{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.APIGateway.CreateAuthorizer
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Adds a new Authorizer resource to an existing RestApi resource.
--
-- <https://docs.aws.amazon.com/cli/latest/reference/apigateway/create-authorizer.html AWS CLI>
module Amazonka.APIGateway.CreateAuthorizer
  ( -- * Creating a Request
    CreateAuthorizer (..),
    newCreateAuthorizer,

    -- * Request Lenses
    createAuthorizer_authorizerUri,
    createAuthorizer_identityValidationExpression,
    createAuthorizer_providerARNs,
    createAuthorizer_authorizerResultTtlInSeconds,
    createAuthorizer_authType,
    createAuthorizer_identitySource,
    createAuthorizer_authorizerCredentials,
    createAuthorizer_restApiId,
    createAuthorizer_name,
    createAuthorizer_type,

    -- * Destructuring the Response
    Authorizer (..),
    newAuthorizer,

    -- * Response Lenses
    authorizer_authorizerUri,
    authorizer_identityValidationExpression,
    authorizer_providerARNs,
    authorizer_name,
    authorizer_id,
    authorizer_authorizerResultTtlInSeconds,
    authorizer_authType,
    authorizer_type,
    authorizer_identitySource,
    authorizer_authorizerCredentials,
  )
where

import Amazonka.APIGateway.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | Request to add a new Authorizer to an existing RestApi resource.
--
-- /See:/ 'newCreateAuthorizer' smart constructor.
data CreateAuthorizer = CreateAuthorizer'
  { -- | Specifies the authorizer\'s Uniform Resource Identifier (URI). For
    -- @TOKEN@ or @REQUEST@ authorizers, this must be a well-formed Lambda
    -- function URI, for example,
    -- @arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations@.
    -- In general, the URI has this form
    -- @arn:aws:apigateway:{region}:lambda:path\/{service_api}@, where
    -- @{region}@ is the same as the region hosting the Lambda function, @path@
    -- indicates that the remaining substring in the URI should be treated as
    -- the path to the resource, including the initial @\/@. For Lambda
    -- functions, this is usually of the form
    -- @\/2015-03-31\/functions\/[FunctionARN]\/invocations@.
    CreateAuthorizer -> Maybe Text
authorizerUri :: Prelude.Maybe Prelude.Text,
    -- | A validation expression for the incoming identity token. For @TOKEN@
    -- authorizers, this value is a regular expression. For
    -- @COGNITO_USER_POOLS@ authorizers, API Gateway will match the @aud@ field
    -- of the incoming token from the client against the specified regular
    -- expression. It will invoke the authorizer\'s Lambda function when there
    -- is a match. Otherwise, it will return a 401 Unauthorized response
    -- without calling the Lambda function. The validation expression does not
    -- apply to the @REQUEST@ authorizer.
    CreateAuthorizer -> Maybe Text
identityValidationExpression :: Prelude.Maybe Prelude.Text,
    -- | A list of the Amazon Cognito user pool ARNs for the @COGNITO_USER_POOLS@
    -- authorizer. Each element is of this format:
    -- @arn:aws:cognito-idp:{region}:{account_id}:userpool\/{user_pool_id}@.
    -- For a @TOKEN@ or @REQUEST@ authorizer, this is not defined.
    CreateAuthorizer -> Maybe [Text]
providerARNs :: Prelude.Maybe [Prelude.Text],
    -- | The TTL in seconds of cached authorizer results. If it equals 0,
    -- authorization caching is disabled. If it is greater than 0, API Gateway
    -- will cache authorizer responses. If this field is not set, the default
    -- value is 300. The maximum value is 3600, or 1 hour.
    CreateAuthorizer -> Maybe Int
authorizerResultTtlInSeconds :: Prelude.Maybe Prelude.Int,
    -- | Optional customer-defined field, used in OpenAPI imports and exports
    -- without functional impact.
    CreateAuthorizer -> Maybe Text
authType :: Prelude.Maybe Prelude.Text,
    -- | The identity source for which authorization is requested.
    --
    -- -   For a @TOKEN@ or @COGNITO_USER_POOLS@ authorizer, this is required
    --     and specifies the request header mapping expression for the custom
    --     header holding the authorization token submitted by the client. For
    --     example, if the token header name is @Auth@, the header mapping
    --     expression is @method.request.header.Auth@.
    -- -   For the @REQUEST@ authorizer, this is required when authorization
    --     caching is enabled. The value is a comma-separated string of one or
    --     more mapping expressions of the specified request parameters. For
    --     example, if an @Auth@ header, a @Name@ query string parameter are
    --     defined as identity sources, this value is
    --     @method.request.header.Auth, method.request.querystring.Name@. These
    --     parameters will be used to derive the authorization caching key and
    --     to perform runtime validation of the @REQUEST@ authorizer by
    --     verifying all of the identity-related request parameters are
    --     present, not null and non-empty. Only when this is true does the
    --     authorizer invoke the authorizer Lambda function, otherwise, it
    --     returns a 401 Unauthorized response without calling the Lambda
    --     function. The valid value is a string of comma-separated mapping
    --     expressions of the specified request parameters. When the
    --     authorization caching is not enabled, this property is optional.
    CreateAuthorizer -> Maybe Text
identitySource :: Prelude.Maybe Prelude.Text,
    -- | Specifies the required credentials as an IAM role for API Gateway to
    -- invoke the authorizer. To specify an IAM role for API Gateway to assume,
    -- use the role\'s Amazon Resource Name (ARN). To use resource-based
    -- permissions on the Lambda function, specify null.
    CreateAuthorizer -> Maybe Text
authorizerCredentials :: Prelude.Maybe Prelude.Text,
    -- | [Required] The string identifier of the associated RestApi.
    CreateAuthorizer -> Text
restApiId :: Prelude.Text,
    -- | [Required] The name of the authorizer.
    CreateAuthorizer -> Text
name :: Prelude.Text,
    -- | [Required] The authorizer type. Valid values are @TOKEN@ for a Lambda
    -- function using a single authorization token submitted in a custom
    -- header, @REQUEST@ for a Lambda function using incoming request
    -- parameters, and @COGNITO_USER_POOLS@ for using an Amazon Cognito user
    -- pool.
    CreateAuthorizer -> AuthorizerType
type' :: AuthorizerType
  }
  deriving (CreateAuthorizer -> CreateAuthorizer -> Bool
(CreateAuthorizer -> CreateAuthorizer -> Bool)
-> (CreateAuthorizer -> CreateAuthorizer -> Bool)
-> Eq CreateAuthorizer
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateAuthorizer -> CreateAuthorizer -> Bool
$c/= :: CreateAuthorizer -> CreateAuthorizer -> Bool
== :: CreateAuthorizer -> CreateAuthorizer -> Bool
$c== :: CreateAuthorizer -> CreateAuthorizer -> Bool
Prelude.Eq, ReadPrec [CreateAuthorizer]
ReadPrec CreateAuthorizer
Int -> ReadS CreateAuthorizer
ReadS [CreateAuthorizer]
(Int -> ReadS CreateAuthorizer)
-> ReadS [CreateAuthorizer]
-> ReadPrec CreateAuthorizer
-> ReadPrec [CreateAuthorizer]
-> Read CreateAuthorizer
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateAuthorizer]
$creadListPrec :: ReadPrec [CreateAuthorizer]
readPrec :: ReadPrec CreateAuthorizer
$creadPrec :: ReadPrec CreateAuthorizer
readList :: ReadS [CreateAuthorizer]
$creadList :: ReadS [CreateAuthorizer]
readsPrec :: Int -> ReadS CreateAuthorizer
$creadsPrec :: Int -> ReadS CreateAuthorizer
Prelude.Read, Int -> CreateAuthorizer -> ShowS
[CreateAuthorizer] -> ShowS
CreateAuthorizer -> String
(Int -> CreateAuthorizer -> ShowS)
-> (CreateAuthorizer -> String)
-> ([CreateAuthorizer] -> ShowS)
-> Show CreateAuthorizer
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateAuthorizer] -> ShowS
$cshowList :: [CreateAuthorizer] -> ShowS
show :: CreateAuthorizer -> String
$cshow :: CreateAuthorizer -> String
showsPrec :: Int -> CreateAuthorizer -> ShowS
$cshowsPrec :: Int -> CreateAuthorizer -> ShowS
Prelude.Show, (forall x. CreateAuthorizer -> Rep CreateAuthorizer x)
-> (forall x. Rep CreateAuthorizer x -> CreateAuthorizer)
-> Generic CreateAuthorizer
forall x. Rep CreateAuthorizer x -> CreateAuthorizer
forall x. CreateAuthorizer -> Rep CreateAuthorizer x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateAuthorizer x -> CreateAuthorizer
$cfrom :: forall x. CreateAuthorizer -> Rep CreateAuthorizer x
Prelude.Generic)

-- |
-- Create a value of 'CreateAuthorizer' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'authorizerUri', 'createAuthorizer_authorizerUri' - Specifies the authorizer\'s Uniform Resource Identifier (URI). For
-- @TOKEN@ or @REQUEST@ authorizers, this must be a well-formed Lambda
-- function URI, for example,
-- @arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations@.
-- In general, the URI has this form
-- @arn:aws:apigateway:{region}:lambda:path\/{service_api}@, where
-- @{region}@ is the same as the region hosting the Lambda function, @path@
-- indicates that the remaining substring in the URI should be treated as
-- the path to the resource, including the initial @\/@. For Lambda
-- functions, this is usually of the form
-- @\/2015-03-31\/functions\/[FunctionARN]\/invocations@.
--
-- 'identityValidationExpression', 'createAuthorizer_identityValidationExpression' - A validation expression for the incoming identity token. For @TOKEN@
-- authorizers, this value is a regular expression. For
-- @COGNITO_USER_POOLS@ authorizers, API Gateway will match the @aud@ field
-- of the incoming token from the client against the specified regular
-- expression. It will invoke the authorizer\'s Lambda function when there
-- is a match. Otherwise, it will return a 401 Unauthorized response
-- without calling the Lambda function. The validation expression does not
-- apply to the @REQUEST@ authorizer.
--
-- 'providerARNs', 'createAuthorizer_providerARNs' - A list of the Amazon Cognito user pool ARNs for the @COGNITO_USER_POOLS@
-- authorizer. Each element is of this format:
-- @arn:aws:cognito-idp:{region}:{account_id}:userpool\/{user_pool_id}@.
-- For a @TOKEN@ or @REQUEST@ authorizer, this is not defined.
--
-- 'authorizerResultTtlInSeconds', 'createAuthorizer_authorizerResultTtlInSeconds' - The TTL in seconds of cached authorizer results. If it equals 0,
-- authorization caching is disabled. If it is greater than 0, API Gateway
-- will cache authorizer responses. If this field is not set, the default
-- value is 300. The maximum value is 3600, or 1 hour.
--
-- 'authType', 'createAuthorizer_authType' - Optional customer-defined field, used in OpenAPI imports and exports
-- without functional impact.
--
-- 'identitySource', 'createAuthorizer_identitySource' - The identity source for which authorization is requested.
--
-- -   For a @TOKEN@ or @COGNITO_USER_POOLS@ authorizer, this is required
--     and specifies the request header mapping expression for the custom
--     header holding the authorization token submitted by the client. For
--     example, if the token header name is @Auth@, the header mapping
--     expression is @method.request.header.Auth@.
-- -   For the @REQUEST@ authorizer, this is required when authorization
--     caching is enabled. The value is a comma-separated string of one or
--     more mapping expressions of the specified request parameters. For
--     example, if an @Auth@ header, a @Name@ query string parameter are
--     defined as identity sources, this value is
--     @method.request.header.Auth, method.request.querystring.Name@. These
--     parameters will be used to derive the authorization caching key and
--     to perform runtime validation of the @REQUEST@ authorizer by
--     verifying all of the identity-related request parameters are
--     present, not null and non-empty. Only when this is true does the
--     authorizer invoke the authorizer Lambda function, otherwise, it
--     returns a 401 Unauthorized response without calling the Lambda
--     function. The valid value is a string of comma-separated mapping
--     expressions of the specified request parameters. When the
--     authorization caching is not enabled, this property is optional.
--
-- 'authorizerCredentials', 'createAuthorizer_authorizerCredentials' - Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, specify null.
--
-- 'restApiId', 'createAuthorizer_restApiId' - [Required] The string identifier of the associated RestApi.
--
-- 'name', 'createAuthorizer_name' - [Required] The name of the authorizer.
--
-- 'type'', 'createAuthorizer_type' - [Required] The authorizer type. Valid values are @TOKEN@ for a Lambda
-- function using a single authorization token submitted in a custom
-- header, @REQUEST@ for a Lambda function using incoming request
-- parameters, and @COGNITO_USER_POOLS@ for using an Amazon Cognito user
-- pool.
newCreateAuthorizer ::
  -- | 'restApiId'
  Prelude.Text ->
  -- | 'name'
  Prelude.Text ->
  -- | 'type''
  AuthorizerType ->
  CreateAuthorizer
newCreateAuthorizer :: Text -> Text -> AuthorizerType -> CreateAuthorizer
newCreateAuthorizer Text
pRestApiId_ Text
pName_ AuthorizerType
pType_ =
  CreateAuthorizer' :: Maybe Text
-> Maybe Text
-> Maybe [Text]
-> Maybe Int
-> Maybe Text
-> Maybe Text
-> Maybe Text
-> Text
-> Text
-> AuthorizerType
-> CreateAuthorizer
CreateAuthorizer'
    { $sel:authorizerUri:CreateAuthorizer' :: Maybe Text
authorizerUri = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:identityValidationExpression:CreateAuthorizer' :: Maybe Text
identityValidationExpression = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:providerARNs:CreateAuthorizer' :: Maybe [Text]
providerARNs = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: Maybe Int
authorizerResultTtlInSeconds = Maybe Int
forall a. Maybe a
Prelude.Nothing,
      $sel:authType:CreateAuthorizer' :: Maybe Text
authType = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:identitySource:CreateAuthorizer' :: Maybe Text
identitySource = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerCredentials:CreateAuthorizer' :: Maybe Text
authorizerCredentials = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:restApiId:CreateAuthorizer' :: Text
restApiId = Text
pRestApiId_,
      $sel:name:CreateAuthorizer' :: Text
name = Text
pName_,
      $sel:type':CreateAuthorizer' :: AuthorizerType
type' = AuthorizerType
pType_
    }

-- | Specifies the authorizer\'s Uniform Resource Identifier (URI). For
-- @TOKEN@ or @REQUEST@ authorizers, this must be a well-formed Lambda
-- function URI, for example,
-- @arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations@.
-- In general, the URI has this form
-- @arn:aws:apigateway:{region}:lambda:path\/{service_api}@, where
-- @{region}@ is the same as the region hosting the Lambda function, @path@
-- indicates that the remaining substring in the URI should be treated as
-- the path to the resource, including the initial @\/@. For Lambda
-- functions, this is usually of the form
-- @\/2015-03-31\/functions\/[FunctionARN]\/invocations@.
createAuthorizer_authorizerUri :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_authorizerUri :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authorizerUri = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
authorizerUri :: Maybe Text
$sel:authorizerUri:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
authorizerUri} -> Maybe Text
authorizerUri) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:authorizerUri:CreateAuthorizer' :: Maybe Text
authorizerUri = Maybe Text
a} :: CreateAuthorizer)

-- | A validation expression for the incoming identity token. For @TOKEN@
-- authorizers, this value is a regular expression. For
-- @COGNITO_USER_POOLS@ authorizers, API Gateway will match the @aud@ field
-- of the incoming token from the client against the specified regular
-- expression. It will invoke the authorizer\'s Lambda function when there
-- is a match. Otherwise, it will return a 401 Unauthorized response
-- without calling the Lambda function. The validation expression does not
-- apply to the @REQUEST@ authorizer.
createAuthorizer_identityValidationExpression :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_identityValidationExpression :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_identityValidationExpression = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
identityValidationExpression :: Maybe Text
$sel:identityValidationExpression:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
identityValidationExpression} -> Maybe Text
identityValidationExpression) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:identityValidationExpression:CreateAuthorizer' :: Maybe Text
identityValidationExpression = Maybe Text
a} :: CreateAuthorizer)

-- | A list of the Amazon Cognito user pool ARNs for the @COGNITO_USER_POOLS@
-- authorizer. Each element is of this format:
-- @arn:aws:cognito-idp:{region}:{account_id}:userpool\/{user_pool_id}@.
-- For a @TOKEN@ or @REQUEST@ authorizer, this is not defined.
createAuthorizer_providerARNs :: Lens.Lens' CreateAuthorizer (Prelude.Maybe [Prelude.Text])
createAuthorizer_providerARNs :: (Maybe [Text] -> f (Maybe [Text]))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_providerARNs = (CreateAuthorizer -> Maybe [Text])
-> (CreateAuthorizer -> Maybe [Text] -> CreateAuthorizer)
-> Lens
     CreateAuthorizer CreateAuthorizer (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe [Text]
providerARNs :: Maybe [Text]
$sel:providerARNs:CreateAuthorizer' :: CreateAuthorizer -> Maybe [Text]
providerARNs} -> Maybe [Text]
providerARNs) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe [Text]
a -> CreateAuthorizer
s {$sel:providerARNs:CreateAuthorizer' :: Maybe [Text]
providerARNs = Maybe [Text]
a} :: CreateAuthorizer) ((Maybe [Text] -> f (Maybe [Text]))
 -> CreateAuthorizer -> f CreateAuthorizer)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> CreateAuthorizer
-> f CreateAuthorizer
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The TTL in seconds of cached authorizer results. If it equals 0,
-- authorization caching is disabled. If it is greater than 0, API Gateway
-- will cache authorizer responses. If this field is not set, the default
-- value is 300. The maximum value is 3600, or 1 hour.
createAuthorizer_authorizerResultTtlInSeconds :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Int)
createAuthorizer_authorizerResultTtlInSeconds :: (Maybe Int -> f (Maybe Int))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authorizerResultTtlInSeconds = (CreateAuthorizer -> Maybe Int)
-> (CreateAuthorizer -> Maybe Int -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Int) (Maybe Int)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Int
authorizerResultTtlInSeconds :: Maybe Int
$sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: CreateAuthorizer -> Maybe Int
authorizerResultTtlInSeconds} -> Maybe Int
authorizerResultTtlInSeconds) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Int
a -> CreateAuthorizer
s {$sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: Maybe Int
authorizerResultTtlInSeconds = Maybe Int
a} :: CreateAuthorizer)

-- | Optional customer-defined field, used in OpenAPI imports and exports
-- without functional impact.
createAuthorizer_authType :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_authType :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authType = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
authType :: Maybe Text
$sel:authType:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
authType} -> Maybe Text
authType) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:authType:CreateAuthorizer' :: Maybe Text
authType = Maybe Text
a} :: CreateAuthorizer)

-- | The identity source for which authorization is requested.
--
-- -   For a @TOKEN@ or @COGNITO_USER_POOLS@ authorizer, this is required
--     and specifies the request header mapping expression for the custom
--     header holding the authorization token submitted by the client. For
--     example, if the token header name is @Auth@, the header mapping
--     expression is @method.request.header.Auth@.
-- -   For the @REQUEST@ authorizer, this is required when authorization
--     caching is enabled. The value is a comma-separated string of one or
--     more mapping expressions of the specified request parameters. For
--     example, if an @Auth@ header, a @Name@ query string parameter are
--     defined as identity sources, this value is
--     @method.request.header.Auth, method.request.querystring.Name@. These
--     parameters will be used to derive the authorization caching key and
--     to perform runtime validation of the @REQUEST@ authorizer by
--     verifying all of the identity-related request parameters are
--     present, not null and non-empty. Only when this is true does the
--     authorizer invoke the authorizer Lambda function, otherwise, it
--     returns a 401 Unauthorized response without calling the Lambda
--     function. The valid value is a string of comma-separated mapping
--     expressions of the specified request parameters. When the
--     authorization caching is not enabled, this property is optional.
createAuthorizer_identitySource :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_identitySource :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_identitySource = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
identitySource :: Maybe Text
$sel:identitySource:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
identitySource} -> Maybe Text
identitySource) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:identitySource:CreateAuthorizer' :: Maybe Text
identitySource = Maybe Text
a} :: CreateAuthorizer)

-- | Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, specify null.
createAuthorizer_authorizerCredentials :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_authorizerCredentials :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authorizerCredentials = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
authorizerCredentials :: Maybe Text
$sel:authorizerCredentials:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
authorizerCredentials} -> Maybe Text
authorizerCredentials) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:authorizerCredentials:CreateAuthorizer' :: Maybe Text
authorizerCredentials = Maybe Text
a} :: CreateAuthorizer)

-- | [Required] The string identifier of the associated RestApi.
createAuthorizer_restApiId :: Lens.Lens' CreateAuthorizer Prelude.Text
createAuthorizer_restApiId :: (Text -> f Text) -> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_restApiId = (CreateAuthorizer -> Text)
-> (CreateAuthorizer -> Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Text
restApiId :: Text
$sel:restApiId:CreateAuthorizer' :: CreateAuthorizer -> Text
restApiId} -> Text
restApiId) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Text
a -> CreateAuthorizer
s {$sel:restApiId:CreateAuthorizer' :: Text
restApiId = Text
a} :: CreateAuthorizer)

-- | [Required] The name of the authorizer.
createAuthorizer_name :: Lens.Lens' CreateAuthorizer Prelude.Text
createAuthorizer_name :: (Text -> f Text) -> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_name = (CreateAuthorizer -> Text)
-> (CreateAuthorizer -> Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Text
name :: Text
$sel:name:CreateAuthorizer' :: CreateAuthorizer -> Text
name} -> Text
name) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Text
a -> CreateAuthorizer
s {$sel:name:CreateAuthorizer' :: Text
name = Text
a} :: CreateAuthorizer)

-- | [Required] The authorizer type. Valid values are @TOKEN@ for a Lambda
-- function using a single authorization token submitted in a custom
-- header, @REQUEST@ for a Lambda function using incoming request
-- parameters, and @COGNITO_USER_POOLS@ for using an Amazon Cognito user
-- pool.
createAuthorizer_type :: Lens.Lens' CreateAuthorizer AuthorizerType
createAuthorizer_type :: (AuthorizerType -> f AuthorizerType)
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_type = (CreateAuthorizer -> AuthorizerType)
-> (CreateAuthorizer -> AuthorizerType -> CreateAuthorizer)
-> Lens
     CreateAuthorizer CreateAuthorizer AuthorizerType AuthorizerType
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {AuthorizerType
type' :: AuthorizerType
$sel:type':CreateAuthorizer' :: CreateAuthorizer -> AuthorizerType
type'} -> AuthorizerType
type') (\s :: CreateAuthorizer
s@CreateAuthorizer' {} AuthorizerType
a -> CreateAuthorizer
s {$sel:type':CreateAuthorizer' :: AuthorizerType
type' = AuthorizerType
a} :: CreateAuthorizer)

instance Core.AWSRequest CreateAuthorizer where
  type AWSResponse CreateAuthorizer = Authorizer
  request :: CreateAuthorizer -> Request CreateAuthorizer
request = Service -> CreateAuthorizer -> Request CreateAuthorizer
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy CreateAuthorizer
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateAuthorizer)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse CreateAuthorizer))
-> Logger
-> Service
-> Proxy CreateAuthorizer
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateAuthorizer)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      (\Int
s ResponseHeaders
h Object
x -> Object -> Either String Authorizer
forall a. FromJSON a => Object -> Either String a
Core.eitherParseJSON Object
x)

instance Prelude.Hashable CreateAuthorizer

instance Prelude.NFData CreateAuthorizer

instance Core.ToHeaders CreateAuthorizer where
  toHeaders :: CreateAuthorizer -> ResponseHeaders
toHeaders =
    ResponseHeaders -> CreateAuthorizer -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"Accept"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# (ByteString
"application/json" :: Prelude.ByteString)
          ]
      )

instance Core.ToJSON CreateAuthorizer where
  toJSON :: CreateAuthorizer -> Value
toJSON CreateAuthorizer' {Maybe Int
Maybe [Text]
Maybe Text
Text
AuthorizerType
type' :: AuthorizerType
name :: Text
restApiId :: Text
authorizerCredentials :: Maybe Text
identitySource :: Maybe Text
authType :: Maybe Text
authorizerResultTtlInSeconds :: Maybe Int
providerARNs :: Maybe [Text]
identityValidationExpression :: Maybe Text
authorizerUri :: Maybe Text
$sel:type':CreateAuthorizer' :: CreateAuthorizer -> AuthorizerType
$sel:name:CreateAuthorizer' :: CreateAuthorizer -> Text
$sel:restApiId:CreateAuthorizer' :: CreateAuthorizer -> Text
$sel:authorizerCredentials:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:identitySource:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authType:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: CreateAuthorizer -> Maybe Int
$sel:providerARNs:CreateAuthorizer' :: CreateAuthorizer -> Maybe [Text]
$sel:identityValidationExpression:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authorizerUri:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"authorizerUri" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
authorizerUri,
            (Text
"identityValidationExpression" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
identityValidationExpression,
            (Text
"providerARNs" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
providerARNs,
            (Text
"authorizerResultTtlInSeconds" Text -> Int -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Int -> Pair) -> Maybe Int -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Int
authorizerResultTtlInSeconds,
            (Text
"authType" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
authType,
            (Text
"identitySource" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
identitySource,
            (Text
"authorizerCredentials" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
authorizerCredentials,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"name" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
name),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"type" Text -> AuthorizerType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= AuthorizerType
type')
          ]
      )

instance Core.ToPath CreateAuthorizer where
  toPath :: CreateAuthorizer -> ByteString
toPath CreateAuthorizer' {Maybe Int
Maybe [Text]
Maybe Text
Text
AuthorizerType
type' :: AuthorizerType
name :: Text
restApiId :: Text
authorizerCredentials :: Maybe Text
identitySource :: Maybe Text
authType :: Maybe Text
authorizerResultTtlInSeconds :: Maybe Int
providerARNs :: Maybe [Text]
identityValidationExpression :: Maybe Text
authorizerUri :: Maybe Text
$sel:type':CreateAuthorizer' :: CreateAuthorizer -> AuthorizerType
$sel:name:CreateAuthorizer' :: CreateAuthorizer -> Text
$sel:restApiId:CreateAuthorizer' :: CreateAuthorizer -> Text
$sel:authorizerCredentials:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:identitySource:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authType:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: CreateAuthorizer -> Maybe Int
$sel:providerARNs:CreateAuthorizer' :: CreateAuthorizer -> Maybe [Text]
$sel:identityValidationExpression:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authorizerUri:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
..} =
    [ByteString] -> ByteString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ByteString
"/restapis/", Text -> ByteString
forall a. ToByteString a => a -> ByteString
Core.toBS Text
restApiId, ByteString
"/authorizers"]

instance Core.ToQuery CreateAuthorizer where
  toQuery :: CreateAuthorizer -> QueryString
toQuery = QueryString -> CreateAuthorizer -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty