{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.IAM.Types.AccessDetail
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.IAM.Types.AccessDetail where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | An object that contains details about when a principal in the reported
-- Organizations entity last attempted to access an Amazon Web Services
-- service. A principal can be an IAM user, an IAM role, or the Amazon Web
-- Services account root user within the reported Organizations entity.
--
-- This data type is a response element in the GetOrganizationsAccessReport
-- operation.
--
-- /See:/ 'newAccessDetail' smart constructor.
data AccessDetail = AccessDetail'
  { -- | The path of the Organizations entity (root, organizational unit, or
    -- account) from which an authenticated principal last attempted to access
    -- the service. Amazon Web Services does not report unauthenticated
    -- requests.
    --
    -- This field is null if no principals (IAM users, IAM roles, or root
    -- users) in the reported Organizations entity attempted to access the
    -- service within the
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
    AccessDetail -> Maybe Text
entityPath :: Prelude.Maybe Prelude.Text,
    -- | The Region where the last service access attempt occurred.
    --
    -- This field is null if no principals in the reported Organizations entity
    -- attempted to access the service within the
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
    AccessDetail -> Maybe Text
region :: Prelude.Maybe Prelude.Text,
    -- | The date and time,
    -- in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when an
    -- authenticated principal most recently attempted to access the service.
    -- Amazon Web Services does not report unauthenticated requests.
    --
    -- This field is null if no principals in the reported Organizations entity
    -- attempted to access the service within the
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
    AccessDetail -> Maybe ISO8601
lastAuthenticatedTime :: Prelude.Maybe Core.ISO8601,
    -- | The number of accounts with authenticated principals (root users, IAM
    -- users, and IAM roles) that attempted to access the service in the
    -- reporting period.
    AccessDetail -> Maybe Int
totalAuthenticatedEntities :: Prelude.Maybe Prelude.Int,
    -- | The name of the service in which access was attempted.
    AccessDetail -> Text
serviceName :: Prelude.Text,
    -- | The namespace of the service in which access was attempted.
    --
    -- To learn the service namespace of a service, see
    -- <https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html Actions, resources, and condition keys for Amazon Web Services services>
    -- in the /Service Authorization Reference/. Choose the name of the service
    -- to view details for that service. In the first paragraph, find the
    -- service prefix. For example, @(service prefix: a4b)@. For more
    -- information about service namespaces, see
    -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces Amazon Web Services service namespaces>
    -- in the /Amazon Web Services General Reference/.
    AccessDetail -> Text
serviceNamespace :: Prelude.Text
  }
  deriving (AccessDetail -> AccessDetail -> Bool
(AccessDetail -> AccessDetail -> Bool)
-> (AccessDetail -> AccessDetail -> Bool) -> Eq AccessDetail
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AccessDetail -> AccessDetail -> Bool
$c/= :: AccessDetail -> AccessDetail -> Bool
== :: AccessDetail -> AccessDetail -> Bool
$c== :: AccessDetail -> AccessDetail -> Bool
Prelude.Eq, ReadPrec [AccessDetail]
ReadPrec AccessDetail
Int -> ReadS AccessDetail
ReadS [AccessDetail]
(Int -> ReadS AccessDetail)
-> ReadS [AccessDetail]
-> ReadPrec AccessDetail
-> ReadPrec [AccessDetail]
-> Read AccessDetail
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [AccessDetail]
$creadListPrec :: ReadPrec [AccessDetail]
readPrec :: ReadPrec AccessDetail
$creadPrec :: ReadPrec AccessDetail
readList :: ReadS [AccessDetail]
$creadList :: ReadS [AccessDetail]
readsPrec :: Int -> ReadS AccessDetail
$creadsPrec :: Int -> ReadS AccessDetail
Prelude.Read, Int -> AccessDetail -> ShowS
[AccessDetail] -> ShowS
AccessDetail -> String
(Int -> AccessDetail -> ShowS)
-> (AccessDetail -> String)
-> ([AccessDetail] -> ShowS)
-> Show AccessDetail
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AccessDetail] -> ShowS
$cshowList :: [AccessDetail] -> ShowS
show :: AccessDetail -> String
$cshow :: AccessDetail -> String
showsPrec :: Int -> AccessDetail -> ShowS
$cshowsPrec :: Int -> AccessDetail -> ShowS
Prelude.Show, (forall x. AccessDetail -> Rep AccessDetail x)
-> (forall x. Rep AccessDetail x -> AccessDetail)
-> Generic AccessDetail
forall x. Rep AccessDetail x -> AccessDetail
forall x. AccessDetail -> Rep AccessDetail x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep AccessDetail x -> AccessDetail
$cfrom :: forall x. AccessDetail -> Rep AccessDetail x
Prelude.Generic)

-- |
-- Create a value of 'AccessDetail' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'entityPath', 'accessDetail_entityPath' - The path of the Organizations entity (root, organizational unit, or
-- account) from which an authenticated principal last attempted to access
-- the service. Amazon Web Services does not report unauthenticated
-- requests.
--
-- This field is null if no principals (IAM users, IAM roles, or root
-- users) in the reported Organizations entity attempted to access the
-- service within the
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
--
-- 'region', 'accessDetail_region' - The Region where the last service access attempt occurred.
--
-- This field is null if no principals in the reported Organizations entity
-- attempted to access the service within the
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
--
-- 'lastAuthenticatedTime', 'accessDetail_lastAuthenticatedTime' - The date and time,
-- in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when an
-- authenticated principal most recently attempted to access the service.
-- Amazon Web Services does not report unauthenticated requests.
--
-- This field is null if no principals in the reported Organizations entity
-- attempted to access the service within the
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
--
-- 'totalAuthenticatedEntities', 'accessDetail_totalAuthenticatedEntities' - The number of accounts with authenticated principals (root users, IAM
-- users, and IAM roles) that attempted to access the service in the
-- reporting period.
--
-- 'serviceName', 'accessDetail_serviceName' - The name of the service in which access was attempted.
--
-- 'serviceNamespace', 'accessDetail_serviceNamespace' - The namespace of the service in which access was attempted.
--
-- To learn the service namespace of a service, see
-- <https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html Actions, resources, and condition keys for Amazon Web Services services>
-- in the /Service Authorization Reference/. Choose the name of the service
-- to view details for that service. In the first paragraph, find the
-- service prefix. For example, @(service prefix: a4b)@. For more
-- information about service namespaces, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces Amazon Web Services service namespaces>
-- in the /Amazon Web Services General Reference/.
newAccessDetail ::
  -- | 'serviceName'
  Prelude.Text ->
  -- | 'serviceNamespace'
  Prelude.Text ->
  AccessDetail
newAccessDetail :: Text -> Text -> AccessDetail
newAccessDetail Text
pServiceName_ Text
pServiceNamespace_ =
  AccessDetail' :: Maybe Text
-> Maybe Text
-> Maybe ISO8601
-> Maybe Int
-> Text
-> Text
-> AccessDetail
AccessDetail'
    { $sel:entityPath:AccessDetail' :: Maybe Text
entityPath = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:region:AccessDetail' :: Maybe Text
region = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:lastAuthenticatedTime:AccessDetail' :: Maybe ISO8601
lastAuthenticatedTime = Maybe ISO8601
forall a. Maybe a
Prelude.Nothing,
      $sel:totalAuthenticatedEntities:AccessDetail' :: Maybe Int
totalAuthenticatedEntities = Maybe Int
forall a. Maybe a
Prelude.Nothing,
      $sel:serviceName:AccessDetail' :: Text
serviceName = Text
pServiceName_,
      $sel:serviceNamespace:AccessDetail' :: Text
serviceNamespace = Text
pServiceNamespace_
    }

-- | The path of the Organizations entity (root, organizational unit, or
-- account) from which an authenticated principal last attempted to access
-- the service. Amazon Web Services does not report unauthenticated
-- requests.
--
-- This field is null if no principals (IAM users, IAM roles, or root
-- users) in the reported Organizations entity attempted to access the
-- service within the
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
accessDetail_entityPath :: Lens.Lens' AccessDetail (Prelude.Maybe Prelude.Text)
accessDetail_entityPath :: (Maybe Text -> f (Maybe Text)) -> AccessDetail -> f AccessDetail
accessDetail_entityPath = (AccessDetail -> Maybe Text)
-> (AccessDetail -> Maybe Text -> AccessDetail)
-> Lens AccessDetail AccessDetail (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AccessDetail' {Maybe Text
entityPath :: Maybe Text
$sel:entityPath:AccessDetail' :: AccessDetail -> Maybe Text
entityPath} -> Maybe Text
entityPath) (\s :: AccessDetail
s@AccessDetail' {} Maybe Text
a -> AccessDetail
s {$sel:entityPath:AccessDetail' :: Maybe Text
entityPath = Maybe Text
a} :: AccessDetail)

-- | The Region where the last service access attempt occurred.
--
-- This field is null if no principals in the reported Organizations entity
-- attempted to access the service within the
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
accessDetail_region :: Lens.Lens' AccessDetail (Prelude.Maybe Prelude.Text)
accessDetail_region :: (Maybe Text -> f (Maybe Text)) -> AccessDetail -> f AccessDetail
accessDetail_region = (AccessDetail -> Maybe Text)
-> (AccessDetail -> Maybe Text -> AccessDetail)
-> Lens AccessDetail AccessDetail (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AccessDetail' {Maybe Text
region :: Maybe Text
$sel:region:AccessDetail' :: AccessDetail -> Maybe Text
region} -> Maybe Text
region) (\s :: AccessDetail
s@AccessDetail' {} Maybe Text
a -> AccessDetail
s {$sel:region:AccessDetail' :: Maybe Text
region = Maybe Text
a} :: AccessDetail)

-- | The date and time,
-- in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when an
-- authenticated principal most recently attempted to access the service.
-- Amazon Web Services does not report unauthenticated requests.
--
-- This field is null if no principals in the reported Organizations entity
-- attempted to access the service within the
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period reporting period>.
accessDetail_lastAuthenticatedTime :: Lens.Lens' AccessDetail (Prelude.Maybe Prelude.UTCTime)
accessDetail_lastAuthenticatedTime :: (Maybe UTCTime -> f (Maybe UTCTime))
-> AccessDetail -> f AccessDetail
accessDetail_lastAuthenticatedTime = (AccessDetail -> Maybe ISO8601)
-> (AccessDetail -> Maybe ISO8601 -> AccessDetail)
-> Lens AccessDetail AccessDetail (Maybe ISO8601) (Maybe ISO8601)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AccessDetail' {Maybe ISO8601
lastAuthenticatedTime :: Maybe ISO8601
$sel:lastAuthenticatedTime:AccessDetail' :: AccessDetail -> Maybe ISO8601
lastAuthenticatedTime} -> Maybe ISO8601
lastAuthenticatedTime) (\s :: AccessDetail
s@AccessDetail' {} Maybe ISO8601
a -> AccessDetail
s {$sel:lastAuthenticatedTime:AccessDetail' :: Maybe ISO8601
lastAuthenticatedTime = Maybe ISO8601
a} :: AccessDetail) ((Maybe ISO8601 -> f (Maybe ISO8601))
 -> AccessDetail -> f AccessDetail)
-> ((Maybe UTCTime -> f (Maybe UTCTime))
    -> Maybe ISO8601 -> f (Maybe ISO8601))
-> (Maybe UTCTime -> f (Maybe UTCTime))
-> AccessDetail
-> f AccessDetail
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso ISO8601 ISO8601 UTCTime UTCTime
-> Iso
     (Maybe ISO8601) (Maybe ISO8601) (Maybe UTCTime) (Maybe UTCTime)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso ISO8601 ISO8601 UTCTime UTCTime
forall (a :: Format). Iso' (Time a) UTCTime
Core._Time

-- | The number of accounts with authenticated principals (root users, IAM
-- users, and IAM roles) that attempted to access the service in the
-- reporting period.
accessDetail_totalAuthenticatedEntities :: Lens.Lens' AccessDetail (Prelude.Maybe Prelude.Int)
accessDetail_totalAuthenticatedEntities :: (Maybe Int -> f (Maybe Int)) -> AccessDetail -> f AccessDetail
accessDetail_totalAuthenticatedEntities = (AccessDetail -> Maybe Int)
-> (AccessDetail -> Maybe Int -> AccessDetail)
-> Lens AccessDetail AccessDetail (Maybe Int) (Maybe Int)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AccessDetail' {Maybe Int
totalAuthenticatedEntities :: Maybe Int
$sel:totalAuthenticatedEntities:AccessDetail' :: AccessDetail -> Maybe Int
totalAuthenticatedEntities} -> Maybe Int
totalAuthenticatedEntities) (\s :: AccessDetail
s@AccessDetail' {} Maybe Int
a -> AccessDetail
s {$sel:totalAuthenticatedEntities:AccessDetail' :: Maybe Int
totalAuthenticatedEntities = Maybe Int
a} :: AccessDetail)

-- | The name of the service in which access was attempted.
accessDetail_serviceName :: Lens.Lens' AccessDetail Prelude.Text
accessDetail_serviceName :: (Text -> f Text) -> AccessDetail -> f AccessDetail
accessDetail_serviceName = (AccessDetail -> Text)
-> (AccessDetail -> Text -> AccessDetail)
-> Lens AccessDetail AccessDetail Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AccessDetail' {Text
serviceName :: Text
$sel:serviceName:AccessDetail' :: AccessDetail -> Text
serviceName} -> Text
serviceName) (\s :: AccessDetail
s@AccessDetail' {} Text
a -> AccessDetail
s {$sel:serviceName:AccessDetail' :: Text
serviceName = Text
a} :: AccessDetail)

-- | The namespace of the service in which access was attempted.
--
-- To learn the service namespace of a service, see
-- <https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html Actions, resources, and condition keys for Amazon Web Services services>
-- in the /Service Authorization Reference/. Choose the name of the service
-- to view details for that service. In the first paragraph, find the
-- service prefix. For example, @(service prefix: a4b)@. For more
-- information about service namespaces, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces Amazon Web Services service namespaces>
-- in the /Amazon Web Services General Reference/.
accessDetail_serviceNamespace :: Lens.Lens' AccessDetail Prelude.Text
accessDetail_serviceNamespace :: (Text -> f Text) -> AccessDetail -> f AccessDetail
accessDetail_serviceNamespace = (AccessDetail -> Text)
-> (AccessDetail -> Text -> AccessDetail)
-> Lens AccessDetail AccessDetail Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AccessDetail' {Text
serviceNamespace :: Text
$sel:serviceNamespace:AccessDetail' :: AccessDetail -> Text
serviceNamespace} -> Text
serviceNamespace) (\s :: AccessDetail
s@AccessDetail' {} Text
a -> AccessDetail
s {$sel:serviceNamespace:AccessDetail' :: Text
serviceNamespace = Text
a} :: AccessDetail)

instance Core.FromXML AccessDetail where
  parseXML :: [Node] -> Either String AccessDetail
parseXML [Node]
x =
    Maybe Text
-> Maybe Text
-> Maybe ISO8601
-> Maybe Int
-> Text
-> Text
-> AccessDetail
AccessDetail'
      (Maybe Text
 -> Maybe Text
 -> Maybe ISO8601
 -> Maybe Int
 -> Text
 -> Text
 -> AccessDetail)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Text
      -> Maybe ISO8601 -> Maybe Int -> Text -> Text -> AccessDetail)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"EntityPath")
      Either
  String
  (Maybe Text
   -> Maybe ISO8601 -> Maybe Int -> Text -> Text -> AccessDetail)
-> Either String (Maybe Text)
-> Either
     String (Maybe ISO8601 -> Maybe Int -> Text -> Text -> AccessDetail)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"Region")
      Either
  String (Maybe ISO8601 -> Maybe Int -> Text -> Text -> AccessDetail)
-> Either String (Maybe ISO8601)
-> Either String (Maybe Int -> Text -> Text -> AccessDetail)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe ISO8601)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"LastAuthenticatedTime")
      Either String (Maybe Int -> Text -> Text -> AccessDetail)
-> Either String (Maybe Int)
-> Either String (Text -> Text -> AccessDetail)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Int)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"TotalAuthenticatedEntities")
      Either String (Text -> Text -> AccessDetail)
-> Either String Text -> Either String (Text -> AccessDetail)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String Text
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"ServiceName")
      Either String (Text -> AccessDetail)
-> Either String Text -> Either String AccessDetail
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String Text
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"ServiceNamespace")

instance Prelude.Hashable AccessDetail

instance Prelude.NFData AccessDetail