{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.SSO.GetRoleCredentials
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns the STS short-term credentials for a given role name that is
-- assigned to the user.
module Amazonka.SSO.GetRoleCredentials
  ( -- * Creating a Request
    GetRoleCredentials (..),
    newGetRoleCredentials,

    -- * Request Lenses
    getRoleCredentials_roleName,
    getRoleCredentials_accountId,
    getRoleCredentials_accessToken,

    -- * Destructuring the Response
    GetRoleCredentialsResponse (..),
    newGetRoleCredentialsResponse,

    -- * Response Lenses
    getRoleCredentialsResponse_roleCredentials,
    getRoleCredentialsResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.SSO.Types

-- | /See:/ 'newGetRoleCredentials' smart constructor.
data GetRoleCredentials = GetRoleCredentials'
  { -- | The friendly name of the role that is assigned to the user.
    GetRoleCredentials -> Text
roleName :: Prelude.Text,
    -- | The identifier for the AWS account that is assigned to the user.
    GetRoleCredentials -> Text
accountId :: Prelude.Text,
    -- | The token issued by the @CreateToken@ API call. For more information,
    -- see
    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
    -- in the /AWS SSO OIDC API Reference Guide/.
    GetRoleCredentials -> Sensitive Text
accessToken :: Core.Sensitive Prelude.Text
  }
  deriving (GetRoleCredentials -> GetRoleCredentials -> Bool
(GetRoleCredentials -> GetRoleCredentials -> Bool)
-> (GetRoleCredentials -> GetRoleCredentials -> Bool)
-> Eq GetRoleCredentials
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetRoleCredentials -> GetRoleCredentials -> Bool
$c/= :: GetRoleCredentials -> GetRoleCredentials -> Bool
== :: GetRoleCredentials -> GetRoleCredentials -> Bool
$c== :: GetRoleCredentials -> GetRoleCredentials -> Bool
Prelude.Eq, Int -> GetRoleCredentials -> ShowS
[GetRoleCredentials] -> ShowS
GetRoleCredentials -> String
(Int -> GetRoleCredentials -> ShowS)
-> (GetRoleCredentials -> String)
-> ([GetRoleCredentials] -> ShowS)
-> Show GetRoleCredentials
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetRoleCredentials] -> ShowS
$cshowList :: [GetRoleCredentials] -> ShowS
show :: GetRoleCredentials -> String
$cshow :: GetRoleCredentials -> String
showsPrec :: Int -> GetRoleCredentials -> ShowS
$cshowsPrec :: Int -> GetRoleCredentials -> ShowS
Prelude.Show, (forall x. GetRoleCredentials -> Rep GetRoleCredentials x)
-> (forall x. Rep GetRoleCredentials x -> GetRoleCredentials)
-> Generic GetRoleCredentials
forall x. Rep GetRoleCredentials x -> GetRoleCredentials
forall x. GetRoleCredentials -> Rep GetRoleCredentials x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetRoleCredentials x -> GetRoleCredentials
$cfrom :: forall x. GetRoleCredentials -> Rep GetRoleCredentials x
Prelude.Generic)

-- |
-- Create a value of 'GetRoleCredentials' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'roleName', 'getRoleCredentials_roleName' - The friendly name of the role that is assigned to the user.
--
-- 'accountId', 'getRoleCredentials_accountId' - The identifier for the AWS account that is assigned to the user.
--
-- 'accessToken', 'getRoleCredentials_accessToken' - The token issued by the @CreateToken@ API call. For more information,
-- see
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
-- in the /AWS SSO OIDC API Reference Guide/.
newGetRoleCredentials ::
  -- | 'roleName'
  Prelude.Text ->
  -- | 'accountId'
  Prelude.Text ->
  -- | 'accessToken'
  Prelude.Text ->
  GetRoleCredentials
newGetRoleCredentials :: Text -> Text -> Text -> GetRoleCredentials
newGetRoleCredentials
  Text
pRoleName_
  Text
pAccountId_
  Text
pAccessToken_ =
    GetRoleCredentials' :: Text -> Text -> Sensitive Text -> GetRoleCredentials
GetRoleCredentials'
      { $sel:roleName:GetRoleCredentials' :: Text
roleName = Text
pRoleName_,
        $sel:accountId:GetRoleCredentials' :: Text
accountId = Text
pAccountId_,
        $sel:accessToken:GetRoleCredentials' :: Sensitive Text
accessToken = Tagged Text (Identity Text)
-> Tagged (Sensitive Text) (Identity (Sensitive Text))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Tagged Text (Identity Text)
 -> Tagged (Sensitive Text) (Identity (Sensitive Text)))
-> Text -> Sensitive Text
forall t b. AReview t b -> b -> t
Lens.# Text
pAccessToken_
      }

-- | The friendly name of the role that is assigned to the user.
getRoleCredentials_roleName :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_roleName :: (Text -> f Text) -> GetRoleCredentials -> f GetRoleCredentials
getRoleCredentials_roleName = (GetRoleCredentials -> Text)
-> (GetRoleCredentials -> Text -> GetRoleCredentials)
-> Lens GetRoleCredentials GetRoleCredentials Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Text
roleName :: Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
roleName} -> Text
roleName) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Text
a -> GetRoleCredentials
s {$sel:roleName:GetRoleCredentials' :: Text
roleName = Text
a} :: GetRoleCredentials)

-- | The identifier for the AWS account that is assigned to the user.
getRoleCredentials_accountId :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_accountId :: (Text -> f Text) -> GetRoleCredentials -> f GetRoleCredentials
getRoleCredentials_accountId = (GetRoleCredentials -> Text)
-> (GetRoleCredentials -> Text -> GetRoleCredentials)
-> Lens GetRoleCredentials GetRoleCredentials Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Text
accountId :: Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
accountId} -> Text
accountId) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Text
a -> GetRoleCredentials
s {$sel:accountId:GetRoleCredentials' :: Text
accountId = Text
a} :: GetRoleCredentials)

-- | The token issued by the @CreateToken@ API call. For more information,
-- see
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
-- in the /AWS SSO OIDC API Reference Guide/.
getRoleCredentials_accessToken :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_accessToken :: (Text -> f Text) -> GetRoleCredentials -> f GetRoleCredentials
getRoleCredentials_accessToken = (GetRoleCredentials -> Sensitive Text)
-> (GetRoleCredentials -> Sensitive Text -> GetRoleCredentials)
-> Lens
     GetRoleCredentials
     GetRoleCredentials
     (Sensitive Text)
     (Sensitive Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Sensitive Text
accessToken :: Sensitive Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
accessToken} -> Sensitive Text
accessToken) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Sensitive Text
a -> GetRoleCredentials
s {$sel:accessToken:GetRoleCredentials' :: Sensitive Text
accessToken = Sensitive Text
a} :: GetRoleCredentials) ((Sensitive Text -> f (Sensitive Text))
 -> GetRoleCredentials -> f GetRoleCredentials)
-> ((Text -> f Text) -> Sensitive Text -> f (Sensitive Text))
-> (Text -> f Text)
-> GetRoleCredentials
-> f GetRoleCredentials
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (Text -> f Text) -> Sensitive Text -> f (Sensitive Text)
forall a. Iso' (Sensitive a) a
Core._Sensitive

instance Core.AWSRequest GetRoleCredentials where
  type
    AWSResponse GetRoleCredentials =
      GetRoleCredentialsResponse
  request :: GetRoleCredentials -> Request GetRoleCredentials
request = Service -> GetRoleCredentials -> Request GetRoleCredentials
forall a. ToRequest a => Service -> a -> Request a
Request.get Service
defaultService
  response :: Logger
-> Service
-> Proxy GetRoleCredentials
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse GetRoleCredentials)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse GetRoleCredentials))
-> Logger
-> Service
-> Proxy GetRoleCredentials
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse GetRoleCredentials)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe RoleCredentials -> Int -> GetRoleCredentialsResponse
GetRoleCredentialsResponse'
            (Maybe RoleCredentials -> Int -> GetRoleCredentialsResponse)
-> Either String (Maybe RoleCredentials)
-> Either String (Int -> GetRoleCredentialsResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe RoleCredentials)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"roleCredentials")
            Either String (Int -> GetRoleCredentialsResponse)
-> Either String Int -> Either String GetRoleCredentialsResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable GetRoleCredentials

instance Prelude.NFData GetRoleCredentials

instance Core.ToHeaders GetRoleCredentials where
  toHeaders :: GetRoleCredentials -> ResponseHeaders
toHeaders GetRoleCredentials' {Text
Sensitive Text
accessToken :: Sensitive Text
accountId :: Text
roleName :: Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
..} =
    [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ HeaderName
"x-amz-sso_bearer_token" HeaderName -> Sensitive Text -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# Sensitive Text
accessToken,
        HeaderName
"Content-Type"
          HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# (ByteString
"application/x-amz-json-1.1" :: Prelude.ByteString)
      ]

instance Core.ToPath GetRoleCredentials where
  toPath :: GetRoleCredentials -> ByteString
toPath = ByteString -> GetRoleCredentials -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/federation/credentials"

instance Core.ToQuery GetRoleCredentials where
  toQuery :: GetRoleCredentials -> QueryString
toQuery GetRoleCredentials' {Text
Sensitive Text
accessToken :: Sensitive Text
accountId :: Text
roleName :: Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
..} =
    [QueryString] -> QueryString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"role_name" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
roleName,
        ByteString
"account_id" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
accountId
      ]

-- | /See:/ 'newGetRoleCredentialsResponse' smart constructor.
data GetRoleCredentialsResponse = GetRoleCredentialsResponse'
  { -- | The credentials for the role that is assigned to the user.
    GetRoleCredentialsResponse -> Maybe RoleCredentials
roleCredentials :: Prelude.Maybe RoleCredentials,
    -- | The response's http status code.
    GetRoleCredentialsResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
(GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool)
-> (GetRoleCredentialsResponse
    -> GetRoleCredentialsResponse -> Bool)
-> Eq GetRoleCredentialsResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
$c/= :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
== :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
$c== :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
Prelude.Eq, Int -> GetRoleCredentialsResponse -> ShowS
[GetRoleCredentialsResponse] -> ShowS
GetRoleCredentialsResponse -> String
(Int -> GetRoleCredentialsResponse -> ShowS)
-> (GetRoleCredentialsResponse -> String)
-> ([GetRoleCredentialsResponse] -> ShowS)
-> Show GetRoleCredentialsResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetRoleCredentialsResponse] -> ShowS
$cshowList :: [GetRoleCredentialsResponse] -> ShowS
show :: GetRoleCredentialsResponse -> String
$cshow :: GetRoleCredentialsResponse -> String
showsPrec :: Int -> GetRoleCredentialsResponse -> ShowS
$cshowsPrec :: Int -> GetRoleCredentialsResponse -> ShowS
Prelude.Show, (forall x.
 GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x)
-> (forall x.
    Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse)
-> Generic GetRoleCredentialsResponse
forall x.
Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse
forall x.
GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse
$cfrom :: forall x.
GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x
Prelude.Generic)

-- |
-- Create a value of 'GetRoleCredentialsResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'roleCredentials', 'getRoleCredentialsResponse_roleCredentials' - The credentials for the role that is assigned to the user.
--
-- 'httpStatus', 'getRoleCredentialsResponse_httpStatus' - The response's http status code.
newGetRoleCredentialsResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GetRoleCredentialsResponse
newGetRoleCredentialsResponse :: Int -> GetRoleCredentialsResponse
newGetRoleCredentialsResponse Int
pHttpStatus_ =
  GetRoleCredentialsResponse' :: Maybe RoleCredentials -> Int -> GetRoleCredentialsResponse
GetRoleCredentialsResponse'
    { $sel:roleCredentials:GetRoleCredentialsResponse' :: Maybe RoleCredentials
roleCredentials =
        Maybe RoleCredentials
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:GetRoleCredentialsResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The credentials for the role that is assigned to the user.
getRoleCredentialsResponse_roleCredentials :: Lens.Lens' GetRoleCredentialsResponse (Prelude.Maybe RoleCredentials)
getRoleCredentialsResponse_roleCredentials :: (Maybe RoleCredentials -> f (Maybe RoleCredentials))
-> GetRoleCredentialsResponse -> f GetRoleCredentialsResponse
getRoleCredentialsResponse_roleCredentials = (GetRoleCredentialsResponse -> Maybe RoleCredentials)
-> (GetRoleCredentialsResponse
    -> Maybe RoleCredentials -> GetRoleCredentialsResponse)
-> Lens
     GetRoleCredentialsResponse
     GetRoleCredentialsResponse
     (Maybe RoleCredentials)
     (Maybe RoleCredentials)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentialsResponse' {Maybe RoleCredentials
roleCredentials :: Maybe RoleCredentials
$sel:roleCredentials:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> Maybe RoleCredentials
roleCredentials} -> Maybe RoleCredentials
roleCredentials) (\s :: GetRoleCredentialsResponse
s@GetRoleCredentialsResponse' {} Maybe RoleCredentials
a -> GetRoleCredentialsResponse
s {$sel:roleCredentials:GetRoleCredentialsResponse' :: Maybe RoleCredentials
roleCredentials = Maybe RoleCredentials
a} :: GetRoleCredentialsResponse)

-- | The response's http status code.
getRoleCredentialsResponse_httpStatus :: Lens.Lens' GetRoleCredentialsResponse Prelude.Int
getRoleCredentialsResponse_httpStatus :: (Int -> f Int)
-> GetRoleCredentialsResponse -> f GetRoleCredentialsResponse
getRoleCredentialsResponse_httpStatus = (GetRoleCredentialsResponse -> Int)
-> (GetRoleCredentialsResponse
    -> Int -> GetRoleCredentialsResponse)
-> Lens
     GetRoleCredentialsResponse GetRoleCredentialsResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentialsResponse' {Int
httpStatus :: Int
$sel:httpStatus:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GetRoleCredentialsResponse
s@GetRoleCredentialsResponse' {} Int
a -> GetRoleCredentialsResponse
s {$sel:httpStatus:GetRoleCredentialsResponse' :: Int
httpStatus = Int
a} :: GetRoleCredentialsResponse)

instance Prelude.NFData GetRoleCredentialsResponse