{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.EKS.Types.OidcIdentityProviderConfigRequest
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.EKS.Types.OidcIdentityProviderConfigRequest where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | An object representing an OpenID Connect (OIDC) configuration. Before
-- associating an OIDC identity provider to your cluster, review the
-- considerations in
-- <https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html Authenticating users for your cluster from an OpenID Connect identity provider>
-- in the /Amazon EKS User Guide/.
--
-- /See:/ 'newOidcIdentityProviderConfigRequest' smart constructor.
data OidcIdentityProviderConfigRequest = OidcIdentityProviderConfigRequest'
  { -- | The prefix that is prepended to group claims to prevent clashes with
    -- existing names (such as @system:@ groups). For example, the
    -- value@ oidc:@ will create group names like @oidc:engineering@ and
    -- @oidc:infra@.
    OidcIdentityProviderConfigRequest -> Maybe Text
groupsPrefix :: Prelude.Maybe Prelude.Text,
    -- | The JSON Web Token (JWT) claim to use as the username. The default is
    -- @sub@, which is expected to be a unique identifier of the end user. You
    -- can choose other claims, such as @email@ or @name@, depending on the
    -- OpenID identity provider. Claims other than @email@ are prefixed with
    -- the issuer URL to prevent naming clashes with other plug-ins.
    OidcIdentityProviderConfigRequest -> Maybe Text
usernameClaim :: Prelude.Maybe Prelude.Text,
    -- | The key value pairs that describe required claims in the identity token.
    -- If set, each claim is verified to be present in the token with a
    -- matching value. For the maximum number of claims that you can require,
    -- see
    -- <https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html Amazon EKS service quotas>
    -- in the /Amazon EKS User Guide/.
    OidcIdentityProviderConfigRequest -> Maybe (HashMap Text Text)
requiredClaims :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | The prefix that is prepended to username claims to prevent clashes with
    -- existing names. If you do not provide this field, and @username@ is a
    -- value other than @email@, the prefix defaults to @issuerurl#@. You can
    -- use the value @-@ to disable all prefixing.
    OidcIdentityProviderConfigRequest -> Maybe Text
usernamePrefix :: Prelude.Maybe Prelude.Text,
    -- | The JWT claim that the provider uses to return your groups.
    OidcIdentityProviderConfigRequest -> Maybe Text
groupsClaim :: Prelude.Maybe Prelude.Text,
    -- | The name of the OIDC provider configuration.
    OidcIdentityProviderConfigRequest -> Text
identityProviderConfigName :: Prelude.Text,
    -- | The URL of the OpenID identity provider that allows the API server to
    -- discover public signing keys for verifying tokens. The URL must begin
    -- with @https:\/\/@ and should correspond to the @iss@ claim in the
    -- provider\'s OIDC ID tokens. Per the OIDC standard, path components are
    -- allowed but query parameters are not. Typically the URL consists of only
    -- a hostname, like @https:\/\/server.example.org@ or
    -- @https:\/\/example.com@. This URL should point to the level below
    -- @.well-known\/openid-configuration@ and must be publicly accessible over
    -- the internet.
    OidcIdentityProviderConfigRequest -> Text
issuerUrl :: Prelude.Text,
    -- | This is also known as /audience/. The ID for the client application that
    -- makes authentication requests to the OpenID identity provider.
    OidcIdentityProviderConfigRequest -> Text
clientId :: Prelude.Text
  }
  deriving (OidcIdentityProviderConfigRequest
-> OidcIdentityProviderConfigRequest -> Bool
(OidcIdentityProviderConfigRequest
 -> OidcIdentityProviderConfigRequest -> Bool)
-> (OidcIdentityProviderConfigRequest
    -> OidcIdentityProviderConfigRequest -> Bool)
-> Eq OidcIdentityProviderConfigRequest
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: OidcIdentityProviderConfigRequest
-> OidcIdentityProviderConfigRequest -> Bool
$c/= :: OidcIdentityProviderConfigRequest
-> OidcIdentityProviderConfigRequest -> Bool
== :: OidcIdentityProviderConfigRequest
-> OidcIdentityProviderConfigRequest -> Bool
$c== :: OidcIdentityProviderConfigRequest
-> OidcIdentityProviderConfigRequest -> Bool
Prelude.Eq, ReadPrec [OidcIdentityProviderConfigRequest]
ReadPrec OidcIdentityProviderConfigRequest
Int -> ReadS OidcIdentityProviderConfigRequest
ReadS [OidcIdentityProviderConfigRequest]
(Int -> ReadS OidcIdentityProviderConfigRequest)
-> ReadS [OidcIdentityProviderConfigRequest]
-> ReadPrec OidcIdentityProviderConfigRequest
-> ReadPrec [OidcIdentityProviderConfigRequest]
-> Read OidcIdentityProviderConfigRequest
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [OidcIdentityProviderConfigRequest]
$creadListPrec :: ReadPrec [OidcIdentityProviderConfigRequest]
readPrec :: ReadPrec OidcIdentityProviderConfigRequest
$creadPrec :: ReadPrec OidcIdentityProviderConfigRequest
readList :: ReadS [OidcIdentityProviderConfigRequest]
$creadList :: ReadS [OidcIdentityProviderConfigRequest]
readsPrec :: Int -> ReadS OidcIdentityProviderConfigRequest
$creadsPrec :: Int -> ReadS OidcIdentityProviderConfigRequest
Prelude.Read, Int -> OidcIdentityProviderConfigRequest -> ShowS
[OidcIdentityProviderConfigRequest] -> ShowS
OidcIdentityProviderConfigRequest -> String
(Int -> OidcIdentityProviderConfigRequest -> ShowS)
-> (OidcIdentityProviderConfigRequest -> String)
-> ([OidcIdentityProviderConfigRequest] -> ShowS)
-> Show OidcIdentityProviderConfigRequest
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [OidcIdentityProviderConfigRequest] -> ShowS
$cshowList :: [OidcIdentityProviderConfigRequest] -> ShowS
show :: OidcIdentityProviderConfigRequest -> String
$cshow :: OidcIdentityProviderConfigRequest -> String
showsPrec :: Int -> OidcIdentityProviderConfigRequest -> ShowS
$cshowsPrec :: Int -> OidcIdentityProviderConfigRequest -> ShowS
Prelude.Show, (forall x.
 OidcIdentityProviderConfigRequest
 -> Rep OidcIdentityProviderConfigRequest x)
-> (forall x.
    Rep OidcIdentityProviderConfigRequest x
    -> OidcIdentityProviderConfigRequest)
-> Generic OidcIdentityProviderConfigRequest
forall x.
Rep OidcIdentityProviderConfigRequest x
-> OidcIdentityProviderConfigRequest
forall x.
OidcIdentityProviderConfigRequest
-> Rep OidcIdentityProviderConfigRequest x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep OidcIdentityProviderConfigRequest x
-> OidcIdentityProviderConfigRequest
$cfrom :: forall x.
OidcIdentityProviderConfigRequest
-> Rep OidcIdentityProviderConfigRequest x
Prelude.Generic)

-- |
-- Create a value of 'OidcIdentityProviderConfigRequest' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'groupsPrefix', 'oidcIdentityProviderConfigRequest_groupsPrefix' - The prefix that is prepended to group claims to prevent clashes with
-- existing names (such as @system:@ groups). For example, the
-- value@ oidc:@ will create group names like @oidc:engineering@ and
-- @oidc:infra@.
--
-- 'usernameClaim', 'oidcIdentityProviderConfigRequest_usernameClaim' - The JSON Web Token (JWT) claim to use as the username. The default is
-- @sub@, which is expected to be a unique identifier of the end user. You
-- can choose other claims, such as @email@ or @name@, depending on the
-- OpenID identity provider. Claims other than @email@ are prefixed with
-- the issuer URL to prevent naming clashes with other plug-ins.
--
-- 'requiredClaims', 'oidcIdentityProviderConfigRequest_requiredClaims' - The key value pairs that describe required claims in the identity token.
-- If set, each claim is verified to be present in the token with a
-- matching value. For the maximum number of claims that you can require,
-- see
-- <https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html Amazon EKS service quotas>
-- in the /Amazon EKS User Guide/.
--
-- 'usernamePrefix', 'oidcIdentityProviderConfigRequest_usernamePrefix' - The prefix that is prepended to username claims to prevent clashes with
-- existing names. If you do not provide this field, and @username@ is a
-- value other than @email@, the prefix defaults to @issuerurl#@. You can
-- use the value @-@ to disable all prefixing.
--
-- 'groupsClaim', 'oidcIdentityProviderConfigRequest_groupsClaim' - The JWT claim that the provider uses to return your groups.
--
-- 'identityProviderConfigName', 'oidcIdentityProviderConfigRequest_identityProviderConfigName' - The name of the OIDC provider configuration.
--
-- 'issuerUrl', 'oidcIdentityProviderConfigRequest_issuerUrl' - The URL of the OpenID identity provider that allows the API server to
-- discover public signing keys for verifying tokens. The URL must begin
-- with @https:\/\/@ and should correspond to the @iss@ claim in the
-- provider\'s OIDC ID tokens. Per the OIDC standard, path components are
-- allowed but query parameters are not. Typically the URL consists of only
-- a hostname, like @https:\/\/server.example.org@ or
-- @https:\/\/example.com@. This URL should point to the level below
-- @.well-known\/openid-configuration@ and must be publicly accessible over
-- the internet.
--
-- 'clientId', 'oidcIdentityProviderConfigRequest_clientId' - This is also known as /audience/. The ID for the client application that
-- makes authentication requests to the OpenID identity provider.
newOidcIdentityProviderConfigRequest ::
  -- | 'identityProviderConfigName'
  Prelude.Text ->
  -- | 'issuerUrl'
  Prelude.Text ->
  -- | 'clientId'
  Prelude.Text ->
  OidcIdentityProviderConfigRequest
newOidcIdentityProviderConfigRequest :: Text -> Text -> Text -> OidcIdentityProviderConfigRequest
newOidcIdentityProviderConfigRequest
  Text
pIdentityProviderConfigName_
  Text
pIssuerUrl_
  Text
pClientId_ =
    OidcIdentityProviderConfigRequest' :: Maybe Text
-> Maybe Text
-> Maybe (HashMap Text Text)
-> Maybe Text
-> Maybe Text
-> Text
-> Text
-> Text
-> OidcIdentityProviderConfigRequest
OidcIdentityProviderConfigRequest'
      { $sel:groupsPrefix:OidcIdentityProviderConfigRequest' :: Maybe Text
groupsPrefix =
          Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:usernameClaim:OidcIdentityProviderConfigRequest' :: Maybe Text
usernameClaim = Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:requiredClaims:OidcIdentityProviderConfigRequest' :: Maybe (HashMap Text Text)
requiredClaims = Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
        $sel:usernamePrefix:OidcIdentityProviderConfigRequest' :: Maybe Text
usernamePrefix = Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:groupsClaim:OidcIdentityProviderConfigRequest' :: Maybe Text
groupsClaim = Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:identityProviderConfigName:OidcIdentityProviderConfigRequest' :: Text
identityProviderConfigName =
          Text
pIdentityProviderConfigName_,
        $sel:issuerUrl:OidcIdentityProviderConfigRequest' :: Text
issuerUrl = Text
pIssuerUrl_,
        $sel:clientId:OidcIdentityProviderConfigRequest' :: Text
clientId = Text
pClientId_
      }

-- | The prefix that is prepended to group claims to prevent clashes with
-- existing names (such as @system:@ groups). For example, the
-- value@ oidc:@ will create group names like @oidc:engineering@ and
-- @oidc:infra@.
oidcIdentityProviderConfigRequest_groupsPrefix :: Lens.Lens' OidcIdentityProviderConfigRequest (Prelude.Maybe Prelude.Text)
oidcIdentityProviderConfigRequest_groupsPrefix :: (Maybe Text -> f (Maybe Text))
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
oidcIdentityProviderConfigRequest_groupsPrefix = (OidcIdentityProviderConfigRequest -> Maybe Text)
-> (OidcIdentityProviderConfigRequest
    -> Maybe Text -> OidcIdentityProviderConfigRequest)
-> Lens
     OidcIdentityProviderConfigRequest
     OidcIdentityProviderConfigRequest
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\OidcIdentityProviderConfigRequest' {Maybe Text
groupsPrefix :: Maybe Text
$sel:groupsPrefix:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe Text
groupsPrefix} -> Maybe Text
groupsPrefix) (\s :: OidcIdentityProviderConfigRequest
s@OidcIdentityProviderConfigRequest' {} Maybe Text
a -> OidcIdentityProviderConfigRequest
s {$sel:groupsPrefix:OidcIdentityProviderConfigRequest' :: Maybe Text
groupsPrefix = Maybe Text
a} :: OidcIdentityProviderConfigRequest)

-- | The JSON Web Token (JWT) claim to use as the username. The default is
-- @sub@, which is expected to be a unique identifier of the end user. You
-- can choose other claims, such as @email@ or @name@, depending on the
-- OpenID identity provider. Claims other than @email@ are prefixed with
-- the issuer URL to prevent naming clashes with other plug-ins.
oidcIdentityProviderConfigRequest_usernameClaim :: Lens.Lens' OidcIdentityProviderConfigRequest (Prelude.Maybe Prelude.Text)
oidcIdentityProviderConfigRequest_usernameClaim :: (Maybe Text -> f (Maybe Text))
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
oidcIdentityProviderConfigRequest_usernameClaim = (OidcIdentityProviderConfigRequest -> Maybe Text)
-> (OidcIdentityProviderConfigRequest
    -> Maybe Text -> OidcIdentityProviderConfigRequest)
-> Lens
     OidcIdentityProviderConfigRequest
     OidcIdentityProviderConfigRequest
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\OidcIdentityProviderConfigRequest' {Maybe Text
usernameClaim :: Maybe Text
$sel:usernameClaim:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe Text
usernameClaim} -> Maybe Text
usernameClaim) (\s :: OidcIdentityProviderConfigRequest
s@OidcIdentityProviderConfigRequest' {} Maybe Text
a -> OidcIdentityProviderConfigRequest
s {$sel:usernameClaim:OidcIdentityProviderConfigRequest' :: Maybe Text
usernameClaim = Maybe Text
a} :: OidcIdentityProviderConfigRequest)

-- | The key value pairs that describe required claims in the identity token.
-- If set, each claim is verified to be present in the token with a
-- matching value. For the maximum number of claims that you can require,
-- see
-- <https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html Amazon EKS service quotas>
-- in the /Amazon EKS User Guide/.
oidcIdentityProviderConfigRequest_requiredClaims :: Lens.Lens' OidcIdentityProviderConfigRequest (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
oidcIdentityProviderConfigRequest_requiredClaims :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
oidcIdentityProviderConfigRequest_requiredClaims = (OidcIdentityProviderConfigRequest -> Maybe (HashMap Text Text))
-> (OidcIdentityProviderConfigRequest
    -> Maybe (HashMap Text Text) -> OidcIdentityProviderConfigRequest)
-> Lens
     OidcIdentityProviderConfigRequest
     OidcIdentityProviderConfigRequest
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\OidcIdentityProviderConfigRequest' {Maybe (HashMap Text Text)
requiredClaims :: Maybe (HashMap Text Text)
$sel:requiredClaims:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe (HashMap Text Text)
requiredClaims} -> Maybe (HashMap Text Text)
requiredClaims) (\s :: OidcIdentityProviderConfigRequest
s@OidcIdentityProviderConfigRequest' {} Maybe (HashMap Text Text)
a -> OidcIdentityProviderConfigRequest
s {$sel:requiredClaims:OidcIdentityProviderConfigRequest' :: Maybe (HashMap Text Text)
requiredClaims = Maybe (HashMap Text Text)
a} :: OidcIdentityProviderConfigRequest) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> OidcIdentityProviderConfigRequest
 -> f OidcIdentityProviderConfigRequest)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The prefix that is prepended to username claims to prevent clashes with
-- existing names. If you do not provide this field, and @username@ is a
-- value other than @email@, the prefix defaults to @issuerurl#@. You can
-- use the value @-@ to disable all prefixing.
oidcIdentityProviderConfigRequest_usernamePrefix :: Lens.Lens' OidcIdentityProviderConfigRequest (Prelude.Maybe Prelude.Text)
oidcIdentityProviderConfigRequest_usernamePrefix :: (Maybe Text -> f (Maybe Text))
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
oidcIdentityProviderConfigRequest_usernamePrefix = (OidcIdentityProviderConfigRequest -> Maybe Text)
-> (OidcIdentityProviderConfigRequest
    -> Maybe Text -> OidcIdentityProviderConfigRequest)
-> Lens
     OidcIdentityProviderConfigRequest
     OidcIdentityProviderConfigRequest
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\OidcIdentityProviderConfigRequest' {Maybe Text
usernamePrefix :: Maybe Text
$sel:usernamePrefix:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe Text
usernamePrefix} -> Maybe Text
usernamePrefix) (\s :: OidcIdentityProviderConfigRequest
s@OidcIdentityProviderConfigRequest' {} Maybe Text
a -> OidcIdentityProviderConfigRequest
s {$sel:usernamePrefix:OidcIdentityProviderConfigRequest' :: Maybe Text
usernamePrefix = Maybe Text
a} :: OidcIdentityProviderConfigRequest)

-- | The JWT claim that the provider uses to return your groups.
oidcIdentityProviderConfigRequest_groupsClaim :: Lens.Lens' OidcIdentityProviderConfigRequest (Prelude.Maybe Prelude.Text)
oidcIdentityProviderConfigRequest_groupsClaim :: (Maybe Text -> f (Maybe Text))
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
oidcIdentityProviderConfigRequest_groupsClaim = (OidcIdentityProviderConfigRequest -> Maybe Text)
-> (OidcIdentityProviderConfigRequest
    -> Maybe Text -> OidcIdentityProviderConfigRequest)
-> Lens
     OidcIdentityProviderConfigRequest
     OidcIdentityProviderConfigRequest
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\OidcIdentityProviderConfigRequest' {Maybe Text
groupsClaim :: Maybe Text
$sel:groupsClaim:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe Text
groupsClaim} -> Maybe Text
groupsClaim) (\s :: OidcIdentityProviderConfigRequest
s@OidcIdentityProviderConfigRequest' {} Maybe Text
a -> OidcIdentityProviderConfigRequest
s {$sel:groupsClaim:OidcIdentityProviderConfigRequest' :: Maybe Text
groupsClaim = Maybe Text
a} :: OidcIdentityProviderConfigRequest)

-- | The name of the OIDC provider configuration.
oidcIdentityProviderConfigRequest_identityProviderConfigName :: Lens.Lens' OidcIdentityProviderConfigRequest Prelude.Text
oidcIdentityProviderConfigRequest_identityProviderConfigName :: (Text -> f Text)
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
oidcIdentityProviderConfigRequest_identityProviderConfigName = (OidcIdentityProviderConfigRequest -> Text)
-> (OidcIdentityProviderConfigRequest
    -> Text -> OidcIdentityProviderConfigRequest)
-> Lens
     OidcIdentityProviderConfigRequest
     OidcIdentityProviderConfigRequest
     Text
     Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\OidcIdentityProviderConfigRequest' {Text
identityProviderConfigName :: Text
$sel:identityProviderConfigName:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Text
identityProviderConfigName} -> Text
identityProviderConfigName) (\s :: OidcIdentityProviderConfigRequest
s@OidcIdentityProviderConfigRequest' {} Text
a -> OidcIdentityProviderConfigRequest
s {$sel:identityProviderConfigName:OidcIdentityProviderConfigRequest' :: Text
identityProviderConfigName = Text
a} :: OidcIdentityProviderConfigRequest)

-- | The URL of the OpenID identity provider that allows the API server to
-- discover public signing keys for verifying tokens. The URL must begin
-- with @https:\/\/@ and should correspond to the @iss@ claim in the
-- provider\'s OIDC ID tokens. Per the OIDC standard, path components are
-- allowed but query parameters are not. Typically the URL consists of only
-- a hostname, like @https:\/\/server.example.org@ or
-- @https:\/\/example.com@. This URL should point to the level below
-- @.well-known\/openid-configuration@ and must be publicly accessible over
-- the internet.
oidcIdentityProviderConfigRequest_issuerUrl :: Lens.Lens' OidcIdentityProviderConfigRequest Prelude.Text
oidcIdentityProviderConfigRequest_issuerUrl :: (Text -> f Text)
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
oidcIdentityProviderConfigRequest_issuerUrl = (OidcIdentityProviderConfigRequest -> Text)
-> (OidcIdentityProviderConfigRequest
    -> Text -> OidcIdentityProviderConfigRequest)
-> Lens
     OidcIdentityProviderConfigRequest
     OidcIdentityProviderConfigRequest
     Text
     Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\OidcIdentityProviderConfigRequest' {Text
issuerUrl :: Text
$sel:issuerUrl:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Text
issuerUrl} -> Text
issuerUrl) (\s :: OidcIdentityProviderConfigRequest
s@OidcIdentityProviderConfigRequest' {} Text
a -> OidcIdentityProviderConfigRequest
s {$sel:issuerUrl:OidcIdentityProviderConfigRequest' :: Text
issuerUrl = Text
a} :: OidcIdentityProviderConfigRequest)

-- | This is also known as /audience/. The ID for the client application that
-- makes authentication requests to the OpenID identity provider.
oidcIdentityProviderConfigRequest_clientId :: Lens.Lens' OidcIdentityProviderConfigRequest Prelude.Text
oidcIdentityProviderConfigRequest_clientId :: (Text -> f Text)
-> OidcIdentityProviderConfigRequest
-> f OidcIdentityProviderConfigRequest
oidcIdentityProviderConfigRequest_clientId = (OidcIdentityProviderConfigRequest -> Text)
-> (OidcIdentityProviderConfigRequest
    -> Text -> OidcIdentityProviderConfigRequest)
-> Lens
     OidcIdentityProviderConfigRequest
     OidcIdentityProviderConfigRequest
     Text
     Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\OidcIdentityProviderConfigRequest' {Text
clientId :: Text
$sel:clientId:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Text
clientId} -> Text
clientId) (\s :: OidcIdentityProviderConfigRequest
s@OidcIdentityProviderConfigRequest' {} Text
a -> OidcIdentityProviderConfigRequest
s {$sel:clientId:OidcIdentityProviderConfigRequest' :: Text
clientId = Text
a} :: OidcIdentityProviderConfigRequest)

instance
  Prelude.Hashable
    OidcIdentityProviderConfigRequest

instance
  Prelude.NFData
    OidcIdentityProviderConfigRequest

instance
  Core.ToJSON
    OidcIdentityProviderConfigRequest
  where
  toJSON :: OidcIdentityProviderConfigRequest -> Value
toJSON OidcIdentityProviderConfigRequest' {Maybe Text
Maybe (HashMap Text Text)
Text
clientId :: Text
issuerUrl :: Text
identityProviderConfigName :: Text
groupsClaim :: Maybe Text
usernamePrefix :: Maybe Text
requiredClaims :: Maybe (HashMap Text Text)
usernameClaim :: Maybe Text
groupsPrefix :: Maybe Text
$sel:clientId:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Text
$sel:issuerUrl:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Text
$sel:identityProviderConfigName:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Text
$sel:groupsClaim:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe Text
$sel:usernamePrefix:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe Text
$sel:requiredClaims:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe (HashMap Text Text)
$sel:usernameClaim:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe Text
$sel:groupsPrefix:OidcIdentityProviderConfigRequest' :: OidcIdentityProviderConfigRequest -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"groupsPrefix" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
groupsPrefix,
            (Text
"usernameClaim" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
usernameClaim,
            (Text
"requiredClaims" Text -> HashMap Text Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HashMap Text Text -> Pair)
-> Maybe (HashMap Text Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
requiredClaims,
            (Text
"usernamePrefix" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
usernamePrefix,
            (Text
"groupsClaim" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
groupsClaim,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              ( Text
"identityProviderConfigName"
                  Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
identityProviderConfigName
              ),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"issuerUrl" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
issuerUrl),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"clientId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
clientId)
          ]
      )