google_cloud_binaryauthorization_v1/client.rs
1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::bare_urls)]
17#![allow(rustdoc::broken_intra_doc_links)]
18#![allow(rustdoc::invalid_html_tags)]
19#![allow(rustdoc::redundant_explicit_links)]
20
21/// Implements a client for the Binary Authorization API.
22///
23/// # Example
24/// ```
25/// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
26/// use google_cloud_gax::paginator::ItemPaginator as _;
27/// async fn sample(
28/// parent: &str,
29/// ) -> anyhow::Result<()> {
30/// let client = BinauthzManagementServiceV1::builder().build().await?;
31/// let mut list = client.list_attestors()
32/// .set_parent(parent)
33/// .by_item();
34/// while let Some(item) = list.next().await.transpose()? {
35/// println!("{:?}", item);
36/// }
37/// Ok(())
38/// }
39/// ```
40///
41/// # Service Description
42///
43/// Google Cloud Management Service for Binary Authorization admission policies
44/// and attestation authorities.
45///
46/// This API implements a REST model with the following objects:
47///
48/// * [Policy][google.cloud.binaryauthorization.v1.Policy]
49/// * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
50///
51/// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
52/// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
53///
54/// # Configuration
55///
56/// To configure `BinauthzManagementServiceV1` use the `with_*` methods in the type returned
57/// by [builder()][BinauthzManagementServiceV1::builder]. The default configuration should
58/// work for most applications. Common configuration changes include
59///
60/// * [with_endpoint()]: by default this client uses the global default endpoint
61/// (`https://binaryauthorization.googleapis.com`). Applications using regional
62/// endpoints or running in restricted networks (e.g. a network configured
63/// with [Private Google Access with VPC Service Controls]) may want to
64/// override this default.
65/// * [with_credentials()]: by default this client uses
66/// [Application Default Credentials]. Applications using custom
67/// authentication may need to override this default.
68///
69/// [with_endpoint()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_endpoint
70/// [with_credentials()]: super::builder::binauthz_management_service_v_1::ClientBuilder::with_credentials
71/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
72/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
73///
74/// # Pooling and Cloning
75///
76/// `BinauthzManagementServiceV1` holds a connection pool internally, it is advised to
77/// create one and reuse it. You do not need to wrap `BinauthzManagementServiceV1` in
78/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
79/// already uses an `Arc` internally.
80#[derive(Clone, Debug)]
81pub struct BinauthzManagementServiceV1 {
82 inner: std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
83}
84
85impl BinauthzManagementServiceV1 {
86 /// Returns a builder for [BinauthzManagementServiceV1].
87 ///
88 /// ```
89 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
90 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
91 /// let client = BinauthzManagementServiceV1::builder().build().await?;
92 /// # Ok(()) }
93 /// ```
94 pub fn builder() -> super::builder::binauthz_management_service_v_1::ClientBuilder {
95 crate::new_client_builder(super::builder::binauthz_management_service_v_1::client::Factory)
96 }
97
98 /// Creates a new client from the provided stub.
99 ///
100 /// The most common case for calling this function is in tests mocking the
101 /// client's behavior.
102 pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
103 where
104 T: super::stub::BinauthzManagementServiceV1 + 'static,
105 {
106 Self { inner: stub.into() }
107 }
108
109 pub(crate) async fn new(
110 config: gaxi::options::ClientConfig,
111 ) -> crate::ClientBuilderResult<Self> {
112 let inner = Self::build_inner(config).await?;
113 Ok(Self { inner })
114 }
115
116 async fn build_inner(
117 conf: gaxi::options::ClientConfig,
118 ) -> crate::ClientBuilderResult<
119 std::sync::Arc<dyn super::stub::dynamic::BinauthzManagementServiceV1>,
120 > {
121 if gaxi::options::tracing_enabled(&conf) {
122 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
123 }
124 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
125 }
126
127 async fn build_transport(
128 conf: gaxi::options::ClientConfig,
129 ) -> crate::ClientBuilderResult<impl super::stub::BinauthzManagementServiceV1> {
130 super::transport::BinauthzManagementServiceV1::new(conf).await
131 }
132
133 async fn build_with_tracing(
134 conf: gaxi::options::ClientConfig,
135 ) -> crate::ClientBuilderResult<impl super::stub::BinauthzManagementServiceV1> {
136 Self::build_transport(conf)
137 .await
138 .map(super::tracing::BinauthzManagementServiceV1::new)
139 }
140
141 /// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the
142 /// [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest
143 /// to a container image, before the project is allowed to deploy that image.
144 /// There is at most one policy per project. All image admission requests are
145 /// permitted if a project has no policy.
146 ///
147 /// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this
148 /// project. Returns a default
149 /// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does
150 /// not have one.
151 ///
152 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
153 /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
154 ///
155 /// # Example
156 /// ```
157 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
158 /// use google_cloud_binaryauthorization_v1::Result;
159 /// async fn sample(
160 /// client: &BinauthzManagementServiceV1, project_id: &str
161 /// ) -> Result<()> {
162 /// let response = client.get_policy()
163 /// .set_name(format!("projects/{project_id}/policy"))
164 /// .send().await?;
165 /// println!("response {:?}", response);
166 /// Ok(())
167 /// }
168 /// ```
169 pub fn get_policy(&self) -> super::builder::binauthz_management_service_v_1::GetPolicy {
170 super::builder::binauthz_management_service_v_1::GetPolicy::new(self.inner.clone())
171 }
172
173 /// Creates or updates a project's
174 /// [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of
175 /// the new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is
176 /// always updated as a whole, to avoid race conditions with concurrent policy
177 /// enforcement (or management!) requests. Returns `NOT_FOUND` if the project
178 /// does not exist, `INVALID_ARGUMENT` if the request is malformed.
179 ///
180 /// [google.cloud.binaryauthorization.v1.Policy]: crate::model::Policy
181 ///
182 /// # Example
183 /// ```
184 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
185 /// use google_cloud_binaryauthorization_v1::model::Policy;
186 /// use google_cloud_binaryauthorization_v1::Result;
187 /// async fn sample(
188 /// client: &BinauthzManagementServiceV1, project_id: &str
189 /// ) -> Result<()> {
190 /// let response = client.update_policy()
191 /// .set_policy(
192 /// Policy::new().set_name(format!("projects/{project_id}/policy"))/* set fields */
193 /// )
194 /// .send().await?;
195 /// println!("response {:?}", response);
196 /// Ok(())
197 /// }
198 /// ```
199 pub fn update_policy(&self) -> super::builder::binauthz_management_service_v_1::UpdatePolicy {
200 super::builder::binauthz_management_service_v_1::UpdatePolicy::new(self.inner.clone())
201 }
202
203 /// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and
204 /// returns a copy of the new
205 /// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns
206 /// `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the
207 /// request is malformed, `ALREADY_EXISTS` if the
208 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
209 ///
210 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
211 ///
212 /// # Example
213 /// ```
214 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
215 /// use google_cloud_binaryauthorization_v1::model::Attestor;
216 /// use google_cloud_binaryauthorization_v1::Result;
217 /// async fn sample(
218 /// client: &BinauthzManagementServiceV1, parent: &str
219 /// ) -> Result<()> {
220 /// let response = client.create_attestor()
221 /// .set_parent(parent)
222 /// .set_attestor_id("attestor_id_value")
223 /// .set_attestor(
224 /// Attestor::new()/* set fields */
225 /// )
226 /// .send().await?;
227 /// println!("response {:?}", response);
228 /// Ok(())
229 /// }
230 /// ```
231 pub fn create_attestor(
232 &self,
233 ) -> super::builder::binauthz_management_service_v_1::CreateAttestor {
234 super::builder::binauthz_management_service_v_1::CreateAttestor::new(self.inner.clone())
235 }
236
237 /// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
238 /// Returns `NOT_FOUND` if the
239 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
240 ///
241 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
242 ///
243 /// # Example
244 /// ```
245 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
246 /// use google_cloud_binaryauthorization_v1::Result;
247 /// async fn sample(
248 /// client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
249 /// ) -> Result<()> {
250 /// let response = client.get_attestor()
251 /// .set_name(format!("projects/{project_id}/attestors/{attestor_id}"))
252 /// .send().await?;
253 /// println!("response {:?}", response);
254 /// Ok(())
255 /// }
256 /// ```
257 pub fn get_attestor(&self) -> super::builder::binauthz_management_service_v_1::GetAttestor {
258 super::builder::binauthz_management_service_v_1::GetAttestor::new(self.inner.clone())
259 }
260
261 /// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
262 /// Returns `NOT_FOUND` if the
263 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
264 ///
265 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
266 ///
267 /// # Example
268 /// ```
269 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
270 /// use google_cloud_binaryauthorization_v1::model::Attestor;
271 /// use google_cloud_binaryauthorization_v1::Result;
272 /// async fn sample(
273 /// client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
274 /// ) -> Result<()> {
275 /// let response = client.update_attestor()
276 /// .set_attestor(
277 /// Attestor::new().set_name(format!("projects/{project_id}/attestors/{attestor_id}"))/* set fields */
278 /// )
279 /// .send().await?;
280 /// println!("response {:?}", response);
281 /// Ok(())
282 /// }
283 /// ```
284 pub fn update_attestor(
285 &self,
286 ) -> super::builder::binauthz_management_service_v_1::UpdateAttestor {
287 super::builder::binauthz_management_service_v_1::UpdateAttestor::new(self.inner.clone())
288 }
289
290 /// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
291 /// Returns `INVALID_ARGUMENT` if the project does not exist.
292 ///
293 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
294 ///
295 /// # Example
296 /// ```
297 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
298 /// use google_cloud_gax::paginator::ItemPaginator as _;
299 /// use google_cloud_binaryauthorization_v1::Result;
300 /// async fn sample(
301 /// client: &BinauthzManagementServiceV1, parent: &str
302 /// ) -> Result<()> {
303 /// let mut list = client.list_attestors()
304 /// .set_parent(parent)
305 /// .by_item();
306 /// while let Some(item) = list.next().await.transpose()? {
307 /// println!("{:?}", item);
308 /// }
309 /// Ok(())
310 /// }
311 /// ```
312 pub fn list_attestors(&self) -> super::builder::binauthz_management_service_v_1::ListAttestors {
313 super::builder::binauthz_management_service_v_1::ListAttestors::new(self.inner.clone())
314 }
315
316 /// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor].
317 /// Returns `NOT_FOUND` if the
318 /// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
319 ///
320 /// [google.cloud.binaryauthorization.v1.Attestor]: crate::model::Attestor
321 ///
322 /// # Example
323 /// ```
324 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
325 /// use google_cloud_binaryauthorization_v1::Result;
326 /// async fn sample(
327 /// client: &BinauthzManagementServiceV1, project_id: &str, attestor_id: &str
328 /// ) -> Result<()> {
329 /// client.delete_attestor()
330 /// .set_name(format!("projects/{project_id}/attestors/{attestor_id}"))
331 /// .send().await?;
332 /// Ok(())
333 /// }
334 /// ```
335 pub fn delete_attestor(
336 &self,
337 ) -> super::builder::binauthz_management_service_v_1::DeleteAttestor {
338 super::builder::binauthz_management_service_v_1::DeleteAttestor::new(self.inner.clone())
339 }
340
341 /// Sets the access control policy on the specified resource. Replaces
342 /// any existing policy.
343 ///
344 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
345 /// errors.
346 ///
347 /// # Example
348 /// ```
349 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
350 /// use google_cloud_binaryauthorization_v1::Result;
351 /// async fn sample(
352 /// client: &BinauthzManagementServiceV1
353 /// ) -> Result<()> {
354 /// let response = client.set_iam_policy()
355 /// /* set fields */
356 /// .send().await?;
357 /// println!("response {:?}", response);
358 /// Ok(())
359 /// }
360 /// ```
361 pub fn set_iam_policy(&self) -> super::builder::binauthz_management_service_v_1::SetIamPolicy {
362 super::builder::binauthz_management_service_v_1::SetIamPolicy::new(self.inner.clone())
363 }
364
365 /// Gets the access control policy for a resource. Returns an empty policy
366 /// if the resource exists and does not have a policy set.
367 ///
368 /// # Example
369 /// ```
370 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
371 /// use google_cloud_binaryauthorization_v1::Result;
372 /// async fn sample(
373 /// client: &BinauthzManagementServiceV1
374 /// ) -> Result<()> {
375 /// let response = client.get_iam_policy()
376 /// /* set fields */
377 /// .send().await?;
378 /// println!("response {:?}", response);
379 /// Ok(())
380 /// }
381 /// ```
382 pub fn get_iam_policy(&self) -> super::builder::binauthz_management_service_v_1::GetIamPolicy {
383 super::builder::binauthz_management_service_v_1::GetIamPolicy::new(self.inner.clone())
384 }
385
386 /// Returns permissions that a caller has on the specified resource. If the
387 /// resource does not exist, this will return an empty set of
388 /// permissions, not a `NOT_FOUND` error.
389 ///
390 /// Note: This operation is designed to be used for building
391 /// permission-aware UIs and command-line tools, not for authorization
392 /// checking. This operation may "fail open" without warning.
393 ///
394 /// # Example
395 /// ```
396 /// # use google_cloud_binaryauthorization_v1::client::BinauthzManagementServiceV1;
397 /// use google_cloud_binaryauthorization_v1::Result;
398 /// async fn sample(
399 /// client: &BinauthzManagementServiceV1
400 /// ) -> Result<()> {
401 /// let response = client.test_iam_permissions()
402 /// /* set fields */
403 /// .send().await?;
404 /// println!("response {:?}", response);
405 /// Ok(())
406 /// }
407 /// ```
408 pub fn test_iam_permissions(
409 &self,
410 ) -> super::builder::binauthz_management_service_v_1::TestIamPermissions {
411 super::builder::binauthz_management_service_v_1::TestIamPermissions::new(self.inner.clone())
412 }
413}
414
415/// Implements a client for the Binary Authorization API.
416///
417/// # Example
418/// ```
419/// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
420/// async fn sample(
421/// project_id: &str,
422/// ) -> anyhow::Result<()> {
423/// let client = SystemPolicyV1::builder().build().await?;
424/// let response = client.get_system_policy()
425/// .set_name(format!("projects/{project_id}/policy"))
426/// .send().await?;
427/// println!("response {:?}", response);
428/// Ok(())
429/// }
430/// ```
431///
432/// # Service Description
433///
434/// API for working with the system policy.
435///
436/// # Configuration
437///
438/// To configure `SystemPolicyV1` use the `with_*` methods in the type returned
439/// by [builder()][SystemPolicyV1::builder]. The default configuration should
440/// work for most applications. Common configuration changes include
441///
442/// * [with_endpoint()]: by default this client uses the global default endpoint
443/// (`https://binaryauthorization.googleapis.com`). Applications using regional
444/// endpoints or running in restricted networks (e.g. a network configured
445/// with [Private Google Access with VPC Service Controls]) may want to
446/// override this default.
447/// * [with_credentials()]: by default this client uses
448/// [Application Default Credentials]. Applications using custom
449/// authentication may need to override this default.
450///
451/// [with_endpoint()]: super::builder::system_policy_v_1::ClientBuilder::with_endpoint
452/// [with_credentials()]: super::builder::system_policy_v_1::ClientBuilder::with_credentials
453/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
454/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
455///
456/// # Pooling and Cloning
457///
458/// `SystemPolicyV1` holds a connection pool internally, it is advised to
459/// create one and reuse it. You do not need to wrap `SystemPolicyV1` in
460/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
461/// already uses an `Arc` internally.
462#[derive(Clone, Debug)]
463pub struct SystemPolicyV1 {
464 inner: std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>,
465}
466
467impl SystemPolicyV1 {
468 /// Returns a builder for [SystemPolicyV1].
469 ///
470 /// ```
471 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
472 /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
473 /// let client = SystemPolicyV1::builder().build().await?;
474 /// # Ok(()) }
475 /// ```
476 pub fn builder() -> super::builder::system_policy_v_1::ClientBuilder {
477 crate::new_client_builder(super::builder::system_policy_v_1::client::Factory)
478 }
479
480 /// Creates a new client from the provided stub.
481 ///
482 /// The most common case for calling this function is in tests mocking the
483 /// client's behavior.
484 pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
485 where
486 T: super::stub::SystemPolicyV1 + 'static,
487 {
488 Self { inner: stub.into() }
489 }
490
491 pub(crate) async fn new(
492 config: gaxi::options::ClientConfig,
493 ) -> crate::ClientBuilderResult<Self> {
494 let inner = Self::build_inner(config).await?;
495 Ok(Self { inner })
496 }
497
498 async fn build_inner(
499 conf: gaxi::options::ClientConfig,
500 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::SystemPolicyV1>> {
501 if gaxi::options::tracing_enabled(&conf) {
502 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
503 }
504 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
505 }
506
507 async fn build_transport(
508 conf: gaxi::options::ClientConfig,
509 ) -> crate::ClientBuilderResult<impl super::stub::SystemPolicyV1> {
510 super::transport::SystemPolicyV1::new(conf).await
511 }
512
513 async fn build_with_tracing(
514 conf: gaxi::options::ClientConfig,
515 ) -> crate::ClientBuilderResult<impl super::stub::SystemPolicyV1> {
516 Self::build_transport(conf)
517 .await
518 .map(super::tracing::SystemPolicyV1::new)
519 }
520
521 /// Gets the current system policy in the specified location.
522 ///
523 /// # Example
524 /// ```
525 /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
526 /// use google_cloud_binaryauthorization_v1::Result;
527 /// async fn sample(
528 /// client: &SystemPolicyV1, project_id: &str
529 /// ) -> Result<()> {
530 /// let response = client.get_system_policy()
531 /// .set_name(format!("projects/{project_id}/policy"))
532 /// .send().await?;
533 /// println!("response {:?}", response);
534 /// Ok(())
535 /// }
536 /// ```
537 pub fn get_system_policy(&self) -> super::builder::system_policy_v_1::GetSystemPolicy {
538 super::builder::system_policy_v_1::GetSystemPolicy::new(self.inner.clone())
539 }
540
541 /// Sets the access control policy on the specified resource. Replaces
542 /// any existing policy.
543 ///
544 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
545 /// errors.
546 ///
547 /// # Example
548 /// ```
549 /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
550 /// use google_cloud_binaryauthorization_v1::Result;
551 /// async fn sample(
552 /// client: &SystemPolicyV1
553 /// ) -> Result<()> {
554 /// let response = client.set_iam_policy()
555 /// /* set fields */
556 /// .send().await?;
557 /// println!("response {:?}", response);
558 /// Ok(())
559 /// }
560 /// ```
561 pub fn set_iam_policy(&self) -> super::builder::system_policy_v_1::SetIamPolicy {
562 super::builder::system_policy_v_1::SetIamPolicy::new(self.inner.clone())
563 }
564
565 /// Gets the access control policy for a resource. Returns an empty policy
566 /// if the resource exists and does not have a policy set.
567 ///
568 /// # Example
569 /// ```
570 /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
571 /// use google_cloud_binaryauthorization_v1::Result;
572 /// async fn sample(
573 /// client: &SystemPolicyV1
574 /// ) -> Result<()> {
575 /// let response = client.get_iam_policy()
576 /// /* set fields */
577 /// .send().await?;
578 /// println!("response {:?}", response);
579 /// Ok(())
580 /// }
581 /// ```
582 pub fn get_iam_policy(&self) -> super::builder::system_policy_v_1::GetIamPolicy {
583 super::builder::system_policy_v_1::GetIamPolicy::new(self.inner.clone())
584 }
585
586 /// Returns permissions that a caller has on the specified resource. If the
587 /// resource does not exist, this will return an empty set of
588 /// permissions, not a `NOT_FOUND` error.
589 ///
590 /// Note: This operation is designed to be used for building
591 /// permission-aware UIs and command-line tools, not for authorization
592 /// checking. This operation may "fail open" without warning.
593 ///
594 /// # Example
595 /// ```
596 /// # use google_cloud_binaryauthorization_v1::client::SystemPolicyV1;
597 /// use google_cloud_binaryauthorization_v1::Result;
598 /// async fn sample(
599 /// client: &SystemPolicyV1
600 /// ) -> Result<()> {
601 /// let response = client.test_iam_permissions()
602 /// /* set fields */
603 /// .send().await?;
604 /// println!("response {:?}", response);
605 /// Ok(())
606 /// }
607 /// ```
608 pub fn test_iam_permissions(&self) -> super::builder::system_policy_v_1::TestIamPermissions {
609 super::builder::system_policy_v_1::TestIamPermissions::new(self.inner.clone())
610 }
611}
612
613/// Implements a client for the Binary Authorization API.
614///
615/// # Example
616/// ```
617/// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
618/// async fn sample(
619/// ) -> anyhow::Result<()> {
620/// let client = ValidationHelperV1::builder().build().await?;
621/// let response = client.validate_attestation_occurrence()
622/// /* set fields */
623/// .send().await?;
624/// println!("response {:?}", response);
625/// Ok(())
626/// }
627/// ```
628///
629/// # Service Description
630///
631/// BinAuthz Attestor verification
632///
633/// # Configuration
634///
635/// To configure `ValidationHelperV1` use the `with_*` methods in the type returned
636/// by [builder()][ValidationHelperV1::builder]. The default configuration should
637/// work for most applications. Common configuration changes include
638///
639/// * [with_endpoint()]: by default this client uses the global default endpoint
640/// (`https://binaryauthorization.googleapis.com`). Applications using regional
641/// endpoints or running in restricted networks (e.g. a network configured
642/// with [Private Google Access with VPC Service Controls]) may want to
643/// override this default.
644/// * [with_credentials()]: by default this client uses
645/// [Application Default Credentials]. Applications using custom
646/// authentication may need to override this default.
647///
648/// [with_endpoint()]: super::builder::validation_helper_v_1::ClientBuilder::with_endpoint
649/// [with_credentials()]: super::builder::validation_helper_v_1::ClientBuilder::with_credentials
650/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
651/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
652///
653/// # Pooling and Cloning
654///
655/// `ValidationHelperV1` holds a connection pool internally, it is advised to
656/// create one and reuse it. You do not need to wrap `ValidationHelperV1` in
657/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
658/// already uses an `Arc` internally.
659#[derive(Clone, Debug)]
660pub struct ValidationHelperV1 {
661 inner: std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>,
662}
663
664impl ValidationHelperV1 {
665 /// Returns a builder for [ValidationHelperV1].
666 ///
667 /// ```
668 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
669 /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
670 /// let client = ValidationHelperV1::builder().build().await?;
671 /// # Ok(()) }
672 /// ```
673 pub fn builder() -> super::builder::validation_helper_v_1::ClientBuilder {
674 crate::new_client_builder(super::builder::validation_helper_v_1::client::Factory)
675 }
676
677 /// Creates a new client from the provided stub.
678 ///
679 /// The most common case for calling this function is in tests mocking the
680 /// client's behavior.
681 pub fn from_stub<T>(stub: impl Into<std::sync::Arc<T>>) -> Self
682 where
683 T: super::stub::ValidationHelperV1 + 'static,
684 {
685 Self { inner: stub.into() }
686 }
687
688 pub(crate) async fn new(
689 config: gaxi::options::ClientConfig,
690 ) -> crate::ClientBuilderResult<Self> {
691 let inner = Self::build_inner(config).await?;
692 Ok(Self { inner })
693 }
694
695 async fn build_inner(
696 conf: gaxi::options::ClientConfig,
697 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::ValidationHelperV1>>
698 {
699 if gaxi::options::tracing_enabled(&conf) {
700 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
701 }
702 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
703 }
704
705 async fn build_transport(
706 conf: gaxi::options::ClientConfig,
707 ) -> crate::ClientBuilderResult<impl super::stub::ValidationHelperV1> {
708 super::transport::ValidationHelperV1::new(conf).await
709 }
710
711 async fn build_with_tracing(
712 conf: gaxi::options::ClientConfig,
713 ) -> crate::ClientBuilderResult<impl super::stub::ValidationHelperV1> {
714 Self::build_transport(conf)
715 .await
716 .map(super::tracing::ValidationHelperV1::new)
717 }
718
719 /// Returns whether the given `Attestation` for the given image URI
720 /// was signed by the given `Attestor`
721 ///
722 /// # Example
723 /// ```
724 /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
725 /// use google_cloud_binaryauthorization_v1::Result;
726 /// async fn sample(
727 /// client: &ValidationHelperV1
728 /// ) -> Result<()> {
729 /// let response = client.validate_attestation_occurrence()
730 /// /* set fields */
731 /// .send().await?;
732 /// println!("response {:?}", response);
733 /// Ok(())
734 /// }
735 /// ```
736 pub fn validate_attestation_occurrence(
737 &self,
738 ) -> super::builder::validation_helper_v_1::ValidateAttestationOccurrence {
739 super::builder::validation_helper_v_1::ValidateAttestationOccurrence::new(
740 self.inner.clone(),
741 )
742 }
743
744 /// Sets the access control policy on the specified resource. Replaces
745 /// any existing policy.
746 ///
747 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
748 /// errors.
749 ///
750 /// # Example
751 /// ```
752 /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
753 /// use google_cloud_binaryauthorization_v1::Result;
754 /// async fn sample(
755 /// client: &ValidationHelperV1
756 /// ) -> Result<()> {
757 /// let response = client.set_iam_policy()
758 /// /* set fields */
759 /// .send().await?;
760 /// println!("response {:?}", response);
761 /// Ok(())
762 /// }
763 /// ```
764 pub fn set_iam_policy(&self) -> super::builder::validation_helper_v_1::SetIamPolicy {
765 super::builder::validation_helper_v_1::SetIamPolicy::new(self.inner.clone())
766 }
767
768 /// Gets the access control policy for a resource. Returns an empty policy
769 /// if the resource exists and does not have a policy set.
770 ///
771 /// # Example
772 /// ```
773 /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
774 /// use google_cloud_binaryauthorization_v1::Result;
775 /// async fn sample(
776 /// client: &ValidationHelperV1
777 /// ) -> Result<()> {
778 /// let response = client.get_iam_policy()
779 /// /* set fields */
780 /// .send().await?;
781 /// println!("response {:?}", response);
782 /// Ok(())
783 /// }
784 /// ```
785 pub fn get_iam_policy(&self) -> super::builder::validation_helper_v_1::GetIamPolicy {
786 super::builder::validation_helper_v_1::GetIamPolicy::new(self.inner.clone())
787 }
788
789 /// Returns permissions that a caller has on the specified resource. If the
790 /// resource does not exist, this will return an empty set of
791 /// permissions, not a `NOT_FOUND` error.
792 ///
793 /// Note: This operation is designed to be used for building
794 /// permission-aware UIs and command-line tools, not for authorization
795 /// checking. This operation may "fail open" without warning.
796 ///
797 /// # Example
798 /// ```
799 /// # use google_cloud_binaryauthorization_v1::client::ValidationHelperV1;
800 /// use google_cloud_binaryauthorization_v1::Result;
801 /// async fn sample(
802 /// client: &ValidationHelperV1
803 /// ) -> Result<()> {
804 /// let response = client.test_iam_permissions()
805 /// /* set fields */
806 /// .send().await?;
807 /// println!("response {:?}", response);
808 /// Ok(())
809 /// }
810 /// ```
811 pub fn test_iam_permissions(
812 &self,
813 ) -> super::builder::validation_helper_v_1::TestIamPermissions {
814 super::builder::validation_helper_v_1::TestIamPermissions::new(self.inner.clone())
815 }
816}