{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.AuditManager.DeregisterOrganizationAdminAccount
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Removes the specified Amazon Web Services account as a delegated
-- administrator for Audit Manager.
--
-- When you remove a delegated administrator from your Audit Manager
-- settings, you continue to have access to the evidence that you
-- previously collected under that account. This is also the case when you
-- deregister a delegated administrator from Organizations. However, Audit
-- Manager stops collecting and attaching evidence to that delegated
-- administrator account moving forward.
--
-- Keep in mind the following cleanup task if you use evidence finder:
--
-- Before you use your management account to remove a delegated
-- administrator, make sure that the current delegated administrator
-- account signs in to Audit Manager and disables evidence finder first.
-- Disabling evidence finder automatically deletes the event data store
-- that was created in their account when they enabled evidence finder. If
-- this task isn’t completed, the event data store remains in their
-- account. In this case, we recommend that the original delegated
-- administrator goes to CloudTrail Lake and manually
-- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-eds-disable-termination.html deletes the event data store>.
--
-- This cleanup task is necessary to ensure that you don\'t end up with
-- multiple event data stores. Audit Manager ignores an unused event data
-- store after you remove or change a delegated administrator account.
-- However, the unused event data store continues to incur storage costs
-- from CloudTrail Lake if you don\'t delete it.
--
-- When you deregister a delegated administrator account for Audit Manager,
-- the data for that account isn’t deleted. If you want to delete resource
-- data for a delegated administrator account, you must perform that task
-- separately before you deregister the account. Either, you can do this in
-- the Audit Manager console. Or, you can use one of the delete API
-- operations that are provided by Audit Manager.
--
-- To delete your Audit Manager resource data, see the following
-- instructions:
--
-- -   <https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteAssessment.html DeleteAssessment>
--     (see also:
--     <https://docs.aws.amazon.com/audit-manager/latest/userguide/delete-assessment.html Deleting an assessment>
--     in the /Audit Manager User Guide/)
--
-- -   <https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteAssessmentFramework.html DeleteAssessmentFramework>
--     (see also:
--     <https://docs.aws.amazon.com/audit-manager/latest/userguide/delete-custom-framework.html Deleting a custom framework>
--     in the /Audit Manager User Guide/)
--
-- -   <https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteAssessmentFrameworkShare.html DeleteAssessmentFrameworkShare>
--     (see also:
--     <https://docs.aws.amazon.com/audit-manager/latest/userguide/deleting-shared-framework-requests.html Deleting a share request>
--     in the /Audit Manager User Guide/)
--
-- -   <https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteAssessmentReport.html DeleteAssessmentReport>
--     (see also:
--     <https://docs.aws.amazon.com/audit-manager/latest/userguide/generate-assessment-report.html#delete-assessment-report-steps Deleting an assessment report>
--     in the /Audit Manager User Guide/)
--
-- -   <https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteControl.html DeleteControl>
--     (see also:
--     <https://docs.aws.amazon.com/audit-manager/latest/userguide/delete-controls.html Deleting a custom control>
--     in the /Audit Manager User Guide/)
--
-- At this time, Audit Manager doesn\'t provide an option to delete
-- evidence for a specific delegated administrator. Instead, when your
-- management account deregisters Audit Manager, we perform a cleanup for
-- the current delegated administrator account at the time of
-- deregistration.
module Amazonka.AuditManager.DeregisterOrganizationAdminAccount
  ( -- * Creating a Request
    DeregisterOrganizationAdminAccount (..),
    newDeregisterOrganizationAdminAccount,

    -- * Request Lenses
    deregisterOrganizationAdminAccount_adminAccountId,

    -- * Destructuring the Response
    DeregisterOrganizationAdminAccountResponse (..),
    newDeregisterOrganizationAdminAccountResponse,

    -- * Response Lenses
    deregisterOrganizationAdminAccountResponse_httpStatus,
  )
where

import Amazonka.AuditManager.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newDeregisterOrganizationAdminAccount' smart constructor.
data DeregisterOrganizationAdminAccount = DeregisterOrganizationAdminAccount'
  { -- | The identifier for the administrator account.
    DeregisterOrganizationAdminAccount -> Maybe Text
adminAccountId :: Prelude.Maybe Prelude.Text
  }
  deriving (DeregisterOrganizationAdminAccount
-> DeregisterOrganizationAdminAccount -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: DeregisterOrganizationAdminAccount
-> DeregisterOrganizationAdminAccount -> Bool
$c/= :: DeregisterOrganizationAdminAccount
-> DeregisterOrganizationAdminAccount -> Bool
== :: DeregisterOrganizationAdminAccount
-> DeregisterOrganizationAdminAccount -> Bool
$c== :: DeregisterOrganizationAdminAccount
-> DeregisterOrganizationAdminAccount -> Bool
Prelude.Eq, ReadPrec [DeregisterOrganizationAdminAccount]
ReadPrec DeregisterOrganizationAdminAccount
Int -> ReadS DeregisterOrganizationAdminAccount
ReadS [DeregisterOrganizationAdminAccount]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [DeregisterOrganizationAdminAccount]
$creadListPrec :: ReadPrec [DeregisterOrganizationAdminAccount]
readPrec :: ReadPrec DeregisterOrganizationAdminAccount
$creadPrec :: ReadPrec DeregisterOrganizationAdminAccount
readList :: ReadS [DeregisterOrganizationAdminAccount]
$creadList :: ReadS [DeregisterOrganizationAdminAccount]
readsPrec :: Int -> ReadS DeregisterOrganizationAdminAccount
$creadsPrec :: Int -> ReadS DeregisterOrganizationAdminAccount
Prelude.Read, Int -> DeregisterOrganizationAdminAccount -> ShowS
[DeregisterOrganizationAdminAccount] -> ShowS
DeregisterOrganizationAdminAccount -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [DeregisterOrganizationAdminAccount] -> ShowS
$cshowList :: [DeregisterOrganizationAdminAccount] -> ShowS
show :: DeregisterOrganizationAdminAccount -> String
$cshow :: DeregisterOrganizationAdminAccount -> String
showsPrec :: Int -> DeregisterOrganizationAdminAccount -> ShowS
$cshowsPrec :: Int -> DeregisterOrganizationAdminAccount -> ShowS
Prelude.Show, forall x.
Rep DeregisterOrganizationAdminAccount x
-> DeregisterOrganizationAdminAccount
forall x.
DeregisterOrganizationAdminAccount
-> Rep DeregisterOrganizationAdminAccount x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep DeregisterOrganizationAdminAccount x
-> DeregisterOrganizationAdminAccount
$cfrom :: forall x.
DeregisterOrganizationAdminAccount
-> Rep DeregisterOrganizationAdminAccount x
Prelude.Generic)

-- |
-- Create a value of 'DeregisterOrganizationAdminAccount' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'adminAccountId', 'deregisterOrganizationAdminAccount_adminAccountId' - The identifier for the administrator account.
newDeregisterOrganizationAdminAccount ::
  DeregisterOrganizationAdminAccount
newDeregisterOrganizationAdminAccount :: DeregisterOrganizationAdminAccount
newDeregisterOrganizationAdminAccount =
  DeregisterOrganizationAdminAccount'
    { $sel:adminAccountId:DeregisterOrganizationAdminAccount' :: Maybe Text
adminAccountId =
        forall a. Maybe a
Prelude.Nothing
    }

-- | The identifier for the administrator account.
deregisterOrganizationAdminAccount_adminAccountId :: Lens.Lens' DeregisterOrganizationAdminAccount (Prelude.Maybe Prelude.Text)
deregisterOrganizationAdminAccount_adminAccountId :: Lens' DeregisterOrganizationAdminAccount (Maybe Text)
deregisterOrganizationAdminAccount_adminAccountId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DeregisterOrganizationAdminAccount' {Maybe Text
adminAccountId :: Maybe Text
$sel:adminAccountId:DeregisterOrganizationAdminAccount' :: DeregisterOrganizationAdminAccount -> Maybe Text
adminAccountId} -> Maybe Text
adminAccountId) (\s :: DeregisterOrganizationAdminAccount
s@DeregisterOrganizationAdminAccount' {} Maybe Text
a -> DeregisterOrganizationAdminAccount
s {$sel:adminAccountId:DeregisterOrganizationAdminAccount' :: Maybe Text
adminAccountId = Maybe Text
a} :: DeregisterOrganizationAdminAccount)

instance
  Core.AWSRequest
    DeregisterOrganizationAdminAccount
  where
  type
    AWSResponse DeregisterOrganizationAdminAccount =
      DeregisterOrganizationAdminAccountResponse
  request :: (Service -> Service)
-> DeregisterOrganizationAdminAccount
-> Request DeregisterOrganizationAdminAccount
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy DeregisterOrganizationAdminAccount
-> ClientResponse ClientBody
-> m (Either
        Error
        (ClientResponse (AWSResponse DeregisterOrganizationAdminAccount)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> () -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveEmpty
      ( \Int
s ResponseHeaders
h ()
x ->
          Int -> DeregisterOrganizationAdminAccountResponse
DeregisterOrganizationAdminAccountResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance
  Prelude.Hashable
    DeregisterOrganizationAdminAccount
  where
  hashWithSalt :: Int -> DeregisterOrganizationAdminAccount -> Int
hashWithSalt
    Int
_salt
    DeregisterOrganizationAdminAccount' {Maybe Text
adminAccountId :: Maybe Text
$sel:adminAccountId:DeregisterOrganizationAdminAccount' :: DeregisterOrganizationAdminAccount -> Maybe Text
..} =
      Int
_salt forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
adminAccountId

instance
  Prelude.NFData
    DeregisterOrganizationAdminAccount
  where
  rnf :: DeregisterOrganizationAdminAccount -> ()
rnf DeregisterOrganizationAdminAccount' {Maybe Text
adminAccountId :: Maybe Text
$sel:adminAccountId:DeregisterOrganizationAdminAccount' :: DeregisterOrganizationAdminAccount -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
adminAccountId

instance
  Data.ToHeaders
    DeregisterOrganizationAdminAccount
  where
  toHeaders :: DeregisterOrganizationAdminAccount -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance
  Data.ToJSON
    DeregisterOrganizationAdminAccount
  where
  toJSON :: DeregisterOrganizationAdminAccount -> Value
toJSON DeregisterOrganizationAdminAccount' {Maybe Text
adminAccountId :: Maybe Text
$sel:adminAccountId:DeregisterOrganizationAdminAccount' :: DeregisterOrganizationAdminAccount -> Maybe Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"adminAccountId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
adminAccountId
          ]
      )

instance
  Data.ToPath
    DeregisterOrganizationAdminAccount
  where
  toPath :: DeregisterOrganizationAdminAccount -> ByteString
toPath =
    forall a b. a -> b -> a
Prelude.const
      ByteString
"/account/deregisterOrganizationAdminAccount"

instance
  Data.ToQuery
    DeregisterOrganizationAdminAccount
  where
  toQuery :: DeregisterOrganizationAdminAccount -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newDeregisterOrganizationAdminAccountResponse' smart constructor.
data DeregisterOrganizationAdminAccountResponse = DeregisterOrganizationAdminAccountResponse'
  { -- | The response's http status code.
    DeregisterOrganizationAdminAccountResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (DeregisterOrganizationAdminAccountResponse
-> DeregisterOrganizationAdminAccountResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: DeregisterOrganizationAdminAccountResponse
-> DeregisterOrganizationAdminAccountResponse -> Bool
$c/= :: DeregisterOrganizationAdminAccountResponse
-> DeregisterOrganizationAdminAccountResponse -> Bool
== :: DeregisterOrganizationAdminAccountResponse
-> DeregisterOrganizationAdminAccountResponse -> Bool
$c== :: DeregisterOrganizationAdminAccountResponse
-> DeregisterOrganizationAdminAccountResponse -> Bool
Prelude.Eq, ReadPrec [DeregisterOrganizationAdminAccountResponse]
ReadPrec DeregisterOrganizationAdminAccountResponse
Int -> ReadS DeregisterOrganizationAdminAccountResponse
ReadS [DeregisterOrganizationAdminAccountResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [DeregisterOrganizationAdminAccountResponse]
$creadListPrec :: ReadPrec [DeregisterOrganizationAdminAccountResponse]
readPrec :: ReadPrec DeregisterOrganizationAdminAccountResponse
$creadPrec :: ReadPrec DeregisterOrganizationAdminAccountResponse
readList :: ReadS [DeregisterOrganizationAdminAccountResponse]
$creadList :: ReadS [DeregisterOrganizationAdminAccountResponse]
readsPrec :: Int -> ReadS DeregisterOrganizationAdminAccountResponse
$creadsPrec :: Int -> ReadS DeregisterOrganizationAdminAccountResponse
Prelude.Read, Int -> DeregisterOrganizationAdminAccountResponse -> ShowS
[DeregisterOrganizationAdminAccountResponse] -> ShowS
DeregisterOrganizationAdminAccountResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [DeregisterOrganizationAdminAccountResponse] -> ShowS
$cshowList :: [DeregisterOrganizationAdminAccountResponse] -> ShowS
show :: DeregisterOrganizationAdminAccountResponse -> String
$cshow :: DeregisterOrganizationAdminAccountResponse -> String
showsPrec :: Int -> DeregisterOrganizationAdminAccountResponse -> ShowS
$cshowsPrec :: Int -> DeregisterOrganizationAdminAccountResponse -> ShowS
Prelude.Show, forall x.
Rep DeregisterOrganizationAdminAccountResponse x
-> DeregisterOrganizationAdminAccountResponse
forall x.
DeregisterOrganizationAdminAccountResponse
-> Rep DeregisterOrganizationAdminAccountResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep DeregisterOrganizationAdminAccountResponse x
-> DeregisterOrganizationAdminAccountResponse
$cfrom :: forall x.
DeregisterOrganizationAdminAccountResponse
-> Rep DeregisterOrganizationAdminAccountResponse x
Prelude.Generic)

-- |
-- Create a value of 'DeregisterOrganizationAdminAccountResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'deregisterOrganizationAdminAccountResponse_httpStatus' - The response's http status code.
newDeregisterOrganizationAdminAccountResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  DeregisterOrganizationAdminAccountResponse
newDeregisterOrganizationAdminAccountResponse :: Int -> DeregisterOrganizationAdminAccountResponse
newDeregisterOrganizationAdminAccountResponse
  Int
pHttpStatus_ =
    DeregisterOrganizationAdminAccountResponse'
      { $sel:httpStatus:DeregisterOrganizationAdminAccountResponse' :: Int
httpStatus =
          Int
pHttpStatus_
      }

-- | The response's http status code.
deregisterOrganizationAdminAccountResponse_httpStatus :: Lens.Lens' DeregisterOrganizationAdminAccountResponse Prelude.Int
deregisterOrganizationAdminAccountResponse_httpStatus :: Lens' DeregisterOrganizationAdminAccountResponse Int
deregisterOrganizationAdminAccountResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DeregisterOrganizationAdminAccountResponse' {Int
httpStatus :: Int
$sel:httpStatus:DeregisterOrganizationAdminAccountResponse' :: DeregisterOrganizationAdminAccountResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: DeregisterOrganizationAdminAccountResponse
s@DeregisterOrganizationAdminAccountResponse' {} Int
a -> DeregisterOrganizationAdminAccountResponse
s {$sel:httpStatus:DeregisterOrganizationAdminAccountResponse' :: Int
httpStatus = Int
a} :: DeregisterOrganizationAdminAccountResponse)

instance
  Prelude.NFData
    DeregisterOrganizationAdminAccountResponse
  where
  rnf :: DeregisterOrganizationAdminAccountResponse -> ()
rnf DeregisterOrganizationAdminAccountResponse' {Int
httpStatus :: Int
$sel:httpStatus:DeregisterOrganizationAdminAccountResponse' :: DeregisterOrganizationAdminAccountResponse -> Int
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus