google_cloud_binaryauthorization_v1/client.rs
1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::redundant_explicit_links)]
17#![allow(rustdoc::broken_intra_doc_links)]
18
19/// Implements a client for the Binary Authorization API.
20///
21/// # Example
22/// ```
23/// # tokio_test::block_on(async {
24/// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
25/// let client = BinauthzManagementServiceV1::builder().build().await?;
26/// // use `client` to make requests to the Binary Authorization API.
27/// # gax::client_builder::Result::<()>::Ok(()) });
28/// ```
29///
30/// # Service Description
31///
32/// Google Cloud Management Service for Binary Authorization admission policies
33/// and attestation authorities.
34///
35/// This API implements a REST model with the following objects:
36///
37/// * [Policy][google.cloud.binaryauthorization.v1.Policy]
38/// * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
39///
40/// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
41/// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
42///
43/// # Configuration
44///
45/// To configure `BinauthzManagementServiceV1` use the `with_*` methods in the type returned
46/// by [builder()][BinauthzManagementServiceV1::builder]. The default configuration should
47/// work for most applications. Common configuration changes include
48///
49/// * [with_endpoint()]: by default this client uses the global default endpoint
50/// (`https://binaryauthorization.googleapis.com`). Applications using regional
51/// endpoints or running in restricted networks (e.g. a network configured
52// with [Private Google Access with VPC Service Controls]) may want to
53/// override this default.
54/// * [with_credentials()]: by default this client uses
55/// [Application Default Credentials]. Applications using custom
56/// authentication may need to override this default.
57///
58/// [with_endpoint()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_endpoint
59/// [with_credentials()]: super::builder::binauthz_management_service_v_1::ClientBuilder::credentials
60/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
61/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
62///
63/// # Pooling and Cloning
64///
65/// `BinauthzManagementServiceV1` holds a connection pool internally, it is advised to
66/// create one and the reuse it. You do not need to wrap `BinauthzManagementServiceV1` in
67/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
68/// already uses an `Arc` internally.
69#[derive(Clone, Debug)]
70pub struct BinauthzManagementServiceV1 {
71 inner: std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
72}
73
74impl BinauthzManagementServiceV1 {
75 /// Returns a builder for [BinauthzManagementServiceV1].
76 ///
77 /// ```
78 /// # tokio_test::block_on(async {
79 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
80 /// let client = BinauthzManagementServiceV1::builder().build().await?;
81 /// # gax::client_builder::Result::<()>::Ok(()) });
82 /// ```
83 pub fn builder() -> super::builder::binauthz_management_service_v_1::ClientBuilder {
84 gax::client_builder::internal::new_builder(
85 super::builder::binauthz_management_service_v_1::client::Factory,
86 )
87 }
88
89 /// Creates a new client from the provided stub.
90 ///
91 /// The most common case for calling this function is in tests mocking the
92 /// client's behavior.
93 pub fn from_stub<T>(stub: T) -> Self
94 where
95 T: super::stub::BinauthzManagementServiceV1 + 'static,
96 {
97 Self {
98 inner: std::sync::Arc::new(stub),
99 }
100 }
101
102 pub(crate) async fn new(
103 config: gaxi::options::ClientConfig,
104 ) -> gax::client_builder::Result<Self> {
105 let inner = Self::build_inner(config).await?;
106 Ok(Self { inner })
107 }
108
109 async fn build_inner(
110 conf: gaxi::options::ClientConfig,
111 ) -> gax::client_builder::Result<
112 std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
113 > {
114 if gaxi::options::tracing_enabled(&conf) {
115 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
116 }
117 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
118 }
119
120 async fn build_transport(
121 conf: gaxi::options::ClientConfig,
122 ) -> gax::client_builder::Result<impl super::stub::BinauthzManagementServiceV1> {
123 super::transport::BinauthzManagementServiceV1::new(conf).await
124 }
125
126 async fn build_with_tracing(
127 conf: gaxi::options::ClientConfig,
128 ) -> gax::client_builder::Result<impl super::stub::BinauthzManagementServiceV1> {
129 Self::build_transport(conf)
130 .await
131 .map(super::tracing::BinauthzManagementServiceV1::new)
132 }
133
134 /// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
135 /// a container image, before the project is allowed to deploy that
136 /// image. There is at most one policy per project. All image admission
137 /// requests are permitted if a project has no policy.
138 ///
139 /// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
140 /// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
141 ///
142 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
143 /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
144 pub fn get_policy(&self) -> super::builder::binauthz_management_service_v_1::GetPolicy {
145 super::builder::binauthz_management_service_v_1::GetPolicy::new(self.inner.clone())
146 }
147
148 /// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
149 /// new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
150 /// conditions with concurrent policy enforcement (or management!)
151 /// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
152 /// if the request is malformed.
153 ///
154 /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
155 pub fn update_policy(&self) -> super::builder::binauthz_management_service_v_1::UpdatePolicy {
156 super::builder::binauthz_management_service_v_1::UpdatePolicy::new(self.inner.clone())
157 }
158
159 /// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
160 /// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
161 /// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
162 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
163 ///
164 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
165 pub fn create_attestor(
166 &self,
167 ) -> super::builder::binauthz_management_service_v_1::CreateAttestor {
168 super::builder::binauthz_management_service_v_1::CreateAttestor::new(self.inner.clone())
169 }
170
171 /// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
172 /// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
173 ///
174 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
175 pub fn get_attestor(&self) -> super::builder::binauthz_management_service_v_1::GetAttestor {
176 super::builder::binauthz_management_service_v_1::GetAttestor::new(self.inner.clone())
177 }
178
179 /// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
180 /// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
181 ///
182 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
183 pub fn update_attestor(
184 &self,
185 ) -> super::builder::binauthz_management_service_v_1::UpdateAttestor {
186 super::builder::binauthz_management_service_v_1::UpdateAttestor::new(self.inner.clone())
187 }
188
189 /// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
190 /// Returns INVALID_ARGUMENT if the project does not exist.
191 ///
192 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
193 pub fn list_attestors(&self) -> super::builder::binauthz_management_service_v_1::ListAttestors {
194 super::builder::binauthz_management_service_v_1::ListAttestors::new(self.inner.clone())
195 }
196
197 /// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
198 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
199 ///
200 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
201 pub fn delete_attestor(
202 &self,
203 ) -> super::builder::binauthz_management_service_v_1::DeleteAttestor {
204 super::builder::binauthz_management_service_v_1::DeleteAttestor::new(self.inner.clone())
205 }
206}
207
208/// Implements a client for the Binary Authorization API.
209///
210/// # Example
211/// ```
212/// # tokio_test::block_on(async {
213/// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
214/// let client = SystemPolicyV1::builder().build().await?;
215/// // use `client` to make requests to the Binary Authorization API.
216/// # gax::client_builder::Result::<()>::Ok(()) });
217/// ```
218///
219/// # Service Description
220///
221/// API for working with the system policy.
222///
223/// # Configuration
224///
225/// To configure `SystemPolicyV1` use the `with_*` methods in the type returned
226/// by [builder()][SystemPolicyV1::builder]. The default configuration should
227/// work for most applications. Common configuration changes include
228///
229/// * [with_endpoint()]: by default this client uses the global default endpoint
230/// (`https://binaryauthorization.googleapis.com`). Applications using regional
231/// endpoints or running in restricted networks (e.g. a network configured
232// with [Private Google Access with VPC Service Controls]) may want to
233/// override this default.
234/// * [with_credentials()]: by default this client uses
235/// [Application Default Credentials]. Applications using custom
236/// authentication may need to override this default.
237///
238/// [with_endpoint()]: super::builder::system_policy_v_1::ClientBuilder::with_endpoint
239/// [with_credentials()]: super::builder::system_policy_v_1::ClientBuilder::credentials
240/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
241/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
242///
243/// # Pooling and Cloning
244///
245/// `SystemPolicyV1` holds a connection pool internally, it is advised to
246/// create one and the reuse it. You do not need to wrap `SystemPolicyV1` in
247/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
248/// already uses an `Arc` internally.
249#[derive(Clone, Debug)]
250pub struct SystemPolicyV1 {
251 inner: std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>,
252}
253
254impl SystemPolicyV1 {
255 /// Returns a builder for [SystemPolicyV1].
256 ///
257 /// ```
258 /// # tokio_test::block_on(async {
259 /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
260 /// let client = SystemPolicyV1::builder().build().await?;
261 /// # gax::client_builder::Result::<()>::Ok(()) });
262 /// ```
263 pub fn builder() -> super::builder::system_policy_v_1::ClientBuilder {
264 gax::client_builder::internal::new_builder(
265 super::builder::system_policy_v_1::client::Factory,
266 )
267 }
268
269 /// Creates a new client from the provided stub.
270 ///
271 /// The most common case for calling this function is in tests mocking the
272 /// client's behavior.
273 pub fn from_stub<T>(stub: T) -> Self
274 where
275 T: super::stub::SystemPolicyV1 + 'static,
276 {
277 Self {
278 inner: std::sync::Arc::new(stub),
279 }
280 }
281
282 pub(crate) async fn new(
283 config: gaxi::options::ClientConfig,
284 ) -> gax::client_builder::Result<Self> {
285 let inner = Self::build_inner(config).await?;
286 Ok(Self { inner })
287 }
288
289 async fn build_inner(
290 conf: gaxi::options::ClientConfig,
291 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>> {
292 if gaxi::options::tracing_enabled(&conf) {
293 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
294 }
295 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
296 }
297
298 async fn build_transport(
299 conf: gaxi::options::ClientConfig,
300 ) -> gax::client_builder::Result<impl super::stub::SystemPolicyV1> {
301 super::transport::SystemPolicyV1::new(conf).await
302 }
303
304 async fn build_with_tracing(
305 conf: gaxi::options::ClientConfig,
306 ) -> gax::client_builder::Result<impl super::stub::SystemPolicyV1> {
307 Self::build_transport(conf)
308 .await
309 .map(super::tracing::SystemPolicyV1::new)
310 }
311
312 /// Gets the current system policy in the specified location.
313 pub fn get_system_policy(&self) -> super::builder::system_policy_v_1::GetSystemPolicy {
314 super::builder::system_policy_v_1::GetSystemPolicy::new(self.inner.clone())
315 }
316}
317
318/// Implements a client for the Binary Authorization API.
319///
320/// # Example
321/// ```
322/// # tokio_test::block_on(async {
323/// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
324/// let client = ValidationHelperV1::builder().build().await?;
325/// // use `client` to make requests to the Binary Authorization API.
326/// # gax::client_builder::Result::<()>::Ok(()) });
327/// ```
328///
329/// # Service Description
330///
331/// BinAuthz Attestor verification
332///
333/// # Configuration
334///
335/// To configure `ValidationHelperV1` use the `with_*` methods in the type returned
336/// by [builder()][ValidationHelperV1::builder]. The default configuration should
337/// work for most applications. Common configuration changes include
338///
339/// * [with_endpoint()]: by default this client uses the global default endpoint
340/// (`https://binaryauthorization.googleapis.com`). Applications using regional
341/// endpoints or running in restricted networks (e.g. a network configured
342// with [Private Google Access with VPC Service Controls]) may want to
343/// override this default.
344/// * [with_credentials()]: by default this client uses
345/// [Application Default Credentials]. Applications using custom
346/// authentication may need to override this default.
347///
348/// [with_endpoint()]: super::builder::validation_helper_v_1::ClientBuilder::with_endpoint
349/// [with_credentials()]: super::builder::validation_helper_v_1::ClientBuilder::credentials
350/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
351/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
352///
353/// # Pooling and Cloning
354///
355/// `ValidationHelperV1` holds a connection pool internally, it is advised to
356/// create one and the reuse it. You do not need to wrap `ValidationHelperV1` in
357/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
358/// already uses an `Arc` internally.
359#[derive(Clone, Debug)]
360pub struct ValidationHelperV1 {
361 inner: std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>,
362}
363
364impl ValidationHelperV1 {
365 /// Returns a builder for [ValidationHelperV1].
366 ///
367 /// ```
368 /// # tokio_test::block_on(async {
369 /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
370 /// let client = ValidationHelperV1::builder().build().await?;
371 /// # gax::client_builder::Result::<()>::Ok(()) });
372 /// ```
373 pub fn builder() -> super::builder::validation_helper_v_1::ClientBuilder {
374 gax::client_builder::internal::new_builder(
375 super::builder::validation_helper_v_1::client::Factory,
376 )
377 }
378
379 /// Creates a new client from the provided stub.
380 ///
381 /// The most common case for calling this function is in tests mocking the
382 /// client's behavior.
383 pub fn from_stub<T>(stub: T) -> Self
384 where
385 T: super::stub::ValidationHelperV1 + 'static,
386 {
387 Self {
388 inner: std::sync::Arc::new(stub),
389 }
390 }
391
392 pub(crate) async fn new(
393 config: gaxi::options::ClientConfig,
394 ) -> gax::client_builder::Result<Self> {
395 let inner = Self::build_inner(config).await?;
396 Ok(Self { inner })
397 }
398
399 async fn build_inner(
400 conf: gaxi::options::ClientConfig,
401 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>>
402 {
403 if gaxi::options::tracing_enabled(&conf) {
404 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
405 }
406 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
407 }
408
409 async fn build_transport(
410 conf: gaxi::options::ClientConfig,
411 ) -> gax::client_builder::Result<impl super::stub::ValidationHelperV1> {
412 super::transport::ValidationHelperV1::new(conf).await
413 }
414
415 async fn build_with_tracing(
416 conf: gaxi::options::ClientConfig,
417 ) -> gax::client_builder::Result<impl super::stub::ValidationHelperV1> {
418 Self::build_transport(conf)
419 .await
420 .map(super::tracing::ValidationHelperV1::new)
421 }
422
423 /// Returns whether the given Attestation for the given image URI
424 /// was signed by the given Attestor
425 pub fn validate_attestation_occurrence(
426 &self,
427 ) -> super::builder::validation_helper_v_1::ValidateAttestationOccurrence {
428 super::builder::validation_helper_v_1::ValidateAttestationOccurrence::new(
429 self.inner.clone(),
430 )
431 }
432}