google_cloud_iap_v1/client.rs
1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::redundant_explicit_links)]
17#![allow(rustdoc::broken_intra_doc_links)]
18
19/// Implements a client for the Cloud Identity-Aware Proxy API.
20///
21/// # Example
22/// ```
23/// # tokio_test::block_on(async {
24/// # use google_cloud_iap_v1::client::IdentityAwareProxyAdminService;
25/// let client = IdentityAwareProxyAdminService::builder().build().await?;
26/// // use `client` to make requests to the Cloud Identity-Aware Proxy API.
27/// # gax::client_builder::Result::<()>::Ok(()) });
28/// ```
29///
30/// # Service Description
31///
32/// APIs for Identity-Aware Proxy Admin configurations.
33///
34/// # Configuration
35///
36/// To configure `IdentityAwareProxyAdminService` use the `with_*` methods in the type returned
37/// by [builder()][IdentityAwareProxyAdminService::builder]. The default configuration should
38/// work for most applications. Common configuration changes include
39///
40/// * [with_endpoint()]: by default this client uses the global default endpoint
41/// (`https://iap.googleapis.com`). Applications using regional
42/// endpoints or running in restricted networks (e.g. a network configured
43// with [Private Google Access with VPC Service Controls]) may want to
44/// override this default.
45/// * [with_credentials()]: by default this client uses
46/// [Application Default Credentials]. Applications using custom
47/// authentication may need to override this default.
48///
49/// [with_endpoint()]: super::builder::identity_aware_proxy_admin_service::ClientBuilder::with_endpoint
50/// [with_credentials()]: super::builder::identity_aware_proxy_admin_service::ClientBuilder::credentials
51/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
52/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
53///
54/// # Pooling and Cloning
55///
56/// `IdentityAwareProxyAdminService` holds a connection pool internally, it is advised to
57/// create one and the reuse it. You do not need to wrap `IdentityAwareProxyAdminService` in
58/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
59/// already uses an `Arc` internally.
60#[derive(Clone, Debug)]
61pub struct IdentityAwareProxyAdminService {
62 inner: std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyAdminService>,
63}
64
65impl IdentityAwareProxyAdminService {
66 /// Returns a builder for [IdentityAwareProxyAdminService].
67 ///
68 /// ```
69 /// # tokio_test::block_on(async {
70 /// # use google_cloud_iap_v1::client::IdentityAwareProxyAdminService;
71 /// let client = IdentityAwareProxyAdminService::builder().build().await?;
72 /// # gax::client_builder::Result::<()>::Ok(()) });
73 /// ```
74 pub fn builder() -> super::builder::identity_aware_proxy_admin_service::ClientBuilder {
75 gax::client_builder::internal::new_builder(
76 super::builder::identity_aware_proxy_admin_service::client::Factory,
77 )
78 }
79
80 /// Creates a new client from the provided stub.
81 ///
82 /// The most common case for calling this function is in tests mocking the
83 /// client's behavior.
84 pub fn from_stub<T>(stub: T) -> Self
85 where
86 T: super::stub::IdentityAwareProxyAdminService + 'static,
87 {
88 Self {
89 inner: std::sync::Arc::new(stub),
90 }
91 }
92
93 pub(crate) async fn new(
94 config: gaxi::options::ClientConfig,
95 ) -> gax::client_builder::Result<Self> {
96 let inner = Self::build_inner(config).await?;
97 Ok(Self { inner })
98 }
99
100 async fn build_inner(
101 conf: gaxi::options::ClientConfig,
102 ) -> gax::client_builder::Result<
103 std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyAdminService>,
104 > {
105 if gaxi::options::tracing_enabled(&conf) {
106 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
107 }
108 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
109 }
110
111 async fn build_transport(
112 conf: gaxi::options::ClientConfig,
113 ) -> gax::client_builder::Result<impl super::stub::IdentityAwareProxyAdminService> {
114 super::transport::IdentityAwareProxyAdminService::new(conf).await
115 }
116
117 async fn build_with_tracing(
118 conf: gaxi::options::ClientConfig,
119 ) -> gax::client_builder::Result<impl super::stub::IdentityAwareProxyAdminService> {
120 Self::build_transport(conf)
121 .await
122 .map(super::tracing::IdentityAwareProxyAdminService::new)
123 }
124
125 /// Sets the access control policy for an Identity-Aware Proxy protected
126 /// resource. Replaces any existing policy.
127 /// More information about managing access via IAP can be found at:
128 /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
129 pub fn set_iam_policy(
130 &self,
131 ) -> super::builder::identity_aware_proxy_admin_service::SetIamPolicy {
132 super::builder::identity_aware_proxy_admin_service::SetIamPolicy::new(self.inner.clone())
133 }
134
135 /// Gets the access control policy for an Identity-Aware Proxy protected
136 /// resource.
137 /// More information about managing access via IAP can be found at:
138 /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
139 pub fn get_iam_policy(
140 &self,
141 ) -> super::builder::identity_aware_proxy_admin_service::GetIamPolicy {
142 super::builder::identity_aware_proxy_admin_service::GetIamPolicy::new(self.inner.clone())
143 }
144
145 /// Returns permissions that a caller has on the Identity-Aware Proxy protected
146 /// resource.
147 /// More information about managing access via IAP can be found at:
148 /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
149 pub fn test_iam_permissions(
150 &self,
151 ) -> super::builder::identity_aware_proxy_admin_service::TestIamPermissions {
152 super::builder::identity_aware_proxy_admin_service::TestIamPermissions::new(
153 self.inner.clone(),
154 )
155 }
156
157 /// Gets the IAP settings on a particular IAP protected resource.
158 pub fn get_iap_settings(
159 &self,
160 ) -> super::builder::identity_aware_proxy_admin_service::GetIapSettings {
161 super::builder::identity_aware_proxy_admin_service::GetIapSettings::new(self.inner.clone())
162 }
163
164 /// Updates the IAP settings on a particular IAP protected resource. It
165 /// replaces all fields unless the `update_mask` is set.
166 pub fn update_iap_settings(
167 &self,
168 ) -> super::builder::identity_aware_proxy_admin_service::UpdateIapSettings {
169 super::builder::identity_aware_proxy_admin_service::UpdateIapSettings::new(
170 self.inner.clone(),
171 )
172 }
173
174 /// Validates that a given CEL expression conforms to IAP restrictions.
175 pub fn validate_iap_attribute_expression(
176 &self,
177 ) -> super::builder::identity_aware_proxy_admin_service::ValidateIapAttributeExpression {
178 super::builder::identity_aware_proxy_admin_service::ValidateIapAttributeExpression::new(
179 self.inner.clone(),
180 )
181 }
182
183 /// Lists the existing TunnelDestGroups. To group across all locations, use a
184 /// `-` as the location ID. For example:
185 /// `/v1/projects/123/iap_tunnel/locations/-/destGroups`
186 pub fn list_tunnel_dest_groups(
187 &self,
188 ) -> super::builder::identity_aware_proxy_admin_service::ListTunnelDestGroups {
189 super::builder::identity_aware_proxy_admin_service::ListTunnelDestGroups::new(
190 self.inner.clone(),
191 )
192 }
193
194 /// Creates a new TunnelDestGroup.
195 pub fn create_tunnel_dest_group(
196 &self,
197 ) -> super::builder::identity_aware_proxy_admin_service::CreateTunnelDestGroup {
198 super::builder::identity_aware_proxy_admin_service::CreateTunnelDestGroup::new(
199 self.inner.clone(),
200 )
201 }
202
203 /// Retrieves an existing TunnelDestGroup.
204 pub fn get_tunnel_dest_group(
205 &self,
206 ) -> super::builder::identity_aware_proxy_admin_service::GetTunnelDestGroup {
207 super::builder::identity_aware_proxy_admin_service::GetTunnelDestGroup::new(
208 self.inner.clone(),
209 )
210 }
211
212 /// Deletes a TunnelDestGroup.
213 pub fn delete_tunnel_dest_group(
214 &self,
215 ) -> super::builder::identity_aware_proxy_admin_service::DeleteTunnelDestGroup {
216 super::builder::identity_aware_proxy_admin_service::DeleteTunnelDestGroup::new(
217 self.inner.clone(),
218 )
219 }
220
221 /// Updates a TunnelDestGroup.
222 pub fn update_tunnel_dest_group(
223 &self,
224 ) -> super::builder::identity_aware_proxy_admin_service::UpdateTunnelDestGroup {
225 super::builder::identity_aware_proxy_admin_service::UpdateTunnelDestGroup::new(
226 self.inner.clone(),
227 )
228 }
229}
230
231/// Implements a client for the Cloud Identity-Aware Proxy API.
232///
233/// # Example
234/// ```
235/// # tokio_test::block_on(async {
236/// # use google_cloud_iap_v1::client::IdentityAwareProxyOAuthService;
237/// let client = IdentityAwareProxyOAuthService::builder().build().await?;
238/// // use `client` to make requests to the Cloud Identity-Aware Proxy API.
239/// # gax::client_builder::Result::<()>::Ok(()) });
240/// ```
241///
242/// # Service Description
243///
244/// API to programmatically create, list and retrieve Identity Aware Proxy (IAP)
245/// OAuth brands; and create, retrieve, delete and reset-secret of IAP OAuth
246/// clients.
247///
248/// # Configuration
249///
250/// To configure `IdentityAwareProxyOAuthService` use the `with_*` methods in the type returned
251/// by [builder()][IdentityAwareProxyOAuthService::builder]. The default configuration should
252/// work for most applications. Common configuration changes include
253///
254/// * [with_endpoint()]: by default this client uses the global default endpoint
255/// (`https://iap.googleapis.com`). Applications using regional
256/// endpoints or running in restricted networks (e.g. a network configured
257// with [Private Google Access with VPC Service Controls]) may want to
258/// override this default.
259/// * [with_credentials()]: by default this client uses
260/// [Application Default Credentials]. Applications using custom
261/// authentication may need to override this default.
262///
263/// [with_endpoint()]: super::builder::identity_aware_proxy_o_auth_service::ClientBuilder::with_endpoint
264/// [with_credentials()]: super::builder::identity_aware_proxy_o_auth_service::ClientBuilder::credentials
265/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
266/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
267///
268/// # Pooling and Cloning
269///
270/// `IdentityAwareProxyOAuthService` holds a connection pool internally, it is advised to
271/// create one and the reuse it. You do not need to wrap `IdentityAwareProxyOAuthService` in
272/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
273/// already uses an `Arc` internally.
274#[derive(Clone, Debug)]
275pub struct IdentityAwareProxyOAuthService {
276 inner: std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyOAuthService>,
277}
278
279impl IdentityAwareProxyOAuthService {
280 /// Returns a builder for [IdentityAwareProxyOAuthService].
281 ///
282 /// ```
283 /// # tokio_test::block_on(async {
284 /// # use google_cloud_iap_v1::client::IdentityAwareProxyOAuthService;
285 /// let client = IdentityAwareProxyOAuthService::builder().build().await?;
286 /// # gax::client_builder::Result::<()>::Ok(()) });
287 /// ```
288 pub fn builder() -> super::builder::identity_aware_proxy_o_auth_service::ClientBuilder {
289 gax::client_builder::internal::new_builder(
290 super::builder::identity_aware_proxy_o_auth_service::client::Factory,
291 )
292 }
293
294 /// Creates a new client from the provided stub.
295 ///
296 /// The most common case for calling this function is in tests mocking the
297 /// client's behavior.
298 pub fn from_stub<T>(stub: T) -> Self
299 where
300 T: super::stub::IdentityAwareProxyOAuthService + 'static,
301 {
302 Self {
303 inner: std::sync::Arc::new(stub),
304 }
305 }
306
307 pub(crate) async fn new(
308 config: gaxi::options::ClientConfig,
309 ) -> gax::client_builder::Result<Self> {
310 let inner = Self::build_inner(config).await?;
311 Ok(Self { inner })
312 }
313
314 async fn build_inner(
315 conf: gaxi::options::ClientConfig,
316 ) -> gax::client_builder::Result<
317 std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyOAuthService>,
318 > {
319 if gaxi::options::tracing_enabled(&conf) {
320 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
321 }
322 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
323 }
324
325 async fn build_transport(
326 conf: gaxi::options::ClientConfig,
327 ) -> gax::client_builder::Result<impl super::stub::IdentityAwareProxyOAuthService> {
328 super::transport::IdentityAwareProxyOAuthService::new(conf).await
329 }
330
331 async fn build_with_tracing(
332 conf: gaxi::options::ClientConfig,
333 ) -> gax::client_builder::Result<impl super::stub::IdentityAwareProxyOAuthService> {
334 Self::build_transport(conf)
335 .await
336 .map(super::tracing::IdentityAwareProxyOAuthService::new)
337 }
338
339 /// Lists the existing brands for the project.
340 pub fn list_brands(&self) -> super::builder::identity_aware_proxy_o_auth_service::ListBrands {
341 super::builder::identity_aware_proxy_o_auth_service::ListBrands::new(self.inner.clone())
342 }
343
344 /// Constructs a new OAuth brand for the project if one does not exist.
345 /// The created brand is "internal only", meaning that OAuth clients created
346 /// under it only accept requests from users who belong to the same Google
347 /// Workspace organization as the project. The brand is created in an
348 /// un-reviewed status. NOTE: The "internal only" status can be manually
349 /// changed in the Google Cloud Console. Requires that a brand does not already
350 /// exist for the project, and that the specified support email is owned by the
351 /// caller.
352 pub fn create_brand(&self) -> super::builder::identity_aware_proxy_o_auth_service::CreateBrand {
353 super::builder::identity_aware_proxy_o_auth_service::CreateBrand::new(self.inner.clone())
354 }
355
356 /// Retrieves the OAuth brand of the project.
357 pub fn get_brand(&self) -> super::builder::identity_aware_proxy_o_auth_service::GetBrand {
358 super::builder::identity_aware_proxy_o_auth_service::GetBrand::new(self.inner.clone())
359 }
360
361 /// Creates an Identity Aware Proxy (IAP) OAuth client. The client is owned
362 /// by IAP. Requires that the brand for the project exists and that it is
363 /// set for internal-only use.
364 pub fn create_identity_aware_proxy_client(
365 &self,
366 ) -> super::builder::identity_aware_proxy_o_auth_service::CreateIdentityAwareProxyClient {
367 super::builder::identity_aware_proxy_o_auth_service::CreateIdentityAwareProxyClient::new(
368 self.inner.clone(),
369 )
370 }
371
372 /// Lists the existing clients for the brand.
373 pub fn list_identity_aware_proxy_clients(
374 &self,
375 ) -> super::builder::identity_aware_proxy_o_auth_service::ListIdentityAwareProxyClients {
376 super::builder::identity_aware_proxy_o_auth_service::ListIdentityAwareProxyClients::new(
377 self.inner.clone(),
378 )
379 }
380
381 /// Retrieves an Identity Aware Proxy (IAP) OAuth client.
382 /// Requires that the client is owned by IAP.
383 pub fn get_identity_aware_proxy_client(
384 &self,
385 ) -> super::builder::identity_aware_proxy_o_auth_service::GetIdentityAwareProxyClient {
386 super::builder::identity_aware_proxy_o_auth_service::GetIdentityAwareProxyClient::new(
387 self.inner.clone(),
388 )
389 }
390
391 /// Resets an Identity Aware Proxy (IAP) OAuth client secret. Useful if the
392 /// secret was compromised. Requires that the client is owned by IAP.
393 pub fn reset_identity_aware_proxy_client_secret(
394 &self,
395 ) -> super::builder::identity_aware_proxy_o_auth_service::ResetIdentityAwareProxyClientSecret
396 {
397 super::builder::identity_aware_proxy_o_auth_service::ResetIdentityAwareProxyClientSecret::new(self.inner.clone())
398 }
399
400 /// Deletes an Identity Aware Proxy (IAP) OAuth client. Useful for removing
401 /// obsolete clients, managing the number of clients in a given project, and
402 /// cleaning up after tests. Requires that the client is owned by IAP.
403 pub fn delete_identity_aware_proxy_client(
404 &self,
405 ) -> super::builder::identity_aware_proxy_o_auth_service::DeleteIdentityAwareProxyClient {
406 super::builder::identity_aware_proxy_o_auth_service::DeleteIdentityAwareProxyClient::new(
407 self.inner.clone(),
408 )
409 }
410}