{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ApiGatewayV2.CreateAuthorizer
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates an Authorizer for an API.
module Amazonka.ApiGatewayV2.CreateAuthorizer
  ( -- * Creating a Request
    CreateAuthorizer (..),
    newCreateAuthorizer,

    -- * Request Lenses
    createAuthorizer_authorizerCredentialsArn,
    createAuthorizer_identityValidationExpression,
    createAuthorizer_enableSimpleResponses,
    createAuthorizer_authorizerUri,
    createAuthorizer_authorizerPayloadFormatVersion,
    createAuthorizer_jwtConfiguration,
    createAuthorizer_authorizerResultTtlInSeconds,
    createAuthorizer_apiId,
    createAuthorizer_authorizerType,
    createAuthorizer_identitySource,
    createAuthorizer_name,

    -- * Destructuring the Response
    CreateAuthorizerResponse (..),
    newCreateAuthorizerResponse,

    -- * Response Lenses
    createAuthorizerResponse_authorizerCredentialsArn,
    createAuthorizerResponse_identityValidationExpression,
    createAuthorizerResponse_enableSimpleResponses,
    createAuthorizerResponse_authorizerUri,
    createAuthorizerResponse_authorizerPayloadFormatVersion,
    createAuthorizerResponse_jwtConfiguration,
    createAuthorizerResponse_authorizerId,
    createAuthorizerResponse_name,
    createAuthorizerResponse_authorizerResultTtlInSeconds,
    createAuthorizerResponse_identitySource,
    createAuthorizerResponse_authorizerType,
    createAuthorizerResponse_httpStatus,
  )
where

import Amazonka.ApiGatewayV2.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | Creates a new Authorizer resource to represent an authorizer.
--
-- /See:/ 'newCreateAuthorizer' smart constructor.
data CreateAuthorizer = CreateAuthorizer'
  { -- | Specifies the required credentials as an IAM role for API Gateway to
    -- invoke the authorizer. To specify an IAM role for API Gateway to assume,
    -- use the role\'s Amazon Resource Name (ARN). To use resource-based
    -- permissions on the Lambda function, don\'t specify this parameter.
    -- Supported only for REQUEST authorizers.
    CreateAuthorizer -> Maybe Text
authorizerCredentialsArn :: Prelude.Maybe Prelude.Text,
    -- | This parameter is not used.
    CreateAuthorizer -> Maybe Text
identityValidationExpression :: Prelude.Maybe Prelude.Text,
    -- | Specifies whether a Lambda authorizer returns a response in a simple
    -- format. By default, a Lambda authorizer must return an IAM policy. If
    -- enabled, the Lambda authorizer can return a boolean value instead of an
    -- IAM policy. Supported only for HTTP APIs. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
    CreateAuthorizer -> Maybe Bool
enableSimpleResponses :: Prelude.Maybe Prelude.Bool,
    -- | The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
    -- authorizers, this must be a well-formed Lambda function URI, for
    -- example,
    -- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
    -- In general, the URI has this form:
    -- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
    -- is the same as the region hosting the Lambda function, path indicates
    -- that the remaining substring in the URI should be treated as the path to
    -- the resource, including the initial \/. For Lambda functions, this is
    -- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
    -- Supported only for REQUEST authorizers.
    CreateAuthorizer -> Maybe Text
authorizerUri :: Prelude.Maybe Prelude.Text,
    -- | Specifies the format of the payload sent to an HTTP API Lambda
    -- authorizer. Required for HTTP API Lambda authorizers. Supported values
    -- are 1.0 and 2.0. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
    CreateAuthorizer -> Maybe Text
authorizerPayloadFormatVersion :: Prelude.Maybe Prelude.Text,
    -- | Represents the configuration of a JWT authorizer. Required for the JWT
    -- authorizer type. Supported only for HTTP APIs.
    CreateAuthorizer -> Maybe JWTConfiguration
jwtConfiguration :: Prelude.Maybe JWTConfiguration,
    -- | The time to live (TTL) for cached authorizer results, in seconds. If it
    -- equals 0, authorization caching is disabled. If it is greater than 0,
    -- API Gateway caches authorizer responses. The maximum value is 3600, or 1
    -- hour. Supported only for HTTP API Lambda authorizers.
    CreateAuthorizer -> Maybe Natural
authorizerResultTtlInSeconds :: Prelude.Maybe Prelude.Natural,
    -- | The API identifier.
    CreateAuthorizer -> Text
apiId :: Prelude.Text,
    -- | The authorizer type. Specify REQUEST for a Lambda function using
    -- incoming request parameters. Specify JWT to use JSON Web Tokens
    -- (supported only for HTTP APIs).
    CreateAuthorizer -> AuthorizerType
authorizerType :: AuthorizerType,
    -- | The identity source for which authorization is requested.
    --
    -- For a REQUEST authorizer, this is optional. The value is a set of one or
    -- more mapping expressions of the specified request parameters. The
    -- identity source can be headers, query string parameters, stage
    -- variables, and context parameters. For example, if an Auth header and a
    -- Name query string parameter are defined as identity sources, this value
    -- is route.request.header.Auth, route.request.querystring.Name for
    -- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
    -- \$, for example, $request.header.Auth, $request.querystring.Name. These
    -- parameters are used to perform runtime validation for Lambda-based
    -- authorizers by verifying all of the identity-related request parameters
    -- are present in the request, not null, and non-empty. Only when this is
    -- true does the authorizer invoke the authorizer Lambda function.
    -- Otherwise, it returns a 401 Unauthorized response without calling the
    -- Lambda function. For HTTP APIs, identity sources are also used as the
    -- cache key when caching is enabled. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
    --
    -- For JWT, a single entry that specifies where to extract the JSON Web
    -- Token (JWT) from inbound requests. Currently only header-based and query
    -- parameter-based selections are supported, for example
    -- \$request.header.Authorization.
    CreateAuthorizer -> [Text]
identitySource :: [Prelude.Text],
    -- | The name of the authorizer.
    CreateAuthorizer -> Text
name :: Prelude.Text
  }
  deriving (CreateAuthorizer -> CreateAuthorizer -> Bool
(CreateAuthorizer -> CreateAuthorizer -> Bool)
-> (CreateAuthorizer -> CreateAuthorizer -> Bool)
-> Eq CreateAuthorizer
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateAuthorizer -> CreateAuthorizer -> Bool
$c/= :: CreateAuthorizer -> CreateAuthorizer -> Bool
== :: CreateAuthorizer -> CreateAuthorizer -> Bool
$c== :: CreateAuthorizer -> CreateAuthorizer -> Bool
Prelude.Eq, ReadPrec [CreateAuthorizer]
ReadPrec CreateAuthorizer
Int -> ReadS CreateAuthorizer
ReadS [CreateAuthorizer]
(Int -> ReadS CreateAuthorizer)
-> ReadS [CreateAuthorizer]
-> ReadPrec CreateAuthorizer
-> ReadPrec [CreateAuthorizer]
-> Read CreateAuthorizer
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateAuthorizer]
$creadListPrec :: ReadPrec [CreateAuthorizer]
readPrec :: ReadPrec CreateAuthorizer
$creadPrec :: ReadPrec CreateAuthorizer
readList :: ReadS [CreateAuthorizer]
$creadList :: ReadS [CreateAuthorizer]
readsPrec :: Int -> ReadS CreateAuthorizer
$creadsPrec :: Int -> ReadS CreateAuthorizer
Prelude.Read, Int -> CreateAuthorizer -> ShowS
[CreateAuthorizer] -> ShowS
CreateAuthorizer -> String
(Int -> CreateAuthorizer -> ShowS)
-> (CreateAuthorizer -> String)
-> ([CreateAuthorizer] -> ShowS)
-> Show CreateAuthorizer
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateAuthorizer] -> ShowS
$cshowList :: [CreateAuthorizer] -> ShowS
show :: CreateAuthorizer -> String
$cshow :: CreateAuthorizer -> String
showsPrec :: Int -> CreateAuthorizer -> ShowS
$cshowsPrec :: Int -> CreateAuthorizer -> ShowS
Prelude.Show, (forall x. CreateAuthorizer -> Rep CreateAuthorizer x)
-> (forall x. Rep CreateAuthorizer x -> CreateAuthorizer)
-> Generic CreateAuthorizer
forall x. Rep CreateAuthorizer x -> CreateAuthorizer
forall x. CreateAuthorizer -> Rep CreateAuthorizer x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateAuthorizer x -> CreateAuthorizer
$cfrom :: forall x. CreateAuthorizer -> Rep CreateAuthorizer x
Prelude.Generic)

-- |
-- Create a value of 'CreateAuthorizer' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'authorizerCredentialsArn', 'createAuthorizer_authorizerCredentialsArn' - Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, don\'t specify this parameter.
-- Supported only for REQUEST authorizers.
--
-- 'identityValidationExpression', 'createAuthorizer_identityValidationExpression' - This parameter is not used.
--
-- 'enableSimpleResponses', 'createAuthorizer_enableSimpleResponses' - Specifies whether a Lambda authorizer returns a response in a simple
-- format. By default, a Lambda authorizer must return an IAM policy. If
-- enabled, the Lambda authorizer can return a boolean value instead of an
-- IAM policy. Supported only for HTTP APIs. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
--
-- 'authorizerUri', 'createAuthorizer_authorizerUri' - The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
-- authorizers, this must be a well-formed Lambda function URI, for
-- example,
-- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
-- In general, the URI has this form:
-- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
-- is the same as the region hosting the Lambda function, path indicates
-- that the remaining substring in the URI should be treated as the path to
-- the resource, including the initial \/. For Lambda functions, this is
-- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
-- Supported only for REQUEST authorizers.
--
-- 'authorizerPayloadFormatVersion', 'createAuthorizer_authorizerPayloadFormatVersion' - Specifies the format of the payload sent to an HTTP API Lambda
-- authorizer. Required for HTTP API Lambda authorizers. Supported values
-- are 1.0 and 2.0. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- 'jwtConfiguration', 'createAuthorizer_jwtConfiguration' - Represents the configuration of a JWT authorizer. Required for the JWT
-- authorizer type. Supported only for HTTP APIs.
--
-- 'authorizerResultTtlInSeconds', 'createAuthorizer_authorizerResultTtlInSeconds' - The time to live (TTL) for cached authorizer results, in seconds. If it
-- equals 0, authorization caching is disabled. If it is greater than 0,
-- API Gateway caches authorizer responses. The maximum value is 3600, or 1
-- hour. Supported only for HTTP API Lambda authorizers.
--
-- 'apiId', 'createAuthorizer_apiId' - The API identifier.
--
-- 'authorizerType', 'createAuthorizer_authorizerType' - The authorizer type. Specify REQUEST for a Lambda function using
-- incoming request parameters. Specify JWT to use JSON Web Tokens
-- (supported only for HTTP APIs).
--
-- 'identitySource', 'createAuthorizer_identitySource' - The identity source for which authorization is requested.
--
-- For a REQUEST authorizer, this is optional. The value is a set of one or
-- more mapping expressions of the specified request parameters. The
-- identity source can be headers, query string parameters, stage
-- variables, and context parameters. For example, if an Auth header and a
-- Name query string parameter are defined as identity sources, this value
-- is route.request.header.Auth, route.request.querystring.Name for
-- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
-- \$, for example, $request.header.Auth, $request.querystring.Name. These
-- parameters are used to perform runtime validation for Lambda-based
-- authorizers by verifying all of the identity-related request parameters
-- are present in the request, not null, and non-empty. Only when this is
-- true does the authorizer invoke the authorizer Lambda function.
-- Otherwise, it returns a 401 Unauthorized response without calling the
-- Lambda function. For HTTP APIs, identity sources are also used as the
-- cache key when caching is enabled. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- For JWT, a single entry that specifies where to extract the JSON Web
-- Token (JWT) from inbound requests. Currently only header-based and query
-- parameter-based selections are supported, for example
-- \$request.header.Authorization.
--
-- 'name', 'createAuthorizer_name' - The name of the authorizer.
newCreateAuthorizer ::
  -- | 'apiId'
  Prelude.Text ->
  -- | 'authorizerType'
  AuthorizerType ->
  -- | 'name'
  Prelude.Text ->
  CreateAuthorizer
newCreateAuthorizer :: Text -> AuthorizerType -> Text -> CreateAuthorizer
newCreateAuthorizer Text
pApiId_ AuthorizerType
pAuthorizerType_ Text
pName_ =
  CreateAuthorizer' :: Maybe Text
-> Maybe Text
-> Maybe Bool
-> Maybe Text
-> Maybe Text
-> Maybe JWTConfiguration
-> Maybe Natural
-> Text
-> AuthorizerType
-> [Text]
-> Text
-> CreateAuthorizer
CreateAuthorizer'
    { $sel:authorizerCredentialsArn:CreateAuthorizer' :: Maybe Text
authorizerCredentialsArn =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:identityValidationExpression:CreateAuthorizer' :: Maybe Text
identityValidationExpression = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:enableSimpleResponses:CreateAuthorizer' :: Maybe Bool
enableSimpleResponses = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerUri:CreateAuthorizer' :: Maybe Text
authorizerUri = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerPayloadFormatVersion:CreateAuthorizer' :: Maybe Text
authorizerPayloadFormatVersion = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:jwtConfiguration:CreateAuthorizer' :: Maybe JWTConfiguration
jwtConfiguration = Maybe JWTConfiguration
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
forall a. Maybe a
Prelude.Nothing,
      $sel:apiId:CreateAuthorizer' :: Text
apiId = Text
pApiId_,
      $sel:authorizerType:CreateAuthorizer' :: AuthorizerType
authorizerType = AuthorizerType
pAuthorizerType_,
      $sel:identitySource:CreateAuthorizer' :: [Text]
identitySource = [Text]
forall a. Monoid a => a
Prelude.mempty,
      $sel:name:CreateAuthorizer' :: Text
name = Text
pName_
    }

-- | Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, don\'t specify this parameter.
-- Supported only for REQUEST authorizers.
createAuthorizer_authorizerCredentialsArn :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_authorizerCredentialsArn :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authorizerCredentialsArn = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
authorizerCredentialsArn :: Maybe Text
$sel:authorizerCredentialsArn:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
authorizerCredentialsArn} -> Maybe Text
authorizerCredentialsArn) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:authorizerCredentialsArn:CreateAuthorizer' :: Maybe Text
authorizerCredentialsArn = Maybe Text
a} :: CreateAuthorizer)

-- | This parameter is not used.
createAuthorizer_identityValidationExpression :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_identityValidationExpression :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_identityValidationExpression = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
identityValidationExpression :: Maybe Text
$sel:identityValidationExpression:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
identityValidationExpression} -> Maybe Text
identityValidationExpression) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:identityValidationExpression:CreateAuthorizer' :: Maybe Text
identityValidationExpression = Maybe Text
a} :: CreateAuthorizer)

-- | Specifies whether a Lambda authorizer returns a response in a simple
-- format. By default, a Lambda authorizer must return an IAM policy. If
-- enabled, the Lambda authorizer can return a boolean value instead of an
-- IAM policy. Supported only for HTTP APIs. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
createAuthorizer_enableSimpleResponses :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Bool)
createAuthorizer_enableSimpleResponses :: (Maybe Bool -> f (Maybe Bool))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_enableSimpleResponses = (CreateAuthorizer -> Maybe Bool)
-> (CreateAuthorizer -> Maybe Bool -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Bool) (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Bool
enableSimpleResponses :: Maybe Bool
$sel:enableSimpleResponses:CreateAuthorizer' :: CreateAuthorizer -> Maybe Bool
enableSimpleResponses} -> Maybe Bool
enableSimpleResponses) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Bool
a -> CreateAuthorizer
s {$sel:enableSimpleResponses:CreateAuthorizer' :: Maybe Bool
enableSimpleResponses = Maybe Bool
a} :: CreateAuthorizer)

-- | The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
-- authorizers, this must be a well-formed Lambda function URI, for
-- example,
-- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
-- In general, the URI has this form:
-- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
-- is the same as the region hosting the Lambda function, path indicates
-- that the remaining substring in the URI should be treated as the path to
-- the resource, including the initial \/. For Lambda functions, this is
-- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
-- Supported only for REQUEST authorizers.
createAuthorizer_authorizerUri :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_authorizerUri :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authorizerUri = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
authorizerUri :: Maybe Text
$sel:authorizerUri:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
authorizerUri} -> Maybe Text
authorizerUri) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:authorizerUri:CreateAuthorizer' :: Maybe Text
authorizerUri = Maybe Text
a} :: CreateAuthorizer)

-- | Specifies the format of the payload sent to an HTTP API Lambda
-- authorizer. Required for HTTP API Lambda authorizers. Supported values
-- are 1.0 and 2.0. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
createAuthorizer_authorizerPayloadFormatVersion :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Text)
createAuthorizer_authorizerPayloadFormatVersion :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authorizerPayloadFormatVersion = (CreateAuthorizer -> Maybe Text)
-> (CreateAuthorizer -> Maybe Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Text
authorizerPayloadFormatVersion :: Maybe Text
$sel:authorizerPayloadFormatVersion:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
authorizerPayloadFormatVersion} -> Maybe Text
authorizerPayloadFormatVersion) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Text
a -> CreateAuthorizer
s {$sel:authorizerPayloadFormatVersion:CreateAuthorizer' :: Maybe Text
authorizerPayloadFormatVersion = Maybe Text
a} :: CreateAuthorizer)

-- | Represents the configuration of a JWT authorizer. Required for the JWT
-- authorizer type. Supported only for HTTP APIs.
createAuthorizer_jwtConfiguration :: Lens.Lens' CreateAuthorizer (Prelude.Maybe JWTConfiguration)
createAuthorizer_jwtConfiguration :: (Maybe JWTConfiguration -> f (Maybe JWTConfiguration))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_jwtConfiguration = (CreateAuthorizer -> Maybe JWTConfiguration)
-> (CreateAuthorizer -> Maybe JWTConfiguration -> CreateAuthorizer)
-> Lens
     CreateAuthorizer
     CreateAuthorizer
     (Maybe JWTConfiguration)
     (Maybe JWTConfiguration)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe JWTConfiguration
jwtConfiguration :: Maybe JWTConfiguration
$sel:jwtConfiguration:CreateAuthorizer' :: CreateAuthorizer -> Maybe JWTConfiguration
jwtConfiguration} -> Maybe JWTConfiguration
jwtConfiguration) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe JWTConfiguration
a -> CreateAuthorizer
s {$sel:jwtConfiguration:CreateAuthorizer' :: Maybe JWTConfiguration
jwtConfiguration = Maybe JWTConfiguration
a} :: CreateAuthorizer)

-- | The time to live (TTL) for cached authorizer results, in seconds. If it
-- equals 0, authorization caching is disabled. If it is greater than 0,
-- API Gateway caches authorizer responses. The maximum value is 3600, or 1
-- hour. Supported only for HTTP API Lambda authorizers.
createAuthorizer_authorizerResultTtlInSeconds :: Lens.Lens' CreateAuthorizer (Prelude.Maybe Prelude.Natural)
createAuthorizer_authorizerResultTtlInSeconds :: (Maybe Natural -> f (Maybe Natural))
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authorizerResultTtlInSeconds = (CreateAuthorizer -> Maybe Natural)
-> (CreateAuthorizer -> Maybe Natural -> CreateAuthorizer)
-> Lens
     CreateAuthorizer CreateAuthorizer (Maybe Natural) (Maybe Natural)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Maybe Natural
authorizerResultTtlInSeconds :: Maybe Natural
$sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: CreateAuthorizer -> Maybe Natural
authorizerResultTtlInSeconds} -> Maybe Natural
authorizerResultTtlInSeconds) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Maybe Natural
a -> CreateAuthorizer
s {$sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
a} :: CreateAuthorizer)

-- | The API identifier.
createAuthorizer_apiId :: Lens.Lens' CreateAuthorizer Prelude.Text
createAuthorizer_apiId :: (Text -> f Text) -> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_apiId = (CreateAuthorizer -> Text)
-> (CreateAuthorizer -> Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Text
apiId :: Text
$sel:apiId:CreateAuthorizer' :: CreateAuthorizer -> Text
apiId} -> Text
apiId) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Text
a -> CreateAuthorizer
s {$sel:apiId:CreateAuthorizer' :: Text
apiId = Text
a} :: CreateAuthorizer)

-- | The authorizer type. Specify REQUEST for a Lambda function using
-- incoming request parameters. Specify JWT to use JSON Web Tokens
-- (supported only for HTTP APIs).
createAuthorizer_authorizerType :: Lens.Lens' CreateAuthorizer AuthorizerType
createAuthorizer_authorizerType :: (AuthorizerType -> f AuthorizerType)
-> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_authorizerType = (CreateAuthorizer -> AuthorizerType)
-> (CreateAuthorizer -> AuthorizerType -> CreateAuthorizer)
-> Lens
     CreateAuthorizer CreateAuthorizer AuthorizerType AuthorizerType
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {AuthorizerType
authorizerType :: AuthorizerType
$sel:authorizerType:CreateAuthorizer' :: CreateAuthorizer -> AuthorizerType
authorizerType} -> AuthorizerType
authorizerType) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} AuthorizerType
a -> CreateAuthorizer
s {$sel:authorizerType:CreateAuthorizer' :: AuthorizerType
authorizerType = AuthorizerType
a} :: CreateAuthorizer)

-- | The identity source for which authorization is requested.
--
-- For a REQUEST authorizer, this is optional. The value is a set of one or
-- more mapping expressions of the specified request parameters. The
-- identity source can be headers, query string parameters, stage
-- variables, and context parameters. For example, if an Auth header and a
-- Name query string parameter are defined as identity sources, this value
-- is route.request.header.Auth, route.request.querystring.Name for
-- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
-- \$, for example, $request.header.Auth, $request.querystring.Name. These
-- parameters are used to perform runtime validation for Lambda-based
-- authorizers by verifying all of the identity-related request parameters
-- are present in the request, not null, and non-empty. Only when this is
-- true does the authorizer invoke the authorizer Lambda function.
-- Otherwise, it returns a 401 Unauthorized response without calling the
-- Lambda function. For HTTP APIs, identity sources are also used as the
-- cache key when caching is enabled. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- For JWT, a single entry that specifies where to extract the JSON Web
-- Token (JWT) from inbound requests. Currently only header-based and query
-- parameter-based selections are supported, for example
-- \$request.header.Authorization.
createAuthorizer_identitySource :: Lens.Lens' CreateAuthorizer [Prelude.Text]
createAuthorizer_identitySource :: ([Text] -> f [Text]) -> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_identitySource = (CreateAuthorizer -> [Text])
-> (CreateAuthorizer -> [Text] -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer [Text] [Text]
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {[Text]
identitySource :: [Text]
$sel:identitySource:CreateAuthorizer' :: CreateAuthorizer -> [Text]
identitySource} -> [Text]
identitySource) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} [Text]
a -> CreateAuthorizer
s {$sel:identitySource:CreateAuthorizer' :: [Text]
identitySource = [Text]
a} :: CreateAuthorizer) (([Text] -> f [Text]) -> CreateAuthorizer -> f CreateAuthorizer)
-> (([Text] -> f [Text]) -> [Text] -> f [Text])
-> ([Text] -> f [Text])
-> CreateAuthorizer
-> f CreateAuthorizer
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. ([Text] -> f [Text]) -> [Text] -> f [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The name of the authorizer.
createAuthorizer_name :: Lens.Lens' CreateAuthorizer Prelude.Text
createAuthorizer_name :: (Text -> f Text) -> CreateAuthorizer -> f CreateAuthorizer
createAuthorizer_name = (CreateAuthorizer -> Text)
-> (CreateAuthorizer -> Text -> CreateAuthorizer)
-> Lens CreateAuthorizer CreateAuthorizer Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizer' {Text
name :: Text
$sel:name:CreateAuthorizer' :: CreateAuthorizer -> Text
name} -> Text
name) (\s :: CreateAuthorizer
s@CreateAuthorizer' {} Text
a -> CreateAuthorizer
s {$sel:name:CreateAuthorizer' :: Text
name = Text
a} :: CreateAuthorizer)

instance Core.AWSRequest CreateAuthorizer where
  type
    AWSResponse CreateAuthorizer =
      CreateAuthorizerResponse
  request :: CreateAuthorizer -> Request CreateAuthorizer
request = Service -> CreateAuthorizer -> Request CreateAuthorizer
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy CreateAuthorizer
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateAuthorizer)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse CreateAuthorizer))
-> Logger
-> Service
-> Proxy CreateAuthorizer
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateAuthorizer)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text
-> Maybe Text
-> Maybe Bool
-> Maybe Text
-> Maybe Text
-> Maybe JWTConfiguration
-> Maybe Text
-> Maybe Text
-> Maybe Natural
-> Maybe [Text]
-> Maybe AuthorizerType
-> Int
-> CreateAuthorizerResponse
CreateAuthorizerResponse'
            (Maybe Text
 -> Maybe Text
 -> Maybe Bool
 -> Maybe Text
 -> Maybe Text
 -> Maybe JWTConfiguration
 -> Maybe Text
 -> Maybe Text
 -> Maybe Natural
 -> Maybe [Text]
 -> Maybe AuthorizerType
 -> Int
 -> CreateAuthorizerResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Text
      -> Maybe Bool
      -> Maybe Text
      -> Maybe Text
      -> Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Int
      -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"authorizerCredentialsArn")
            Either
  String
  (Maybe Text
   -> Maybe Bool
   -> Maybe Text
   -> Maybe Text
   -> Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Int
   -> CreateAuthorizerResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Bool
      -> Maybe Text
      -> Maybe Text
      -> Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Int
      -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"identityValidationExpression")
            Either
  String
  (Maybe Bool
   -> Maybe Text
   -> Maybe Text
   -> Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Int
   -> CreateAuthorizerResponse)
-> Either String (Maybe Bool)
-> Either
     String
     (Maybe Text
      -> Maybe Text
      -> Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Int
      -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Bool)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"enableSimpleResponses")
            Either
  String
  (Maybe Text
   -> Maybe Text
   -> Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Int
   -> CreateAuthorizerResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Text
      -> Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Int
      -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"authorizerUri")
            Either
  String
  (Maybe Text
   -> Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Int
   -> CreateAuthorizerResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe JWTConfiguration
      -> Maybe Text
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Int
      -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"authorizerPayloadFormatVersion")
            Either
  String
  (Maybe JWTConfiguration
   -> Maybe Text
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Int
   -> CreateAuthorizerResponse)
-> Either String (Maybe JWTConfiguration)
-> Either
     String
     (Maybe Text
      -> Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Int
      -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe JWTConfiguration)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"jwtConfiguration")
            Either
  String
  (Maybe Text
   -> Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Int
   -> CreateAuthorizerResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Text
      -> Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Int
      -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"authorizerId")
            Either
  String
  (Maybe Text
   -> Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Int
   -> CreateAuthorizerResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Natural
      -> Maybe [Text]
      -> Maybe AuthorizerType
      -> Int
      -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"name")
            Either
  String
  (Maybe Natural
   -> Maybe [Text]
   -> Maybe AuthorizerType
   -> Int
   -> CreateAuthorizerResponse)
-> Either String (Maybe Natural)
-> Either
     String
     (Maybe [Text]
      -> Maybe AuthorizerType -> Int -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Natural)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"authorizerResultTtlInSeconds")
            Either
  String
  (Maybe [Text]
   -> Maybe AuthorizerType -> Int -> CreateAuthorizerResponse)
-> Either String (Maybe [Text])
-> Either
     String (Maybe AuthorizerType -> Int -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe (Maybe [Text]))
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"identitySource" Either String (Maybe (Maybe [Text]))
-> Maybe [Text] -> Either String (Maybe [Text])
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ Maybe [Text]
forall a. Monoid a => a
Prelude.mempty)
            Either
  String (Maybe AuthorizerType -> Int -> CreateAuthorizerResponse)
-> Either String (Maybe AuthorizerType)
-> Either String (Int -> CreateAuthorizerResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe AuthorizerType)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"authorizerType")
            Either String (Int -> CreateAuthorizerResponse)
-> Either String Int -> Either String CreateAuthorizerResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable CreateAuthorizer

instance Prelude.NFData CreateAuthorizer

instance Core.ToHeaders CreateAuthorizer where
  toHeaders :: CreateAuthorizer -> ResponseHeaders
toHeaders =
    ResponseHeaders -> CreateAuthorizer -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON CreateAuthorizer where
  toJSON :: CreateAuthorizer -> Value
toJSON CreateAuthorizer' {[Text]
Maybe Bool
Maybe Natural
Maybe Text
Maybe JWTConfiguration
Text
AuthorizerType
name :: Text
identitySource :: [Text]
authorizerType :: AuthorizerType
apiId :: Text
authorizerResultTtlInSeconds :: Maybe Natural
jwtConfiguration :: Maybe JWTConfiguration
authorizerPayloadFormatVersion :: Maybe Text
authorizerUri :: Maybe Text
enableSimpleResponses :: Maybe Bool
identityValidationExpression :: Maybe Text
authorizerCredentialsArn :: Maybe Text
$sel:name:CreateAuthorizer' :: CreateAuthorizer -> Text
$sel:identitySource:CreateAuthorizer' :: CreateAuthorizer -> [Text]
$sel:authorizerType:CreateAuthorizer' :: CreateAuthorizer -> AuthorizerType
$sel:apiId:CreateAuthorizer' :: CreateAuthorizer -> Text
$sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: CreateAuthorizer -> Maybe Natural
$sel:jwtConfiguration:CreateAuthorizer' :: CreateAuthorizer -> Maybe JWTConfiguration
$sel:authorizerPayloadFormatVersion:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authorizerUri:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:enableSimpleResponses:CreateAuthorizer' :: CreateAuthorizer -> Maybe Bool
$sel:identityValidationExpression:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authorizerCredentialsArn:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"authorizerCredentialsArn" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
authorizerCredentialsArn,
            (Text
"identityValidationExpression" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
identityValidationExpression,
            (Text
"enableSimpleResponses" Text -> Bool -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Bool -> Pair) -> Maybe Bool -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
enableSimpleResponses,
            (Text
"authorizerUri" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
authorizerUri,
            (Text
"authorizerPayloadFormatVersion" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
authorizerPayloadFormatVersion,
            (Text
"jwtConfiguration" Text -> JWTConfiguration -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (JWTConfiguration -> Pair) -> Maybe JWTConfiguration -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe JWTConfiguration
jwtConfiguration,
            (Text
"authorizerResultTtlInSeconds" Text -> Natural -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Natural -> Pair) -> Maybe Natural -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Natural
authorizerResultTtlInSeconds,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"authorizerType" Text -> AuthorizerType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= AuthorizerType
authorizerType),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"identitySource" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= [Text]
identitySource),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"name" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
name)
          ]
      )

instance Core.ToPath CreateAuthorizer where
  toPath :: CreateAuthorizer -> ByteString
toPath CreateAuthorizer' {[Text]
Maybe Bool
Maybe Natural
Maybe Text
Maybe JWTConfiguration
Text
AuthorizerType
name :: Text
identitySource :: [Text]
authorizerType :: AuthorizerType
apiId :: Text
authorizerResultTtlInSeconds :: Maybe Natural
jwtConfiguration :: Maybe JWTConfiguration
authorizerPayloadFormatVersion :: Maybe Text
authorizerUri :: Maybe Text
enableSimpleResponses :: Maybe Bool
identityValidationExpression :: Maybe Text
authorizerCredentialsArn :: Maybe Text
$sel:name:CreateAuthorizer' :: CreateAuthorizer -> Text
$sel:identitySource:CreateAuthorizer' :: CreateAuthorizer -> [Text]
$sel:authorizerType:CreateAuthorizer' :: CreateAuthorizer -> AuthorizerType
$sel:apiId:CreateAuthorizer' :: CreateAuthorizer -> Text
$sel:authorizerResultTtlInSeconds:CreateAuthorizer' :: CreateAuthorizer -> Maybe Natural
$sel:jwtConfiguration:CreateAuthorizer' :: CreateAuthorizer -> Maybe JWTConfiguration
$sel:authorizerPayloadFormatVersion:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authorizerUri:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:enableSimpleResponses:CreateAuthorizer' :: CreateAuthorizer -> Maybe Bool
$sel:identityValidationExpression:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
$sel:authorizerCredentialsArn:CreateAuthorizer' :: CreateAuthorizer -> Maybe Text
..} =
    [ByteString] -> ByteString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ByteString
"/v2/apis/", Text -> ByteString
forall a. ToByteString a => a -> ByteString
Core.toBS Text
apiId, ByteString
"/authorizers"]

instance Core.ToQuery CreateAuthorizer where
  toQuery :: CreateAuthorizer -> QueryString
toQuery = QueryString -> CreateAuthorizer -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newCreateAuthorizerResponse' smart constructor.
data CreateAuthorizerResponse = CreateAuthorizerResponse'
  { -- | Specifies the required credentials as an IAM role for API Gateway to
    -- invoke the authorizer. To specify an IAM role for API Gateway to assume,
    -- use the role\'s Amazon Resource Name (ARN). To use resource-based
    -- permissions on the Lambda function, don\'t specify this parameter.
    -- Supported only for REQUEST authorizers.
    CreateAuthorizerResponse -> Maybe Text
authorizerCredentialsArn :: Prelude.Maybe Prelude.Text,
    -- | The validation expression does not apply to the REQUEST authorizer.
    CreateAuthorizerResponse -> Maybe Text
identityValidationExpression :: Prelude.Maybe Prelude.Text,
    -- | Specifies whether a Lambda authorizer returns a response in a simple
    -- format. If enabled, the Lambda authorizer can return a boolean value
    -- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
    -- see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
    CreateAuthorizerResponse -> Maybe Bool
enableSimpleResponses :: Prelude.Maybe Prelude.Bool,
    -- | The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
    -- authorizers, this must be a well-formed Lambda function URI, for
    -- example,
    -- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
    -- In general, the URI has this form:
    -- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
    -- is the same as the region hosting the Lambda function, path indicates
    -- that the remaining substring in the URI should be treated as the path to
    -- the resource, including the initial \/. For Lambda functions, this is
    -- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
    -- Supported only for REQUEST authorizers.
    CreateAuthorizerResponse -> Maybe Text
authorizerUri :: Prelude.Maybe Prelude.Text,
    -- | Specifies the format of the payload sent to an HTTP API Lambda
    -- authorizer. Required for HTTP API Lambda authorizers. Supported values
    -- are 1.0 and 2.0. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
    CreateAuthorizerResponse -> Maybe Text
authorizerPayloadFormatVersion :: Prelude.Maybe Prelude.Text,
    -- | Represents the configuration of a JWT authorizer. Required for the JWT
    -- authorizer type. Supported only for HTTP APIs.
    CreateAuthorizerResponse -> Maybe JWTConfiguration
jwtConfiguration :: Prelude.Maybe JWTConfiguration,
    -- | The authorizer identifier.
    CreateAuthorizerResponse -> Maybe Text
authorizerId :: Prelude.Maybe Prelude.Text,
    -- | The name of the authorizer.
    CreateAuthorizerResponse -> Maybe Text
name :: Prelude.Maybe Prelude.Text,
    -- | The time to live (TTL) for cached authorizer results, in seconds. If it
    -- equals 0, authorization caching is disabled. If it is greater than 0,
    -- API Gateway caches authorizer responses. The maximum value is 3600, or 1
    -- hour. Supported only for HTTP API Lambda authorizers.
    CreateAuthorizerResponse -> Maybe Natural
authorizerResultTtlInSeconds :: Prelude.Maybe Prelude.Natural,
    -- | The identity source for which authorization is requested.
    --
    -- For a REQUEST authorizer, this is optional. The value is a set of one or
    -- more mapping expressions of the specified request parameters. The
    -- identity source can be headers, query string parameters, stage
    -- variables, and context parameters. For example, if an Auth header and a
    -- Name query string parameter are defined as identity sources, this value
    -- is route.request.header.Auth, route.request.querystring.Name for
    -- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
    -- \$, for example, $request.header.Auth, $request.querystring.Name. These
    -- parameters are used to perform runtime validation for Lambda-based
    -- authorizers by verifying all of the identity-related request parameters
    -- are present in the request, not null, and non-empty. Only when this is
    -- true does the authorizer invoke the authorizer Lambda function.
    -- Otherwise, it returns a 401 Unauthorized response without calling the
    -- Lambda function. For HTTP APIs, identity sources are also used as the
    -- cache key when caching is enabled. To learn more, see
    -- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
    --
    -- For JWT, a single entry that specifies where to extract the JSON Web
    -- Token (JWT) from inbound requests. Currently only header-based and query
    -- parameter-based selections are supported, for example
    -- \$request.header.Authorization.
    CreateAuthorizerResponse -> Maybe [Text]
identitySource :: Prelude.Maybe [Prelude.Text],
    -- | The authorizer type. Specify REQUEST for a Lambda function using
    -- incoming request parameters. Specify JWT to use JSON Web Tokens
    -- (supported only for HTTP APIs).
    CreateAuthorizerResponse -> Maybe AuthorizerType
authorizerType :: Prelude.Maybe AuthorizerType,
    -- | The response's http status code.
    CreateAuthorizerResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (CreateAuthorizerResponse -> CreateAuthorizerResponse -> Bool
(CreateAuthorizerResponse -> CreateAuthorizerResponse -> Bool)
-> (CreateAuthorizerResponse -> CreateAuthorizerResponse -> Bool)
-> Eq CreateAuthorizerResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateAuthorizerResponse -> CreateAuthorizerResponse -> Bool
$c/= :: CreateAuthorizerResponse -> CreateAuthorizerResponse -> Bool
== :: CreateAuthorizerResponse -> CreateAuthorizerResponse -> Bool
$c== :: CreateAuthorizerResponse -> CreateAuthorizerResponse -> Bool
Prelude.Eq, ReadPrec [CreateAuthorizerResponse]
ReadPrec CreateAuthorizerResponse
Int -> ReadS CreateAuthorizerResponse
ReadS [CreateAuthorizerResponse]
(Int -> ReadS CreateAuthorizerResponse)
-> ReadS [CreateAuthorizerResponse]
-> ReadPrec CreateAuthorizerResponse
-> ReadPrec [CreateAuthorizerResponse]
-> Read CreateAuthorizerResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateAuthorizerResponse]
$creadListPrec :: ReadPrec [CreateAuthorizerResponse]
readPrec :: ReadPrec CreateAuthorizerResponse
$creadPrec :: ReadPrec CreateAuthorizerResponse
readList :: ReadS [CreateAuthorizerResponse]
$creadList :: ReadS [CreateAuthorizerResponse]
readsPrec :: Int -> ReadS CreateAuthorizerResponse
$creadsPrec :: Int -> ReadS CreateAuthorizerResponse
Prelude.Read, Int -> CreateAuthorizerResponse -> ShowS
[CreateAuthorizerResponse] -> ShowS
CreateAuthorizerResponse -> String
(Int -> CreateAuthorizerResponse -> ShowS)
-> (CreateAuthorizerResponse -> String)
-> ([CreateAuthorizerResponse] -> ShowS)
-> Show CreateAuthorizerResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateAuthorizerResponse] -> ShowS
$cshowList :: [CreateAuthorizerResponse] -> ShowS
show :: CreateAuthorizerResponse -> String
$cshow :: CreateAuthorizerResponse -> String
showsPrec :: Int -> CreateAuthorizerResponse -> ShowS
$cshowsPrec :: Int -> CreateAuthorizerResponse -> ShowS
Prelude.Show, (forall x.
 CreateAuthorizerResponse -> Rep CreateAuthorizerResponse x)
-> (forall x.
    Rep CreateAuthorizerResponse x -> CreateAuthorizerResponse)
-> Generic CreateAuthorizerResponse
forall x.
Rep CreateAuthorizerResponse x -> CreateAuthorizerResponse
forall x.
CreateAuthorizerResponse -> Rep CreateAuthorizerResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CreateAuthorizerResponse x -> CreateAuthorizerResponse
$cfrom :: forall x.
CreateAuthorizerResponse -> Rep CreateAuthorizerResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateAuthorizerResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'authorizerCredentialsArn', 'createAuthorizerResponse_authorizerCredentialsArn' - Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, don\'t specify this parameter.
-- Supported only for REQUEST authorizers.
--
-- 'identityValidationExpression', 'createAuthorizerResponse_identityValidationExpression' - The validation expression does not apply to the REQUEST authorizer.
--
-- 'enableSimpleResponses', 'createAuthorizerResponse_enableSimpleResponses' - Specifies whether a Lambda authorizer returns a response in a simple
-- format. If enabled, the Lambda authorizer can return a boolean value
-- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
-- see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
--
-- 'authorizerUri', 'createAuthorizerResponse_authorizerUri' - The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
-- authorizers, this must be a well-formed Lambda function URI, for
-- example,
-- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
-- In general, the URI has this form:
-- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
-- is the same as the region hosting the Lambda function, path indicates
-- that the remaining substring in the URI should be treated as the path to
-- the resource, including the initial \/. For Lambda functions, this is
-- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
-- Supported only for REQUEST authorizers.
--
-- 'authorizerPayloadFormatVersion', 'createAuthorizerResponse_authorizerPayloadFormatVersion' - Specifies the format of the payload sent to an HTTP API Lambda
-- authorizer. Required for HTTP API Lambda authorizers. Supported values
-- are 1.0 and 2.0. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- 'jwtConfiguration', 'createAuthorizerResponse_jwtConfiguration' - Represents the configuration of a JWT authorizer. Required for the JWT
-- authorizer type. Supported only for HTTP APIs.
--
-- 'authorizerId', 'createAuthorizerResponse_authorizerId' - The authorizer identifier.
--
-- 'name', 'createAuthorizerResponse_name' - The name of the authorizer.
--
-- 'authorizerResultTtlInSeconds', 'createAuthorizerResponse_authorizerResultTtlInSeconds' - The time to live (TTL) for cached authorizer results, in seconds. If it
-- equals 0, authorization caching is disabled. If it is greater than 0,
-- API Gateway caches authorizer responses. The maximum value is 3600, or 1
-- hour. Supported only for HTTP API Lambda authorizers.
--
-- 'identitySource', 'createAuthorizerResponse_identitySource' - The identity source for which authorization is requested.
--
-- For a REQUEST authorizer, this is optional. The value is a set of one or
-- more mapping expressions of the specified request parameters. The
-- identity source can be headers, query string parameters, stage
-- variables, and context parameters. For example, if an Auth header and a
-- Name query string parameter are defined as identity sources, this value
-- is route.request.header.Auth, route.request.querystring.Name for
-- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
-- \$, for example, $request.header.Auth, $request.querystring.Name. These
-- parameters are used to perform runtime validation for Lambda-based
-- authorizers by verifying all of the identity-related request parameters
-- are present in the request, not null, and non-empty. Only when this is
-- true does the authorizer invoke the authorizer Lambda function.
-- Otherwise, it returns a 401 Unauthorized response without calling the
-- Lambda function. For HTTP APIs, identity sources are also used as the
-- cache key when caching is enabled. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- For JWT, a single entry that specifies where to extract the JSON Web
-- Token (JWT) from inbound requests. Currently only header-based and query
-- parameter-based selections are supported, for example
-- \$request.header.Authorization.
--
-- 'authorizerType', 'createAuthorizerResponse_authorizerType' - The authorizer type. Specify REQUEST for a Lambda function using
-- incoming request parameters. Specify JWT to use JSON Web Tokens
-- (supported only for HTTP APIs).
--
-- 'httpStatus', 'createAuthorizerResponse_httpStatus' - The response's http status code.
newCreateAuthorizerResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  CreateAuthorizerResponse
newCreateAuthorizerResponse :: Int -> CreateAuthorizerResponse
newCreateAuthorizerResponse Int
pHttpStatus_ =
  CreateAuthorizerResponse' :: Maybe Text
-> Maybe Text
-> Maybe Bool
-> Maybe Text
-> Maybe Text
-> Maybe JWTConfiguration
-> Maybe Text
-> Maybe Text
-> Maybe Natural
-> Maybe [Text]
-> Maybe AuthorizerType
-> Int
-> CreateAuthorizerResponse
CreateAuthorizerResponse'
    { $sel:authorizerCredentialsArn:CreateAuthorizerResponse' :: Maybe Text
authorizerCredentialsArn =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:identityValidationExpression:CreateAuthorizerResponse' :: Maybe Text
identityValidationExpression = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:enableSimpleResponses:CreateAuthorizerResponse' :: Maybe Bool
enableSimpleResponses = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerUri:CreateAuthorizerResponse' :: Maybe Text
authorizerUri = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerPayloadFormatVersion:CreateAuthorizerResponse' :: Maybe Text
authorizerPayloadFormatVersion = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:jwtConfiguration:CreateAuthorizerResponse' :: Maybe JWTConfiguration
jwtConfiguration = Maybe JWTConfiguration
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerId:CreateAuthorizerResponse' :: Maybe Text
authorizerId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:name:CreateAuthorizerResponse' :: Maybe Text
name = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerResultTtlInSeconds:CreateAuthorizerResponse' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
forall a. Maybe a
Prelude.Nothing,
      $sel:identitySource:CreateAuthorizerResponse' :: Maybe [Text]
identitySource = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerType:CreateAuthorizerResponse' :: Maybe AuthorizerType
authorizerType = Maybe AuthorizerType
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:CreateAuthorizerResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | Specifies the required credentials as an IAM role for API Gateway to
-- invoke the authorizer. To specify an IAM role for API Gateway to assume,
-- use the role\'s Amazon Resource Name (ARN). To use resource-based
-- permissions on the Lambda function, don\'t specify this parameter.
-- Supported only for REQUEST authorizers.
createAuthorizerResponse_authorizerCredentialsArn :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe Prelude.Text)
createAuthorizerResponse_authorizerCredentialsArn :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_authorizerCredentialsArn = (CreateAuthorizerResponse -> Maybe Text)
-> (CreateAuthorizerResponse
    -> Maybe Text -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe Text
authorizerCredentialsArn :: Maybe Text
$sel:authorizerCredentialsArn:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe Text
authorizerCredentialsArn} -> Maybe Text
authorizerCredentialsArn) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe Text
a -> CreateAuthorizerResponse
s {$sel:authorizerCredentialsArn:CreateAuthorizerResponse' :: Maybe Text
authorizerCredentialsArn = Maybe Text
a} :: CreateAuthorizerResponse)

-- | The validation expression does not apply to the REQUEST authorizer.
createAuthorizerResponse_identityValidationExpression :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe Prelude.Text)
createAuthorizerResponse_identityValidationExpression :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_identityValidationExpression = (CreateAuthorizerResponse -> Maybe Text)
-> (CreateAuthorizerResponse
    -> Maybe Text -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe Text
identityValidationExpression :: Maybe Text
$sel:identityValidationExpression:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe Text
identityValidationExpression} -> Maybe Text
identityValidationExpression) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe Text
a -> CreateAuthorizerResponse
s {$sel:identityValidationExpression:CreateAuthorizerResponse' :: Maybe Text
identityValidationExpression = Maybe Text
a} :: CreateAuthorizerResponse)

-- | Specifies whether a Lambda authorizer returns a response in a simple
-- format. If enabled, the Lambda authorizer can return a boolean value
-- instead of an IAM policy. Supported only for HTTP APIs. To learn more,
-- see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>
createAuthorizerResponse_enableSimpleResponses :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe Prelude.Bool)
createAuthorizerResponse_enableSimpleResponses :: (Maybe Bool -> f (Maybe Bool))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_enableSimpleResponses = (CreateAuthorizerResponse -> Maybe Bool)
-> (CreateAuthorizerResponse
    -> Maybe Bool -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe Bool)
     (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe Bool
enableSimpleResponses :: Maybe Bool
$sel:enableSimpleResponses:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe Bool
enableSimpleResponses} -> Maybe Bool
enableSimpleResponses) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe Bool
a -> CreateAuthorizerResponse
s {$sel:enableSimpleResponses:CreateAuthorizerResponse' :: Maybe Bool
enableSimpleResponses = Maybe Bool
a} :: CreateAuthorizerResponse)

-- | The authorizer\'s Uniform Resource Identifier (URI). For REQUEST
-- authorizers, this must be a well-formed Lambda function URI, for
-- example,
-- arn:aws:apigateway:us-west-2:lambda:path\/2015-03-31\/functions\/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}\/invocations.
-- In general, the URI has this form:
-- arn:aws:apigateway:{region}:lambda:path\/{service_api} , where {region}
-- is the same as the region hosting the Lambda function, path indicates
-- that the remaining substring in the URI should be treated as the path to
-- the resource, including the initial \/. For Lambda functions, this is
-- usually of the form \/2015-03-31\/functions\/[FunctionARN]\/invocations.
-- Supported only for REQUEST authorizers.
createAuthorizerResponse_authorizerUri :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe Prelude.Text)
createAuthorizerResponse_authorizerUri :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_authorizerUri = (CreateAuthorizerResponse -> Maybe Text)
-> (CreateAuthorizerResponse
    -> Maybe Text -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe Text
authorizerUri :: Maybe Text
$sel:authorizerUri:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe Text
authorizerUri} -> Maybe Text
authorizerUri) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe Text
a -> CreateAuthorizerResponse
s {$sel:authorizerUri:CreateAuthorizerResponse' :: Maybe Text
authorizerUri = Maybe Text
a} :: CreateAuthorizerResponse)

-- | Specifies the format of the payload sent to an HTTP API Lambda
-- authorizer. Required for HTTP API Lambda authorizers. Supported values
-- are 1.0 and 2.0. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
createAuthorizerResponse_authorizerPayloadFormatVersion :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe Prelude.Text)
createAuthorizerResponse_authorizerPayloadFormatVersion :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_authorizerPayloadFormatVersion = (CreateAuthorizerResponse -> Maybe Text)
-> (CreateAuthorizerResponse
    -> Maybe Text -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe Text
authorizerPayloadFormatVersion :: Maybe Text
$sel:authorizerPayloadFormatVersion:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe Text
authorizerPayloadFormatVersion} -> Maybe Text
authorizerPayloadFormatVersion) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe Text
a -> CreateAuthorizerResponse
s {$sel:authorizerPayloadFormatVersion:CreateAuthorizerResponse' :: Maybe Text
authorizerPayloadFormatVersion = Maybe Text
a} :: CreateAuthorizerResponse)

-- | Represents the configuration of a JWT authorizer. Required for the JWT
-- authorizer type. Supported only for HTTP APIs.
createAuthorizerResponse_jwtConfiguration :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe JWTConfiguration)
createAuthorizerResponse_jwtConfiguration :: (Maybe JWTConfiguration -> f (Maybe JWTConfiguration))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_jwtConfiguration = (CreateAuthorizerResponse -> Maybe JWTConfiguration)
-> (CreateAuthorizerResponse
    -> Maybe JWTConfiguration -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe JWTConfiguration)
     (Maybe JWTConfiguration)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe JWTConfiguration
jwtConfiguration :: Maybe JWTConfiguration
$sel:jwtConfiguration:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe JWTConfiguration
jwtConfiguration} -> Maybe JWTConfiguration
jwtConfiguration) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe JWTConfiguration
a -> CreateAuthorizerResponse
s {$sel:jwtConfiguration:CreateAuthorizerResponse' :: Maybe JWTConfiguration
jwtConfiguration = Maybe JWTConfiguration
a} :: CreateAuthorizerResponse)

-- | The authorizer identifier.
createAuthorizerResponse_authorizerId :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe Prelude.Text)
createAuthorizerResponse_authorizerId :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_authorizerId = (CreateAuthorizerResponse -> Maybe Text)
-> (CreateAuthorizerResponse
    -> Maybe Text -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe Text
authorizerId :: Maybe Text
$sel:authorizerId:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe Text
authorizerId} -> Maybe Text
authorizerId) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe Text
a -> CreateAuthorizerResponse
s {$sel:authorizerId:CreateAuthorizerResponse' :: Maybe Text
authorizerId = Maybe Text
a} :: CreateAuthorizerResponse)

-- | The name of the authorizer.
createAuthorizerResponse_name :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe Prelude.Text)
createAuthorizerResponse_name :: (Maybe Text -> f (Maybe Text))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_name = (CreateAuthorizerResponse -> Maybe Text)
-> (CreateAuthorizerResponse
    -> Maybe Text -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe Text
name :: Maybe Text
$sel:name:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe Text
name} -> Maybe Text
name) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe Text
a -> CreateAuthorizerResponse
s {$sel:name:CreateAuthorizerResponse' :: Maybe Text
name = Maybe Text
a} :: CreateAuthorizerResponse)

-- | The time to live (TTL) for cached authorizer results, in seconds. If it
-- equals 0, authorization caching is disabled. If it is greater than 0,
-- API Gateway caches authorizer responses. The maximum value is 3600, or 1
-- hour. Supported only for HTTP API Lambda authorizers.
createAuthorizerResponse_authorizerResultTtlInSeconds :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe Prelude.Natural)
createAuthorizerResponse_authorizerResultTtlInSeconds :: (Maybe Natural -> f (Maybe Natural))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_authorizerResultTtlInSeconds = (CreateAuthorizerResponse -> Maybe Natural)
-> (CreateAuthorizerResponse
    -> Maybe Natural -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe Natural)
     (Maybe Natural)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe Natural
authorizerResultTtlInSeconds :: Maybe Natural
$sel:authorizerResultTtlInSeconds:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe Natural
authorizerResultTtlInSeconds} -> Maybe Natural
authorizerResultTtlInSeconds) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe Natural
a -> CreateAuthorizerResponse
s {$sel:authorizerResultTtlInSeconds:CreateAuthorizerResponse' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
a} :: CreateAuthorizerResponse)

-- | The identity source for which authorization is requested.
--
-- For a REQUEST authorizer, this is optional. The value is a set of one or
-- more mapping expressions of the specified request parameters. The
-- identity source can be headers, query string parameters, stage
-- variables, and context parameters. For example, if an Auth header and a
-- Name query string parameter are defined as identity sources, this value
-- is route.request.header.Auth, route.request.querystring.Name for
-- WebSocket APIs. For HTTP APIs, use selection expressions prefixed with
-- \$, for example, $request.header.Auth, $request.querystring.Name. These
-- parameters are used to perform runtime validation for Lambda-based
-- authorizers by verifying all of the identity-related request parameters
-- are present in the request, not null, and non-empty. Only when this is
-- true does the authorizer invoke the authorizer Lambda function.
-- Otherwise, it returns a 401 Unauthorized response without calling the
-- Lambda function. For HTTP APIs, identity sources are also used as the
-- cache key when caching is enabled. To learn more, see
-- <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html Working with AWS Lambda authorizers for HTTP APIs>.
--
-- For JWT, a single entry that specifies where to extract the JSON Web
-- Token (JWT) from inbound requests. Currently only header-based and query
-- parameter-based selections are supported, for example
-- \$request.header.Authorization.
createAuthorizerResponse_identitySource :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe [Prelude.Text])
createAuthorizerResponse_identitySource :: (Maybe [Text] -> f (Maybe [Text]))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_identitySource = (CreateAuthorizerResponse -> Maybe [Text])
-> (CreateAuthorizerResponse
    -> Maybe [Text] -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe [Text])
     (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe [Text]
identitySource :: Maybe [Text]
$sel:identitySource:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe [Text]
identitySource} -> Maybe [Text]
identitySource) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe [Text]
a -> CreateAuthorizerResponse
s {$sel:identitySource:CreateAuthorizerResponse' :: Maybe [Text]
identitySource = Maybe [Text]
a} :: CreateAuthorizerResponse) ((Maybe [Text] -> f (Maybe [Text]))
 -> CreateAuthorizerResponse -> f CreateAuthorizerResponse)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> CreateAuthorizerResponse
-> f CreateAuthorizerResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The authorizer type. Specify REQUEST for a Lambda function using
-- incoming request parameters. Specify JWT to use JSON Web Tokens
-- (supported only for HTTP APIs).
createAuthorizerResponse_authorizerType :: Lens.Lens' CreateAuthorizerResponse (Prelude.Maybe AuthorizerType)
createAuthorizerResponse_authorizerType :: (Maybe AuthorizerType -> f (Maybe AuthorizerType))
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_authorizerType = (CreateAuthorizerResponse -> Maybe AuthorizerType)
-> (CreateAuthorizerResponse
    -> Maybe AuthorizerType -> CreateAuthorizerResponse)
-> Lens
     CreateAuthorizerResponse
     CreateAuthorizerResponse
     (Maybe AuthorizerType)
     (Maybe AuthorizerType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Maybe AuthorizerType
authorizerType :: Maybe AuthorizerType
$sel:authorizerType:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Maybe AuthorizerType
authorizerType} -> Maybe AuthorizerType
authorizerType) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Maybe AuthorizerType
a -> CreateAuthorizerResponse
s {$sel:authorizerType:CreateAuthorizerResponse' :: Maybe AuthorizerType
authorizerType = Maybe AuthorizerType
a} :: CreateAuthorizerResponse)

-- | The response's http status code.
createAuthorizerResponse_httpStatus :: Lens.Lens' CreateAuthorizerResponse Prelude.Int
createAuthorizerResponse_httpStatus :: (Int -> f Int)
-> CreateAuthorizerResponse -> f CreateAuthorizerResponse
createAuthorizerResponse_httpStatus = (CreateAuthorizerResponse -> Int)
-> (CreateAuthorizerResponse -> Int -> CreateAuthorizerResponse)
-> Lens CreateAuthorizerResponse CreateAuthorizerResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAuthorizerResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateAuthorizerResponse' :: CreateAuthorizerResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateAuthorizerResponse
s@CreateAuthorizerResponse' {} Int
a -> CreateAuthorizerResponse
s {$sel:httpStatus:CreateAuthorizerResponse' :: Int
httpStatus = Int
a} :: CreateAuthorizerResponse)

instance Prelude.NFData CreateAuthorizerResponse