{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.STS.DecodeAuthorizationMessage
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Decodes additional information about the authorization status of a
-- request from an encoded message returned in response to an Amazon Web
-- Services request.
--
-- For example, if a user is not authorized to perform an operation that he
-- or she has requested, the request returns a
-- @Client.UnauthorizedOperation@ response (an HTTP 403 response). Some
-- Amazon Web Services operations additionally return an encoded message
-- that can provide details about this authorization failure.
--
-- Only certain Amazon Web Services operations return an encoded
-- authorization message. The documentation for an individual operation
-- indicates whether that operation returns an encoded message in addition
-- to returning an HTTP code.
--
-- The message is encoded because the details of the authorization status
-- can constitute privileged information that the user who requested the
-- operation should not see. To decode an authorization status message, a
-- user must be granted permissions via an IAM policy to request the
-- @DecodeAuthorizationMessage@ (@sts:DecodeAuthorizationMessage@) action.
--
-- The decoded message includes the following type of information:
--
-- -   Whether the request was denied due to an explicit deny or due to the
--     absence of an explicit allow. For more information, see
--     <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow Determining Whether a Request is Allowed or Denied>
--     in the /IAM User Guide/.
--
-- -   The principal who made the request.
--
-- -   The requested action.
--
-- -   The requested resource.
--
-- -   The values of condition keys in the context of the user\'s request.
module Amazonka.STS.DecodeAuthorizationMessage
  ( -- * Creating a Request
    DecodeAuthorizationMessage (..),
    newDecodeAuthorizationMessage,

    -- * Request Lenses
    decodeAuthorizationMessage_encodedMessage,

    -- * Destructuring the Response
    DecodeAuthorizationMessageResponse (..),
    newDecodeAuthorizationMessageResponse,

    -- * Response Lenses
    decodeAuthorizationMessageResponse_decodedMessage,
    decodeAuthorizationMessageResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.STS.Types

-- | /See:/ 'newDecodeAuthorizationMessage' smart constructor.
data DecodeAuthorizationMessage = DecodeAuthorizationMessage'
  { -- | The encoded message that was returned with the response.
    DecodeAuthorizationMessage -> Text
encodedMessage :: Prelude.Text
  }
  deriving (DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
(DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool)
-> (DecodeAuthorizationMessage
    -> DecodeAuthorizationMessage -> Bool)
-> Eq DecodeAuthorizationMessage
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
$c/= :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
== :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
$c== :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
Prelude.Eq, ReadPrec [DecodeAuthorizationMessage]
ReadPrec DecodeAuthorizationMessage
Int -> ReadS DecodeAuthorizationMessage
ReadS [DecodeAuthorizationMessage]
(Int -> ReadS DecodeAuthorizationMessage)
-> ReadS [DecodeAuthorizationMessage]
-> ReadPrec DecodeAuthorizationMessage
-> ReadPrec [DecodeAuthorizationMessage]
-> Read DecodeAuthorizationMessage
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [DecodeAuthorizationMessage]
$creadListPrec :: ReadPrec [DecodeAuthorizationMessage]
readPrec :: ReadPrec DecodeAuthorizationMessage
$creadPrec :: ReadPrec DecodeAuthorizationMessage
readList :: ReadS [DecodeAuthorizationMessage]
$creadList :: ReadS [DecodeAuthorizationMessage]
readsPrec :: Int -> ReadS DecodeAuthorizationMessage
$creadsPrec :: Int -> ReadS DecodeAuthorizationMessage
Prelude.Read, Int -> DecodeAuthorizationMessage -> ShowS
[DecodeAuthorizationMessage] -> ShowS
DecodeAuthorizationMessage -> String
(Int -> DecodeAuthorizationMessage -> ShowS)
-> (DecodeAuthorizationMessage -> String)
-> ([DecodeAuthorizationMessage] -> ShowS)
-> Show DecodeAuthorizationMessage
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [DecodeAuthorizationMessage] -> ShowS
$cshowList :: [DecodeAuthorizationMessage] -> ShowS
show :: DecodeAuthorizationMessage -> String
$cshow :: DecodeAuthorizationMessage -> String
showsPrec :: Int -> DecodeAuthorizationMessage -> ShowS
$cshowsPrec :: Int -> DecodeAuthorizationMessage -> ShowS
Prelude.Show, (forall x.
 DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x)
-> (forall x.
    Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage)
-> Generic DecodeAuthorizationMessage
forall x.
Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage
forall x.
DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage
$cfrom :: forall x.
DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x
Prelude.Generic)

-- |
-- Create a value of 'DecodeAuthorizationMessage' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'encodedMessage', 'decodeAuthorizationMessage_encodedMessage' - The encoded message that was returned with the response.
newDecodeAuthorizationMessage ::
  -- | 'encodedMessage'
  Prelude.Text ->
  DecodeAuthorizationMessage
newDecodeAuthorizationMessage :: Text -> DecodeAuthorizationMessage
newDecodeAuthorizationMessage Text
pEncodedMessage_ =
  DecodeAuthorizationMessage' :: Text -> DecodeAuthorizationMessage
DecodeAuthorizationMessage'
    { $sel:encodedMessage:DecodeAuthorizationMessage' :: Text
encodedMessage =
        Text
pEncodedMessage_
    }

-- | The encoded message that was returned with the response.
decodeAuthorizationMessage_encodedMessage :: Lens.Lens' DecodeAuthorizationMessage Prelude.Text
decodeAuthorizationMessage_encodedMessage :: (Text -> f Text)
-> DecodeAuthorizationMessage -> f DecodeAuthorizationMessage
decodeAuthorizationMessage_encodedMessage = (DecodeAuthorizationMessage -> Text)
-> (DecodeAuthorizationMessage
    -> Text -> DecodeAuthorizationMessage)
-> Lens
     DecodeAuthorizationMessage DecodeAuthorizationMessage Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessage' {Text
encodedMessage :: Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
encodedMessage} -> Text
encodedMessage) (\s :: DecodeAuthorizationMessage
s@DecodeAuthorizationMessage' {} Text
a -> DecodeAuthorizationMessage
s {$sel:encodedMessage:DecodeAuthorizationMessage' :: Text
encodedMessage = Text
a} :: DecodeAuthorizationMessage)

instance Core.AWSRequest DecodeAuthorizationMessage where
  type
    AWSResponse DecodeAuthorizationMessage =
      DecodeAuthorizationMessageResponse
  request :: DecodeAuthorizationMessage -> Request DecodeAuthorizationMessage
request = Service
-> DecodeAuthorizationMessage -> Request DecodeAuthorizationMessage
forall a. ToRequest a => Service -> a -> Request a
Request.postQuery Service
defaultService
  response :: Logger
-> Service
-> Proxy DecodeAuthorizationMessage
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse DecodeAuthorizationMessage)))
response =
    Text
-> (Int
    -> ResponseHeaders
    -> [Node]
    -> Either String (AWSResponse DecodeAuthorizationMessage))
-> Logger
-> Service
-> Proxy DecodeAuthorizationMessage
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse DecodeAuthorizationMessage)))
forall (m :: * -> *) a.
MonadResource m =>
Text
-> (Int
    -> ResponseHeaders -> [Node] -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveXMLWrapper
      Text
"DecodeAuthorizationMessageResult"
      ( \Int
s ResponseHeaders
h [Node]
x ->
          Maybe Text -> Int -> DecodeAuthorizationMessageResponse
DecodeAuthorizationMessageResponse'
            (Maybe Text -> Int -> DecodeAuthorizationMessageResponse)
-> Either String (Maybe Text)
-> Either String (Int -> DecodeAuthorizationMessageResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"DecodedMessage")
            Either String (Int -> DecodeAuthorizationMessageResponse)
-> Either String Int
-> Either String DecodeAuthorizationMessageResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable DecodeAuthorizationMessage

instance Prelude.NFData DecodeAuthorizationMessage

instance Core.ToHeaders DecodeAuthorizationMessage where
  toHeaders :: DecodeAuthorizationMessage -> ResponseHeaders
toHeaders = ResponseHeaders -> DecodeAuthorizationMessage -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const ResponseHeaders
forall a. Monoid a => a
Prelude.mempty

instance Core.ToPath DecodeAuthorizationMessage where
  toPath :: DecodeAuthorizationMessage -> ByteString
toPath = ByteString -> DecodeAuthorizationMessage -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery DecodeAuthorizationMessage where
  toQuery :: DecodeAuthorizationMessage -> QueryString
toQuery DecodeAuthorizationMessage' {Text
encodedMessage :: Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
..} =
    [QueryString] -> QueryString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"Action"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: (ByteString
"DecodeAuthorizationMessage" :: Prelude.ByteString),
        ByteString
"Version"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: (ByteString
"2011-06-15" :: Prelude.ByteString),
        ByteString
"EncodedMessage" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
encodedMessage
      ]

-- | A document that contains additional information about the authorization
-- status of a request from an encoded message that is returned in response
-- to an Amazon Web Services request.
--
-- /See:/ 'newDecodeAuthorizationMessageResponse' smart constructor.
data DecodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse'
  { -- | An XML document that contains the decoded message.
    DecodeAuthorizationMessageResponse -> Maybe Text
decodedMessage :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    DecodeAuthorizationMessageResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
(DecodeAuthorizationMessageResponse
 -> DecodeAuthorizationMessageResponse -> Bool)
-> (DecodeAuthorizationMessageResponse
    -> DecodeAuthorizationMessageResponse -> Bool)
-> Eq DecodeAuthorizationMessageResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
$c/= :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
== :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
$c== :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
Prelude.Eq, ReadPrec [DecodeAuthorizationMessageResponse]
ReadPrec DecodeAuthorizationMessageResponse
Int -> ReadS DecodeAuthorizationMessageResponse
ReadS [DecodeAuthorizationMessageResponse]
(Int -> ReadS DecodeAuthorizationMessageResponse)
-> ReadS [DecodeAuthorizationMessageResponse]
-> ReadPrec DecodeAuthorizationMessageResponse
-> ReadPrec [DecodeAuthorizationMessageResponse]
-> Read DecodeAuthorizationMessageResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [DecodeAuthorizationMessageResponse]
$creadListPrec :: ReadPrec [DecodeAuthorizationMessageResponse]
readPrec :: ReadPrec DecodeAuthorizationMessageResponse
$creadPrec :: ReadPrec DecodeAuthorizationMessageResponse
readList :: ReadS [DecodeAuthorizationMessageResponse]
$creadList :: ReadS [DecodeAuthorizationMessageResponse]
readsPrec :: Int -> ReadS DecodeAuthorizationMessageResponse
$creadsPrec :: Int -> ReadS DecodeAuthorizationMessageResponse
Prelude.Read, Int -> DecodeAuthorizationMessageResponse -> ShowS
[DecodeAuthorizationMessageResponse] -> ShowS
DecodeAuthorizationMessageResponse -> String
(Int -> DecodeAuthorizationMessageResponse -> ShowS)
-> (DecodeAuthorizationMessageResponse -> String)
-> ([DecodeAuthorizationMessageResponse] -> ShowS)
-> Show DecodeAuthorizationMessageResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [DecodeAuthorizationMessageResponse] -> ShowS
$cshowList :: [DecodeAuthorizationMessageResponse] -> ShowS
show :: DecodeAuthorizationMessageResponse -> String
$cshow :: DecodeAuthorizationMessageResponse -> String
showsPrec :: Int -> DecodeAuthorizationMessageResponse -> ShowS
$cshowsPrec :: Int -> DecodeAuthorizationMessageResponse -> ShowS
Prelude.Show, (forall x.
 DecodeAuthorizationMessageResponse
 -> Rep DecodeAuthorizationMessageResponse x)
-> (forall x.
    Rep DecodeAuthorizationMessageResponse x
    -> DecodeAuthorizationMessageResponse)
-> Generic DecodeAuthorizationMessageResponse
forall x.
Rep DecodeAuthorizationMessageResponse x
-> DecodeAuthorizationMessageResponse
forall x.
DecodeAuthorizationMessageResponse
-> Rep DecodeAuthorizationMessageResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep DecodeAuthorizationMessageResponse x
-> DecodeAuthorizationMessageResponse
$cfrom :: forall x.
DecodeAuthorizationMessageResponse
-> Rep DecodeAuthorizationMessageResponse x
Prelude.Generic)

-- |
-- Create a value of 'DecodeAuthorizationMessageResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'decodedMessage', 'decodeAuthorizationMessageResponse_decodedMessage' - An XML document that contains the decoded message.
--
-- 'httpStatus', 'decodeAuthorizationMessageResponse_httpStatus' - The response's http status code.
newDecodeAuthorizationMessageResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  DecodeAuthorizationMessageResponse
newDecodeAuthorizationMessageResponse :: Int -> DecodeAuthorizationMessageResponse
newDecodeAuthorizationMessageResponse Int
pHttpStatus_ =
  DecodeAuthorizationMessageResponse' :: Maybe Text -> Int -> DecodeAuthorizationMessageResponse
DecodeAuthorizationMessageResponse'
    { $sel:decodedMessage:DecodeAuthorizationMessageResponse' :: Maybe Text
decodedMessage =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:DecodeAuthorizationMessageResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | An XML document that contains the decoded message.
decodeAuthorizationMessageResponse_decodedMessage :: Lens.Lens' DecodeAuthorizationMessageResponse (Prelude.Maybe Prelude.Text)
decodeAuthorizationMessageResponse_decodedMessage :: (Maybe Text -> f (Maybe Text))
-> DecodeAuthorizationMessageResponse
-> f DecodeAuthorizationMessageResponse
decodeAuthorizationMessageResponse_decodedMessage = (DecodeAuthorizationMessageResponse -> Maybe Text)
-> (DecodeAuthorizationMessageResponse
    -> Maybe Text -> DecodeAuthorizationMessageResponse)
-> Lens
     DecodeAuthorizationMessageResponse
     DecodeAuthorizationMessageResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessageResponse' {Maybe Text
decodedMessage :: Maybe Text
$sel:decodedMessage:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Maybe Text
decodedMessage} -> Maybe Text
decodedMessage) (\s :: DecodeAuthorizationMessageResponse
s@DecodeAuthorizationMessageResponse' {} Maybe Text
a -> DecodeAuthorizationMessageResponse
s {$sel:decodedMessage:DecodeAuthorizationMessageResponse' :: Maybe Text
decodedMessage = Maybe Text
a} :: DecodeAuthorizationMessageResponse)

-- | The response's http status code.
decodeAuthorizationMessageResponse_httpStatus :: Lens.Lens' DecodeAuthorizationMessageResponse Prelude.Int
decodeAuthorizationMessageResponse_httpStatus :: (Int -> f Int)
-> DecodeAuthorizationMessageResponse
-> f DecodeAuthorizationMessageResponse
decodeAuthorizationMessageResponse_httpStatus = (DecodeAuthorizationMessageResponse -> Int)
-> (DecodeAuthorizationMessageResponse
    -> Int -> DecodeAuthorizationMessageResponse)
-> Lens
     DecodeAuthorizationMessageResponse
     DecodeAuthorizationMessageResponse
     Int
     Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessageResponse' {Int
httpStatus :: Int
$sel:httpStatus:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: DecodeAuthorizationMessageResponse
s@DecodeAuthorizationMessageResponse' {} Int
a -> DecodeAuthorizationMessageResponse
s {$sel:httpStatus:DecodeAuthorizationMessageResponse' :: Int
httpStatus = Int
a} :: DecodeAuthorizationMessageResponse)

instance
  Prelude.NFData
    DecodeAuthorizationMessageResponse