google_cloud_binaryauthorization_v1/client.rs
1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::redundant_explicit_links)]
17#![allow(rustdoc::broken_intra_doc_links)]
18
19/// Implements a client for the Binary Authorization API.
20///
21/// # Example
22/// ```
23/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
24/// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
25/// let client = BinauthzManagementServiceV1::builder().build().await?;
26/// // use `client` to make requests to the Binary Authorization API.
27/// # Ok(()) }
28/// ```
29///
30/// # Service Description
31///
32/// Google Cloud Management Service for Binary Authorization admission policies
33/// and attestation authorities.
34///
35/// This API implements a REST model with the following objects:
36///
37/// * [Policy][google.cloud.binaryauthorization.v1.Policy]
38/// * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
39///
40/// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
41/// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
42///
43/// # Configuration
44///
45/// To configure `BinauthzManagementServiceV1` use the `with_*` methods in the type returned
46/// by [builder()][BinauthzManagementServiceV1::builder]. The default configuration should
47/// work for most applications. Common configuration changes include
48///
49/// * [with_endpoint()]: by default this client uses the global default endpoint
50/// (`https://binaryauthorization.googleapis.com`). Applications using regional
51/// endpoints or running in restricted networks (e.g. a network configured
52// with [Private Google Access with VPC Service Controls]) may want to
53/// override this default.
54/// * [with_credentials()]: by default this client uses
55/// [Application Default Credentials]. Applications using custom
56/// authentication may need to override this default.
57///
58/// [with_endpoint()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_endpoint
59/// [with_credentials()]: super::builder::binauthz_management_service_v_1::ClientBuilder::credentials
60/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
61/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
62///
63/// # Pooling and Cloning
64///
65/// `BinauthzManagementServiceV1` holds a connection pool internally, it is advised to
66/// create one and the reuse it. You do not need to wrap `BinauthzManagementServiceV1` in
67/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
68/// already uses an `Arc` internally.
69#[derive(Clone, Debug)]
70pub struct BinauthzManagementServiceV1 {
71 inner: std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
72}
73
74impl BinauthzManagementServiceV1 {
75 /// Returns a builder for [BinauthzManagementServiceV1].
76 ///
77 /// ```
78 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
79 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
80 /// let client = BinauthzManagementServiceV1::builder().build().await?;
81 /// # Ok(()) }
82 /// ```
83 pub fn builder() -> super::builder::binauthz_management_service_v_1::ClientBuilder {
84 crate::new_client_builder(super::builder::binauthz_management_service_v_1::client::Factory)
85 }
86
87 /// Creates a new client from the provided stub.
88 ///
89 /// The most common case for calling this function is in tests mocking the
90 /// client's behavior.
91 pub fn from_stub<T>(stub: T) -> Self
92 where
93 T: super::stub::BinauthzManagementServiceV1 + 'static,
94 {
95 Self {
96 inner: std::sync::Arc::new(stub),
97 }
98 }
99
100 pub(crate) async fn new(
101 config: gaxi::options::ClientConfig,
102 ) -> crate::ClientBuilderResult<Self> {
103 let inner = Self::build_inner(config).await?;
104 Ok(Self { inner })
105 }
106
107 async fn build_inner(
108 conf: gaxi::options::ClientConfig,
109 ) -> crate::ClientBuilderResult<
110 std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
111 > {
112 if gaxi::options::tracing_enabled(&conf) {
113 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
114 }
115 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
116 }
117
118 async fn build_transport(
119 conf: gaxi::options::ClientConfig,
120 ) -> crate::ClientBuilderResult<impl super::stub::BinauthzManagementServiceV1> {
121 super::transport::BinauthzManagementServiceV1::new(conf).await
122 }
123
124 async fn build_with_tracing(
125 conf: gaxi::options::ClientConfig,
126 ) -> crate::ClientBuilderResult<impl super::stub::BinauthzManagementServiceV1> {
127 Self::build_transport(conf)
128 .await
129 .map(super::tracing::BinauthzManagementServiceV1::new)
130 }
131
132 /// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
133 /// a container image, before the project is allowed to deploy that
134 /// image. There is at most one policy per project. All image admission
135 /// requests are permitted if a project has no policy.
136 ///
137 /// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
138 /// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
139 ///
140 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
141 /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
142 pub fn get_policy(&self) -> super::builder::binauthz_management_service_v_1::GetPolicy {
143 super::builder::binauthz_management_service_v_1::GetPolicy::new(self.inner.clone())
144 }
145
146 /// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
147 /// new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
148 /// conditions with concurrent policy enforcement (or management!)
149 /// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
150 /// if the request is malformed.
151 ///
152 /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
153 pub fn update_policy(&self) -> super::builder::binauthz_management_service_v_1::UpdatePolicy {
154 super::builder::binauthz_management_service_v_1::UpdatePolicy::new(self.inner.clone())
155 }
156
157 /// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
158 /// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
159 /// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
160 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
161 ///
162 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
163 pub fn create_attestor(
164 &self,
165 ) -> super::builder::binauthz_management_service_v_1::CreateAttestor {
166 super::builder::binauthz_management_service_v_1::CreateAttestor::new(self.inner.clone())
167 }
168
169 /// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
170 /// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
171 ///
172 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
173 pub fn get_attestor(&self) -> super::builder::binauthz_management_service_v_1::GetAttestor {
174 super::builder::binauthz_management_service_v_1::GetAttestor::new(self.inner.clone())
175 }
176
177 /// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
178 /// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
179 ///
180 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
181 pub fn update_attestor(
182 &self,
183 ) -> super::builder::binauthz_management_service_v_1::UpdateAttestor {
184 super::builder::binauthz_management_service_v_1::UpdateAttestor::new(self.inner.clone())
185 }
186
187 /// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
188 /// Returns INVALID_ARGUMENT if the project does not exist.
189 ///
190 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
191 pub fn list_attestors(&self) -> super::builder::binauthz_management_service_v_1::ListAttestors {
192 super::builder::binauthz_management_service_v_1::ListAttestors::new(self.inner.clone())
193 }
194
195 /// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
196 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
197 ///
198 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
199 pub fn delete_attestor(
200 &self,
201 ) -> super::builder::binauthz_management_service_v_1::DeleteAttestor {
202 super::builder::binauthz_management_service_v_1::DeleteAttestor::new(self.inner.clone())
203 }
204}
205
206/// Implements a client for the Binary Authorization API.
207///
208/// # Example
209/// ```
210/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
211/// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
212/// let client = SystemPolicyV1::builder().build().await?;
213/// // use `client` to make requests to the Binary Authorization API.
214/// # Ok(()) }
215/// ```
216///
217/// # Service Description
218///
219/// API for working with the system policy.
220///
221/// # Configuration
222///
223/// To configure `SystemPolicyV1` use the `with_*` methods in the type returned
224/// by [builder()][SystemPolicyV1::builder]. The default configuration should
225/// work for most applications. Common configuration changes include
226///
227/// * [with_endpoint()]: by default this client uses the global default endpoint
228/// (`https://binaryauthorization.googleapis.com`). Applications using regional
229/// endpoints or running in restricted networks (e.g. a network configured
230// with [Private Google Access with VPC Service Controls]) may want to
231/// override this default.
232/// * [with_credentials()]: by default this client uses
233/// [Application Default Credentials]. Applications using custom
234/// authentication may need to override this default.
235///
236/// [with_endpoint()]: super::builder::system_policy_v_1::ClientBuilder::with_endpoint
237/// [with_credentials()]: super::builder::system_policy_v_1::ClientBuilder::credentials
238/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
239/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
240///
241/// # Pooling and Cloning
242///
243/// `SystemPolicyV1` holds a connection pool internally, it is advised to
244/// create one and the reuse it. You do not need to wrap `SystemPolicyV1` in
245/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
246/// already uses an `Arc` internally.
247#[derive(Clone, Debug)]
248pub struct SystemPolicyV1 {
249 inner: std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>,
250}
251
252impl SystemPolicyV1 {
253 /// Returns a builder for [SystemPolicyV1].
254 ///
255 /// ```
256 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
257 /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
258 /// let client = SystemPolicyV1::builder().build().await?;
259 /// # Ok(()) }
260 /// ```
261 pub fn builder() -> super::builder::system_policy_v_1::ClientBuilder {
262 crate::new_client_builder(super::builder::system_policy_v_1::client::Factory)
263 }
264
265 /// Creates a new client from the provided stub.
266 ///
267 /// The most common case for calling this function is in tests mocking the
268 /// client's behavior.
269 pub fn from_stub<T>(stub: T) -> Self
270 where
271 T: super::stub::SystemPolicyV1 + 'static,
272 {
273 Self {
274 inner: std::sync::Arc::new(stub),
275 }
276 }
277
278 pub(crate) async fn new(
279 config: gaxi::options::ClientConfig,
280 ) -> crate::ClientBuilderResult<Self> {
281 let inner = Self::build_inner(config).await?;
282 Ok(Self { inner })
283 }
284
285 async fn build_inner(
286 conf: gaxi::options::ClientConfig,
287 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>> {
288 if gaxi::options::tracing_enabled(&conf) {
289 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
290 }
291 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
292 }
293
294 async fn build_transport(
295 conf: gaxi::options::ClientConfig,
296 ) -> crate::ClientBuilderResult<impl super::stub::SystemPolicyV1> {
297 super::transport::SystemPolicyV1::new(conf).await
298 }
299
300 async fn build_with_tracing(
301 conf: gaxi::options::ClientConfig,
302 ) -> crate::ClientBuilderResult<impl super::stub::SystemPolicyV1> {
303 Self::build_transport(conf)
304 .await
305 .map(super::tracing::SystemPolicyV1::new)
306 }
307
308 /// Gets the current system policy in the specified location.
309 pub fn get_system_policy(&self) -> super::builder::system_policy_v_1::GetSystemPolicy {
310 super::builder::system_policy_v_1::GetSystemPolicy::new(self.inner.clone())
311 }
312}
313
314/// Implements a client for the Binary Authorization API.
315///
316/// # Example
317/// ```
318/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
319/// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
320/// let client = ValidationHelperV1::builder().build().await?;
321/// // use `client` to make requests to the Binary Authorization API.
322/// # Ok(()) }
323/// ```
324///
325/// # Service Description
326///
327/// BinAuthz Attestor verification
328///
329/// # Configuration
330///
331/// To configure `ValidationHelperV1` use the `with_*` methods in the type returned
332/// by [builder()][ValidationHelperV1::builder]. The default configuration should
333/// work for most applications. Common configuration changes include
334///
335/// * [with_endpoint()]: by default this client uses the global default endpoint
336/// (`https://binaryauthorization.googleapis.com`). Applications using regional
337/// endpoints or running in restricted networks (e.g. a network configured
338// with [Private Google Access with VPC Service Controls]) may want to
339/// override this default.
340/// * [with_credentials()]: by default this client uses
341/// [Application Default Credentials]. Applications using custom
342/// authentication may need to override this default.
343///
344/// [with_endpoint()]: super::builder::validation_helper_v_1::ClientBuilder::with_endpoint
345/// [with_credentials()]: super::builder::validation_helper_v_1::ClientBuilder::credentials
346/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
347/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
348///
349/// # Pooling and Cloning
350///
351/// `ValidationHelperV1` holds a connection pool internally, it is advised to
352/// create one and the reuse it. You do not need to wrap `ValidationHelperV1` in
353/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
354/// already uses an `Arc` internally.
355#[derive(Clone, Debug)]
356pub struct ValidationHelperV1 {
357 inner: std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>,
358}
359
360impl ValidationHelperV1 {
361 /// Returns a builder for [ValidationHelperV1].
362 ///
363 /// ```
364 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
365 /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
366 /// let client = ValidationHelperV1::builder().build().await?;
367 /// # Ok(()) }
368 /// ```
369 pub fn builder() -> super::builder::validation_helper_v_1::ClientBuilder {
370 crate::new_client_builder(super::builder::validation_helper_v_1::client::Factory)
371 }
372
373 /// Creates a new client from the provided stub.
374 ///
375 /// The most common case for calling this function is in tests mocking the
376 /// client's behavior.
377 pub fn from_stub<T>(stub: T) -> Self
378 where
379 T: super::stub::ValidationHelperV1 + 'static,
380 {
381 Self {
382 inner: std::sync::Arc::new(stub),
383 }
384 }
385
386 pub(crate) async fn new(
387 config: gaxi::options::ClientConfig,
388 ) -> crate::ClientBuilderResult<Self> {
389 let inner = Self::build_inner(config).await?;
390 Ok(Self { inner })
391 }
392
393 async fn build_inner(
394 conf: gaxi::options::ClientConfig,
395 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>>
396 {
397 if gaxi::options::tracing_enabled(&conf) {
398 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
399 }
400 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
401 }
402
403 async fn build_transport(
404 conf: gaxi::options::ClientConfig,
405 ) -> crate::ClientBuilderResult<impl super::stub::ValidationHelperV1> {
406 super::transport::ValidationHelperV1::new(conf).await
407 }
408
409 async fn build_with_tracing(
410 conf: gaxi::options::ClientConfig,
411 ) -> crate::ClientBuilderResult<impl super::stub::ValidationHelperV1> {
412 Self::build_transport(conf)
413 .await
414 .map(super::tracing::ValidationHelperV1::new)
415 }
416
417 /// Returns whether the given Attestation for the given image URI
418 /// was signed by the given Attestor
419 pub fn validate_attestation_occurrence(
420 &self,
421 ) -> super::builder::validation_helper_v_1::ValidateAttestationOccurrence {
422 super::builder::validation_helper_v_1::ValidateAttestationOccurrence::new(
423 self.inner.clone(),
424 )
425 }
426}