google-cloud-orgpolicy-v2 1.5.0

// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.
#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]

/// Implements a client for the Organization Policy API.
///
/// # Example
/// ```
/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
/// # use google_cloud_orgpolicy_v2::client::OrgPolicy;
/// let client = OrgPolicy::builder().build().await?;
/// // use `client` to make requests to the Organization Policy API.
/// # Ok(()) }
/// ```
///
/// # Service Description
///
/// An interface for managing organization policies.
///
/// The Organization Policy Service provides a simple mechanism for
/// organizations to restrict the allowed configurations across their entire
/// resource hierarchy.
///
/// You can use a policy to configure restrictions on resources. For
/// example, you can enforce a policy that restricts which Google
/// Cloud APIs can be activated in a certain part of your resource
/// hierarchy, or prevents serial port access to VM instances in a
/// particular folder.
///
/// Policies are inherited down through the resource hierarchy. A policy
/// applied to a parent resource automatically applies to all its child resources
/// unless overridden with a policy lower in the hierarchy.
///
/// A constraint defines an aspect of a resource's configuration that can be
/// controlled by an organization's policy administrator. Policies are a
/// collection of constraints that defines their allowable configuration on a
/// particular resource and its child resources.
///
/// # Configuration
///
/// To configure `OrgPolicy` use the `with_*` methods in the type returned
/// by [builder()][OrgPolicy::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://orgpolicy.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::org_policy::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::org_policy::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `OrgPolicy` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `OrgPolicy` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct OrgPolicy {
    inner: std::sync::Arc<dyn super::stub::dynamic::OrgPolicy>,
}

impl OrgPolicy {
    /// Returns a builder for [OrgPolicy].
    ///
    /// ```
    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
    /// # use google_cloud_orgpolicy_v2::client::OrgPolicy;
    /// let client = OrgPolicy::builder().build().await?;
    /// # Ok(()) }
    /// ```
    pub fn builder() -> super::builder::org_policy::ClientBuilder {
        crate::new_client_builder(super::builder::org_policy::client::Factory)
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::OrgPolicy + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::OrgPolicy>> {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::OrgPolicy> {
        super::transport::OrgPolicy::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::OrgPolicy> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::OrgPolicy::new)
    }

    /// Lists constraints that could be applied on the specified resource.
    pub fn list_constraints(&self) -> super::builder::org_policy::ListConstraints {
        super::builder::org_policy::ListConstraints::new(self.inner.clone())
    }

    /// Retrieves all of the policies that exist on a particular resource.
    pub fn list_policies(&self) -> super::builder::org_policy::ListPolicies {
        super::builder::org_policy::ListPolicies::new(self.inner.clone())
    }

    /// Gets a policy on a resource.
    ///
    /// If no policy is set on the resource, `NOT_FOUND` is returned. The
    /// `etag` value can be used with `UpdatePolicy()` to update a
    /// policy during read-modify-write.
    pub fn get_policy(&self) -> super::builder::org_policy::GetPolicy {
        super::builder::org_policy::GetPolicy::new(self.inner.clone())
    }

    /// Gets the effective policy on a resource. This is the result of merging
    /// policies in the resource hierarchy and evaluating conditions. The
    /// returned policy will not have an `etag` or `condition` set because it is
    /// an evaluated policy across multiple resources.
    /// Subtrees of Resource Manager resource hierarchy with 'under:' prefix will
    /// not be expanded.
    pub fn get_effective_policy(&self) -> super::builder::org_policy::GetEffectivePolicy {
        super::builder::org_policy::GetEffectivePolicy::new(self.inner.clone())
    }

    /// Creates a policy.
    ///
    /// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
    /// constraint does not exist.
    /// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
    /// policy already exists on the given Google Cloud resource.
    pub fn create_policy(&self) -> super::builder::org_policy::CreatePolicy {
        super::builder::org_policy::CreatePolicy::new(self.inner.clone())
    }

    /// Updates a policy.
    ///
    /// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
    /// constraint or the policy do not exist.
    /// Returns a `google.rpc.Status` with `google.rpc.Code.ABORTED` if the etag
    /// supplied in the request does not match the persisted etag of the policy
    ///
    /// Note: the supplied policy will perform a full overwrite of all
    /// fields.
    pub fn update_policy(&self) -> super::builder::org_policy::UpdatePolicy {
        super::builder::org_policy::UpdatePolicy::new(self.inner.clone())
    }

    /// Deletes a policy.
    ///
    /// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
    /// constraint or organization policy does not exist.
    pub fn delete_policy(&self) -> super::builder::org_policy::DeletePolicy {
        super::builder::org_policy::DeletePolicy::new(self.inner.clone())
    }

    /// Creates a custom constraint.
    ///
    /// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
    /// organization does not exist.
    /// Returns a `google.rpc.Status` with `google.rpc.Code.ALREADY_EXISTS` if the
    /// constraint already exists on the given organization.
    pub fn create_custom_constraint(&self) -> super::builder::org_policy::CreateCustomConstraint {
        super::builder::org_policy::CreateCustomConstraint::new(self.inner.clone())
    }

    /// Updates a custom constraint.
    ///
    /// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
    /// constraint does not exist.
    ///
    /// Note: the supplied policy will perform a full overwrite of all
    /// fields.
    pub fn update_custom_constraint(&self) -> super::builder::org_policy::UpdateCustomConstraint {
        super::builder::org_policy::UpdateCustomConstraint::new(self.inner.clone())
    }

    /// Gets a custom or managed constraint.
    ///
    /// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
    /// custom or managed constraint does not exist.
    pub fn get_custom_constraint(&self) -> super::builder::org_policy::GetCustomConstraint {
        super::builder::org_policy::GetCustomConstraint::new(self.inner.clone())
    }

    /// Retrieves all of the custom constraints that exist on a particular
    /// organization resource.
    pub fn list_custom_constraints(&self) -> super::builder::org_policy::ListCustomConstraints {
        super::builder::org_policy::ListCustomConstraints::new(self.inner.clone())
    }

    /// Deletes a custom constraint.
    ///
    /// Returns a `google.rpc.Status` with `google.rpc.Code.NOT_FOUND` if the
    /// constraint does not exist.
    pub fn delete_custom_constraint(&self) -> super::builder::org_policy::DeleteCustomConstraint {
        super::builder::org_policy::DeleteCustomConstraint::new(self.inner.clone())
    }
}