{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.STS.Types
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.STS.Types
  ( -- * Service Configuration
    defaultService,

    -- * Errors
    _MalformedPolicyDocumentException,
    _InvalidAuthorizationMessageException,
    _PackedPolicyTooLargeException,
    _RegionDisabledException,
    _IDPCommunicationErrorException,
    _InvalidIdentityTokenException,
    _ExpiredTokenException,
    _IDPRejectedClaimException,

    -- * AssumedRoleUser
    AssumedRoleUser (..),
    newAssumedRoleUser,
    assumedRoleUser_assumedRoleId,
    assumedRoleUser_arn,

    -- * FederatedUser
    FederatedUser (..),
    newFederatedUser,
    federatedUser_federatedUserId,
    federatedUser_arn,

    -- * PolicyDescriptorType
    PolicyDescriptorType (..),
    newPolicyDescriptorType,
    policyDescriptorType_arn,

    -- * Tag
    Tag (..),
    newTag,
    tag_key,
    tag_value,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import Amazonka.STS.Types.AssumedRoleUser
import Amazonka.STS.Types.FederatedUser
import Amazonka.STS.Types.PolicyDescriptorType
import Amazonka.STS.Types.Tag
import qualified Amazonka.Sign.V4 as Sign

-- | API version @2011-06-15@ of the Amazon Security Token Service SDK configuration.
defaultService :: Core.Service
defaultService :: Service
defaultService =
  Service :: Abbrev
-> Signer
-> ByteString
-> ByteString
-> ByteString
-> (Region -> Endpoint)
-> Maybe Seconds
-> (Status -> Bool)
-> (Status -> [Header] -> ByteStringLazy -> Error)
-> Retry
-> Service
Core.Service
    { $sel:_serviceAbbrev:Service :: Abbrev
Core._serviceAbbrev = Abbrev
"STS",
      $sel:_serviceSigner:Service :: Signer
Core._serviceSigner = Signer
Sign.v4,
      $sel:_serviceEndpointPrefix:Service :: ByteString
Core._serviceEndpointPrefix = ByteString
"sts",
      $sel:_serviceSigningName:Service :: ByteString
Core._serviceSigningName = ByteString
"sts",
      $sel:_serviceVersion:Service :: ByteString
Core._serviceVersion = ByteString
"2011-06-15",
      $sel:_serviceEndpoint:Service :: Region -> Endpoint
Core._serviceEndpoint =
        Service -> Region -> Endpoint
Core.defaultEndpoint Service
defaultService,
      $sel:_serviceTimeout:Service :: Maybe Seconds
Core._serviceTimeout = Seconds -> Maybe Seconds
forall a. a -> Maybe a
Prelude.Just Seconds
70,
      $sel:_serviceCheck:Service :: Status -> Bool
Core._serviceCheck = Status -> Bool
Core.statusSuccess,
      $sel:_serviceError:Service :: Status -> [Header] -> ByteStringLazy -> Error
Core._serviceError = Abbrev -> Status -> [Header] -> ByteStringLazy -> Error
Core.parseXMLError Abbrev
"STS",
      $sel:_serviceRetry:Service :: Retry
Core._serviceRetry = Retry
retry
    }
  where
    retry :: Retry
retry =
      Exponential :: Double -> Int -> Int -> (ServiceError -> Maybe Text) -> Retry
Core.Exponential
        { $sel:_retryBase:Exponential :: Double
Core._retryBase = Double
5.0e-2,
          $sel:_retryGrowth:Exponential :: Int
Core._retryGrowth = Int
2,
          $sel:_retryAttempts:Exponential :: Int
Core._retryAttempts = Int
5,
          $sel:_retryCheck:Exponential :: ServiceError -> Maybe Text
Core._retryCheck = ServiceError -> Maybe Text
forall a. IsString a => ServiceError -> Maybe a
check
        }
    check :: ServiceError -> Maybe a
check ServiceError
e
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"ThrottledException"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"throttled_exception"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
429) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"too_many_requests"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"ThrottlingException"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"throttling_exception"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"Throttling"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"throttling"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode
              ErrorCode
"ProvisionedThroughputExceededException"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"throughput_exceeded"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
504) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"gateway_timeout"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"RequestThrottledException"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"request_throttled_exception"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
502) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"bad_gateway"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
503) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"service_unavailable"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
500) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"general_server_error"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has (Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
509) ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"limit_exceeded"
      | Getting Any ServiceError ServiceError -> ServiceError -> Bool
forall s a. Getting Any s a -> s -> Bool
Lens.has
          ( ErrorCode -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
ErrorCode -> Optic' p f ServiceError ServiceError
Core.hasCode ErrorCode
"IDPCommunicationError"
              Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
-> Getting Any ServiceError ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int -> Getting Any ServiceError ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400
          )
          ServiceError
e =
        a -> Maybe a
forall a. a -> Maybe a
Prelude.Just a
"idp_unreachable_error"
      | Bool
Prelude.otherwise = Maybe a
forall a. Maybe a
Prelude.Nothing

-- | The request was rejected because the policy document was malformed. The
-- error message describes the specific error.
_MalformedPolicyDocumentException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_MalformedPolicyDocumentException :: Getting (First ServiceError) a ServiceError
_MalformedPolicyDocumentException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"MalformedPolicyDocument"
    Getting (First ServiceError) a ServiceError
-> ((ServiceError -> Const (First ServiceError) ServiceError)
    -> ServiceError -> Const (First ServiceError) ServiceError)
-> Getting (First ServiceError) a ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int
-> (ServiceError -> Const (First ServiceError) ServiceError)
-> ServiceError
-> Const (First ServiceError) ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400

-- | The error returned if the message passed to @DecodeAuthorizationMessage@
-- was invalid. This can happen if the token contains invalid characters,
-- such as linebreaks.
_InvalidAuthorizationMessageException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_InvalidAuthorizationMessageException :: Getting (First ServiceError) a ServiceError
_InvalidAuthorizationMessageException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"InvalidAuthorizationMessageException"
    Getting (First ServiceError) a ServiceError
-> ((ServiceError -> Const (First ServiceError) ServiceError)
    -> ServiceError -> Const (First ServiceError) ServiceError)
-> Getting (First ServiceError) a ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int
-> (ServiceError -> Const (First ServiceError) ServiceError)
-> ServiceError
-> Const (First ServiceError) ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400

-- | The request was rejected because the total packed size of the session
-- policies and session tags combined was too large. An Amazon Web Services
-- conversion compresses the session policy document, session policy ARNs,
-- and session tags into a packed binary format that has a separate limit.
-- The error message indicates by percentage how close the policies and
-- tags are to the upper size limit. For more information, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html Passing Session Tags in STS>
-- in the /IAM User Guide/.
--
-- You could receive this error even though you meet other defined session
-- policy and session tag limits. For more information, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html IAM and STS Entity Character Limits>
-- in the /IAM User Guide/.
_PackedPolicyTooLargeException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_PackedPolicyTooLargeException :: Getting (First ServiceError) a ServiceError
_PackedPolicyTooLargeException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"PackedPolicyTooLarge"
    Getting (First ServiceError) a ServiceError
-> ((ServiceError -> Const (First ServiceError) ServiceError)
    -> ServiceError -> Const (First ServiceError) ServiceError)
-> Getting (First ServiceError) a ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int
-> (ServiceError -> Const (First ServiceError) ServiceError)
-> ServiceError
-> Const (First ServiceError) ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400

-- | STS is not activated in the requested region for the account that is
-- being asked to generate credentials. The account administrator must use
-- the IAM console to activate STS in that region. For more information,
-- see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region>
-- in the /IAM User Guide/.
_RegionDisabledException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_RegionDisabledException :: Getting (First ServiceError) a ServiceError
_RegionDisabledException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"RegionDisabledException"
    Getting (First ServiceError) a ServiceError
-> ((ServiceError -> Const (First ServiceError) ServiceError)
    -> ServiceError -> Const (First ServiceError) ServiceError)
-> Getting (First ServiceError) a ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int
-> (ServiceError -> Const (First ServiceError) ServiceError)
-> ServiceError
-> Const (First ServiceError) ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
403

-- | The request could not be fulfilled because the identity provider (IDP)
-- that was asked to verify the incoming identity token could not be
-- reached. This is often a transient error caused by network conditions.
-- Retry the request a limited number of times so that you don\'t exceed
-- the request rate. If the error persists, the identity provider might be
-- down or not responding.
_IDPCommunicationErrorException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_IDPCommunicationErrorException :: Getting (First ServiceError) a ServiceError
_IDPCommunicationErrorException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"IDPCommunicationError"
    Getting (First ServiceError) a ServiceError
-> ((ServiceError -> Const (First ServiceError) ServiceError)
    -> ServiceError -> Const (First ServiceError) ServiceError)
-> Getting (First ServiceError) a ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int
-> (ServiceError -> Const (First ServiceError) ServiceError)
-> ServiceError
-> Const (First ServiceError) ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400

-- | The web identity token that was passed could not be validated by Amazon
-- Web Services. Get a new identity token from the identity provider and
-- then retry the request.
_InvalidIdentityTokenException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_InvalidIdentityTokenException :: Getting (First ServiceError) a ServiceError
_InvalidIdentityTokenException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"InvalidIdentityToken"
    Getting (First ServiceError) a ServiceError
-> ((ServiceError -> Const (First ServiceError) ServiceError)
    -> ServiceError -> Const (First ServiceError) ServiceError)
-> Getting (First ServiceError) a ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int
-> (ServiceError -> Const (First ServiceError) ServiceError)
-> ServiceError
-> Const (First ServiceError) ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400

-- | The web identity token that was passed is expired or is not valid. Get a
-- new identity token from the identity provider and then retry the
-- request.
_ExpiredTokenException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_ExpiredTokenException :: Getting (First ServiceError) a ServiceError
_ExpiredTokenException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"ExpiredTokenException"
    Getting (First ServiceError) a ServiceError
-> ((ServiceError -> Const (First ServiceError) ServiceError)
    -> ServiceError -> Const (First ServiceError) ServiceError)
-> Getting (First ServiceError) a ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int
-> (ServiceError -> Const (First ServiceError) ServiceError)
-> ServiceError
-> Const (First ServiceError) ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
400

-- | The identity provider (IdP) reported that authentication failed. This
-- might be because the claim is invalid.
--
-- If this error is returned for the @AssumeRoleWithWebIdentity@ operation,
-- it can also mean that the claim has expired or has been explicitly
-- revoked.
_IDPRejectedClaimException :: Core.AsError a => Lens.Getting (Prelude.First Core.ServiceError) a Core.ServiceError
_IDPRejectedClaimException :: Getting (First ServiceError) a ServiceError
_IDPRejectedClaimException =
  Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
forall a.
AsError a =>
Service -> ErrorCode -> Getting (First ServiceError) a ServiceError
Core._MatchServiceError
    Service
defaultService
    ErrorCode
"IDPRejectedClaim"
    Getting (First ServiceError) a ServiceError
-> ((ServiceError -> Const (First ServiceError) ServiceError)
    -> ServiceError -> Const (First ServiceError) ServiceError)
-> Getting (First ServiceError) a ServiceError
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Int
-> (ServiceError -> Const (First ServiceError) ServiceError)
-> ServiceError
-> Const (First ServiceError) ServiceError
forall (f :: * -> *) (p :: * -> * -> *).
(Applicative f, Choice p) =>
Int -> Optic' p f ServiceError ServiceError
Core.hasStatus Int
403