amazonka-redshift-2.0: gen/Amazonka/Redshift/GetClusterCredentialsWithIAM.hs
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-- Derived from AWS service descriptions, licensed under Apache 2.0.
-- |
-- Module : Amazonka.Redshift.GetClusterCredentialsWithIAM
-- Copyright : (c) 2013-2023 Brendan Hay
-- License : Mozilla Public License, v. 2.0.
-- Maintainer : Brendan Hay
-- Stability : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns a database user name and temporary password with temporary
-- authorization to log in to an Amazon Redshift database. The database
-- user is mapped 1:1 to the source Identity and Access Management (IAM)
-- identity. For more information about IAM identities, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html IAM Identities (users, user groups, and roles)>
-- in the Amazon Web Services Identity and Access Management User Guide.
--
-- The Identity and Access Management (IAM) identity that runs this
-- operation must have an IAM policy attached that allows access to all
-- necessary actions and resources. For more information about permissions,
-- see
-- <https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-identity-based.html Using identity-based policies (IAM policies)>
-- in the Amazon Redshift Cluster Management Guide.
module Amazonka.Redshift.GetClusterCredentialsWithIAM
( -- * Creating a Request
GetClusterCredentialsWithIAM (..),
newGetClusterCredentialsWithIAM,
-- * Request Lenses
getClusterCredentialsWithIAM_dbName,
getClusterCredentialsWithIAM_durationSeconds,
getClusterCredentialsWithIAM_clusterIdentifier,
-- * Destructuring the Response
GetClusterCredentialsWithIAMResponse (..),
newGetClusterCredentialsWithIAMResponse,
-- * Response Lenses
getClusterCredentialsWithIAMResponse_dbPassword,
getClusterCredentialsWithIAMResponse_dbUser,
getClusterCredentialsWithIAMResponse_expiration,
getClusterCredentialsWithIAMResponse_nextRefreshTime,
getClusterCredentialsWithIAMResponse_httpStatus,
)
where
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import Amazonka.Redshift.Types
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
-- | /See:/ 'newGetClusterCredentialsWithIAM' smart constructor.
data GetClusterCredentialsWithIAM = GetClusterCredentialsWithIAM'
{ -- | The name of the database for which you are requesting credentials. If
-- the database name is specified, the IAM policy must allow access to the
-- resource @dbname@ for the specified database name. If the database name
-- is not specified, access to all databases is allowed.
dbName :: Prelude.Maybe Prelude.Text,
-- | The number of seconds until the returned temporary password expires.
--
-- Range: 900-3600. Default: 900.
durationSeconds :: Prelude.Maybe Prelude.Int,
-- | The unique identifier of the cluster that contains the database for
-- which you are requesting credentials.
clusterIdentifier :: Prelude.Text
}
deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
-- |
-- Create a value of 'GetClusterCredentialsWithIAM' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'dbName', 'getClusterCredentialsWithIAM_dbName' - The name of the database for which you are requesting credentials. If
-- the database name is specified, the IAM policy must allow access to the
-- resource @dbname@ for the specified database name. If the database name
-- is not specified, access to all databases is allowed.
--
-- 'durationSeconds', 'getClusterCredentialsWithIAM_durationSeconds' - The number of seconds until the returned temporary password expires.
--
-- Range: 900-3600. Default: 900.
--
-- 'clusterIdentifier', 'getClusterCredentialsWithIAM_clusterIdentifier' - The unique identifier of the cluster that contains the database for
-- which you are requesting credentials.
newGetClusterCredentialsWithIAM ::
-- | 'clusterIdentifier'
Prelude.Text ->
GetClusterCredentialsWithIAM
newGetClusterCredentialsWithIAM pClusterIdentifier_ =
GetClusterCredentialsWithIAM'
{ dbName =
Prelude.Nothing,
durationSeconds = Prelude.Nothing,
clusterIdentifier = pClusterIdentifier_
}
-- | The name of the database for which you are requesting credentials. If
-- the database name is specified, the IAM policy must allow access to the
-- resource @dbname@ for the specified database name. If the database name
-- is not specified, access to all databases is allowed.
getClusterCredentialsWithIAM_dbName :: Lens.Lens' GetClusterCredentialsWithIAM (Prelude.Maybe Prelude.Text)
getClusterCredentialsWithIAM_dbName = Lens.lens (\GetClusterCredentialsWithIAM' {dbName} -> dbName) (\s@GetClusterCredentialsWithIAM' {} a -> s {dbName = a} :: GetClusterCredentialsWithIAM)
-- | The number of seconds until the returned temporary password expires.
--
-- Range: 900-3600. Default: 900.
getClusterCredentialsWithIAM_durationSeconds :: Lens.Lens' GetClusterCredentialsWithIAM (Prelude.Maybe Prelude.Int)
getClusterCredentialsWithIAM_durationSeconds = Lens.lens (\GetClusterCredentialsWithIAM' {durationSeconds} -> durationSeconds) (\s@GetClusterCredentialsWithIAM' {} a -> s {durationSeconds = a} :: GetClusterCredentialsWithIAM)
-- | The unique identifier of the cluster that contains the database for
-- which you are requesting credentials.
getClusterCredentialsWithIAM_clusterIdentifier :: Lens.Lens' GetClusterCredentialsWithIAM Prelude.Text
getClusterCredentialsWithIAM_clusterIdentifier = Lens.lens (\GetClusterCredentialsWithIAM' {clusterIdentifier} -> clusterIdentifier) (\s@GetClusterCredentialsWithIAM' {} a -> s {clusterIdentifier = a} :: GetClusterCredentialsWithIAM)
instance Core.AWSRequest GetClusterCredentialsWithIAM where
type
AWSResponse GetClusterCredentialsWithIAM =
GetClusterCredentialsWithIAMResponse
request overrides =
Request.postQuery (overrides defaultService)
response =
Response.receiveXMLWrapper
"GetClusterCredentialsWithIAMResult"
( \s h x ->
GetClusterCredentialsWithIAMResponse'
Prelude.<$> (x Data..@? "DbPassword")
Prelude.<*> (x Data..@? "DbUser")
Prelude.<*> (x Data..@? "Expiration")
Prelude.<*> (x Data..@? "NextRefreshTime")
Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
)
instance
Prelude.Hashable
GetClusterCredentialsWithIAM
where
hashWithSalt _salt GetClusterCredentialsWithIAM' {..} =
_salt
`Prelude.hashWithSalt` dbName
`Prelude.hashWithSalt` durationSeconds
`Prelude.hashWithSalt` clusterIdentifier
instance Prelude.NFData GetClusterCredentialsWithIAM where
rnf GetClusterCredentialsWithIAM' {..} =
Prelude.rnf dbName
`Prelude.seq` Prelude.rnf durationSeconds
`Prelude.seq` Prelude.rnf clusterIdentifier
instance Data.ToHeaders GetClusterCredentialsWithIAM where
toHeaders = Prelude.const Prelude.mempty
instance Data.ToPath GetClusterCredentialsWithIAM where
toPath = Prelude.const "/"
instance Data.ToQuery GetClusterCredentialsWithIAM where
toQuery GetClusterCredentialsWithIAM' {..} =
Prelude.mconcat
[ "Action"
Data.=: ( "GetClusterCredentialsWithIAM" ::
Prelude.ByteString
),
"Version"
Data.=: ("2012-12-01" :: Prelude.ByteString),
"DbName" Data.=: dbName,
"DurationSeconds" Data.=: durationSeconds,
"ClusterIdentifier" Data.=: clusterIdentifier
]
-- | /See:/ 'newGetClusterCredentialsWithIAMResponse' smart constructor.
data GetClusterCredentialsWithIAMResponse = GetClusterCredentialsWithIAMResponse'
{ -- | A temporary password that you provide when you connect to a database.
dbPassword :: Prelude.Maybe (Data.Sensitive Prelude.Text),
-- | A database user name that you provide when you connect to a database.
-- The database user is mapped 1:1 to the source IAM identity.
dbUser :: Prelude.Maybe Prelude.Text,
-- | The time (UTC) when the temporary password expires. After this
-- timestamp, a log in with the temporary password fails.
expiration :: Prelude.Maybe Data.ISO8601,
-- | Reserved for future use.
nextRefreshTime :: Prelude.Maybe Data.ISO8601,
-- | The response's http status code.
httpStatus :: Prelude.Int
}
deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
-- |
-- Create a value of 'GetClusterCredentialsWithIAMResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'dbPassword', 'getClusterCredentialsWithIAMResponse_dbPassword' - A temporary password that you provide when you connect to a database.
--
-- 'dbUser', 'getClusterCredentialsWithIAMResponse_dbUser' - A database user name that you provide when you connect to a database.
-- The database user is mapped 1:1 to the source IAM identity.
--
-- 'expiration', 'getClusterCredentialsWithIAMResponse_expiration' - The time (UTC) when the temporary password expires. After this
-- timestamp, a log in with the temporary password fails.
--
-- 'nextRefreshTime', 'getClusterCredentialsWithIAMResponse_nextRefreshTime' - Reserved for future use.
--
-- 'httpStatus', 'getClusterCredentialsWithIAMResponse_httpStatus' - The response's http status code.
newGetClusterCredentialsWithIAMResponse ::
-- | 'httpStatus'
Prelude.Int ->
GetClusterCredentialsWithIAMResponse
newGetClusterCredentialsWithIAMResponse pHttpStatus_ =
GetClusterCredentialsWithIAMResponse'
{ dbPassword =
Prelude.Nothing,
dbUser = Prelude.Nothing,
expiration = Prelude.Nothing,
nextRefreshTime = Prelude.Nothing,
httpStatus = pHttpStatus_
}
-- | A temporary password that you provide when you connect to a database.
getClusterCredentialsWithIAMResponse_dbPassword :: Lens.Lens' GetClusterCredentialsWithIAMResponse (Prelude.Maybe Prelude.Text)
getClusterCredentialsWithIAMResponse_dbPassword = Lens.lens (\GetClusterCredentialsWithIAMResponse' {dbPassword} -> dbPassword) (\s@GetClusterCredentialsWithIAMResponse' {} a -> s {dbPassword = a} :: GetClusterCredentialsWithIAMResponse) Prelude.. Lens.mapping Data._Sensitive
-- | A database user name that you provide when you connect to a database.
-- The database user is mapped 1:1 to the source IAM identity.
getClusterCredentialsWithIAMResponse_dbUser :: Lens.Lens' GetClusterCredentialsWithIAMResponse (Prelude.Maybe Prelude.Text)
getClusterCredentialsWithIAMResponse_dbUser = Lens.lens (\GetClusterCredentialsWithIAMResponse' {dbUser} -> dbUser) (\s@GetClusterCredentialsWithIAMResponse' {} a -> s {dbUser = a} :: GetClusterCredentialsWithIAMResponse)
-- | The time (UTC) when the temporary password expires. After this
-- timestamp, a log in with the temporary password fails.
getClusterCredentialsWithIAMResponse_expiration :: Lens.Lens' GetClusterCredentialsWithIAMResponse (Prelude.Maybe Prelude.UTCTime)
getClusterCredentialsWithIAMResponse_expiration = Lens.lens (\GetClusterCredentialsWithIAMResponse' {expiration} -> expiration) (\s@GetClusterCredentialsWithIAMResponse' {} a -> s {expiration = a} :: GetClusterCredentialsWithIAMResponse) Prelude.. Lens.mapping Data._Time
-- | Reserved for future use.
getClusterCredentialsWithIAMResponse_nextRefreshTime :: Lens.Lens' GetClusterCredentialsWithIAMResponse (Prelude.Maybe Prelude.UTCTime)
getClusterCredentialsWithIAMResponse_nextRefreshTime = Lens.lens (\GetClusterCredentialsWithIAMResponse' {nextRefreshTime} -> nextRefreshTime) (\s@GetClusterCredentialsWithIAMResponse' {} a -> s {nextRefreshTime = a} :: GetClusterCredentialsWithIAMResponse) Prelude.. Lens.mapping Data._Time
-- | The response's http status code.
getClusterCredentialsWithIAMResponse_httpStatus :: Lens.Lens' GetClusterCredentialsWithIAMResponse Prelude.Int
getClusterCredentialsWithIAMResponse_httpStatus = Lens.lens (\GetClusterCredentialsWithIAMResponse' {httpStatus} -> httpStatus) (\s@GetClusterCredentialsWithIAMResponse' {} a -> s {httpStatus = a} :: GetClusterCredentialsWithIAMResponse)
instance
Prelude.NFData
GetClusterCredentialsWithIAMResponse
where
rnf GetClusterCredentialsWithIAMResponse' {..} =
Prelude.rnf dbPassword
`Prelude.seq` Prelude.rnf dbUser
`Prelude.seq` Prelude.rnf expiration
`Prelude.seq` Prelude.rnf nextRefreshTime
`Prelude.seq` Prelude.rnf httpStatus