{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.IAM.Types.EvaluationResult
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.IAM.Types.EvaluationResult where

import qualified Amazonka.Core as Core
import Amazonka.IAM.Types.OrganizationsDecisionDetail
import Amazonka.IAM.Types.PermissionsBoundaryDecisionDetail
import Amazonka.IAM.Types.PolicyEvaluationDecisionType
import Amazonka.IAM.Types.ResourceSpecificResult
import Amazonka.IAM.Types.Statement
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | Contains the results of a simulation.
--
-- This data type is used by the return parameter of
-- @ SimulateCustomPolicy @ and @ SimulatePrincipalPolicy @.
--
-- /See:/ 'newEvaluationResult' smart constructor.
data EvaluationResult = EvaluationResult'
  { -- | A list of the statements in the input policies that determine the result
    -- for this scenario. Remember that even if multiple statements allow the
    -- operation on the resource, if only one statement denies that operation,
    -- then the explicit deny overrides any allow. In addition, the deny
    -- statement is the only entry included in the result.
    EvaluationResult -> Maybe [Statement]
matchedStatements :: Prelude.Maybe [Statement],
    -- | Additional details about the results of the cross-account evaluation
    -- decision. This parameter is populated for only cross-account
    -- simulations. It contains a brief summary of how each policy type
    -- contributes to the final evaluation decision.
    --
    -- If the simulation evaluates policies within the same account and
    -- includes a resource ARN, then the parameter is present but the response
    -- is empty. If the simulation evaluates policies within the same account
    -- and specifies all resources (@*@), then the parameter is not returned.
    --
    -- When you make a cross-account request, Amazon Web Services evaluates the
    -- request in the trusting account and the trusted account. The request is
    -- allowed only if both evaluations return @true@. For more information
    -- about how policies are evaluated, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics Evaluating policies within a single account>.
    --
    -- If an Organizations SCP included in the evaluation denies access, the
    -- simulation ends. In this case, policy evaluation does not proceed any
    -- further and this parameter is not returned.
    EvaluationResult
-> Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails :: Prelude.Maybe (Prelude.HashMap Prelude.Text PolicyEvaluationDecisionType),
    -- | The individual results of the simulation of the API operation specified
    -- in EvalActionName on each resource.
    EvaluationResult -> Maybe [ResourceSpecificResult]
resourceSpecificResults :: Prelude.Maybe [ResourceSpecificResult],
    -- | The ARN of the resource that the indicated API operation was tested on.
    EvaluationResult -> Maybe Text
evalResourceName :: Prelude.Maybe Prelude.Text,
    -- | A list of context keys that are required by the included input policies
    -- but that were not provided by one of the input parameters. This list is
    -- used when the resource in a simulation is \"*\", either explicitly, or
    -- when the @ResourceArns@ parameter blank. If you include a list of
    -- resources, then any missing context values are instead included under
    -- the @ResourceSpecificResults@ section. To discover the context keys used
    -- by a set of policies, you can call GetContextKeysForCustomPolicy or
    -- GetContextKeysForPrincipalPolicy.
    EvaluationResult -> Maybe [Text]
missingContextValues :: Prelude.Maybe [Prelude.Text],
    -- | Contains information about the effect that a permissions boundary has on
    -- a policy simulation when the boundary is applied to an IAM entity.
    EvaluationResult -> Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail :: Prelude.Maybe PermissionsBoundaryDecisionDetail,
    -- | A structure that details how Organizations and its service control
    -- policies affect the results of the simulation. Only applies if the
    -- simulated user\'s account is part of an organization.
    EvaluationResult -> Maybe OrganizationsDecisionDetail
organizationsDecisionDetail :: Prelude.Maybe OrganizationsDecisionDetail,
    -- | The name of the API operation tested on the indicated resource.
    EvaluationResult -> Text
evalActionName :: Prelude.Text,
    -- | The result of the simulation.
    EvaluationResult -> PolicyEvaluationDecisionType
evalDecision :: PolicyEvaluationDecisionType
  }
  deriving (EvaluationResult -> EvaluationResult -> Bool
(EvaluationResult -> EvaluationResult -> Bool)
-> (EvaluationResult -> EvaluationResult -> Bool)
-> Eq EvaluationResult
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: EvaluationResult -> EvaluationResult -> Bool
$c/= :: EvaluationResult -> EvaluationResult -> Bool
== :: EvaluationResult -> EvaluationResult -> Bool
$c== :: EvaluationResult -> EvaluationResult -> Bool
Prelude.Eq, ReadPrec [EvaluationResult]
ReadPrec EvaluationResult
Int -> ReadS EvaluationResult
ReadS [EvaluationResult]
(Int -> ReadS EvaluationResult)
-> ReadS [EvaluationResult]
-> ReadPrec EvaluationResult
-> ReadPrec [EvaluationResult]
-> Read EvaluationResult
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [EvaluationResult]
$creadListPrec :: ReadPrec [EvaluationResult]
readPrec :: ReadPrec EvaluationResult
$creadPrec :: ReadPrec EvaluationResult
readList :: ReadS [EvaluationResult]
$creadList :: ReadS [EvaluationResult]
readsPrec :: Int -> ReadS EvaluationResult
$creadsPrec :: Int -> ReadS EvaluationResult
Prelude.Read, Int -> EvaluationResult -> ShowS
[EvaluationResult] -> ShowS
EvaluationResult -> String
(Int -> EvaluationResult -> ShowS)
-> (EvaluationResult -> String)
-> ([EvaluationResult] -> ShowS)
-> Show EvaluationResult
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [EvaluationResult] -> ShowS
$cshowList :: [EvaluationResult] -> ShowS
show :: EvaluationResult -> String
$cshow :: EvaluationResult -> String
showsPrec :: Int -> EvaluationResult -> ShowS
$cshowsPrec :: Int -> EvaluationResult -> ShowS
Prelude.Show, (forall x. EvaluationResult -> Rep EvaluationResult x)
-> (forall x. Rep EvaluationResult x -> EvaluationResult)
-> Generic EvaluationResult
forall x. Rep EvaluationResult x -> EvaluationResult
forall x. EvaluationResult -> Rep EvaluationResult x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep EvaluationResult x -> EvaluationResult
$cfrom :: forall x. EvaluationResult -> Rep EvaluationResult x
Prelude.Generic)

-- |
-- Create a value of 'EvaluationResult' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'matchedStatements', 'evaluationResult_matchedStatements' - A list of the statements in the input policies that determine the result
-- for this scenario. Remember that even if multiple statements allow the
-- operation on the resource, if only one statement denies that operation,
-- then the explicit deny overrides any allow. In addition, the deny
-- statement is the only entry included in the result.
--
-- 'evalDecisionDetails', 'evaluationResult_evalDecisionDetails' - Additional details about the results of the cross-account evaluation
-- decision. This parameter is populated for only cross-account
-- simulations. It contains a brief summary of how each policy type
-- contributes to the final evaluation decision.
--
-- If the simulation evaluates policies within the same account and
-- includes a resource ARN, then the parameter is present but the response
-- is empty. If the simulation evaluates policies within the same account
-- and specifies all resources (@*@), then the parameter is not returned.
--
-- When you make a cross-account request, Amazon Web Services evaluates the
-- request in the trusting account and the trusted account. The request is
-- allowed only if both evaluations return @true@. For more information
-- about how policies are evaluated, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics Evaluating policies within a single account>.
--
-- If an Organizations SCP included in the evaluation denies access, the
-- simulation ends. In this case, policy evaluation does not proceed any
-- further and this parameter is not returned.
--
-- 'resourceSpecificResults', 'evaluationResult_resourceSpecificResults' - The individual results of the simulation of the API operation specified
-- in EvalActionName on each resource.
--
-- 'evalResourceName', 'evaluationResult_evalResourceName' - The ARN of the resource that the indicated API operation was tested on.
--
-- 'missingContextValues', 'evaluationResult_missingContextValues' - A list of context keys that are required by the included input policies
-- but that were not provided by one of the input parameters. This list is
-- used when the resource in a simulation is \"*\", either explicitly, or
-- when the @ResourceArns@ parameter blank. If you include a list of
-- resources, then any missing context values are instead included under
-- the @ResourceSpecificResults@ section. To discover the context keys used
-- by a set of policies, you can call GetContextKeysForCustomPolicy or
-- GetContextKeysForPrincipalPolicy.
--
-- 'permissionsBoundaryDecisionDetail', 'evaluationResult_permissionsBoundaryDecisionDetail' - Contains information about the effect that a permissions boundary has on
-- a policy simulation when the boundary is applied to an IAM entity.
--
-- 'organizationsDecisionDetail', 'evaluationResult_organizationsDecisionDetail' - A structure that details how Organizations and its service control
-- policies affect the results of the simulation. Only applies if the
-- simulated user\'s account is part of an organization.
--
-- 'evalActionName', 'evaluationResult_evalActionName' - The name of the API operation tested on the indicated resource.
--
-- 'evalDecision', 'evaluationResult_evalDecision' - The result of the simulation.
newEvaluationResult ::
  -- | 'evalActionName'
  Prelude.Text ->
  -- | 'evalDecision'
  PolicyEvaluationDecisionType ->
  EvaluationResult
newEvaluationResult :: Text -> PolicyEvaluationDecisionType -> EvaluationResult
newEvaluationResult Text
pEvalActionName_ PolicyEvaluationDecisionType
pEvalDecision_ =
  EvaluationResult' :: Maybe [Statement]
-> Maybe (HashMap Text PolicyEvaluationDecisionType)
-> Maybe [ResourceSpecificResult]
-> Maybe Text
-> Maybe [Text]
-> Maybe PermissionsBoundaryDecisionDetail
-> Maybe OrganizationsDecisionDetail
-> Text
-> PolicyEvaluationDecisionType
-> EvaluationResult
EvaluationResult'
    { $sel:matchedStatements:EvaluationResult' :: Maybe [Statement]
matchedStatements =
        Maybe [Statement]
forall a. Maybe a
Prelude.Nothing,
      $sel:evalDecisionDetails:EvaluationResult' :: Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails = Maybe (HashMap Text PolicyEvaluationDecisionType)
forall a. Maybe a
Prelude.Nothing,
      $sel:resourceSpecificResults:EvaluationResult' :: Maybe [ResourceSpecificResult]
resourceSpecificResults = Maybe [ResourceSpecificResult]
forall a. Maybe a
Prelude.Nothing,
      $sel:evalResourceName:EvaluationResult' :: Maybe Text
evalResourceName = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:missingContextValues:EvaluationResult' :: Maybe [Text]
missingContextValues = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:permissionsBoundaryDecisionDetail:EvaluationResult' :: Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail = Maybe PermissionsBoundaryDecisionDetail
forall a. Maybe a
Prelude.Nothing,
      $sel:organizationsDecisionDetail:EvaluationResult' :: Maybe OrganizationsDecisionDetail
organizationsDecisionDetail = Maybe OrganizationsDecisionDetail
forall a. Maybe a
Prelude.Nothing,
      $sel:evalActionName:EvaluationResult' :: Text
evalActionName = Text
pEvalActionName_,
      $sel:evalDecision:EvaluationResult' :: PolicyEvaluationDecisionType
evalDecision = PolicyEvaluationDecisionType
pEvalDecision_
    }

-- | A list of the statements in the input policies that determine the result
-- for this scenario. Remember that even if multiple statements allow the
-- operation on the resource, if only one statement denies that operation,
-- then the explicit deny overrides any allow. In addition, the deny
-- statement is the only entry included in the result.
evaluationResult_matchedStatements :: Lens.Lens' EvaluationResult (Prelude.Maybe [Statement])
evaluationResult_matchedStatements :: (Maybe [Statement] -> f (Maybe [Statement]))
-> EvaluationResult -> f EvaluationResult
evaluationResult_matchedStatements = (EvaluationResult -> Maybe [Statement])
-> (EvaluationResult -> Maybe [Statement] -> EvaluationResult)
-> Lens
     EvaluationResult
     EvaluationResult
     (Maybe [Statement])
     (Maybe [Statement])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe [Statement]
matchedStatements :: Maybe [Statement]
$sel:matchedStatements:EvaluationResult' :: EvaluationResult -> Maybe [Statement]
matchedStatements} -> Maybe [Statement]
matchedStatements) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe [Statement]
a -> EvaluationResult
s {$sel:matchedStatements:EvaluationResult' :: Maybe [Statement]
matchedStatements = Maybe [Statement]
a} :: EvaluationResult) ((Maybe [Statement] -> f (Maybe [Statement]))
 -> EvaluationResult -> f EvaluationResult)
-> ((Maybe [Statement] -> f (Maybe [Statement]))
    -> Maybe [Statement] -> f (Maybe [Statement]))
-> (Maybe [Statement] -> f (Maybe [Statement]))
-> EvaluationResult
-> f EvaluationResult
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Statement] [Statement] [Statement] [Statement]
-> Iso
     (Maybe [Statement])
     (Maybe [Statement])
     (Maybe [Statement])
     (Maybe [Statement])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Statement] [Statement] [Statement] [Statement]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Additional details about the results of the cross-account evaluation
-- decision. This parameter is populated for only cross-account
-- simulations. It contains a brief summary of how each policy type
-- contributes to the final evaluation decision.
--
-- If the simulation evaluates policies within the same account and
-- includes a resource ARN, then the parameter is present but the response
-- is empty. If the simulation evaluates policies within the same account
-- and specifies all resources (@*@), then the parameter is not returned.
--
-- When you make a cross-account request, Amazon Web Services evaluates the
-- request in the trusting account and the trusted account. The request is
-- allowed only if both evaluations return @true@. For more information
-- about how policies are evaluated, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics Evaluating policies within a single account>.
--
-- If an Organizations SCP included in the evaluation denies access, the
-- simulation ends. In this case, policy evaluation does not proceed any
-- further and this parameter is not returned.
evaluationResult_evalDecisionDetails :: Lens.Lens' EvaluationResult (Prelude.Maybe (Prelude.HashMap Prelude.Text PolicyEvaluationDecisionType))
evaluationResult_evalDecisionDetails :: (Maybe (HashMap Text PolicyEvaluationDecisionType)
 -> f (Maybe (HashMap Text PolicyEvaluationDecisionType)))
-> EvaluationResult -> f EvaluationResult
evaluationResult_evalDecisionDetails = (EvaluationResult
 -> Maybe (HashMap Text PolicyEvaluationDecisionType))
-> (EvaluationResult
    -> Maybe (HashMap Text PolicyEvaluationDecisionType)
    -> EvaluationResult)
-> Lens
     EvaluationResult
     EvaluationResult
     (Maybe (HashMap Text PolicyEvaluationDecisionType))
     (Maybe (HashMap Text PolicyEvaluationDecisionType))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails :: Maybe (HashMap Text PolicyEvaluationDecisionType)
$sel:evalDecisionDetails:EvaluationResult' :: EvaluationResult
-> Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails} -> Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe (HashMap Text PolicyEvaluationDecisionType)
a -> EvaluationResult
s {$sel:evalDecisionDetails:EvaluationResult' :: Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails = Maybe (HashMap Text PolicyEvaluationDecisionType)
a} :: EvaluationResult) ((Maybe (HashMap Text PolicyEvaluationDecisionType)
  -> f (Maybe (HashMap Text PolicyEvaluationDecisionType)))
 -> EvaluationResult -> f EvaluationResult)
-> ((Maybe (HashMap Text PolicyEvaluationDecisionType)
     -> f (Maybe (HashMap Text PolicyEvaluationDecisionType)))
    -> Maybe (HashMap Text PolicyEvaluationDecisionType)
    -> f (Maybe (HashMap Text PolicyEvaluationDecisionType)))
-> (Maybe (HashMap Text PolicyEvaluationDecisionType)
    -> f (Maybe (HashMap Text PolicyEvaluationDecisionType)))
-> EvaluationResult
-> f EvaluationResult
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text PolicyEvaluationDecisionType)
  (HashMap Text PolicyEvaluationDecisionType)
  (HashMap Text PolicyEvaluationDecisionType)
  (HashMap Text PolicyEvaluationDecisionType)
-> Iso
     (Maybe (HashMap Text PolicyEvaluationDecisionType))
     (Maybe (HashMap Text PolicyEvaluationDecisionType))
     (Maybe (HashMap Text PolicyEvaluationDecisionType))
     (Maybe (HashMap Text PolicyEvaluationDecisionType))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text PolicyEvaluationDecisionType)
  (HashMap Text PolicyEvaluationDecisionType)
  (HashMap Text PolicyEvaluationDecisionType)
  (HashMap Text PolicyEvaluationDecisionType)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The individual results of the simulation of the API operation specified
-- in EvalActionName on each resource.
evaluationResult_resourceSpecificResults :: Lens.Lens' EvaluationResult (Prelude.Maybe [ResourceSpecificResult])
evaluationResult_resourceSpecificResults :: (Maybe [ResourceSpecificResult]
 -> f (Maybe [ResourceSpecificResult]))
-> EvaluationResult -> f EvaluationResult
evaluationResult_resourceSpecificResults = (EvaluationResult -> Maybe [ResourceSpecificResult])
-> (EvaluationResult
    -> Maybe [ResourceSpecificResult] -> EvaluationResult)
-> Lens
     EvaluationResult
     EvaluationResult
     (Maybe [ResourceSpecificResult])
     (Maybe [ResourceSpecificResult])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe [ResourceSpecificResult]
resourceSpecificResults :: Maybe [ResourceSpecificResult]
$sel:resourceSpecificResults:EvaluationResult' :: EvaluationResult -> Maybe [ResourceSpecificResult]
resourceSpecificResults} -> Maybe [ResourceSpecificResult]
resourceSpecificResults) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe [ResourceSpecificResult]
a -> EvaluationResult
s {$sel:resourceSpecificResults:EvaluationResult' :: Maybe [ResourceSpecificResult]
resourceSpecificResults = Maybe [ResourceSpecificResult]
a} :: EvaluationResult) ((Maybe [ResourceSpecificResult]
  -> f (Maybe [ResourceSpecificResult]))
 -> EvaluationResult -> f EvaluationResult)
-> ((Maybe [ResourceSpecificResult]
     -> f (Maybe [ResourceSpecificResult]))
    -> Maybe [ResourceSpecificResult]
    -> f (Maybe [ResourceSpecificResult]))
-> (Maybe [ResourceSpecificResult]
    -> f (Maybe [ResourceSpecificResult]))
-> EvaluationResult
-> f EvaluationResult
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  [ResourceSpecificResult]
  [ResourceSpecificResult]
  [ResourceSpecificResult]
  [ResourceSpecificResult]
-> Iso
     (Maybe [ResourceSpecificResult])
     (Maybe [ResourceSpecificResult])
     (Maybe [ResourceSpecificResult])
     (Maybe [ResourceSpecificResult])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  [ResourceSpecificResult]
  [ResourceSpecificResult]
  [ResourceSpecificResult]
  [ResourceSpecificResult]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The ARN of the resource that the indicated API operation was tested on.
evaluationResult_evalResourceName :: Lens.Lens' EvaluationResult (Prelude.Maybe Prelude.Text)
evaluationResult_evalResourceName :: (Maybe Text -> f (Maybe Text))
-> EvaluationResult -> f EvaluationResult
evaluationResult_evalResourceName = (EvaluationResult -> Maybe Text)
-> (EvaluationResult -> Maybe Text -> EvaluationResult)
-> Lens EvaluationResult EvaluationResult (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe Text
evalResourceName :: Maybe Text
$sel:evalResourceName:EvaluationResult' :: EvaluationResult -> Maybe Text
evalResourceName} -> Maybe Text
evalResourceName) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe Text
a -> EvaluationResult
s {$sel:evalResourceName:EvaluationResult' :: Maybe Text
evalResourceName = Maybe Text
a} :: EvaluationResult)

-- | A list of context keys that are required by the included input policies
-- but that were not provided by one of the input parameters. This list is
-- used when the resource in a simulation is \"*\", either explicitly, or
-- when the @ResourceArns@ parameter blank. If you include a list of
-- resources, then any missing context values are instead included under
-- the @ResourceSpecificResults@ section. To discover the context keys used
-- by a set of policies, you can call GetContextKeysForCustomPolicy or
-- GetContextKeysForPrincipalPolicy.
evaluationResult_missingContextValues :: Lens.Lens' EvaluationResult (Prelude.Maybe [Prelude.Text])
evaluationResult_missingContextValues :: (Maybe [Text] -> f (Maybe [Text]))
-> EvaluationResult -> f EvaluationResult
evaluationResult_missingContextValues = (EvaluationResult -> Maybe [Text])
-> (EvaluationResult -> Maybe [Text] -> EvaluationResult)
-> Lens
     EvaluationResult EvaluationResult (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe [Text]
missingContextValues :: Maybe [Text]
$sel:missingContextValues:EvaluationResult' :: EvaluationResult -> Maybe [Text]
missingContextValues} -> Maybe [Text]
missingContextValues) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe [Text]
a -> EvaluationResult
s {$sel:missingContextValues:EvaluationResult' :: Maybe [Text]
missingContextValues = Maybe [Text]
a} :: EvaluationResult) ((Maybe [Text] -> f (Maybe [Text]))
 -> EvaluationResult -> f EvaluationResult)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> EvaluationResult
-> f EvaluationResult
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Contains information about the effect that a permissions boundary has on
-- a policy simulation when the boundary is applied to an IAM entity.
evaluationResult_permissionsBoundaryDecisionDetail :: Lens.Lens' EvaluationResult (Prelude.Maybe PermissionsBoundaryDecisionDetail)
evaluationResult_permissionsBoundaryDecisionDetail :: (Maybe PermissionsBoundaryDecisionDetail
 -> f (Maybe PermissionsBoundaryDecisionDetail))
-> EvaluationResult -> f EvaluationResult
evaluationResult_permissionsBoundaryDecisionDetail = (EvaluationResult -> Maybe PermissionsBoundaryDecisionDetail)
-> (EvaluationResult
    -> Maybe PermissionsBoundaryDecisionDetail -> EvaluationResult)
-> Lens
     EvaluationResult
     EvaluationResult
     (Maybe PermissionsBoundaryDecisionDetail)
     (Maybe PermissionsBoundaryDecisionDetail)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail :: Maybe PermissionsBoundaryDecisionDetail
$sel:permissionsBoundaryDecisionDetail:EvaluationResult' :: EvaluationResult -> Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail} -> Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe PermissionsBoundaryDecisionDetail
a -> EvaluationResult
s {$sel:permissionsBoundaryDecisionDetail:EvaluationResult' :: Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail = Maybe PermissionsBoundaryDecisionDetail
a} :: EvaluationResult)

-- | A structure that details how Organizations and its service control
-- policies affect the results of the simulation. Only applies if the
-- simulated user\'s account is part of an organization.
evaluationResult_organizationsDecisionDetail :: Lens.Lens' EvaluationResult (Prelude.Maybe OrganizationsDecisionDetail)
evaluationResult_organizationsDecisionDetail :: (Maybe OrganizationsDecisionDetail
 -> f (Maybe OrganizationsDecisionDetail))
-> EvaluationResult -> f EvaluationResult
evaluationResult_organizationsDecisionDetail = (EvaluationResult -> Maybe OrganizationsDecisionDetail)
-> (EvaluationResult
    -> Maybe OrganizationsDecisionDetail -> EvaluationResult)
-> Lens
     EvaluationResult
     EvaluationResult
     (Maybe OrganizationsDecisionDetail)
     (Maybe OrganizationsDecisionDetail)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe OrganizationsDecisionDetail
organizationsDecisionDetail :: Maybe OrganizationsDecisionDetail
$sel:organizationsDecisionDetail:EvaluationResult' :: EvaluationResult -> Maybe OrganizationsDecisionDetail
organizationsDecisionDetail} -> Maybe OrganizationsDecisionDetail
organizationsDecisionDetail) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe OrganizationsDecisionDetail
a -> EvaluationResult
s {$sel:organizationsDecisionDetail:EvaluationResult' :: Maybe OrganizationsDecisionDetail
organizationsDecisionDetail = Maybe OrganizationsDecisionDetail
a} :: EvaluationResult)

-- | The name of the API operation tested on the indicated resource.
evaluationResult_evalActionName :: Lens.Lens' EvaluationResult Prelude.Text
evaluationResult_evalActionName :: (Text -> f Text) -> EvaluationResult -> f EvaluationResult
evaluationResult_evalActionName = (EvaluationResult -> Text)
-> (EvaluationResult -> Text -> EvaluationResult)
-> Lens EvaluationResult EvaluationResult Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Text
evalActionName :: Text
$sel:evalActionName:EvaluationResult' :: EvaluationResult -> Text
evalActionName} -> Text
evalActionName) (\s :: EvaluationResult
s@EvaluationResult' {} Text
a -> EvaluationResult
s {$sel:evalActionName:EvaluationResult' :: Text
evalActionName = Text
a} :: EvaluationResult)

-- | The result of the simulation.
evaluationResult_evalDecision :: Lens.Lens' EvaluationResult PolicyEvaluationDecisionType
evaluationResult_evalDecision :: (PolicyEvaluationDecisionType -> f PolicyEvaluationDecisionType)
-> EvaluationResult -> f EvaluationResult
evaluationResult_evalDecision = (EvaluationResult -> PolicyEvaluationDecisionType)
-> (EvaluationResult
    -> PolicyEvaluationDecisionType -> EvaluationResult)
-> Lens
     EvaluationResult
     EvaluationResult
     PolicyEvaluationDecisionType
     PolicyEvaluationDecisionType
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {PolicyEvaluationDecisionType
evalDecision :: PolicyEvaluationDecisionType
$sel:evalDecision:EvaluationResult' :: EvaluationResult -> PolicyEvaluationDecisionType
evalDecision} -> PolicyEvaluationDecisionType
evalDecision) (\s :: EvaluationResult
s@EvaluationResult' {} PolicyEvaluationDecisionType
a -> EvaluationResult
s {$sel:evalDecision:EvaluationResult' :: PolicyEvaluationDecisionType
evalDecision = PolicyEvaluationDecisionType
a} :: EvaluationResult)

instance Core.FromXML EvaluationResult where
  parseXML :: [Node] -> Either String EvaluationResult
parseXML [Node]
x =
    Maybe [Statement]
-> Maybe (HashMap Text PolicyEvaluationDecisionType)
-> Maybe [ResourceSpecificResult]
-> Maybe Text
-> Maybe [Text]
-> Maybe PermissionsBoundaryDecisionDetail
-> Maybe OrganizationsDecisionDetail
-> Text
-> PolicyEvaluationDecisionType
-> EvaluationResult
EvaluationResult'
      (Maybe [Statement]
 -> Maybe (HashMap Text PolicyEvaluationDecisionType)
 -> Maybe [ResourceSpecificResult]
 -> Maybe Text
 -> Maybe [Text]
 -> Maybe PermissionsBoundaryDecisionDetail
 -> Maybe OrganizationsDecisionDetail
 -> Text
 -> PolicyEvaluationDecisionType
 -> EvaluationResult)
-> Either String (Maybe [Statement])
-> Either
     String
     (Maybe (HashMap Text PolicyEvaluationDecisionType)
      -> Maybe [ResourceSpecificResult]
      -> Maybe Text
      -> Maybe [Text]
      -> Maybe PermissionsBoundaryDecisionDetail
      -> Maybe OrganizationsDecisionDetail
      -> Text
      -> PolicyEvaluationDecisionType
      -> EvaluationResult)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ( [Node]
x [Node] -> Text -> Either String (Maybe [Node])
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"MatchedStatements"
                      Either String (Maybe [Node]) -> [Node] -> Either String [Node]
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ [Node]
forall a. Monoid a => a
Prelude.mempty
                      Either String [Node]
-> ([Node] -> Either String (Maybe [Statement]))
-> Either String (Maybe [Statement])
forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= ([Node] -> Either String [Statement])
-> [Node] -> Either String (Maybe [Statement])
forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (Text -> [Node] -> Either String [Statement]
forall a. FromXML a => Text -> [Node] -> Either String [a]
Core.parseXMLList Text
"member")
                  )
      Either
  String
  (Maybe (HashMap Text PolicyEvaluationDecisionType)
   -> Maybe [ResourceSpecificResult]
   -> Maybe Text
   -> Maybe [Text]
   -> Maybe PermissionsBoundaryDecisionDetail
   -> Maybe OrganizationsDecisionDetail
   -> Text
   -> PolicyEvaluationDecisionType
   -> EvaluationResult)
-> Either
     String (Maybe (HashMap Text PolicyEvaluationDecisionType))
-> Either
     String
     (Maybe [ResourceSpecificResult]
      -> Maybe Text
      -> Maybe [Text]
      -> Maybe PermissionsBoundaryDecisionDetail
      -> Maybe OrganizationsDecisionDetail
      -> Text
      -> PolicyEvaluationDecisionType
      -> EvaluationResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( [Node]
x [Node] -> Text -> Either String (Maybe [Node])
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"EvalDecisionDetails"
                      Either String (Maybe [Node]) -> [Node] -> Either String [Node]
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ [Node]
forall a. Monoid a => a
Prelude.mempty
                      Either String [Node]
-> ([Node]
    -> Either
         String (Maybe (HashMap Text PolicyEvaluationDecisionType)))
-> Either
     String (Maybe (HashMap Text PolicyEvaluationDecisionType))
forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= ([Node]
 -> Either String (HashMap Text PolicyEvaluationDecisionType))
-> [Node]
-> Either
     String (Maybe (HashMap Text PolicyEvaluationDecisionType))
forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (Text
-> Text
-> Text
-> [Node]
-> Either String (HashMap Text PolicyEvaluationDecisionType)
forall k v.
(Eq k, Hashable k, FromText k, FromXML v) =>
Text -> Text -> Text -> [Node] -> Either String (HashMap k v)
Core.parseXMLMap Text
"entry" Text
"key" Text
"value")
                  )
      Either
  String
  (Maybe [ResourceSpecificResult]
   -> Maybe Text
   -> Maybe [Text]
   -> Maybe PermissionsBoundaryDecisionDetail
   -> Maybe OrganizationsDecisionDetail
   -> Text
   -> PolicyEvaluationDecisionType
   -> EvaluationResult)
-> Either String (Maybe [ResourceSpecificResult])
-> Either
     String
     (Maybe Text
      -> Maybe [Text]
      -> Maybe PermissionsBoundaryDecisionDetail
      -> Maybe OrganizationsDecisionDetail
      -> Text
      -> PolicyEvaluationDecisionType
      -> EvaluationResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( [Node]
x [Node] -> Text -> Either String (Maybe [Node])
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"ResourceSpecificResults"
                      Either String (Maybe [Node]) -> [Node] -> Either String [Node]
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ [Node]
forall a. Monoid a => a
Prelude.mempty
                      Either String [Node]
-> ([Node] -> Either String (Maybe [ResourceSpecificResult]))
-> Either String (Maybe [ResourceSpecificResult])
forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= ([Node] -> Either String [ResourceSpecificResult])
-> [Node] -> Either String (Maybe [ResourceSpecificResult])
forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (Text -> [Node] -> Either String [ResourceSpecificResult]
forall a. FromXML a => Text -> [Node] -> Either String [a]
Core.parseXMLList Text
"member")
                  )
      Either
  String
  (Maybe Text
   -> Maybe [Text]
   -> Maybe PermissionsBoundaryDecisionDetail
   -> Maybe OrganizationsDecisionDetail
   -> Text
   -> PolicyEvaluationDecisionType
   -> EvaluationResult)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe [Text]
      -> Maybe PermissionsBoundaryDecisionDetail
      -> Maybe OrganizationsDecisionDetail
      -> Text
      -> PolicyEvaluationDecisionType
      -> EvaluationResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"EvalResourceName")
      Either
  String
  (Maybe [Text]
   -> Maybe PermissionsBoundaryDecisionDetail
   -> Maybe OrganizationsDecisionDetail
   -> Text
   -> PolicyEvaluationDecisionType
   -> EvaluationResult)
-> Either String (Maybe [Text])
-> Either
     String
     (Maybe PermissionsBoundaryDecisionDetail
      -> Maybe OrganizationsDecisionDetail
      -> Text
      -> PolicyEvaluationDecisionType
      -> EvaluationResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( [Node]
x [Node] -> Text -> Either String (Maybe [Node])
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"MissingContextValues"
                      Either String (Maybe [Node]) -> [Node] -> Either String [Node]
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ [Node]
forall a. Monoid a => a
Prelude.mempty
                      Either String [Node]
-> ([Node] -> Either String (Maybe [Text]))
-> Either String (Maybe [Text])
forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= ([Node] -> Either String [Text])
-> [Node] -> Either String (Maybe [Text])
forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (Text -> [Node] -> Either String [Text]
forall a. FromXML a => Text -> [Node] -> Either String [a]
Core.parseXMLList Text
"member")
                  )
      Either
  String
  (Maybe PermissionsBoundaryDecisionDetail
   -> Maybe OrganizationsDecisionDetail
   -> Text
   -> PolicyEvaluationDecisionType
   -> EvaluationResult)
-> Either String (Maybe PermissionsBoundaryDecisionDetail)
-> Either
     String
     (Maybe OrganizationsDecisionDetail
      -> Text -> PolicyEvaluationDecisionType -> EvaluationResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node]
-> Text -> Either String (Maybe PermissionsBoundaryDecisionDetail)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"PermissionsBoundaryDecisionDetail")
      Either
  String
  (Maybe OrganizationsDecisionDetail
   -> Text -> PolicyEvaluationDecisionType -> EvaluationResult)
-> Either String (Maybe OrganizationsDecisionDetail)
-> Either
     String (Text -> PolicyEvaluationDecisionType -> EvaluationResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe OrganizationsDecisionDetail)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"OrganizationsDecisionDetail")
      Either
  String (Text -> PolicyEvaluationDecisionType -> EvaluationResult)
-> Either String Text
-> Either String (PolicyEvaluationDecisionType -> EvaluationResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String Text
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"EvalActionName")
      Either String (PolicyEvaluationDecisionType -> EvaluationResult)
-> Either String PolicyEvaluationDecisionType
-> Either String EvaluationResult
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String PolicyEvaluationDecisionType
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"EvalDecision")

instance Prelude.Hashable EvaluationResult

instance Prelude.NFData EvaluationResult