amazonka-sts-0.0.0: gen/Network/AWS/STS/DecodeAuthorizationMessage.hs
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE FlexibleInstances #-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE TypeFamilies #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-- Module : Network.AWS.STS.DecodeAuthorizationMessage
-- Copyright : (c) 2013-2014 Brendan Hay <brendan.g.hay@gmail.com>
-- License : This Source Code Form is subject to the terms of
-- the Mozilla Public License, v. 2.0.
-- A copy of the MPL can be found in the LICENSE file or
-- you can obtain it at http://mozilla.org/MPL/2.0/.
-- Maintainer : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability : experimental
-- Portability : non-portable (GHC extensions)
-- | Decodes additional information about the authorization status of a request
-- from an encoded message returned in response to an AWS request. For
-- example, if a user is not authorized to perform an action that he or she
-- has requested, the request returns a Client.UnauthorizedOperation response
-- (an HTTP 403 response). Some AWS actions additionally return an encoded
-- message that can provide details about this authorization failure. The
-- message is encoded because the details of the authorization status can
-- constitute privileged information that the user who requested the action
-- should not see. To decode an authorization status message, a user must be
-- granted permissions via an IAM policy to request the
-- DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action. The
-- decoded message includes the following type of information: Whether the
-- request was denied due to an explicit deny or due to the absence of an
-- explicit allow. For more information, see Determining Whether a Request is
-- Allowed or Denied in Using IAM. The principal who made the request. The
-- requested action. The requested resource. The values of condition keys in
-- the context of the user's request.
--
-- <http://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html>
module Network.AWS.STS.DecodeAuthorizationMessage
(
-- * Request
DecodeAuthorizationMessage
-- ** Request constructor
, decodeAuthorizationMessage
-- ** Request lenses
, damEncodedMessage
-- * Response
, DecodeAuthorizationMessageResponse
-- ** Response constructor
, decodeAuthorizationMessageResponse
-- ** Response lenses
, damrDecodedMessage
) where
import Network.AWS.Prelude
import Network.AWS.Request.Query
import Network.AWS.STS.Types
import qualified GHC.Exts
newtype DecodeAuthorizationMessage = DecodeAuthorizationMessage
{ _damEncodedMessage :: Text
} deriving (Eq, Ord, Show, Monoid, IsString)
-- | 'DecodeAuthorizationMessage' constructor.
--
-- The fields accessible through corresponding lenses are:
--
-- * 'damEncodedMessage' @::@ 'Text'
--
decodeAuthorizationMessage :: Text -- ^ 'damEncodedMessage'
-> DecodeAuthorizationMessage
decodeAuthorizationMessage p1 = DecodeAuthorizationMessage
{ _damEncodedMessage = p1
}
-- | The encoded message that was returned with the response.
damEncodedMessage :: Lens' DecodeAuthorizationMessage Text
damEncodedMessage =
lens _damEncodedMessage (\s a -> s { _damEncodedMessage = a })
newtype DecodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse
{ _damrDecodedMessage :: Maybe Text
} deriving (Eq, Ord, Show, Monoid)
-- | 'DecodeAuthorizationMessageResponse' constructor.
--
-- The fields accessible through corresponding lenses are:
--
-- * 'damrDecodedMessage' @::@ 'Maybe' 'Text'
--
decodeAuthorizationMessageResponse :: DecodeAuthorizationMessageResponse
decodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse
{ _damrDecodedMessage = Nothing
}
-- | An XML document that contains the decoded message. For more information,
-- see DecodeAuthorizationMessage.
damrDecodedMessage :: Lens' DecodeAuthorizationMessageResponse (Maybe Text)
damrDecodedMessage =
lens _damrDecodedMessage (\s a -> s { _damrDecodedMessage = a })
instance ToPath DecodeAuthorizationMessage where
toPath = const "/"
instance ToQuery DecodeAuthorizationMessage where
toQuery DecodeAuthorizationMessage{..} = mconcat
[ "EncodedMessage" =? _damEncodedMessage
]
instance ToHeaders DecodeAuthorizationMessage
instance AWSRequest DecodeAuthorizationMessage where
type Sv DecodeAuthorizationMessage = STS
type Rs DecodeAuthorizationMessage = DecodeAuthorizationMessageResponse
request = post "DecodeAuthorizationMessage"
response = xmlResponse
instance FromXML DecodeAuthorizationMessageResponse where
parseXML = withElement "DecodeAuthorizationMessageResult" $ \x -> DecodeAuthorizationMessageResponse
<$> x .@? "DecodedMessage"