{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.STS.DecodeAuthorizationMessage
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Decodes additional information about the authorization status of a
-- request from an encoded message returned in response to an Amazon Web
-- Services request.
--
-- For example, if a user is not authorized to perform an operation that he
-- or she has requested, the request returns a
-- @Client.UnauthorizedOperation@ response (an HTTP 403 response). Some
-- Amazon Web Services operations additionally return an encoded message
-- that can provide details about this authorization failure.
--
-- Only certain Amazon Web Services operations return an encoded
-- authorization message. The documentation for an individual operation
-- indicates whether that operation returns an encoded message in addition
-- to returning an HTTP code.
--
-- The message is encoded because the details of the authorization status
-- can contain privileged information that the user who requested the
-- operation should not see. To decode an authorization status message, a
-- user must be granted permissions through an IAM
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html policy>
-- to request the @DecodeAuthorizationMessage@
-- (@sts:DecodeAuthorizationMessage@) action.
--
-- The decoded message includes the following type of information:
--
-- -   Whether the request was denied due to an explicit deny or due to the
--     absence of an explicit allow. For more information, see
--     <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow Determining Whether a Request is Allowed or Denied>
--     in the /IAM User Guide/.
--
-- -   The principal who made the request.
--
-- -   The requested action.
--
-- -   The requested resource.
--
-- -   The values of condition keys in the context of the user\'s request.
module Amazonka.STS.DecodeAuthorizationMessage
  ( -- * Creating a Request
    DecodeAuthorizationMessage (..),
    newDecodeAuthorizationMessage,

    -- * Request Lenses
    decodeAuthorizationMessage_encodedMessage,

    -- * Destructuring the Response
    DecodeAuthorizationMessageResponse (..),
    newDecodeAuthorizationMessageResponse,

    -- * Response Lenses
    decodeAuthorizationMessageResponse_decodedMessage,
    decodeAuthorizationMessageResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.STS.Types

-- | /See:/ 'newDecodeAuthorizationMessage' smart constructor.
data DecodeAuthorizationMessage = DecodeAuthorizationMessage'
  { -- | The encoded message that was returned with the response.
    DecodeAuthorizationMessage -> Text
encodedMessage :: Prelude.Text
  }
  deriving (DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
(DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool)
-> (DecodeAuthorizationMessage
    -> DecodeAuthorizationMessage -> Bool)
-> Eq DecodeAuthorizationMessage
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
== :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
$c/= :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
/= :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool
Prelude.Eq, ReadPrec [DecodeAuthorizationMessage]
ReadPrec DecodeAuthorizationMessage
Int -> ReadS DecodeAuthorizationMessage
ReadS [DecodeAuthorizationMessage]
(Int -> ReadS DecodeAuthorizationMessage)
-> ReadS [DecodeAuthorizationMessage]
-> ReadPrec DecodeAuthorizationMessage
-> ReadPrec [DecodeAuthorizationMessage]
-> Read DecodeAuthorizationMessage
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
$creadsPrec :: Int -> ReadS DecodeAuthorizationMessage
readsPrec :: Int -> ReadS DecodeAuthorizationMessage
$creadList :: ReadS [DecodeAuthorizationMessage]
readList :: ReadS [DecodeAuthorizationMessage]
$creadPrec :: ReadPrec DecodeAuthorizationMessage
readPrec :: ReadPrec DecodeAuthorizationMessage
$creadListPrec :: ReadPrec [DecodeAuthorizationMessage]
readListPrec :: ReadPrec [DecodeAuthorizationMessage]
Prelude.Read, Int -> DecodeAuthorizationMessage -> ShowS
[DecodeAuthorizationMessage] -> ShowS
DecodeAuthorizationMessage -> String
(Int -> DecodeAuthorizationMessage -> ShowS)
-> (DecodeAuthorizationMessage -> String)
-> ([DecodeAuthorizationMessage] -> ShowS)
-> Show DecodeAuthorizationMessage
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> DecodeAuthorizationMessage -> ShowS
showsPrec :: Int -> DecodeAuthorizationMessage -> ShowS
$cshow :: DecodeAuthorizationMessage -> String
show :: DecodeAuthorizationMessage -> String
$cshowList :: [DecodeAuthorizationMessage] -> ShowS
showList :: [DecodeAuthorizationMessage] -> ShowS
Prelude.Show, (forall x.
 DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x)
-> (forall x.
    Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage)
-> Generic DecodeAuthorizationMessage
forall x.
Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage
forall x.
DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cfrom :: forall x.
DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x
from :: forall x.
DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x
$cto :: forall x.
Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage
to :: forall x.
Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage
Prelude.Generic)

-- |
-- Create a value of 'DecodeAuthorizationMessage' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'encodedMessage', 'decodeAuthorizationMessage_encodedMessage' - The encoded message that was returned with the response.
newDecodeAuthorizationMessage ::
  -- | 'encodedMessage'
  Prelude.Text ->
  DecodeAuthorizationMessage
newDecodeAuthorizationMessage :: Text -> DecodeAuthorizationMessage
newDecodeAuthorizationMessage Text
pEncodedMessage_ =
  DecodeAuthorizationMessage'
    { $sel:encodedMessage:DecodeAuthorizationMessage' :: Text
encodedMessage =
        Text
pEncodedMessage_
    }

-- | The encoded message that was returned with the response.
decodeAuthorizationMessage_encodedMessage :: Lens.Lens' DecodeAuthorizationMessage Prelude.Text
decodeAuthorizationMessage_encodedMessage :: Lens' DecodeAuthorizationMessage Text
decodeAuthorizationMessage_encodedMessage = (DecodeAuthorizationMessage -> Text)
-> (DecodeAuthorizationMessage
    -> Text -> DecodeAuthorizationMessage)
-> Lens' DecodeAuthorizationMessage Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessage' {Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
encodedMessage :: Text
encodedMessage} -> Text
encodedMessage) (\s :: DecodeAuthorizationMessage
s@DecodeAuthorizationMessage' {} Text
a -> DecodeAuthorizationMessage
s {encodedMessage = a} :: DecodeAuthorizationMessage)

instance Core.AWSRequest DecodeAuthorizationMessage where
  type
    AWSResponse DecodeAuthorizationMessage =
      DecodeAuthorizationMessageResponse
  request :: (Service -> Service)
-> DecodeAuthorizationMessage -> Request DecodeAuthorizationMessage
request Service -> Service
overrides =
    Service
-> DecodeAuthorizationMessage -> Request DecodeAuthorizationMessage
forall a. ToRequest a => Service -> a -> Request a
Request.postQuery (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy DecodeAuthorizationMessage
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse DecodeAuthorizationMessage)))
response =
    Text
-> (Int
    -> ResponseHeaders
    -> [Node]
    -> Either String (AWSResponse DecodeAuthorizationMessage))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy DecodeAuthorizationMessage
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse DecodeAuthorizationMessage)))
forall (m :: * -> *) a.
MonadResource m =>
Text
-> (Int
    -> ResponseHeaders -> [Node] -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveXMLWrapper
      Text
"DecodeAuthorizationMessageResult"
      ( \Int
s ResponseHeaders
h [Node]
x ->
          Maybe Text -> Int -> DecodeAuthorizationMessageResponse
DecodeAuthorizationMessageResponse'
            (Maybe Text -> Int -> DecodeAuthorizationMessageResponse)
-> Either String (Maybe Text)
-> Either String (Int -> DecodeAuthorizationMessageResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"DecodedMessage")
            Either String (Int -> DecodeAuthorizationMessageResponse)
-> Either String Int
-> Either String DecodeAuthorizationMessageResponse
forall a b.
Either String (a -> b) -> Either String a -> Either String b
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall a. a -> Either String a
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable DecodeAuthorizationMessage where
  hashWithSalt :: Int -> DecodeAuthorizationMessage -> Int
hashWithSalt Int
_salt DecodeAuthorizationMessage' {Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
encodedMessage :: Text
..} =
    Int
_salt Int -> Text -> Int
forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
encodedMessage

instance Prelude.NFData DecodeAuthorizationMessage where
  rnf :: DecodeAuthorizationMessage -> ()
rnf DecodeAuthorizationMessage' {Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
encodedMessage :: Text
..} =
    Text -> ()
forall a. NFData a => a -> ()
Prelude.rnf Text
encodedMessage

instance Data.ToHeaders DecodeAuthorizationMessage where
  toHeaders :: DecodeAuthorizationMessage -> ResponseHeaders
toHeaders = ResponseHeaders -> DecodeAuthorizationMessage -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const ResponseHeaders
forall a. Monoid a => a
Prelude.mempty

instance Data.ToPath DecodeAuthorizationMessage where
  toPath :: DecodeAuthorizationMessage -> ByteString
toPath = ByteString -> DecodeAuthorizationMessage -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery DecodeAuthorizationMessage where
  toQuery :: DecodeAuthorizationMessage -> QueryString
toQuery DecodeAuthorizationMessage' {Text
$sel:encodedMessage:DecodeAuthorizationMessage' :: DecodeAuthorizationMessage -> Text
encodedMessage :: Text
..} =
    [QueryString] -> QueryString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"Action"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: (ByteString
"DecodeAuthorizationMessage" :: Prelude.ByteString),
        ByteString
"Version"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: (ByteString
"2011-06-15" :: Prelude.ByteString),
        ByteString
"EncodedMessage" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
encodedMessage
      ]

-- | A document that contains additional information about the authorization
-- status of a request from an encoded message that is returned in response
-- to an Amazon Web Services request.
--
-- /See:/ 'newDecodeAuthorizationMessageResponse' smart constructor.
data DecodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse'
  { -- | The API returns a response with the decoded message.
    DecodeAuthorizationMessageResponse -> Maybe Text
decodedMessage :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    DecodeAuthorizationMessageResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
(DecodeAuthorizationMessageResponse
 -> DecodeAuthorizationMessageResponse -> Bool)
-> (DecodeAuthorizationMessageResponse
    -> DecodeAuthorizationMessageResponse -> Bool)
-> Eq DecodeAuthorizationMessageResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
== :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
$c/= :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
/= :: DecodeAuthorizationMessageResponse
-> DecodeAuthorizationMessageResponse -> Bool
Prelude.Eq, ReadPrec [DecodeAuthorizationMessageResponse]
ReadPrec DecodeAuthorizationMessageResponse
Int -> ReadS DecodeAuthorizationMessageResponse
ReadS [DecodeAuthorizationMessageResponse]
(Int -> ReadS DecodeAuthorizationMessageResponse)
-> ReadS [DecodeAuthorizationMessageResponse]
-> ReadPrec DecodeAuthorizationMessageResponse
-> ReadPrec [DecodeAuthorizationMessageResponse]
-> Read DecodeAuthorizationMessageResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
$creadsPrec :: Int -> ReadS DecodeAuthorizationMessageResponse
readsPrec :: Int -> ReadS DecodeAuthorizationMessageResponse
$creadList :: ReadS [DecodeAuthorizationMessageResponse]
readList :: ReadS [DecodeAuthorizationMessageResponse]
$creadPrec :: ReadPrec DecodeAuthorizationMessageResponse
readPrec :: ReadPrec DecodeAuthorizationMessageResponse
$creadListPrec :: ReadPrec [DecodeAuthorizationMessageResponse]
readListPrec :: ReadPrec [DecodeAuthorizationMessageResponse]
Prelude.Read, Int -> DecodeAuthorizationMessageResponse -> ShowS
[DecodeAuthorizationMessageResponse] -> ShowS
DecodeAuthorizationMessageResponse -> String
(Int -> DecodeAuthorizationMessageResponse -> ShowS)
-> (DecodeAuthorizationMessageResponse -> String)
-> ([DecodeAuthorizationMessageResponse] -> ShowS)
-> Show DecodeAuthorizationMessageResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> DecodeAuthorizationMessageResponse -> ShowS
showsPrec :: Int -> DecodeAuthorizationMessageResponse -> ShowS
$cshow :: DecodeAuthorizationMessageResponse -> String
show :: DecodeAuthorizationMessageResponse -> String
$cshowList :: [DecodeAuthorizationMessageResponse] -> ShowS
showList :: [DecodeAuthorizationMessageResponse] -> ShowS
Prelude.Show, (forall x.
 DecodeAuthorizationMessageResponse
 -> Rep DecodeAuthorizationMessageResponse x)
-> (forall x.
    Rep DecodeAuthorizationMessageResponse x
    -> DecodeAuthorizationMessageResponse)
-> Generic DecodeAuthorizationMessageResponse
forall x.
Rep DecodeAuthorizationMessageResponse x
-> DecodeAuthorizationMessageResponse
forall x.
DecodeAuthorizationMessageResponse
-> Rep DecodeAuthorizationMessageResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cfrom :: forall x.
DecodeAuthorizationMessageResponse
-> Rep DecodeAuthorizationMessageResponse x
from :: forall x.
DecodeAuthorizationMessageResponse
-> Rep DecodeAuthorizationMessageResponse x
$cto :: forall x.
Rep DecodeAuthorizationMessageResponse x
-> DecodeAuthorizationMessageResponse
to :: forall x.
Rep DecodeAuthorizationMessageResponse x
-> DecodeAuthorizationMessageResponse
Prelude.Generic)

-- |
-- Create a value of 'DecodeAuthorizationMessageResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'decodedMessage', 'decodeAuthorizationMessageResponse_decodedMessage' - The API returns a response with the decoded message.
--
-- 'httpStatus', 'decodeAuthorizationMessageResponse_httpStatus' - The response's http status code.
newDecodeAuthorizationMessageResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  DecodeAuthorizationMessageResponse
newDecodeAuthorizationMessageResponse :: Int -> DecodeAuthorizationMessageResponse
newDecodeAuthorizationMessageResponse Int
pHttpStatus_ =
  DecodeAuthorizationMessageResponse'
    { $sel:decodedMessage:DecodeAuthorizationMessageResponse' :: Maybe Text
decodedMessage =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:DecodeAuthorizationMessageResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The API returns a response with the decoded message.
decodeAuthorizationMessageResponse_decodedMessage :: Lens.Lens' DecodeAuthorizationMessageResponse (Prelude.Maybe Prelude.Text)
decodeAuthorizationMessageResponse_decodedMessage :: Lens' DecodeAuthorizationMessageResponse (Maybe Text)
decodeAuthorizationMessageResponse_decodedMessage = (DecodeAuthorizationMessageResponse -> Maybe Text)
-> (DecodeAuthorizationMessageResponse
    -> Maybe Text -> DecodeAuthorizationMessageResponse)
-> Lens' DecodeAuthorizationMessageResponse (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessageResponse' {Maybe Text
$sel:decodedMessage:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Maybe Text
decodedMessage :: Maybe Text
decodedMessage} -> Maybe Text
decodedMessage) (\s :: DecodeAuthorizationMessageResponse
s@DecodeAuthorizationMessageResponse' {} Maybe Text
a -> DecodeAuthorizationMessageResponse
s {decodedMessage = a} :: DecodeAuthorizationMessageResponse)

-- | The response's http status code.
decodeAuthorizationMessageResponse_httpStatus :: Lens.Lens' DecodeAuthorizationMessageResponse Prelude.Int
decodeAuthorizationMessageResponse_httpStatus :: Lens' DecodeAuthorizationMessageResponse Int
decodeAuthorizationMessageResponse_httpStatus = (DecodeAuthorizationMessageResponse -> Int)
-> (DecodeAuthorizationMessageResponse
    -> Int -> DecodeAuthorizationMessageResponse)
-> Lens' DecodeAuthorizationMessageResponse Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\DecodeAuthorizationMessageResponse' {Int
$sel:httpStatus:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Int
httpStatus :: Int
httpStatus} -> Int
httpStatus) (\s :: DecodeAuthorizationMessageResponse
s@DecodeAuthorizationMessageResponse' {} Int
a -> DecodeAuthorizationMessageResponse
s {httpStatus = a} :: DecodeAuthorizationMessageResponse)

instance
  Prelude.NFData
    DecodeAuthorizationMessageResponse
  where
  rnf :: DecodeAuthorizationMessageResponse -> ()
rnf DecodeAuthorizationMessageResponse' {Int
Maybe Text
$sel:decodedMessage:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Maybe Text
$sel:httpStatus:DecodeAuthorizationMessageResponse' :: DecodeAuthorizationMessageResponse -> Int
decodedMessage :: Maybe Text
httpStatus :: Int
..} =
    Maybe Text -> ()
forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
decodedMessage
      () -> () -> ()
forall a b. a -> b -> b
`Prelude.seq` Int -> ()
forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus