google_cloud_binaryauthorization_v1/client.rs
1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::redundant_explicit_links)]
17#![allow(rustdoc::broken_intra_doc_links)]
18
19use crate::Result;
20
21/// Implements a client for the Binary Authorization API.
22///
23/// # Example
24/// ```
25/// # tokio_test::block_on(async {
26/// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
27/// let client = BinauthzManagementServiceV1::builder().build().await?;
28/// // use `client` to make requests to the Binary Authorization API.
29/// # gax::Result::<()>::Ok(()) });
30/// ```
31///
32/// # Service Description
33///
34/// Google Cloud Management Service for Binary Authorization admission policies
35/// and attestation authorities.
36///
37/// This API implements a REST model with the following objects:
38///
39/// * [Policy][google.cloud.binaryauthorization.v1.Policy]
40/// * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
41///
42/// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
43/// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
44///
45/// # Configuration
46///
47/// To configure `BinauthzManagementServiceV1` use the `with_*` methods in the type returned
48/// by [builder()][BinauthzManagementServiceV1::builder]. The default configuration should
49/// work for most applications. Common configuration changes include
50///
51/// * [with_endpoint()]: by default this client uses the global default endpoint
52/// (`https://binaryauthorization.googleapis.com`). Applications using regional
53/// endpoints or running in restricted networks (e.g. a network configured
54// with [Private Google Access with VPC Service Controls]) may want to
55/// override this default.
56/// * [with_credentials()]: by default this client uses
57/// [Application Default Credentials]. Applications using custom
58/// authentication may need to override this default.
59///
60/// [with_endpoint()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_endpoint
61/// [with_credentials()]: super::builder::binauthz_management_service_v_1::ClientBuilder::credentials
62/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
63/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
64///
65/// # Pooling and Cloning
66///
67/// `BinauthzManagementServiceV1` holds a connection pool internally, it is advised to
68/// create one and the reuse it. You do not need to wrap `BinauthzManagementServiceV1` in
69/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
70/// already uses an `Arc` internally.
71#[derive(Clone, Debug)]
72pub struct BinauthzManagementServiceV1 {
73 inner: std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
74}
75
76impl BinauthzManagementServiceV1 {
77 /// Returns a builder for [BinauthzManagementServiceV1].
78 ///
79 /// ```
80 /// # tokio_test::block_on(async {
81 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
82 /// let client = BinauthzManagementServiceV1::builder().build().await?;
83 /// # gax::Result::<()>::Ok(()) });
84 /// ```
85 pub fn builder() -> super::builder::binauthz_management_service_v_1::ClientBuilder {
86 gax::client_builder::internal::new_builder(
87 super::builder::binauthz_management_service_v_1::client::Factory,
88 )
89 }
90
91 /// Creates a new client from the provided stub.
92 ///
93 /// The most common case for calling this function is in tests mocking the
94 /// client's behavior.
95 pub fn from_stub<T>(stub: T) -> Self
96 where
97 T: super::stub::BinauthzManagementServiceV1 + 'static,
98 {
99 Self {
100 inner: std::sync::Arc::new(stub),
101 }
102 }
103
104 pub(crate) async fn new(config: gaxi::options::ClientConfig) -> Result<Self> {
105 let inner = Self::build_inner(config).await?;
106 Ok(Self { inner })
107 }
108
109 async fn build_inner(
110 conf: gaxi::options::ClientConfig,
111 ) -> Result<std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>> {
112 if gaxi::options::tracing_enabled(&conf) {
113 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
114 }
115 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
116 }
117
118 async fn build_transport(
119 conf: gaxi::options::ClientConfig,
120 ) -> Result<impl super::stub::BinauthzManagementServiceV1> {
121 super::transport::BinauthzManagementServiceV1::new(conf).await
122 }
123
124 async fn build_with_tracing(
125 conf: gaxi::options::ClientConfig,
126 ) -> Result<impl super::stub::BinauthzManagementServiceV1> {
127 Self::build_transport(conf)
128 .await
129 .map(super::tracing::BinauthzManagementServiceV1::new)
130 }
131
132 /// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
133 /// a container image, before the project is allowed to deploy that
134 /// image. There is at most one policy per project. All image admission
135 /// requests are permitted if a project has no policy.
136 ///
137 /// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
138 /// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
139 ///
140 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
141 /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
142 pub fn get_policy(&self) -> super::builder::binauthz_management_service_v_1::GetPolicy {
143 super::builder::binauthz_management_service_v_1::GetPolicy::new(self.inner.clone())
144 }
145
146 /// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
147 /// new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
148 /// conditions with concurrent policy enforcement (or management!)
149 /// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
150 /// if the request is malformed.
151 ///
152 /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
153 pub fn update_policy(&self) -> super::builder::binauthz_management_service_v_1::UpdatePolicy {
154 super::builder::binauthz_management_service_v_1::UpdatePolicy::new(self.inner.clone())
155 }
156
157 /// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
158 /// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
159 /// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
160 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
161 ///
162 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
163 pub fn create_attestor(
164 &self,
165 ) -> super::builder::binauthz_management_service_v_1::CreateAttestor {
166 super::builder::binauthz_management_service_v_1::CreateAttestor::new(self.inner.clone())
167 }
168
169 /// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
170 /// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
171 ///
172 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
173 pub fn get_attestor(&self) -> super::builder::binauthz_management_service_v_1::GetAttestor {
174 super::builder::binauthz_management_service_v_1::GetAttestor::new(self.inner.clone())
175 }
176
177 /// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
178 /// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
179 ///
180 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
181 pub fn update_attestor(
182 &self,
183 ) -> super::builder::binauthz_management_service_v_1::UpdateAttestor {
184 super::builder::binauthz_management_service_v_1::UpdateAttestor::new(self.inner.clone())
185 }
186
187 /// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
188 /// Returns INVALID_ARGUMENT if the project does not exist.
189 ///
190 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
191 pub fn list_attestors(&self) -> super::builder::binauthz_management_service_v_1::ListAttestors {
192 super::builder::binauthz_management_service_v_1::ListAttestors::new(self.inner.clone())
193 }
194
195 /// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
196 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
197 ///
198 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
199 pub fn delete_attestor(
200 &self,
201 ) -> super::builder::binauthz_management_service_v_1::DeleteAttestor {
202 super::builder::binauthz_management_service_v_1::DeleteAttestor::new(self.inner.clone())
203 }
204}
205
206/// Implements a client for the Binary Authorization API.
207///
208/// # Example
209/// ```
210/// # tokio_test::block_on(async {
211/// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
212/// let client = SystemPolicyV1::builder().build().await?;
213/// // use `client` to make requests to the Binary Authorization API.
214/// # gax::Result::<()>::Ok(()) });
215/// ```
216///
217/// # Service Description
218///
219/// API for working with the system policy.
220///
221/// # Configuration
222///
223/// To configure `SystemPolicyV1` use the `with_*` methods in the type returned
224/// by [builder()][SystemPolicyV1::builder]. The default configuration should
225/// work for most applications. Common configuration changes include
226///
227/// * [with_endpoint()]: by default this client uses the global default endpoint
228/// (`https://binaryauthorization.googleapis.com`). Applications using regional
229/// endpoints or running in restricted networks (e.g. a network configured
230// with [Private Google Access with VPC Service Controls]) may want to
231/// override this default.
232/// * [with_credentials()]: by default this client uses
233/// [Application Default Credentials]. Applications using custom
234/// authentication may need to override this default.
235///
236/// [with_endpoint()]: super::builder::system_policy_v_1::ClientBuilder::with_endpoint
237/// [with_credentials()]: super::builder::system_policy_v_1::ClientBuilder::credentials
238/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
239/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
240///
241/// # Pooling and Cloning
242///
243/// `SystemPolicyV1` holds a connection pool internally, it is advised to
244/// create one and the reuse it. You do not need to wrap `SystemPolicyV1` in
245/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
246/// already uses an `Arc` internally.
247#[derive(Clone, Debug)]
248pub struct SystemPolicyV1 {
249 inner: std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>,
250}
251
252impl SystemPolicyV1 {
253 /// Returns a builder for [SystemPolicyV1].
254 ///
255 /// ```
256 /// # tokio_test::block_on(async {
257 /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
258 /// let client = SystemPolicyV1::builder().build().await?;
259 /// # gax::Result::<()>::Ok(()) });
260 /// ```
261 pub fn builder() -> super::builder::system_policy_v_1::ClientBuilder {
262 gax::client_builder::internal::new_builder(
263 super::builder::system_policy_v_1::client::Factory,
264 )
265 }
266
267 /// Creates a new client from the provided stub.
268 ///
269 /// The most common case for calling this function is in tests mocking the
270 /// client's behavior.
271 pub fn from_stub<T>(stub: T) -> Self
272 where
273 T: super::stub::SystemPolicyV1 + 'static,
274 {
275 Self {
276 inner: std::sync::Arc::new(stub),
277 }
278 }
279
280 pub(crate) async fn new(config: gaxi::options::ClientConfig) -> Result<Self> {
281 let inner = Self::build_inner(config).await?;
282 Ok(Self { inner })
283 }
284
285 async fn build_inner(
286 conf: gaxi::options::ClientConfig,
287 ) -> Result<std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>> {
288 if gaxi::options::tracing_enabled(&conf) {
289 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
290 }
291 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
292 }
293
294 async fn build_transport(
295 conf: gaxi::options::ClientConfig,
296 ) -> Result<impl super::stub::SystemPolicyV1> {
297 super::transport::SystemPolicyV1::new(conf).await
298 }
299
300 async fn build_with_tracing(
301 conf: gaxi::options::ClientConfig,
302 ) -> Result<impl super::stub::SystemPolicyV1> {
303 Self::build_transport(conf)
304 .await
305 .map(super::tracing::SystemPolicyV1::new)
306 }
307
308 /// Gets the current system policy in the specified location.
309 pub fn get_system_policy(&self) -> super::builder::system_policy_v_1::GetSystemPolicy {
310 super::builder::system_policy_v_1::GetSystemPolicy::new(self.inner.clone())
311 }
312}
313
314/// Implements a client for the Binary Authorization API.
315///
316/// # Example
317/// ```
318/// # tokio_test::block_on(async {
319/// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
320/// let client = ValidationHelperV1::builder().build().await?;
321/// // use `client` to make requests to the Binary Authorization API.
322/// # gax::Result::<()>::Ok(()) });
323/// ```
324///
325/// # Service Description
326///
327/// BinAuthz Attestor verification
328///
329/// # Configuration
330///
331/// To configure `ValidationHelperV1` use the `with_*` methods in the type returned
332/// by [builder()][ValidationHelperV1::builder]. The default configuration should
333/// work for most applications. Common configuration changes include
334///
335/// * [with_endpoint()]: by default this client uses the global default endpoint
336/// (`https://binaryauthorization.googleapis.com`). Applications using regional
337/// endpoints or running in restricted networks (e.g. a network configured
338// with [Private Google Access with VPC Service Controls]) may want to
339/// override this default.
340/// * [with_credentials()]: by default this client uses
341/// [Application Default Credentials]. Applications using custom
342/// authentication may need to override this default.
343///
344/// [with_endpoint()]: super::builder::validation_helper_v_1::ClientBuilder::with_endpoint
345/// [with_credentials()]: super::builder::validation_helper_v_1::ClientBuilder::credentials
346/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
347/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
348///
349/// # Pooling and Cloning
350///
351/// `ValidationHelperV1` holds a connection pool internally, it is advised to
352/// create one and the reuse it. You do not need to wrap `ValidationHelperV1` in
353/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
354/// already uses an `Arc` internally.
355#[derive(Clone, Debug)]
356pub struct ValidationHelperV1 {
357 inner: std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>,
358}
359
360impl ValidationHelperV1 {
361 /// Returns a builder for [ValidationHelperV1].
362 ///
363 /// ```
364 /// # tokio_test::block_on(async {
365 /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
366 /// let client = ValidationHelperV1::builder().build().await?;
367 /// # gax::Result::<()>::Ok(()) });
368 /// ```
369 pub fn builder() -> super::builder::validation_helper_v_1::ClientBuilder {
370 gax::client_builder::internal::new_builder(
371 super::builder::validation_helper_v_1::client::Factory,
372 )
373 }
374
375 /// Creates a new client from the provided stub.
376 ///
377 /// The most common case for calling this function is in tests mocking the
378 /// client's behavior.
379 pub fn from_stub<T>(stub: T) -> Self
380 where
381 T: super::stub::ValidationHelperV1 + 'static,
382 {
383 Self {
384 inner: std::sync::Arc::new(stub),
385 }
386 }
387
388 pub(crate) async fn new(config: gaxi::options::ClientConfig) -> Result<Self> {
389 let inner = Self::build_inner(config).await?;
390 Ok(Self { inner })
391 }
392
393 async fn build_inner(
394 conf: gaxi::options::ClientConfig,
395 ) -> Result<std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>> {
396 if gaxi::options::tracing_enabled(&conf) {
397 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
398 }
399 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
400 }
401
402 async fn build_transport(
403 conf: gaxi::options::ClientConfig,
404 ) -> Result<impl super::stub::ValidationHelperV1> {
405 super::transport::ValidationHelperV1::new(conf).await
406 }
407
408 async fn build_with_tracing(
409 conf: gaxi::options::ClientConfig,
410 ) -> Result<impl super::stub::ValidationHelperV1> {
411 Self::build_transport(conf)
412 .await
413 .map(super::tracing::ValidationHelperV1::new)
414 }
415
416 /// Returns whether the given Attestation for the given image URI
417 /// was signed by the given Attestor
418 pub fn validate_attestation_occurrence(
419 &self,
420 ) -> super::builder::validation_helper_v_1::ValidateAttestationOccurrence {
421 super::builder::validation_helper_v_1::ValidateAttestationOccurrence::new(
422 self.inner.clone(),
423 )
424 }
425}