{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.SecurityHub.CreateMembers
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates a member association in Security Hub between the specified
-- accounts and the account used to make the request, which is the
-- administrator account. If you are integrated with Organizations, then
-- the administrator account is designated by the organization management
-- account.
--
-- @CreateMembers@ is always used to add accounts that are not organization
-- members.
--
-- For accounts that are managed using Organizations, @CreateMembers@ is
-- only used in the following cases:
--
-- -   Security Hub is not configured to automatically add new organization
--     accounts.
--
-- -   The account was disassociated or deleted in Security Hub.
--
-- This action can only be used by an account that has Security Hub
-- enabled. To enable Security Hub, you can use the @EnableSecurityHub@
-- operation.
--
-- For accounts that are not organization members, you create the account
-- association and then send an invitation to the member account. To send
-- the invitation, you use the @InviteMembers@ operation. If the account
-- owner accepts the invitation, the account becomes a member account in
-- Security Hub.
--
-- Accounts that are managed using Organizations do not receive an
-- invitation. They automatically become a member account in Security Hub.
--
-- -   If the organization account does not have Security Hub enabled, then
--     Security Hub and the default standards are automatically enabled.
--     Note that Security Hub cannot be enabled automatically for the
--     organization management account. The organization management account
--     must enable Security Hub before the administrator account enables it
--     as a member account.
--
-- -   For organization accounts that already have Security Hub enabled,
--     Security Hub does not make any other changes to those accounts. It
--     does not change their enabled standards or controls.
--
-- A permissions policy is added that permits the administrator account to
-- view the findings generated in the member account.
--
-- To remove the association between the administrator and member accounts,
-- use the @DisassociateFromMasterAccount@ or @DisassociateMembers@
-- operation.
module Amazonka.SecurityHub.CreateMembers
  ( -- * Creating a Request
    CreateMembers (..),
    newCreateMembers,

    -- * Request Lenses
    createMembers_accountDetails,

    -- * Destructuring the Response
    CreateMembersResponse (..),
    newCreateMembersResponse,

    -- * Response Lenses
    createMembersResponse_unprocessedAccounts,
    createMembersResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.SecurityHub.Types

-- | /See:/ 'newCreateMembers' smart constructor.
data CreateMembers = CreateMembers'
  { -- | The list of accounts to associate with the Security Hub administrator
    -- account. For each account, the list includes the account ID and
    -- optionally the email address.
    CreateMembers -> [AccountDetails]
accountDetails :: [AccountDetails]
  }
  deriving (CreateMembers -> CreateMembers -> Bool
(CreateMembers -> CreateMembers -> Bool)
-> (CreateMembers -> CreateMembers -> Bool) -> Eq CreateMembers
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateMembers -> CreateMembers -> Bool
$c/= :: CreateMembers -> CreateMembers -> Bool
== :: CreateMembers -> CreateMembers -> Bool
$c== :: CreateMembers -> CreateMembers -> Bool
Prelude.Eq, ReadPrec [CreateMembers]
ReadPrec CreateMembers
Int -> ReadS CreateMembers
ReadS [CreateMembers]
(Int -> ReadS CreateMembers)
-> ReadS [CreateMembers]
-> ReadPrec CreateMembers
-> ReadPrec [CreateMembers]
-> Read CreateMembers
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateMembers]
$creadListPrec :: ReadPrec [CreateMembers]
readPrec :: ReadPrec CreateMembers
$creadPrec :: ReadPrec CreateMembers
readList :: ReadS [CreateMembers]
$creadList :: ReadS [CreateMembers]
readsPrec :: Int -> ReadS CreateMembers
$creadsPrec :: Int -> ReadS CreateMembers
Prelude.Read, Int -> CreateMembers -> ShowS
[CreateMembers] -> ShowS
CreateMembers -> String
(Int -> CreateMembers -> ShowS)
-> (CreateMembers -> String)
-> ([CreateMembers] -> ShowS)
-> Show CreateMembers
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateMembers] -> ShowS
$cshowList :: [CreateMembers] -> ShowS
show :: CreateMembers -> String
$cshow :: CreateMembers -> String
showsPrec :: Int -> CreateMembers -> ShowS
$cshowsPrec :: Int -> CreateMembers -> ShowS
Prelude.Show, (forall x. CreateMembers -> Rep CreateMembers x)
-> (forall x. Rep CreateMembers x -> CreateMembers)
-> Generic CreateMembers
forall x. Rep CreateMembers x -> CreateMembers
forall x. CreateMembers -> Rep CreateMembers x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateMembers x -> CreateMembers
$cfrom :: forall x. CreateMembers -> Rep CreateMembers x
Prelude.Generic)

-- |
-- Create a value of 'CreateMembers' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'accountDetails', 'createMembers_accountDetails' - The list of accounts to associate with the Security Hub administrator
-- account. For each account, the list includes the account ID and
-- optionally the email address.
newCreateMembers ::
  CreateMembers
newCreateMembers :: CreateMembers
newCreateMembers =
  CreateMembers' :: [AccountDetails] -> CreateMembers
CreateMembers' {$sel:accountDetails:CreateMembers' :: [AccountDetails]
accountDetails = [AccountDetails]
forall a. Monoid a => a
Prelude.mempty}

-- | The list of accounts to associate with the Security Hub administrator
-- account. For each account, the list includes the account ID and
-- optionally the email address.
createMembers_accountDetails :: Lens.Lens' CreateMembers [AccountDetails]
createMembers_accountDetails :: ([AccountDetails] -> f [AccountDetails])
-> CreateMembers -> f CreateMembers
createMembers_accountDetails = (CreateMembers -> [AccountDetails])
-> (CreateMembers -> [AccountDetails] -> CreateMembers)
-> Lens
     CreateMembers CreateMembers [AccountDetails] [AccountDetails]
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateMembers' {[AccountDetails]
accountDetails :: [AccountDetails]
$sel:accountDetails:CreateMembers' :: CreateMembers -> [AccountDetails]
accountDetails} -> [AccountDetails]
accountDetails) (\s :: CreateMembers
s@CreateMembers' {} [AccountDetails]
a -> CreateMembers
s {$sel:accountDetails:CreateMembers' :: [AccountDetails]
accountDetails = [AccountDetails]
a} :: CreateMembers) (([AccountDetails] -> f [AccountDetails])
 -> CreateMembers -> f CreateMembers)
-> (([AccountDetails] -> f [AccountDetails])
    -> [AccountDetails] -> f [AccountDetails])
-> ([AccountDetails] -> f [AccountDetails])
-> CreateMembers
-> f CreateMembers
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. ([AccountDetails] -> f [AccountDetails])
-> [AccountDetails] -> f [AccountDetails]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

instance Core.AWSRequest CreateMembers where
  type
    AWSResponse CreateMembers =
      CreateMembersResponse
  request :: CreateMembers -> Request CreateMembers
request = Service -> CreateMembers -> Request CreateMembers
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy CreateMembers
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateMembers)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse CreateMembers))
-> Logger
-> Service
-> Proxy CreateMembers
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateMembers)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe [Result] -> Int -> CreateMembersResponse
CreateMembersResponse'
            (Maybe [Result] -> Int -> CreateMembersResponse)
-> Either String (Maybe [Result])
-> Either String (Int -> CreateMembersResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ( Object
x Object -> Key -> Either String (Maybe (Maybe [Result]))
forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Core..?> Key
"UnprocessedAccounts"
                            Either String (Maybe (Maybe [Result]))
-> Maybe [Result] -> Either String (Maybe [Result])
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ Maybe [Result]
forall a. Monoid a => a
Prelude.mempty
                        )
            Either String (Int -> CreateMembersResponse)
-> Either String Int -> Either String CreateMembersResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable CreateMembers

instance Prelude.NFData CreateMembers

instance Core.ToHeaders CreateMembers where
  toHeaders :: CreateMembers -> ResponseHeaders
toHeaders =
    ResponseHeaders -> CreateMembers -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON CreateMembers where
  toJSON :: CreateMembers -> Value
toJSON CreateMembers' {[AccountDetails]
accountDetails :: [AccountDetails]
$sel:accountDetails:CreateMembers' :: CreateMembers -> [AccountDetails]
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Key
"AccountDetails" Key -> [AccountDetails] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Core..= [AccountDetails]
accountDetails)
          ]
      )

instance Core.ToPath CreateMembers where
  toPath :: CreateMembers -> ByteString
toPath = ByteString -> CreateMembers -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/members"

instance Core.ToQuery CreateMembers where
  toQuery :: CreateMembers -> QueryString
toQuery = QueryString -> CreateMembers -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newCreateMembersResponse' smart constructor.
data CreateMembersResponse = CreateMembersResponse'
  { -- | The list of Amazon Web Services accounts that were not processed. For
    -- each account, the list includes the account ID and the email address.
    CreateMembersResponse -> Maybe [Result]
unprocessedAccounts :: Prelude.Maybe [Result],
    -- | The response's http status code.
    CreateMembersResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (CreateMembersResponse -> CreateMembersResponse -> Bool
(CreateMembersResponse -> CreateMembersResponse -> Bool)
-> (CreateMembersResponse -> CreateMembersResponse -> Bool)
-> Eq CreateMembersResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateMembersResponse -> CreateMembersResponse -> Bool
$c/= :: CreateMembersResponse -> CreateMembersResponse -> Bool
== :: CreateMembersResponse -> CreateMembersResponse -> Bool
$c== :: CreateMembersResponse -> CreateMembersResponse -> Bool
Prelude.Eq, ReadPrec [CreateMembersResponse]
ReadPrec CreateMembersResponse
Int -> ReadS CreateMembersResponse
ReadS [CreateMembersResponse]
(Int -> ReadS CreateMembersResponse)
-> ReadS [CreateMembersResponse]
-> ReadPrec CreateMembersResponse
-> ReadPrec [CreateMembersResponse]
-> Read CreateMembersResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateMembersResponse]
$creadListPrec :: ReadPrec [CreateMembersResponse]
readPrec :: ReadPrec CreateMembersResponse
$creadPrec :: ReadPrec CreateMembersResponse
readList :: ReadS [CreateMembersResponse]
$creadList :: ReadS [CreateMembersResponse]
readsPrec :: Int -> ReadS CreateMembersResponse
$creadsPrec :: Int -> ReadS CreateMembersResponse
Prelude.Read, Int -> CreateMembersResponse -> ShowS
[CreateMembersResponse] -> ShowS
CreateMembersResponse -> String
(Int -> CreateMembersResponse -> ShowS)
-> (CreateMembersResponse -> String)
-> ([CreateMembersResponse] -> ShowS)
-> Show CreateMembersResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateMembersResponse] -> ShowS
$cshowList :: [CreateMembersResponse] -> ShowS
show :: CreateMembersResponse -> String
$cshow :: CreateMembersResponse -> String
showsPrec :: Int -> CreateMembersResponse -> ShowS
$cshowsPrec :: Int -> CreateMembersResponse -> ShowS
Prelude.Show, (forall x. CreateMembersResponse -> Rep CreateMembersResponse x)
-> (forall x. Rep CreateMembersResponse x -> CreateMembersResponse)
-> Generic CreateMembersResponse
forall x. Rep CreateMembersResponse x -> CreateMembersResponse
forall x. CreateMembersResponse -> Rep CreateMembersResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateMembersResponse x -> CreateMembersResponse
$cfrom :: forall x. CreateMembersResponse -> Rep CreateMembersResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateMembersResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'unprocessedAccounts', 'createMembersResponse_unprocessedAccounts' - The list of Amazon Web Services accounts that were not processed. For
-- each account, the list includes the account ID and the email address.
--
-- 'httpStatus', 'createMembersResponse_httpStatus' - The response's http status code.
newCreateMembersResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  CreateMembersResponse
newCreateMembersResponse :: Int -> CreateMembersResponse
newCreateMembersResponse Int
pHttpStatus_ =
  CreateMembersResponse' :: Maybe [Result] -> Int -> CreateMembersResponse
CreateMembersResponse'
    { $sel:unprocessedAccounts:CreateMembersResponse' :: Maybe [Result]
unprocessedAccounts =
        Maybe [Result]
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:CreateMembersResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The list of Amazon Web Services accounts that were not processed. For
-- each account, the list includes the account ID and the email address.
createMembersResponse_unprocessedAccounts :: Lens.Lens' CreateMembersResponse (Prelude.Maybe [Result])
createMembersResponse_unprocessedAccounts :: (Maybe [Result] -> f (Maybe [Result]))
-> CreateMembersResponse -> f CreateMembersResponse
createMembersResponse_unprocessedAccounts = (CreateMembersResponse -> Maybe [Result])
-> (CreateMembersResponse
    -> Maybe [Result] -> CreateMembersResponse)
-> Lens
     CreateMembersResponse
     CreateMembersResponse
     (Maybe [Result])
     (Maybe [Result])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateMembersResponse' {Maybe [Result]
unprocessedAccounts :: Maybe [Result]
$sel:unprocessedAccounts:CreateMembersResponse' :: CreateMembersResponse -> Maybe [Result]
unprocessedAccounts} -> Maybe [Result]
unprocessedAccounts) (\s :: CreateMembersResponse
s@CreateMembersResponse' {} Maybe [Result]
a -> CreateMembersResponse
s {$sel:unprocessedAccounts:CreateMembersResponse' :: Maybe [Result]
unprocessedAccounts = Maybe [Result]
a} :: CreateMembersResponse) ((Maybe [Result] -> f (Maybe [Result]))
 -> CreateMembersResponse -> f CreateMembersResponse)
-> ((Maybe [Result] -> f (Maybe [Result]))
    -> Maybe [Result] -> f (Maybe [Result]))
-> (Maybe [Result] -> f (Maybe [Result]))
-> CreateMembersResponse
-> f CreateMembersResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Result] [Result] [Result] [Result]
-> Iso
     (Maybe [Result]) (Maybe [Result]) (Maybe [Result]) (Maybe [Result])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Result] [Result] [Result] [Result]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The response's http status code.
createMembersResponse_httpStatus :: Lens.Lens' CreateMembersResponse Prelude.Int
createMembersResponse_httpStatus :: (Int -> f Int) -> CreateMembersResponse -> f CreateMembersResponse
createMembersResponse_httpStatus = (CreateMembersResponse -> Int)
-> (CreateMembersResponse -> Int -> CreateMembersResponse)
-> Lens CreateMembersResponse CreateMembersResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateMembersResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateMembersResponse' :: CreateMembersResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateMembersResponse
s@CreateMembersResponse' {} Int
a -> CreateMembersResponse
s {$sel:httpStatus:CreateMembersResponse' :: Int
httpStatus = Int
a} :: CreateMembersResponse)

instance Prelude.NFData CreateMembersResponse