{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.SSO.GetRoleCredentials
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns the STS short-term credentials for a given role name that is
-- assigned to the user.
module Amazonka.SSO.GetRoleCredentials
  ( -- * Creating a Request
    GetRoleCredentials (..),
    newGetRoleCredentials,

    -- * Request Lenses
    getRoleCredentials_roleName,
    getRoleCredentials_accountId,
    getRoleCredentials_accessToken,

    -- * Destructuring the Response
    GetRoleCredentialsResponse (..),
    newGetRoleCredentialsResponse,

    -- * Response Lenses
    getRoleCredentialsResponse_httpStatus,
    getRoleCredentialsResponse_roleCredentials,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.SSO.Types

-- | /See:/ 'newGetRoleCredentials' smart constructor.
data GetRoleCredentials = GetRoleCredentials'
  { -- | The friendly name of the role that is assigned to the user.
    GetRoleCredentials -> Text
roleName :: Prelude.Text,
    -- | The identifier for the AWS account that is assigned to the user.
    GetRoleCredentials -> Text
accountId :: Prelude.Text,
    -- | The token issued by the @CreateToken@ API call. For more information,
    -- see
    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
    -- in the /IAM Identity Center OIDC API Reference Guide/.
    GetRoleCredentials -> Sensitive Text
accessToken :: Data.Sensitive Prelude.Text
  }
  deriving (GetRoleCredentials -> GetRoleCredentials -> Bool
(GetRoleCredentials -> GetRoleCredentials -> Bool)
-> (GetRoleCredentials -> GetRoleCredentials -> Bool)
-> Eq GetRoleCredentials
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: GetRoleCredentials -> GetRoleCredentials -> Bool
== :: GetRoleCredentials -> GetRoleCredentials -> Bool
$c/= :: GetRoleCredentials -> GetRoleCredentials -> Bool
/= :: GetRoleCredentials -> GetRoleCredentials -> Bool
Prelude.Eq, Int -> GetRoleCredentials -> ShowS
[GetRoleCredentials] -> ShowS
GetRoleCredentials -> String
(Int -> GetRoleCredentials -> ShowS)
-> (GetRoleCredentials -> String)
-> ([GetRoleCredentials] -> ShowS)
-> Show GetRoleCredentials
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> GetRoleCredentials -> ShowS
showsPrec :: Int -> GetRoleCredentials -> ShowS
$cshow :: GetRoleCredentials -> String
show :: GetRoleCredentials -> String
$cshowList :: [GetRoleCredentials] -> ShowS
showList :: [GetRoleCredentials] -> ShowS
Prelude.Show, (forall x. GetRoleCredentials -> Rep GetRoleCredentials x)
-> (forall x. Rep GetRoleCredentials x -> GetRoleCredentials)
-> Generic GetRoleCredentials
forall x. Rep GetRoleCredentials x -> GetRoleCredentials
forall x. GetRoleCredentials -> Rep GetRoleCredentials x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cfrom :: forall x. GetRoleCredentials -> Rep GetRoleCredentials x
from :: forall x. GetRoleCredentials -> Rep GetRoleCredentials x
$cto :: forall x. Rep GetRoleCredentials x -> GetRoleCredentials
to :: forall x. Rep GetRoleCredentials x -> GetRoleCredentials
Prelude.Generic)

-- |
-- Create a value of 'GetRoleCredentials' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'roleName', 'getRoleCredentials_roleName' - The friendly name of the role that is assigned to the user.
--
-- 'accountId', 'getRoleCredentials_accountId' - The identifier for the AWS account that is assigned to the user.
--
-- 'accessToken', 'getRoleCredentials_accessToken' - The token issued by the @CreateToken@ API call. For more information,
-- see
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
-- in the /IAM Identity Center OIDC API Reference Guide/.
newGetRoleCredentials ::
  -- | 'roleName'
  Prelude.Text ->
  -- | 'accountId'
  Prelude.Text ->
  -- | 'accessToken'
  Prelude.Text ->
  GetRoleCredentials
newGetRoleCredentials :: Text -> Text -> Text -> GetRoleCredentials
newGetRoleCredentials
  Text
pRoleName_
  Text
pAccountId_
  Text
pAccessToken_ =
    GetRoleCredentials'
      { $sel:roleName:GetRoleCredentials' :: Text
roleName = Text
pRoleName_,
        $sel:accountId:GetRoleCredentials' :: Text
accountId = Text
pAccountId_,
        $sel:accessToken:GetRoleCredentials' :: Sensitive Text
accessToken = Tagged Text (Identity Text)
-> Tagged (Sensitive Text) (Identity (Sensitive Text))
forall a (p :: * -> * -> *) (f :: * -> *).
(Profunctor p, Functor f) =>
p a (f a) -> p (Sensitive a) (f (Sensitive a))
Data._Sensitive (Tagged Text (Identity Text)
 -> Tagged (Sensitive Text) (Identity (Sensitive Text)))
-> Text -> Sensitive Text
forall t b. AReview t b -> b -> t
Lens.# Text
pAccessToken_
      }

-- | The friendly name of the role that is assigned to the user.
getRoleCredentials_roleName :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_roleName :: Lens' GetRoleCredentials Text
getRoleCredentials_roleName = (GetRoleCredentials -> Text)
-> (GetRoleCredentials -> Text -> GetRoleCredentials)
-> Lens' GetRoleCredentials Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
roleName :: Text
roleName} -> Text
roleName) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Text
a -> GetRoleCredentials
s {roleName = a} :: GetRoleCredentials)

-- | The identifier for the AWS account that is assigned to the user.
getRoleCredentials_accountId :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_accountId :: Lens' GetRoleCredentials Text
getRoleCredentials_accountId = (GetRoleCredentials -> Text)
-> (GetRoleCredentials -> Text -> GetRoleCredentials)
-> Lens' GetRoleCredentials Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
accountId :: Text
accountId} -> Text
accountId) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Text
a -> GetRoleCredentials
s {accountId = a} :: GetRoleCredentials)

-- | The token issued by the @CreateToken@ API call. For more information,
-- see
-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
-- in the /IAM Identity Center OIDC API Reference Guide/.
getRoleCredentials_accessToken :: Lens.Lens' GetRoleCredentials Prelude.Text
getRoleCredentials_accessToken :: Lens' GetRoleCredentials Text
getRoleCredentials_accessToken = (GetRoleCredentials -> Sensitive Text)
-> (GetRoleCredentials -> Sensitive Text -> GetRoleCredentials)
-> Lens
     GetRoleCredentials
     GetRoleCredentials
     (Sensitive Text)
     (Sensitive Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentials' {Sensitive Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
accessToken :: Sensitive Text
accessToken} -> Sensitive Text
accessToken) (\s :: GetRoleCredentials
s@GetRoleCredentials' {} Sensitive Text
a -> GetRoleCredentials
s {accessToken = a} :: GetRoleCredentials) ((Sensitive Text -> f (Sensitive Text))
 -> GetRoleCredentials -> f GetRoleCredentials)
-> ((Text -> f Text) -> Sensitive Text -> f (Sensitive Text))
-> (Text -> f Text)
-> GetRoleCredentials
-> f GetRoleCredentials
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. (Text -> f Text) -> Sensitive Text -> f (Sensitive Text)
forall a (p :: * -> * -> *) (f :: * -> *).
(Profunctor p, Functor f) =>
p a (f a) -> p (Sensitive a) (f (Sensitive a))
Data._Sensitive

instance Core.AWSRequest GetRoleCredentials where
  type
    AWSResponse GetRoleCredentials =
      GetRoleCredentialsResponse
  request :: (Service -> Service)
-> GetRoleCredentials -> Request GetRoleCredentials
request Service -> Service
overrides =
    Service -> GetRoleCredentials -> Request GetRoleCredentials
forall a. ToRequest a => Service -> a -> Request a
Request.get (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy GetRoleCredentials
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse GetRoleCredentials)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse GetRoleCredentials))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy GetRoleCredentials
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse GetRoleCredentials)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Int -> RoleCredentials -> GetRoleCredentialsResponse
GetRoleCredentialsResponse'
            (Int -> RoleCredentials -> GetRoleCredentialsResponse)
-> Either String Int
-> Either String (RoleCredentials -> GetRoleCredentialsResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Int -> Either String Int
forall a. a -> Either String a
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
            Either String (RoleCredentials -> GetRoleCredentialsResponse)
-> Either String RoleCredentials
-> Either String GetRoleCredentialsResponse
forall a b.
Either String (a -> b) -> Either String a -> Either String b
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Key -> Either String RoleCredentials
forall a. FromJSON a => Object -> Key -> Either String a
Data..:> Key
"roleCredentials")
      )

instance Prelude.Hashable GetRoleCredentials where
  hashWithSalt :: Int -> GetRoleCredentials -> Int
hashWithSalt Int
_salt GetRoleCredentials' {Text
Sensitive Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
roleName :: Text
accountId :: Text
accessToken :: Sensitive Text
..} =
    Int
_salt
      Int -> Text -> Int
forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
roleName
      Int -> Text -> Int
forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
accountId
      Int -> Sensitive Text -> Int
forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Sensitive Text
accessToken

instance Prelude.NFData GetRoleCredentials where
  rnf :: GetRoleCredentials -> ()
rnf GetRoleCredentials' {Text
Sensitive Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
roleName :: Text
accountId :: Text
accessToken :: Sensitive Text
..} =
    Text -> ()
forall a. NFData a => a -> ()
Prelude.rnf Text
roleName
      () -> () -> ()
forall a b. a -> b -> b
`Prelude.seq` Text -> ()
forall a. NFData a => a -> ()
Prelude.rnf Text
accountId
      () -> () -> ()
forall a b. a -> b -> b
`Prelude.seq` Sensitive Text -> ()
forall a. NFData a => a -> ()
Prelude.rnf Sensitive Text
accessToken

instance Data.ToHeaders GetRoleCredentials where
  toHeaders :: GetRoleCredentials -> ResponseHeaders
toHeaders GetRoleCredentials' {Text
Sensitive Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
roleName :: Text
accountId :: Text
accessToken :: Sensitive Text
..} =
    [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ HeaderName
"x-amz-sso_bearer_token" HeaderName -> Sensitive Text -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# Sensitive Text
accessToken,
        HeaderName
"Content-Type"
          HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# (ByteString
"application/x-amz-json-1.1" :: Prelude.ByteString)
      ]

instance Data.ToPath GetRoleCredentials where
  toPath :: GetRoleCredentials -> ByteString
toPath = ByteString -> GetRoleCredentials -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/federation/credentials"

instance Data.ToQuery GetRoleCredentials where
  toQuery :: GetRoleCredentials -> QueryString
toQuery GetRoleCredentials' {Text
Sensitive Text
$sel:roleName:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:accountId:GetRoleCredentials' :: GetRoleCredentials -> Text
$sel:accessToken:GetRoleCredentials' :: GetRoleCredentials -> Sensitive Text
roleName :: Text
accountId :: Text
accessToken :: Sensitive Text
..} =
    [QueryString] -> QueryString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"role_name" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
roleName,
        ByteString
"account_id" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
accountId
      ]

-- | /See:/ 'newGetRoleCredentialsResponse' smart constructor.
data GetRoleCredentialsResponse = GetRoleCredentialsResponse'
  { -- | The response's http status code.
    GetRoleCredentialsResponse -> Int
httpStatus :: Prelude.Int,
    -- | The credentials for the role that is assigned to the user.
    GetRoleCredentialsResponse -> RoleCredentials
roleCredentials :: RoleCredentials
  }
  deriving (GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
(GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool)
-> (GetRoleCredentialsResponse
    -> GetRoleCredentialsResponse -> Bool)
-> Eq GetRoleCredentialsResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
== :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
$c/= :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
/= :: GetRoleCredentialsResponse -> GetRoleCredentialsResponse -> Bool
Prelude.Eq, Int -> GetRoleCredentialsResponse -> ShowS
[GetRoleCredentialsResponse] -> ShowS
GetRoleCredentialsResponse -> String
(Int -> GetRoleCredentialsResponse -> ShowS)
-> (GetRoleCredentialsResponse -> String)
-> ([GetRoleCredentialsResponse] -> ShowS)
-> Show GetRoleCredentialsResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> GetRoleCredentialsResponse -> ShowS
showsPrec :: Int -> GetRoleCredentialsResponse -> ShowS
$cshow :: GetRoleCredentialsResponse -> String
show :: GetRoleCredentialsResponse -> String
$cshowList :: [GetRoleCredentialsResponse] -> ShowS
showList :: [GetRoleCredentialsResponse] -> ShowS
Prelude.Show, (forall x.
 GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x)
-> (forall x.
    Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse)
-> Generic GetRoleCredentialsResponse
forall x.
Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse
forall x.
GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cfrom :: forall x.
GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x
from :: forall x.
GetRoleCredentialsResponse -> Rep GetRoleCredentialsResponse x
$cto :: forall x.
Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse
to :: forall x.
Rep GetRoleCredentialsResponse x -> GetRoleCredentialsResponse
Prelude.Generic)

-- |
-- Create a value of 'GetRoleCredentialsResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'getRoleCredentialsResponse_httpStatus' - The response's http status code.
--
-- 'roleCredentials', 'getRoleCredentialsResponse_roleCredentials' - The credentials for the role that is assigned to the user.
newGetRoleCredentialsResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  -- | 'roleCredentials'
  RoleCredentials ->
  GetRoleCredentialsResponse
newGetRoleCredentialsResponse :: Int -> RoleCredentials -> GetRoleCredentialsResponse
newGetRoleCredentialsResponse
  Int
pHttpStatus_
  RoleCredentials
pRoleCredentials_ =
    GetRoleCredentialsResponse'
      { $sel:httpStatus:GetRoleCredentialsResponse' :: Int
httpStatus =
          Int
pHttpStatus_,
        $sel:roleCredentials:GetRoleCredentialsResponse' :: RoleCredentials
roleCredentials = RoleCredentials
pRoleCredentials_
      }

-- | The response's http status code.
getRoleCredentialsResponse_httpStatus :: Lens.Lens' GetRoleCredentialsResponse Prelude.Int
getRoleCredentialsResponse_httpStatus :: Lens' GetRoleCredentialsResponse Int
getRoleCredentialsResponse_httpStatus = (GetRoleCredentialsResponse -> Int)
-> (GetRoleCredentialsResponse
    -> Int -> GetRoleCredentialsResponse)
-> Lens' GetRoleCredentialsResponse Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentialsResponse' {Int
$sel:httpStatus:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> Int
httpStatus :: Int
httpStatus} -> Int
httpStatus) (\s :: GetRoleCredentialsResponse
s@GetRoleCredentialsResponse' {} Int
a -> GetRoleCredentialsResponse
s {httpStatus = a} :: GetRoleCredentialsResponse)

-- | The credentials for the role that is assigned to the user.
getRoleCredentialsResponse_roleCredentials :: Lens.Lens' GetRoleCredentialsResponse RoleCredentials
getRoleCredentialsResponse_roleCredentials :: Lens' GetRoleCredentialsResponse RoleCredentials
getRoleCredentialsResponse_roleCredentials = (GetRoleCredentialsResponse -> RoleCredentials)
-> (GetRoleCredentialsResponse
    -> RoleCredentials -> GetRoleCredentialsResponse)
-> Lens' GetRoleCredentialsResponse RoleCredentials
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetRoleCredentialsResponse' {RoleCredentials
$sel:roleCredentials:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> RoleCredentials
roleCredentials :: RoleCredentials
roleCredentials} -> RoleCredentials
roleCredentials) (\s :: GetRoleCredentialsResponse
s@GetRoleCredentialsResponse' {} RoleCredentials
a -> GetRoleCredentialsResponse
s {roleCredentials = a} :: GetRoleCredentialsResponse)

instance Prelude.NFData GetRoleCredentialsResponse where
  rnf :: GetRoleCredentialsResponse -> ()
rnf GetRoleCredentialsResponse' {Int
RoleCredentials
$sel:httpStatus:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> Int
$sel:roleCredentials:GetRoleCredentialsResponse' :: GetRoleCredentialsResponse -> RoleCredentials
httpStatus :: Int
roleCredentials :: RoleCredentials
..} =
    Int -> ()
forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus
      () -> () -> ()
forall a b. a -> b -> b
`Prelude.seq` RoleCredentials -> ()
forall a. NFData a => a -> ()
Prelude.rnf RoleCredentials
roleCredentials