{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.IAM.Types.PermissionsBoundaryDecisionDetail
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.IAM.Types.PermissionsBoundaryDecisionDetail where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | Contains information about the effect that a permissions boundary has on
-- a policy simulation when the boundary is applied to an IAM entity.
--
-- /See:/ 'newPermissionsBoundaryDecisionDetail' smart constructor.
data PermissionsBoundaryDecisionDetail = PermissionsBoundaryDecisionDetail'
  { -- | Specifies whether an action is allowed by a permissions boundary that is
    -- applied to an IAM entity (user or role). A value of @true@ means that
    -- the permissions boundary does not deny the action. This means that the
    -- policy includes an @Allow@ statement that matches the request. In this
    -- case, if an identity-based policy also allows the action, the request is
    -- allowed. A value of @false@ means that either the requested action is
    -- not allowed (implicitly denied) or that the action is explicitly denied
    -- by the permissions boundary. In both of these cases, the action is not
    -- allowed, regardless of the identity-based policy.
    PermissionsBoundaryDecisionDetail -> Maybe Bool
allowedByPermissionsBoundary :: Prelude.Maybe Prelude.Bool
  }
  deriving (PermissionsBoundaryDecisionDetail
-> PermissionsBoundaryDecisionDetail -> Bool
(PermissionsBoundaryDecisionDetail
 -> PermissionsBoundaryDecisionDetail -> Bool)
-> (PermissionsBoundaryDecisionDetail
    -> PermissionsBoundaryDecisionDetail -> Bool)
-> Eq PermissionsBoundaryDecisionDetail
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PermissionsBoundaryDecisionDetail
-> PermissionsBoundaryDecisionDetail -> Bool
$c/= :: PermissionsBoundaryDecisionDetail
-> PermissionsBoundaryDecisionDetail -> Bool
== :: PermissionsBoundaryDecisionDetail
-> PermissionsBoundaryDecisionDetail -> Bool
$c== :: PermissionsBoundaryDecisionDetail
-> PermissionsBoundaryDecisionDetail -> Bool
Prelude.Eq, ReadPrec [PermissionsBoundaryDecisionDetail]
ReadPrec PermissionsBoundaryDecisionDetail
Int -> ReadS PermissionsBoundaryDecisionDetail
ReadS [PermissionsBoundaryDecisionDetail]
(Int -> ReadS PermissionsBoundaryDecisionDetail)
-> ReadS [PermissionsBoundaryDecisionDetail]
-> ReadPrec PermissionsBoundaryDecisionDetail
-> ReadPrec [PermissionsBoundaryDecisionDetail]
-> Read PermissionsBoundaryDecisionDetail
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PermissionsBoundaryDecisionDetail]
$creadListPrec :: ReadPrec [PermissionsBoundaryDecisionDetail]
readPrec :: ReadPrec PermissionsBoundaryDecisionDetail
$creadPrec :: ReadPrec PermissionsBoundaryDecisionDetail
readList :: ReadS [PermissionsBoundaryDecisionDetail]
$creadList :: ReadS [PermissionsBoundaryDecisionDetail]
readsPrec :: Int -> ReadS PermissionsBoundaryDecisionDetail
$creadsPrec :: Int -> ReadS PermissionsBoundaryDecisionDetail
Prelude.Read, Int -> PermissionsBoundaryDecisionDetail -> ShowS
[PermissionsBoundaryDecisionDetail] -> ShowS
PermissionsBoundaryDecisionDetail -> String
(Int -> PermissionsBoundaryDecisionDetail -> ShowS)
-> (PermissionsBoundaryDecisionDetail -> String)
-> ([PermissionsBoundaryDecisionDetail] -> ShowS)
-> Show PermissionsBoundaryDecisionDetail
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PermissionsBoundaryDecisionDetail] -> ShowS
$cshowList :: [PermissionsBoundaryDecisionDetail] -> ShowS
show :: PermissionsBoundaryDecisionDetail -> String
$cshow :: PermissionsBoundaryDecisionDetail -> String
showsPrec :: Int -> PermissionsBoundaryDecisionDetail -> ShowS
$cshowsPrec :: Int -> PermissionsBoundaryDecisionDetail -> ShowS
Prelude.Show, (forall x.
 PermissionsBoundaryDecisionDetail
 -> Rep PermissionsBoundaryDecisionDetail x)
-> (forall x.
    Rep PermissionsBoundaryDecisionDetail x
    -> PermissionsBoundaryDecisionDetail)
-> Generic PermissionsBoundaryDecisionDetail
forall x.
Rep PermissionsBoundaryDecisionDetail x
-> PermissionsBoundaryDecisionDetail
forall x.
PermissionsBoundaryDecisionDetail
-> Rep PermissionsBoundaryDecisionDetail x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep PermissionsBoundaryDecisionDetail x
-> PermissionsBoundaryDecisionDetail
$cfrom :: forall x.
PermissionsBoundaryDecisionDetail
-> Rep PermissionsBoundaryDecisionDetail x
Prelude.Generic)

-- |
-- Create a value of 'PermissionsBoundaryDecisionDetail' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'allowedByPermissionsBoundary', 'permissionsBoundaryDecisionDetail_allowedByPermissionsBoundary' - Specifies whether an action is allowed by a permissions boundary that is
-- applied to an IAM entity (user or role). A value of @true@ means that
-- the permissions boundary does not deny the action. This means that the
-- policy includes an @Allow@ statement that matches the request. In this
-- case, if an identity-based policy also allows the action, the request is
-- allowed. A value of @false@ means that either the requested action is
-- not allowed (implicitly denied) or that the action is explicitly denied
-- by the permissions boundary. In both of these cases, the action is not
-- allowed, regardless of the identity-based policy.
newPermissionsBoundaryDecisionDetail ::
  PermissionsBoundaryDecisionDetail
newPermissionsBoundaryDecisionDetail :: PermissionsBoundaryDecisionDetail
newPermissionsBoundaryDecisionDetail =
  PermissionsBoundaryDecisionDetail' :: Maybe Bool -> PermissionsBoundaryDecisionDetail
PermissionsBoundaryDecisionDetail'
    { $sel:allowedByPermissionsBoundary:PermissionsBoundaryDecisionDetail' :: Maybe Bool
allowedByPermissionsBoundary =
        Maybe Bool
forall a. Maybe a
Prelude.Nothing
    }

-- | Specifies whether an action is allowed by a permissions boundary that is
-- applied to an IAM entity (user or role). A value of @true@ means that
-- the permissions boundary does not deny the action. This means that the
-- policy includes an @Allow@ statement that matches the request. In this
-- case, if an identity-based policy also allows the action, the request is
-- allowed. A value of @false@ means that either the requested action is
-- not allowed (implicitly denied) or that the action is explicitly denied
-- by the permissions boundary. In both of these cases, the action is not
-- allowed, regardless of the identity-based policy.
permissionsBoundaryDecisionDetail_allowedByPermissionsBoundary :: Lens.Lens' PermissionsBoundaryDecisionDetail (Prelude.Maybe Prelude.Bool)
permissionsBoundaryDecisionDetail_allowedByPermissionsBoundary :: (Maybe Bool -> f (Maybe Bool))
-> PermissionsBoundaryDecisionDetail
-> f PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail_allowedByPermissionsBoundary = (PermissionsBoundaryDecisionDetail -> Maybe Bool)
-> (PermissionsBoundaryDecisionDetail
    -> Maybe Bool -> PermissionsBoundaryDecisionDetail)
-> Lens
     PermissionsBoundaryDecisionDetail
     PermissionsBoundaryDecisionDetail
     (Maybe Bool)
     (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PermissionsBoundaryDecisionDetail' {Maybe Bool
allowedByPermissionsBoundary :: Maybe Bool
$sel:allowedByPermissionsBoundary:PermissionsBoundaryDecisionDetail' :: PermissionsBoundaryDecisionDetail -> Maybe Bool
allowedByPermissionsBoundary} -> Maybe Bool
allowedByPermissionsBoundary) (\s :: PermissionsBoundaryDecisionDetail
s@PermissionsBoundaryDecisionDetail' {} Maybe Bool
a -> PermissionsBoundaryDecisionDetail
s {$sel:allowedByPermissionsBoundary:PermissionsBoundaryDecisionDetail' :: Maybe Bool
allowedByPermissionsBoundary = Maybe Bool
a} :: PermissionsBoundaryDecisionDetail)

instance
  Core.FromXML
    PermissionsBoundaryDecisionDetail
  where
  parseXML :: [Node] -> Either String PermissionsBoundaryDecisionDetail
parseXML [Node]
x =
    Maybe Bool -> PermissionsBoundaryDecisionDetail
PermissionsBoundaryDecisionDetail'
      (Maybe Bool -> PermissionsBoundaryDecisionDetail)
-> Either String (Maybe Bool)
-> Either String PermissionsBoundaryDecisionDetail
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe Bool)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"AllowedByPermissionsBoundary")

instance
  Prelude.Hashable
    PermissionsBoundaryDecisionDetail

instance
  Prelude.NFData
    PermissionsBoundaryDecisionDetail