Skip to main content

google_cloud_binaryauthorization_v1/
client.rs

1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::bare_urls)]
17#![allow(rustdoc::broken_intra_doc_links)]
18#![allow(rustdoc::invalid_html_tags)]
19#![allow(rustdoc::redundant_explicit_links)]
20
21/// Implements a client for the Binary Authorization API.
22///
23/// # Example
24/// ```
25/// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
26/// use google_cloud_gax::paginator::ItemPaginator as _;
27/// async fn sample(
28///    parent: &str,
29/// ) -> anyhow::Result<()> {
30///     let client = BinauthzManagementServiceV1::builder().build().await?;
31///     let mut list = client.list_attestors()
32///         .set_parent(parent)
33///         .by_item();
34///     while let Some(item) = list.next().await.transpose()? {
35///         println!("{:?}", item);
36///     }
37///     Ok(())
38/// }
39/// ```
40///
41/// # Service Description
42///
43/// Google Cloud Management Service for Binary Authorization admission policies
44/// and attestation authorities.
45///
46/// This API implements a REST model with the following objects:
47///
48/// * [Policy][google.cloud.binaryauthorization.v1.Policy]
49/// * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
50///
51/// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
52/// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
53///
54/// # Configuration
55///
56/// To configure `BinauthzManagementServiceV1` use the `with_*` methods in the type returned
57/// by [builder()][BinauthzManagementServiceV1::builder]. The default configuration should
58/// work for most applications. Common configuration changes include
59///
60/// * [with_endpoint()]: by default this client uses the global default endpoint
61///   (`https://binaryauthorization.googleapis.com`). Applications using regional
62///   endpoints or running in restricted networks (e.g. a network configured
63///   with [Private Google Access with VPC Service Controls]) may want to
64///   override this default.
65/// * [with_credentials()]: by default this client uses
66///   [Application Default Credentials]. Applications using custom
67///   authentication may need to override this default.
68///
69/// [with_endpoint()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_endpoint
70/// [with_credentials()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_credentials
71/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
72/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
73///
74/// # Pooling and Cloning
75///
76/// `BinauthzManagementServiceV1` holds a connection pool internally, it is advised to
77/// create one and reuse it. You do not need to wrap `BinauthzManagementServiceV1` in
78/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
79/// already uses an `Arc` internally.
80#[derive(Clone, Debug)]
81pub struct BinauthzManagementServiceV1 {
82    inner: std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
83}
84
85impl BinauthzManagementServiceV1 {
86    /// Returns a builder for [BinauthzManagementServiceV1].
87    ///
88    /// ```
89    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
90    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
91    /// let client = BinauthzManagementServiceV1::builder().build().await?;
92    /// # Ok(()) }
93    /// ```
94    pub fn builder() -> super::builder::binauthz_management_service_v_1::ClientBuilder {
95        crate::new_client_builder(super::builder::binauthz_management_service_v_1::client::Factory)
96    }
97
98    /// Creates a new client from the provided stub.
99    ///
100    /// The most common case for calling this function is in tests mocking the
101    /// client's behavior.
102    pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
103    where
104        T: super::stub::BinauthzManagementServiceV1 + 'static,
105    {
106        Self { inner: stub.into() }
107    }
108
109    pub(crate) async fn new(
110        config: gaxi::options::ClientConfig,
111    ) -> crate::ClientBuilderResult<Self> {
112        let inner = Self::build_inner(config).await?;
113        Ok(Self { inner })
114    }
115
116    async fn build_inner(
117        conf: gaxi::options::ClientConfig,
118    ) -> crate::ClientBuilderResult<
119        std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
120    > {
121        if gaxi::options::tracing_enabled(&conf) {
122            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
123        }
124        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
125    }
126
127    async fn build_transport(
128        conf: gaxi::options::ClientConfig,
129    ) -> crate::ClientBuilderResult<impl super::stub::BinauthzManagementServiceV1> {
130        super::transport::BinauthzManagementServiceV1::new(conf).await
131    }
132
133    async fn build_with_tracing(
134        conf: gaxi::options::ClientConfig,
135    ) -> crate::ClientBuilderResult<impl super::stub::BinauthzManagementServiceV1> {
136        Self::build_transport(conf)
137            .await
138            .map(super::tracing::BinauthzManagementServiceV1::new)
139    }
140
141    /// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the
142    /// [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest
143    /// to a container image, before the project is allowed to deploy that image.
144    /// There is at most one policy per project. All image admission requests are
145    /// permitted if a project has no policy.
146    ///
147    /// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this
148    /// project. Returns a default
149    /// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does
150    /// not have one.
151    ///
152    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
153    /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
154    ///
155    /// # Example
156    /// ```
157    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
158    /// use google_cloud_binaryauthorization_v1::Result;
159    /// async fn sample(
160    ///    client: &BinauthzManagementServiceV1, project_id: &str
161    /// ) -> Result<()> {
162    ///     let response = client.get_policy()
163    ///         .set_name(format!("projects/{project_id}/policy"))
164    ///         .send().await?;
165    ///     println!("response {:?}", response);
166    ///     Ok(())
167    /// }
168    /// ```
169    pub fn get_policy(&self) -> super::builder::binauthz_management_service_v_1::GetPolicy {
170        super::builder::binauthz_management_service_v_1::GetPolicy::new(self.inner.clone())
171    }
172
173    /// Creates or updates a project's
174    /// [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of
175    /// the new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is
176    /// always updated as a whole, to avoid race conditions with concurrent policy
177    /// enforcement (or management!) requests. Returns `NOT_FOUND` if the project
178    /// does not exist, `INVALID_ARGUMENT` if the request is malformed.
179    ///
180    /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
181    ///
182    /// # Example
183    /// ```
184    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
185    /// use google_cloud_binaryauthorization_v1::model::Policy;
186    /// use google_cloud_binaryauthorization_v1::Result;
187    /// async fn sample(
188    ///    client: &BinauthzManagementServiceV1, project_id: &str
189    /// ) -> Result<()> {
190    ///     let response = client.update_policy()
191    ///         .set_policy(
192    ///             Policy::new().set_name(format!("projects/{project_id}/policy"))/* set fields */
193    ///         )
194    ///         .send().await?;
195    ///     println!("response {:?}", response);
196    ///     Ok(())
197    /// }
198    /// ```
199    pub fn update_policy(&self) -> super::builder::binauthz_management_service_v_1::UpdatePolicy {
200        super::builder::binauthz_management_service_v_1::UpdatePolicy::new(self.inner.clone())
201    }
202
203    /// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and
204    /// returns a copy of the new
205    /// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns
206    /// `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the
207    /// request is malformed, `ALREADY_EXISTS` if the
208    /// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
209    ///
210    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
211    ///
212    /// # Example
213    /// ```
214    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
215    /// use google_cloud_binaryauthorization_v1::model::Attestor;
216    /// use google_cloud_binaryauthorization_v1::Result;
217    /// async fn sample(
218    ///    client: &BinauthzManagementServiceV1, parent: &str
219    /// ) -> Result<()> {
220    ///     let response = client.create_attestor()
221    ///         .set_parent(parent)
222    ///         .set_attestor_id("attestor_id_value")
223    ///         .set_attestor(
224    ///             Attestor::new()/* set fields */
225    ///         )
226    ///         .send().await?;
227    ///     println!("response {:?}", response);
228    ///     Ok(())
229    /// }
230    /// ```
231    pub fn create_attestor(
232        &self,
233    ) -> super::builder::binauthz_management_service_v_1::CreateAttestor {
234        super::builder::binauthz_management_service_v_1::CreateAttestor::new(self.inner.clone())
235    }
236
237    /// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
238    /// Returns `NOT_FOUND` if the
239    /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
240    ///
241    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
242    ///
243    /// # Example
244    /// ```
245    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
246    /// use google_cloud_binaryauthorization_v1::Result;
247    /// async fn sample(
248    ///    client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
249    /// ) -> Result<()> {
250    ///     let response = client.get_attestor()
251    ///         .set_name(format!("projects/{project_id}/attestors/{attestor_id}"))
252    ///         .send().await?;
253    ///     println!("response {:?}", response);
254    ///     Ok(())
255    /// }
256    /// ```
257    pub fn get_attestor(&self) -> super::builder::binauthz_management_service_v_1::GetAttestor {
258        super::builder::binauthz_management_service_v_1::GetAttestor::new(self.inner.clone())
259    }
260
261    /// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
262    /// Returns `NOT_FOUND` if the
263    /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
264    ///
265    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
266    ///
267    /// # Example
268    /// ```
269    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
270    /// use google_cloud_binaryauthorization_v1::model::Attestor;
271    /// use google_cloud_binaryauthorization_v1::Result;
272    /// async fn sample(
273    ///    client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
274    /// ) -> Result<()> {
275    ///     let response = client.update_attestor()
276    ///         .set_attestor(
277    ///             Attestor::new().set_name(format!("projects/{project_id}/attestors/{attestor_id}"))/* set fields */
278    ///         )
279    ///         .send().await?;
280    ///     println!("response {:?}", response);
281    ///     Ok(())
282    /// }
283    /// ```
284    pub fn update_attestor(
285        &self,
286    ) -> super::builder::binauthz_management_service_v_1::UpdateAttestor {
287        super::builder::binauthz_management_service_v_1::UpdateAttestor::new(self.inner.clone())
288    }
289
290    /// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
291    /// Returns `INVALID_ARGUMENT` if the project does not exist.
292    ///
293    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
294    ///
295    /// # Example
296    /// ```
297    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
298    /// use google_cloud_gax::paginator::ItemPaginator as _;
299    /// use google_cloud_binaryauthorization_v1::Result;
300    /// async fn sample(
301    ///    client: &BinauthzManagementServiceV1, parent: &str
302    /// ) -> Result<()> {
303    ///     let mut list = client.list_attestors()
304    ///         .set_parent(parent)
305    ///         .by_item();
306    ///     while let Some(item) = list.next().await.transpose()? {
307    ///         println!("{:?}", item);
308    ///     }
309    ///     Ok(())
310    /// }
311    /// ```
312    pub fn list_attestors(&self) -> super::builder::binauthz_management_service_v_1::ListAttestors {
313        super::builder::binauthz_management_service_v_1::ListAttestors::new(self.inner.clone())
314    }
315
316    /// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor].
317    /// Returns `NOT_FOUND` if the
318    /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
319    ///
320    /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
321    ///
322    /// # Example
323    /// ```
324    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
325    /// use google_cloud_binaryauthorization_v1::Result;
326    /// async fn sample(
327    ///    client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
328    /// ) -> Result<()> {
329    ///     client.delete_attestor()
330    ///         .set_name(format!("projects/{project_id}/attestors/{attestor_id}"))
331    ///         .send().await?;
332    ///     Ok(())
333    /// }
334    /// ```
335    pub fn delete_attestor(
336        &self,
337    ) -> super::builder::binauthz_management_service_v_1::DeleteAttestor {
338        super::builder::binauthz_management_service_v_1::DeleteAttestor::new(self.inner.clone())
339    }
340
341    /// Sets the access control policy on the specified resource. Replaces
342    /// any existing policy.
343    ///
344    /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
345    /// errors.
346    ///
347    /// # Example
348    /// ```
349    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
350    /// use google_cloud_binaryauthorization_v1::Result;
351    /// async fn sample(
352    ///    client: &BinauthzManagementServiceV1
353    /// ) -> Result<()> {
354    ///     let response = client.set_iam_policy()
355    ///         /* set fields */
356    ///         .send().await?;
357    ///     println!("response {:?}", response);
358    ///     Ok(())
359    /// }
360    /// ```
361    pub fn set_iam_policy(&self) -> super::builder::binauthz_management_service_v_1::SetIamPolicy {
362        super::builder::binauthz_management_service_v_1::SetIamPolicy::new(self.inner.clone())
363    }
364
365    /// Gets the access control policy for a resource. Returns an empty policy
366    /// if the resource exists and does not have a policy set.
367    ///
368    /// # Example
369    /// ```
370    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
371    /// use google_cloud_binaryauthorization_v1::Result;
372    /// async fn sample(
373    ///    client: &BinauthzManagementServiceV1
374    /// ) -> Result<()> {
375    ///     let response = client.get_iam_policy()
376    ///         /* set fields */
377    ///         .send().await?;
378    ///     println!("response {:?}", response);
379    ///     Ok(())
380    /// }
381    /// ```
382    pub fn get_iam_policy(&self) -> super::builder::binauthz_management_service_v_1::GetIamPolicy {
383        super::builder::binauthz_management_service_v_1::GetIamPolicy::new(self.inner.clone())
384    }
385
386    /// Returns permissions that a caller has on the specified resource. If the
387    /// resource does not exist, this will return an empty set of
388    /// permissions, not a `NOT_FOUND` error.
389    ///
390    /// Note: This operation is designed to be used for building
391    /// permission-aware UIs and command-line tools, not for authorization
392    /// checking. This operation may "fail open" without warning.
393    ///
394    /// # Example
395    /// ```
396    /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
397    /// use google_cloud_binaryauthorization_v1::Result;
398    /// async fn sample(
399    ///    client: &BinauthzManagementServiceV1
400    /// ) -> Result<()> {
401    ///     let response = client.test_iam_permissions()
402    ///         /* set fields */
403    ///         .send().await?;
404    ///     println!("response {:?}", response);
405    ///     Ok(())
406    /// }
407    /// ```
408    pub fn test_iam_permissions(
409        &self,
410    ) -> super::builder::binauthz_management_service_v_1::TestIamPermissions {
411        super::builder::binauthz_management_service_v_1::TestIamPermissions::new(self.inner.clone())
412    }
413}
414
415/// Implements a client for the Binary Authorization API.
416///
417/// # Example
418/// ```
419/// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
420/// async fn sample(
421///    project_id: &str,
422/// ) -> anyhow::Result<()> {
423///     let client = SystemPolicyV1::builder().build().await?;
424///     let response = client.get_system_policy()
425///         .set_name(format!("projects/{project_id}/policy"))
426///         .send().await?;
427///     println!("response {:?}", response);
428///     Ok(())
429/// }
430/// ```
431///
432/// # Service Description
433///
434/// API for working with the system policy.
435///
436/// # Configuration
437///
438/// To configure `SystemPolicyV1` use the `with_*` methods in the type returned
439/// by [builder()][SystemPolicyV1::builder]. The default configuration should
440/// work for most applications. Common configuration changes include
441///
442/// * [with_endpoint()]: by default this client uses the global default endpoint
443///   (`https://binaryauthorization.googleapis.com`). Applications using regional
444///   endpoints or running in restricted networks (e.g. a network configured
445///   with [Private Google Access with VPC Service Controls]) may want to
446///   override this default.
447/// * [with_credentials()]: by default this client uses
448///   [Application Default Credentials]. Applications using custom
449///   authentication may need to override this default.
450///
451/// [with_endpoint()]: super::builder::system_policy_v_1::ClientBuilder::with_endpoint
452/// [with_credentials()]: super::builder::system_policy_v_1::ClientBuilder::with_credentials
453/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
454/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
455///
456/// # Pooling and Cloning
457///
458/// `SystemPolicyV1` holds a connection pool internally, it is advised to
459/// create one and reuse it. You do not need to wrap `SystemPolicyV1` in
460/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
461/// already uses an `Arc` internally.
462#[derive(Clone, Debug)]
463pub struct SystemPolicyV1 {
464    inner: std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>,
465}
466
467impl SystemPolicyV1 {
468    /// Returns a builder for [SystemPolicyV1].
469    ///
470    /// ```
471    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
472    /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
473    /// let client = SystemPolicyV1::builder().build().await?;
474    /// # Ok(()) }
475    /// ```
476    pub fn builder() -> super::builder::system_policy_v_1::ClientBuilder {
477        crate::new_client_builder(super::builder::system_policy_v_1::client::Factory)
478    }
479
480    /// Creates a new client from the provided stub.
481    ///
482    /// The most common case for calling this function is in tests mocking the
483    /// client's behavior.
484    pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
485    where
486        T: super::stub::SystemPolicyV1 + 'static,
487    {
488        Self { inner: stub.into() }
489    }
490
491    pub(crate) async fn new(
492        config: gaxi::options::ClientConfig,
493    ) -> crate::ClientBuilderResult<Self> {
494        let inner = Self::build_inner(config).await?;
495        Ok(Self { inner })
496    }
497
498    async fn build_inner(
499        conf: gaxi::options::ClientConfig,
500    ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>> {
501        if gaxi::options::tracing_enabled(&conf) {
502            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
503        }
504        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
505    }
506
507    async fn build_transport(
508        conf: gaxi::options::ClientConfig,
509    ) -> crate::ClientBuilderResult<impl super::stub::SystemPolicyV1> {
510        super::transport::SystemPolicyV1::new(conf).await
511    }
512
513    async fn build_with_tracing(
514        conf: gaxi::options::ClientConfig,
515    ) -> crate::ClientBuilderResult<impl super::stub::SystemPolicyV1> {
516        Self::build_transport(conf)
517            .await
518            .map(super::tracing::SystemPolicyV1::new)
519    }
520
521    /// Gets the current system policy in the specified location.
522    ///
523    /// # Example
524    /// ```
525    /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
526    /// use google_cloud_binaryauthorization_v1::Result;
527    /// async fn sample(
528    ///    client: &SystemPolicyV1, project_id: &str
529    /// ) -> Result<()> {
530    ///     let response = client.get_system_policy()
531    ///         .set_name(format!("projects/{project_id}/policy"))
532    ///         .send().await?;
533    ///     println!("response {:?}", response);
534    ///     Ok(())
535    /// }
536    /// ```
537    pub fn get_system_policy(&self) -> super::builder::system_policy_v_1::GetSystemPolicy {
538        super::builder::system_policy_v_1::GetSystemPolicy::new(self.inner.clone())
539    }
540
541    /// Sets the access control policy on the specified resource. Replaces
542    /// any existing policy.
543    ///
544    /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
545    /// errors.
546    ///
547    /// # Example
548    /// ```
549    /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
550    /// use google_cloud_binaryauthorization_v1::Result;
551    /// async fn sample(
552    ///    client: &SystemPolicyV1
553    /// ) -> Result<()> {
554    ///     let response = client.set_iam_policy()
555    ///         /* set fields */
556    ///         .send().await?;
557    ///     println!("response {:?}", response);
558    ///     Ok(())
559    /// }
560    /// ```
561    pub fn set_iam_policy(&self) -> super::builder::system_policy_v_1::SetIamPolicy {
562        super::builder::system_policy_v_1::SetIamPolicy::new(self.inner.clone())
563    }
564
565    /// Gets the access control policy for a resource. Returns an empty policy
566    /// if the resource exists and does not have a policy set.
567    ///
568    /// # Example
569    /// ```
570    /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
571    /// use google_cloud_binaryauthorization_v1::Result;
572    /// async fn sample(
573    ///    client: &SystemPolicyV1
574    /// ) -> Result<()> {
575    ///     let response = client.get_iam_policy()
576    ///         /* set fields */
577    ///         .send().await?;
578    ///     println!("response {:?}", response);
579    ///     Ok(())
580    /// }
581    /// ```
582    pub fn get_iam_policy(&self) -> super::builder::system_policy_v_1::GetIamPolicy {
583        super::builder::system_policy_v_1::GetIamPolicy::new(self.inner.clone())
584    }
585
586    /// Returns permissions that a caller has on the specified resource. If the
587    /// resource does not exist, this will return an empty set of
588    /// permissions, not a `NOT_FOUND` error.
589    ///
590    /// Note: This operation is designed to be used for building
591    /// permission-aware UIs and command-line tools, not for authorization
592    /// checking. This operation may "fail open" without warning.
593    ///
594    /// # Example
595    /// ```
596    /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
597    /// use google_cloud_binaryauthorization_v1::Result;
598    /// async fn sample(
599    ///    client: &SystemPolicyV1
600    /// ) -> Result<()> {
601    ///     let response = client.test_iam_permissions()
602    ///         /* set fields */
603    ///         .send().await?;
604    ///     println!("response {:?}", response);
605    ///     Ok(())
606    /// }
607    /// ```
608    pub fn test_iam_permissions(&self) -> super::builder::system_policy_v_1::TestIamPermissions {
609        super::builder::system_policy_v_1::TestIamPermissions::new(self.inner.clone())
610    }
611}
612
613/// Implements a client for the Binary Authorization API.
614///
615/// # Example
616/// ```
617/// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
618/// async fn sample(
619/// ) -> anyhow::Result<()> {
620///     let client = ValidationHelperV1::builder().build().await?;
621///     let response = client.validate_attestation_occurrence()
622///         /* set fields */
623///         .send().await?;
624///     println!("response {:?}", response);
625///     Ok(())
626/// }
627/// ```
628///
629/// # Service Description
630///
631/// BinAuthz Attestor verification
632///
633/// # Configuration
634///
635/// To configure `ValidationHelperV1` use the `with_*` methods in the type returned
636/// by [builder()][ValidationHelperV1::builder]. The default configuration should
637/// work for most applications. Common configuration changes include
638///
639/// * [with_endpoint()]: by default this client uses the global default endpoint
640///   (`https://binaryauthorization.googleapis.com`). Applications using regional
641///   endpoints or running in restricted networks (e.g. a network configured
642///   with [Private Google Access with VPC Service Controls]) may want to
643///   override this default.
644/// * [with_credentials()]: by default this client uses
645///   [Application Default Credentials]. Applications using custom
646///   authentication may need to override this default.
647///
648/// [with_endpoint()]: super::builder::validation_helper_v_1::ClientBuilder::with_endpoint
649/// [with_credentials()]: super::builder::validation_helper_v_1::ClientBuilder::with_credentials
650/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
651/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
652///
653/// # Pooling and Cloning
654///
655/// `ValidationHelperV1` holds a connection pool internally, it is advised to
656/// create one and reuse it. You do not need to wrap `ValidationHelperV1` in
657/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
658/// already uses an `Arc` internally.
659#[derive(Clone, Debug)]
660pub struct ValidationHelperV1 {
661    inner: std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>,
662}
663
664impl ValidationHelperV1 {
665    /// Returns a builder for [ValidationHelperV1].
666    ///
667    /// ```
668    /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
669    /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
670    /// let client = ValidationHelperV1::builder().build().await?;
671    /// # Ok(()) }
672    /// ```
673    pub fn builder() -> super::builder::validation_helper_v_1::ClientBuilder {
674        crate::new_client_builder(super::builder::validation_helper_v_1::client::Factory)
675    }
676
677    /// Creates a new client from the provided stub.
678    ///
679    /// The most common case for calling this function is in tests mocking the
680    /// client's behavior.
681    pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
682    where
683        T: super::stub::ValidationHelperV1 + 'static,
684    {
685        Self { inner: stub.into() }
686    }
687
688    pub(crate) async fn new(
689        config: gaxi::options::ClientConfig,
690    ) -> crate::ClientBuilderResult<Self> {
691        let inner = Self::build_inner(config).await?;
692        Ok(Self { inner })
693    }
694
695    async fn build_inner(
696        conf: gaxi::options::ClientConfig,
697    ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>>
698    {
699        if gaxi::options::tracing_enabled(&conf) {
700            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
701        }
702        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
703    }
704
705    async fn build_transport(
706        conf: gaxi::options::ClientConfig,
707    ) -> crate::ClientBuilderResult<impl super::stub::ValidationHelperV1> {
708        super::transport::ValidationHelperV1::new(conf).await
709    }
710
711    async fn build_with_tracing(
712        conf: gaxi::options::ClientConfig,
713    ) -> crate::ClientBuilderResult<impl super::stub::ValidationHelperV1> {
714        Self::build_transport(conf)
715            .await
716            .map(super::tracing::ValidationHelperV1::new)
717    }
718
719    /// Returns whether the given `Attestation` for the given image URI
720    /// was signed by the given `Attestor`
721    ///
722    /// # Example
723    /// ```
724    /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
725    /// use google_cloud_binaryauthorization_v1::Result;
726    /// async fn sample(
727    ///    client: &ValidationHelperV1
728    /// ) -> Result<()> {
729    ///     let response = client.validate_attestation_occurrence()
730    ///         /* set fields */
731    ///         .send().await?;
732    ///     println!("response {:?}", response);
733    ///     Ok(())
734    /// }
735    /// ```
736    pub fn validate_attestation_occurrence(
737        &self,
738    ) -> super::builder::validation_helper_v_1::ValidateAttestationOccurrence {
739        super::builder::validation_helper_v_1::ValidateAttestationOccurrence::new(
740            self.inner.clone(),
741        )
742    }
743
744    /// Sets the access control policy on the specified resource. Replaces
745    /// any existing policy.
746    ///
747    /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
748    /// errors.
749    ///
750    /// # Example
751    /// ```
752    /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
753    /// use google_cloud_binaryauthorization_v1::Result;
754    /// async fn sample(
755    ///    client: &ValidationHelperV1
756    /// ) -> Result<()> {
757    ///     let response = client.set_iam_policy()
758    ///         /* set fields */
759    ///         .send().await?;
760    ///     println!("response {:?}", response);
761    ///     Ok(())
762    /// }
763    /// ```
764    pub fn set_iam_policy(&self) -> super::builder::validation_helper_v_1::SetIamPolicy {
765        super::builder::validation_helper_v_1::SetIamPolicy::new(self.inner.clone())
766    }
767
768    /// Gets the access control policy for a resource. Returns an empty policy
769    /// if the resource exists and does not have a policy set.
770    ///
771    /// # Example
772    /// ```
773    /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
774    /// use google_cloud_binaryauthorization_v1::Result;
775    /// async fn sample(
776    ///    client: &ValidationHelperV1
777    /// ) -> Result<()> {
778    ///     let response = client.get_iam_policy()
779    ///         /* set fields */
780    ///         .send().await?;
781    ///     println!("response {:?}", response);
782    ///     Ok(())
783    /// }
784    /// ```
785    pub fn get_iam_policy(&self) -> super::builder::validation_helper_v_1::GetIamPolicy {
786        super::builder::validation_helper_v_1::GetIamPolicy::new(self.inner.clone())
787    }
788
789    /// Returns permissions that a caller has on the specified resource. If the
790    /// resource does not exist, this will return an empty set of
791    /// permissions, not a `NOT_FOUND` error.
792    ///
793    /// Note: This operation is designed to be used for building
794    /// permission-aware UIs and command-line tools, not for authorization
795    /// checking. This operation may "fail open" without warning.
796    ///
797    /// # Example
798    /// ```
799    /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
800    /// use google_cloud_binaryauthorization_v1::Result;
801    /// async fn sample(
802    ///    client: &ValidationHelperV1
803    /// ) -> Result<()> {
804    ///     let response = client.test_iam_permissions()
805    ///         /* set fields */
806    ///         .send().await?;
807    ///     println!("response {:?}", response);
808    ///     Ok(())
809    /// }
810    /// ```
811    pub fn test_iam_permissions(
812        &self,
813    ) -> super::builder::validation_helper_v_1::TestIamPermissions {
814        super::builder::validation_helper_v_1::TestIamPermissions::new(self.inner.clone())
815    }
816}