{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.OpsWorks.SetPermission
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Specifies a user\'s permissions. For more information, see
-- <https://docs.aws.amazon.com/opsworks/latest/userguide/workingsecurity.html Security and Permissions>.
--
-- __Required Permissions__: To use this action, an IAM user must have a
-- Manage permissions level for the stack, or an attached policy that
-- explicitly grants permissions. For more information on user permissions,
-- see
-- <https://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users.html Managing User Permissions>.
module Amazonka.OpsWorks.SetPermission
  ( -- * Creating a Request
    SetPermission (..),
    newSetPermission,

    -- * Request Lenses
    setPermission_allowSudo,
    setPermission_level,
    setPermission_allowSsh,
    setPermission_stackId,
    setPermission_iamUserArn,

    -- * Destructuring the Response
    SetPermissionResponse (..),
    newSetPermissionResponse,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import Amazonka.OpsWorks.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newSetPermission' smart constructor.
data SetPermission = SetPermission'
  { -- | The user is allowed to use __sudo__ to elevate privileges.
    SetPermission -> Maybe Bool
allowSudo :: Prelude.Maybe Prelude.Bool,
    -- | The user\'s permission level, which must be set to one of the following
    -- strings. You cannot set your own permissions level.
    --
    -- -   @deny@
    --
    -- -   @show@
    --
    -- -   @deploy@
    --
    -- -   @manage@
    --
    -- -   @iam_only@
    --
    -- For more information about the permissions associated with these levels,
    -- see
    -- <https://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users.html Managing User Permissions>.
    SetPermission -> Maybe Text
level :: Prelude.Maybe Prelude.Text,
    -- | The user is allowed to use SSH to communicate with the instance.
    SetPermission -> Maybe Bool
allowSsh :: Prelude.Maybe Prelude.Bool,
    -- | The stack ID.
    SetPermission -> Text
stackId :: Prelude.Text,
    -- | The user\'s IAM ARN. This can also be a federated user\'s ARN.
    SetPermission -> Text
iamUserArn :: Prelude.Text
  }
  deriving (SetPermission -> SetPermission -> Bool
(SetPermission -> SetPermission -> Bool)
-> (SetPermission -> SetPermission -> Bool) -> Eq SetPermission
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: SetPermission -> SetPermission -> Bool
$c/= :: SetPermission -> SetPermission -> Bool
== :: SetPermission -> SetPermission -> Bool
$c== :: SetPermission -> SetPermission -> Bool
Prelude.Eq, ReadPrec [SetPermission]
ReadPrec SetPermission
Int -> ReadS SetPermission
ReadS [SetPermission]
(Int -> ReadS SetPermission)
-> ReadS [SetPermission]
-> ReadPrec SetPermission
-> ReadPrec [SetPermission]
-> Read SetPermission
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [SetPermission]
$creadListPrec :: ReadPrec [SetPermission]
readPrec :: ReadPrec SetPermission
$creadPrec :: ReadPrec SetPermission
readList :: ReadS [SetPermission]
$creadList :: ReadS [SetPermission]
readsPrec :: Int -> ReadS SetPermission
$creadsPrec :: Int -> ReadS SetPermission
Prelude.Read, Int -> SetPermission -> ShowS
[SetPermission] -> ShowS
SetPermission -> String
(Int -> SetPermission -> ShowS)
-> (SetPermission -> String)
-> ([SetPermission] -> ShowS)
-> Show SetPermission
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [SetPermission] -> ShowS
$cshowList :: [SetPermission] -> ShowS
show :: SetPermission -> String
$cshow :: SetPermission -> String
showsPrec :: Int -> SetPermission -> ShowS
$cshowsPrec :: Int -> SetPermission -> ShowS
Prelude.Show, (forall x. SetPermission -> Rep SetPermission x)
-> (forall x. Rep SetPermission x -> SetPermission)
-> Generic SetPermission
forall x. Rep SetPermission x -> SetPermission
forall x. SetPermission -> Rep SetPermission x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep SetPermission x -> SetPermission
$cfrom :: forall x. SetPermission -> Rep SetPermission x
Prelude.Generic)

-- |
-- Create a value of 'SetPermission' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'allowSudo', 'setPermission_allowSudo' - The user is allowed to use __sudo__ to elevate privileges.
--
-- 'level', 'setPermission_level' - The user\'s permission level, which must be set to one of the following
-- strings. You cannot set your own permissions level.
--
-- -   @deny@
--
-- -   @show@
--
-- -   @deploy@
--
-- -   @manage@
--
-- -   @iam_only@
--
-- For more information about the permissions associated with these levels,
-- see
-- <https://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users.html Managing User Permissions>.
--
-- 'allowSsh', 'setPermission_allowSsh' - The user is allowed to use SSH to communicate with the instance.
--
-- 'stackId', 'setPermission_stackId' - The stack ID.
--
-- 'iamUserArn', 'setPermission_iamUserArn' - The user\'s IAM ARN. This can also be a federated user\'s ARN.
newSetPermission ::
  -- | 'stackId'
  Prelude.Text ->
  -- | 'iamUserArn'
  Prelude.Text ->
  SetPermission
newSetPermission :: Text -> Text -> SetPermission
newSetPermission Text
pStackId_ Text
pIamUserArn_ =
  SetPermission' :: Maybe Bool
-> Maybe Text -> Maybe Bool -> Text -> Text -> SetPermission
SetPermission'
    { $sel:allowSudo:SetPermission' :: Maybe Bool
allowSudo = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:level:SetPermission' :: Maybe Text
level = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:allowSsh:SetPermission' :: Maybe Bool
allowSsh = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:stackId:SetPermission' :: Text
stackId = Text
pStackId_,
      $sel:iamUserArn:SetPermission' :: Text
iamUserArn = Text
pIamUserArn_
    }

-- | The user is allowed to use __sudo__ to elevate privileges.
setPermission_allowSudo :: Lens.Lens' SetPermission (Prelude.Maybe Prelude.Bool)
setPermission_allowSudo :: (Maybe Bool -> f (Maybe Bool)) -> SetPermission -> f SetPermission
setPermission_allowSudo = (SetPermission -> Maybe Bool)
-> (SetPermission -> Maybe Bool -> SetPermission)
-> Lens SetPermission SetPermission (Maybe Bool) (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\SetPermission' {Maybe Bool
allowSudo :: Maybe Bool
$sel:allowSudo:SetPermission' :: SetPermission -> Maybe Bool
allowSudo} -> Maybe Bool
allowSudo) (\s :: SetPermission
s@SetPermission' {} Maybe Bool
a -> SetPermission
s {$sel:allowSudo:SetPermission' :: Maybe Bool
allowSudo = Maybe Bool
a} :: SetPermission)

-- | The user\'s permission level, which must be set to one of the following
-- strings. You cannot set your own permissions level.
--
-- -   @deny@
--
-- -   @show@
--
-- -   @deploy@
--
-- -   @manage@
--
-- -   @iam_only@
--
-- For more information about the permissions associated with these levels,
-- see
-- <https://docs.aws.amazon.com/opsworks/latest/userguide/opsworks-security-users.html Managing User Permissions>.
setPermission_level :: Lens.Lens' SetPermission (Prelude.Maybe Prelude.Text)
setPermission_level :: (Maybe Text -> f (Maybe Text)) -> SetPermission -> f SetPermission
setPermission_level = (SetPermission -> Maybe Text)
-> (SetPermission -> Maybe Text -> SetPermission)
-> Lens SetPermission SetPermission (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\SetPermission' {Maybe Text
level :: Maybe Text
$sel:level:SetPermission' :: SetPermission -> Maybe Text
level} -> Maybe Text
level) (\s :: SetPermission
s@SetPermission' {} Maybe Text
a -> SetPermission
s {$sel:level:SetPermission' :: Maybe Text
level = Maybe Text
a} :: SetPermission)

-- | The user is allowed to use SSH to communicate with the instance.
setPermission_allowSsh :: Lens.Lens' SetPermission (Prelude.Maybe Prelude.Bool)
setPermission_allowSsh :: (Maybe Bool -> f (Maybe Bool)) -> SetPermission -> f SetPermission
setPermission_allowSsh = (SetPermission -> Maybe Bool)
-> (SetPermission -> Maybe Bool -> SetPermission)
-> Lens SetPermission SetPermission (Maybe Bool) (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\SetPermission' {Maybe Bool
allowSsh :: Maybe Bool
$sel:allowSsh:SetPermission' :: SetPermission -> Maybe Bool
allowSsh} -> Maybe Bool
allowSsh) (\s :: SetPermission
s@SetPermission' {} Maybe Bool
a -> SetPermission
s {$sel:allowSsh:SetPermission' :: Maybe Bool
allowSsh = Maybe Bool
a} :: SetPermission)

-- | The stack ID.
setPermission_stackId :: Lens.Lens' SetPermission Prelude.Text
setPermission_stackId :: (Text -> f Text) -> SetPermission -> f SetPermission
setPermission_stackId = (SetPermission -> Text)
-> (SetPermission -> Text -> SetPermission)
-> Lens SetPermission SetPermission Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\SetPermission' {Text
stackId :: Text
$sel:stackId:SetPermission' :: SetPermission -> Text
stackId} -> Text
stackId) (\s :: SetPermission
s@SetPermission' {} Text
a -> SetPermission
s {$sel:stackId:SetPermission' :: Text
stackId = Text
a} :: SetPermission)

-- | The user\'s IAM ARN. This can also be a federated user\'s ARN.
setPermission_iamUserArn :: Lens.Lens' SetPermission Prelude.Text
setPermission_iamUserArn :: (Text -> f Text) -> SetPermission -> f SetPermission
setPermission_iamUserArn = (SetPermission -> Text)
-> (SetPermission -> Text -> SetPermission)
-> Lens SetPermission SetPermission Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\SetPermission' {Text
iamUserArn :: Text
$sel:iamUserArn:SetPermission' :: SetPermission -> Text
iamUserArn} -> Text
iamUserArn) (\s :: SetPermission
s@SetPermission' {} Text
a -> SetPermission
s {$sel:iamUserArn:SetPermission' :: Text
iamUserArn = Text
a} :: SetPermission)

instance Core.AWSRequest SetPermission where
  type
    AWSResponse SetPermission =
      SetPermissionResponse
  request :: SetPermission -> Request SetPermission
request = Service -> SetPermission -> Request SetPermission
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy SetPermission
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse SetPermission)))
response =
    AWSResponse SetPermission
-> Logger
-> Service
-> Proxy SetPermission
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse SetPermission)))
forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull AWSResponse SetPermission
SetPermissionResponse
SetPermissionResponse'

instance Prelude.Hashable SetPermission

instance Prelude.NFData SetPermission

instance Core.ToHeaders SetPermission where
  toHeaders :: SetPermission -> [Header]
toHeaders =
    [Header] -> SetPermission -> [Header]
forall a b. a -> b -> a
Prelude.const
      ( [[Header]] -> [Header]
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"OpsWorks_20130218.SetPermission" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON SetPermission where
  toJSON :: SetPermission -> Value
toJSON SetPermission' {Maybe Bool
Maybe Text
Text
iamUserArn :: Text
stackId :: Text
allowSsh :: Maybe Bool
level :: Maybe Text
allowSudo :: Maybe Bool
$sel:iamUserArn:SetPermission' :: SetPermission -> Text
$sel:stackId:SetPermission' :: SetPermission -> Text
$sel:allowSsh:SetPermission' :: SetPermission -> Maybe Bool
$sel:level:SetPermission' :: SetPermission -> Maybe Text
$sel:allowSudo:SetPermission' :: SetPermission -> Maybe Bool
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"AllowSudo" Text -> Bool -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Bool -> Pair) -> Maybe Bool -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
allowSudo,
            (Text
"Level" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
level,
            (Text
"AllowSsh" Text -> Bool -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Bool -> Pair) -> Maybe Bool -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
allowSsh,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"StackId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
stackId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"IamUserArn" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
iamUserArn)
          ]
      )

instance Core.ToPath SetPermission where
  toPath :: SetPermission -> ByteString
toPath = ByteString -> SetPermission -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery SetPermission where
  toQuery :: SetPermission -> QueryString
toQuery = QueryString -> SetPermission -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newSetPermissionResponse' smart constructor.
data SetPermissionResponse = SetPermissionResponse'
  {
  }
  deriving (SetPermissionResponse -> SetPermissionResponse -> Bool
(SetPermissionResponse -> SetPermissionResponse -> Bool)
-> (SetPermissionResponse -> SetPermissionResponse -> Bool)
-> Eq SetPermissionResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: SetPermissionResponse -> SetPermissionResponse -> Bool
$c/= :: SetPermissionResponse -> SetPermissionResponse -> Bool
== :: SetPermissionResponse -> SetPermissionResponse -> Bool
$c== :: SetPermissionResponse -> SetPermissionResponse -> Bool
Prelude.Eq, ReadPrec [SetPermissionResponse]
ReadPrec SetPermissionResponse
Int -> ReadS SetPermissionResponse
ReadS [SetPermissionResponse]
(Int -> ReadS SetPermissionResponse)
-> ReadS [SetPermissionResponse]
-> ReadPrec SetPermissionResponse
-> ReadPrec [SetPermissionResponse]
-> Read SetPermissionResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [SetPermissionResponse]
$creadListPrec :: ReadPrec [SetPermissionResponse]
readPrec :: ReadPrec SetPermissionResponse
$creadPrec :: ReadPrec SetPermissionResponse
readList :: ReadS [SetPermissionResponse]
$creadList :: ReadS [SetPermissionResponse]
readsPrec :: Int -> ReadS SetPermissionResponse
$creadsPrec :: Int -> ReadS SetPermissionResponse
Prelude.Read, Int -> SetPermissionResponse -> ShowS
[SetPermissionResponse] -> ShowS
SetPermissionResponse -> String
(Int -> SetPermissionResponse -> ShowS)
-> (SetPermissionResponse -> String)
-> ([SetPermissionResponse] -> ShowS)
-> Show SetPermissionResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [SetPermissionResponse] -> ShowS
$cshowList :: [SetPermissionResponse] -> ShowS
show :: SetPermissionResponse -> String
$cshow :: SetPermissionResponse -> String
showsPrec :: Int -> SetPermissionResponse -> ShowS
$cshowsPrec :: Int -> SetPermissionResponse -> ShowS
Prelude.Show, (forall x. SetPermissionResponse -> Rep SetPermissionResponse x)
-> (forall x. Rep SetPermissionResponse x -> SetPermissionResponse)
-> Generic SetPermissionResponse
forall x. Rep SetPermissionResponse x -> SetPermissionResponse
forall x. SetPermissionResponse -> Rep SetPermissionResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep SetPermissionResponse x -> SetPermissionResponse
$cfrom :: forall x. SetPermissionResponse -> Rep SetPermissionResponse x
Prelude.Generic)

-- |
-- Create a value of 'SetPermissionResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newSetPermissionResponse ::
  SetPermissionResponse
newSetPermissionResponse :: SetPermissionResponse
newSetPermissionResponse = SetPermissionResponse
SetPermissionResponse'

instance Prelude.NFData SetPermissionResponse