{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.OpenSearch.Types.AdvancedSecurityOptionsInput
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.OpenSearch.Types.AdvancedSecurityOptionsInput where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.OpenSearch.Types.MasterUserOptions
import Amazonka.OpenSearch.Types.SAMLOptionsInput
import qualified Amazonka.Prelude as Prelude

-- | Options for enabling and configuring fine-grained access control. For
-- more information, see
-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html Fine-grained access control in Amazon OpenSearch Service>.
--
-- /See:/ 'newAdvancedSecurityOptionsInput' smart constructor.
data AdvancedSecurityOptionsInput = AdvancedSecurityOptionsInput'
  { -- | True to enable a 30-day migration period during which administrators can
    -- create role mappings. Only necessary when
    -- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing enabling fine-grained access control on an existing domain>.
    anonymousAuthEnabled :: Prelude.Maybe Prelude.Bool,
    -- | True to enable fine-grained access control.
    enabled :: Prelude.Maybe Prelude.Bool,
    -- | True to enable the internal user database.
    internalUserDatabaseEnabled :: Prelude.Maybe Prelude.Bool,
    -- | Container for information about the master user.
    masterUserOptions :: Prelude.Maybe MasterUserOptions,
    -- | Container for information about the SAML configuration for OpenSearch
    -- Dashboards.
    sAMLOptions :: Prelude.Maybe SAMLOptionsInput
  }
  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)

-- |
-- Create a value of 'AdvancedSecurityOptionsInput' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'anonymousAuthEnabled', 'advancedSecurityOptionsInput_anonymousAuthEnabled' - True to enable a 30-day migration period during which administrators can
-- create role mappings. Only necessary when
-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing enabling fine-grained access control on an existing domain>.
--
-- 'enabled', 'advancedSecurityOptionsInput_enabled' - True to enable fine-grained access control.
--
-- 'internalUserDatabaseEnabled', 'advancedSecurityOptionsInput_internalUserDatabaseEnabled' - True to enable the internal user database.
--
-- 'masterUserOptions', 'advancedSecurityOptionsInput_masterUserOptions' - Container for information about the master user.
--
-- 'sAMLOptions', 'advancedSecurityOptionsInput_sAMLOptions' - Container for information about the SAML configuration for OpenSearch
-- Dashboards.
newAdvancedSecurityOptionsInput ::
  AdvancedSecurityOptionsInput
newAdvancedSecurityOptionsInput =
  AdvancedSecurityOptionsInput'
    { anonymousAuthEnabled =
        Prelude.Nothing,
      enabled = Prelude.Nothing,
      internalUserDatabaseEnabled = Prelude.Nothing,
      masterUserOptions = Prelude.Nothing,
      sAMLOptions = Prelude.Nothing
    }

-- | True to enable a 30-day migration period during which administrators can
-- create role mappings. Only necessary when
-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing enabling fine-grained access control on an existing domain>.
advancedSecurityOptionsInput_anonymousAuthEnabled :: Lens.Lens' AdvancedSecurityOptionsInput (Prelude.Maybe Prelude.Bool)
advancedSecurityOptionsInput_anonymousAuthEnabled = Lens.lens (\AdvancedSecurityOptionsInput' {anonymousAuthEnabled} -> anonymousAuthEnabled) (\s@AdvancedSecurityOptionsInput' {} a -> s {anonymousAuthEnabled = a} :: AdvancedSecurityOptionsInput)

-- | True to enable fine-grained access control.
advancedSecurityOptionsInput_enabled :: Lens.Lens' AdvancedSecurityOptionsInput (Prelude.Maybe Prelude.Bool)
advancedSecurityOptionsInput_enabled = Lens.lens (\AdvancedSecurityOptionsInput' {enabled} -> enabled) (\s@AdvancedSecurityOptionsInput' {} a -> s {enabled = a} :: AdvancedSecurityOptionsInput)

-- | True to enable the internal user database.
advancedSecurityOptionsInput_internalUserDatabaseEnabled :: Lens.Lens' AdvancedSecurityOptionsInput (Prelude.Maybe Prelude.Bool)
advancedSecurityOptionsInput_internalUserDatabaseEnabled = Lens.lens (\AdvancedSecurityOptionsInput' {internalUserDatabaseEnabled} -> internalUserDatabaseEnabled) (\s@AdvancedSecurityOptionsInput' {} a -> s {internalUserDatabaseEnabled = a} :: AdvancedSecurityOptionsInput)

-- | Container for information about the master user.
advancedSecurityOptionsInput_masterUserOptions :: Lens.Lens' AdvancedSecurityOptionsInput (Prelude.Maybe MasterUserOptions)
advancedSecurityOptionsInput_masterUserOptions = Lens.lens (\AdvancedSecurityOptionsInput' {masterUserOptions} -> masterUserOptions) (\s@AdvancedSecurityOptionsInput' {} a -> s {masterUserOptions = a} :: AdvancedSecurityOptionsInput)

-- | Container for information about the SAML configuration for OpenSearch
-- Dashboards.
advancedSecurityOptionsInput_sAMLOptions :: Lens.Lens' AdvancedSecurityOptionsInput (Prelude.Maybe SAMLOptionsInput)
advancedSecurityOptionsInput_sAMLOptions = Lens.lens (\AdvancedSecurityOptionsInput' {sAMLOptions} -> sAMLOptions) (\s@AdvancedSecurityOptionsInput' {} a -> s {sAMLOptions = a} :: AdvancedSecurityOptionsInput)

instance
  Prelude.Hashable
    AdvancedSecurityOptionsInput
  where
  hashWithSalt _salt AdvancedSecurityOptionsInput' {..} =
    _salt
      `Prelude.hashWithSalt` anonymousAuthEnabled
      `Prelude.hashWithSalt` enabled
      `Prelude.hashWithSalt` internalUserDatabaseEnabled
      `Prelude.hashWithSalt` masterUserOptions
      `Prelude.hashWithSalt` sAMLOptions

instance Prelude.NFData AdvancedSecurityOptionsInput where
  rnf AdvancedSecurityOptionsInput' {..} =
    Prelude.rnf anonymousAuthEnabled
      `Prelude.seq` Prelude.rnf enabled
      `Prelude.seq` Prelude.rnf internalUserDatabaseEnabled
      `Prelude.seq` Prelude.rnf masterUserOptions
      `Prelude.seq` Prelude.rnf sAMLOptions

instance Data.ToJSON AdvancedSecurityOptionsInput where
  toJSON AdvancedSecurityOptionsInput' {..} =
    Data.object
      ( Prelude.catMaybes
          [ ("AnonymousAuthEnabled" Data..=)
              Prelude.<$> anonymousAuthEnabled,
            ("Enabled" Data..=) Prelude.<$> enabled,
            ("InternalUserDatabaseEnabled" Data..=)
              Prelude.<$> internalUserDatabaseEnabled,
            ("MasterUserOptions" Data..=)
              Prelude.<$> masterUserOptions,
            ("SAMLOptions" Data..=) Prelude.<$> sAMLOptions
          ]
      )