{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.Transfer.CreateAccess
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Used by administrators to choose which groups in the directory should
-- have access to upload and download files over the enabled protocols
-- using Amazon Web Services Transfer Family. For example, a Microsoft
-- Active Directory might contain 50,000 users, but only a small fraction
-- might need the ability to transfer files to the server. An administrator
-- can use @CreateAccess@ to limit the access to the correct set of users
-- who need this ability.
module Amazonka.Transfer.CreateAccess
  ( -- * Creating a Request
    CreateAccess (..),
    newCreateAccess,

    -- * Request Lenses
    createAccess_homeDirectoryType,
    createAccess_posixProfile,
    createAccess_homeDirectoryMappings,
    createAccess_policy,
    createAccess_homeDirectory,
    createAccess_role,
    createAccess_serverId,
    createAccess_externalId,

    -- * Destructuring the Response
    CreateAccessResponse (..),
    newCreateAccessResponse,

    -- * Response Lenses
    createAccessResponse_httpStatus,
    createAccessResponse_serverId,
    createAccessResponse_externalId,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.Transfer.Types

-- | /See:/ 'newCreateAccess' smart constructor.
data CreateAccess = CreateAccess'
  { -- | The type of landing directory (folder) you want your users\' home
    -- directory to be when they log into the server. If you set it to @PATH@,
    -- the user will see the absolute Amazon S3 bucket or EFS paths as is in
    -- their file transfer protocol clients. If you set it @LOGICAL@, you need
    -- to provide mappings in the @HomeDirectoryMappings@ for how you want to
    -- make Amazon S3 or EFS paths visible to your users.
    CreateAccess -> Maybe HomeDirectoryType
homeDirectoryType :: Prelude.Maybe HomeDirectoryType,
    CreateAccess -> Maybe PosixProfile
posixProfile :: Prelude.Maybe PosixProfile,
    -- | Logical directory mappings that specify what Amazon S3 or Amazon EFS
    -- paths and keys should be visible to your user and how you want to make
    -- them visible. You must specify the @Entry@ and @Target@ pair, where
    -- @Entry@ shows how the path is made visible and @Target@ is the actual
    -- Amazon S3 or Amazon EFS path. If you only specify a target, it is
    -- displayed as is. You also must ensure that your Amazon Web Services
    -- Identity and Access Management (IAM) role provides access to paths in
    -- @Target@. This value can only be set when @HomeDirectoryType@ is set to
    -- /LOGICAL/.
    --
    -- The following is an @Entry@ and @Target@ pair example.
    --
    -- @[ { \"Entry\": \"\/directory1\", \"Target\": \"\/bucket_name\/home\/mydirectory\" } ]@
    --
    -- In most cases, you can use this value instead of the session policy to
    -- lock down your user to the designated home directory (\"@chroot@\"). To
    -- do this, you can set @Entry@ to @\/@ and set @Target@ to the
    -- @HomeDirectory@ parameter value.
    --
    -- The following is an @Entry@ and @Target@ pair example for @chroot@.
    --
    -- @[ { \"Entry:\": \"\/\", \"Target\": \"\/bucket_name\/home\/mydirectory\" } ]@
    --
    -- If the target of a logical directory entry does not exist in Amazon S3
    -- or EFS, the entry is ignored. As a workaround, you can use the Amazon S3
    -- API or EFS API to create 0 byte objects as place holders for your
    -- directory. If using the CLI, use the @s3api@ or @efsapi@ call instead of
    -- @s3@ or @efs@ so you can use the put-object operation. For example, you
    -- use the following:
    -- @aws s3api put-object --bucket bucketname --key path\/to\/folder\/@.
    -- Make sure that the end of the key name ends in a @\/@ for it to be
    -- considered a folder.
    CreateAccess -> Maybe (NonEmpty HomeDirectoryMapEntry)
homeDirectoryMappings :: Prelude.Maybe (Prelude.NonEmpty HomeDirectoryMapEntry),
    -- | A session policy for your user so that you can use the same IAM role
    -- across multiple users. This policy scopes down user access to portions
    -- of their Amazon S3 bucket. Variables that you can use inside this policy
    -- include @${Transfer:UserName}@, @${Transfer:HomeDirectory}@, and
    -- @${Transfer:HomeBucket}@.
    --
    -- This only applies when the domain of @ServerId@ is S3. EFS does not use
    -- session policies.
    --
    -- For session policies, Amazon Web Services Transfer Family stores the
    -- policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the
    -- policy. You save the policy as a JSON blob and pass it in the @Policy@
    -- argument.
    --
    -- For an example of a session policy, see
    -- <https://docs.aws.amazon.com/transfer/latest/userguide/session-policy.html Example session policy>.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html AssumeRole>
    -- in the /Amazon Web Services Security Token Service API Reference/.
    CreateAccess -> Maybe Text
policy :: Prelude.Maybe Prelude.Text,
    -- | The landing directory (folder) for a user when they log in to the server
    -- using the client.
    --
    -- A @HomeDirectory@ example is @\/bucket_name\/home\/mydirectory@.
    CreateAccess -> Maybe Text
homeDirectory :: Prelude.Maybe Prelude.Text,
    -- | Specifies the Amazon Resource Name (ARN) of the IAM role that controls
    -- your users\' access to your Amazon S3 bucket or EFS file system. The
    -- policies attached to this role determine the level of access that you
    -- want to provide your users when transferring files into and out of your
    -- Amazon S3 bucket or EFS file system. The IAM role should also contain a
    -- trust relationship that allows the server to access your resources when
    -- servicing your users\' transfer requests.
    CreateAccess -> Text
role' :: Prelude.Text,
    -- | A system-assigned unique identifier for a server instance. This is the
    -- specific server that you added your user to.
    CreateAccess -> Text
serverId :: Prelude.Text,
    -- | A unique identifier that is required to identify specific groups within
    -- your directory. The users of the group that you associate have access to
    -- your Amazon S3 or Amazon EFS resources over the enabled protocols using
    -- Amazon Web Services Transfer Family. If you know the group name, you can
    -- view the SID values by running the following command using Windows
    -- PowerShell.
    --
    -- @Get-ADGroup -Filter {samAccountName -like \"YourGroupName*\"} -Properties * | Select SamAccountName,ObjectSid@
    --
    -- In that command, replace /YourGroupName/ with the name of your Active
    -- Directory group.
    --
    -- The regex used to validate this parameter is a string of characters
    -- consisting of uppercase and lowercase alphanumeric characters with no
    -- spaces. You can also include underscores or any of the following
    -- characters: =,.\@:\/-
    CreateAccess -> Text
externalId :: Prelude.Text
  }
  deriving (CreateAccess -> CreateAccess -> Bool
(CreateAccess -> CreateAccess -> Bool)
-> (CreateAccess -> CreateAccess -> Bool) -> Eq CreateAccess
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateAccess -> CreateAccess -> Bool
$c/= :: CreateAccess -> CreateAccess -> Bool
== :: CreateAccess -> CreateAccess -> Bool
$c== :: CreateAccess -> CreateAccess -> Bool
Prelude.Eq, ReadPrec [CreateAccess]
ReadPrec CreateAccess
Int -> ReadS CreateAccess
ReadS [CreateAccess]
(Int -> ReadS CreateAccess)
-> ReadS [CreateAccess]
-> ReadPrec CreateAccess
-> ReadPrec [CreateAccess]
-> Read CreateAccess
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateAccess]
$creadListPrec :: ReadPrec [CreateAccess]
readPrec :: ReadPrec CreateAccess
$creadPrec :: ReadPrec CreateAccess
readList :: ReadS [CreateAccess]
$creadList :: ReadS [CreateAccess]
readsPrec :: Int -> ReadS CreateAccess
$creadsPrec :: Int -> ReadS CreateAccess
Prelude.Read, Int -> CreateAccess -> ShowS
[CreateAccess] -> ShowS
CreateAccess -> String
(Int -> CreateAccess -> ShowS)
-> (CreateAccess -> String)
-> ([CreateAccess] -> ShowS)
-> Show CreateAccess
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateAccess] -> ShowS
$cshowList :: [CreateAccess] -> ShowS
show :: CreateAccess -> String
$cshow :: CreateAccess -> String
showsPrec :: Int -> CreateAccess -> ShowS
$cshowsPrec :: Int -> CreateAccess -> ShowS
Prelude.Show, (forall x. CreateAccess -> Rep CreateAccess x)
-> (forall x. Rep CreateAccess x -> CreateAccess)
-> Generic CreateAccess
forall x. Rep CreateAccess x -> CreateAccess
forall x. CreateAccess -> Rep CreateAccess x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateAccess x -> CreateAccess
$cfrom :: forall x. CreateAccess -> Rep CreateAccess x
Prelude.Generic)

-- |
-- Create a value of 'CreateAccess' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'homeDirectoryType', 'createAccess_homeDirectoryType' - The type of landing directory (folder) you want your users\' home
-- directory to be when they log into the server. If you set it to @PATH@,
-- the user will see the absolute Amazon S3 bucket or EFS paths as is in
-- their file transfer protocol clients. If you set it @LOGICAL@, you need
-- to provide mappings in the @HomeDirectoryMappings@ for how you want to
-- make Amazon S3 or EFS paths visible to your users.
--
-- 'posixProfile', 'createAccess_posixProfile' - Undocumented member.
--
-- 'homeDirectoryMappings', 'createAccess_homeDirectoryMappings' - Logical directory mappings that specify what Amazon S3 or Amazon EFS
-- paths and keys should be visible to your user and how you want to make
-- them visible. You must specify the @Entry@ and @Target@ pair, where
-- @Entry@ shows how the path is made visible and @Target@ is the actual
-- Amazon S3 or Amazon EFS path. If you only specify a target, it is
-- displayed as is. You also must ensure that your Amazon Web Services
-- Identity and Access Management (IAM) role provides access to paths in
-- @Target@. This value can only be set when @HomeDirectoryType@ is set to
-- /LOGICAL/.
--
-- The following is an @Entry@ and @Target@ pair example.
--
-- @[ { \"Entry\": \"\/directory1\", \"Target\": \"\/bucket_name\/home\/mydirectory\" } ]@
--
-- In most cases, you can use this value instead of the session policy to
-- lock down your user to the designated home directory (\"@chroot@\"). To
-- do this, you can set @Entry@ to @\/@ and set @Target@ to the
-- @HomeDirectory@ parameter value.
--
-- The following is an @Entry@ and @Target@ pair example for @chroot@.
--
-- @[ { \"Entry:\": \"\/\", \"Target\": \"\/bucket_name\/home\/mydirectory\" } ]@
--
-- If the target of a logical directory entry does not exist in Amazon S3
-- or EFS, the entry is ignored. As a workaround, you can use the Amazon S3
-- API or EFS API to create 0 byte objects as place holders for your
-- directory. If using the CLI, use the @s3api@ or @efsapi@ call instead of
-- @s3@ or @efs@ so you can use the put-object operation. For example, you
-- use the following:
-- @aws s3api put-object --bucket bucketname --key path\/to\/folder\/@.
-- Make sure that the end of the key name ends in a @\/@ for it to be
-- considered a folder.
--
-- 'policy', 'createAccess_policy' - A session policy for your user so that you can use the same IAM role
-- across multiple users. This policy scopes down user access to portions
-- of their Amazon S3 bucket. Variables that you can use inside this policy
-- include @${Transfer:UserName}@, @${Transfer:HomeDirectory}@, and
-- @${Transfer:HomeBucket}@.
--
-- This only applies when the domain of @ServerId@ is S3. EFS does not use
-- session policies.
--
-- For session policies, Amazon Web Services Transfer Family stores the
-- policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the
-- policy. You save the policy as a JSON blob and pass it in the @Policy@
-- argument.
--
-- For an example of a session policy, see
-- <https://docs.aws.amazon.com/transfer/latest/userguide/session-policy.html Example session policy>.
--
-- For more information, see
-- <https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html AssumeRole>
-- in the /Amazon Web Services Security Token Service API Reference/.
--
-- 'homeDirectory', 'createAccess_homeDirectory' - The landing directory (folder) for a user when they log in to the server
-- using the client.
--
-- A @HomeDirectory@ example is @\/bucket_name\/home\/mydirectory@.
--
-- 'role'', 'createAccess_role' - Specifies the Amazon Resource Name (ARN) of the IAM role that controls
-- your users\' access to your Amazon S3 bucket or EFS file system. The
-- policies attached to this role determine the level of access that you
-- want to provide your users when transferring files into and out of your
-- Amazon S3 bucket or EFS file system. The IAM role should also contain a
-- trust relationship that allows the server to access your resources when
-- servicing your users\' transfer requests.
--
-- 'serverId', 'createAccess_serverId' - A system-assigned unique identifier for a server instance. This is the
-- specific server that you added your user to.
--
-- 'externalId', 'createAccess_externalId' - A unique identifier that is required to identify specific groups within
-- your directory. The users of the group that you associate have access to
-- your Amazon S3 or Amazon EFS resources over the enabled protocols using
-- Amazon Web Services Transfer Family. If you know the group name, you can
-- view the SID values by running the following command using Windows
-- PowerShell.
--
-- @Get-ADGroup -Filter {samAccountName -like \"YourGroupName*\"} -Properties * | Select SamAccountName,ObjectSid@
--
-- In that command, replace /YourGroupName/ with the name of your Active
-- Directory group.
--
-- The regex used to validate this parameter is a string of characters
-- consisting of uppercase and lowercase alphanumeric characters with no
-- spaces. You can also include underscores or any of the following
-- characters: =,.\@:\/-
newCreateAccess ::
  -- | 'role''
  Prelude.Text ->
  -- | 'serverId'
  Prelude.Text ->
  -- | 'externalId'
  Prelude.Text ->
  CreateAccess
newCreateAccess :: Text -> Text -> Text -> CreateAccess
newCreateAccess Text
pRole_ Text
pServerId_ Text
pExternalId_ =
  CreateAccess' :: Maybe HomeDirectoryType
-> Maybe PosixProfile
-> Maybe (NonEmpty HomeDirectoryMapEntry)
-> Maybe Text
-> Maybe Text
-> Text
-> Text
-> Text
-> CreateAccess
CreateAccess'
    { $sel:homeDirectoryType:CreateAccess' :: Maybe HomeDirectoryType
homeDirectoryType = Maybe HomeDirectoryType
forall a. Maybe a
Prelude.Nothing,
      $sel:posixProfile:CreateAccess' :: Maybe PosixProfile
posixProfile = Maybe PosixProfile
forall a. Maybe a
Prelude.Nothing,
      $sel:homeDirectoryMappings:CreateAccess' :: Maybe (NonEmpty HomeDirectoryMapEntry)
homeDirectoryMappings = Maybe (NonEmpty HomeDirectoryMapEntry)
forall a. Maybe a
Prelude.Nothing,
      $sel:policy:CreateAccess' :: Maybe Text
policy = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:homeDirectory:CreateAccess' :: Maybe Text
homeDirectory = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:role':CreateAccess' :: Text
role' = Text
pRole_,
      $sel:serverId:CreateAccess' :: Text
serverId = Text
pServerId_,
      $sel:externalId:CreateAccess' :: Text
externalId = Text
pExternalId_
    }

-- | The type of landing directory (folder) you want your users\' home
-- directory to be when they log into the server. If you set it to @PATH@,
-- the user will see the absolute Amazon S3 bucket or EFS paths as is in
-- their file transfer protocol clients. If you set it @LOGICAL@, you need
-- to provide mappings in the @HomeDirectoryMappings@ for how you want to
-- make Amazon S3 or EFS paths visible to your users.
createAccess_homeDirectoryType :: Lens.Lens' CreateAccess (Prelude.Maybe HomeDirectoryType)
createAccess_homeDirectoryType :: (Maybe HomeDirectoryType -> f (Maybe HomeDirectoryType))
-> CreateAccess -> f CreateAccess
createAccess_homeDirectoryType = (CreateAccess -> Maybe HomeDirectoryType)
-> (CreateAccess -> Maybe HomeDirectoryType -> CreateAccess)
-> Lens
     CreateAccess
     CreateAccess
     (Maybe HomeDirectoryType)
     (Maybe HomeDirectoryType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccess' {Maybe HomeDirectoryType
homeDirectoryType :: Maybe HomeDirectoryType
$sel:homeDirectoryType:CreateAccess' :: CreateAccess -> Maybe HomeDirectoryType
homeDirectoryType} -> Maybe HomeDirectoryType
homeDirectoryType) (\s :: CreateAccess
s@CreateAccess' {} Maybe HomeDirectoryType
a -> CreateAccess
s {$sel:homeDirectoryType:CreateAccess' :: Maybe HomeDirectoryType
homeDirectoryType = Maybe HomeDirectoryType
a} :: CreateAccess)

-- | Undocumented member.
createAccess_posixProfile :: Lens.Lens' CreateAccess (Prelude.Maybe PosixProfile)
createAccess_posixProfile :: (Maybe PosixProfile -> f (Maybe PosixProfile))
-> CreateAccess -> f CreateAccess
createAccess_posixProfile = (CreateAccess -> Maybe PosixProfile)
-> (CreateAccess -> Maybe PosixProfile -> CreateAccess)
-> Lens
     CreateAccess CreateAccess (Maybe PosixProfile) (Maybe PosixProfile)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccess' {Maybe PosixProfile
posixProfile :: Maybe PosixProfile
$sel:posixProfile:CreateAccess' :: CreateAccess -> Maybe PosixProfile
posixProfile} -> Maybe PosixProfile
posixProfile) (\s :: CreateAccess
s@CreateAccess' {} Maybe PosixProfile
a -> CreateAccess
s {$sel:posixProfile:CreateAccess' :: Maybe PosixProfile
posixProfile = Maybe PosixProfile
a} :: CreateAccess)

-- | Logical directory mappings that specify what Amazon S3 or Amazon EFS
-- paths and keys should be visible to your user and how you want to make
-- them visible. You must specify the @Entry@ and @Target@ pair, where
-- @Entry@ shows how the path is made visible and @Target@ is the actual
-- Amazon S3 or Amazon EFS path. If you only specify a target, it is
-- displayed as is. You also must ensure that your Amazon Web Services
-- Identity and Access Management (IAM) role provides access to paths in
-- @Target@. This value can only be set when @HomeDirectoryType@ is set to
-- /LOGICAL/.
--
-- The following is an @Entry@ and @Target@ pair example.
--
-- @[ { \"Entry\": \"\/directory1\", \"Target\": \"\/bucket_name\/home\/mydirectory\" } ]@
--
-- In most cases, you can use this value instead of the session policy to
-- lock down your user to the designated home directory (\"@chroot@\"). To
-- do this, you can set @Entry@ to @\/@ and set @Target@ to the
-- @HomeDirectory@ parameter value.
--
-- The following is an @Entry@ and @Target@ pair example for @chroot@.
--
-- @[ { \"Entry:\": \"\/\", \"Target\": \"\/bucket_name\/home\/mydirectory\" } ]@
--
-- If the target of a logical directory entry does not exist in Amazon S3
-- or EFS, the entry is ignored. As a workaround, you can use the Amazon S3
-- API or EFS API to create 0 byte objects as place holders for your
-- directory. If using the CLI, use the @s3api@ or @efsapi@ call instead of
-- @s3@ or @efs@ so you can use the put-object operation. For example, you
-- use the following:
-- @aws s3api put-object --bucket bucketname --key path\/to\/folder\/@.
-- Make sure that the end of the key name ends in a @\/@ for it to be
-- considered a folder.
createAccess_homeDirectoryMappings :: Lens.Lens' CreateAccess (Prelude.Maybe (Prelude.NonEmpty HomeDirectoryMapEntry))
createAccess_homeDirectoryMappings :: (Maybe (NonEmpty HomeDirectoryMapEntry)
 -> f (Maybe (NonEmpty HomeDirectoryMapEntry)))
-> CreateAccess -> f CreateAccess
createAccess_homeDirectoryMappings = (CreateAccess -> Maybe (NonEmpty HomeDirectoryMapEntry))
-> (CreateAccess
    -> Maybe (NonEmpty HomeDirectoryMapEntry) -> CreateAccess)
-> Lens
     CreateAccess
     CreateAccess
     (Maybe (NonEmpty HomeDirectoryMapEntry))
     (Maybe (NonEmpty HomeDirectoryMapEntry))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccess' {Maybe (NonEmpty HomeDirectoryMapEntry)
homeDirectoryMappings :: Maybe (NonEmpty HomeDirectoryMapEntry)
$sel:homeDirectoryMappings:CreateAccess' :: CreateAccess -> Maybe (NonEmpty HomeDirectoryMapEntry)
homeDirectoryMappings} -> Maybe (NonEmpty HomeDirectoryMapEntry)
homeDirectoryMappings) (\s :: CreateAccess
s@CreateAccess' {} Maybe (NonEmpty HomeDirectoryMapEntry)
a -> CreateAccess
s {$sel:homeDirectoryMappings:CreateAccess' :: Maybe (NonEmpty HomeDirectoryMapEntry)
homeDirectoryMappings = Maybe (NonEmpty HomeDirectoryMapEntry)
a} :: CreateAccess) ((Maybe (NonEmpty HomeDirectoryMapEntry)
  -> f (Maybe (NonEmpty HomeDirectoryMapEntry)))
 -> CreateAccess -> f CreateAccess)
-> ((Maybe (NonEmpty HomeDirectoryMapEntry)
     -> f (Maybe (NonEmpty HomeDirectoryMapEntry)))
    -> Maybe (NonEmpty HomeDirectoryMapEntry)
    -> f (Maybe (NonEmpty HomeDirectoryMapEntry)))
-> (Maybe (NonEmpty HomeDirectoryMapEntry)
    -> f (Maybe (NonEmpty HomeDirectoryMapEntry)))
-> CreateAccess
-> f CreateAccess
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (NonEmpty HomeDirectoryMapEntry)
  (NonEmpty HomeDirectoryMapEntry)
  (NonEmpty HomeDirectoryMapEntry)
  (NonEmpty HomeDirectoryMapEntry)
-> Iso
     (Maybe (NonEmpty HomeDirectoryMapEntry))
     (Maybe (NonEmpty HomeDirectoryMapEntry))
     (Maybe (NonEmpty HomeDirectoryMapEntry))
     (Maybe (NonEmpty HomeDirectoryMapEntry))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (NonEmpty HomeDirectoryMapEntry)
  (NonEmpty HomeDirectoryMapEntry)
  (NonEmpty HomeDirectoryMapEntry)
  (NonEmpty HomeDirectoryMapEntry)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A session policy for your user so that you can use the same IAM role
-- across multiple users. This policy scopes down user access to portions
-- of their Amazon S3 bucket. Variables that you can use inside this policy
-- include @${Transfer:UserName}@, @${Transfer:HomeDirectory}@, and
-- @${Transfer:HomeBucket}@.
--
-- This only applies when the domain of @ServerId@ is S3. EFS does not use
-- session policies.
--
-- For session policies, Amazon Web Services Transfer Family stores the
-- policy as a JSON blob, instead of the Amazon Resource Name (ARN) of the
-- policy. You save the policy as a JSON blob and pass it in the @Policy@
-- argument.
--
-- For an example of a session policy, see
-- <https://docs.aws.amazon.com/transfer/latest/userguide/session-policy.html Example session policy>.
--
-- For more information, see
-- <https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html AssumeRole>
-- in the /Amazon Web Services Security Token Service API Reference/.
createAccess_policy :: Lens.Lens' CreateAccess (Prelude.Maybe Prelude.Text)
createAccess_policy :: (Maybe Text -> f (Maybe Text)) -> CreateAccess -> f CreateAccess
createAccess_policy = (CreateAccess -> Maybe Text)
-> (CreateAccess -> Maybe Text -> CreateAccess)
-> Lens CreateAccess CreateAccess (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccess' {Maybe Text
policy :: Maybe Text
$sel:policy:CreateAccess' :: CreateAccess -> Maybe Text
policy} -> Maybe Text
policy) (\s :: CreateAccess
s@CreateAccess' {} Maybe Text
a -> CreateAccess
s {$sel:policy:CreateAccess' :: Maybe Text
policy = Maybe Text
a} :: CreateAccess)

-- | The landing directory (folder) for a user when they log in to the server
-- using the client.
--
-- A @HomeDirectory@ example is @\/bucket_name\/home\/mydirectory@.
createAccess_homeDirectory :: Lens.Lens' CreateAccess (Prelude.Maybe Prelude.Text)
createAccess_homeDirectory :: (Maybe Text -> f (Maybe Text)) -> CreateAccess -> f CreateAccess
createAccess_homeDirectory = (CreateAccess -> Maybe Text)
-> (CreateAccess -> Maybe Text -> CreateAccess)
-> Lens CreateAccess CreateAccess (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccess' {Maybe Text
homeDirectory :: Maybe Text
$sel:homeDirectory:CreateAccess' :: CreateAccess -> Maybe Text
homeDirectory} -> Maybe Text
homeDirectory) (\s :: CreateAccess
s@CreateAccess' {} Maybe Text
a -> CreateAccess
s {$sel:homeDirectory:CreateAccess' :: Maybe Text
homeDirectory = Maybe Text
a} :: CreateAccess)

-- | Specifies the Amazon Resource Name (ARN) of the IAM role that controls
-- your users\' access to your Amazon S3 bucket or EFS file system. The
-- policies attached to this role determine the level of access that you
-- want to provide your users when transferring files into and out of your
-- Amazon S3 bucket or EFS file system. The IAM role should also contain a
-- trust relationship that allows the server to access your resources when
-- servicing your users\' transfer requests.
createAccess_role :: Lens.Lens' CreateAccess Prelude.Text
createAccess_role :: (Text -> f Text) -> CreateAccess -> f CreateAccess
createAccess_role = (CreateAccess -> Text)
-> (CreateAccess -> Text -> CreateAccess)
-> Lens CreateAccess CreateAccess Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccess' {Text
role' :: Text
$sel:role':CreateAccess' :: CreateAccess -> Text
role'} -> Text
role') (\s :: CreateAccess
s@CreateAccess' {} Text
a -> CreateAccess
s {$sel:role':CreateAccess' :: Text
role' = Text
a} :: CreateAccess)

-- | A system-assigned unique identifier for a server instance. This is the
-- specific server that you added your user to.
createAccess_serverId :: Lens.Lens' CreateAccess Prelude.Text
createAccess_serverId :: (Text -> f Text) -> CreateAccess -> f CreateAccess
createAccess_serverId = (CreateAccess -> Text)
-> (CreateAccess -> Text -> CreateAccess)
-> Lens CreateAccess CreateAccess Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccess' {Text
serverId :: Text
$sel:serverId:CreateAccess' :: CreateAccess -> Text
serverId} -> Text
serverId) (\s :: CreateAccess
s@CreateAccess' {} Text
a -> CreateAccess
s {$sel:serverId:CreateAccess' :: Text
serverId = Text
a} :: CreateAccess)

-- | A unique identifier that is required to identify specific groups within
-- your directory. The users of the group that you associate have access to
-- your Amazon S3 or Amazon EFS resources over the enabled protocols using
-- Amazon Web Services Transfer Family. If you know the group name, you can
-- view the SID values by running the following command using Windows
-- PowerShell.
--
-- @Get-ADGroup -Filter {samAccountName -like \"YourGroupName*\"} -Properties * | Select SamAccountName,ObjectSid@
--
-- In that command, replace /YourGroupName/ with the name of your Active
-- Directory group.
--
-- The regex used to validate this parameter is a string of characters
-- consisting of uppercase and lowercase alphanumeric characters with no
-- spaces. You can also include underscores or any of the following
-- characters: =,.\@:\/-
createAccess_externalId :: Lens.Lens' CreateAccess Prelude.Text
createAccess_externalId :: (Text -> f Text) -> CreateAccess -> f CreateAccess
createAccess_externalId = (CreateAccess -> Text)
-> (CreateAccess -> Text -> CreateAccess)
-> Lens CreateAccess CreateAccess Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccess' {Text
externalId :: Text
$sel:externalId:CreateAccess' :: CreateAccess -> Text
externalId} -> Text
externalId) (\s :: CreateAccess
s@CreateAccess' {} Text
a -> CreateAccess
s {$sel:externalId:CreateAccess' :: Text
externalId = Text
a} :: CreateAccess)

instance Core.AWSRequest CreateAccess where
  type AWSResponse CreateAccess = CreateAccessResponse
  request :: CreateAccess -> Request CreateAccess
request = Service -> CreateAccess -> Request CreateAccess
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy CreateAccess
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateAccess)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse CreateAccess))
-> Logger
-> Service
-> Proxy CreateAccess
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateAccess)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Int -> Text -> Text -> CreateAccessResponse
CreateAccessResponse'
            (Int -> Text -> Text -> CreateAccessResponse)
-> Either String Int
-> Either String (Text -> Text -> CreateAccessResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
            Either String (Text -> Text -> CreateAccessResponse)
-> Either String Text
-> Either String (Text -> CreateAccessResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String Text
forall a. FromJSON a => Object -> Text -> Either String a
Core..:> Text
"ServerId")
            Either String (Text -> CreateAccessResponse)
-> Either String Text -> Either String CreateAccessResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String Text
forall a. FromJSON a => Object -> Text -> Either String a
Core..:> Text
"ExternalId")
      )

instance Prelude.Hashable CreateAccess

instance Prelude.NFData CreateAccess

instance Core.ToHeaders CreateAccess where
  toHeaders :: CreateAccess -> ResponseHeaders
toHeaders =
    ResponseHeaders -> CreateAccess -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"TransferService.CreateAccess" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON CreateAccess where
  toJSON :: CreateAccess -> Value
toJSON CreateAccess' {Maybe (NonEmpty HomeDirectoryMapEntry)
Maybe Text
Maybe HomeDirectoryType
Maybe PosixProfile
Text
externalId :: Text
serverId :: Text
role' :: Text
homeDirectory :: Maybe Text
policy :: Maybe Text
homeDirectoryMappings :: Maybe (NonEmpty HomeDirectoryMapEntry)
posixProfile :: Maybe PosixProfile
homeDirectoryType :: Maybe HomeDirectoryType
$sel:externalId:CreateAccess' :: CreateAccess -> Text
$sel:serverId:CreateAccess' :: CreateAccess -> Text
$sel:role':CreateAccess' :: CreateAccess -> Text
$sel:homeDirectory:CreateAccess' :: CreateAccess -> Maybe Text
$sel:policy:CreateAccess' :: CreateAccess -> Maybe Text
$sel:homeDirectoryMappings:CreateAccess' :: CreateAccess -> Maybe (NonEmpty HomeDirectoryMapEntry)
$sel:posixProfile:CreateAccess' :: CreateAccess -> Maybe PosixProfile
$sel:homeDirectoryType:CreateAccess' :: CreateAccess -> Maybe HomeDirectoryType
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"HomeDirectoryType" Text -> HomeDirectoryType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (HomeDirectoryType -> Pair)
-> Maybe HomeDirectoryType -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe HomeDirectoryType
homeDirectoryType,
            (Text
"PosixProfile" Text -> PosixProfile -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (PosixProfile -> Pair) -> Maybe PosixProfile -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe PosixProfile
posixProfile,
            (Text
"HomeDirectoryMappings" Text -> NonEmpty HomeDirectoryMapEntry -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (NonEmpty HomeDirectoryMapEntry -> Pair)
-> Maybe (NonEmpty HomeDirectoryMapEntry) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (NonEmpty HomeDirectoryMapEntry)
homeDirectoryMappings,
            (Text
"Policy" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
policy,
            (Text
"HomeDirectory" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
homeDirectory,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Role" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
role'),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"ServerId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
serverId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"ExternalId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
externalId)
          ]
      )

instance Core.ToPath CreateAccess where
  toPath :: CreateAccess -> ByteString
toPath = ByteString -> CreateAccess -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery CreateAccess where
  toQuery :: CreateAccess -> QueryString
toQuery = QueryString -> CreateAccess -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newCreateAccessResponse' smart constructor.
data CreateAccessResponse = CreateAccessResponse'
  { -- | The response's http status code.
    CreateAccessResponse -> Int
httpStatus :: Prelude.Int,
    -- | The ID of the server that the user is attached to.
    CreateAccessResponse -> Text
serverId :: Prelude.Text,
    -- | The external ID of the group whose users have access to your Amazon S3
    -- or Amazon EFS resources over the enabled protocols using Amazon Web
    -- Services Transfer Family.
    CreateAccessResponse -> Text
externalId :: Prelude.Text
  }
  deriving (CreateAccessResponse -> CreateAccessResponse -> Bool
(CreateAccessResponse -> CreateAccessResponse -> Bool)
-> (CreateAccessResponse -> CreateAccessResponse -> Bool)
-> Eq CreateAccessResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateAccessResponse -> CreateAccessResponse -> Bool
$c/= :: CreateAccessResponse -> CreateAccessResponse -> Bool
== :: CreateAccessResponse -> CreateAccessResponse -> Bool
$c== :: CreateAccessResponse -> CreateAccessResponse -> Bool
Prelude.Eq, ReadPrec [CreateAccessResponse]
ReadPrec CreateAccessResponse
Int -> ReadS CreateAccessResponse
ReadS [CreateAccessResponse]
(Int -> ReadS CreateAccessResponse)
-> ReadS [CreateAccessResponse]
-> ReadPrec CreateAccessResponse
-> ReadPrec [CreateAccessResponse]
-> Read CreateAccessResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateAccessResponse]
$creadListPrec :: ReadPrec [CreateAccessResponse]
readPrec :: ReadPrec CreateAccessResponse
$creadPrec :: ReadPrec CreateAccessResponse
readList :: ReadS [CreateAccessResponse]
$creadList :: ReadS [CreateAccessResponse]
readsPrec :: Int -> ReadS CreateAccessResponse
$creadsPrec :: Int -> ReadS CreateAccessResponse
Prelude.Read, Int -> CreateAccessResponse -> ShowS
[CreateAccessResponse] -> ShowS
CreateAccessResponse -> String
(Int -> CreateAccessResponse -> ShowS)
-> (CreateAccessResponse -> String)
-> ([CreateAccessResponse] -> ShowS)
-> Show CreateAccessResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateAccessResponse] -> ShowS
$cshowList :: [CreateAccessResponse] -> ShowS
show :: CreateAccessResponse -> String
$cshow :: CreateAccessResponse -> String
showsPrec :: Int -> CreateAccessResponse -> ShowS
$cshowsPrec :: Int -> CreateAccessResponse -> ShowS
Prelude.Show, (forall x. CreateAccessResponse -> Rep CreateAccessResponse x)
-> (forall x. Rep CreateAccessResponse x -> CreateAccessResponse)
-> Generic CreateAccessResponse
forall x. Rep CreateAccessResponse x -> CreateAccessResponse
forall x. CreateAccessResponse -> Rep CreateAccessResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateAccessResponse x -> CreateAccessResponse
$cfrom :: forall x. CreateAccessResponse -> Rep CreateAccessResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateAccessResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'createAccessResponse_httpStatus' - The response's http status code.
--
-- 'serverId', 'createAccessResponse_serverId' - The ID of the server that the user is attached to.
--
-- 'externalId', 'createAccessResponse_externalId' - The external ID of the group whose users have access to your Amazon S3
-- or Amazon EFS resources over the enabled protocols using Amazon Web
-- Services Transfer Family.
newCreateAccessResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  -- | 'serverId'
  Prelude.Text ->
  -- | 'externalId'
  Prelude.Text ->
  CreateAccessResponse
newCreateAccessResponse :: Int -> Text -> Text -> CreateAccessResponse
newCreateAccessResponse
  Int
pHttpStatus_
  Text
pServerId_
  Text
pExternalId_ =
    CreateAccessResponse' :: Int -> Text -> Text -> CreateAccessResponse
CreateAccessResponse'
      { $sel:httpStatus:CreateAccessResponse' :: Int
httpStatus = Int
pHttpStatus_,
        $sel:serverId:CreateAccessResponse' :: Text
serverId = Text
pServerId_,
        $sel:externalId:CreateAccessResponse' :: Text
externalId = Text
pExternalId_
      }

-- | The response's http status code.
createAccessResponse_httpStatus :: Lens.Lens' CreateAccessResponse Prelude.Int
createAccessResponse_httpStatus :: (Int -> f Int) -> CreateAccessResponse -> f CreateAccessResponse
createAccessResponse_httpStatus = (CreateAccessResponse -> Int)
-> (CreateAccessResponse -> Int -> CreateAccessResponse)
-> Lens CreateAccessResponse CreateAccessResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccessResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateAccessResponse' :: CreateAccessResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateAccessResponse
s@CreateAccessResponse' {} Int
a -> CreateAccessResponse
s {$sel:httpStatus:CreateAccessResponse' :: Int
httpStatus = Int
a} :: CreateAccessResponse)

-- | The ID of the server that the user is attached to.
createAccessResponse_serverId :: Lens.Lens' CreateAccessResponse Prelude.Text
createAccessResponse_serverId :: (Text -> f Text) -> CreateAccessResponse -> f CreateAccessResponse
createAccessResponse_serverId = (CreateAccessResponse -> Text)
-> (CreateAccessResponse -> Text -> CreateAccessResponse)
-> Lens CreateAccessResponse CreateAccessResponse Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccessResponse' {Text
serverId :: Text
$sel:serverId:CreateAccessResponse' :: CreateAccessResponse -> Text
serverId} -> Text
serverId) (\s :: CreateAccessResponse
s@CreateAccessResponse' {} Text
a -> CreateAccessResponse
s {$sel:serverId:CreateAccessResponse' :: Text
serverId = Text
a} :: CreateAccessResponse)

-- | The external ID of the group whose users have access to your Amazon S3
-- or Amazon EFS resources over the enabled protocols using Amazon Web
-- Services Transfer Family.
createAccessResponse_externalId :: Lens.Lens' CreateAccessResponse Prelude.Text
createAccessResponse_externalId :: (Text -> f Text) -> CreateAccessResponse -> f CreateAccessResponse
createAccessResponse_externalId = (CreateAccessResponse -> Text)
-> (CreateAccessResponse -> Text -> CreateAccessResponse)
-> Lens CreateAccessResponse CreateAccessResponse Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateAccessResponse' {Text
externalId :: Text
$sel:externalId:CreateAccessResponse' :: CreateAccessResponse -> Text
externalId} -> Text
externalId) (\s :: CreateAccessResponse
s@CreateAccessResponse' {} Text
a -> CreateAccessResponse
s {$sel:externalId:CreateAccessResponse' :: Text
externalId = Text
a} :: CreateAccessResponse)

instance Prelude.NFData CreateAccessResponse