google_cloud_binaryauthorization_v1/

client.rs

// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.
#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]

/// Implements a client for the Binary Authorization API.
///
/// # Example
/// ```
/// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
/// use google_cloud_gax::paginator::ItemPaginator as _;
/// async fn sample(
///    parent: &str,
/// ) -> anyhow::Result<()> {
///     let client = BinauthzManagementServiceV1::builder().build().await?;
///     let mut list = client.list_attestors()
///         .set_parent(parent)
///         .by_item();
///     while let Some(item) = list.next().await.transpose()? {
///         println!("{:?}", item);
///     }
///     Ok(())
/// }
/// ```
///
/// # Service Description
///
/// Google Cloud Management Service for Binary Authorization admission policies
/// and attestation authorities.
///
/// This API implements a REST model with the following objects:
///
/// * [Policy][google.cloud.binaryauthorization.v1.Policy]
/// * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
///
/// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
/// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
///
/// # Configuration
///
/// To configure `BinauthzManagementServiceV1` use the `with_*` methods in the type returned
/// by [builder()][BinauthzManagementServiceV1::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://binaryauthorization.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `BinauthzManagementServiceV1` holds a connection pool internally, it is advised to
/// create one and reuse it. You do not need to wrap `BinauthzManagementServiceV1` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct BinauthzManagementServiceV1 {
    inner: std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
}

impl BinauthzManagementServiceV1 {
    /// Returns a builder for [BinauthzManagementServiceV1].
    ///
    /// ```
    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
    /// let client = BinauthzManagementServiceV1::builder().build().await?;
    /// # Ok(()) }
    /// ```
    pub fn builder() -> super::builder::binauthz_management_service_v_1::ClientBuilder {
        crate::new_client_builder(super::builder::binauthz_management_service_v_1::client::Factory)
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
    where
        T: super::stub::BinauthzManagementServiceV1 + 'static,
    {
        Self { inner: stub.into() }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<
        std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
    > {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::BinauthzManagementServiceV1> {
        super::transport::BinauthzManagementServiceV1::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::BinauthzManagementServiceV1> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::BinauthzManagementServiceV1::new)
    }

    /// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
    /// a container image, before the project is allowed to deploy that
    /// image. There is at most one policy per project. All image admission
    /// requests are permitted if a project has no policy.
    ///
    /// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
    /// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &BinauthzManagementServiceV1, project_id: &str
    /// ) -> Result<()> {
    ///     let response = client.get_policy()
    ///         .set_name(format!("projects/{project_id}/policy"))
    ///         .send().await?;
    ///     println!("response {:?}", response);
    ///     Ok(())
    /// }
    /// ```
    pub fn get_policy(&self) -> super::builder::binauthz_management_service_v_1::GetPolicy {
        super::builder::binauthz_management_service_v_1::GetPolicy::new(self.inner.clone())
    }

    /// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
    /// new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
    /// conditions with concurrent policy enforcement (or management!)
    /// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
    /// if the request is malformed.
    ///
    /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
    /// use google_cloud_binaryauthorization_v1::model::Policy;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &BinauthzManagementServiceV1, project_id: &str
    /// ) -> Result<()> {
    ///     let response = client.update_policy()
    ///         .set_policy(
    ///             Policy::new().set_name(format!("projects/{project_id}/policy"))/* set fields */
    ///         )
    ///         .send().await?;
    ///     println!("response {:?}", response);
    ///     Ok(())
    /// }
    /// ```
    pub fn update_policy(&self) -> super::builder::binauthz_management_service_v_1::UpdatePolicy {
        super::builder::binauthz_management_service_v_1::UpdatePolicy::new(self.inner.clone())
    }

    /// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
    /// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
    /// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
    /// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
    /// use google_cloud_binaryauthorization_v1::model::Attestor;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &BinauthzManagementServiceV1, parent: &str
    /// ) -> Result<()> {
    ///     let response = client.create_attestor()
    ///         .set_parent(parent)
    ///         .set_attestor_id("attestor_id_value")
    ///         .set_attestor(
    ///             Attestor::new()/* set fields */
    ///         )
    ///         .send().await?;
    ///     println!("response {:?}", response);
    ///     Ok(())
    /// }
    /// ```
    pub fn create_attestor(
        &self,
    ) -> super::builder::binauthz_management_service_v_1::CreateAttestor {
        super::builder::binauthz_management_service_v_1::CreateAttestor::new(self.inner.clone())
    }

    /// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
    /// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
    /// ) -> Result<()> {
    ///     let response = client.get_attestor()
    ///         .set_name(format!("projects/{project_id}/attestors/{attestor_id}"))
    ///         .send().await?;
    ///     println!("response {:?}", response);
    ///     Ok(())
    /// }
    /// ```
    pub fn get_attestor(&self) -> super::builder::binauthz_management_service_v_1::GetAttestor {
        super::builder::binauthz_management_service_v_1::GetAttestor::new(self.inner.clone())
    }

    /// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
    /// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
    /// use google_cloud_binaryauthorization_v1::model::Attestor;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
    /// ) -> Result<()> {
    ///     let response = client.update_attestor()
    ///         .set_attestor(
    ///             Attestor::new().set_name(format!("projects/{project_id}/attestors/{attestor_id}"))/* set fields */
    ///         )
    ///         .send().await?;
    ///     println!("response {:?}", response);
    ///     Ok(())
    /// }
    /// ```
    pub fn update_attestor(
        &self,
    ) -> super::builder::binauthz_management_service_v_1::UpdateAttestor {
        super::builder::binauthz_management_service_v_1::UpdateAttestor::new(self.inner.clone())
    }

    /// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
    /// Returns INVALID_ARGUMENT if the project does not exist.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
    /// use google_cloud_gax::paginator::ItemPaginator as _;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &BinauthzManagementServiceV1, parent: &str
    /// ) -> Result<()> {
    ///     let mut list = client.list_attestors()
    ///         .set_parent(parent)
    ///         .by_item();
    ///     while let Some(item) = list.next().await.transpose()? {
    ///         println!("{:?}", item);
    ///     }
    ///     Ok(())
    /// }
    /// ```
    pub fn list_attestors(&self) -> super::builder::binauthz_management_service_v_1::ListAttestors {
        super::builder::binauthz_management_service_v_1::ListAttestors::new(self.inner.clone())
    }

    /// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
    /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
    ///
    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
    /// ) -> Result<()> {
    ///     client.delete_attestor()
    ///         .set_name(format!("projects/{project_id}/attestors/{attestor_id}"))
    ///         .send().await?;
    ///     Ok(())
    /// }
    /// ```
    pub fn delete_attestor(
        &self,
    ) -> super::builder::binauthz_management_service_v_1::DeleteAttestor {
        super::builder::binauthz_management_service_v_1::DeleteAttestor::new(self.inner.clone())
    }
}

/// Implements a client for the Binary Authorization API.
///
/// # Example
/// ```
/// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
/// async fn sample(
///    project_id: &str,
/// ) -> anyhow::Result<()> {
///     let client = SystemPolicyV1::builder().build().await?;
///     let response = client.get_system_policy()
///         .set_name(format!("projects/{project_id}/policy"))
///         .send().await?;
///     println!("response {:?}", response);
///     Ok(())
/// }
/// ```
///
/// # Service Description
///
/// API for working with the system policy.
///
/// # Configuration
///
/// To configure `SystemPolicyV1` use the `with_*` methods in the type returned
/// by [builder()][SystemPolicyV1::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://binaryauthorization.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::system_policy_v_1::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::system_policy_v_1::ClientBuilder::with_credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `SystemPolicyV1` holds a connection pool internally, it is advised to
/// create one and reuse it. You do not need to wrap `SystemPolicyV1` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct SystemPolicyV1 {
    inner: std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>,
}

impl SystemPolicyV1 {
    /// Returns a builder for [SystemPolicyV1].
    ///
    /// ```
    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
    /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
    /// let client = SystemPolicyV1::builder().build().await?;
    /// # Ok(()) }
    /// ```
    pub fn builder() -> super::builder::system_policy_v_1::ClientBuilder {
        crate::new_client_builder(super::builder::system_policy_v_1::client::Factory)
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
    where
        T: super::stub::SystemPolicyV1 + 'static,
    {
        Self { inner: stub.into() }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>> {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::SystemPolicyV1> {
        super::transport::SystemPolicyV1::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::SystemPolicyV1> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::SystemPolicyV1::new)
    }

    /// Gets the current system policy in the specified location.
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &SystemPolicyV1, project_id: &str
    /// ) -> Result<()> {
    ///     let response = client.get_system_policy()
    ///         .set_name(format!("projects/{project_id}/policy"))
    ///         .send().await?;
    ///     println!("response {:?}", response);
    ///     Ok(())
    /// }
    /// ```
    pub fn get_system_policy(&self) -> super::builder::system_policy_v_1::GetSystemPolicy {
        super::builder::system_policy_v_1::GetSystemPolicy::new(self.inner.clone())
    }
}

/// Implements a client for the Binary Authorization API.
///
/// # Example
/// ```
/// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
/// async fn sample(
/// ) -> anyhow::Result<()> {
///     let client = ValidationHelperV1::builder().build().await?;
///     let response = client.validate_attestation_occurrence()
///         /* set fields */
///         .send().await?;
///     println!("response {:?}", response);
///     Ok(())
/// }
/// ```
///
/// # Service Description
///
/// BinAuthz Attestor verification
///
/// # Configuration
///
/// To configure `ValidationHelperV1` use the `with_*` methods in the type returned
/// by [builder()][ValidationHelperV1::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://binaryauthorization.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::validation_helper_v_1::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::validation_helper_v_1::ClientBuilder::with_credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `ValidationHelperV1` holds a connection pool internally, it is advised to
/// create one and reuse it. You do not need to wrap `ValidationHelperV1` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct ValidationHelperV1 {
    inner: std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>,
}

impl ValidationHelperV1 {
    /// Returns a builder for [ValidationHelperV1].
    ///
    /// ```
    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
    /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
    /// let client = ValidationHelperV1::builder().build().await?;
    /// # Ok(()) }
    /// ```
    pub fn builder() -> super::builder::validation_helper_v_1::ClientBuilder {
        crate::new_client_builder(super::builder::validation_helper_v_1::client::Factory)
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
    where
        T: super::stub::ValidationHelperV1 + 'static,
    {
        Self { inner: stub.into() }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>>
    {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::ValidationHelperV1> {
        super::transport::ValidationHelperV1::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> crate::ClientBuilderResult<impl super::stub::ValidationHelperV1> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::ValidationHelperV1::new)
    }

    /// Returns whether the given Attestation for the given image URI
    /// was signed by the given Attestor
    ///
    /// # Example
    /// ```
    /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
    /// use google_cloud_binaryauthorization_v1::Result;
    /// async fn sample(
    ///    client: &ValidationHelperV1
    /// ) -> Result<()> {
    ///     let response = client.validate_attestation_occurrence()
    ///         /* set fields */
    ///         .send().await?;
    ///     println!("response {:?}", response);
    ///     Ok(())
    /// }
    /// ```
    pub fn validate_attestation_occurrence(
        &self,
    ) -> super::builder::validation_helper_v_1::ValidateAttestationOccurrence {
        super::builder::validation_helper_v_1::ValidateAttestationOccurrence::new(
            self.inner.clone(),
        )
    }
}