(),
        )
    }

    /// Retrieves an Identity Aware Proxy (IAP) OAuth client.
    /// Requires that the client is owned by IAP.
    pub fn get_identity_aware_proxy_client(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::GetIdentityAwareProxyClient {
        super::builder::identity_aware_proxy_o_auth_service::GetIdentityAwareProxyClient::new(
            self.inner.clone(),
        )
    }

    /// Resets an Identity Aware Proxy (IAP) OAuth client secret. Useful if the
    /// secret was compromised. Requires that the client is owned by IAP.
    pub fn reset_identity_aware_proxy_client_secret(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::ResetIdentityAwareProxyClientSecret
    {
        super::builder::identity_aware_proxy_o_auth_service::ResetIdentityAwareProxyClientSecret::new(self.inner.clone())
    }

    /// Deletes an Identity Aware Proxy (IAP) OAuth client. Useful for removing
    /// obsolete clients, managing the number of clients in a given project, and
    /// cleaning up after tests. Requires that the client is owned by IAP.
    pub fn delete_identity_aware_proxy_client(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::DeleteIdentityAwareProxyClient {
        super::builder::identity_aware_proxy_o_auth_service::DeleteIdentityAwareProxyClient::new(
            self.inner.clone(),
        )
    }
}