{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.LakeFormation.Types.DataLakeSettings
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.LakeFormation.Types.DataLakeSettings where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.LakeFormation.Types.DataLakePrincipal
import Amazonka.LakeFormation.Types.PrincipalPermissions
import qualified Amazonka.Prelude as Prelude

-- | A structure representing a list of Lake Formation principals designated
-- as data lake administrators and lists of principal permission entries
-- for default create database and default create table permissions.
--
-- /See:/ 'newDataLakeSettings' smart constructor.
data DataLakeSettings = DataLakeSettings'
  { -- | Whether to allow Amazon EMR clusters to access data managed by Lake
    -- Formation.
    --
    -- If true, you allow Amazon EMR clusters to access data in Amazon S3
    -- locations that are registered with Lake Formation.
    --
    -- If false or null, no Amazon EMR clusters will be able to access data in
    -- Amazon S3 locations that are registered with Lake Formation.
    --
    -- For more information, see
    -- <https://docs-aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html#emr-switch (Optional) Allow Data Filtering on Amazon EMR>.
    DataLakeSettings -> Maybe Bool
allowExternalDataFiltering :: Prelude.Maybe Prelude.Bool,
    -- | Lake Formation relies on a privileged process secured by Amazon EMR or
    -- the third party integrator to tag the user\'s role while assuming it.
    -- Lake Formation will publish the acceptable key-value pair, for example
    -- key = \"LakeFormationTrustedCaller\" and value = \"TRUE\" and the third
    -- party integrator must properly tag the temporary security credentials
    -- that will be used to call Lake Formation\'s administrative APIs.
    DataLakeSettings -> Maybe [Text]
authorizedSessionTagValueList :: Prelude.Maybe [Prelude.Text],
    -- | Specifies whether access control on newly created database is managed by
    -- Lake Formation permissions or exclusively by IAM permissions.
    --
    -- A null value indicates access control by Lake Formation permissions. A
    -- value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access
    -- control by IAM permissions. This is referred to as the setting \"Use
    -- only IAM access control,\" and is for backward compatibility with the
    -- Glue permission model implemented by IAM permissions.
    --
    -- The only permitted values are an empty array or an array that contains a
    -- single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html Changing the Default Security Settings for Your Data Lake>.
    DataLakeSettings -> Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions :: Prelude.Maybe [PrincipalPermissions],
    -- | Specifies whether access control on newly created table is managed by
    -- Lake Formation permissions or exclusively by IAM permissions.
    --
    -- A null value indicates access control by Lake Formation permissions. A
    -- value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access
    -- control by IAM permissions. This is referred to as the setting \"Use
    -- only IAM access control,\" and is for backward compatibility with the
    -- Glue permission model implemented by IAM permissions.
    --
    -- The only permitted values are an empty array or an array that contains a
    -- single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html Changing the Default Security Settings for Your Data Lake>.
    DataLakeSettings -> Maybe [PrincipalPermissions]
createTableDefaultPermissions :: Prelude.Maybe [PrincipalPermissions],
    -- | A list of Lake Formation principals. Supported principals are IAM users
    -- or IAM roles.
    DataLakeSettings -> Maybe [DataLakePrincipal]
dataLakeAdmins :: Prelude.Maybe [DataLakePrincipal],
    -- | A list of the account IDs of Amazon Web Services accounts with Amazon
    -- EMR clusters that are to perform data filtering.>
    DataLakeSettings -> Maybe [DataLakePrincipal]
externalDataFilteringAllowList :: Prelude.Maybe [DataLakePrincipal],
    -- | A key-value map that provides an additional configuration on your data
    -- lake. CrossAccountVersion is the key you can configure in the Parameters
    -- field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.
    DataLakeSettings -> Maybe (HashMap Text Text)
parameters :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | A list of the resource-owning account IDs that the caller\'s account can
    -- use to share their user access details (user ARNs). The user ARNs can be
    -- logged in the resource owner\'s CloudTrail log.
    --
    -- You may want to specify this property when you are in a high-trust
    -- boundary, such as the same team or company.
    DataLakeSettings -> Maybe [Text]
trustedResourceOwners :: Prelude.Maybe [Prelude.Text]
  }
  deriving (DataLakeSettings -> DataLakeSettings -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: DataLakeSettings -> DataLakeSettings -> Bool
$c/= :: DataLakeSettings -> DataLakeSettings -> Bool
== :: DataLakeSettings -> DataLakeSettings -> Bool
$c== :: DataLakeSettings -> DataLakeSettings -> Bool
Prelude.Eq, ReadPrec [DataLakeSettings]
ReadPrec DataLakeSettings
Int -> ReadS DataLakeSettings
ReadS [DataLakeSettings]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [DataLakeSettings]
$creadListPrec :: ReadPrec [DataLakeSettings]
readPrec :: ReadPrec DataLakeSettings
$creadPrec :: ReadPrec DataLakeSettings
readList :: ReadS [DataLakeSettings]
$creadList :: ReadS [DataLakeSettings]
readsPrec :: Int -> ReadS DataLakeSettings
$creadsPrec :: Int -> ReadS DataLakeSettings
Prelude.Read, Int -> DataLakeSettings -> ShowS
[DataLakeSettings] -> ShowS
DataLakeSettings -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [DataLakeSettings] -> ShowS
$cshowList :: [DataLakeSettings] -> ShowS
show :: DataLakeSettings -> String
$cshow :: DataLakeSettings -> String
showsPrec :: Int -> DataLakeSettings -> ShowS
$cshowsPrec :: Int -> DataLakeSettings -> ShowS
Prelude.Show, forall x. Rep DataLakeSettings x -> DataLakeSettings
forall x. DataLakeSettings -> Rep DataLakeSettings x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep DataLakeSettings x -> DataLakeSettings
$cfrom :: forall x. DataLakeSettings -> Rep DataLakeSettings x
Prelude.Generic)

-- |
-- Create a value of 'DataLakeSettings' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'allowExternalDataFiltering', 'dataLakeSettings_allowExternalDataFiltering' - Whether to allow Amazon EMR clusters to access data managed by Lake
-- Formation.
--
-- If true, you allow Amazon EMR clusters to access data in Amazon S3
-- locations that are registered with Lake Formation.
--
-- If false or null, no Amazon EMR clusters will be able to access data in
-- Amazon S3 locations that are registered with Lake Formation.
--
-- For more information, see
-- <https://docs-aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html#emr-switch (Optional) Allow Data Filtering on Amazon EMR>.
--
-- 'authorizedSessionTagValueList', 'dataLakeSettings_authorizedSessionTagValueList' - Lake Formation relies on a privileged process secured by Amazon EMR or
-- the third party integrator to tag the user\'s role while assuming it.
-- Lake Formation will publish the acceptable key-value pair, for example
-- key = \"LakeFormationTrustedCaller\" and value = \"TRUE\" and the third
-- party integrator must properly tag the temporary security credentials
-- that will be used to call Lake Formation\'s administrative APIs.
--
-- 'createDatabaseDefaultPermissions', 'dataLakeSettings_createDatabaseDefaultPermissions' - Specifies whether access control on newly created database is managed by
-- Lake Formation permissions or exclusively by IAM permissions.
--
-- A null value indicates access control by Lake Formation permissions. A
-- value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access
-- control by IAM permissions. This is referred to as the setting \"Use
-- only IAM access control,\" and is for backward compatibility with the
-- Glue permission model implemented by IAM permissions.
--
-- The only permitted values are an empty array or an array that contains a
-- single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
--
-- For more information, see
-- <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html Changing the Default Security Settings for Your Data Lake>.
--
-- 'createTableDefaultPermissions', 'dataLakeSettings_createTableDefaultPermissions' - Specifies whether access control on newly created table is managed by
-- Lake Formation permissions or exclusively by IAM permissions.
--
-- A null value indicates access control by Lake Formation permissions. A
-- value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access
-- control by IAM permissions. This is referred to as the setting \"Use
-- only IAM access control,\" and is for backward compatibility with the
-- Glue permission model implemented by IAM permissions.
--
-- The only permitted values are an empty array or an array that contains a
-- single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
--
-- For more information, see
-- <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html Changing the Default Security Settings for Your Data Lake>.
--
-- 'dataLakeAdmins', 'dataLakeSettings_dataLakeAdmins' - A list of Lake Formation principals. Supported principals are IAM users
-- or IAM roles.
--
-- 'externalDataFilteringAllowList', 'dataLakeSettings_externalDataFilteringAllowList' - A list of the account IDs of Amazon Web Services accounts with Amazon
-- EMR clusters that are to perform data filtering.>
--
-- 'parameters', 'dataLakeSettings_parameters' - A key-value map that provides an additional configuration on your data
-- lake. CrossAccountVersion is the key you can configure in the Parameters
-- field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.
--
-- 'trustedResourceOwners', 'dataLakeSettings_trustedResourceOwners' - A list of the resource-owning account IDs that the caller\'s account can
-- use to share their user access details (user ARNs). The user ARNs can be
-- logged in the resource owner\'s CloudTrail log.
--
-- You may want to specify this property when you are in a high-trust
-- boundary, such as the same team or company.
newDataLakeSettings ::
  DataLakeSettings
newDataLakeSettings :: DataLakeSettings
newDataLakeSettings =
  DataLakeSettings'
    { $sel:allowExternalDataFiltering:DataLakeSettings' :: Maybe Bool
allowExternalDataFiltering =
        forall a. Maybe a
Prelude.Nothing,
      $sel:authorizedSessionTagValueList:DataLakeSettings' :: Maybe [Text]
authorizedSessionTagValueList = forall a. Maybe a
Prelude.Nothing,
      $sel:createDatabaseDefaultPermissions:DataLakeSettings' :: Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions = forall a. Maybe a
Prelude.Nothing,
      $sel:createTableDefaultPermissions:DataLakeSettings' :: Maybe [PrincipalPermissions]
createTableDefaultPermissions = forall a. Maybe a
Prelude.Nothing,
      $sel:dataLakeAdmins:DataLakeSettings' :: Maybe [DataLakePrincipal]
dataLakeAdmins = forall a. Maybe a
Prelude.Nothing,
      $sel:externalDataFilteringAllowList:DataLakeSettings' :: Maybe [DataLakePrincipal]
externalDataFilteringAllowList = forall a. Maybe a
Prelude.Nothing,
      $sel:parameters:DataLakeSettings' :: Maybe (HashMap Text Text)
parameters = forall a. Maybe a
Prelude.Nothing,
      $sel:trustedResourceOwners:DataLakeSettings' :: Maybe [Text]
trustedResourceOwners = forall a. Maybe a
Prelude.Nothing
    }

-- | Whether to allow Amazon EMR clusters to access data managed by Lake
-- Formation.
--
-- If true, you allow Amazon EMR clusters to access data in Amazon S3
-- locations that are registered with Lake Formation.
--
-- If false or null, no Amazon EMR clusters will be able to access data in
-- Amazon S3 locations that are registered with Lake Formation.
--
-- For more information, see
-- <https://docs-aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html#emr-switch (Optional) Allow Data Filtering on Amazon EMR>.
dataLakeSettings_allowExternalDataFiltering :: Lens.Lens' DataLakeSettings (Prelude.Maybe Prelude.Bool)
dataLakeSettings_allowExternalDataFiltering :: Lens' DataLakeSettings (Maybe Bool)
dataLakeSettings_allowExternalDataFiltering = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DataLakeSettings' {Maybe Bool
allowExternalDataFiltering :: Maybe Bool
$sel:allowExternalDataFiltering:DataLakeSettings' :: DataLakeSettings -> Maybe Bool
allowExternalDataFiltering} -> Maybe Bool
allowExternalDataFiltering) (\s :: DataLakeSettings
s@DataLakeSettings' {} Maybe Bool
a -> DataLakeSettings
s {$sel:allowExternalDataFiltering:DataLakeSettings' :: Maybe Bool
allowExternalDataFiltering = Maybe Bool
a} :: DataLakeSettings)

-- | Lake Formation relies on a privileged process secured by Amazon EMR or
-- the third party integrator to tag the user\'s role while assuming it.
-- Lake Formation will publish the acceptable key-value pair, for example
-- key = \"LakeFormationTrustedCaller\" and value = \"TRUE\" and the third
-- party integrator must properly tag the temporary security credentials
-- that will be used to call Lake Formation\'s administrative APIs.
dataLakeSettings_authorizedSessionTagValueList :: Lens.Lens' DataLakeSettings (Prelude.Maybe [Prelude.Text])
dataLakeSettings_authorizedSessionTagValueList :: Lens' DataLakeSettings (Maybe [Text])
dataLakeSettings_authorizedSessionTagValueList = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DataLakeSettings' {Maybe [Text]
authorizedSessionTagValueList :: Maybe [Text]
$sel:authorizedSessionTagValueList:DataLakeSettings' :: DataLakeSettings -> Maybe [Text]
authorizedSessionTagValueList} -> Maybe [Text]
authorizedSessionTagValueList) (\s :: DataLakeSettings
s@DataLakeSettings' {} Maybe [Text]
a -> DataLakeSettings
s {$sel:authorizedSessionTagValueList:DataLakeSettings' :: Maybe [Text]
authorizedSessionTagValueList = Maybe [Text]
a} :: DataLakeSettings) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specifies whether access control on newly created database is managed by
-- Lake Formation permissions or exclusively by IAM permissions.
--
-- A null value indicates access control by Lake Formation permissions. A
-- value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access
-- control by IAM permissions. This is referred to as the setting \"Use
-- only IAM access control,\" and is for backward compatibility with the
-- Glue permission model implemented by IAM permissions.
--
-- The only permitted values are an empty array or an array that contains a
-- single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
--
-- For more information, see
-- <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html Changing the Default Security Settings for Your Data Lake>.
dataLakeSettings_createDatabaseDefaultPermissions :: Lens.Lens' DataLakeSettings (Prelude.Maybe [PrincipalPermissions])
dataLakeSettings_createDatabaseDefaultPermissions :: Lens' DataLakeSettings (Maybe [PrincipalPermissions])
dataLakeSettings_createDatabaseDefaultPermissions = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DataLakeSettings' {Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions :: Maybe [PrincipalPermissions]
$sel:createDatabaseDefaultPermissions:DataLakeSettings' :: DataLakeSettings -> Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions} -> Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions) (\s :: DataLakeSettings
s@DataLakeSettings' {} Maybe [PrincipalPermissions]
a -> DataLakeSettings
s {$sel:createDatabaseDefaultPermissions:DataLakeSettings' :: Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions = Maybe [PrincipalPermissions]
a} :: DataLakeSettings) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specifies whether access control on newly created table is managed by
-- Lake Formation permissions or exclusively by IAM permissions.
--
-- A null value indicates access control by Lake Formation permissions. A
-- value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access
-- control by IAM permissions. This is referred to as the setting \"Use
-- only IAM access control,\" and is for backward compatibility with the
-- Glue permission model implemented by IAM permissions.
--
-- The only permitted values are an empty array or an array that contains a
-- single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.
--
-- For more information, see
-- <https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html Changing the Default Security Settings for Your Data Lake>.
dataLakeSettings_createTableDefaultPermissions :: Lens.Lens' DataLakeSettings (Prelude.Maybe [PrincipalPermissions])
dataLakeSettings_createTableDefaultPermissions :: Lens' DataLakeSettings (Maybe [PrincipalPermissions])
dataLakeSettings_createTableDefaultPermissions = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DataLakeSettings' {Maybe [PrincipalPermissions]
createTableDefaultPermissions :: Maybe [PrincipalPermissions]
$sel:createTableDefaultPermissions:DataLakeSettings' :: DataLakeSettings -> Maybe [PrincipalPermissions]
createTableDefaultPermissions} -> Maybe [PrincipalPermissions]
createTableDefaultPermissions) (\s :: DataLakeSettings
s@DataLakeSettings' {} Maybe [PrincipalPermissions]
a -> DataLakeSettings
s {$sel:createTableDefaultPermissions:DataLakeSettings' :: Maybe [PrincipalPermissions]
createTableDefaultPermissions = Maybe [PrincipalPermissions]
a} :: DataLakeSettings) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A list of Lake Formation principals. Supported principals are IAM users
-- or IAM roles.
dataLakeSettings_dataLakeAdmins :: Lens.Lens' DataLakeSettings (Prelude.Maybe [DataLakePrincipal])
dataLakeSettings_dataLakeAdmins :: Lens' DataLakeSettings (Maybe [DataLakePrincipal])
dataLakeSettings_dataLakeAdmins = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DataLakeSettings' {Maybe [DataLakePrincipal]
dataLakeAdmins :: Maybe [DataLakePrincipal]
$sel:dataLakeAdmins:DataLakeSettings' :: DataLakeSettings -> Maybe [DataLakePrincipal]
dataLakeAdmins} -> Maybe [DataLakePrincipal]
dataLakeAdmins) (\s :: DataLakeSettings
s@DataLakeSettings' {} Maybe [DataLakePrincipal]
a -> DataLakeSettings
s {$sel:dataLakeAdmins:DataLakeSettings' :: Maybe [DataLakePrincipal]
dataLakeAdmins = Maybe [DataLakePrincipal]
a} :: DataLakeSettings) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A list of the account IDs of Amazon Web Services accounts with Amazon
-- EMR clusters that are to perform data filtering.>
dataLakeSettings_externalDataFilteringAllowList :: Lens.Lens' DataLakeSettings (Prelude.Maybe [DataLakePrincipal])
dataLakeSettings_externalDataFilteringAllowList :: Lens' DataLakeSettings (Maybe [DataLakePrincipal])
dataLakeSettings_externalDataFilteringAllowList = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DataLakeSettings' {Maybe [DataLakePrincipal]
externalDataFilteringAllowList :: Maybe [DataLakePrincipal]
$sel:externalDataFilteringAllowList:DataLakeSettings' :: DataLakeSettings -> Maybe [DataLakePrincipal]
externalDataFilteringAllowList} -> Maybe [DataLakePrincipal]
externalDataFilteringAllowList) (\s :: DataLakeSettings
s@DataLakeSettings' {} Maybe [DataLakePrincipal]
a -> DataLakeSettings
s {$sel:externalDataFilteringAllowList:DataLakeSettings' :: Maybe [DataLakePrincipal]
externalDataFilteringAllowList = Maybe [DataLakePrincipal]
a} :: DataLakeSettings) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A key-value map that provides an additional configuration on your data
-- lake. CrossAccountVersion is the key you can configure in the Parameters
-- field. Accepted values for the CrossAccountVersion key are 1, 2, and 3.
dataLakeSettings_parameters :: Lens.Lens' DataLakeSettings (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
dataLakeSettings_parameters :: Lens' DataLakeSettings (Maybe (HashMap Text Text))
dataLakeSettings_parameters = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DataLakeSettings' {Maybe (HashMap Text Text)
parameters :: Maybe (HashMap Text Text)
$sel:parameters:DataLakeSettings' :: DataLakeSettings -> Maybe (HashMap Text Text)
parameters} -> Maybe (HashMap Text Text)
parameters) (\s :: DataLakeSettings
s@DataLakeSettings' {} Maybe (HashMap Text Text)
a -> DataLakeSettings
s {$sel:parameters:DataLakeSettings' :: Maybe (HashMap Text Text)
parameters = Maybe (HashMap Text Text)
a} :: DataLakeSettings) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A list of the resource-owning account IDs that the caller\'s account can
-- use to share their user access details (user ARNs). The user ARNs can be
-- logged in the resource owner\'s CloudTrail log.
--
-- You may want to specify this property when you are in a high-trust
-- boundary, such as the same team or company.
dataLakeSettings_trustedResourceOwners :: Lens.Lens' DataLakeSettings (Prelude.Maybe [Prelude.Text])
dataLakeSettings_trustedResourceOwners :: Lens' DataLakeSettings (Maybe [Text])
dataLakeSettings_trustedResourceOwners = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DataLakeSettings' {Maybe [Text]
trustedResourceOwners :: Maybe [Text]
$sel:trustedResourceOwners:DataLakeSettings' :: DataLakeSettings -> Maybe [Text]
trustedResourceOwners} -> Maybe [Text]
trustedResourceOwners) (\s :: DataLakeSettings
s@DataLakeSettings' {} Maybe [Text]
a -> DataLakeSettings
s {$sel:trustedResourceOwners:DataLakeSettings' :: Maybe [Text]
trustedResourceOwners = Maybe [Text]
a} :: DataLakeSettings) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

instance Data.FromJSON DataLakeSettings where
  parseJSON :: Value -> Parser DataLakeSettings
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"DataLakeSettings"
      ( \Object
x ->
          Maybe Bool
-> Maybe [Text]
-> Maybe [PrincipalPermissions]
-> Maybe [PrincipalPermissions]
-> Maybe [DataLakePrincipal]
-> Maybe [DataLakePrincipal]
-> Maybe (HashMap Text Text)
-> Maybe [Text]
-> DataLakeSettings
DataLakeSettings'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"AllowExternalDataFiltering")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x
                            forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"AuthorizedSessionTagValueList"
                            forall a. Parser (Maybe a) -> a -> Parser a
Data..!= forall a. Monoid a => a
Prelude.mempty
                        )
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x
                            forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"CreateDatabaseDefaultPermissions"
                            forall a. Parser (Maybe a) -> a -> Parser a
Data..!= forall a. Monoid a => a
Prelude.mempty
                        )
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x
                            forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"CreateTableDefaultPermissions"
                            forall a. Parser (Maybe a) -> a -> Parser a
Data..!= forall a. Monoid a => a
Prelude.mempty
                        )
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"DataLakeAdmins" forall a. Parser (Maybe a) -> a -> Parser a
Data..!= forall a. Monoid a => a
Prelude.mempty)
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x
                            forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"ExternalDataFilteringAllowList"
                            forall a. Parser (Maybe a) -> a -> Parser a
Data..!= forall a. Monoid a => a
Prelude.mempty
                        )
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"Parameters" forall a. Parser (Maybe a) -> a -> Parser a
Data..!= forall a. Monoid a => a
Prelude.mempty)
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x
                            forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"TrustedResourceOwners"
                            forall a. Parser (Maybe a) -> a -> Parser a
Data..!= forall a. Monoid a => a
Prelude.mempty
                        )
      )

instance Prelude.Hashable DataLakeSettings where
  hashWithSalt :: Int -> DataLakeSettings -> Int
hashWithSalt Int
_salt DataLakeSettings' {Maybe Bool
Maybe [Text]
Maybe [DataLakePrincipal]
Maybe [PrincipalPermissions]
Maybe (HashMap Text Text)
trustedResourceOwners :: Maybe [Text]
parameters :: Maybe (HashMap Text Text)
externalDataFilteringAllowList :: Maybe [DataLakePrincipal]
dataLakeAdmins :: Maybe [DataLakePrincipal]
createTableDefaultPermissions :: Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions :: Maybe [PrincipalPermissions]
authorizedSessionTagValueList :: Maybe [Text]
allowExternalDataFiltering :: Maybe Bool
$sel:trustedResourceOwners:DataLakeSettings' :: DataLakeSettings -> Maybe [Text]
$sel:parameters:DataLakeSettings' :: DataLakeSettings -> Maybe (HashMap Text Text)
$sel:externalDataFilteringAllowList:DataLakeSettings' :: DataLakeSettings -> Maybe [DataLakePrincipal]
$sel:dataLakeAdmins:DataLakeSettings' :: DataLakeSettings -> Maybe [DataLakePrincipal]
$sel:createTableDefaultPermissions:DataLakeSettings' :: DataLakeSettings -> Maybe [PrincipalPermissions]
$sel:createDatabaseDefaultPermissions:DataLakeSettings' :: DataLakeSettings -> Maybe [PrincipalPermissions]
$sel:authorizedSessionTagValueList:DataLakeSettings' :: DataLakeSettings -> Maybe [Text]
$sel:allowExternalDataFiltering:DataLakeSettings' :: DataLakeSettings -> Maybe Bool
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Bool
allowExternalDataFiltering
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [Text]
authorizedSessionTagValueList
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [PrincipalPermissions]
createTableDefaultPermissions
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [DataLakePrincipal]
dataLakeAdmins
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [DataLakePrincipal]
externalDataFilteringAllowList
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (HashMap Text Text)
parameters
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [Text]
trustedResourceOwners

instance Prelude.NFData DataLakeSettings where
  rnf :: DataLakeSettings -> ()
rnf DataLakeSettings' {Maybe Bool
Maybe [Text]
Maybe [DataLakePrincipal]
Maybe [PrincipalPermissions]
Maybe (HashMap Text Text)
trustedResourceOwners :: Maybe [Text]
parameters :: Maybe (HashMap Text Text)
externalDataFilteringAllowList :: Maybe [DataLakePrincipal]
dataLakeAdmins :: Maybe [DataLakePrincipal]
createTableDefaultPermissions :: Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions :: Maybe [PrincipalPermissions]
authorizedSessionTagValueList :: Maybe [Text]
allowExternalDataFiltering :: Maybe Bool
$sel:trustedResourceOwners:DataLakeSettings' :: DataLakeSettings -> Maybe [Text]
$sel:parameters:DataLakeSettings' :: DataLakeSettings -> Maybe (HashMap Text Text)
$sel:externalDataFilteringAllowList:DataLakeSettings' :: DataLakeSettings -> Maybe [DataLakePrincipal]
$sel:dataLakeAdmins:DataLakeSettings' :: DataLakeSettings -> Maybe [DataLakePrincipal]
$sel:createTableDefaultPermissions:DataLakeSettings' :: DataLakeSettings -> Maybe [PrincipalPermissions]
$sel:createDatabaseDefaultPermissions:DataLakeSettings' :: DataLakeSettings -> Maybe [PrincipalPermissions]
$sel:authorizedSessionTagValueList:DataLakeSettings' :: DataLakeSettings -> Maybe [Text]
$sel:allowExternalDataFiltering:DataLakeSettings' :: DataLakeSettings -> Maybe Bool
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
allowExternalDataFiltering
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [Text]
authorizedSessionTagValueList
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [PrincipalPermissions]
createTableDefaultPermissions
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [DataLakePrincipal]
dataLakeAdmins
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [DataLakePrincipal]
externalDataFilteringAllowList
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe (HashMap Text Text)
parameters
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [Text]
trustedResourceOwners

instance Data.ToJSON DataLakeSettings where
  toJSON :: DataLakeSettings -> Value
toJSON DataLakeSettings' {Maybe Bool
Maybe [Text]
Maybe [DataLakePrincipal]
Maybe [PrincipalPermissions]
Maybe (HashMap Text Text)
trustedResourceOwners :: Maybe [Text]
parameters :: Maybe (HashMap Text Text)
externalDataFilteringAllowList :: Maybe [DataLakePrincipal]
dataLakeAdmins :: Maybe [DataLakePrincipal]
createTableDefaultPermissions :: Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions :: Maybe [PrincipalPermissions]
authorizedSessionTagValueList :: Maybe [Text]
allowExternalDataFiltering :: Maybe Bool
$sel:trustedResourceOwners:DataLakeSettings' :: DataLakeSettings -> Maybe [Text]
$sel:parameters:DataLakeSettings' :: DataLakeSettings -> Maybe (HashMap Text Text)
$sel:externalDataFilteringAllowList:DataLakeSettings' :: DataLakeSettings -> Maybe [DataLakePrincipal]
$sel:dataLakeAdmins:DataLakeSettings' :: DataLakeSettings -> Maybe [DataLakePrincipal]
$sel:createTableDefaultPermissions:DataLakeSettings' :: DataLakeSettings -> Maybe [PrincipalPermissions]
$sel:createDatabaseDefaultPermissions:DataLakeSettings' :: DataLakeSettings -> Maybe [PrincipalPermissions]
$sel:authorizedSessionTagValueList:DataLakeSettings' :: DataLakeSettings -> Maybe [Text]
$sel:allowExternalDataFiltering:DataLakeSettings' :: DataLakeSettings -> Maybe Bool
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"AllowExternalDataFiltering" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
allowExternalDataFiltering,
            (Key
"AuthorizedSessionTagValueList" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
authorizedSessionTagValueList,
            (Key
"CreateDatabaseDefaultPermissions" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [PrincipalPermissions]
createDatabaseDefaultPermissions,
            (Key
"CreateTableDefaultPermissions" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [PrincipalPermissions]
createTableDefaultPermissions,
            (Key
"DataLakeAdmins" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [DataLakePrincipal]
dataLakeAdmins,
            (Key
"ExternalDataFilteringAllowList" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [DataLakePrincipal]
externalDataFilteringAllowList,
            (Key
"Parameters" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
parameters,
            (Key
"TrustedResourceOwners" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
trustedResourceOwners
          ]
      )