google_cloud_binaryauthorization_v1/

model.rs

// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.

#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]
#![no_implicit_prelude]
extern crate async_trait;
extern crate bytes;
extern crate gax;
extern crate gaxi;
extern crate grafeas;
extern crate lazy_static;
extern crate reqwest;
extern crate serde;
extern crate serde_json;
extern crate serde_with;
extern crate std;
extern crate tracing;
extern crate wkt;

/// A [policy][google.cloud.binaryauthorization.v1.Policy] for container image binary authorization.
///
/// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct Policy {
    /// Output only. The resource name, in the format `projects/*/policy`. There is
    /// at most one policy per project.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub name: std::string::String,

    /// Optional. A descriptive comment.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub description: std::string::String,

    /// Optional. Controls the evaluation of a Google-maintained global admission
    /// policy for common system-level images. Images not covered by the global
    /// policy will be subject to the project admission policy. This setting
    /// has no effect when specified inside a global admission policy.
    pub global_policy_evaluation_mode: crate::model::policy::GlobalPolicyEvaluationMode,

    /// Optional. Admission policy allowlisting. A matching admission request will
    /// always be permitted. This feature is typically used to exclude Google or
    /// third-party infrastructure images from Binary Authorization policies.
    #[serde(skip_serializing_if = "std::vec::Vec::is_empty")]
    pub admission_whitelist_patterns: std::vec::Vec<crate::model::AdmissionWhitelistPattern>,

    /// Optional. Per-cluster admission rules. Cluster spec format:
    /// `location.clusterId`. There can be at most one admission rule per cluster
    /// spec.
    /// A `location` is either a compute zone (e.g. us-central1-a) or a region
    /// (e.g. us-central1).
    /// For `clusterId` syntax restrictions see
    /// <https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters>.
    #[serde(skip_serializing_if = "std::collections::HashMap::is_empty")]
    pub cluster_admission_rules:
        std::collections::HashMap<std::string::String, crate::model::AdmissionRule>,

    /// Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
    /// [a-z.-]+, e.g. 'some-namespace'
    #[serde(skip_serializing_if = "std::collections::HashMap::is_empty")]
    pub kubernetes_namespace_admission_rules:
        std::collections::HashMap<std::string::String, crate::model::AdmissionRule>,

    /// Optional. Per-kubernetes-service-account admission rules. Service account
    /// spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
    #[serde(skip_serializing_if = "std::collections::HashMap::is_empty")]
    pub kubernetes_service_account_admission_rules:
        std::collections::HashMap<std::string::String, crate::model::AdmissionRule>,

    /// Optional. Per-istio-service-identity admission rules. Istio service
    /// identity spec format:
    /// spiffe://\<domain\>/ns/\<namespace\>/sa/\<serviceaccount\> or
    /// \<domain\>/ns/\<namespace\>/sa/\<serviceaccount\>
    /// e.g. spiffe://example.com/ns/test-ns/sa/default
    #[serde(skip_serializing_if = "std::collections::HashMap::is_empty")]
    pub istio_service_identity_admission_rules:
        std::collections::HashMap<std::string::String, crate::model::AdmissionRule>,

    /// Required. Default admission rule for a cluster without a per-cluster, per-
    /// kubernetes-service-account, or per-istio-service-identity admission rule.
    #[serde(skip_serializing_if = "std::option::Option::is_none")]
    pub default_admission_rule: std::option::Option<crate::model::AdmissionRule>,

    /// Output only. Time when the policy was last updated.
    #[serde(skip_serializing_if = "std::option::Option::is_none")]
    pub update_time: std::option::Option<wkt::Timestamp>,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl Policy {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::Policy::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [description][crate::model::Policy::description].
    pub fn set_description<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.description = v.into();
        self
    }

    /// Sets the value of [global_policy_evaluation_mode][crate::model::Policy::global_policy_evaluation_mode].
    pub fn set_global_policy_evaluation_mode<
        T: std::convert::Into<crate::model::policy::GlobalPolicyEvaluationMode>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.global_policy_evaluation_mode = v.into();
        self
    }

    /// Sets the value of [admission_whitelist_patterns][crate::model::Policy::admission_whitelist_patterns].
    pub fn set_admission_whitelist_patterns<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::AdmissionWhitelistPattern>,
    {
        use std::iter::Iterator;
        self.admission_whitelist_patterns = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [cluster_admission_rules][crate::model::Policy::cluster_admission_rules].
    pub fn set_cluster_admission_rules<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<crate::model::AdmissionRule>,
    {
        use std::iter::Iterator;
        self.cluster_admission_rules = v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }

    /// Sets the value of [kubernetes_namespace_admission_rules][crate::model::Policy::kubernetes_namespace_admission_rules].
    pub fn set_kubernetes_namespace_admission_rules<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<crate::model::AdmissionRule>,
    {
        use std::iter::Iterator;
        self.kubernetes_namespace_admission_rules =
            v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }

    /// Sets the value of [kubernetes_service_account_admission_rules][crate::model::Policy::kubernetes_service_account_admission_rules].
    pub fn set_kubernetes_service_account_admission_rules<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<crate::model::AdmissionRule>,
    {
        use std::iter::Iterator;
        self.kubernetes_service_account_admission_rules =
            v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }

    /// Sets the value of [istio_service_identity_admission_rules][crate::model::Policy::istio_service_identity_admission_rules].
    pub fn set_istio_service_identity_admission_rules<T, K, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = (K, V)>,
        K: std::convert::Into<std::string::String>,
        V: std::convert::Into<crate::model::AdmissionRule>,
    {
        use std::iter::Iterator;
        self.istio_service_identity_admission_rules =
            v.into_iter().map(|(k, v)| (k.into(), v.into())).collect();
        self
    }

    /// Sets the value of [default_admission_rule][crate::model::Policy::default_admission_rule].
    pub fn set_default_admission_rule<
        T: std::convert::Into<std::option::Option<crate::model::AdmissionRule>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.default_admission_rule = v.into();
        self
    }

    /// Sets the value of [update_time][crate::model::Policy::update_time].
    pub fn set_update_time<T: std::convert::Into<std::option::Option<wkt::Timestamp>>>(
        mut self,
        v: T,
    ) -> Self {
        self.update_time = v.into();
        self
    }
}

impl wkt::message::Message for Policy {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.Policy"
    }
}

/// Defines additional types related to [Policy].
pub mod policy {
    #[allow(unused_imports)]
    use super::*;

    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum GlobalPolicyEvaluationMode {
        /// Not specified: DISABLE is assumed.
        Unspecified,
        /// Enables system policy evaluation.
        Enable,
        /// Disables system policy evaluation.
        Disable,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [GlobalPolicyEvaluationMode::value] or
        /// [GlobalPolicyEvaluationMode::name].
        UnknownValue(global_policy_evaluation_mode::UnknownValue),
    }

    #[doc(hidden)]
    pub mod global_policy_evaluation_mode {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl GlobalPolicyEvaluationMode {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Enable => std::option::Option::Some(1),
                Self::Disable => std::option::Option::Some(2),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => {
                    std::option::Option::Some("GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED")
                }
                Self::Enable => std::option::Option::Some("ENABLE"),
                Self::Disable => std::option::Option::Some("DISABLE"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for GlobalPolicyEvaluationMode {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for GlobalPolicyEvaluationMode {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for GlobalPolicyEvaluationMode {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Enable,
                2 => Self::Disable,
                _ => Self::UnknownValue(global_policy_evaluation_mode::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for GlobalPolicyEvaluationMode {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED" => Self::Unspecified,
                "ENABLE" => Self::Enable,
                "DISABLE" => Self::Disable,
                _ => Self::UnknownValue(global_policy_evaluation_mode::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for GlobalPolicyEvaluationMode {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Enable => serializer.serialize_i32(1),
                Self::Disable => serializer.serialize_i32(2),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for GlobalPolicyEvaluationMode {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(
                wkt::internal::EnumVisitor::<GlobalPolicyEvaluationMode>::new(
                    ".google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode",
                ),
            )
        }
    }
}

/// An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images
/// from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].
///
/// [google.cloud.binaryauthorization.v1.AdmissionRule]: crate::model::AdmissionRule
/// [google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]: crate::model::AdmissionWhitelistPattern
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct AdmissionWhitelistPattern {
    /// An image name pattern to allowlist, in the form `registry/path/to/image`.
    /// This supports a trailing `*` wildcard, but this is allowed only in
    /// text after the `registry/` part. This also supports a trailing `**`
    /// wildcard which matches subdirectories of a given entry.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub name_pattern: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AdmissionWhitelistPattern {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name_pattern][crate::model::AdmissionWhitelistPattern::name_pattern].
    pub fn set_name_pattern<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name_pattern = v.into();
        self
    }
}

impl wkt::message::Message for AdmissionWhitelistPattern {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern"
    }
}

/// An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images
/// used in a pod creation request must be attested to by one or more
/// [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all
/// pod creations will be denied.
///
/// Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]
/// are exempted from admission rules and will never block a pod creation.
///
/// [google.cloud.binaryauthorization.v1.AdmissionRule]: crate::model::AdmissionRule
/// [google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]: crate::model::AdmissionWhitelistPattern
/// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct AdmissionRule {
    /// Required. How this admission rule will be evaluated.
    pub evaluation_mode: crate::model::admission_rule::EvaluationMode,

    /// Optional. The resource names of the attestors that must attest to
    /// a container image, in the format `projects/*/attestors/*`. Each
    /// attestor must exist before a policy can reference it.  To add an attestor
    /// to a policy the principal issuing the policy change request must be able
    /// to read the attestor resource.
    ///
    /// Note: this field must be non-empty when the evaluation_mode field specifies
    /// REQUIRE_ATTESTATION, otherwise it must be empty.
    #[serde(skip_serializing_if = "std::vec::Vec::is_empty")]
    pub require_attestations_by: std::vec::Vec<std::string::String>,

    /// Required. The action when a pod creation is denied by the admission rule.
    pub enforcement_mode: crate::model::admission_rule::EnforcementMode,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AdmissionRule {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [evaluation_mode][crate::model::AdmissionRule::evaluation_mode].
    pub fn set_evaluation_mode<
        T: std::convert::Into<crate::model::admission_rule::EvaluationMode>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.evaluation_mode = v.into();
        self
    }

    /// Sets the value of [require_attestations_by][crate::model::AdmissionRule::require_attestations_by].
    pub fn set_require_attestations_by<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<std::string::String>,
    {
        use std::iter::Iterator;
        self.require_attestations_by = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [enforcement_mode][crate::model::AdmissionRule::enforcement_mode].
    pub fn set_enforcement_mode<
        T: std::convert::Into<crate::model::admission_rule::EnforcementMode>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.enforcement_mode = v.into();
        self
    }
}

impl wkt::message::Message for AdmissionRule {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.AdmissionRule"
    }
}

/// Defines additional types related to [AdmissionRule].
pub mod admission_rule {
    #[allow(unused_imports)]
    use super::*;

    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum EvaluationMode {
        /// Do not use.
        Unspecified,
        /// This rule allows all all pod creations.
        AlwaysAllow,
        /// This rule allows a pod creation if all the attestors listed in
        /// 'require_attestations_by' have valid attestations for all of the
        /// images in the pod spec.
        RequireAttestation,
        /// This rule denies all pod creations.
        AlwaysDeny,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [EvaluationMode::value] or
        /// [EvaluationMode::name].
        UnknownValue(evaluation_mode::UnknownValue),
    }

    #[doc(hidden)]
    pub mod evaluation_mode {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl EvaluationMode {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::AlwaysAllow => std::option::Option::Some(1),
                Self::RequireAttestation => std::option::Option::Some(2),
                Self::AlwaysDeny => std::option::Option::Some(3),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("EVALUATION_MODE_UNSPECIFIED"),
                Self::AlwaysAllow => std::option::Option::Some("ALWAYS_ALLOW"),
                Self::RequireAttestation => std::option::Option::Some("REQUIRE_ATTESTATION"),
                Self::AlwaysDeny => std::option::Option::Some("ALWAYS_DENY"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for EvaluationMode {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for EvaluationMode {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for EvaluationMode {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::AlwaysAllow,
                2 => Self::RequireAttestation,
                3 => Self::AlwaysDeny,
                _ => Self::UnknownValue(evaluation_mode::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for EvaluationMode {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "EVALUATION_MODE_UNSPECIFIED" => Self::Unspecified,
                "ALWAYS_ALLOW" => Self::AlwaysAllow,
                "REQUIRE_ATTESTATION" => Self::RequireAttestation,
                "ALWAYS_DENY" => Self::AlwaysDeny,
                _ => Self::UnknownValue(evaluation_mode::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for EvaluationMode {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::AlwaysAllow => serializer.serialize_i32(1),
                Self::RequireAttestation => serializer.serialize_i32(2),
                Self::AlwaysDeny => serializer.serialize_i32(3),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for EvaluationMode {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<EvaluationMode>::new(
                ".google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode",
            ))
        }
    }

    /// Defines the possible actions when a pod creation is denied by an admission
    /// rule.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum EnforcementMode {
        /// Do not use.
        Unspecified,
        /// Enforce the admission rule by blocking the pod creation.
        EnforcedBlockAndAuditLog,
        /// Dryrun mode: Audit logging only.  This will allow the pod creation as if
        /// the admission request had specified break-glass.
        DryrunAuditLogOnly,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [EnforcementMode::value] or
        /// [EnforcementMode::name].
        UnknownValue(enforcement_mode::UnknownValue),
    }

    #[doc(hidden)]
    pub mod enforcement_mode {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl EnforcementMode {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::EnforcedBlockAndAuditLog => std::option::Option::Some(1),
                Self::DryrunAuditLogOnly => std::option::Option::Some(2),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("ENFORCEMENT_MODE_UNSPECIFIED"),
                Self::EnforcedBlockAndAuditLog => {
                    std::option::Option::Some("ENFORCED_BLOCK_AND_AUDIT_LOG")
                }
                Self::DryrunAuditLogOnly => std::option::Option::Some("DRYRUN_AUDIT_LOG_ONLY"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for EnforcementMode {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for EnforcementMode {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for EnforcementMode {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::EnforcedBlockAndAuditLog,
                2 => Self::DryrunAuditLogOnly,
                _ => Self::UnknownValue(enforcement_mode::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for EnforcementMode {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "ENFORCEMENT_MODE_UNSPECIFIED" => Self::Unspecified,
                "ENFORCED_BLOCK_AND_AUDIT_LOG" => Self::EnforcedBlockAndAuditLog,
                "DRYRUN_AUDIT_LOG_ONLY" => Self::DryrunAuditLogOnly,
                _ => Self::UnknownValue(enforcement_mode::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for EnforcementMode {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::EnforcedBlockAndAuditLog => serializer.serialize_i32(1),
                Self::DryrunAuditLogOnly => serializer.serialize_i32(2),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for EnforcementMode {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<EnforcementMode>::new(
                ".google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode",
            ))
        }
    }
}

/// An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
/// artifacts. An existing attestor cannot be modified except where
/// indicated.
///
/// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct Attestor {
    /// Required. The resource name, in the format:
    /// `projects/*/attestors/*`. This field may not be updated.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub name: std::string::String,

    /// Optional. A descriptive comment.  This field may be updated.
    /// The field may be displayed in chooser dialogs.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub description: std::string::String,

    /// Output only. Time when the attestor was last updated.
    #[serde(skip_serializing_if = "std::option::Option::is_none")]
    pub update_time: std::option::Option<wkt::Timestamp>,

    #[serde(flatten, skip_serializing_if = "std::option::Option::is_none")]
    pub attestor_type: std::option::Option<crate::model::attestor::AttestorType>,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl Attestor {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::Attestor::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }

    /// Sets the value of [description][crate::model::Attestor::description].
    pub fn set_description<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.description = v.into();
        self
    }

    /// Sets the value of [update_time][crate::model::Attestor::update_time].
    pub fn set_update_time<T: std::convert::Into<std::option::Option<wkt::Timestamp>>>(
        mut self,
        v: T,
    ) -> Self {
        self.update_time = v.into();
        self
    }

    /// Sets the value of [attestor_type][crate::model::Attestor::attestor_type].
    ///
    /// Note that all the setters affecting `attestor_type` are mutually
    /// exclusive.
    pub fn set_attestor_type<
        T: std::convert::Into<std::option::Option<crate::model::attestor::AttestorType>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.attestor_type = v.into();
        self
    }

    /// The value of [attestor_type][crate::model::Attestor::attestor_type]
    /// if it holds a `UserOwnedGrafeasNote`, `None` if the field is not set or
    /// holds a different branch.
    pub fn user_owned_grafeas_note(
        &self,
    ) -> std::option::Option<&std::boxed::Box<crate::model::UserOwnedGrafeasNote>> {
        #[allow(unreachable_patterns)]
        self.attestor_type.as_ref().and_then(|v| match v {
            crate::model::attestor::AttestorType::UserOwnedGrafeasNote(v) => {
                std::option::Option::Some(v)
            }
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [attestor_type][crate::model::Attestor::attestor_type]
    /// to hold a `UserOwnedGrafeasNote`.
    ///
    /// Note that all the setters affecting `attestor_type` are
    /// mutually exclusive.
    pub fn set_user_owned_grafeas_note<
        T: std::convert::Into<std::boxed::Box<crate::model::UserOwnedGrafeasNote>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.attestor_type = std::option::Option::Some(
            crate::model::attestor::AttestorType::UserOwnedGrafeasNote(v.into()),
        );
        self
    }
}

impl wkt::message::Message for Attestor {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.Attestor"
    }
}

/// Defines additional types related to [Attestor].
pub mod attestor {
    #[allow(unused_imports)]
    use super::*;

    #[serde_with::serde_as]
    #[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize)]
    #[serde(rename_all = "camelCase")]
    #[non_exhaustive]
    pub enum AttestorType {
        /// This specifies how an attestation will be read, and how it will be used
        /// during policy enforcement.
        UserOwnedGrafeasNote(std::boxed::Box<crate::model::UserOwnedGrafeasNote>),
    }
}

/// An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas
/// Attestation.Authority Note created by the user.
///
/// [google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote]: crate::model::UserOwnedGrafeasNote
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct UserOwnedGrafeasNote {
    /// Required. The Grafeas resource name of a Attestation.Authority Note,
    /// created by the user, in the format: `projects/*/notes/*`. This field may
    /// not be updated.
    ///
    /// An attestation by this attestor is stored as a Grafeas
    /// Attestation.Authority Occurrence that names a container image and that
    /// links to this Note. Grafeas is an external dependency.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub note_reference: std::string::String,

    /// Optional. Public keys that verify attestations signed by this
    /// attestor.  This field may be updated.
    ///
    /// If this field is non-empty, one of the specified public keys must
    /// verify that an attestation was signed by this attestor for the
    /// image specified in the admission request.
    ///
    /// If this field is empty, this attestor always returns that no
    /// valid attestations exist.
    #[serde(skip_serializing_if = "std::vec::Vec::is_empty")]
    pub public_keys: std::vec::Vec<crate::model::AttestorPublicKey>,

    /// Output only. This field will contain the service account email address
    /// that this Attestor will use as the principal when querying Container
    /// Analysis. Attestor administrators must grant this service account the
    /// IAM role needed to read attestations from the [note_reference][Note] in
    /// Container Analysis (`containeranalysis.notes.occurrences.viewer`).
    ///
    /// This email address is fixed for the lifetime of the Attestor, but callers
    /// should not make any other assumptions about the service account email;
    /// future versions may use an email based on a different naming pattern.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub delegation_service_account_email: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UserOwnedGrafeasNote {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [note_reference][crate::model::UserOwnedGrafeasNote::note_reference].
    pub fn set_note_reference<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.note_reference = v.into();
        self
    }

    /// Sets the value of [public_keys][crate::model::UserOwnedGrafeasNote::public_keys].
    pub fn set_public_keys<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::AttestorPublicKey>,
    {
        use std::iter::Iterator;
        self.public_keys = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [delegation_service_account_email][crate::model::UserOwnedGrafeasNote::delegation_service_account_email].
    pub fn set_delegation_service_account_email<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.delegation_service_account_email = v.into();
        self
    }
}

impl wkt::message::Message for UserOwnedGrafeasNote {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote"
    }
}

/// A public key in the PkixPublicKey format (see
/// <https://tools.ietf.org/html/rfc5280#section-4.1.2.7> for details).
/// Public keys of this type are typically textually encoded using the PEM
/// format.
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct PkixPublicKey {
    /// A PEM-encoded public key, as described in
    /// <https://tools.ietf.org/html/rfc7468#section-13>
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub public_key_pem: std::string::String,

    /// The signature algorithm used to verify a message against a signature using
    /// this key.
    /// These signature algorithm must match the structure and any object
    /// identifiers encoded in `public_key_pem` (i.e. this algorithm must match
    /// that of the public key).
    pub signature_algorithm: crate::model::pkix_public_key::SignatureAlgorithm,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl PkixPublicKey {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [public_key_pem][crate::model::PkixPublicKey::public_key_pem].
    pub fn set_public_key_pem<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.public_key_pem = v.into();
        self
    }

    /// Sets the value of [signature_algorithm][crate::model::PkixPublicKey::signature_algorithm].
    pub fn set_signature_algorithm<
        T: std::convert::Into<crate::model::pkix_public_key::SignatureAlgorithm>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.signature_algorithm = v.into();
        self
    }
}

impl wkt::message::Message for PkixPublicKey {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.PkixPublicKey"
    }
}

/// Defines additional types related to [PkixPublicKey].
pub mod pkix_public_key {
    #[allow(unused_imports)]
    use super::*;

    /// Represents a signature algorithm and other information necessary to verify
    /// signatures with a given public key.
    /// This is based primarily on the public key types supported by Tink's
    /// PemKeyType, which is in turn based on KMS's supported signing algorithms.
    /// See <https://cloud.google.com/kms/docs/algorithms>. In the future, BinAuthz
    /// might support additional public key types independently of Tink and/or KMS.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum SignatureAlgorithm {
        /// Not specified.
        Unspecified,
        /// RSASSA-PSS 2048 bit key with a SHA256 digest.
        RsaPss2048Sha256,
        /// RSASSA-PSS 3072 bit key with a SHA256 digest.
        RsaPss3072Sha256,
        /// RSASSA-PSS 4096 bit key with a SHA256 digest.
        RsaPss4096Sha256,
        /// RSASSA-PSS 4096 bit key with a SHA512 digest.
        RsaPss4096Sha512,
        /// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
        RsaSignPkcs12048Sha256,
        /// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
        RsaSignPkcs13072Sha256,
        /// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
        RsaSignPkcs14096Sha256,
        /// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
        RsaSignPkcs14096Sha512,
        /// ECDSA on the NIST P-256 curve with a SHA256 digest.
        EcdsaP256Sha256,
        /// ECDSA on the NIST P-256 curve with a SHA256 digest.
        EcSignP256Sha256,
        /// ECDSA on the NIST P-384 curve with a SHA384 digest.
        EcdsaP384Sha384,
        /// ECDSA on the NIST P-384 curve with a SHA384 digest.
        EcSignP384Sha384,
        /// ECDSA on the NIST P-521 curve with a SHA512 digest.
        EcdsaP521Sha512,
        /// ECDSA on the NIST P-521 curve with a SHA512 digest.
        EcSignP521Sha512,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [SignatureAlgorithm::value] or
        /// [SignatureAlgorithm::name].
        UnknownValue(signature_algorithm::UnknownValue),
    }

    #[doc(hidden)]
    pub mod signature_algorithm {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl SignatureAlgorithm {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::RsaPss2048Sha256 => std::option::Option::Some(1),
                Self::RsaPss3072Sha256 => std::option::Option::Some(2),
                Self::RsaPss4096Sha256 => std::option::Option::Some(3),
                Self::RsaPss4096Sha512 => std::option::Option::Some(4),
                Self::RsaSignPkcs12048Sha256 => std::option::Option::Some(5),
                Self::RsaSignPkcs13072Sha256 => std::option::Option::Some(6),
                Self::RsaSignPkcs14096Sha256 => std::option::Option::Some(7),
                Self::RsaSignPkcs14096Sha512 => std::option::Option::Some(8),
                Self::EcdsaP256Sha256 => std::option::Option::Some(9),
                Self::EcSignP256Sha256 => std::option::Option::Some(9),
                Self::EcdsaP384Sha384 => std::option::Option::Some(10),
                Self::EcSignP384Sha384 => std::option::Option::Some(10),
                Self::EcdsaP521Sha512 => std::option::Option::Some(11),
                Self::EcSignP521Sha512 => std::option::Option::Some(11),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("SIGNATURE_ALGORITHM_UNSPECIFIED"),
                Self::RsaPss2048Sha256 => std::option::Option::Some("RSA_PSS_2048_SHA256"),
                Self::RsaPss3072Sha256 => std::option::Option::Some("RSA_PSS_3072_SHA256"),
                Self::RsaPss4096Sha256 => std::option::Option::Some("RSA_PSS_4096_SHA256"),
                Self::RsaPss4096Sha512 => std::option::Option::Some("RSA_PSS_4096_SHA512"),
                Self::RsaSignPkcs12048Sha256 => {
                    std::option::Option::Some("RSA_SIGN_PKCS1_2048_SHA256")
                }
                Self::RsaSignPkcs13072Sha256 => {
                    std::option::Option::Some("RSA_SIGN_PKCS1_3072_SHA256")
                }
                Self::RsaSignPkcs14096Sha256 => {
                    std::option::Option::Some("RSA_SIGN_PKCS1_4096_SHA256")
                }
                Self::RsaSignPkcs14096Sha512 => {
                    std::option::Option::Some("RSA_SIGN_PKCS1_4096_SHA512")
                }
                Self::EcdsaP256Sha256 => std::option::Option::Some("ECDSA_P256_SHA256"),
                Self::EcSignP256Sha256 => std::option::Option::Some("EC_SIGN_P256_SHA256"),
                Self::EcdsaP384Sha384 => std::option::Option::Some("ECDSA_P384_SHA384"),
                Self::EcSignP384Sha384 => std::option::Option::Some("EC_SIGN_P384_SHA384"),
                Self::EcdsaP521Sha512 => std::option::Option::Some("ECDSA_P521_SHA512"),
                Self::EcSignP521Sha512 => std::option::Option::Some("EC_SIGN_P521_SHA512"),
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for SignatureAlgorithm {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for SignatureAlgorithm {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for SignatureAlgorithm {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::RsaPss2048Sha256,
                2 => Self::RsaPss3072Sha256,
                3 => Self::RsaPss4096Sha256,
                4 => Self::RsaPss4096Sha512,
                5 => Self::RsaSignPkcs12048Sha256,
                6 => Self::RsaSignPkcs13072Sha256,
                7 => Self::RsaSignPkcs14096Sha256,
                8 => Self::RsaSignPkcs14096Sha512,
                9 => Self::EcdsaP256Sha256,
                10 => Self::EcdsaP384Sha384,
                11 => Self::EcdsaP521Sha512,
                _ => Self::UnknownValue(signature_algorithm::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for SignatureAlgorithm {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "SIGNATURE_ALGORITHM_UNSPECIFIED" => Self::Unspecified,
                "RSA_PSS_2048_SHA256" => Self::RsaPss2048Sha256,
                "RSA_PSS_3072_SHA256" => Self::RsaPss3072Sha256,
                "RSA_PSS_4096_SHA256" => Self::RsaPss4096Sha256,
                "RSA_PSS_4096_SHA512" => Self::RsaPss4096Sha512,
                "RSA_SIGN_PKCS1_2048_SHA256" => Self::RsaSignPkcs12048Sha256,
                "RSA_SIGN_PKCS1_3072_SHA256" => Self::RsaSignPkcs13072Sha256,
                "RSA_SIGN_PKCS1_4096_SHA256" => Self::RsaSignPkcs14096Sha256,
                "RSA_SIGN_PKCS1_4096_SHA512" => Self::RsaSignPkcs14096Sha512,
                "ECDSA_P256_SHA256" => Self::EcdsaP256Sha256,
                "EC_SIGN_P256_SHA256" => Self::EcSignP256Sha256,
                "ECDSA_P384_SHA384" => Self::EcdsaP384Sha384,
                "EC_SIGN_P384_SHA384" => Self::EcSignP384Sha384,
                "ECDSA_P521_SHA512" => Self::EcdsaP521Sha512,
                "EC_SIGN_P521_SHA512" => Self::EcSignP521Sha512,
                _ => Self::UnknownValue(signature_algorithm::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for SignatureAlgorithm {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::RsaPss2048Sha256 => serializer.serialize_i32(1),
                Self::RsaPss3072Sha256 => serializer.serialize_i32(2),
                Self::RsaPss4096Sha256 => serializer.serialize_i32(3),
                Self::RsaPss4096Sha512 => serializer.serialize_i32(4),
                Self::RsaSignPkcs12048Sha256 => serializer.serialize_i32(5),
                Self::RsaSignPkcs13072Sha256 => serializer.serialize_i32(6),
                Self::RsaSignPkcs14096Sha256 => serializer.serialize_i32(7),
                Self::RsaSignPkcs14096Sha512 => serializer.serialize_i32(8),
                Self::EcdsaP256Sha256 => serializer.serialize_i32(9),
                Self::EcSignP256Sha256 => serializer.serialize_i32(9),
                Self::EcdsaP384Sha384 => serializer.serialize_i32(10),
                Self::EcSignP384Sha384 => serializer.serialize_i32(10),
                Self::EcdsaP521Sha512 => serializer.serialize_i32(11),
                Self::EcSignP521Sha512 => serializer.serialize_i32(11),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for SignatureAlgorithm {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<SignatureAlgorithm>::new(
                ".google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm",
            ))
        }
    }
}

/// An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify
/// attestations signed by this attestor.
///
/// [google.cloud.binaryauthorization.v1.AttestorPublicKey]: crate::model::AttestorPublicKey
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct AttestorPublicKey {
    /// Optional. A descriptive comment. This field may be updated.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub comment: std::string::String,

    /// The ID of this public key.
    /// Signatures verified by BinAuthz must include the ID of the public key that
    /// can be used to verify them, and that ID must match the contents of this
    /// field exactly.
    /// Additional restrictions on this field can be imposed based on which public
    /// key type is encapsulated. See the documentation on `public_key` cases below
    /// for details.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub id: std::string::String,

    #[serde(flatten, skip_serializing_if = "std::option::Option::is_none")]
    pub public_key: std::option::Option<crate::model::attestor_public_key::PublicKey>,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl AttestorPublicKey {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [comment][crate::model::AttestorPublicKey::comment].
    pub fn set_comment<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.comment = v.into();
        self
    }

    /// Sets the value of [id][crate::model::AttestorPublicKey::id].
    pub fn set_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.id = v.into();
        self
    }

    /// Sets the value of [public_key][crate::model::AttestorPublicKey::public_key].
    ///
    /// Note that all the setters affecting `public_key` are mutually
    /// exclusive.
    pub fn set_public_key<
        T: std::convert::Into<std::option::Option<crate::model::attestor_public_key::PublicKey>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.public_key = v.into();
        self
    }

    /// The value of [public_key][crate::model::AttestorPublicKey::public_key]
    /// if it holds a `AsciiArmoredPgpPublicKey`, `None` if the field is not set or
    /// holds a different branch.
    pub fn ascii_armored_pgp_public_key(&self) -> std::option::Option<&std::string::String> {
        #[allow(unreachable_patterns)]
        self.public_key.as_ref().and_then(|v| match v {
            crate::model::attestor_public_key::PublicKey::AsciiArmoredPgpPublicKey(v) => {
                std::option::Option::Some(v)
            }
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [public_key][crate::model::AttestorPublicKey::public_key]
    /// to hold a `AsciiArmoredPgpPublicKey`.
    ///
    /// Note that all the setters affecting `public_key` are
    /// mutually exclusive.
    pub fn set_ascii_armored_pgp_public_key<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.public_key = std::option::Option::Some(
            crate::model::attestor_public_key::PublicKey::AsciiArmoredPgpPublicKey(v.into()),
        );
        self
    }

    /// The value of [public_key][crate::model::AttestorPublicKey::public_key]
    /// if it holds a `PkixPublicKey`, `None` if the field is not set or
    /// holds a different branch.
    pub fn pkix_public_key(
        &self,
    ) -> std::option::Option<&std::boxed::Box<crate::model::PkixPublicKey>> {
        #[allow(unreachable_patterns)]
        self.public_key.as_ref().and_then(|v| match v {
            crate::model::attestor_public_key::PublicKey::PkixPublicKey(v) => {
                std::option::Option::Some(v)
            }
            _ => std::option::Option::None,
        })
    }

    /// Sets the value of [public_key][crate::model::AttestorPublicKey::public_key]
    /// to hold a `PkixPublicKey`.
    ///
    /// Note that all the setters affecting `public_key` are
    /// mutually exclusive.
    pub fn set_pkix_public_key<
        T: std::convert::Into<std::boxed::Box<crate::model::PkixPublicKey>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.public_key = std::option::Option::Some(
            crate::model::attestor_public_key::PublicKey::PkixPublicKey(v.into()),
        );
        self
    }
}

impl wkt::message::Message for AttestorPublicKey {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.AttestorPublicKey"
    }
}

/// Defines additional types related to [AttestorPublicKey].
pub mod attestor_public_key {
    #[allow(unused_imports)]
    use super::*;

    #[serde_with::serde_as]
    #[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize)]
    #[serde(rename_all = "camelCase")]
    #[non_exhaustive]
    pub enum PublicKey {
        /// ASCII-armored representation of a PGP public key, as the entire output by
        /// the command `gpg --export --armor foo@example.com` (either LF or CRLF
        /// line endings).
        /// When using this field, `id` should be left blank.  The BinAuthz API
        /// handlers will calculate the ID and fill it in automatically.  BinAuthz
        /// computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
        /// upper-case hex.  If `id` is provided by the caller, it will be
        /// overwritten by the API-calculated ID.
        AsciiArmoredPgpPublicKey(std::string::String),
        /// A raw PKIX SubjectPublicKeyInfo format public key.
        ///
        /// NOTE: `id` may be explicitly provided by the caller when using this
        /// type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
        /// blank, a default one will be computed based on the digest of the DER
        /// encoding of the public key.
        PkixPublicKey(std::boxed::Box<crate::model::PkixPublicKey>),
    }
}

/// Request message for [BinauthzManagementService.GetPolicy][].
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct GetPolicyRequest {
    /// Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
    /// in the format `projects/*/policy`.
    ///
    /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub name: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetPolicyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetPolicyRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetPolicyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.GetPolicyRequest"
    }
}

/// Request message for [BinauthzManagementService.UpdatePolicy][].
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct UpdatePolicyRequest {
    /// Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
    /// overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
    /// the request URL, in the format `projects/*/policy`.
    ///
    /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
    /// [google.cloud.binaryauthorization.v1.Policy.name]: crate::model::Policy::name
    #[serde(skip_serializing_if = "std::option::Option::is_none")]
    pub policy: std::option::Option<crate::model::Policy>,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdatePolicyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [policy][crate::model::UpdatePolicyRequest::policy].
    pub fn set_policy<T: std::convert::Into<std::option::Option<crate::model::Policy>>>(
        mut self,
        v: T,
    ) -> Self {
        self.policy = v.into();
        self
    }
}

impl wkt::message::Message for UpdatePolicyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.UpdatePolicyRequest"
    }
}

/// Request message for [BinauthzManagementService.CreateAttestor][].
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct CreateAttestorRequest {
    /// Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub parent: std::string::String,

    /// Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub attestor_id: std::string::String,

    /// Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
    /// overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
    /// in the format `projects/*/attestors/*`.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    /// [google.cloud.binaryauthorization.v1.Attestor.name]: crate::model::Attestor::name
    #[serde(skip_serializing_if = "std::option::Option::is_none")]
    pub attestor: std::option::Option<crate::model::Attestor>,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl CreateAttestorRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::CreateAttestorRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [attestor_id][crate::model::CreateAttestorRequest::attestor_id].
    pub fn set_attestor_id<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.attestor_id = v.into();
        self
    }

    /// Sets the value of [attestor][crate::model::CreateAttestorRequest::attestor].
    pub fn set_attestor<T: std::convert::Into<std::option::Option<crate::model::Attestor>>>(
        mut self,
        v: T,
    ) -> Self {
        self.attestor = v.into();
        self
    }
}

impl wkt::message::Message for CreateAttestorRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.CreateAttestorRequest"
    }
}

/// Request message for [BinauthzManagementService.GetAttestor][].
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct GetAttestorRequest {
    /// Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
    /// `projects/*/attestors/*`.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub name: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetAttestorRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetAttestorRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetAttestorRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.GetAttestorRequest"
    }
}

/// Request message for [BinauthzManagementService.UpdateAttestor][].
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct UpdateAttestorRequest {
    /// Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
    /// overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
    /// in the request URL, in the format `projects/*/attestors/*`.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    /// [google.cloud.binaryauthorization.v1.Attestor.name]: crate::model::Attestor::name
    #[serde(skip_serializing_if = "std::option::Option::is_none")]
    pub attestor: std::option::Option<crate::model::Attestor>,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl UpdateAttestorRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [attestor][crate::model::UpdateAttestorRequest::attestor].
    pub fn set_attestor<T: std::convert::Into<std::option::Option<crate::model::Attestor>>>(
        mut self,
        v: T,
    ) -> Self {
        self.attestor = v.into();
        self
    }
}

impl wkt::message::Message for UpdateAttestorRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.UpdateAttestorRequest"
    }
}

/// Request message for [BinauthzManagementService.ListAttestors][].
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct ListAttestorsRequest {
    /// Required. The resource name of the project associated with the
    /// [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/*`.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub parent: std::string::String,

    /// Requested page size. The server may return fewer results than requested. If
    /// unspecified, the server will pick an appropriate default.
    #[serde(skip_serializing_if = "wkt::internal::is_default")]
    pub page_size: i32,

    /// A token identifying a page of results the server should return. Typically,
    /// this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
    /// from the previous call to the `ListAttestors` method.
    ///
    /// [google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token]: crate::model::ListAttestorsResponse::next_page_token
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub page_token: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListAttestorsRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [parent][crate::model::ListAttestorsRequest::parent].
    pub fn set_parent<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.parent = v.into();
        self
    }

    /// Sets the value of [page_size][crate::model::ListAttestorsRequest::page_size].
    pub fn set_page_size<T: std::convert::Into<i32>>(mut self, v: T) -> Self {
        self.page_size = v.into();
        self
    }

    /// Sets the value of [page_token][crate::model::ListAttestorsRequest::page_token].
    pub fn set_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListAttestorsRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.ListAttestorsRequest"
    }
}

/// Response message for [BinauthzManagementService.ListAttestors][].
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct ListAttestorsResponse {
    /// The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    #[serde(skip_serializing_if = "std::vec::Vec::is_empty")]
    pub attestors: std::vec::Vec<crate::model::Attestor>,

    /// A token to retrieve the next page of results. Pass this value in the
    /// [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
    /// `ListAttestors` method to retrieve the next page of results.
    ///
    /// [google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token]: crate::model::ListAttestorsRequest::page_token
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub next_page_token: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ListAttestorsResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [attestors][crate::model::ListAttestorsResponse::attestors].
    pub fn set_attestors<T, V>(mut self, v: T) -> Self
    where
        T: std::iter::IntoIterator<Item = V>,
        V: std::convert::Into<crate::model::Attestor>,
    {
        use std::iter::Iterator;
        self.attestors = v.into_iter().map(|i| i.into()).collect();
        self
    }

    /// Sets the value of [next_page_token][crate::model::ListAttestorsResponse::next_page_token].
    pub fn set_next_page_token<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.next_page_token = v.into();
        self
    }
}

impl wkt::message::Message for ListAttestorsResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.ListAttestorsResponse"
    }
}

#[doc(hidden)]
impl gax::paginator::internal::PageableResponse for ListAttestorsResponse {
    type PageItem = crate::model::Attestor;

    fn items(self) -> std::vec::Vec<Self::PageItem> {
        self.attestors
    }

    fn next_page_token(&self) -> std::string::String {
        use std::clone::Clone;
        self.next_page_token.clone()
    }
}

/// Request message for [BinauthzManagementService.DeleteAttestor][].
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct DeleteAttestorRequest {
    /// Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
    /// `projects/*/attestors/*`.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub name: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl DeleteAttestorRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::DeleteAttestorRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for DeleteAttestorRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.DeleteAttestorRequest"
    }
}

/// Request to read the current system policy.
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct GetSystemPolicyRequest {
    /// Required. The resource name, in the format `locations/*/policy`.
    /// Note that the system policy is not associated with a project.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub name: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl GetSystemPolicyRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [name][crate::model::GetSystemPolicyRequest::name].
    pub fn set_name<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.name = v.into();
        self
    }
}

impl wkt::message::Message for GetSystemPolicyRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.GetSystemPolicyRequest"
    }
}

/// Request message for
/// [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
///
/// [google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]: crate::client::ValidationHelperV1::validate_attestation_occurrence
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct ValidateAttestationOccurrenceRequest {
    /// Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
    /// [occurrence][grafeas.v1.Occurrence], in the format
    /// `projects/*/attestors/*`.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub attestor: std::string::String,

    /// Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
    /// be checked that it can be verified by the Attestor. It does not have to be
    /// an existing entity in Container Analysis. It must otherwise be a valid
    /// AttestationOccurrence.
    ///
    /// [grafeas.v1.AttestationOccurrence]: grafeas::model::AttestationOccurrence
    #[serde(skip_serializing_if = "std::option::Option::is_none")]
    pub attestation: std::option::Option<grafeas::model::AttestationOccurrence>,

    /// Required. The resource name of the [Note][grafeas.v1.Note] to which the
    /// containing [Occurrence][grafeas.v1.Occurrence] is associated.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub occurrence_note: std::string::String,

    /// Required. The URI of the artifact (e.g. container image) that is the
    /// subject of the containing [Occurrence][grafeas.v1.Occurrence].
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub occurrence_resource_uri: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ValidateAttestationOccurrenceRequest {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [attestor][crate::model::ValidateAttestationOccurrenceRequest::attestor].
    pub fn set_attestor<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.attestor = v.into();
        self
    }

    /// Sets the value of [attestation][crate::model::ValidateAttestationOccurrenceRequest::attestation].
    pub fn set_attestation<
        T: std::convert::Into<std::option::Option<grafeas::model::AttestationOccurrence>>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.attestation = v.into();
        self
    }

    /// Sets the value of [occurrence_note][crate::model::ValidateAttestationOccurrenceRequest::occurrence_note].
    pub fn set_occurrence_note<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.occurrence_note = v.into();
        self
    }

    /// Sets the value of [occurrence_resource_uri][crate::model::ValidateAttestationOccurrenceRequest::occurrence_resource_uri].
    pub fn set_occurrence_resource_uri<T: std::convert::Into<std::string::String>>(
        mut self,
        v: T,
    ) -> Self {
        self.occurrence_resource_uri = v.into();
        self
    }
}

impl wkt::message::Message for ValidateAttestationOccurrenceRequest {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest"
    }
}

/// Response message for
/// [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
///
/// [google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence]: crate::client::ValidationHelperV1::validate_attestation_occurrence
#[serde_with::serde_as]
#[derive(Clone, Debug, Default, PartialEq, serde::Deserialize, serde::Serialize)]
#[serde(default, rename_all = "camelCase")]
#[non_exhaustive]
pub struct ValidateAttestationOccurrenceResponse {
    /// The result of the Attestation validation.
    pub result: crate::model::validate_attestation_occurrence_response::Result,

    /// The reason for denial if the Attestation couldn't be validated.
    #[serde(skip_serializing_if = "std::string::String::is_empty")]
    pub denial_reason: std::string::String,

    #[serde(flatten, skip_serializing_if = "serde_json::Map::is_empty")]
    _unknown_fields: serde_json::Map<std::string::String, serde_json::Value>,
}

impl ValidateAttestationOccurrenceResponse {
    pub fn new() -> Self {
        std::default::Default::default()
    }

    /// Sets the value of [result][crate::model::ValidateAttestationOccurrenceResponse::result].
    pub fn set_result<
        T: std::convert::Into<crate::model::validate_attestation_occurrence_response::Result>,
    >(
        mut self,
        v: T,
    ) -> Self {
        self.result = v.into();
        self
    }

    /// Sets the value of [denial_reason][crate::model::ValidateAttestationOccurrenceResponse::denial_reason].
    pub fn set_denial_reason<T: std::convert::Into<std::string::String>>(mut self, v: T) -> Self {
        self.denial_reason = v.into();
        self
    }
}

impl wkt::message::Message for ValidateAttestationOccurrenceResponse {
    fn typename() -> &'static str {
        "type.googleapis.com/google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse"
    }
}

/// Defines additional types related to [ValidateAttestationOccurrenceResponse].
pub mod validate_attestation_occurrence_response {
    #[allow(unused_imports)]
    use super::*;

    /// The enum returned in the "result" field.
    ///
    /// # Working with unknown values
    ///
    /// This enum is defined as `#[non_exhaustive]` because Google Cloud may add
    /// additional enum variants at any time. Adding new variants is not considered
    /// a breaking change. Applications should write their code in anticipation of:
    ///
    /// - New values appearing in future releases of the client library, **and**
    /// - New values received dynamically, without application changes.
    ///
    /// Please consult the [Working with enums] section in the user guide for some
    /// guidelines.
    ///
    /// [Working with enums]: https://google-cloud-rust.github.io/working_with_enums.html
    #[derive(Clone, Debug, PartialEq)]
    #[non_exhaustive]
    pub enum Result {
        /// Unspecified.
        Unspecified,
        /// The Attestation was able to verified by the Attestor.
        Verified,
        /// The Attestation was not able to verified by the Attestor.
        AttestationNotVerifiable,
        /// If set, the enum was initialized with an unknown value.
        ///
        /// Applications can examine the value using [Result::value] or
        /// [Result::name].
        UnknownValue(result::UnknownValue),
    }

    #[doc(hidden)]
    pub mod result {
        #[allow(unused_imports)]
        use super::*;
        #[derive(Clone, Debug, PartialEq)]
        pub struct UnknownValue(pub(crate) wkt::internal::UnknownEnumValue);
    }

    impl Result {
        /// Gets the enum value.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the string representation of enums.
        pub fn value(&self) -> std::option::Option<i32> {
            match self {
                Self::Unspecified => std::option::Option::Some(0),
                Self::Verified => std::option::Option::Some(1),
                Self::AttestationNotVerifiable => std::option::Option::Some(2),
                Self::UnknownValue(u) => u.0.value(),
            }
        }

        /// Gets the enum value as a string.
        ///
        /// Returns `None` if the enum contains an unknown value deserialized from
        /// the integer representation of enums.
        pub fn name(&self) -> std::option::Option<&str> {
            match self {
                Self::Unspecified => std::option::Option::Some("RESULT_UNSPECIFIED"),
                Self::Verified => std::option::Option::Some("VERIFIED"),
                Self::AttestationNotVerifiable => {
                    std::option::Option::Some("ATTESTATION_NOT_VERIFIABLE")
                }
                Self::UnknownValue(u) => u.0.name(),
            }
        }
    }

    impl std::default::Default for Result {
        fn default() -> Self {
            use std::convert::From;
            Self::from(0)
        }
    }

    impl std::fmt::Display for Result {
        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::result::Result<(), std::fmt::Error> {
            wkt::internal::display_enum(f, self.name(), self.value())
        }
    }

    impl std::convert::From<i32> for Result {
        fn from(value: i32) -> Self {
            match value {
                0 => Self::Unspecified,
                1 => Self::Verified,
                2 => Self::AttestationNotVerifiable,
                _ => Self::UnknownValue(result::UnknownValue(
                    wkt::internal::UnknownEnumValue::Integer(value),
                )),
            }
        }
    }

    impl std::convert::From<&str> for Result {
        fn from(value: &str) -> Self {
            use std::string::ToString;
            match value {
                "RESULT_UNSPECIFIED" => Self::Unspecified,
                "VERIFIED" => Self::Verified,
                "ATTESTATION_NOT_VERIFIABLE" => Self::AttestationNotVerifiable,
                _ => Self::UnknownValue(result::UnknownValue(
                    wkt::internal::UnknownEnumValue::String(value.to_string()),
                )),
            }
        }
    }

    impl serde::ser::Serialize for Result {
        fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
        where
            S: serde::Serializer,
        {
            match self {
                Self::Unspecified => serializer.serialize_i32(0),
                Self::Verified => serializer.serialize_i32(1),
                Self::AttestationNotVerifiable => serializer.serialize_i32(2),
                Self::UnknownValue(u) => u.0.serialize(serializer),
            }
        }
    }

    impl<'de> serde::de::Deserialize<'de> for Result {
        fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
        where
            D: serde::Deserializer<'de>,
        {
            deserializer.deserialize_any(wkt::internal::EnumVisitor::<Result>::new(
                ".google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result",
            ))
        }
    }
}