{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.IoT.Types.AuthResult
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.IoT.Types.AuthResult where

import qualified Amazonka.Core as Core
import Amazonka.IoT.Types.Allowed
import Amazonka.IoT.Types.AuthDecision
import Amazonka.IoT.Types.AuthInfo
import Amazonka.IoT.Types.Denied
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | The authorizer result.
--
-- /See:/ 'newAuthResult' smart constructor.
data AuthResult = AuthResult'
  { -- | The policies and statements that denied the specified action.
    AuthResult -> Maybe Denied
denied :: Prelude.Maybe Denied,
    -- | The final authorization decision of this scenario. Multiple statements
    -- are taken into account when determining the authorization decision. An
    -- explicit deny statement can override multiple allow statements.
    AuthResult -> Maybe AuthDecision
authDecision :: Prelude.Maybe AuthDecision,
    -- | The policies and statements that allowed the specified action.
    AuthResult -> Maybe Allowed
allowed :: Prelude.Maybe Allowed,
    -- | Contains any missing context values found while evaluating policy.
    AuthResult -> Maybe [Text]
missingContextValues :: Prelude.Maybe [Prelude.Text],
    -- | Authorization information.
    AuthResult -> Maybe AuthInfo
authInfo :: Prelude.Maybe AuthInfo
  }
  deriving (AuthResult -> AuthResult -> Bool
(AuthResult -> AuthResult -> Bool)
-> (AuthResult -> AuthResult -> Bool) -> Eq AuthResult
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AuthResult -> AuthResult -> Bool
$c/= :: AuthResult -> AuthResult -> Bool
== :: AuthResult -> AuthResult -> Bool
$c== :: AuthResult -> AuthResult -> Bool
Prelude.Eq, ReadPrec [AuthResult]
ReadPrec AuthResult
Int -> ReadS AuthResult
ReadS [AuthResult]
(Int -> ReadS AuthResult)
-> ReadS [AuthResult]
-> ReadPrec AuthResult
-> ReadPrec [AuthResult]
-> Read AuthResult
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [AuthResult]
$creadListPrec :: ReadPrec [AuthResult]
readPrec :: ReadPrec AuthResult
$creadPrec :: ReadPrec AuthResult
readList :: ReadS [AuthResult]
$creadList :: ReadS [AuthResult]
readsPrec :: Int -> ReadS AuthResult
$creadsPrec :: Int -> ReadS AuthResult
Prelude.Read, Int -> AuthResult -> ShowS
[AuthResult] -> ShowS
AuthResult -> String
(Int -> AuthResult -> ShowS)
-> (AuthResult -> String)
-> ([AuthResult] -> ShowS)
-> Show AuthResult
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AuthResult] -> ShowS
$cshowList :: [AuthResult] -> ShowS
show :: AuthResult -> String
$cshow :: AuthResult -> String
showsPrec :: Int -> AuthResult -> ShowS
$cshowsPrec :: Int -> AuthResult -> ShowS
Prelude.Show, (forall x. AuthResult -> Rep AuthResult x)
-> (forall x. Rep AuthResult x -> AuthResult) -> Generic AuthResult
forall x. Rep AuthResult x -> AuthResult
forall x. AuthResult -> Rep AuthResult x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep AuthResult x -> AuthResult
$cfrom :: forall x. AuthResult -> Rep AuthResult x
Prelude.Generic)

-- |
-- Create a value of 'AuthResult' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'denied', 'authResult_denied' - The policies and statements that denied the specified action.
--
-- 'authDecision', 'authResult_authDecision' - The final authorization decision of this scenario. Multiple statements
-- are taken into account when determining the authorization decision. An
-- explicit deny statement can override multiple allow statements.
--
-- 'allowed', 'authResult_allowed' - The policies and statements that allowed the specified action.
--
-- 'missingContextValues', 'authResult_missingContextValues' - Contains any missing context values found while evaluating policy.
--
-- 'authInfo', 'authResult_authInfo' - Authorization information.
newAuthResult ::
  AuthResult
newAuthResult :: AuthResult
newAuthResult =
  AuthResult' :: Maybe Denied
-> Maybe AuthDecision
-> Maybe Allowed
-> Maybe [Text]
-> Maybe AuthInfo
-> AuthResult
AuthResult'
    { $sel:denied:AuthResult' :: Maybe Denied
denied = Maybe Denied
forall a. Maybe a
Prelude.Nothing,
      $sel:authDecision:AuthResult' :: Maybe AuthDecision
authDecision = Maybe AuthDecision
forall a. Maybe a
Prelude.Nothing,
      $sel:allowed:AuthResult' :: Maybe Allowed
allowed = Maybe Allowed
forall a. Maybe a
Prelude.Nothing,
      $sel:missingContextValues:AuthResult' :: Maybe [Text]
missingContextValues = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:authInfo:AuthResult' :: Maybe AuthInfo
authInfo = Maybe AuthInfo
forall a. Maybe a
Prelude.Nothing
    }

-- | The policies and statements that denied the specified action.
authResult_denied :: Lens.Lens' AuthResult (Prelude.Maybe Denied)
authResult_denied :: (Maybe Denied -> f (Maybe Denied)) -> AuthResult -> f AuthResult
authResult_denied = (AuthResult -> Maybe Denied)
-> (AuthResult -> Maybe Denied -> AuthResult)
-> Lens AuthResult AuthResult (Maybe Denied) (Maybe Denied)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthResult' {Maybe Denied
denied :: Maybe Denied
$sel:denied:AuthResult' :: AuthResult -> Maybe Denied
denied} -> Maybe Denied
denied) (\s :: AuthResult
s@AuthResult' {} Maybe Denied
a -> AuthResult
s {$sel:denied:AuthResult' :: Maybe Denied
denied = Maybe Denied
a} :: AuthResult)

-- | The final authorization decision of this scenario. Multiple statements
-- are taken into account when determining the authorization decision. An
-- explicit deny statement can override multiple allow statements.
authResult_authDecision :: Lens.Lens' AuthResult (Prelude.Maybe AuthDecision)
authResult_authDecision :: (Maybe AuthDecision -> f (Maybe AuthDecision))
-> AuthResult -> f AuthResult
authResult_authDecision = (AuthResult -> Maybe AuthDecision)
-> (AuthResult -> Maybe AuthDecision -> AuthResult)
-> Lens
     AuthResult AuthResult (Maybe AuthDecision) (Maybe AuthDecision)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthResult' {Maybe AuthDecision
authDecision :: Maybe AuthDecision
$sel:authDecision:AuthResult' :: AuthResult -> Maybe AuthDecision
authDecision} -> Maybe AuthDecision
authDecision) (\s :: AuthResult
s@AuthResult' {} Maybe AuthDecision
a -> AuthResult
s {$sel:authDecision:AuthResult' :: Maybe AuthDecision
authDecision = Maybe AuthDecision
a} :: AuthResult)

-- | The policies and statements that allowed the specified action.
authResult_allowed :: Lens.Lens' AuthResult (Prelude.Maybe Allowed)
authResult_allowed :: (Maybe Allowed -> f (Maybe Allowed)) -> AuthResult -> f AuthResult
authResult_allowed = (AuthResult -> Maybe Allowed)
-> (AuthResult -> Maybe Allowed -> AuthResult)
-> Lens AuthResult AuthResult (Maybe Allowed) (Maybe Allowed)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthResult' {Maybe Allowed
allowed :: Maybe Allowed
$sel:allowed:AuthResult' :: AuthResult -> Maybe Allowed
allowed} -> Maybe Allowed
allowed) (\s :: AuthResult
s@AuthResult' {} Maybe Allowed
a -> AuthResult
s {$sel:allowed:AuthResult' :: Maybe Allowed
allowed = Maybe Allowed
a} :: AuthResult)

-- | Contains any missing context values found while evaluating policy.
authResult_missingContextValues :: Lens.Lens' AuthResult (Prelude.Maybe [Prelude.Text])
authResult_missingContextValues :: (Maybe [Text] -> f (Maybe [Text])) -> AuthResult -> f AuthResult
authResult_missingContextValues = (AuthResult -> Maybe [Text])
-> (AuthResult -> Maybe [Text] -> AuthResult)
-> Lens AuthResult AuthResult (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthResult' {Maybe [Text]
missingContextValues :: Maybe [Text]
$sel:missingContextValues:AuthResult' :: AuthResult -> Maybe [Text]
missingContextValues} -> Maybe [Text]
missingContextValues) (\s :: AuthResult
s@AuthResult' {} Maybe [Text]
a -> AuthResult
s {$sel:missingContextValues:AuthResult' :: Maybe [Text]
missingContextValues = Maybe [Text]
a} :: AuthResult) ((Maybe [Text] -> f (Maybe [Text])) -> AuthResult -> f AuthResult)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> AuthResult
-> f AuthResult
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Authorization information.
authResult_authInfo :: Lens.Lens' AuthResult (Prelude.Maybe AuthInfo)
authResult_authInfo :: (Maybe AuthInfo -> f (Maybe AuthInfo))
-> AuthResult -> f AuthResult
authResult_authInfo = (AuthResult -> Maybe AuthInfo)
-> (AuthResult -> Maybe AuthInfo -> AuthResult)
-> Lens AuthResult AuthResult (Maybe AuthInfo) (Maybe AuthInfo)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthResult' {Maybe AuthInfo
authInfo :: Maybe AuthInfo
$sel:authInfo:AuthResult' :: AuthResult -> Maybe AuthInfo
authInfo} -> Maybe AuthInfo
authInfo) (\s :: AuthResult
s@AuthResult' {} Maybe AuthInfo
a -> AuthResult
s {$sel:authInfo:AuthResult' :: Maybe AuthInfo
authInfo = Maybe AuthInfo
a} :: AuthResult)

instance Core.FromJSON AuthResult where
  parseJSON :: Value -> Parser AuthResult
parseJSON =
    String
-> (Object -> Parser AuthResult) -> Value -> Parser AuthResult
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"AuthResult"
      ( \Object
x ->
          Maybe Denied
-> Maybe AuthDecision
-> Maybe Allowed
-> Maybe [Text]
-> Maybe AuthInfo
-> AuthResult
AuthResult'
            (Maybe Denied
 -> Maybe AuthDecision
 -> Maybe Allowed
 -> Maybe [Text]
 -> Maybe AuthInfo
 -> AuthResult)
-> Parser (Maybe Denied)
-> Parser
     (Maybe AuthDecision
      -> Maybe Allowed -> Maybe [Text] -> Maybe AuthInfo -> AuthResult)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe Denied)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"denied")
            Parser
  (Maybe AuthDecision
   -> Maybe Allowed -> Maybe [Text] -> Maybe AuthInfo -> AuthResult)
-> Parser (Maybe AuthDecision)
-> Parser
     (Maybe Allowed -> Maybe [Text] -> Maybe AuthInfo -> AuthResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe AuthDecision)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authDecision")
            Parser
  (Maybe Allowed -> Maybe [Text] -> Maybe AuthInfo -> AuthResult)
-> Parser (Maybe Allowed)
-> Parser (Maybe [Text] -> Maybe AuthInfo -> AuthResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Allowed)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"allowed")
            Parser (Maybe [Text] -> Maybe AuthInfo -> AuthResult)
-> Parser (Maybe [Text]) -> Parser (Maybe AuthInfo -> AuthResult)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x Object -> Text -> Parser (Maybe (Maybe [Text]))
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"missingContextValues"
                            Parser (Maybe (Maybe [Text]))
-> Maybe [Text] -> Parser (Maybe [Text])
forall a. Parser (Maybe a) -> a -> Parser a
Core..!= Maybe [Text]
forall a. Monoid a => a
Prelude.mempty
                        )
            Parser (Maybe AuthInfo -> AuthResult)
-> Parser (Maybe AuthInfo) -> Parser AuthResult
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe AuthInfo)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"authInfo")
      )

instance Prelude.Hashable AuthResult

instance Prelude.NFData AuthResult