// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // https://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // Code generated by protoc-gen-go_gapic. DO NOT EDIT. package iam import ( "bytes" "context" "fmt" "io" "math" "net/http" "net/url" iampb "cloud.google.com/go/iam/apiv1/iampb" gax "github.com/googleapis/gax-go/v2" "google.golang.org/api/googleapi" "google.golang.org/api/option" "google.golang.org/api/option/internaloption" gtransport "google.golang.org/api/transport/grpc" httptransport "google.golang.org/api/transport/http" "google.golang.org/grpc" "google.golang.org/protobuf/encoding/protojson" ) var newIamPolicyClientHook clientHook // IamPolicyCallOptions contains the retry settings for each method of IamPolicyClient. type IamPolicyCallOptions struct { SetIamPolicy []gax.CallOption GetIamPolicy []gax.CallOption TestIamPermissions []gax.CallOption } func defaultIamPolicyGRPCClientOptions() []option.ClientOption { return []option.ClientOption{ internaloption.WithDefaultEndpoint("iam-meta-api.googleapis.com:443"), internaloption.WithDefaultEndpointTemplate("iam-meta-api.UNIVERSE_DOMAIN:443"), internaloption.WithDefaultMTLSEndpoint("iam-meta-api.mtls.googleapis.com:443"), internaloption.WithDefaultUniverseDomain("googleapis.com"), internaloption.WithDefaultAudience("https://iam-meta-api.googleapis.com/"), internaloption.WithDefaultScopes(DefaultAuthScopes()...), internaloption.EnableJwtWithScope(), option.WithGRPCDialOption(grpc.WithDefaultCallOptions( grpc.MaxCallRecvMsgSize(math.MaxInt32))), } } func defaultIamPolicyCallOptions() *IamPolicyCallOptions { return &IamPolicyCallOptions{ SetIamPolicy: []gax.CallOption{}, GetIamPolicy: []gax.CallOption{}, TestIamPermissions: []gax.CallOption{}, } } func defaultIamPolicyRESTCallOptions() *IamPolicyCallOptions { return &IamPolicyCallOptions{ SetIamPolicy: []gax.CallOption{}, GetIamPolicy: []gax.CallOption{}, TestIamPermissions: []gax.CallOption{}, } } // internalIamPolicyClient is an interface that defines the methods available from IAM Meta API. type internalIamPolicyClient interface { Close() error setGoogleClientInfo(...string) Connection() *grpc.ClientConn SetIamPolicy(context.Context, *iampb.SetIamPolicyRequest, ...gax.CallOption) (*iampb.Policy, error) GetIamPolicy(context.Context, *iampb.GetIamPolicyRequest, ...gax.CallOption) (*iampb.Policy, error) TestIamPermissions(context.Context, *iampb.TestIamPermissionsRequest, ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) } // IamPolicyClient is a client for interacting with IAM Meta API. // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. // // # API Overview // // Manages Identity and Access Management (IAM) policies. // // Any implementation of an API that offers access control features // implements the google.iam.v1.IAMPolicy interface. // // Data modelAccess control is applied when a principal (user or service account), takes // some action on a resource exposed by a service. Resources, identified by // URI-like names, are the unit of access control specification. Service // implementations can choose the granularity of access control and the // supported permissions for their resources. // For example one database service may allow access control to be // specified only at the Table level, whereas another might allow access control // to also be specified at the Column level. // // # Policy StructureSee google.iam.v1.Policy // // This is intentionally not a CRUD style API because access control policies // are created and deleted implicitly with the resources to which they are // attached. type IamPolicyClient struct { // The internal transport-dependent client. internalClient internalIamPolicyClient // The call options for this service. CallOptions *IamPolicyCallOptions } // Wrapper methods routed to the internal client. // Close closes the connection to the API service. The user should invoke this when // the client is no longer required. func (c *IamPolicyClient) Close() error { return c.internalClient.Close() } // setGoogleClientInfo sets the name and version of the application in // the `x-goog-api-client` header passed on each request. Intended for // use by Google-written clients. func (c *IamPolicyClient) setGoogleClientInfo(keyval ...string) { c.internalClient.setGoogleClientInfo(keyval...) } // Connection returns a connection to the API service. // // Deprecated: Connections are now pooled so this method does not always // return the same resource. func (c *IamPolicyClient) Connection() *grpc.ClientConn { return c.internalClient.Connection() } // SetIamPolicy sets the access control policy on the specified resource. Replaces any // existing policy. // // Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors. func (c *IamPolicyClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { return c.internalClient.SetIamPolicy(ctx, req, opts...) } // GetIamPolicy gets the access control policy for a resource. // Returns an empty policy if the resource exists and does not have a policy // set. func (c *IamPolicyClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { return c.internalClient.GetIamPolicy(ctx, req, opts...) } // TestIamPermissions returns permissions that a caller has on the specified resource. // If the resource does not exist, this will return an empty set of // permissions, not a NOT_FOUND error. // // Note: This operation is designed to be used for building permission-aware // UIs and command-line tools, not for authorization checking. This operation // may “fail open” without warning. func (c *IamPolicyClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) { return c.internalClient.TestIamPermissions(ctx, req, opts...) } // iamPolicyGRPCClient is a client for interacting with IAM Meta API over gRPC transport. // // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. type iamPolicyGRPCClient struct { // Connection pool of gRPC connections to the service. connPool gtransport.ConnPool // Points back to the CallOptions field of the containing IamPolicyClient CallOptions **IamPolicyCallOptions // The gRPC API client. iamPolicyClient iampb.IAMPolicyClient // The x-goog-* metadata to be sent with each request. xGoogHeaders []string } // NewIamPolicyClient creates a new iam policy client based on gRPC. // The returned client must be Closed when it is done being used to clean up its underlying connections. // // # API Overview // // Manages Identity and Access Management (IAM) policies. // // Any implementation of an API that offers access control features // implements the google.iam.v1.IAMPolicy interface. // // Data modelAccess control is applied when a principal (user or service account), takes // some action on a resource exposed by a service. Resources, identified by // URI-like names, are the unit of access control specification. Service // implementations can choose the granularity of access control and the // supported permissions for their resources. // For example one database service may allow access control to be // specified only at the Table level, whereas another might allow access control // to also be specified at the Column level. // // # Policy StructureSee google.iam.v1.Policy // // This is intentionally not a CRUD style API because access control policies // are created and deleted implicitly with the resources to which they are // attached. func NewIamPolicyClient(ctx context.Context, opts ...option.ClientOption) (*IamPolicyClient, error) { clientOpts := defaultIamPolicyGRPCClientOptions() if newIamPolicyClientHook != nil { hookOpts, err := newIamPolicyClientHook(ctx, clientHookParams{}) if err != nil { return nil, err } clientOpts = append(clientOpts, hookOpts...) } connPool, err := gtransport.DialPool(ctx, append(clientOpts, opts...)...) if err != nil { return nil, err } client := IamPolicyClient{CallOptions: defaultIamPolicyCallOptions()} c := &iamPolicyGRPCClient{ connPool: connPool, iamPolicyClient: iampb.NewIAMPolicyClient(connPool), CallOptions: &client.CallOptions, } c.setGoogleClientInfo() client.internalClient = c return &client, nil } // Connection returns a connection to the API service. // // Deprecated: Connections are now pooled so this method does not always // return the same resource. func (c *iamPolicyGRPCClient) Connection() *grpc.ClientConn { return c.connPool.Conn() } // setGoogleClientInfo sets the name and version of the application in // the `x-goog-api-client` header passed on each request. Intended for // use by Google-written clients. func (c *iamPolicyGRPCClient) setGoogleClientInfo(keyval ...string) { kv := append([]string{"gl-go", gax.GoVersion}, keyval...) kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version) c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)} } // Close closes the connection to the API service. The user should invoke this when // the client is no longer required. func (c *iamPolicyGRPCClient) Close() error { return c.connPool.Close() } // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. type iamPolicyRESTClient struct { // The http endpoint to connect to. endpoint string // The http client. httpClient *http.Client // The x-goog-* headers to be sent with each request. xGoogHeaders []string // Points back to the CallOptions field of the containing IamPolicyClient CallOptions **IamPolicyCallOptions } // NewIamPolicyRESTClient creates a new iam policy rest client. // // # API Overview // // Manages Identity and Access Management (IAM) policies. // // Any implementation of an API that offers access control features // implements the google.iam.v1.IAMPolicy interface. // // Data modelAccess control is applied when a principal (user or service account), takes // some action on a resource exposed by a service. Resources, identified by // URI-like names, are the unit of access control specification. Service // implementations can choose the granularity of access control and the // supported permissions for their resources. // For example one database service may allow access control to be // specified only at the Table level, whereas another might allow access control // to also be specified at the Column level. // // # Policy StructureSee google.iam.v1.Policy // // This is intentionally not a CRUD style API because access control policies // are created and deleted implicitly with the resources to which they are // attached. func NewIamPolicyRESTClient(ctx context.Context, opts ...option.ClientOption) (*IamPolicyClient, error) { clientOpts := append(defaultIamPolicyRESTClientOptions(), opts...) httpClient, endpoint, err := httptransport.NewClient(ctx, clientOpts...) if err != nil { return nil, err } callOpts := defaultIamPolicyRESTCallOptions() c := &iamPolicyRESTClient{ endpoint: endpoint, httpClient: httpClient, CallOptions: &callOpts, } c.setGoogleClientInfo() return &IamPolicyClient{internalClient: c, CallOptions: callOpts}, nil } func defaultIamPolicyRESTClientOptions() []option.ClientOption { return []option.ClientOption{ internaloption.WithDefaultEndpoint("https://iam-meta-api.googleapis.com"), internaloption.WithDefaultEndpointTemplate("https://iam-meta-api.UNIVERSE_DOMAIN"), internaloption.WithDefaultMTLSEndpoint("https://iam-meta-api.mtls.googleapis.com"), internaloption.WithDefaultUniverseDomain("googleapis.com"), internaloption.WithDefaultAudience("https://iam-meta-api.googleapis.com/"), internaloption.WithDefaultScopes(DefaultAuthScopes()...), } } // setGoogleClientInfo sets the name and version of the application in // the `x-goog-api-client` header passed on each request. Intended for // use by Google-written clients. func (c *iamPolicyRESTClient) setGoogleClientInfo(keyval ...string) { kv := append([]string{"gl-go", gax.GoVersion}, keyval...) kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN") c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)} } // Close closes the connection to the API service. The user should invoke this when // the client is no longer required. func (c *iamPolicyRESTClient) Close() error { // Replace httpClient with nil to force cleanup. c.httpClient = nil return nil } // Connection returns a connection to the API service. // // Deprecated: This method always returns nil. func (c *iamPolicyRESTClient) Connection() *grpc.ClientConn { return nil } func (c *iamPolicyGRPCClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))} hds = append(c.xGoogHeaders, hds...) ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) opts = append((*c.CallOptions).SetIamPolicy[0:len((*c.CallOptions).SetIamPolicy):len((*c.CallOptions).SetIamPolicy)], opts...) var resp *iampb.Policy err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamPolicyClient.SetIamPolicy(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } func (c *iamPolicyGRPCClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))} hds = append(c.xGoogHeaders, hds...) ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) opts = append((*c.CallOptions).GetIamPolicy[0:len((*c.CallOptions).GetIamPolicy):len((*c.CallOptions).GetIamPolicy)], opts...) var resp *iampb.Policy err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamPolicyClient.GetIamPolicy(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } func (c *iamPolicyGRPCClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) { hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))} hds = append(c.xGoogHeaders, hds...) ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...) opts = append((*c.CallOptions).TestIamPermissions[0:len((*c.CallOptions).TestIamPermissions):len((*c.CallOptions).TestIamPermissions)], opts...) var resp *iampb.TestIamPermissionsResponse err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { var err error resp, err = c.iamPolicyClient.TestIamPermissions(ctx, req, settings.GRPC...) return err }, opts...) if err != nil { return nil, err } return resp, nil } // SetIamPolicy sets the access control policy on the specified resource. Replaces any // existing policy. // // Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors. func (c *iamPolicyRESTClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} jsonReq, err := m.Marshal(req) if err != nil { return nil, err } baseUrl, err := url.Parse(c.endpoint) if err != nil { return nil, err } baseUrl.Path += fmt.Sprintf("/v1/%v:setIamPolicy", req.GetResource()) params := url.Values{} params.Add("$alt", "json;enum-encoding=int") baseUrl.RawQuery = params.Encode() // Build HTTP headers from client and context metadata. hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))} hds = append(c.xGoogHeaders, hds...) hds = append(hds, "Content-Type", "application/json") headers := gax.BuildHeaders(ctx, hds...) opts = append((*c.CallOptions).SetIamPolicy[0:len((*c.CallOptions).SetIamPolicy):len((*c.CallOptions).SetIamPolicy)], opts...) unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} resp := &iampb.Policy{} e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { if settings.Path != "" { baseUrl.Path = settings.Path } httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) if err != nil { return err } httpReq = httpReq.WithContext(ctx) httpReq.Header = headers httpRsp, err := c.httpClient.Do(httpReq) if err != nil { return err } defer httpRsp.Body.Close() if err = googleapi.CheckResponse(httpRsp); err != nil { return err } buf, err := io.ReadAll(httpRsp.Body) if err != nil { return err } if err := unm.Unmarshal(buf, resp); err != nil { return err } return nil }, opts...) if e != nil { return nil, e } return resp, nil } // GetIamPolicy gets the access control policy for a resource. // Returns an empty policy if the resource exists and does not have a policy // set. func (c *iamPolicyRESTClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) { m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} jsonReq, err := m.Marshal(req) if err != nil { return nil, err } baseUrl, err := url.Parse(c.endpoint) if err != nil { return nil, err } baseUrl.Path += fmt.Sprintf("/v1/%v:getIamPolicy", req.GetResource()) params := url.Values{} params.Add("$alt", "json;enum-encoding=int") baseUrl.RawQuery = params.Encode() // Build HTTP headers from client and context metadata. hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))} hds = append(c.xGoogHeaders, hds...) hds = append(hds, "Content-Type", "application/json") headers := gax.BuildHeaders(ctx, hds...) opts = append((*c.CallOptions).GetIamPolicy[0:len((*c.CallOptions).GetIamPolicy):len((*c.CallOptions).GetIamPolicy)], opts...) unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} resp := &iampb.Policy{} e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { if settings.Path != "" { baseUrl.Path = settings.Path } httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) if err != nil { return err } httpReq = httpReq.WithContext(ctx) httpReq.Header = headers httpRsp, err := c.httpClient.Do(httpReq) if err != nil { return err } defer httpRsp.Body.Close() if err = googleapi.CheckResponse(httpRsp); err != nil { return err } buf, err := io.ReadAll(httpRsp.Body) if err != nil { return err } if err := unm.Unmarshal(buf, resp); err != nil { return err } return nil }, opts...) if e != nil { return nil, e } return resp, nil } // TestIamPermissions returns permissions that a caller has on the specified resource. // If the resource does not exist, this will return an empty set of // permissions, not a NOT_FOUND error. // // Note: This operation is designed to be used for building permission-aware // UIs and command-line tools, not for authorization checking. This operation // may “fail open” without warning. func (c *iamPolicyRESTClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) { m := protojson.MarshalOptions{AllowPartial: true, UseEnumNumbers: true} jsonReq, err := m.Marshal(req) if err != nil { return nil, err } baseUrl, err := url.Parse(c.endpoint) if err != nil { return nil, err } baseUrl.Path += fmt.Sprintf("/v1/%v:testIamPermissions", req.GetResource()) params := url.Values{} params.Add("$alt", "json;enum-encoding=int") baseUrl.RawQuery = params.Encode() // Build HTTP headers from client and context metadata. hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))} hds = append(c.xGoogHeaders, hds...) hds = append(hds, "Content-Type", "application/json") headers := gax.BuildHeaders(ctx, hds...) opts = append((*c.CallOptions).TestIamPermissions[0:len((*c.CallOptions).TestIamPermissions):len((*c.CallOptions).TestIamPermissions)], opts...) unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true} resp := &iampb.TestIamPermissionsResponse{} e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { if settings.Path != "" { baseUrl.Path = settings.Path } httpReq, err := http.NewRequest("POST", baseUrl.String(), bytes.NewReader(jsonReq)) if err != nil { return err } httpReq = httpReq.WithContext(ctx) httpReq.Header = headers httpRsp, err := c.httpClient.Do(httpReq) if err != nil { return err } defer httpRsp.Body.Close() if err = googleapi.CheckResponse(httpRsp); err != nil { return err } buf, err := io.ReadAll(httpRsp.Body) if err != nil { return err } if err := unm.Unmarshal(buf, resp); err != nil { return err } return nil }, opts...) if e != nil { return nil, e } return resp, nil }