{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.IAM.GetContextKeysForPrincipalPolicy
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Gets a list of all of the context keys referenced in all the IAM
-- policies that are attached to the specified IAM entity. The entity can
-- be an IAM user, group, or role. If you specify a user, then the request
-- also includes all of the policies attached to groups that the user is a
-- member of.
--
-- You can optionally include a list of one or more additional policies,
-- specified as strings. If you want to include /only/ a list of policies
-- by string, use GetContextKeysForCustomPolicy instead.
--
-- __Note:__ This operation discloses information about the permissions
-- granted to other users. If you do not want users to see other user\'s
-- permissions, then consider allowing them to use
-- GetContextKeysForCustomPolicy instead.
--
-- Context keys are variables maintained by Amazon Web Services and its
-- services that provide details about the context of an API query request.
-- Context keys can be evaluated by testing against a value in an IAM
-- policy. Use GetContextKeysForPrincipalPolicy to understand what key
-- names and values you must supply when you call SimulatePrincipalPolicy.
module Amazonka.IAM.GetContextKeysForPrincipalPolicy
  ( -- * Creating a Request
    GetContextKeysForPrincipalPolicy (..),
    newGetContextKeysForPrincipalPolicy,

    -- * Request Lenses
    getContextKeysForPrincipalPolicy_policyInputList,
    getContextKeysForPrincipalPolicy_policySourceArn,

    -- * Destructuring the Response
    GetContextKeysForPolicyResponse (..),
    newGetContextKeysForPolicyResponse,

    -- * Response Lenses
    getContextKeysForPolicyResponse_contextKeyNames,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.IAM.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newGetContextKeysForPrincipalPolicy' smart constructor.
data GetContextKeysForPrincipalPolicy = GetContextKeysForPrincipalPolicy'
  { -- | An optional list of additional policies for which you want the list of
    -- context keys that are referenced.
    --
    -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate
    -- this parameter is a string of characters consisting of the following:
    --
    -- -   Any printable ASCII character ranging from the space character
    --     (@\\u0020@) through the end of the ASCII character range
    --
    -- -   The printable characters in the Basic Latin and Latin-1 Supplement
    --     character set (through @\\u00FF@)
    --
    -- -   The special characters tab (@\\u0009@), line feed (@\\u000A@), and
    --     carriage return (@\\u000D@)
    GetContextKeysForPrincipalPolicy -> Maybe [Text]
policyInputList :: Prelude.Maybe [Prelude.Text],
    -- | The ARN of a user, group, or role whose policies contain the context
    -- keys that you want listed. If you specify a user, the list includes
    -- context keys that are found in all policies that are attached to the
    -- user. The list also includes all groups that the user is a member of. If
    -- you pick a group or a role, then it includes only those context keys
    -- that are found in policies attached to that entity. Note that all
    -- parameters are shown in unencoded form here for clarity, but must be URL
    -- encoded to be included as a part of a real HTML request.
    --
    -- For more information about ARNs, see
    -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>
    -- in the /Amazon Web Services General Reference/.
    GetContextKeysForPrincipalPolicy -> Text
policySourceArn :: Prelude.Text
  }
  deriving (GetContextKeysForPrincipalPolicy
-> GetContextKeysForPrincipalPolicy -> Bool
(GetContextKeysForPrincipalPolicy
 -> GetContextKeysForPrincipalPolicy -> Bool)
-> (GetContextKeysForPrincipalPolicy
    -> GetContextKeysForPrincipalPolicy -> Bool)
-> Eq GetContextKeysForPrincipalPolicy
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetContextKeysForPrincipalPolicy
-> GetContextKeysForPrincipalPolicy -> Bool
$c/= :: GetContextKeysForPrincipalPolicy
-> GetContextKeysForPrincipalPolicy -> Bool
== :: GetContextKeysForPrincipalPolicy
-> GetContextKeysForPrincipalPolicy -> Bool
$c== :: GetContextKeysForPrincipalPolicy
-> GetContextKeysForPrincipalPolicy -> Bool
Prelude.Eq, ReadPrec [GetContextKeysForPrincipalPolicy]
ReadPrec GetContextKeysForPrincipalPolicy
Int -> ReadS GetContextKeysForPrincipalPolicy
ReadS [GetContextKeysForPrincipalPolicy]
(Int -> ReadS GetContextKeysForPrincipalPolicy)
-> ReadS [GetContextKeysForPrincipalPolicy]
-> ReadPrec GetContextKeysForPrincipalPolicy
-> ReadPrec [GetContextKeysForPrincipalPolicy]
-> Read GetContextKeysForPrincipalPolicy
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetContextKeysForPrincipalPolicy]
$creadListPrec :: ReadPrec [GetContextKeysForPrincipalPolicy]
readPrec :: ReadPrec GetContextKeysForPrincipalPolicy
$creadPrec :: ReadPrec GetContextKeysForPrincipalPolicy
readList :: ReadS [GetContextKeysForPrincipalPolicy]
$creadList :: ReadS [GetContextKeysForPrincipalPolicy]
readsPrec :: Int -> ReadS GetContextKeysForPrincipalPolicy
$creadsPrec :: Int -> ReadS GetContextKeysForPrincipalPolicy
Prelude.Read, Int -> GetContextKeysForPrincipalPolicy -> ShowS
[GetContextKeysForPrincipalPolicy] -> ShowS
GetContextKeysForPrincipalPolicy -> String
(Int -> GetContextKeysForPrincipalPolicy -> ShowS)
-> (GetContextKeysForPrincipalPolicy -> String)
-> ([GetContextKeysForPrincipalPolicy] -> ShowS)
-> Show GetContextKeysForPrincipalPolicy
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetContextKeysForPrincipalPolicy] -> ShowS
$cshowList :: [GetContextKeysForPrincipalPolicy] -> ShowS
show :: GetContextKeysForPrincipalPolicy -> String
$cshow :: GetContextKeysForPrincipalPolicy -> String
showsPrec :: Int -> GetContextKeysForPrincipalPolicy -> ShowS
$cshowsPrec :: Int -> GetContextKeysForPrincipalPolicy -> ShowS
Prelude.Show, (forall x.
 GetContextKeysForPrincipalPolicy
 -> Rep GetContextKeysForPrincipalPolicy x)
-> (forall x.
    Rep GetContextKeysForPrincipalPolicy x
    -> GetContextKeysForPrincipalPolicy)
-> Generic GetContextKeysForPrincipalPolicy
forall x.
Rep GetContextKeysForPrincipalPolicy x
-> GetContextKeysForPrincipalPolicy
forall x.
GetContextKeysForPrincipalPolicy
-> Rep GetContextKeysForPrincipalPolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep GetContextKeysForPrincipalPolicy x
-> GetContextKeysForPrincipalPolicy
$cfrom :: forall x.
GetContextKeysForPrincipalPolicy
-> Rep GetContextKeysForPrincipalPolicy x
Prelude.Generic)

-- |
-- Create a value of 'GetContextKeysForPrincipalPolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'policyInputList', 'getContextKeysForPrincipalPolicy_policyInputList' - An optional list of additional policies for which you want the list of
-- context keys that are referenced.
--
-- The <http://wikipedia.org/wiki/regex regex pattern> used to validate
-- this parameter is a string of characters consisting of the following:
--
-- -   Any printable ASCII character ranging from the space character
--     (@\\u0020@) through the end of the ASCII character range
--
-- -   The printable characters in the Basic Latin and Latin-1 Supplement
--     character set (through @\\u00FF@)
--
-- -   The special characters tab (@\\u0009@), line feed (@\\u000A@), and
--     carriage return (@\\u000D@)
--
-- 'policySourceArn', 'getContextKeysForPrincipalPolicy_policySourceArn' - The ARN of a user, group, or role whose policies contain the context
-- keys that you want listed. If you specify a user, the list includes
-- context keys that are found in all policies that are attached to the
-- user. The list also includes all groups that the user is a member of. If
-- you pick a group or a role, then it includes only those context keys
-- that are found in policies attached to that entity. Note that all
-- parameters are shown in unencoded form here for clarity, but must be URL
-- encoded to be included as a part of a real HTML request.
--
-- For more information about ARNs, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>
-- in the /Amazon Web Services General Reference/.
newGetContextKeysForPrincipalPolicy ::
  -- | 'policySourceArn'
  Prelude.Text ->
  GetContextKeysForPrincipalPolicy
newGetContextKeysForPrincipalPolicy :: Text -> GetContextKeysForPrincipalPolicy
newGetContextKeysForPrincipalPolicy Text
pPolicySourceArn_ =
  GetContextKeysForPrincipalPolicy' :: Maybe [Text] -> Text -> GetContextKeysForPrincipalPolicy
GetContextKeysForPrincipalPolicy'
    { $sel:policyInputList:GetContextKeysForPrincipalPolicy' :: Maybe [Text]
policyInputList =
        Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:policySourceArn:GetContextKeysForPrincipalPolicy' :: Text
policySourceArn = Text
pPolicySourceArn_
    }

-- | An optional list of additional policies for which you want the list of
-- context keys that are referenced.
--
-- The <http://wikipedia.org/wiki/regex regex pattern> used to validate
-- this parameter is a string of characters consisting of the following:
--
-- -   Any printable ASCII character ranging from the space character
--     (@\\u0020@) through the end of the ASCII character range
--
-- -   The printable characters in the Basic Latin and Latin-1 Supplement
--     character set (through @\\u00FF@)
--
-- -   The special characters tab (@\\u0009@), line feed (@\\u000A@), and
--     carriage return (@\\u000D@)
getContextKeysForPrincipalPolicy_policyInputList :: Lens.Lens' GetContextKeysForPrincipalPolicy (Prelude.Maybe [Prelude.Text])
getContextKeysForPrincipalPolicy_policyInputList :: (Maybe [Text] -> f (Maybe [Text]))
-> GetContextKeysForPrincipalPolicy
-> f GetContextKeysForPrincipalPolicy
getContextKeysForPrincipalPolicy_policyInputList = (GetContextKeysForPrincipalPolicy -> Maybe [Text])
-> (GetContextKeysForPrincipalPolicy
    -> Maybe [Text] -> GetContextKeysForPrincipalPolicy)
-> Lens
     GetContextKeysForPrincipalPolicy
     GetContextKeysForPrincipalPolicy
     (Maybe [Text])
     (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetContextKeysForPrincipalPolicy' {Maybe [Text]
policyInputList :: Maybe [Text]
$sel:policyInputList:GetContextKeysForPrincipalPolicy' :: GetContextKeysForPrincipalPolicy -> Maybe [Text]
policyInputList} -> Maybe [Text]
policyInputList) (\s :: GetContextKeysForPrincipalPolicy
s@GetContextKeysForPrincipalPolicy' {} Maybe [Text]
a -> GetContextKeysForPrincipalPolicy
s {$sel:policyInputList:GetContextKeysForPrincipalPolicy' :: Maybe [Text]
policyInputList = Maybe [Text]
a} :: GetContextKeysForPrincipalPolicy) ((Maybe [Text] -> f (Maybe [Text]))
 -> GetContextKeysForPrincipalPolicy
 -> f GetContextKeysForPrincipalPolicy)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> GetContextKeysForPrincipalPolicy
-> f GetContextKeysForPrincipalPolicy
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The ARN of a user, group, or role whose policies contain the context
-- keys that you want listed. If you specify a user, the list includes
-- context keys that are found in all policies that are attached to the
-- user. The list also includes all groups that the user is a member of. If
-- you pick a group or a role, then it includes only those context keys
-- that are found in policies attached to that entity. Note that all
-- parameters are shown in unencoded form here for clarity, but must be URL
-- encoded to be included as a part of a real HTML request.
--
-- For more information about ARNs, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>
-- in the /Amazon Web Services General Reference/.
getContextKeysForPrincipalPolicy_policySourceArn :: Lens.Lens' GetContextKeysForPrincipalPolicy Prelude.Text
getContextKeysForPrincipalPolicy_policySourceArn :: (Text -> f Text)
-> GetContextKeysForPrincipalPolicy
-> f GetContextKeysForPrincipalPolicy
getContextKeysForPrincipalPolicy_policySourceArn = (GetContextKeysForPrincipalPolicy -> Text)
-> (GetContextKeysForPrincipalPolicy
    -> Text -> GetContextKeysForPrincipalPolicy)
-> Lens
     GetContextKeysForPrincipalPolicy
     GetContextKeysForPrincipalPolicy
     Text
     Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetContextKeysForPrincipalPolicy' {Text
policySourceArn :: Text
$sel:policySourceArn:GetContextKeysForPrincipalPolicy' :: GetContextKeysForPrincipalPolicy -> Text
policySourceArn} -> Text
policySourceArn) (\s :: GetContextKeysForPrincipalPolicy
s@GetContextKeysForPrincipalPolicy' {} Text
a -> GetContextKeysForPrincipalPolicy
s {$sel:policySourceArn:GetContextKeysForPrincipalPolicy' :: Text
policySourceArn = Text
a} :: GetContextKeysForPrincipalPolicy)

instance
  Core.AWSRequest
    GetContextKeysForPrincipalPolicy
  where
  type
    AWSResponse GetContextKeysForPrincipalPolicy =
      GetContextKeysForPolicyResponse
  request :: GetContextKeysForPrincipalPolicy
-> Request GetContextKeysForPrincipalPolicy
request = Service
-> GetContextKeysForPrincipalPolicy
-> Request GetContextKeysForPrincipalPolicy
forall a. ToRequest a => Service -> a -> Request a
Request.postQuery Service
defaultService
  response :: Logger
-> Service
-> Proxy GetContextKeysForPrincipalPolicy
-> ClientResponse ClientBody
-> m (Either
        Error
        (ClientResponse (AWSResponse GetContextKeysForPrincipalPolicy)))
response =
    Text
-> (Int
    -> ResponseHeaders
    -> [Node]
    -> Either String (AWSResponse GetContextKeysForPrincipalPolicy))
-> Logger
-> Service
-> Proxy GetContextKeysForPrincipalPolicy
-> ClientResponse ClientBody
-> m (Either
        Error
        (ClientResponse (AWSResponse GetContextKeysForPrincipalPolicy)))
forall (m :: * -> *) a.
MonadResource m =>
Text
-> (Int
    -> ResponseHeaders -> [Node] -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveXMLWrapper
      Text
"GetContextKeysForPrincipalPolicyResult"
      (\Int
s ResponseHeaders
h [Node]
x -> [Node] -> Either String GetContextKeysForPolicyResponse
forall a. FromXML a => [Node] -> Either String a
Core.parseXML [Node]
x)

instance
  Prelude.Hashable
    GetContextKeysForPrincipalPolicy

instance
  Prelude.NFData
    GetContextKeysForPrincipalPolicy

instance
  Core.ToHeaders
    GetContextKeysForPrincipalPolicy
  where
  toHeaders :: GetContextKeysForPrincipalPolicy -> ResponseHeaders
toHeaders = ResponseHeaders
-> GetContextKeysForPrincipalPolicy -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const ResponseHeaders
forall a. Monoid a => a
Prelude.mempty

instance Core.ToPath GetContextKeysForPrincipalPolicy where
  toPath :: GetContextKeysForPrincipalPolicy -> ByteString
toPath = ByteString -> GetContextKeysForPrincipalPolicy -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance
  Core.ToQuery
    GetContextKeysForPrincipalPolicy
  where
  toQuery :: GetContextKeysForPrincipalPolicy -> QueryString
toQuery GetContextKeysForPrincipalPolicy' {Maybe [Text]
Text
policySourceArn :: Text
policyInputList :: Maybe [Text]
$sel:policySourceArn:GetContextKeysForPrincipalPolicy' :: GetContextKeysForPrincipalPolicy -> Text
$sel:policyInputList:GetContextKeysForPrincipalPolicy' :: GetContextKeysForPrincipalPolicy -> Maybe [Text]
..} =
    [QueryString] -> QueryString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"Action"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: ( ByteString
"GetContextKeysForPrincipalPolicy" ::
                      Prelude.ByteString
                  ),
        ByteString
"Version"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: (ByteString
"2010-05-08" :: Prelude.ByteString),
        ByteString
"PolicyInputList"
          ByteString -> QueryString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe QueryString -> QueryString
forall a. ToQuery a => a -> QueryString
Core.toQuery
            ( ByteString -> [Text] -> QueryString
forall a.
(IsList a, ToQuery (Item a)) =>
ByteString -> a -> QueryString
Core.toQueryList ByteString
"member"
                ([Text] -> QueryString) -> Maybe [Text] -> Maybe QueryString
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
policyInputList
            ),
        ByteString
"PolicySourceArn" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
policySourceArn
      ]