packages feed

amazonka-auditmanager-2.0: gen/Amazonka/AuditManager/Types/Evidence.hs

{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.AuditManager.Types.Evidence
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.AuditManager.Types.Evidence where

import Amazonka.AuditManager.Types.Resource
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude

-- | A record that contains the information needed to demonstrate compliance
-- with the requirements specified by a control. Examples of evidence
-- include change activity invoked by a user, or a system configuration
-- snapshot.
--
-- /See:/ 'newEvidence' smart constructor.
data Evidence = Evidence'
  { -- | Specifies whether the evidence is included in the assessment report.
    assessmentReportSelection :: Prelude.Maybe Prelude.Text,
    -- | The names and values that are used by the evidence event. This includes
    -- an attribute name (such as @allowUsersToChangePassword@) and value (such
    -- as @true@ or @false@).
    attributes :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | The identifier for the Amazon Web Services account.
    awsAccountId :: Prelude.Maybe Prelude.Text,
    -- | The Amazon Web Services account that the evidence is collected from, and
    -- its organization path.
    awsOrganization :: Prelude.Maybe Prelude.Text,
    -- | The evaluation status for automated evidence that falls under the
    -- compliance check category.
    --
    -- -   Audit Manager classes evidence as non-compliant if Security Hub
    --     reports a /Fail/ result, or if Config reports a /Non-compliant/
    --     result.
    --
    -- -   Audit Manager classes evidence as compliant if Security Hub reports
    --     a /Pass/ result, or if Config reports a /Compliant/ result.
    --
    -- -   If a compliance check isn\'t available or applicable, then no
    --     compliance evaluation can be made for that evidence. This is the
    --     case if the evidence uses Config or Security Hub as the underlying
    --     data source type, but those services aren\'t enabled. This is also
    --     the case if the evidence uses an underlying data source type that
    --     doesn\'t support compliance checks (such as manual evidence, Amazon
    --     Web Services API calls, or CloudTrail).
    complianceCheck :: Prelude.Maybe Prelude.Text,
    -- | The data source where the evidence was collected from.
    dataSource :: Prelude.Maybe Prelude.Text,
    -- | The name of the evidence event.
    eventName :: Prelude.Maybe Prelude.Text,
    -- | The Amazon Web Service that the evidence is collected from.
    eventSource :: Prelude.Maybe Prelude.Text,
    -- | The identifier for the Amazon Web Services account.
    evidenceAwsAccountId :: Prelude.Maybe Prelude.Text,
    -- | The type of automated evidence.
    evidenceByType :: Prelude.Maybe Prelude.Text,
    -- | The identifier for the folder that the evidence is stored in.
    evidenceFolderId :: Prelude.Maybe Prelude.Text,
    -- | The unique identifier for the IAM user or role that\'s associated with
    -- the evidence.
    iamId :: Prelude.Maybe Prelude.Text,
    -- | The identifier for the evidence.
    id :: Prelude.Maybe Prelude.Text,
    -- | The list of resources that are assessed to generate the evidence.
    resourcesIncluded :: Prelude.Maybe [Resource],
    -- | The timestamp that represents when the evidence was collected.
    time :: Prelude.Maybe Data.POSIX
  }
  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)

-- |
-- Create a value of 'Evidence' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'assessmentReportSelection', 'evidence_assessmentReportSelection' - Specifies whether the evidence is included in the assessment report.
--
-- 'attributes', 'evidence_attributes' - The names and values that are used by the evidence event. This includes
-- an attribute name (such as @allowUsersToChangePassword@) and value (such
-- as @true@ or @false@).
--
-- 'awsAccountId', 'evidence_awsAccountId' - The identifier for the Amazon Web Services account.
--
-- 'awsOrganization', 'evidence_awsOrganization' - The Amazon Web Services account that the evidence is collected from, and
-- its organization path.
--
-- 'complianceCheck', 'evidence_complianceCheck' - The evaluation status for automated evidence that falls under the
-- compliance check category.
--
-- -   Audit Manager classes evidence as non-compliant if Security Hub
--     reports a /Fail/ result, or if Config reports a /Non-compliant/
--     result.
--
-- -   Audit Manager classes evidence as compliant if Security Hub reports
--     a /Pass/ result, or if Config reports a /Compliant/ result.
--
-- -   If a compliance check isn\'t available or applicable, then no
--     compliance evaluation can be made for that evidence. This is the
--     case if the evidence uses Config or Security Hub as the underlying
--     data source type, but those services aren\'t enabled. This is also
--     the case if the evidence uses an underlying data source type that
--     doesn\'t support compliance checks (such as manual evidence, Amazon
--     Web Services API calls, or CloudTrail).
--
-- 'dataSource', 'evidence_dataSource' - The data source where the evidence was collected from.
--
-- 'eventName', 'evidence_eventName' - The name of the evidence event.
--
-- 'eventSource', 'evidence_eventSource' - The Amazon Web Service that the evidence is collected from.
--
-- 'evidenceAwsAccountId', 'evidence_evidenceAwsAccountId' - The identifier for the Amazon Web Services account.
--
-- 'evidenceByType', 'evidence_evidenceByType' - The type of automated evidence.
--
-- 'evidenceFolderId', 'evidence_evidenceFolderId' - The identifier for the folder that the evidence is stored in.
--
-- 'iamId', 'evidence_iamId' - The unique identifier for the IAM user or role that\'s associated with
-- the evidence.
--
-- 'id', 'evidence_id' - The identifier for the evidence.
--
-- 'resourcesIncluded', 'evidence_resourcesIncluded' - The list of resources that are assessed to generate the evidence.
--
-- 'time', 'evidence_time' - The timestamp that represents when the evidence was collected.
newEvidence ::
  Evidence
newEvidence =
  Evidence'
    { assessmentReportSelection =
        Prelude.Nothing,
      attributes = Prelude.Nothing,
      awsAccountId = Prelude.Nothing,
      awsOrganization = Prelude.Nothing,
      complianceCheck = Prelude.Nothing,
      dataSource = Prelude.Nothing,
      eventName = Prelude.Nothing,
      eventSource = Prelude.Nothing,
      evidenceAwsAccountId = Prelude.Nothing,
      evidenceByType = Prelude.Nothing,
      evidenceFolderId = Prelude.Nothing,
      iamId = Prelude.Nothing,
      id = Prelude.Nothing,
      resourcesIncluded = Prelude.Nothing,
      time = Prelude.Nothing
    }

-- | Specifies whether the evidence is included in the assessment report.
evidence_assessmentReportSelection :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_assessmentReportSelection = Lens.lens (\Evidence' {assessmentReportSelection} -> assessmentReportSelection) (\s@Evidence' {} a -> s {assessmentReportSelection = a} :: Evidence)

-- | The names and values that are used by the evidence event. This includes
-- an attribute name (such as @allowUsersToChangePassword@) and value (such
-- as @true@ or @false@).
evidence_attributes :: Lens.Lens' Evidence (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
evidence_attributes = Lens.lens (\Evidence' {attributes} -> attributes) (\s@Evidence' {} a -> s {attributes = a} :: Evidence) Prelude.. Lens.mapping Lens.coerced

-- | The identifier for the Amazon Web Services account.
evidence_awsAccountId :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_awsAccountId = Lens.lens (\Evidence' {awsAccountId} -> awsAccountId) (\s@Evidence' {} a -> s {awsAccountId = a} :: Evidence)

-- | The Amazon Web Services account that the evidence is collected from, and
-- its organization path.
evidence_awsOrganization :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_awsOrganization = Lens.lens (\Evidence' {awsOrganization} -> awsOrganization) (\s@Evidence' {} a -> s {awsOrganization = a} :: Evidence)

-- | The evaluation status for automated evidence that falls under the
-- compliance check category.
--
-- -   Audit Manager classes evidence as non-compliant if Security Hub
--     reports a /Fail/ result, or if Config reports a /Non-compliant/
--     result.
--
-- -   Audit Manager classes evidence as compliant if Security Hub reports
--     a /Pass/ result, or if Config reports a /Compliant/ result.
--
-- -   If a compliance check isn\'t available or applicable, then no
--     compliance evaluation can be made for that evidence. This is the
--     case if the evidence uses Config or Security Hub as the underlying
--     data source type, but those services aren\'t enabled. This is also
--     the case if the evidence uses an underlying data source type that
--     doesn\'t support compliance checks (such as manual evidence, Amazon
--     Web Services API calls, or CloudTrail).
evidence_complianceCheck :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_complianceCheck = Lens.lens (\Evidence' {complianceCheck} -> complianceCheck) (\s@Evidence' {} a -> s {complianceCheck = a} :: Evidence)

-- | The data source where the evidence was collected from.
evidence_dataSource :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_dataSource = Lens.lens (\Evidence' {dataSource} -> dataSource) (\s@Evidence' {} a -> s {dataSource = a} :: Evidence)

-- | The name of the evidence event.
evidence_eventName :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_eventName = Lens.lens (\Evidence' {eventName} -> eventName) (\s@Evidence' {} a -> s {eventName = a} :: Evidence)

-- | The Amazon Web Service that the evidence is collected from.
evidence_eventSource :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_eventSource = Lens.lens (\Evidence' {eventSource} -> eventSource) (\s@Evidence' {} a -> s {eventSource = a} :: Evidence)

-- | The identifier for the Amazon Web Services account.
evidence_evidenceAwsAccountId :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_evidenceAwsAccountId = Lens.lens (\Evidence' {evidenceAwsAccountId} -> evidenceAwsAccountId) (\s@Evidence' {} a -> s {evidenceAwsAccountId = a} :: Evidence)

-- | The type of automated evidence.
evidence_evidenceByType :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_evidenceByType = Lens.lens (\Evidence' {evidenceByType} -> evidenceByType) (\s@Evidence' {} a -> s {evidenceByType = a} :: Evidence)

-- | The identifier for the folder that the evidence is stored in.
evidence_evidenceFolderId :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_evidenceFolderId = Lens.lens (\Evidence' {evidenceFolderId} -> evidenceFolderId) (\s@Evidence' {} a -> s {evidenceFolderId = a} :: Evidence)

-- | The unique identifier for the IAM user or role that\'s associated with
-- the evidence.
evidence_iamId :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_iamId = Lens.lens (\Evidence' {iamId} -> iamId) (\s@Evidence' {} a -> s {iamId = a} :: Evidence)

-- | The identifier for the evidence.
evidence_id :: Lens.Lens' Evidence (Prelude.Maybe Prelude.Text)
evidence_id = Lens.lens (\Evidence' {id} -> id) (\s@Evidence' {} a -> s {id = a} :: Evidence)

-- | The list of resources that are assessed to generate the evidence.
evidence_resourcesIncluded :: Lens.Lens' Evidence (Prelude.Maybe [Resource])
evidence_resourcesIncluded = Lens.lens (\Evidence' {resourcesIncluded} -> resourcesIncluded) (\s@Evidence' {} a -> s {resourcesIncluded = a} :: Evidence) Prelude.. Lens.mapping Lens.coerced

-- | The timestamp that represents when the evidence was collected.
evidence_time :: Lens.Lens' Evidence (Prelude.Maybe Prelude.UTCTime)
evidence_time = Lens.lens (\Evidence' {time} -> time) (\s@Evidence' {} a -> s {time = a} :: Evidence) Prelude.. Lens.mapping Data._Time

instance Data.FromJSON Evidence where
  parseJSON =
    Data.withObject
      "Evidence"
      ( \x ->
          Evidence'
            Prelude.<$> (x Data..:? "assessmentReportSelection")
            Prelude.<*> (x Data..:? "attributes" Data..!= Prelude.mempty)
            Prelude.<*> (x Data..:? "awsAccountId")
            Prelude.<*> (x Data..:? "awsOrganization")
            Prelude.<*> (x Data..:? "complianceCheck")
            Prelude.<*> (x Data..:? "dataSource")
            Prelude.<*> (x Data..:? "eventName")
            Prelude.<*> (x Data..:? "eventSource")
            Prelude.<*> (x Data..:? "evidenceAwsAccountId")
            Prelude.<*> (x Data..:? "evidenceByType")
            Prelude.<*> (x Data..:? "evidenceFolderId")
            Prelude.<*> (x Data..:? "iamId")
            Prelude.<*> (x Data..:? "id")
            Prelude.<*> ( x
                            Data..:? "resourcesIncluded"
                            Data..!= Prelude.mempty
                        )
            Prelude.<*> (x Data..:? "time")
      )

instance Prelude.Hashable Evidence where
  hashWithSalt _salt Evidence' {..} =
    _salt
      `Prelude.hashWithSalt` assessmentReportSelection
      `Prelude.hashWithSalt` attributes
      `Prelude.hashWithSalt` awsAccountId
      `Prelude.hashWithSalt` awsOrganization
      `Prelude.hashWithSalt` complianceCheck
      `Prelude.hashWithSalt` dataSource
      `Prelude.hashWithSalt` eventName
      `Prelude.hashWithSalt` eventSource
      `Prelude.hashWithSalt` evidenceAwsAccountId
      `Prelude.hashWithSalt` evidenceByType
      `Prelude.hashWithSalt` evidenceFolderId
      `Prelude.hashWithSalt` iamId
      `Prelude.hashWithSalt` id
      `Prelude.hashWithSalt` resourcesIncluded
      `Prelude.hashWithSalt` time

instance Prelude.NFData Evidence where
  rnf Evidence' {..} =
    Prelude.rnf assessmentReportSelection
      `Prelude.seq` Prelude.rnf attributes
      `Prelude.seq` Prelude.rnf awsAccountId
      `Prelude.seq` Prelude.rnf awsOrganization
      `Prelude.seq` Prelude.rnf complianceCheck
      `Prelude.seq` Prelude.rnf dataSource
      `Prelude.seq` Prelude.rnf eventName
      `Prelude.seq` Prelude.rnf eventSource
      `Prelude.seq` Prelude.rnf evidenceAwsAccountId
      `Prelude.seq` Prelude.rnf evidenceByType
      `Prelude.seq` Prelude.rnf evidenceFolderId
      `Prelude.seq` Prelude.rnf iamId
      `Prelude.seq` Prelude.rnf id
      `Prelude.seq` Prelude.rnf resourcesIncluded
      `Prelude.seq` Prelude.rnf time