{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.SSO.GetRoleCredentials
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns the STS short-term credentials for a given role name that is
-- assigned to the user.
module Amazonka.SSO.GetRoleCredentials
  ( -- * Creating a Request
    GetRoleCredentials (..),
    newGetRoleCredentials,

    -- * Request Lenses
    getRoleCredentials_roleName,
    getRoleCredentials_accountId,
    getRoleCredentials_accessToken,

    -- * Destructuring the Response
    GetRoleCredentialsResponse (..),
    newGetRoleCredentialsResponse,

    -- * Response Lenses
    getRoleCredentialsResponse_httpStatus,
    getRoleCredentialsResponse_roleCredentials,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.SSO.Types

-- | /See:/ 'newGetRoleCredentials' smart constructor.
data GetRoleCredentials = GetRoleCredentials'
  { -- | The friendly name of the role that is assigned to the user.
    GetRoleCredentials -> Text
roleName :: Prelude.Text,
    -- | The identifier for the AWS account that is assigned to the user.
    GetRoleCredentials -> Text
accountId :: Prelude.Text,
    -- | The token issued by the @CreateToken@ API call. For more information,
    -- see
    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
    -- in the /IAM Identity Center OIDC API Reference Guide/.
    GetRoleCredentials -> Sensitive Text
accessToken :: Data.Sensitive Prelude.Text
  }
  deriving (GetRoleCredentials -> GetRoleCredentials -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetRoleCredentials -> GetRoleCredentials -> Bool
$c/= :: GetRoleCredentials -> GetRoleCredentials -> Bool
== :: GetRoleCredentials -> GetRoleCredentials -> Bool
$c== :: GetRoleCredentials -> GetRoleCredentials -> Bool
Prelude.Eq, Int -> GetRoleCredentials -> ShowS
[GetRoleCredentials] -> ShowS
GetRoleCredentials -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetRoleCredentials] -> ShowS
$cshowList :: [GetRoleCredentials] -> ShowS
show :: GetRoleCredentials -> String
$cshow :: GetRoleCredentials -> String
showsPrec :: Int -> GetRoleCredentials -> ShowS
$cshowsPrec :: Int -> GetRoleCredentials -> ShowS
Prelude.Show, forall x. Rep GetRoleCredentials x -> GetRoleCredentials
forall x. GetRoleCredentials -> Rep GetRoleCredentials x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetRoleCredentials x -> GetRoleCredentials
$cfrom :: forall x. GetRoleCredentials -> Rep GetRoleCredentials x
Prelude.Generic)

-- |
-- Create a value of 'GetRoleCredentials' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'roleName', 'getRoleCredentials_roleName' - The friendly name of the role that is assigned to the user.
--
-- 'accountId', 'getRoleCredentials_accountId' - The identifier for the AWS account that is assigned to the user.
--
-- 'accessToken', 'getRoleCredentials_accessToken' - The token issued by the @CreateToken@ API call. For more information,
-- see
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
-- in the /IAM Identity Center OIDC API Reference Guide/.
newGetRoleCredentials ::
  -- | 'roleName'
  Prelude.Text ->
  -- | 'accountId'
  Prelude.Text ->
  -- | 'accessToken'
  Prelude.Text ->
  GetRoleCredentials
newGetRoleCredentials :: Text -> Text -> Text -> GetRoleCredentials
newGetRoleCredentials
  Text
pRoleName_
  Text
pAccountId_
  Text
pAccessToken_ =
    GetRoleCredentials'
      { $sel:roleName:GetRoleCredentials' :: Text
roleName = Text
pRoleName_,
        $sel:accountId:GetRoleCredentials' :: Text
accountId = Text
pAccountId_,
        $sel:accessToken:GetRoleCredentials' :: Sensitive Text
accessToken = forall a. Iso' (Sensitive a) a
Data._Sensitive forall t b. AReview t b -> b -> t
Lens.# Text
pAccessToken_
      }

-- | The friendly name of the role that is assigned to the user.
getRoleCredentials_roleName :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_roleName :: Lens' GetRoleCredentials Text
getRoleCredentials_roleName = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Text
roleName :: Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
roleName} -> Text
roleName) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Text
a -> GetRoleCredentials
s {$sel:roleName:GetRoleCredentials' :: Text
roleName = Text
a} :: GetRoleCredentials)

-- | The identifier for the AWS account that is assigned to the user.
getRoleCredentials_accountId :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_accountId :: Lens' GetRoleCredentials Text
getRoleCredentials_accountId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Text
accountId :: Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
accountId} -> Text
accountId) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Text
a -> GetRoleCredentials
s {$sel:accountId:GetRoleCredentials' :: Text
accountId = Text
a} :: GetRoleCredentials)

-- | The token issued by the @CreateToken@ API call. For more information,
-- see
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
-- in the /IAM Identity Center OIDC API Reference Guide/.
getRoleCredentials_accessToken :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_accessToken :: Lens' GetRoleCredentials Text
getRoleCredentials_accessToken = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Sensitive Text
accessToken :: Sensitive Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
accessToken} -> Sensitive Text
accessToken) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Sensitive Text
a -> GetRoleCredentials
s {$sel:accessToken:GetRoleCredentials' :: Sensitive Text
accessToken = Sensitive Text
a} :: GetRoleCredentials) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall a. Iso' (Sensitive a) a
Data._Sensitive

instance Core.AWSRequest GetRoleCredentials where
  type
    AWSResponse GetRoleCredentials =
      GetRoleCredentialsResponse
  request :: (Service -> Service)
-> GetRoleCredentials -> Request GetRoleCredentials
request Service -> Service
overrides =
    forall a. ToRequest a => Service -> a -> Request a
Request.get (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy GetRoleCredentials
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse GetRoleCredentials)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Int -> RoleCredentials -> GetRoleCredentialsResponse
GetRoleCredentialsResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String a
Data..:> Key
"roleCredentials")
      )

instance Prelude.Hashable GetRoleCredentials where
  hashWithSalt :: Int -> GetRoleCredentials -> Int
hashWithSalt Int
_salt GetRoleCredentials' {Text
Sensitive Text
accessToken :: Sensitive Text
accountId :: Text
roleName :: Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
roleName
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
accountId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Sensitive Text
accessToken

instance Prelude.NFData GetRoleCredentials where
  rnf :: GetRoleCredentials -> ()
rnf GetRoleCredentials' {Text
Sensitive Text
accessToken :: Sensitive Text
accountId :: Text
roleName :: Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
roleName
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
accountId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Sensitive Text
accessToken

instance Data.ToHeaders GetRoleCredentials where
  toHeaders :: GetRoleCredentials -> ResponseHeaders
toHeaders GetRoleCredentials' {Text
Sensitive Text
accessToken :: Sensitive Text
accountId :: Text
roleName :: Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ HeaderName
"x-amz-sso_bearer_token" forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# Sensitive Text
accessToken,
        HeaderName
"Content-Type"
          forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# (ByteString
"application/x-amz-json-1.1" :: Prelude.ByteString)
      ]

instance Data.ToPath GetRoleCredentials where
  toPath :: GetRoleCredentials -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/federation/credentials"

instance Data.ToQuery GetRoleCredentials where
  toQuery :: GetRoleCredentials -> QueryString
toQuery GetRoleCredentials' {Text
Sensitive Text
accessToken :: Sensitive Text
accountId :: Text
roleName :: Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"role_name" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
roleName,
        ByteString
"account_id" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
accountId
      ]

-- | /See:/ 'newGetRoleCredentialsResponse' smart constructor.
data GetRoleCredentialsResponse = GetRoleCredentialsResponse'
  { -- | The response's http status code.
    GetRoleCredentialsResponse -> Int
httpStatus :: Prelude.Int,
    -- | The credentials for the role that is assigned to the user.
    GetRoleCredentialsResponse -> RoleCredentials
roleCredentials :: RoleCredentials
  }
  deriving (GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
$c/= :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
== :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
$c== :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
Prelude.Eq, Int -> GetRoleCredentialsResponse -> ShowS
[GetRoleCredentialsResponse] -> ShowS
GetRoleCredentialsResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetRoleCredentialsResponse] -> ShowS
$cshowList :: [GetRoleCredentialsResponse] -> ShowS
show :: GetRoleCredentialsResponse -> String
$cshow :: GetRoleCredentialsResponse -> String
showsPrec :: Int -> GetRoleCredentialsResponse -> ShowS
$cshowsPrec :: Int -> GetRoleCredentialsResponse -> ShowS
Prelude.Show, forall x.
Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse
forall x.
GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse
$cfrom :: forall x.
GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x
Prelude.Generic)

-- |
-- Create a value of 'GetRoleCredentialsResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'getRoleCredentialsResponse_httpStatus' - The response's http status code.
--
-- 'roleCredentials', 'getRoleCredentialsResponse_roleCredentials' - The credentials for the role that is assigned to the user.
newGetRoleCredentialsResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  -- | 'roleCredentials'
  RoleCredentials ->
  GetRoleCredentialsResponse
newGetRoleCredentialsResponse :: Int -> RoleCredentials -> GetRoleCredentialsResponse
newGetRoleCredentialsResponse
  Int
pHttpStatus_
  RoleCredentials
pRoleCredentials_ =
    GetRoleCredentialsResponse'
      { $sel:httpStatus:GetRoleCredentialsResponse' :: Int
httpStatus =
          Int
pHttpStatus_,
        $sel:roleCredentials:GetRoleCredentialsResponse' :: RoleCredentials
roleCredentials = RoleCredentials
pRoleCredentials_
      }

-- | The response's http status code.
getRoleCredentialsResponse_httpStatus :: Lens.Lens' GetRoleCredentialsResponse Prelude.Int
getRoleCredentialsResponse_httpStatus :: Lens' GetRoleCredentialsResponse Int
getRoleCredentialsResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentialsResponse' {Int
httpStatus :: Int
$sel:httpStatus:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GetRoleCredentialsResponse
s@GetRoleCredentialsResponse' {} Int
a -> GetRoleCredentialsResponse
s {$sel:httpStatus:GetRoleCredentialsResponse' :: Int
httpStatus = Int
a} :: GetRoleCredentialsResponse)

-- | The credentials for the role that is assigned to the user.
getRoleCredentialsResponse_roleCredentials :: Lens.Lens' GetRoleCredentialsResponse RoleCredentials
getRoleCredentialsResponse_roleCredentials :: Lens' GetRoleCredentialsResponse RoleCredentials
getRoleCredentialsResponse_roleCredentials = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentialsResponse' {RoleCredentials
roleCredentials :: RoleCredentials
$sel:roleCredentials:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> RoleCredentials
roleCredentials} -> RoleCredentials
roleCredentials) (\s :: GetRoleCredentialsResponse
s@GetRoleCredentialsResponse' {} RoleCredentials
a -> GetRoleCredentialsResponse
s {$sel:roleCredentials:GetRoleCredentialsResponse' :: RoleCredentials
roleCredentials = RoleCredentials
a} :: GetRoleCredentialsResponse)

instance Prelude.NFData GetRoleCredentialsResponse where
  rnf :: GetRoleCredentialsResponse -> ()
rnf GetRoleCredentialsResponse' {Int
RoleCredentials
roleCredentials :: RoleCredentials
httpStatus :: Int
$sel:roleCredentials:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> RoleCredentials
$sel:httpStatus:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> Int
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf RoleCredentials
roleCredentials