{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.AppSync.Types.LambdaAuthorizerConfig
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.AppSync.Types.LambdaAuthorizerConfig where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | A @LambdaAuthorizerConfig@ holds configuration on how to authorize
-- AppSync API access when using the @AWS_LAMBDA@ authorizer mode. Be aware
-- that an AppSync API may have only one Lambda authorizer configured at a
-- time.
--
-- /See:/ 'newLambdaAuthorizerConfig' smart constructor.
data LambdaAuthorizerConfig = LambdaAuthorizerConfig'
  { -- | A regular expression for validation of tokens before the Lambda function
    -- is called.
    LambdaAuthorizerConfig -> Maybe Text
identityValidationExpression :: Prelude.Maybe Prelude.Text,
    -- | The number of seconds a response should be cached for. The default is 5
    -- minutes (300 seconds). The Lambda function can override this by
    -- returning a @ttlOverride@ key in its response. A value of 0 disables
    -- caching of responses.
    LambdaAuthorizerConfig -> Maybe Natural
authorizerResultTtlInSeconds :: Prelude.Maybe Prelude.Natural,
    -- | The ARN of the Lambda function to be called for authorization. This may
    -- be a standard Lambda ARN, a version ARN (@...\/v3@) or alias ARN.
    --
    -- /Note/: This Lambda function must have the following resource-based
    -- policy assigned to it. When configuring Lambda authorizers in the
    -- Console, this is done for you. To do so with the Amazon Web Services
    -- CLI, run the following:
    --
    -- @aws lambda add-permission --function-name \"arn:aws:lambda:us-east-2:111122223333:function:my-function\" --statement-id \"appsync\" --principal appsync.amazonaws.com --action lambda:InvokeFunction@
    LambdaAuthorizerConfig -> Text
authorizerUri :: Prelude.Text
  }
  deriving (LambdaAuthorizerConfig -> LambdaAuthorizerConfig -> Bool
(LambdaAuthorizerConfig -> LambdaAuthorizerConfig -> Bool)
-> (LambdaAuthorizerConfig -> LambdaAuthorizerConfig -> Bool)
-> Eq LambdaAuthorizerConfig
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: LambdaAuthorizerConfig -> LambdaAuthorizerConfig -> Bool
$c/= :: LambdaAuthorizerConfig -> LambdaAuthorizerConfig -> Bool
== :: LambdaAuthorizerConfig -> LambdaAuthorizerConfig -> Bool
$c== :: LambdaAuthorizerConfig -> LambdaAuthorizerConfig -> Bool
Prelude.Eq, ReadPrec [LambdaAuthorizerConfig]
ReadPrec LambdaAuthorizerConfig
Int -> ReadS LambdaAuthorizerConfig
ReadS [LambdaAuthorizerConfig]
(Int -> ReadS LambdaAuthorizerConfig)
-> ReadS [LambdaAuthorizerConfig]
-> ReadPrec LambdaAuthorizerConfig
-> ReadPrec [LambdaAuthorizerConfig]
-> Read LambdaAuthorizerConfig
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [LambdaAuthorizerConfig]
$creadListPrec :: ReadPrec [LambdaAuthorizerConfig]
readPrec :: ReadPrec LambdaAuthorizerConfig
$creadPrec :: ReadPrec LambdaAuthorizerConfig
readList :: ReadS [LambdaAuthorizerConfig]
$creadList :: ReadS [LambdaAuthorizerConfig]
readsPrec :: Int -> ReadS LambdaAuthorizerConfig
$creadsPrec :: Int -> ReadS LambdaAuthorizerConfig
Prelude.Read, Int -> LambdaAuthorizerConfig -> ShowS
[LambdaAuthorizerConfig] -> ShowS
LambdaAuthorizerConfig -> String
(Int -> LambdaAuthorizerConfig -> ShowS)
-> (LambdaAuthorizerConfig -> String)
-> ([LambdaAuthorizerConfig] -> ShowS)
-> Show LambdaAuthorizerConfig
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [LambdaAuthorizerConfig] -> ShowS
$cshowList :: [LambdaAuthorizerConfig] -> ShowS
show :: LambdaAuthorizerConfig -> String
$cshow :: LambdaAuthorizerConfig -> String
showsPrec :: Int -> LambdaAuthorizerConfig -> ShowS
$cshowsPrec :: Int -> LambdaAuthorizerConfig -> ShowS
Prelude.Show, (forall x. LambdaAuthorizerConfig -> Rep LambdaAuthorizerConfig x)
-> (forall x.
    Rep LambdaAuthorizerConfig x -> LambdaAuthorizerConfig)
-> Generic LambdaAuthorizerConfig
forall x. Rep LambdaAuthorizerConfig x -> LambdaAuthorizerConfig
forall x. LambdaAuthorizerConfig -> Rep LambdaAuthorizerConfig x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep LambdaAuthorizerConfig x -> LambdaAuthorizerConfig
$cfrom :: forall x. LambdaAuthorizerConfig -> Rep LambdaAuthorizerConfig x
Prelude.Generic)

-- |
-- Create a value of 'LambdaAuthorizerConfig' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'identityValidationExpression', 'lambdaAuthorizerConfig_identityValidationExpression' - A regular expression for validation of tokens before the Lambda function
-- is called.
--
-- 'authorizerResultTtlInSeconds', 'lambdaAuthorizerConfig_authorizerResultTtlInSeconds' - The number of seconds a response should be cached for. The default is 5
-- minutes (300 seconds). The Lambda function can override this by
-- returning a @ttlOverride@ key in its response. A value of 0 disables
-- caching of responses.
--
-- 'authorizerUri', 'lambdaAuthorizerConfig_authorizerUri' - The ARN of the Lambda function to be called for authorization. This may
-- be a standard Lambda ARN, a version ARN (@...\/v3@) or alias ARN.
--
-- /Note/: This Lambda function must have the following resource-based
-- policy assigned to it. When configuring Lambda authorizers in the
-- Console, this is done for you. To do so with the Amazon Web Services
-- CLI, run the following:
--
-- @aws lambda add-permission --function-name \"arn:aws:lambda:us-east-2:111122223333:function:my-function\" --statement-id \"appsync\" --principal appsync.amazonaws.com --action lambda:InvokeFunction@
newLambdaAuthorizerConfig ::
  -- | 'authorizerUri'
  Prelude.Text ->
  LambdaAuthorizerConfig
newLambdaAuthorizerConfig :: Text -> LambdaAuthorizerConfig
newLambdaAuthorizerConfig Text
pAuthorizerUri_ =
  LambdaAuthorizerConfig' :: Maybe Text -> Maybe Natural -> Text -> LambdaAuthorizerConfig
LambdaAuthorizerConfig'
    { $sel:identityValidationExpression:LambdaAuthorizerConfig' :: Maybe Text
identityValidationExpression =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerResultTtlInSeconds:LambdaAuthorizerConfig' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
forall a. Maybe a
Prelude.Nothing,
      $sel:authorizerUri:LambdaAuthorizerConfig' :: Text
authorizerUri = Text
pAuthorizerUri_
    }

-- | A regular expression for validation of tokens before the Lambda function
-- is called.
lambdaAuthorizerConfig_identityValidationExpression :: Lens.Lens' LambdaAuthorizerConfig (Prelude.Maybe Prelude.Text)
lambdaAuthorizerConfig_identityValidationExpression :: (Maybe Text -> f (Maybe Text))
-> LambdaAuthorizerConfig -> f LambdaAuthorizerConfig
lambdaAuthorizerConfig_identityValidationExpression = (LambdaAuthorizerConfig -> Maybe Text)
-> (LambdaAuthorizerConfig -> Maybe Text -> LambdaAuthorizerConfig)
-> Lens
     LambdaAuthorizerConfig
     LambdaAuthorizerConfig
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LambdaAuthorizerConfig' {Maybe Text
identityValidationExpression :: Maybe Text
$sel:identityValidationExpression:LambdaAuthorizerConfig' :: LambdaAuthorizerConfig -> Maybe Text
identityValidationExpression} -> Maybe Text
identityValidationExpression) (\s :: LambdaAuthorizerConfig
s@LambdaAuthorizerConfig' {} Maybe Text
a -> LambdaAuthorizerConfig
s {$sel:identityValidationExpression:LambdaAuthorizerConfig' :: Maybe Text
identityValidationExpression = Maybe Text
a} :: LambdaAuthorizerConfig)

-- | The number of seconds a response should be cached for. The default is 5
-- minutes (300 seconds). The Lambda function can override this by
-- returning a @ttlOverride@ key in its response. A value of 0 disables
-- caching of responses.
lambdaAuthorizerConfig_authorizerResultTtlInSeconds :: Lens.Lens' LambdaAuthorizerConfig (Prelude.Maybe Prelude.Natural)
lambdaAuthorizerConfig_authorizerResultTtlInSeconds :: (Maybe Natural -> f (Maybe Natural))
-> LambdaAuthorizerConfig -> f LambdaAuthorizerConfig
lambdaAuthorizerConfig_authorizerResultTtlInSeconds = (LambdaAuthorizerConfig -> Maybe Natural)
-> (LambdaAuthorizerConfig
    -> Maybe Natural -> LambdaAuthorizerConfig)
-> Lens
     LambdaAuthorizerConfig
     LambdaAuthorizerConfig
     (Maybe Natural)
     (Maybe Natural)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LambdaAuthorizerConfig' {Maybe Natural
authorizerResultTtlInSeconds :: Maybe Natural
$sel:authorizerResultTtlInSeconds:LambdaAuthorizerConfig' :: LambdaAuthorizerConfig -> Maybe Natural
authorizerResultTtlInSeconds} -> Maybe Natural
authorizerResultTtlInSeconds) (\s :: LambdaAuthorizerConfig
s@LambdaAuthorizerConfig' {} Maybe Natural
a -> LambdaAuthorizerConfig
s {$sel:authorizerResultTtlInSeconds:LambdaAuthorizerConfig' :: Maybe Natural
authorizerResultTtlInSeconds = Maybe Natural
a} :: LambdaAuthorizerConfig)

-- | The ARN of the Lambda function to be called for authorization. This may
-- be a standard Lambda ARN, a version ARN (@...\/v3@) or alias ARN.
--
-- /Note/: This Lambda function must have the following resource-based
-- policy assigned to it. When configuring Lambda authorizers in the
-- Console, this is done for you. To do so with the Amazon Web Services
-- CLI, run the following:
--
-- @aws lambda add-permission --function-name \"arn:aws:lambda:us-east-2:111122223333:function:my-function\" --statement-id \"appsync\" --principal appsync.amazonaws.com --action lambda:InvokeFunction@
lambdaAuthorizerConfig_authorizerUri :: Lens.Lens' LambdaAuthorizerConfig Prelude.Text
lambdaAuthorizerConfig_authorizerUri :: (Text -> f Text)
-> LambdaAuthorizerConfig -> f LambdaAuthorizerConfig
lambdaAuthorizerConfig_authorizerUri = (LambdaAuthorizerConfig -> Text)
-> (LambdaAuthorizerConfig -> Text -> LambdaAuthorizerConfig)
-> Lens LambdaAuthorizerConfig LambdaAuthorizerConfig Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LambdaAuthorizerConfig' {Text
authorizerUri :: Text
$sel:authorizerUri:LambdaAuthorizerConfig' :: LambdaAuthorizerConfig -> Text
authorizerUri} -> Text
authorizerUri) (\s :: LambdaAuthorizerConfig
s@LambdaAuthorizerConfig' {} Text
a -> LambdaAuthorizerConfig
s {$sel:authorizerUri:LambdaAuthorizerConfig' :: Text
authorizerUri = Text
a} :: LambdaAuthorizerConfig)

instance Core.FromJSON LambdaAuthorizerConfig where
  parseJSON :: Value -> Parser LambdaAuthorizerConfig
parseJSON =
    String
-> (Object -> Parser LambdaAuthorizerConfig)
-> Value
-> Parser LambdaAuthorizerConfig
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"LambdaAuthorizerConfig"
      ( \Object
x ->
          Maybe Text -> Maybe Natural -> Text -> LambdaAuthorizerConfig
LambdaAuthorizerConfig'
            (Maybe Text -> Maybe Natural -> Text -> LambdaAuthorizerConfig)
-> Parser (Maybe Text)
-> Parser (Maybe Natural -> Text -> LambdaAuthorizerConfig)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"identityValidationExpression")
            Parser (Maybe Natural -> Text -> LambdaAuthorizerConfig)
-> Parser (Maybe Natural)
-> Parser (Text -> LambdaAuthorizerConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Natural)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authorizerResultTtlInSeconds")
            Parser (Text -> LambdaAuthorizerConfig)
-> Parser Text -> Parser LambdaAuthorizerConfig
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser Text
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"authorizerUri")
      )

instance Prelude.Hashable LambdaAuthorizerConfig

instance Prelude.NFData LambdaAuthorizerConfig

instance Core.ToJSON LambdaAuthorizerConfig where
  toJSON :: LambdaAuthorizerConfig -> Value
toJSON LambdaAuthorizerConfig' {Maybe Natural
Maybe Text
Text
authorizerUri :: Text
authorizerResultTtlInSeconds :: Maybe Natural
identityValidationExpression :: Maybe Text
$sel:authorizerUri:LambdaAuthorizerConfig' :: LambdaAuthorizerConfig -> Text
$sel:authorizerResultTtlInSeconds:LambdaAuthorizerConfig' :: LambdaAuthorizerConfig -> Maybe Natural
$sel:identityValidationExpression:LambdaAuthorizerConfig' :: LambdaAuthorizerConfig -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"identityValidationExpression" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
identityValidationExpression,
            (Text
"authorizerResultTtlInSeconds" Text -> Natural -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Natural -> Pair) -> Maybe Natural -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Natural
authorizerResultTtlInSeconds,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"authorizerUri" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
authorizerUri)
          ]
      )