{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.IAM.CreateOpenIDConnectProvider
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates an IAM entity to describe an identity provider (IdP) that
-- supports <http://openid.net/connect/ OpenID Connect (OIDC)>.
--
-- The OIDC provider that you create with this operation can be used as a
-- principal in a role\'s trust policy. Such a policy establishes a trust
-- relationship between Amazon Web Services and the OIDC provider.
--
-- If you are using an OIDC identity provider from Google, Facebook, or
-- Amazon Cognito, you don\'t need to create a separate IAM identity
-- provider. These OIDC identity providers are already built-in to Amazon
-- Web Services and are available for your use. Instead, you can move
-- directly to creating new roles using your identity provider. To learn
-- more, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html Creating a role for web identity or OpenID connect federation>
-- in the /IAM User Guide/.
--
-- When you create the IAM OIDC provider, you specify the following:
--
-- -   The URL of the OIDC identity provider (IdP) to trust
--
-- -   A list of client IDs (also known as audiences) that identify the
--     application or applications allowed to authenticate using the OIDC
--     provider
--
-- -   A list of thumbprints of one or more server certificates that the
--     IdP uses
--
-- You get all of this information from the OIDC IdP you want to use to
-- access Amazon Web Services.
--
-- Amazon Web Services secures communication with some OIDC identity
-- providers (IdPs) through our library of trusted certificate authorities
-- (CAs) instead of using a certificate thumbprint to verify your IdP
-- server certificate. These OIDC IdPs include Google, and those that use
-- an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these
-- cases, your legacy thumbprint remains in your configuration, but is no
-- longer used for validation.
--
-- The trust for the OIDC provider is derived from the IAM provider that
-- this operation creates. Therefore, it is best to limit access to the
-- CreateOpenIDConnectProvider operation to highly privileged users.
module Amazonka.IAM.CreateOpenIDConnectProvider
  ( -- * Creating a Request
    CreateOpenIDConnectProvider (..),
    newCreateOpenIDConnectProvider,

    -- * Request Lenses
    createOpenIDConnectProvider_clientIDList,
    createOpenIDConnectProvider_tags,
    createOpenIDConnectProvider_url,
    createOpenIDConnectProvider_thumbprintList,

    -- * Destructuring the Response
    CreateOpenIDConnectProviderResponse (..),
    newCreateOpenIDConnectProviderResponse,

    -- * Response Lenses
    createOpenIDConnectProviderResponse_openIDConnectProviderArn,
    createOpenIDConnectProviderResponse_tags,
    createOpenIDConnectProviderResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.IAM.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newCreateOpenIDConnectProvider' smart constructor.
data CreateOpenIDConnectProvider = CreateOpenIDConnectProvider'
  { -- | Provides a list of client IDs, also known as audiences. When a mobile or
    -- web app registers with an OpenID Connect provider, they establish a
    -- value that identifies the application. This is the value that\'s sent as
    -- the @client_id@ parameter on OAuth requests.
    --
    -- You can register multiple client IDs with the same provider. For
    -- example, you might have multiple applications that use the same OIDC
    -- provider. You cannot register more than 100 client IDs with a single IAM
    -- OIDC provider.
    --
    -- There is no defined format for a client ID. The
    -- @CreateOpenIDConnectProviderRequest@ operation accepts client IDs up to
    -- 255 characters long.
    CreateOpenIDConnectProvider -> Maybe [Text]
clientIDList :: Prelude.Maybe [Prelude.Text],
    -- | A list of tags that you want to attach to the new IAM OpenID Connect
    -- (OIDC) provider. Each tag consists of a key name and an associated
    -- value. For more information about tagging, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tagging IAM resources>
    -- in the /IAM User Guide/.
    --
    -- If any one of the tags is invalid or if you exceed the allowed maximum
    -- number of tags, then the entire request fails and the resource is not
    -- created.
    CreateOpenIDConnectProvider -> Maybe [Tag]
tags :: Prelude.Maybe [Tag],
    -- | The URL of the identity provider. The URL must begin with @https:\/\/@
    -- and should correspond to the @iss@ claim in the provider\'s OpenID
    -- Connect ID tokens. Per the OIDC standard, path components are allowed
    -- but query parameters are not. Typically the URL consists of only a
    -- hostname, like @https:\/\/server.example.org@ or
    -- @https:\/\/example.com@. The URL should not contain a port number.
    --
    -- You cannot register the same provider multiple times in a single Amazon
    -- Web Services account. If you try to submit a URL that has already been
    -- used for an OpenID Connect provider in the Amazon Web Services account,
    -- you will get an error.
    CreateOpenIDConnectProvider -> Text
url :: Prelude.Text,
    -- | A list of server certificate thumbprints for the OpenID Connect (OIDC)
    -- identity provider\'s server certificates. Typically this list includes
    -- only one entry. However, IAM lets you have up to five thumbprints for an
    -- OIDC provider. This lets you maintain multiple thumbprints if the
    -- identity provider is rotating certificates.
    --
    -- The server certificate thumbprint is the hex-encoded SHA-1 hash value of
    -- the X.509 certificate used by the domain where the OpenID Connect
    -- provider makes its keys available. It is always a 40-character string.
    --
    -- You must provide at least one thumbprint when creating an IAM OIDC
    -- provider. For example, assume that the OIDC provider is
    -- @server.example.com@ and the provider stores its keys at
    -- https:\/\/keys.server.example.com\/openid-connect. In that case, the
    -- thumbprint string would be the hex-encoded SHA-1 hash value of the
    -- certificate used by @https:\/\/keys.server.example.com.@
    --
    -- For more information about obtaining the OIDC provider thumbprint, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html Obtaining the thumbprint for an OpenID Connect provider>
    -- in the /IAM User Guide/.
    CreateOpenIDConnectProvider -> [Text]
thumbprintList :: [Prelude.Text]
  }
  deriving (CreateOpenIDConnectProvider -> CreateOpenIDConnectProvider -> Bool
(CreateOpenIDConnectProvider
 -> CreateOpenIDConnectProvider -> Bool)
-> (CreateOpenIDConnectProvider
    -> CreateOpenIDConnectProvider -> Bool)
-> Eq CreateOpenIDConnectProvider
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateOpenIDConnectProvider -> CreateOpenIDConnectProvider -> Bool
$c/= :: CreateOpenIDConnectProvider -> CreateOpenIDConnectProvider -> Bool
== :: CreateOpenIDConnectProvider -> CreateOpenIDConnectProvider -> Bool
$c== :: CreateOpenIDConnectProvider -> CreateOpenIDConnectProvider -> Bool
Prelude.Eq, ReadPrec [CreateOpenIDConnectProvider]
ReadPrec CreateOpenIDConnectProvider
Int -> ReadS CreateOpenIDConnectProvider
ReadS [CreateOpenIDConnectProvider]
(Int -> ReadS CreateOpenIDConnectProvider)
-> ReadS [CreateOpenIDConnectProvider]
-> ReadPrec CreateOpenIDConnectProvider
-> ReadPrec [CreateOpenIDConnectProvider]
-> Read CreateOpenIDConnectProvider
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateOpenIDConnectProvider]
$creadListPrec :: ReadPrec [CreateOpenIDConnectProvider]
readPrec :: ReadPrec CreateOpenIDConnectProvider
$creadPrec :: ReadPrec CreateOpenIDConnectProvider
readList :: ReadS [CreateOpenIDConnectProvider]
$creadList :: ReadS [CreateOpenIDConnectProvider]
readsPrec :: Int -> ReadS CreateOpenIDConnectProvider
$creadsPrec :: Int -> ReadS CreateOpenIDConnectProvider
Prelude.Read, Int -> CreateOpenIDConnectProvider -> ShowS
[CreateOpenIDConnectProvider] -> ShowS
CreateOpenIDConnectProvider -> String
(Int -> CreateOpenIDConnectProvider -> ShowS)
-> (CreateOpenIDConnectProvider -> String)
-> ([CreateOpenIDConnectProvider] -> ShowS)
-> Show CreateOpenIDConnectProvider
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateOpenIDConnectProvider] -> ShowS
$cshowList :: [CreateOpenIDConnectProvider] -> ShowS
show :: CreateOpenIDConnectProvider -> String
$cshow :: CreateOpenIDConnectProvider -> String
showsPrec :: Int -> CreateOpenIDConnectProvider -> ShowS
$cshowsPrec :: Int -> CreateOpenIDConnectProvider -> ShowS
Prelude.Show, (forall x.
 CreateOpenIDConnectProvider -> Rep CreateOpenIDConnectProvider x)
-> (forall x.
    Rep CreateOpenIDConnectProvider x -> CreateOpenIDConnectProvider)
-> Generic CreateOpenIDConnectProvider
forall x.
Rep CreateOpenIDConnectProvider x -> CreateOpenIDConnectProvider
forall x.
CreateOpenIDConnectProvider -> Rep CreateOpenIDConnectProvider x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CreateOpenIDConnectProvider x -> CreateOpenIDConnectProvider
$cfrom :: forall x.
CreateOpenIDConnectProvider -> Rep CreateOpenIDConnectProvider x
Prelude.Generic)

-- |
-- Create a value of 'CreateOpenIDConnectProvider' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'clientIDList', 'createOpenIDConnectProvider_clientIDList' - Provides a list of client IDs, also known as audiences. When a mobile or
-- web app registers with an OpenID Connect provider, they establish a
-- value that identifies the application. This is the value that\'s sent as
-- the @client_id@ parameter on OAuth requests.
--
-- You can register multiple client IDs with the same provider. For
-- example, you might have multiple applications that use the same OIDC
-- provider. You cannot register more than 100 client IDs with a single IAM
-- OIDC provider.
--
-- There is no defined format for a client ID. The
-- @CreateOpenIDConnectProviderRequest@ operation accepts client IDs up to
-- 255 characters long.
--
-- 'tags', 'createOpenIDConnectProvider_tags' - A list of tags that you want to attach to the new IAM OpenID Connect
-- (OIDC) provider. Each tag consists of a key name and an associated
-- value. For more information about tagging, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tagging IAM resources>
-- in the /IAM User Guide/.
--
-- If any one of the tags is invalid or if you exceed the allowed maximum
-- number of tags, then the entire request fails and the resource is not
-- created.
--
-- 'url', 'createOpenIDConnectProvider_url' - The URL of the identity provider. The URL must begin with @https:\/\/@
-- and should correspond to the @iss@ claim in the provider\'s OpenID
-- Connect ID tokens. Per the OIDC standard, path components are allowed
-- but query parameters are not. Typically the URL consists of only a
-- hostname, like @https:\/\/server.example.org@ or
-- @https:\/\/example.com@. The URL should not contain a port number.
--
-- You cannot register the same provider multiple times in a single Amazon
-- Web Services account. If you try to submit a URL that has already been
-- used for an OpenID Connect provider in the Amazon Web Services account,
-- you will get an error.
--
-- 'thumbprintList', 'createOpenIDConnectProvider_thumbprintList' - A list of server certificate thumbprints for the OpenID Connect (OIDC)
-- identity provider\'s server certificates. Typically this list includes
-- only one entry. However, IAM lets you have up to five thumbprints for an
-- OIDC provider. This lets you maintain multiple thumbprints if the
-- identity provider is rotating certificates.
--
-- The server certificate thumbprint is the hex-encoded SHA-1 hash value of
-- the X.509 certificate used by the domain where the OpenID Connect
-- provider makes its keys available. It is always a 40-character string.
--
-- You must provide at least one thumbprint when creating an IAM OIDC
-- provider. For example, assume that the OIDC provider is
-- @server.example.com@ and the provider stores its keys at
-- https:\/\/keys.server.example.com\/openid-connect. In that case, the
-- thumbprint string would be the hex-encoded SHA-1 hash value of the
-- certificate used by @https:\/\/keys.server.example.com.@
--
-- For more information about obtaining the OIDC provider thumbprint, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html Obtaining the thumbprint for an OpenID Connect provider>
-- in the /IAM User Guide/.
newCreateOpenIDConnectProvider ::
  -- | 'url'
  Prelude.Text ->
  CreateOpenIDConnectProvider
newCreateOpenIDConnectProvider :: Text -> CreateOpenIDConnectProvider
newCreateOpenIDConnectProvider Text
pUrl_ =
  CreateOpenIDConnectProvider' :: Maybe [Text]
-> Maybe [Tag] -> Text -> [Text] -> CreateOpenIDConnectProvider
CreateOpenIDConnectProvider'
    { $sel:clientIDList:CreateOpenIDConnectProvider' :: Maybe [Text]
clientIDList =
        Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:tags:CreateOpenIDConnectProvider' :: Maybe [Tag]
tags = Maybe [Tag]
forall a. Maybe a
Prelude.Nothing,
      $sel:url:CreateOpenIDConnectProvider' :: Text
url = Text
pUrl_,
      $sel:thumbprintList:CreateOpenIDConnectProvider' :: [Text]
thumbprintList = [Text]
forall a. Monoid a => a
Prelude.mempty
    }

-- | Provides a list of client IDs, also known as audiences. When a mobile or
-- web app registers with an OpenID Connect provider, they establish a
-- value that identifies the application. This is the value that\'s sent as
-- the @client_id@ parameter on OAuth requests.
--
-- You can register multiple client IDs with the same provider. For
-- example, you might have multiple applications that use the same OIDC
-- provider. You cannot register more than 100 client IDs with a single IAM
-- OIDC provider.
--
-- There is no defined format for a client ID. The
-- @CreateOpenIDConnectProviderRequest@ operation accepts client IDs up to
-- 255 characters long.
createOpenIDConnectProvider_clientIDList :: Lens.Lens' CreateOpenIDConnectProvider (Prelude.Maybe [Prelude.Text])
createOpenIDConnectProvider_clientIDList :: (Maybe [Text] -> f (Maybe [Text]))
-> CreateOpenIDConnectProvider -> f CreateOpenIDConnectProvider
createOpenIDConnectProvider_clientIDList = (CreateOpenIDConnectProvider -> Maybe [Text])
-> (CreateOpenIDConnectProvider
    -> Maybe [Text] -> CreateOpenIDConnectProvider)
-> Lens
     CreateOpenIDConnectProvider
     CreateOpenIDConnectProvider
     (Maybe [Text])
     (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateOpenIDConnectProvider' {Maybe [Text]
clientIDList :: Maybe [Text]
$sel:clientIDList:CreateOpenIDConnectProvider' :: CreateOpenIDConnectProvider -> Maybe [Text]
clientIDList} -> Maybe [Text]
clientIDList) (\s :: CreateOpenIDConnectProvider
s@CreateOpenIDConnectProvider' {} Maybe [Text]
a -> CreateOpenIDConnectProvider
s {$sel:clientIDList:CreateOpenIDConnectProvider' :: Maybe [Text]
clientIDList = Maybe [Text]
a} :: CreateOpenIDConnectProvider) ((Maybe [Text] -> f (Maybe [Text]))
 -> CreateOpenIDConnectProvider -> f CreateOpenIDConnectProvider)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> CreateOpenIDConnectProvider
-> f CreateOpenIDConnectProvider
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A list of tags that you want to attach to the new IAM OpenID Connect
-- (OIDC) provider. Each tag consists of a key name and an associated
-- value. For more information about tagging, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tagging IAM resources>
-- in the /IAM User Guide/.
--
-- If any one of the tags is invalid or if you exceed the allowed maximum
-- number of tags, then the entire request fails and the resource is not
-- created.
createOpenIDConnectProvider_tags :: Lens.Lens' CreateOpenIDConnectProvider (Prelude.Maybe [Tag])
createOpenIDConnectProvider_tags :: (Maybe [Tag] -> f (Maybe [Tag]))
-> CreateOpenIDConnectProvider -> f CreateOpenIDConnectProvider
createOpenIDConnectProvider_tags = (CreateOpenIDConnectProvider -> Maybe [Tag])
-> (CreateOpenIDConnectProvider
    -> Maybe [Tag] -> CreateOpenIDConnectProvider)
-> Lens
     CreateOpenIDConnectProvider
     CreateOpenIDConnectProvider
     (Maybe [Tag])
     (Maybe [Tag])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateOpenIDConnectProvider' {Maybe [Tag]
tags :: Maybe [Tag]
$sel:tags:CreateOpenIDConnectProvider' :: CreateOpenIDConnectProvider -> Maybe [Tag]
tags} -> Maybe [Tag]
tags) (\s :: CreateOpenIDConnectProvider
s@CreateOpenIDConnectProvider' {} Maybe [Tag]
a -> CreateOpenIDConnectProvider
s {$sel:tags:CreateOpenIDConnectProvider' :: Maybe [Tag]
tags = Maybe [Tag]
a} :: CreateOpenIDConnectProvider) ((Maybe [Tag] -> f (Maybe [Tag]))
 -> CreateOpenIDConnectProvider -> f CreateOpenIDConnectProvider)
-> ((Maybe [Tag] -> f (Maybe [Tag]))
    -> Maybe [Tag] -> f (Maybe [Tag]))
-> (Maybe [Tag] -> f (Maybe [Tag]))
-> CreateOpenIDConnectProvider
-> f CreateOpenIDConnectProvider
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Tag] [Tag] [Tag] [Tag]
-> Iso (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Tag] [Tag] [Tag] [Tag]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The URL of the identity provider. The URL must begin with @https:\/\/@
-- and should correspond to the @iss@ claim in the provider\'s OpenID
-- Connect ID tokens. Per the OIDC standard, path components are allowed
-- but query parameters are not. Typically the URL consists of only a
-- hostname, like @https:\/\/server.example.org@ or
-- @https:\/\/example.com@. The URL should not contain a port number.
--
-- You cannot register the same provider multiple times in a single Amazon
-- Web Services account. If you try to submit a URL that has already been
-- used for an OpenID Connect provider in the Amazon Web Services account,
-- you will get an error.
createOpenIDConnectProvider_url :: Lens.Lens' CreateOpenIDConnectProvider Prelude.Text
createOpenIDConnectProvider_url :: (Text -> f Text)
-> CreateOpenIDConnectProvider -> f CreateOpenIDConnectProvider
createOpenIDConnectProvider_url = (CreateOpenIDConnectProvider -> Text)
-> (CreateOpenIDConnectProvider
    -> Text -> CreateOpenIDConnectProvider)
-> Lens
     CreateOpenIDConnectProvider CreateOpenIDConnectProvider Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateOpenIDConnectProvider' {Text
url :: Text
$sel:url:CreateOpenIDConnectProvider' :: CreateOpenIDConnectProvider -> Text
url} -> Text
url) (\s :: CreateOpenIDConnectProvider
s@CreateOpenIDConnectProvider' {} Text
a -> CreateOpenIDConnectProvider
s {$sel:url:CreateOpenIDConnectProvider' :: Text
url = Text
a} :: CreateOpenIDConnectProvider)

-- | A list of server certificate thumbprints for the OpenID Connect (OIDC)
-- identity provider\'s server certificates. Typically this list includes
-- only one entry. However, IAM lets you have up to five thumbprints for an
-- OIDC provider. This lets you maintain multiple thumbprints if the
-- identity provider is rotating certificates.
--
-- The server certificate thumbprint is the hex-encoded SHA-1 hash value of
-- the X.509 certificate used by the domain where the OpenID Connect
-- provider makes its keys available. It is always a 40-character string.
--
-- You must provide at least one thumbprint when creating an IAM OIDC
-- provider. For example, assume that the OIDC provider is
-- @server.example.com@ and the provider stores its keys at
-- https:\/\/keys.server.example.com\/openid-connect. In that case, the
-- thumbprint string would be the hex-encoded SHA-1 hash value of the
-- certificate used by @https:\/\/keys.server.example.com.@
--
-- For more information about obtaining the OIDC provider thumbprint, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html Obtaining the thumbprint for an OpenID Connect provider>
-- in the /IAM User Guide/.
createOpenIDConnectProvider_thumbprintList :: Lens.Lens' CreateOpenIDConnectProvider [Prelude.Text]
createOpenIDConnectProvider_thumbprintList :: ([Text] -> f [Text])
-> CreateOpenIDConnectProvider -> f CreateOpenIDConnectProvider
createOpenIDConnectProvider_thumbprintList = (CreateOpenIDConnectProvider -> [Text])
-> (CreateOpenIDConnectProvider
    -> [Text] -> CreateOpenIDConnectProvider)
-> Lens
     CreateOpenIDConnectProvider
     CreateOpenIDConnectProvider
     [Text]
     [Text]
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateOpenIDConnectProvider' {[Text]
thumbprintList :: [Text]
$sel:thumbprintList:CreateOpenIDConnectProvider' :: CreateOpenIDConnectProvider -> [Text]
thumbprintList} -> [Text]
thumbprintList) (\s :: CreateOpenIDConnectProvider
s@CreateOpenIDConnectProvider' {} [Text]
a -> CreateOpenIDConnectProvider
s {$sel:thumbprintList:CreateOpenIDConnectProvider' :: [Text]
thumbprintList = [Text]
a} :: CreateOpenIDConnectProvider) (([Text] -> f [Text])
 -> CreateOpenIDConnectProvider -> f CreateOpenIDConnectProvider)
-> (([Text] -> f [Text]) -> [Text] -> f [Text])
-> ([Text] -> f [Text])
-> CreateOpenIDConnectProvider
-> f CreateOpenIDConnectProvider
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. ([Text] -> f [Text]) -> [Text] -> f [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

instance Core.AWSRequest CreateOpenIDConnectProvider where
  type
    AWSResponse CreateOpenIDConnectProvider =
      CreateOpenIDConnectProviderResponse
  request :: CreateOpenIDConnectProvider -> Request CreateOpenIDConnectProvider
request = Service
-> CreateOpenIDConnectProvider
-> Request CreateOpenIDConnectProvider
forall a. ToRequest a => Service -> a -> Request a
Request.postQuery Service
defaultService
  response :: Logger
-> Service
-> Proxy CreateOpenIDConnectProvider
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse CreateOpenIDConnectProvider)))
response =
    Text
-> (Int
    -> ResponseHeaders
    -> [Node]
    -> Either String (AWSResponse CreateOpenIDConnectProvider))
-> Logger
-> Service
-> Proxy CreateOpenIDConnectProvider
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse CreateOpenIDConnectProvider)))
forall (m :: * -> *) a.
MonadResource m =>
Text
-> (Int
    -> ResponseHeaders -> [Node] -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveXMLWrapper
      Text
"CreateOpenIDConnectProviderResult"
      ( \Int
s ResponseHeaders
h [Node]
x ->
          Maybe Text
-> Maybe [Tag] -> Int -> CreateOpenIDConnectProviderResponse
CreateOpenIDConnectProviderResponse'
            (Maybe Text
 -> Maybe [Tag] -> Int -> CreateOpenIDConnectProviderResponse)
-> Either String (Maybe Text)
-> Either
     String (Maybe [Tag] -> Int -> CreateOpenIDConnectProviderResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"OpenIDConnectProviderArn")
            Either
  String (Maybe [Tag] -> Int -> CreateOpenIDConnectProviderResponse)
-> Either String (Maybe [Tag])
-> Either String (Int -> CreateOpenIDConnectProviderResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( [Node]
x [Node] -> Text -> Either String (Maybe [Node])
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"Tags" Either String (Maybe [Node]) -> [Node] -> Either String [Node]
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ [Node]
forall a. Monoid a => a
Prelude.mempty
                            Either String [Node]
-> ([Node] -> Either String (Maybe [Tag]))
-> Either String (Maybe [Tag])
forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= ([Node] -> Either String [Tag])
-> [Node] -> Either String (Maybe [Tag])
forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (Text -> [Node] -> Either String [Tag]
forall a. FromXML a => Text -> [Node] -> Either String [a]
Core.parseXMLList Text
"member")
                        )
            Either String (Int -> CreateOpenIDConnectProviderResponse)
-> Either String Int
-> Either String CreateOpenIDConnectProviderResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable CreateOpenIDConnectProvider

instance Prelude.NFData CreateOpenIDConnectProvider

instance Core.ToHeaders CreateOpenIDConnectProvider where
  toHeaders :: CreateOpenIDConnectProvider -> ResponseHeaders
toHeaders = ResponseHeaders -> CreateOpenIDConnectProvider -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const ResponseHeaders
forall a. Monoid a => a
Prelude.mempty

instance Core.ToPath CreateOpenIDConnectProvider where
  toPath :: CreateOpenIDConnectProvider -> ByteString
toPath = ByteString -> CreateOpenIDConnectProvider -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery CreateOpenIDConnectProvider where
  toQuery :: CreateOpenIDConnectProvider -> QueryString
toQuery CreateOpenIDConnectProvider' {[Text]
Maybe [Text]
Maybe [Tag]
Text
thumbprintList :: [Text]
url :: Text
tags :: Maybe [Tag]
clientIDList :: Maybe [Text]
$sel:thumbprintList:CreateOpenIDConnectProvider' :: CreateOpenIDConnectProvider -> [Text]
$sel:url:CreateOpenIDConnectProvider' :: CreateOpenIDConnectProvider -> Text
$sel:tags:CreateOpenIDConnectProvider' :: CreateOpenIDConnectProvider -> Maybe [Tag]
$sel:clientIDList:CreateOpenIDConnectProvider' :: CreateOpenIDConnectProvider -> Maybe [Text]
..} =
    [QueryString] -> QueryString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"Action"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: ( ByteString
"CreateOpenIDConnectProvider" ::
                      Prelude.ByteString
                  ),
        ByteString
"Version"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: (ByteString
"2010-05-08" :: Prelude.ByteString),
        ByteString
"ClientIDList"
          ByteString -> QueryString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe QueryString -> QueryString
forall a. ToQuery a => a -> QueryString
Core.toQuery
            (ByteString -> [Text] -> QueryString
forall a.
(IsList a, ToQuery (Item a)) =>
ByteString -> a -> QueryString
Core.toQueryList ByteString
"member" ([Text] -> QueryString) -> Maybe [Text] -> Maybe QueryString
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
clientIDList),
        ByteString
"Tags"
          ByteString -> QueryString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe QueryString -> QueryString
forall a. ToQuery a => a -> QueryString
Core.toQuery
            (ByteString -> [Tag] -> QueryString
forall a.
(IsList a, ToQuery (Item a)) =>
ByteString -> a -> QueryString
Core.toQueryList ByteString
"member" ([Tag] -> QueryString) -> Maybe [Tag] -> Maybe QueryString
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Tag]
tags),
        ByteString
"Url" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
url,
        ByteString
"ThumbprintList"
          ByteString -> QueryString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: ByteString -> [Text] -> QueryString
forall a.
(IsList a, ToQuery (Item a)) =>
ByteString -> a -> QueryString
Core.toQueryList ByteString
"member" [Text]
thumbprintList
      ]

-- | Contains the response to a successful CreateOpenIDConnectProvider
-- request.
--
-- /See:/ 'newCreateOpenIDConnectProviderResponse' smart constructor.
data CreateOpenIDConnectProviderResponse = CreateOpenIDConnectProviderResponse'
  { -- | The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider
    -- that is created. For more information, see
    -- OpenIDConnectProviderListEntry.
    CreateOpenIDConnectProviderResponse -> Maybe Text
openIDConnectProviderArn :: Prelude.Maybe Prelude.Text,
    -- | A list of tags that are attached to the new IAM OIDC provider. The
    -- returned list of tags is sorted by tag key. For more information about
    -- tagging, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tagging IAM resources>
    -- in the /IAM User Guide/.
    CreateOpenIDConnectProviderResponse -> Maybe [Tag]
tags :: Prelude.Maybe [Tag],
    -- | The response's http status code.
    CreateOpenIDConnectProviderResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (CreateOpenIDConnectProviderResponse
-> CreateOpenIDConnectProviderResponse -> Bool
(CreateOpenIDConnectProviderResponse
 -> CreateOpenIDConnectProviderResponse -> Bool)
-> (CreateOpenIDConnectProviderResponse
    -> CreateOpenIDConnectProviderResponse -> Bool)
-> Eq CreateOpenIDConnectProviderResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateOpenIDConnectProviderResponse
-> CreateOpenIDConnectProviderResponse -> Bool
$c/= :: CreateOpenIDConnectProviderResponse
-> CreateOpenIDConnectProviderResponse -> Bool
== :: CreateOpenIDConnectProviderResponse
-> CreateOpenIDConnectProviderResponse -> Bool
$c== :: CreateOpenIDConnectProviderResponse
-> CreateOpenIDConnectProviderResponse -> Bool
Prelude.Eq, ReadPrec [CreateOpenIDConnectProviderResponse]
ReadPrec CreateOpenIDConnectProviderResponse
Int -> ReadS CreateOpenIDConnectProviderResponse
ReadS [CreateOpenIDConnectProviderResponse]
(Int -> ReadS CreateOpenIDConnectProviderResponse)
-> ReadS [CreateOpenIDConnectProviderResponse]
-> ReadPrec CreateOpenIDConnectProviderResponse
-> ReadPrec [CreateOpenIDConnectProviderResponse]
-> Read CreateOpenIDConnectProviderResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateOpenIDConnectProviderResponse]
$creadListPrec :: ReadPrec [CreateOpenIDConnectProviderResponse]
readPrec :: ReadPrec CreateOpenIDConnectProviderResponse
$creadPrec :: ReadPrec CreateOpenIDConnectProviderResponse
readList :: ReadS [CreateOpenIDConnectProviderResponse]
$creadList :: ReadS [CreateOpenIDConnectProviderResponse]
readsPrec :: Int -> ReadS CreateOpenIDConnectProviderResponse
$creadsPrec :: Int -> ReadS CreateOpenIDConnectProviderResponse
Prelude.Read, Int -> CreateOpenIDConnectProviderResponse -> ShowS
[CreateOpenIDConnectProviderResponse] -> ShowS
CreateOpenIDConnectProviderResponse -> String
(Int -> CreateOpenIDConnectProviderResponse -> ShowS)
-> (CreateOpenIDConnectProviderResponse -> String)
-> ([CreateOpenIDConnectProviderResponse] -> ShowS)
-> Show CreateOpenIDConnectProviderResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateOpenIDConnectProviderResponse] -> ShowS
$cshowList :: [CreateOpenIDConnectProviderResponse] -> ShowS
show :: CreateOpenIDConnectProviderResponse -> String
$cshow :: CreateOpenIDConnectProviderResponse -> String
showsPrec :: Int -> CreateOpenIDConnectProviderResponse -> ShowS
$cshowsPrec :: Int -> CreateOpenIDConnectProviderResponse -> ShowS
Prelude.Show, (forall x.
 CreateOpenIDConnectProviderResponse
 -> Rep CreateOpenIDConnectProviderResponse x)
-> (forall x.
    Rep CreateOpenIDConnectProviderResponse x
    -> CreateOpenIDConnectProviderResponse)
-> Generic CreateOpenIDConnectProviderResponse
forall x.
Rep CreateOpenIDConnectProviderResponse x
-> CreateOpenIDConnectProviderResponse
forall x.
CreateOpenIDConnectProviderResponse
-> Rep CreateOpenIDConnectProviderResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CreateOpenIDConnectProviderResponse x
-> CreateOpenIDConnectProviderResponse
$cfrom :: forall x.
CreateOpenIDConnectProviderResponse
-> Rep CreateOpenIDConnectProviderResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateOpenIDConnectProviderResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'openIDConnectProviderArn', 'createOpenIDConnectProviderResponse_openIDConnectProviderArn' - The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider
-- that is created. For more information, see
-- OpenIDConnectProviderListEntry.
--
-- 'tags', 'createOpenIDConnectProviderResponse_tags' - A list of tags that are attached to the new IAM OIDC provider. The
-- returned list of tags is sorted by tag key. For more information about
-- tagging, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tagging IAM resources>
-- in the /IAM User Guide/.
--
-- 'httpStatus', 'createOpenIDConnectProviderResponse_httpStatus' - The response's http status code.
newCreateOpenIDConnectProviderResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  CreateOpenIDConnectProviderResponse
newCreateOpenIDConnectProviderResponse :: Int -> CreateOpenIDConnectProviderResponse
newCreateOpenIDConnectProviderResponse Int
pHttpStatus_ =
  CreateOpenIDConnectProviderResponse' :: Maybe Text
-> Maybe [Tag] -> Int -> CreateOpenIDConnectProviderResponse
CreateOpenIDConnectProviderResponse'
    { $sel:openIDConnectProviderArn:CreateOpenIDConnectProviderResponse' :: Maybe Text
openIDConnectProviderArn =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:tags:CreateOpenIDConnectProviderResponse' :: Maybe [Tag]
tags = Maybe [Tag]
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:CreateOpenIDConnectProviderResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider
-- that is created. For more information, see
-- OpenIDConnectProviderListEntry.
createOpenIDConnectProviderResponse_openIDConnectProviderArn :: Lens.Lens' CreateOpenIDConnectProviderResponse (Prelude.Maybe Prelude.Text)
createOpenIDConnectProviderResponse_openIDConnectProviderArn :: (Maybe Text -> f (Maybe Text))
-> CreateOpenIDConnectProviderResponse
-> f CreateOpenIDConnectProviderResponse
createOpenIDConnectProviderResponse_openIDConnectProviderArn = (CreateOpenIDConnectProviderResponse -> Maybe Text)
-> (CreateOpenIDConnectProviderResponse
    -> Maybe Text -> CreateOpenIDConnectProviderResponse)
-> Lens
     CreateOpenIDConnectProviderResponse
     CreateOpenIDConnectProviderResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateOpenIDConnectProviderResponse' {Maybe Text
openIDConnectProviderArn :: Maybe Text
$sel:openIDConnectProviderArn:CreateOpenIDConnectProviderResponse' :: CreateOpenIDConnectProviderResponse -> Maybe Text
openIDConnectProviderArn} -> Maybe Text
openIDConnectProviderArn) (\s :: CreateOpenIDConnectProviderResponse
s@CreateOpenIDConnectProviderResponse' {} Maybe Text
a -> CreateOpenIDConnectProviderResponse
s {$sel:openIDConnectProviderArn:CreateOpenIDConnectProviderResponse' :: Maybe Text
openIDConnectProviderArn = Maybe Text
a} :: CreateOpenIDConnectProviderResponse)

-- | A list of tags that are attached to the new IAM OIDC provider. The
-- returned list of tags is sorted by tag key. For more information about
-- tagging, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html Tagging IAM resources>
-- in the /IAM User Guide/.
createOpenIDConnectProviderResponse_tags :: Lens.Lens' CreateOpenIDConnectProviderResponse (Prelude.Maybe [Tag])
createOpenIDConnectProviderResponse_tags :: (Maybe [Tag] -> f (Maybe [Tag]))
-> CreateOpenIDConnectProviderResponse
-> f CreateOpenIDConnectProviderResponse
createOpenIDConnectProviderResponse_tags = (CreateOpenIDConnectProviderResponse -> Maybe [Tag])
-> (CreateOpenIDConnectProviderResponse
    -> Maybe [Tag] -> CreateOpenIDConnectProviderResponse)
-> Lens
     CreateOpenIDConnectProviderResponse
     CreateOpenIDConnectProviderResponse
     (Maybe [Tag])
     (Maybe [Tag])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateOpenIDConnectProviderResponse' {Maybe [Tag]
tags :: Maybe [Tag]
$sel:tags:CreateOpenIDConnectProviderResponse' :: CreateOpenIDConnectProviderResponse -> Maybe [Tag]
tags} -> Maybe [Tag]
tags) (\s :: CreateOpenIDConnectProviderResponse
s@CreateOpenIDConnectProviderResponse' {} Maybe [Tag]
a -> CreateOpenIDConnectProviderResponse
s {$sel:tags:CreateOpenIDConnectProviderResponse' :: Maybe [Tag]
tags = Maybe [Tag]
a} :: CreateOpenIDConnectProviderResponse) ((Maybe [Tag] -> f (Maybe [Tag]))
 -> CreateOpenIDConnectProviderResponse
 -> f CreateOpenIDConnectProviderResponse)
-> ((Maybe [Tag] -> f (Maybe [Tag]))
    -> Maybe [Tag] -> f (Maybe [Tag]))
-> (Maybe [Tag] -> f (Maybe [Tag]))
-> CreateOpenIDConnectProviderResponse
-> f CreateOpenIDConnectProviderResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Tag] [Tag] [Tag] [Tag]
-> Iso (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Tag] [Tag] [Tag] [Tag]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The response's http status code.
createOpenIDConnectProviderResponse_httpStatus :: Lens.Lens' CreateOpenIDConnectProviderResponse Prelude.Int
createOpenIDConnectProviderResponse_httpStatus :: (Int -> f Int)
-> CreateOpenIDConnectProviderResponse
-> f CreateOpenIDConnectProviderResponse
createOpenIDConnectProviderResponse_httpStatus = (CreateOpenIDConnectProviderResponse -> Int)
-> (CreateOpenIDConnectProviderResponse
    -> Int -> CreateOpenIDConnectProviderResponse)
-> Lens
     CreateOpenIDConnectProviderResponse
     CreateOpenIDConnectProviderResponse
     Int
     Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateOpenIDConnectProviderResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateOpenIDConnectProviderResponse' :: CreateOpenIDConnectProviderResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateOpenIDConnectProviderResponse
s@CreateOpenIDConnectProviderResponse' {} Int
a -> CreateOpenIDConnectProviderResponse
s {$sel:httpStatus:CreateOpenIDConnectProviderResponse' :: Int
httpStatus = Int
a} :: CreateOpenIDConnectProviderResponse)

instance
  Prelude.NFData
    CreateOpenIDConnectProviderResponse