{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE DeriveGeneric      #-}
{-# LANGUAGE OverloadedStrings  #-}
{-# LANGUAGE RecordWildCards    #-}
{-# LANGUAGE TypeFamilies       #-}

{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Network.AWS.IAM.SimulateCustomPolicy
-- Copyright   : (c) 2013-2015 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Simulate a set of IAM policies against a list of API actions and AWS
-- resources to determine the policies\' effective permissions. The
-- policies are provided as a list of strings.
--
-- The simulation does not perform the API actions, it only checks the
-- authorization to determine if the simulated policies allow or deny the
-- actions.
--
-- If you want to simulate existing policies attached to an IAM user,
-- group, or role, use SimulatePrincipalPolicy instead.
--
-- Context keys are variables maintained by AWS and its services that
-- provide details about the context of an API query request, and can be
-- evaluated by using the 'Condition' element of an IAM policy. To get the
-- list of context keys required by the policies to simulate them
-- correctly, use GetContextKeysForCustomPolicy.
--
-- If the output is long, you can paginate the results using the 'MaxItems'
-- and 'Marker' parameters.
--
-- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html AWS API Reference> for SimulateCustomPolicy.
module Network.AWS.IAM.SimulateCustomPolicy
    (
    -- * Creating a Request
      simulateCustomPolicy
    , SimulateCustomPolicy
    -- * Request Lenses
    , scpResourceARNs
    , scpMarker
    , scpMaxItems
    , scpContextEntries
    , scpPolicyInputList
    , scpActionNames

    -- * Destructuring the Response
    , simulatePolicyResponse
    , SimulatePolicyResponse
    -- * Response Lenses
    , spEvaluationResults
    , spMarker
    , spIsTruncated
    ) where

import           Network.AWS.IAM.Types
import           Network.AWS.IAM.Types.Product
import           Network.AWS.Prelude
import           Network.AWS.Request
import           Network.AWS.Response

-- | /See:/ 'simulateCustomPolicy' smart constructor.
data SimulateCustomPolicy = SimulateCustomPolicy'
    { _scpResourceARNs    :: !(Maybe [Text])
    , _scpMarker          :: !(Maybe Text)
    , _scpMaxItems        :: !(Maybe Nat)
    , _scpContextEntries  :: !(Maybe [ContextEntry])
    , _scpPolicyInputList :: ![Text]
    , _scpActionNames     :: ![Text]
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SimulateCustomPolicy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'scpResourceARNs'
--
-- * 'scpMarker'
--
-- * 'scpMaxItems'
--
-- * 'scpContextEntries'
--
-- * 'scpPolicyInputList'
--
-- * 'scpActionNames'
simulateCustomPolicy
    :: SimulateCustomPolicy
simulateCustomPolicy =
    SimulateCustomPolicy'
    { _scpResourceARNs = Nothing
    , _scpMarker = Nothing
    , _scpMaxItems = Nothing
    , _scpContextEntries = Nothing
    , _scpPolicyInputList = mempty
    , _scpActionNames = mempty
    }

-- | A list of ARNs of AWS resources to include in the simulation. If this
-- parameter is not provided then the value defaults to '*' (all
-- resources). Each API in the 'ActionNames' parameter is evaluated for
-- each resource in this list. The simulation determines the access result
-- (allowed or denied) of each combination and reports it in the response.
scpResourceARNs :: Lens' SimulateCustomPolicy [Text]
scpResourceARNs = lens _scpResourceARNs (\ s a -> s{_scpResourceARNs = a}) . _Default . _Coerce;

-- | Use this parameter only when paginating results and only after you
-- receive a response indicating that the results are truncated. Set it to
-- the value of the 'Marker' element in the response you received to inform
-- the next call about where to start.
scpMarker :: Lens' SimulateCustomPolicy (Maybe Text)
scpMarker = lens _scpMarker (\ s a -> s{_scpMarker = a});

-- | Use this only when paginating results to indicate the maximum number of
-- items you want in the response. If there are additional items beyond the
-- maximum you specify, the 'IsTruncated' response element is 'true'.
--
-- This parameter is optional. If you do not include it, it defaults to
-- 100. Note that IAM might return fewer results, even when there are more
-- results available. If this is the case, the 'IsTruncated' response
-- element returns 'true' and 'Marker' contains a value to include in the
-- subsequent call that tells the service where to continue from.
scpMaxItems :: Lens' SimulateCustomPolicy (Maybe Natural)
scpMaxItems = lens _scpMaxItems (\ s a -> s{_scpMaxItems = a}) . mapping _Nat;

-- | A list of context keys and corresponding values that are used by the
-- simulation. Whenever a context key is evaluated by a 'Condition' element
-- in one of the simulated IAM permission policies, the corresponding value
-- is supplied.
scpContextEntries :: Lens' SimulateCustomPolicy [ContextEntry]
scpContextEntries = lens _scpContextEntries (\ s a -> s{_scpContextEntries = a}) . _Default . _Coerce;

-- | A list of policy documents to include in the simulation. Each document
-- is specified as a string containing the complete, valid JSON text of an
-- IAM policy.
scpPolicyInputList :: Lens' SimulateCustomPolicy [Text]
scpPolicyInputList = lens _scpPolicyInputList (\ s a -> s{_scpPolicyInputList = a}) . _Coerce;

-- | A list of names of API actions to evaluate in the simulation. Each
-- action is evaluated for each resource. Each action must include the
-- service identifier, such as 'iam:CreateUser'.
scpActionNames :: Lens' SimulateCustomPolicy [Text]
scpActionNames = lens _scpActionNames (\ s a -> s{_scpActionNames = a}) . _Coerce;

instance AWSRequest SimulateCustomPolicy where
        type Rs SimulateCustomPolicy = SimulatePolicyResponse
        request = postQuery iAM
        response
          = receiveXMLWrapper "SimulateCustomPolicyResult"
              (\ s h x -> parseXML x)

instance ToHeaders SimulateCustomPolicy where
        toHeaders = const mempty

instance ToPath SimulateCustomPolicy where
        toPath = const "/"

instance ToQuery SimulateCustomPolicy where
        toQuery SimulateCustomPolicy'{..}
          = mconcat
              ["Action" =: ("SimulateCustomPolicy" :: ByteString),
               "Version" =: ("2010-05-08" :: ByteString),
               "ResourceArns" =:
                 toQuery (toQueryList "member" <$> _scpResourceARNs),
               "Marker" =: _scpMarker, "MaxItems" =: _scpMaxItems,
               "ContextEntries" =:
                 toQuery
                   (toQueryList "member" <$> _scpContextEntries),
               "PolicyInputList" =:
                 toQueryList "member" _scpPolicyInputList,
               "ActionNames" =:
                 toQueryList "member" _scpActionNames]