{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.STS.DecodeAuthorizationMessage
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Decodes additional information about the authorization status of a
-- request from an encoded message returned in response to an Amazon Web
-- Services request.
--
-- For example, if a user is not authorized to perform an operation that he
-- or she has requested, the request returns a
-- @Client.UnauthorizedOperation@ response (an HTTP 403 response). Some
-- Amazon Web Services operations additionally return an encoded message
-- that can provide details about this authorization failure.
--
-- Only certain Amazon Web Services operations return an encoded
-- authorization message. The documentation for an individual operation
-- indicates whether that operation returns an encoded message in addition
-- to returning an HTTP code.
--
-- The message is encoded because the details of the authorization status
-- can contain privileged information that the user who requested the
-- operation should not see. To decode an authorization status message, a
-- user must be granted permissions through an IAM
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html policy>
-- to request the @DecodeAuthorizationMessage@
-- (@sts:DecodeAuthorizationMessage@) action.
--
-- The decoded message includes the following type of information:
--
-- -   Whether the request was denied due to an explicit deny or due to the
--     absence of an explicit allow. For more information, see
--     <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow Determining Whether a Request is Allowed or Denied>
--     in the /IAM User Guide/.
--
-- -   The principal who made the request.
--
-- -   The requested action.
--
-- -   The requested resource.
--
-- -   The values of condition keys in the context of the user\'s request.
module Amazonka.STS.DecodeAuthorizationMessage
  ( -- * Creating a Request
    DecodeAuthorizationMessage (..),
    newDecodeAuthorizationMessage,

    -- * Request Lenses
    decodeAuthorizationMessage_encodedMessage,

    -- * Destructuring the Response
    DecodeAuthorizationMessageResponse (..),
    newDecodeAuthorizationMessageResponse,

    -- * Response Lenses
    decodeAuthorizationMessageResponse_decodedMessage,
    decodeAuthorizationMessageResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.STS.Types

-- | /See:/ 'newDecodeAuthorizationMessage' smart constructor.
data DecodeAuthorizationMessage = DecodeAuthorizationMessage'
  { -- | The encoded message that was returned with the response.
    DecodeAuthorizationMessage -> Text
encodedMessage :: Prelude.Text
  }
  deriving (DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
$c/= :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
== :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
$c== :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
Prelude.Eq, ReadPrec [DecodeAuthorizationMessage]
ReadPrec DecodeAuthorizationMessage
Int -> ReadS DecodeAuthorizationMessage
ReadS [DecodeAuthorizationMessage]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [DecodeAuthorizationMessage]
$creadListPrec :: ReadPrec [DecodeAuthorizationMessage]
readPrec :: ReadPrec DecodeAuthorizationMessage
$creadPrec :: ReadPrec DecodeAuthorizationMessage
readList :: ReadS [DecodeAuthorizationMessage]
$creadList :: ReadS [DecodeAuthorizationMessage]
readsPrec :: Int -> ReadS DecodeAuthorizationMessage
$creadsPrec :: Int -> ReadS DecodeAuthorizationMessage
Prelude.Read, Int -> DecodeAuthorizationMessage -> ShowS
[DecodeAuthorizationMessage] -> ShowS
DecodeAuthorizationMessage -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [DecodeAuthorizationMessage] -> ShowS
$cshowList :: [DecodeAuthorizationMessage] -> ShowS
show :: DecodeAuthorizationMessage -> String
$cshow :: DecodeAuthorizationMessage -> String
showsPrec :: Int -> DecodeAuthorizationMessage -> ShowS
$cshowsPrec :: Int -> DecodeAuthorizationMessage -> ShowS
Prelude.Show, forall x.
Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage
forall x.
DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage
$cfrom :: forall x.
DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x
Prelude.Generic)

-- |
-- Create a value of 'DecodeAuthorizationMessage' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'encodedMessage', 'decodeAuthorizationMessage_encodedMessage' - The encoded message that was returned with the response.
newDecodeAuthorizationMessage ::
  -- | 'encodedMessage'
  Prelude.Text ->
  DecodeAuthorizationMessage
newDecodeAuthorizationMessage :: Text -> DecodeAuthorizationMessage
newDecodeAuthorizationMessage Text
pEncodedMessage_ =
  DecodeAuthorizationMessage'
    { $sel:encodedMessage:DecodeAuthorizationMessage' :: Text
encodedMessage =
        Text
pEncodedMessage_
    }

-- | The encoded message that was returned with the response.
decodeAuthorizationMessage_encodedMessage :: Lens.Lens' DecodeAuthorizationMessage Prelude.Text
decodeAuthorizationMessage_encodedMessage :: Lens' DecodeAuthorizationMessage Text
decodeAuthorizationMessage_encodedMessage = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessage' {Text
encodedMessage :: Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
encodedMessage} -> Text
encodedMessage) (\s :: DecodeAuthorizationMessage
s@DecodeAuthorizationMessage' {} Text
a -> DecodeAuthorizationMessage
s {$sel:encodedMessage:DecodeAuthorizationMessage' :: Text
encodedMessage = Text
a} :: DecodeAuthorizationMessage)

instance Core.AWSRequest DecodeAuthorizationMessage where
  type
    AWSResponse DecodeAuthorizationMessage =
      DecodeAuthorizationMessageResponse
  request :: (Service -> Service)
-> DecodeAuthorizationMessage -> Request DecodeAuthorizationMessage
request Service -> Service
overrides =
    forall a. ToRequest a => Service -> a -> Request a
Request.postQuery (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy DecodeAuthorizationMessage
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse DecodeAuthorizationMessage)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
Text
-> (Int
    -> ResponseHeaders -> [Node] -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveXMLWrapper
      Text
"DecodeAuthorizationMessageResult"
      ( \Int
s ResponseHeaders
h [Node]
x ->
          Maybe Text -> Int -> DecodeAuthorizationMessageResponse
DecodeAuthorizationMessageResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"DecodedMessage")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable DecodeAuthorizationMessage where
  hashWithSalt :: Int -> DecodeAuthorizationMessage -> Int
hashWithSalt Int
_salt DecodeAuthorizationMessage' {Text
encodedMessage :: Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
..} =
    Int
_salt forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
encodedMessage

instance Prelude.NFData DecodeAuthorizationMessage where
  rnf :: DecodeAuthorizationMessage -> ()
rnf DecodeAuthorizationMessage' {Text
encodedMessage :: Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
encodedMessage

instance Data.ToHeaders DecodeAuthorizationMessage where
  toHeaders :: DecodeAuthorizationMessage -> ResponseHeaders
toHeaders = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

instance Data.ToPath DecodeAuthorizationMessage where
  toPath :: DecodeAuthorizationMessage -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery DecodeAuthorizationMessage where
  toQuery :: DecodeAuthorizationMessage -> QueryString
toQuery DecodeAuthorizationMessage' {Text
encodedMessage :: Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"Action"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: (ByteString
"DecodeAuthorizationMessage" :: Prelude.ByteString),
        ByteString
"Version"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: (ByteString
"2011-06-15" :: Prelude.ByteString),
        ByteString
"EncodedMessage" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
encodedMessage
      ]

-- | A document that contains additional information about the authorization
-- status of a request from an encoded message that is returned in response
-- to an Amazon Web Services request.
--
-- /See:/ 'newDecodeAuthorizationMessageResponse' smart constructor.
data DecodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse'
  { -- | The API returns a response with the decoded message.
    DecodeAuthorizationMessageResponse -> Maybe Text
decodedMessage :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    DecodeAuthorizationMessageResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
$c/= :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
== :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
$c== :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
Prelude.Eq, ReadPrec [DecodeAuthorizationMessageResponse]
ReadPrec DecodeAuthorizationMessageResponse
Int -> ReadS DecodeAuthorizationMessageResponse
ReadS [DecodeAuthorizationMessageResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [DecodeAuthorizationMessageResponse]
$creadListPrec :: ReadPrec [DecodeAuthorizationMessageResponse]
readPrec :: ReadPrec DecodeAuthorizationMessageResponse
$creadPrec :: ReadPrec DecodeAuthorizationMessageResponse
readList :: ReadS [DecodeAuthorizationMessageResponse]
$creadList :: ReadS [DecodeAuthorizationMessageResponse]
readsPrec :: Int -> ReadS DecodeAuthorizationMessageResponse
$creadsPrec :: Int -> ReadS DecodeAuthorizationMessageResponse
Prelude.Read, Int -> DecodeAuthorizationMessageResponse -> ShowS
[DecodeAuthorizationMessageResponse] -> ShowS
DecodeAuthorizationMessageResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [DecodeAuthorizationMessageResponse] -> ShowS
$cshowList :: [DecodeAuthorizationMessageResponse] -> ShowS
show :: DecodeAuthorizationMessageResponse -> String
$cshow :: DecodeAuthorizationMessageResponse -> String
showsPrec :: Int -> DecodeAuthorizationMessageResponse -> ShowS
$cshowsPrec :: Int -> DecodeAuthorizationMessageResponse -> ShowS
Prelude.Show, forall x.
Rep DecodeAuthorizationMessageResponse x
-> DecodeAuthorizationMessageResponse
forall x.
DecodeAuthorizationMessageResponse
-> Rep DecodeAuthorizationMessageResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep DecodeAuthorizationMessageResponse x
-> DecodeAuthorizationMessageResponse
$cfrom :: forall x.
DecodeAuthorizationMessageResponse
-> Rep DecodeAuthorizationMessageResponse x
Prelude.Generic)

-- |
-- Create a value of 'DecodeAuthorizationMessageResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'decodedMessage', 'decodeAuthorizationMessageResponse_decodedMessage' - The API returns a response with the decoded message.
--
-- 'httpStatus', 'decodeAuthorizationMessageResponse_httpStatus' - The response's http status code.
newDecodeAuthorizationMessageResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  DecodeAuthorizationMessageResponse
newDecodeAuthorizationMessageResponse :: Int -> DecodeAuthorizationMessageResponse
newDecodeAuthorizationMessageResponse Int
pHttpStatus_ =
  DecodeAuthorizationMessageResponse'
    { $sel:decodedMessage:DecodeAuthorizationMessageResponse' :: Maybe Text
decodedMessage =
        forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:DecodeAuthorizationMessageResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The API returns a response with the decoded message.
decodeAuthorizationMessageResponse_decodedMessage :: Lens.Lens' DecodeAuthorizationMessageResponse (Prelude.Maybe Prelude.Text)
decodeAuthorizationMessageResponse_decodedMessage :: Lens' DecodeAuthorizationMessageResponse (Maybe Text)
decodeAuthorizationMessageResponse_decodedMessage = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessageResponse' {Maybe Text
decodedMessage :: Maybe Text
$sel:decodedMessage:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Maybe Text
decodedMessage} -> Maybe Text
decodedMessage) (\s :: DecodeAuthorizationMessageResponse
s@DecodeAuthorizationMessageResponse' {} Maybe Text
a -> DecodeAuthorizationMessageResponse
s {$sel:decodedMessage:DecodeAuthorizationMessageResponse' :: Maybe Text
decodedMessage = Maybe Text
a} :: DecodeAuthorizationMessageResponse)

-- | The response's http status code.
decodeAuthorizationMessageResponse_httpStatus :: Lens.Lens' DecodeAuthorizationMessageResponse Prelude.Int
decodeAuthorizationMessageResponse_httpStatus :: Lens' DecodeAuthorizationMessageResponse Int
decodeAuthorizationMessageResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessageResponse' {Int
httpStatus :: Int
$sel:httpStatus:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: DecodeAuthorizationMessageResponse
s@DecodeAuthorizationMessageResponse' {} Int
a -> DecodeAuthorizationMessageResponse
s {$sel:httpStatus:DecodeAuthorizationMessageResponse' :: Int
httpStatus = Int
a} :: DecodeAuthorizationMessageResponse)

instance
  Prelude.NFData
    DecodeAuthorizationMessageResponse
  where
  rnf :: DecodeAuthorizationMessageResponse -> ()
rnf DecodeAuthorizationMessageResponse' {Int
Maybe Text
httpStatus :: Int
decodedMessage :: Maybe Text
$sel:httpStatus:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Int
$sel:decodedMessage:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
decodedMessage
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus