amazonka-sts-0.2.2: gen/Network/AWS/STS/DecodeAuthorizationMessage.hs
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE FlexibleInstances #-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
{-# LANGUAGE LambdaCase #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE TypeFamilies #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-- Module : Network.AWS.STS.DecodeAuthorizationMessage
-- Copyright : (c) 2013-2014 Brendan Hay <brendan.g.hay@gmail.com>
-- License : This Source Code Form is subject to the terms of
-- the Mozilla Public License, v. 2.0.
-- A copy of the MPL can be found in the LICENSE file or
-- you can obtain it at http://mozilla.org/MPL/2.0/.
-- Maintainer : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability : experimental
-- Portability : non-portable (GHC extensions)
--
-- Derived from AWS service descriptions, licensed under Apache 2.0.
-- | Decodes additional information about the authorization status of a request
-- from an encoded message returned in response to an AWS request.
--
-- For example, if a user is not authorized to perform an action that he or she
-- has requested, the request returns a 'Client.UnauthorizedOperation' response
-- (an HTTP 403 response). Some AWS actions additionally return an encoded
-- message that can provide details about this authorization failure.
--
-- The message is encoded because the details of the authorization status can
-- constitute privileged information that the user who requested the action
-- should not see. To decode an authorization status message, a user must be
-- granted permissions via an IAM policy to request the 'DecodeAuthorizationMessage' ('sts:DecodeAuthorizationMessage') action.
--
-- The decoded message includes the following type of information:
--
-- Whether the request was denied due to an explicit deny or due to the
-- absence of an explicit allow. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html#policy-eval-denyallow Determining Whether aRequest is Allowed or Denied> in /Using IAM/. The principal who made the
-- request. The requested action. The requested resource. The values of
-- condition keys in the context of the user's request.
--
-- <http://docs.aws.amazon.com/STS/latest/APIReference/API_DecodeAuthorizationMessage.html>
module Network.AWS.STS.DecodeAuthorizationMessage
(
-- * Request
DecodeAuthorizationMessage
-- ** Request constructor
, decodeAuthorizationMessage
-- ** Request lenses
, damEncodedMessage
-- * Response
, DecodeAuthorizationMessageResponse
-- ** Response constructor
, decodeAuthorizationMessageResponse
-- ** Response lenses
, damrDecodedMessage
) where
import Network.AWS.Prelude
import Network.AWS.Request.Query
import Network.AWS.STS.Types
import qualified GHC.Exts
newtype DecodeAuthorizationMessage = DecodeAuthorizationMessage
{ _damEncodedMessage :: Text
} deriving (Eq, Ord, Read, Show, Monoid, IsString)
-- | 'DecodeAuthorizationMessage' constructor.
--
-- The fields accessible through corresponding lenses are:
--
-- * 'damEncodedMessage' @::@ 'Text'
--
decodeAuthorizationMessage :: Text -- ^ 'damEncodedMessage'
-> DecodeAuthorizationMessage
decodeAuthorizationMessage p1 = DecodeAuthorizationMessage
{ _damEncodedMessage = p1
}
-- | The encoded message that was returned with the response.
damEncodedMessage :: Lens' DecodeAuthorizationMessage Text
damEncodedMessage =
lens _damEncodedMessage (\s a -> s { _damEncodedMessage = a })
newtype DecodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse
{ _damrDecodedMessage :: Maybe Text
} deriving (Eq, Ord, Read, Show, Monoid)
-- | 'DecodeAuthorizationMessageResponse' constructor.
--
-- The fields accessible through corresponding lenses are:
--
-- * 'damrDecodedMessage' @::@ 'Maybe' 'Text'
--
decodeAuthorizationMessageResponse :: DecodeAuthorizationMessageResponse
decodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse
{ _damrDecodedMessage = Nothing
}
-- | An XML document that contains the decoded message. For more information, see 'DecodeAuthorizationMessage'.
damrDecodedMessage :: Lens' DecodeAuthorizationMessageResponse (Maybe Text)
damrDecodedMessage =
lens _damrDecodedMessage (\s a -> s { _damrDecodedMessage = a })
instance ToPath DecodeAuthorizationMessage where
toPath = const "/"
instance ToQuery DecodeAuthorizationMessage where
toQuery DecodeAuthorizationMessage{..} = mconcat
[ "EncodedMessage" =? _damEncodedMessage
]
instance ToHeaders DecodeAuthorizationMessage
instance AWSRequest DecodeAuthorizationMessage where
type Sv DecodeAuthorizationMessage = STS
type Rs DecodeAuthorizationMessage = DecodeAuthorizationMessageResponse
request = post "DecodeAuthorizationMessage"
response = xmlResponse
instance FromXML DecodeAuthorizationMessageResponse where
parseXML = withElement "DecodeAuthorizationMessageResult" $ \x -> DecodeAuthorizationMessageResponse
<$> x .@? "DecodedMessage"