{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE DeriveGeneric      #-}
{-# LANGUAGE OverloadedStrings  #-}
{-# LANGUAGE RecordWildCards    #-}

{-# OPTIONS_GHC -fno-warn-unused-imports #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Network.AWS.IAM.Types.Product
-- Copyright   : (c) 2013-2016 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
module Network.AWS.IAM.Types.Product where

import           Network.AWS.IAM.Types.Sum
import           Network.AWS.Lens
import           Network.AWS.Prelude

-- | Contains information about an AWS access key.
--
-- This data type is used as a response element in the < CreateAccessKey>
-- and < ListAccessKeys> actions.
--
-- The 'SecretAccessKey' value is returned only in response to
-- < CreateAccessKey>. You can get a secret access key only when you first
-- create an access key; you cannot recover the secret access key later. If
-- you lose a secret access key, you must create a new access key.
--
-- /See:/ 'accessKey' smart constructor.
data AccessKey = AccessKey'
    { _akCreateDate      :: !(Maybe ISO8601)
    , _akUserName        :: !Text
    , _akAccessKeyId     :: !Text
    , _akStatus          :: !StatusType
    , _akSecretAccessKey :: !(Sensitive Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AccessKey' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'akCreateDate'
--
-- * 'akUserName'
--
-- * 'akAccessKeyId'
--
-- * 'akStatus'
--
-- * 'akSecretAccessKey'
accessKey
    :: Text -- ^ 'akUserName'
    -> Text -- ^ 'akAccessKeyId'
    -> StatusType -- ^ 'akStatus'
    -> Text -- ^ 'akSecretAccessKey'
    -> AccessKey
accessKey pUserName_ pAccessKeyId_ pStatus_ pSecretAccessKey_ =
    AccessKey'
    { _akCreateDate = Nothing
    , _akUserName = pUserName_
    , _akAccessKeyId = pAccessKeyId_
    , _akStatus = pStatus_
    , _akSecretAccessKey = _Sensitive # pSecretAccessKey_
    }

-- | The date when the access key was created.
akCreateDate :: Lens' AccessKey (Maybe UTCTime)
akCreateDate = lens _akCreateDate (\ s a -> s{_akCreateDate = a}) . mapping _Time;

-- | The name of the IAM user that the access key is associated with.
akUserName :: Lens' AccessKey Text
akUserName = lens _akUserName (\ s a -> s{_akUserName = a});

-- | The ID for this access key.
akAccessKeyId :: Lens' AccessKey Text
akAccessKeyId = lens _akAccessKeyId (\ s a -> s{_akAccessKeyId = a});

-- | The status of the access key. 'Active' means the key is valid for API
-- calls, while 'Inactive' means it is not.
akStatus :: Lens' AccessKey StatusType
akStatus = lens _akStatus (\ s a -> s{_akStatus = a});

-- | The secret key used to sign requests.
akSecretAccessKey :: Lens' AccessKey Text
akSecretAccessKey = lens _akSecretAccessKey (\ s a -> s{_akSecretAccessKey = a}) . _Sensitive;

instance FromXML AccessKey where
        parseXML x
          = AccessKey' <$>
              (x .@? "CreateDate") <*> (x .@ "UserName") <*>
                (x .@ "AccessKeyId")
                <*> (x .@ "Status")
                <*> (x .@ "SecretAccessKey")

instance Hashable AccessKey

-- | Contains information about the last time an AWS access key was used.
--
-- This data type is used as a response element in the
-- < GetAccessKeyLastUsed> action.
--
-- /See:/ 'accessKeyLastUsed' smart constructor.
data AccessKeyLastUsed = AccessKeyLastUsed'
    { _akluLastUsedDate :: !ISO8601
    , _akluServiceName  :: !Text
    , _akluRegion       :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AccessKeyLastUsed' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'akluLastUsedDate'
--
-- * 'akluServiceName'
--
-- * 'akluRegion'
accessKeyLastUsed
    :: UTCTime -- ^ 'akluLastUsedDate'
    -> Text -- ^ 'akluServiceName'
    -> Text -- ^ 'akluRegion'
    -> AccessKeyLastUsed
accessKeyLastUsed pLastUsedDate_ pServiceName_ pRegion_ =
    AccessKeyLastUsed'
    { _akluLastUsedDate = _Time # pLastUsedDate_
    , _akluServiceName = pServiceName_
    , _akluRegion = pRegion_
    }

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- access key was most recently used. This field is null when:
--
-- -   The user does not have an access key.
--
-- -   An access key exists but has never been used, at least not since IAM
--     started tracking this information on April 22nd, 2015.
--
-- -   There is no sign-in data associated with the user
--
akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime
akluLastUsedDate = lens _akluLastUsedDate (\ s a -> s{_akluLastUsedDate = a}) . _Time;

-- | The name of the AWS service with which this access key was most recently
-- used. This field is null when:
--
-- -   The user does not have an access key.
--
-- -   An access key exists but has never been used, at least not since IAM
--     started tracking this information on April 22nd, 2015.
--
-- -   There is no sign-in data associated with the user
--
akluServiceName :: Lens' AccessKeyLastUsed Text
akluServiceName = lens _akluServiceName (\ s a -> s{_akluServiceName = a});

-- | The AWS region where this access key was most recently used. This field
-- is null when:
--
-- -   The user does not have an access key.
--
-- -   An access key exists but has never been used, at least not since IAM
--     started tracking this information on April 22nd, 2015.
--
-- -   There is no sign-in data associated with the user
--
-- For more information about AWS regions, see
-- <http://docs.aws.amazon.com/general/latest/gr/rande.html Regions and Endpoints>
-- in the Amazon Web Services General Reference.
akluRegion :: Lens' AccessKeyLastUsed Text
akluRegion = lens _akluRegion (\ s a -> s{_akluRegion = a});

instance FromXML AccessKeyLastUsed where
        parseXML x
          = AccessKeyLastUsed' <$>
              (x .@ "LastUsedDate") <*> (x .@ "ServiceName") <*>
                (x .@ "Region")

instance Hashable AccessKeyLastUsed

-- | Contains information about an AWS access key, without its secret key.
--
-- This data type is used as a response element in the < ListAccessKeys>
-- action.
--
-- /See:/ 'accessKeyMetadata' smart constructor.
data AccessKeyMetadata = AccessKeyMetadata'
    { _akmStatus      :: !(Maybe StatusType)
    , _akmCreateDate  :: !(Maybe ISO8601)
    , _akmUserName    :: !(Maybe Text)
    , _akmAccessKeyId :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AccessKeyMetadata' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'akmStatus'
--
-- * 'akmCreateDate'
--
-- * 'akmUserName'
--
-- * 'akmAccessKeyId'
accessKeyMetadata
    :: AccessKeyMetadata
accessKeyMetadata =
    AccessKeyMetadata'
    { _akmStatus = Nothing
    , _akmCreateDate = Nothing
    , _akmUserName = Nothing
    , _akmAccessKeyId = Nothing
    }

-- | The status of the access key. 'Active' means the key is valid for API
-- calls; 'Inactive' means it is not.
akmStatus :: Lens' AccessKeyMetadata (Maybe StatusType)
akmStatus = lens _akmStatus (\ s a -> s{_akmStatus = a});

-- | The date when the access key was created.
akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime)
akmCreateDate = lens _akmCreateDate (\ s a -> s{_akmCreateDate = a}) . mapping _Time;

-- | The name of the IAM user that the key is associated with.
akmUserName :: Lens' AccessKeyMetadata (Maybe Text)
akmUserName = lens _akmUserName (\ s a -> s{_akmUserName = a});

-- | The ID for this access key.
akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe Text)
akmAccessKeyId = lens _akmAccessKeyId (\ s a -> s{_akmAccessKeyId = a});

instance FromXML AccessKeyMetadata where
        parseXML x
          = AccessKeyMetadata' <$>
              (x .@? "Status") <*> (x .@? "CreateDate") <*>
                (x .@? "UserName")
                <*> (x .@? "AccessKeyId")

instance Hashable AccessKeyMetadata

-- | Contains information about an attached policy.
--
-- An attached policy is a managed policy that has been attached to a user,
-- group, or role. This data type is used as a response element in the
-- < ListAttachedGroupPolicies>, < ListAttachedRolePolicies>,
-- < ListAttachedUserPolicies>, and < GetAccountAuthorizationDetails>
-- actions.
--
-- For more information about managed policies, refer to
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
-- in the /Using IAM/ guide.
--
-- /See:/ 'attachedPolicy' smart constructor.
data AttachedPolicy = AttachedPolicy'
    { _apPolicyName :: !(Maybe Text)
    , _apPolicyARN  :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AttachedPolicy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'apPolicyName'
--
-- * 'apPolicyARN'
attachedPolicy
    :: AttachedPolicy
attachedPolicy =
    AttachedPolicy'
    { _apPolicyName = Nothing
    , _apPolicyARN = Nothing
    }

-- | The friendly name of the attached policy.
apPolicyName :: Lens' AttachedPolicy (Maybe Text)
apPolicyName = lens _apPolicyName (\ s a -> s{_apPolicyName = a});

-- | Undocumented member.
apPolicyARN :: Lens' AttachedPolicy (Maybe Text)
apPolicyARN = lens _apPolicyARN (\ s a -> s{_apPolicyARN = a});

instance FromXML AttachedPolicy where
        parseXML x
          = AttachedPolicy' <$>
              (x .@? "PolicyName") <*> (x .@? "PolicyArn")

instance Hashable AttachedPolicy

-- | Contains information about a condition context key. It includes the name
-- of the key and specifies the value (or values, if the context key
-- supports multiple values) to use in the simulation. This information is
-- used when evaluating the 'Condition' elements of the input policies.
--
-- This data type is used as an input parameter to 'SimulatePolicy'.
--
-- /See:/ 'contextEntry' smart constructor.
data ContextEntry = ContextEntry'
    { _ceContextKeyValues :: !(Maybe [Text])
    , _ceContextKeyName   :: !(Maybe Text)
    , _ceContextKeyType   :: !(Maybe ContextKeyTypeEnum)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ContextEntry' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'ceContextKeyValues'
--
-- * 'ceContextKeyName'
--
-- * 'ceContextKeyType'
contextEntry
    :: ContextEntry
contextEntry =
    ContextEntry'
    { _ceContextKeyValues = Nothing
    , _ceContextKeyName = Nothing
    , _ceContextKeyType = Nothing
    }

-- | The value (or values, if the condition context key supports multiple
-- values) to provide to the simulation for use when the key is referenced
-- by a 'Condition' element in an input policy.
ceContextKeyValues :: Lens' ContextEntry [Text]
ceContextKeyValues = lens _ceContextKeyValues (\ s a -> s{_ceContextKeyValues = a}) . _Default . _Coerce;

-- | The full name of a condition context key, including the service prefix.
-- For example, 'aws:SourceIp' or 's3:VersionId'.
ceContextKeyName :: Lens' ContextEntry (Maybe Text)
ceContextKeyName = lens _ceContextKeyName (\ s a -> s{_ceContextKeyName = a});

-- | The data type of the value (or values) specified in the
-- 'ContextKeyValues' parameter.
ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)
ceContextKeyType = lens _ceContextKeyType (\ s a -> s{_ceContextKeyType = a});

instance Hashable ContextEntry

instance ToQuery ContextEntry where
        toQuery ContextEntry'{..}
          = mconcat
              ["ContextKeyValues" =:
                 toQuery
                   (toQueryList "member" <$> _ceContextKeyValues),
               "ContextKeyName" =: _ceContextKeyName,
               "ContextKeyType" =: _ceContextKeyType]

-- | Contains the results of a simulation.
--
-- This data type is used by the return parameter of 'SimulatePolicy'.
--
-- /See:/ 'evaluationResult' smart constructor.
data EvaluationResult = EvaluationResult'
    { _erMatchedStatements       :: !(Maybe [Statement])
    , _erEvalDecisionDetails     :: !(Maybe (Map Text PolicyEvaluationDecisionType))
    , _erResourceSpecificResults :: !(Maybe [ResourceSpecificResult])
    , _erEvalResourceName        :: !(Maybe Text)
    , _erMissingContextValues    :: !(Maybe [Text])
    , _erEvalActionName          :: !Text
    , _erEvalDecision            :: !PolicyEvaluationDecisionType
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'EvaluationResult' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'erMatchedStatements'
--
-- * 'erEvalDecisionDetails'
--
-- * 'erResourceSpecificResults'
--
-- * 'erEvalResourceName'
--
-- * 'erMissingContextValues'
--
-- * 'erEvalActionName'
--
-- * 'erEvalDecision'
evaluationResult
    :: Text -- ^ 'erEvalActionName'
    -> PolicyEvaluationDecisionType -- ^ 'erEvalDecision'
    -> EvaluationResult
evaluationResult pEvalActionName_ pEvalDecision_ =
    EvaluationResult'
    { _erMatchedStatements = Nothing
    , _erEvalDecisionDetails = Nothing
    , _erResourceSpecificResults = Nothing
    , _erEvalResourceName = Nothing
    , _erMissingContextValues = Nothing
    , _erEvalActionName = pEvalActionName_
    , _erEvalDecision = pEvalDecision_
    }

-- | A list of the statements in the input policies that determine the result
-- for this scenario. Remember that even if multiple statements allow the
-- action on the resource, if only one statement denies that action, then
-- the explicit deny overrides any allow, and the deny statement is the
-- only entry included in the result.
erMatchedStatements :: Lens' EvaluationResult [Statement]
erMatchedStatements = lens _erMatchedStatements (\ s a -> s{_erMatchedStatements = a}) . _Default . _Coerce;

-- | Additional details about the results of the evaluation decision. When
-- there are both IAM policies and resource policies, this parameter
-- explains how each set of policies contributes to the final evaluation
-- decision. When simulating cross-account access to a resource, both the
-- resource-based policy and the caller\'s IAM policy must grant access.
-- See
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html How IAM Roles Differ from Resource-based Policies>
erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType)
erEvalDecisionDetails = lens _erEvalDecisionDetails (\ s a -> s{_erEvalDecisionDetails = a}) . _Default . _Map;

-- | The individual results of the simulation of the API action specified in
-- EvalActionName on each resource.
erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult]
erResourceSpecificResults = lens _erResourceSpecificResults (\ s a -> s{_erResourceSpecificResults = a}) . _Default . _Coerce;

-- | The ARN of the resource that the indicated API action was tested on.
erEvalResourceName :: Lens' EvaluationResult (Maybe Text)
erEvalResourceName = lens _erEvalResourceName (\ s a -> s{_erEvalResourceName = a});

-- | A list of context keys that are required by the included input policies
-- but that were not provided by one of the input parameters. This list is
-- used when the resource in a simulation is \"*\", either explicitly, or
-- when the 'ResourceArns' parameter blank. If you include a list of
-- resources, then any missing context values are instead included under
-- the 'ResourceSpecificResults' section. To discover the context keys used
-- by a set of policies, you can call < GetContextKeysForCustomPolicy> or
-- < GetContextKeysForPrincipalPolicy>.
--
-- If the response includes any keys in this list, then the reported
-- results might be untrustworthy because the simulation could not
-- completely evaluate all of the conditions specified in the policies that
-- would occur in a real world request.
erMissingContextValues :: Lens' EvaluationResult [Text]
erMissingContextValues = lens _erMissingContextValues (\ s a -> s{_erMissingContextValues = a}) . _Default . _Coerce;

-- | The name of the API action tested on the indicated resource.
erEvalActionName :: Lens' EvaluationResult Text
erEvalActionName = lens _erEvalActionName (\ s a -> s{_erEvalActionName = a});

-- | The result of the simulation.
erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType
erEvalDecision = lens _erEvalDecision (\ s a -> s{_erEvalDecision = a});

instance FromXML EvaluationResult where
        parseXML x
          = EvaluationResult' <$>
              (x .@? "MatchedStatements" .!@ mempty >>=
                 may (parseXMLList "member"))
                <*>
                (x .@? "EvalDecisionDetails" .!@ mempty >>=
                   may (parseXMLMap "entry" "key" "value"))
                <*>
                (x .@? "ResourceSpecificResults" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@? "EvalResourceName")
                <*>
                (x .@? "MissingContextValues" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@ "EvalActionName")
                <*> (x .@ "EvalDecision")

instance Hashable EvaluationResult

-- | Contains the response to a successful
-- < GetContextKeysForPrincipalPolicy> or < GetContextKeysForCustomPolicy>
-- request.
--
-- /See:/ 'getContextKeysForPolicyResponse' smart constructor.
newtype GetContextKeysForPolicyResponse = GetContextKeysForPolicyResponse'
    { _gckfpContextKeyNames :: Maybe [Text]
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'GetContextKeysForPolicyResponse' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'gckfpContextKeyNames'
getContextKeysForPolicyResponse
    :: GetContextKeysForPolicyResponse
getContextKeysForPolicyResponse =
    GetContextKeysForPolicyResponse'
    { _gckfpContextKeyNames = Nothing
    }

-- | The list of context keys that are used in the 'Condition' elements of
-- the input policies.
gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]
gckfpContextKeyNames = lens _gckfpContextKeyNames (\ s a -> s{_gckfpContextKeyNames = a}) . _Default . _Coerce;

instance FromXML GetContextKeysForPolicyResponse
         where
        parseXML x
          = GetContextKeysForPolicyResponse' <$>
              (x .@? "ContextKeyNames" .!@ mempty >>=
                 may (parseXMLList "member"))

instance Hashable GetContextKeysForPolicyResponse

-- | Contains information about an IAM group entity.
--
-- This data type is used as a response element in the following actions:
--
-- -   < CreateGroup>
-- -   < GetGroup>
-- -   < ListGroups>
--
-- /See:/ 'group'' smart constructor.
data Group = Group'
    { _gPath       :: !Text
    , _gGroupName  :: !Text
    , _gGroupId    :: !Text
    , _gARN        :: !Text
    , _gCreateDate :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Group' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'gPath'
--
-- * 'gGroupName'
--
-- * 'gGroupId'
--
-- * 'gARN'
--
-- * 'gCreateDate'
group'
    :: Text -- ^ 'gPath'
    -> Text -- ^ 'gGroupName'
    -> Text -- ^ 'gGroupId'
    -> Text -- ^ 'gARN'
    -> UTCTime -- ^ 'gCreateDate'
    -> Group
group' pPath_ pGroupName_ pGroupId_ pARN_ pCreateDate_ =
    Group'
    { _gPath = pPath_
    , _gGroupName = pGroupName_
    , _gGroupId = pGroupId_
    , _gARN = pARN_
    , _gCreateDate = _Time # pCreateDate_
    }

-- | The path to the group. For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
gPath :: Lens' Group Text
gPath = lens _gPath (\ s a -> s{_gPath = a});

-- | The friendly name that identifies the group.
gGroupName :: Lens' Group Text
gGroupName = lens _gGroupName (\ s a -> s{_gGroupName = a});

-- | The stable and unique string identifying the group. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
gGroupId :: Lens' Group Text
gGroupId = lens _gGroupId (\ s a -> s{_gGroupId = a});

-- | The Amazon Resource Name (ARN) specifying the group. For more
-- information about ARNs and how to use them in policies, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
gARN :: Lens' Group Text
gARN = lens _gARN (\ s a -> s{_gARN = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- group was created.
gCreateDate :: Lens' Group UTCTime
gCreateDate = lens _gCreateDate (\ s a -> s{_gCreateDate = a}) . _Time;

instance FromXML Group where
        parseXML x
          = Group' <$>
              (x .@ "Path") <*> (x .@ "GroupName") <*>
                (x .@ "GroupId")
                <*> (x .@ "Arn")
                <*> (x .@ "CreateDate")

instance Hashable Group

-- | Contains information about an IAM group, including all of the group\'s
-- policies.
--
-- This data type is used as a response element in the
-- < GetAccountAuthorizationDetails> action.
--
-- /See:/ 'groupDetail' smart constructor.
data GroupDetail = GroupDetail'
    { _gdARN                     :: !(Maybe Text)
    , _gdPath                    :: !(Maybe Text)
    , _gdCreateDate              :: !(Maybe ISO8601)
    , _gdGroupId                 :: !(Maybe Text)
    , _gdGroupPolicyList         :: !(Maybe [PolicyDetail])
    , _gdGroupName               :: !(Maybe Text)
    , _gdAttachedManagedPolicies :: !(Maybe [AttachedPolicy])
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'GroupDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'gdARN'
--
-- * 'gdPath'
--
-- * 'gdCreateDate'
--
-- * 'gdGroupId'
--
-- * 'gdGroupPolicyList'
--
-- * 'gdGroupName'
--
-- * 'gdAttachedManagedPolicies'
groupDetail
    :: GroupDetail
groupDetail =
    GroupDetail'
    { _gdARN = Nothing
    , _gdPath = Nothing
    , _gdCreateDate = Nothing
    , _gdGroupId = Nothing
    , _gdGroupPolicyList = Nothing
    , _gdGroupName = Nothing
    , _gdAttachedManagedPolicies = Nothing
    }

-- | Undocumented member.
gdARN :: Lens' GroupDetail (Maybe Text)
gdARN = lens _gdARN (\ s a -> s{_gdARN = a});

-- | The path to the group. For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
gdPath :: Lens' GroupDetail (Maybe Text)
gdPath = lens _gdPath (\ s a -> s{_gdPath = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- group was created.
gdCreateDate :: Lens' GroupDetail (Maybe UTCTime)
gdCreateDate = lens _gdCreateDate (\ s a -> s{_gdCreateDate = a}) . mapping _Time;

-- | The stable and unique string identifying the group. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
gdGroupId :: Lens' GroupDetail (Maybe Text)
gdGroupId = lens _gdGroupId (\ s a -> s{_gdGroupId = a});

-- | A list of the inline policies embedded in the group.
gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail]
gdGroupPolicyList = lens _gdGroupPolicyList (\ s a -> s{_gdGroupPolicyList = a}) . _Default . _Coerce;

-- | The friendly name that identifies the group.
gdGroupName :: Lens' GroupDetail (Maybe Text)
gdGroupName = lens _gdGroupName (\ s a -> s{_gdGroupName = a});

-- | A list of the managed policies attached to the group.
gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy]
gdAttachedManagedPolicies = lens _gdAttachedManagedPolicies (\ s a -> s{_gdAttachedManagedPolicies = a}) . _Default . _Coerce;

instance FromXML GroupDetail where
        parseXML x
          = GroupDetail' <$>
              (x .@? "Arn") <*> (x .@? "Path") <*>
                (x .@? "CreateDate")
                <*> (x .@? "GroupId")
                <*>
                (x .@? "GroupPolicyList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@? "GroupName")
                <*>
                (x .@? "AttachedManagedPolicies" .!@ mempty >>=
                   may (parseXMLList "member"))

instance Hashable GroupDetail

-- | Contains information about an instance profile.
--
-- This data type is used as a response element in the following actions:
--
-- -   < CreateInstanceProfile>
--
-- -   < GetInstanceProfile>
--
-- -   < ListInstanceProfiles>
--
-- -   < ListInstanceProfilesForRole>
--
--
-- /See:/ 'instanceProfile' smart constructor.
data InstanceProfile = InstanceProfile'
    { _ipPath                :: !Text
    , _ipInstanceProfileName :: !Text
    , _ipInstanceProfileId   :: !Text
    , _ipARN                 :: !Text
    , _ipCreateDate          :: !ISO8601
    , _ipRoles               :: ![Role]
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'InstanceProfile' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'ipPath'
--
-- * 'ipInstanceProfileName'
--
-- * 'ipInstanceProfileId'
--
-- * 'ipARN'
--
-- * 'ipCreateDate'
--
-- * 'ipRoles'
instanceProfile
    :: Text -- ^ 'ipPath'
    -> Text -- ^ 'ipInstanceProfileName'
    -> Text -- ^ 'ipInstanceProfileId'
    -> Text -- ^ 'ipARN'
    -> UTCTime -- ^ 'ipCreateDate'
    -> InstanceProfile
instanceProfile pPath_ pInstanceProfileName_ pInstanceProfileId_ pARN_ pCreateDate_ =
    InstanceProfile'
    { _ipPath = pPath_
    , _ipInstanceProfileName = pInstanceProfileName_
    , _ipInstanceProfileId = pInstanceProfileId_
    , _ipARN = pARN_
    , _ipCreateDate = _Time # pCreateDate_
    , _ipRoles = mempty
    }

-- | The path to the instance profile. For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
ipPath :: Lens' InstanceProfile Text
ipPath = lens _ipPath (\ s a -> s{_ipPath = a});

-- | The name identifying the instance profile.
ipInstanceProfileName :: Lens' InstanceProfile Text
ipInstanceProfileName = lens _ipInstanceProfileName (\ s a -> s{_ipInstanceProfileName = a});

-- | The stable and unique string identifying the instance profile. For more
-- information about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
ipInstanceProfileId :: Lens' InstanceProfile Text
ipInstanceProfileId = lens _ipInstanceProfileId (\ s a -> s{_ipInstanceProfileId = a});

-- | The Amazon Resource Name (ARN) specifying the instance profile. For more
-- information about ARNs and how to use them in policies, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
ipARN :: Lens' InstanceProfile Text
ipARN = lens _ipARN (\ s a -> s{_ipARN = a});

-- | The date when the instance profile was created.
ipCreateDate :: Lens' InstanceProfile UTCTime
ipCreateDate = lens _ipCreateDate (\ s a -> s{_ipCreateDate = a}) . _Time;

-- | The role associated with the instance profile.
ipRoles :: Lens' InstanceProfile [Role]
ipRoles = lens _ipRoles (\ s a -> s{_ipRoles = a}) . _Coerce;

instance FromXML InstanceProfile where
        parseXML x
          = InstanceProfile' <$>
              (x .@ "Path") <*> (x .@ "InstanceProfileName") <*>
                (x .@ "InstanceProfileId")
                <*> (x .@ "Arn")
                <*> (x .@ "CreateDate")
                <*>
                (x .@? "Roles" .!@ mempty >>= parseXMLList "member")

instance Hashable InstanceProfile

-- | Contains the user name and password create date for a user.
--
-- This data type is used as a response element in the
-- < CreateLoginProfile> and < GetLoginProfile> actions.
--
-- /See:/ 'loginProfile' smart constructor.
data LoginProfile = LoginProfile'
    { _lpPasswordResetRequired :: !(Maybe Bool)
    , _lpUserName              :: !Text
    , _lpCreateDate            :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'LoginProfile' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'lpPasswordResetRequired'
--
-- * 'lpUserName'
--
-- * 'lpCreateDate'
loginProfile
    :: Text -- ^ 'lpUserName'
    -> UTCTime -- ^ 'lpCreateDate'
    -> LoginProfile
loginProfile pUserName_ pCreateDate_ =
    LoginProfile'
    { _lpPasswordResetRequired = Nothing
    , _lpUserName = pUserName_
    , _lpCreateDate = _Time # pCreateDate_
    }

-- | Specifies whether the user is required to set a new password on next
-- sign-in.
lpPasswordResetRequired :: Lens' LoginProfile (Maybe Bool)
lpPasswordResetRequired = lens _lpPasswordResetRequired (\ s a -> s{_lpPasswordResetRequired = a});

-- | The name of the user, which can be used for signing in to the AWS
-- Management Console.
lpUserName :: Lens' LoginProfile Text
lpUserName = lens _lpUserName (\ s a -> s{_lpUserName = a});

-- | The date when the password for the user was created.
lpCreateDate :: Lens' LoginProfile UTCTime
lpCreateDate = lens _lpCreateDate (\ s a -> s{_lpCreateDate = a}) . _Time;

instance FromXML LoginProfile where
        parseXML x
          = LoginProfile' <$>
              (x .@? "PasswordResetRequired") <*> (x .@ "UserName")
                <*> (x .@ "CreateDate")

instance Hashable LoginProfile

-- | Contains information about an MFA device.
--
-- This data type is used as a response element in the < ListMFADevices>
-- action.
--
-- /See:/ 'mfaDevice' smart constructor.
data MFADevice = MFADevice'
    { _mdUserName     :: !Text
    , _mdSerialNumber :: !Text
    , _mdEnableDate   :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'MFADevice' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'mdUserName'
--
-- * 'mdSerialNumber'
--
-- * 'mdEnableDate'
mfaDevice
    :: Text -- ^ 'mdUserName'
    -> Text -- ^ 'mdSerialNumber'
    -> UTCTime -- ^ 'mdEnableDate'
    -> MFADevice
mfaDevice pUserName_ pSerialNumber_ pEnableDate_ =
    MFADevice'
    { _mdUserName = pUserName_
    , _mdSerialNumber = pSerialNumber_
    , _mdEnableDate = _Time # pEnableDate_
    }

-- | The user with whom the MFA device is associated.
mdUserName :: Lens' MFADevice Text
mdUserName = lens _mdUserName (\ s a -> s{_mdUserName = a});

-- | The serial number that uniquely identifies the MFA device. For virtual
-- MFA devices, the serial number is the device ARN.
mdSerialNumber :: Lens' MFADevice Text
mdSerialNumber = lens _mdSerialNumber (\ s a -> s{_mdSerialNumber = a});

-- | The date when the MFA device was enabled for the user.
mdEnableDate :: Lens' MFADevice UTCTime
mdEnableDate = lens _mdEnableDate (\ s a -> s{_mdEnableDate = a}) . _Time;

instance FromXML MFADevice where
        parseXML x
          = MFADevice' <$>
              (x .@ "UserName") <*> (x .@ "SerialNumber") <*>
                (x .@ "EnableDate")

instance Hashable MFADevice

-- | Contains information about a managed policy, including the policy\'s
-- ARN, versions, and the number of principal entities (users, groups, and
-- roles) that the policy is attached to.
--
-- This data type is used as a response element in the
-- < GetAccountAuthorizationDetails> action.
--
-- For more information about managed policies, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
-- in the /Using IAM/ guide.
--
-- /See:/ 'managedPolicyDetail' smart constructor.
data ManagedPolicyDetail = ManagedPolicyDetail'
    { _mpdPolicyName        :: !(Maybe Text)
    , _mpdARN               :: !(Maybe Text)
    , _mpdUpdateDate        :: !(Maybe ISO8601)
    , _mpdPolicyId          :: !(Maybe Text)
    , _mpdPath              :: !(Maybe Text)
    , _mpdPolicyVersionList :: !(Maybe [PolicyVersion])
    , _mpdCreateDate        :: !(Maybe ISO8601)
    , _mpdIsAttachable      :: !(Maybe Bool)
    , _mpdDefaultVersionId  :: !(Maybe Text)
    , _mpdAttachmentCount   :: !(Maybe Int)
    , _mpdDescription       :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ManagedPolicyDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'mpdPolicyName'
--
-- * 'mpdARN'
--
-- * 'mpdUpdateDate'
--
-- * 'mpdPolicyId'
--
-- * 'mpdPath'
--
-- * 'mpdPolicyVersionList'
--
-- * 'mpdCreateDate'
--
-- * 'mpdIsAttachable'
--
-- * 'mpdDefaultVersionId'
--
-- * 'mpdAttachmentCount'
--
-- * 'mpdDescription'
managedPolicyDetail
    :: ManagedPolicyDetail
managedPolicyDetail =
    ManagedPolicyDetail'
    { _mpdPolicyName = Nothing
    , _mpdARN = Nothing
    , _mpdUpdateDate = Nothing
    , _mpdPolicyId = Nothing
    , _mpdPath = Nothing
    , _mpdPolicyVersionList = Nothing
    , _mpdCreateDate = Nothing
    , _mpdIsAttachable = Nothing
    , _mpdDefaultVersionId = Nothing
    , _mpdAttachmentCount = Nothing
    , _mpdDescription = Nothing
    }

-- | The friendly name (not ARN) identifying the policy.
mpdPolicyName :: Lens' ManagedPolicyDetail (Maybe Text)
mpdPolicyName = lens _mpdPolicyName (\ s a -> s{_mpdPolicyName = a});

-- | Undocumented member.
mpdARN :: Lens' ManagedPolicyDetail (Maybe Text)
mpdARN = lens _mpdARN (\ s a -> s{_mpdARN = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- policy was last updated.
--
-- When a policy has only one version, this field contains the date and
-- time when the policy was created. When a policy has more than one
-- version, this field contains the date and time when the most recent
-- policy version was created.
mpdUpdateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
mpdUpdateDate = lens _mpdUpdateDate (\ s a -> s{_mpdUpdateDate = a}) . mapping _Time;

-- | The stable and unique string identifying the policy.
--
-- For more information about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
mpdPolicyId :: Lens' ManagedPolicyDetail (Maybe Text)
mpdPolicyId = lens _mpdPolicyId (\ s a -> s{_mpdPolicyId = a});

-- | The path to the policy.
--
-- For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
mpdPath :: Lens' ManagedPolicyDetail (Maybe Text)
mpdPath = lens _mpdPath (\ s a -> s{_mpdPath = a});

-- | A list containing information about the versions of the policy.
mpdPolicyVersionList :: Lens' ManagedPolicyDetail [PolicyVersion]
mpdPolicyVersionList = lens _mpdPolicyVersionList (\ s a -> s{_mpdPolicyVersionList = a}) . _Default . _Coerce;

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- policy was created.
mpdCreateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
mpdCreateDate = lens _mpdCreateDate (\ s a -> s{_mpdCreateDate = a}) . mapping _Time;

-- | Specifies whether the policy can be attached to an IAM user, group, or
-- role.
mpdIsAttachable :: Lens' ManagedPolicyDetail (Maybe Bool)
mpdIsAttachable = lens _mpdIsAttachable (\ s a -> s{_mpdIsAttachable = a});

-- | The identifier for the version of the policy that is set as the default
-- (operative) version.
--
-- For more information about policy versions, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
-- in the /Using IAM/ guide.
mpdDefaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text)
mpdDefaultVersionId = lens _mpdDefaultVersionId (\ s a -> s{_mpdDefaultVersionId = a});

-- | The number of principal entities (users, groups, and roles) that the
-- policy is attached to.
mpdAttachmentCount :: Lens' ManagedPolicyDetail (Maybe Int)
mpdAttachmentCount = lens _mpdAttachmentCount (\ s a -> s{_mpdAttachmentCount = a});

-- | A friendly description of the policy.
mpdDescription :: Lens' ManagedPolicyDetail (Maybe Text)
mpdDescription = lens _mpdDescription (\ s a -> s{_mpdDescription = a});

instance FromXML ManagedPolicyDetail where
        parseXML x
          = ManagedPolicyDetail' <$>
              (x .@? "PolicyName") <*> (x .@? "Arn") <*>
                (x .@? "UpdateDate")
                <*> (x .@? "PolicyId")
                <*> (x .@? "Path")
                <*>
                (x .@? "PolicyVersionList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@? "CreateDate")
                <*> (x .@? "IsAttachable")
                <*> (x .@? "DefaultVersionId")
                <*> (x .@? "AttachmentCount")
                <*> (x .@? "Description")

instance Hashable ManagedPolicyDetail

-- | Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect
-- provider.
--
-- /See:/ 'openIdConnectProviderListEntry' smart constructor.
newtype OpenIdConnectProviderListEntry = OpenIdConnectProviderListEntry'
    { _oicpleARN :: Maybe Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'OpenIdConnectProviderListEntry' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'oicpleARN'
openIdConnectProviderListEntry
    :: OpenIdConnectProviderListEntry
openIdConnectProviderListEntry =
    OpenIdConnectProviderListEntry'
    { _oicpleARN = Nothing
    }

-- | Undocumented member.
oicpleARN :: Lens' OpenIdConnectProviderListEntry (Maybe Text)
oicpleARN = lens _oicpleARN (\ s a -> s{_oicpleARN = a});

instance FromXML OpenIdConnectProviderListEntry where
        parseXML x
          = OpenIdConnectProviderListEntry' <$> (x .@? "Arn")

instance Hashable OpenIdConnectProviderListEntry

-- | Contains information about the account password policy.
--
-- This data type is used as a response element in the
-- < GetAccountPasswordPolicy> action.
--
-- /See:/ 'passwordPolicy' smart constructor.
data PasswordPolicy = PasswordPolicy'
    { _ppExpirePasswords            :: !(Maybe Bool)
    , _ppMinimumPasswordLength      :: !(Maybe Nat)
    , _ppRequireNumbers             :: !(Maybe Bool)
    , _ppPasswordReusePrevention    :: !(Maybe Nat)
    , _ppRequireLowercaseCharacters :: !(Maybe Bool)
    , _ppMaxPasswordAge             :: !(Maybe Nat)
    , _ppHardExpiry                 :: !(Maybe Bool)
    , _ppRequireSymbols             :: !(Maybe Bool)
    , _ppRequireUppercaseCharacters :: !(Maybe Bool)
    , _ppAllowUsersToChangePassword :: !(Maybe Bool)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PasswordPolicy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'ppExpirePasswords'
--
-- * 'ppMinimumPasswordLength'
--
-- * 'ppRequireNumbers'
--
-- * 'ppPasswordReusePrevention'
--
-- * 'ppRequireLowercaseCharacters'
--
-- * 'ppMaxPasswordAge'
--
-- * 'ppHardExpiry'
--
-- * 'ppRequireSymbols'
--
-- * 'ppRequireUppercaseCharacters'
--
-- * 'ppAllowUsersToChangePassword'
passwordPolicy
    :: PasswordPolicy
passwordPolicy =
    PasswordPolicy'
    { _ppExpirePasswords = Nothing
    , _ppMinimumPasswordLength = Nothing
    , _ppRequireNumbers = Nothing
    , _ppPasswordReusePrevention = Nothing
    , _ppRequireLowercaseCharacters = Nothing
    , _ppMaxPasswordAge = Nothing
    , _ppHardExpiry = Nothing
    , _ppRequireSymbols = Nothing
    , _ppRequireUppercaseCharacters = Nothing
    , _ppAllowUsersToChangePassword = Nothing
    }

-- | Indicates whether passwords in the account expire. Returns true if
-- MaxPasswordAge is contains a value greater than 0. Returns false if
-- MaxPasswordAge is 0 or not present.
ppExpirePasswords :: Lens' PasswordPolicy (Maybe Bool)
ppExpirePasswords = lens _ppExpirePasswords (\ s a -> s{_ppExpirePasswords = a});

-- | Minimum length to require for IAM user passwords.
ppMinimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural)
ppMinimumPasswordLength = lens _ppMinimumPasswordLength (\ s a -> s{_ppMinimumPasswordLength = a}) . mapping _Nat;

-- | Specifies whether to require numbers for IAM user passwords.
ppRequireNumbers :: Lens' PasswordPolicy (Maybe Bool)
ppRequireNumbers = lens _ppRequireNumbers (\ s a -> s{_ppRequireNumbers = a});

-- | Specifies the number of previous passwords that IAM users are prevented
-- from reusing.
ppPasswordReusePrevention :: Lens' PasswordPolicy (Maybe Natural)
ppPasswordReusePrevention = lens _ppPasswordReusePrevention (\ s a -> s{_ppPasswordReusePrevention = a}) . mapping _Nat;

-- | Specifies whether to require lowercase characters for IAM user
-- passwords.
ppRequireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
ppRequireLowercaseCharacters = lens _ppRequireLowercaseCharacters (\ s a -> s{_ppRequireLowercaseCharacters = a});

-- | The number of days that an IAM user password is valid.
ppMaxPasswordAge :: Lens' PasswordPolicy (Maybe Natural)
ppMaxPasswordAge = lens _ppMaxPasswordAge (\ s a -> s{_ppMaxPasswordAge = a}) . mapping _Nat;

-- | Specifies whether IAM users are prevented from setting a new password
-- after their password has expired.
ppHardExpiry :: Lens' PasswordPolicy (Maybe Bool)
ppHardExpiry = lens _ppHardExpiry (\ s a -> s{_ppHardExpiry = a});

-- | Specifies whether to require symbols for IAM user passwords.
ppRequireSymbols :: Lens' PasswordPolicy (Maybe Bool)
ppRequireSymbols = lens _ppRequireSymbols (\ s a -> s{_ppRequireSymbols = a});

-- | Specifies whether to require uppercase characters for IAM user
-- passwords.
ppRequireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
ppRequireUppercaseCharacters = lens _ppRequireUppercaseCharacters (\ s a -> s{_ppRequireUppercaseCharacters = a});

-- | Specifies whether IAM users are allowed to change their own password.
ppAllowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool)
ppAllowUsersToChangePassword = lens _ppAllowUsersToChangePassword (\ s a -> s{_ppAllowUsersToChangePassword = a});

instance FromXML PasswordPolicy where
        parseXML x
          = PasswordPolicy' <$>
              (x .@? "ExpirePasswords") <*>
                (x .@? "MinimumPasswordLength")
                <*> (x .@? "RequireNumbers")
                <*> (x .@? "PasswordReusePrevention")
                <*> (x .@? "RequireLowercaseCharacters")
                <*> (x .@? "MaxPasswordAge")
                <*> (x .@? "HardExpiry")
                <*> (x .@? "RequireSymbols")
                <*> (x .@? "RequireUppercaseCharacters")
                <*> (x .@? "AllowUsersToChangePassword")

instance Hashable PasswordPolicy

-- | Contains information about a managed policy.
--
-- This data type is used as a response element in the < CreatePolicy>,
-- < GetPolicy>, and < ListPolicies> actions.
--
-- For more information about managed policies, refer to
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
-- in the /Using IAM/ guide.
--
-- /See:/ 'policy' smart constructor.
data Policy = Policy'
    { _pPolicyName       :: !(Maybe Text)
    , _pARN              :: !(Maybe Text)
    , _pUpdateDate       :: !(Maybe ISO8601)
    , _pPolicyId         :: !(Maybe Text)
    , _pPath             :: !(Maybe Text)
    , _pCreateDate       :: !(Maybe ISO8601)
    , _pIsAttachable     :: !(Maybe Bool)
    , _pDefaultVersionId :: !(Maybe Text)
    , _pAttachmentCount  :: !(Maybe Int)
    , _pDescription      :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Policy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pPolicyName'
--
-- * 'pARN'
--
-- * 'pUpdateDate'
--
-- * 'pPolicyId'
--
-- * 'pPath'
--
-- * 'pCreateDate'
--
-- * 'pIsAttachable'
--
-- * 'pDefaultVersionId'
--
-- * 'pAttachmentCount'
--
-- * 'pDescription'
policy
    :: Policy
policy =
    Policy'
    { _pPolicyName = Nothing
    , _pARN = Nothing
    , _pUpdateDate = Nothing
    , _pPolicyId = Nothing
    , _pPath = Nothing
    , _pCreateDate = Nothing
    , _pIsAttachable = Nothing
    , _pDefaultVersionId = Nothing
    , _pAttachmentCount = Nothing
    , _pDescription = Nothing
    }

-- | The friendly name (not ARN) identifying the policy.
pPolicyName :: Lens' Policy (Maybe Text)
pPolicyName = lens _pPolicyName (\ s a -> s{_pPolicyName = a});

-- | Undocumented member.
pARN :: Lens' Policy (Maybe Text)
pARN = lens _pARN (\ s a -> s{_pARN = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- policy was last updated.
--
-- When a policy has only one version, this field contains the date and
-- time when the policy was created. When a policy has more than one
-- version, this field contains the date and time when the most recent
-- policy version was created.
pUpdateDate :: Lens' Policy (Maybe UTCTime)
pUpdateDate = lens _pUpdateDate (\ s a -> s{_pUpdateDate = a}) . mapping _Time;

-- | The stable and unique string identifying the policy.
--
-- For more information about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
pPolicyId :: Lens' Policy (Maybe Text)
pPolicyId = lens _pPolicyId (\ s a -> s{_pPolicyId = a});

-- | The path to the policy.
--
-- For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
pPath :: Lens' Policy (Maybe Text)
pPath = lens _pPath (\ s a -> s{_pPath = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- policy was created.
pCreateDate :: Lens' Policy (Maybe UTCTime)
pCreateDate = lens _pCreateDate (\ s a -> s{_pCreateDate = a}) . mapping _Time;

-- | Specifies whether the policy can be attached to an IAM user, group, or
-- role.
pIsAttachable :: Lens' Policy (Maybe Bool)
pIsAttachable = lens _pIsAttachable (\ s a -> s{_pIsAttachable = a});

-- | The identifier for the version of the policy that is set as the default
-- version.
pDefaultVersionId :: Lens' Policy (Maybe Text)
pDefaultVersionId = lens _pDefaultVersionId (\ s a -> s{_pDefaultVersionId = a});

-- | The number of entities (users, groups, and roles) that the policy is
-- attached to.
pAttachmentCount :: Lens' Policy (Maybe Int)
pAttachmentCount = lens _pAttachmentCount (\ s a -> s{_pAttachmentCount = a});

-- | A friendly description of the policy.
--
-- This element is included in the response to the < GetPolicy> operation.
-- It is not included in the response to the < ListPolicies> operation.
pDescription :: Lens' Policy (Maybe Text)
pDescription = lens _pDescription (\ s a -> s{_pDescription = a});

instance FromXML Policy where
        parseXML x
          = Policy' <$>
              (x .@? "PolicyName") <*> (x .@? "Arn") <*>
                (x .@? "UpdateDate")
                <*> (x .@? "PolicyId")
                <*> (x .@? "Path")
                <*> (x .@? "CreateDate")
                <*> (x .@? "IsAttachable")
                <*> (x .@? "DefaultVersionId")
                <*> (x .@? "AttachmentCount")
                <*> (x .@? "Description")

instance Hashable Policy

-- | Contains information about an IAM policy, including the policy document.
--
-- This data type is used as a response element in the
-- < GetAccountAuthorizationDetails> action.
--
-- /See:/ 'policyDetail' smart constructor.
data PolicyDetail = PolicyDetail'
    { _pdPolicyDocument :: !(Maybe Text)
    , _pdPolicyName     :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pdPolicyDocument'
--
-- * 'pdPolicyName'
policyDetail
    :: PolicyDetail
policyDetail =
    PolicyDetail'
    { _pdPolicyDocument = Nothing
    , _pdPolicyName = Nothing
    }

-- | The policy document.
pdPolicyDocument :: Lens' PolicyDetail (Maybe Text)
pdPolicyDocument = lens _pdPolicyDocument (\ s a -> s{_pdPolicyDocument = a});

-- | The name of the policy.
pdPolicyName :: Lens' PolicyDetail (Maybe Text)
pdPolicyName = lens _pdPolicyName (\ s a -> s{_pdPolicyName = a});

instance FromXML PolicyDetail where
        parseXML x
          = PolicyDetail' <$>
              (x .@? "PolicyDocument") <*> (x .@? "PolicyName")

instance Hashable PolicyDetail

-- | Contains information about a group that a managed policy is attached to.
--
-- This data type is used as a response element in the
-- < ListEntitiesForPolicy> action.
--
-- For more information about managed policies, refer to
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
-- in the /Using IAM/ guide.
--
-- /See:/ 'policyGroup' smart constructor.
data PolicyGroup = PolicyGroup'
    { _pgGroupId   :: !(Maybe Text)
    , _pgGroupName :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyGroup' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pgGroupId'
--
-- * 'pgGroupName'
policyGroup
    :: PolicyGroup
policyGroup =
    PolicyGroup'
    { _pgGroupId = Nothing
    , _pgGroupName = Nothing
    }

-- | The stable and unique string identifying the group. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers>
-- in the /IAM User Guide/.
pgGroupId :: Lens' PolicyGroup (Maybe Text)
pgGroupId = lens _pgGroupId (\ s a -> s{_pgGroupId = a});

-- | The name (friendly name, not ARN) identifying the group.
pgGroupName :: Lens' PolicyGroup (Maybe Text)
pgGroupName = lens _pgGroupName (\ s a -> s{_pgGroupName = a});

instance FromXML PolicyGroup where
        parseXML x
          = PolicyGroup' <$>
              (x .@? "GroupId") <*> (x .@? "GroupName")

instance Hashable PolicyGroup

-- | Contains information about a role that a managed policy is attached to.
--
-- This data type is used as a response element in the
-- < ListEntitiesForPolicy> action.
--
-- For more information about managed policies, refer to
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
-- in the /Using IAM/ guide.
--
-- /See:/ 'policyRole' smart constructor.
data PolicyRole = PolicyRole'
    { _prRoleName :: !(Maybe Text)
    , _prRoleId   :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyRole' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'prRoleName'
--
-- * 'prRoleId'
policyRole
    :: PolicyRole
policyRole =
    PolicyRole'
    { _prRoleName = Nothing
    , _prRoleId = Nothing
    }

-- | The name (friendly name, not ARN) identifying the role.
prRoleName :: Lens' PolicyRole (Maybe Text)
prRoleName = lens _prRoleName (\ s a -> s{_prRoleName = a});

-- | The stable and unique string identifying the role. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers>
-- in the /IAM User Guide/.
prRoleId :: Lens' PolicyRole (Maybe Text)
prRoleId = lens _prRoleId (\ s a -> s{_prRoleId = a});

instance FromXML PolicyRole where
        parseXML x
          = PolicyRole' <$>
              (x .@? "RoleName") <*> (x .@? "RoleId")

instance Hashable PolicyRole

-- | Contains information about a user that a managed policy is attached to.
--
-- This data type is used as a response element in the
-- < ListEntitiesForPolicy> action.
--
-- For more information about managed policies, refer to
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
-- in the /Using IAM/ guide.
--
-- /See:/ 'policyUser' smart constructor.
data PolicyUser = PolicyUser'
    { _puUserName :: !(Maybe Text)
    , _puUserId   :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyUser' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'puUserName'
--
-- * 'puUserId'
policyUser
    :: PolicyUser
policyUser =
    PolicyUser'
    { _puUserName = Nothing
    , _puUserId = Nothing
    }

-- | The name (friendly name, not ARN) identifying the user.
puUserName :: Lens' PolicyUser (Maybe Text)
puUserName = lens _puUserName (\ s a -> s{_puUserName = a});

-- | The stable and unique string identifying the user. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers>
-- in the /IAM User Guide/.
puUserId :: Lens' PolicyUser (Maybe Text)
puUserId = lens _puUserId (\ s a -> s{_puUserId = a});

instance FromXML PolicyUser where
        parseXML x
          = PolicyUser' <$>
              (x .@? "UserName") <*> (x .@? "UserId")

instance Hashable PolicyUser

-- | Contains information about a version of a managed policy.
--
-- This data type is used as a response element in the
-- < CreatePolicyVersion>, < GetPolicyVersion>, < ListPolicyVersions>, and
-- < GetAccountAuthorizationDetails> actions.
--
-- For more information about managed policies, refer to
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
-- in the /Using IAM/ guide.
--
-- /See:/ 'policyVersion' smart constructor.
data PolicyVersion = PolicyVersion'
    { _pvVersionId        :: !(Maybe Text)
    , _pvCreateDate       :: !(Maybe ISO8601)
    , _pvDocument         :: !(Maybe Text)
    , _pvIsDefaultVersion :: !(Maybe Bool)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyVersion' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pvVersionId'
--
-- * 'pvCreateDate'
--
-- * 'pvDocument'
--
-- * 'pvIsDefaultVersion'
policyVersion
    :: PolicyVersion
policyVersion =
    PolicyVersion'
    { _pvVersionId = Nothing
    , _pvCreateDate = Nothing
    , _pvDocument = Nothing
    , _pvIsDefaultVersion = Nothing
    }

-- | The identifier for the policy version.
--
-- Policy version identifiers always begin with 'v' (always lowercase).
-- When a policy is created, the first policy version is 'v1'.
pvVersionId :: Lens' PolicyVersion (Maybe Text)
pvVersionId = lens _pvVersionId (\ s a -> s{_pvVersionId = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- policy version was created.
pvCreateDate :: Lens' PolicyVersion (Maybe UTCTime)
pvCreateDate = lens _pvCreateDate (\ s a -> s{_pvCreateDate = a}) . mapping _Time;

-- | The policy document.
--
-- The policy document is returned in the response to the
-- < GetPolicyVersion> and < GetAccountAuthorizationDetails> operations. It
-- is not returned in the response to the < CreatePolicyVersion> or
-- < ListPolicyVersions> operations.
pvDocument :: Lens' PolicyVersion (Maybe Text)
pvDocument = lens _pvDocument (\ s a -> s{_pvDocument = a});

-- | Specifies whether the policy version is set as the policy\'s default
-- version.
pvIsDefaultVersion :: Lens' PolicyVersion (Maybe Bool)
pvIsDefaultVersion = lens _pvIsDefaultVersion (\ s a -> s{_pvIsDefaultVersion = a});

instance FromXML PolicyVersion where
        parseXML x
          = PolicyVersion' <$>
              (x .@? "VersionId") <*> (x .@? "CreateDate") <*>
                (x .@? "Document")
                <*> (x .@? "IsDefaultVersion")

instance Hashable PolicyVersion

-- | Contains the row and column of a location of a 'Statement' element in a
-- policy document.
--
-- This data type is used as a member of the 'Statement' type.
--
-- /See:/ 'position' smart constructor.
data Position = Position'
    { _pLine   :: !(Maybe Int)
    , _pColumn :: !(Maybe Int)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Position' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pLine'
--
-- * 'pColumn'
position
    :: Position
position =
    Position'
    { _pLine = Nothing
    , _pColumn = Nothing
    }

-- | The line containing the specified position in the document.
pLine :: Lens' Position (Maybe Int)
pLine = lens _pLine (\ s a -> s{_pLine = a});

-- | The column in the line containing the specified position in the
-- document.
pColumn :: Lens' Position (Maybe Int)
pColumn = lens _pColumn (\ s a -> s{_pColumn = a});

instance FromXML Position where
        parseXML x
          = Position' <$> (x .@? "Line") <*> (x .@? "Column")

instance Hashable Position

-- | Contains the result of the simulation of a single API action call on a
-- single resource.
--
-- This data type is used by a member of the < EvaluationResult> data type.
--
-- /See:/ 'resourceSpecificResult' smart constructor.
data ResourceSpecificResult = ResourceSpecificResult'
    { _rsrMatchedStatements    :: !(Maybe [Statement])
    , _rsrEvalDecisionDetails  :: !(Maybe (Map Text PolicyEvaluationDecisionType))
    , _rsrMissingContextValues :: !(Maybe [Text])
    , _rsrEvalResourceName     :: !Text
    , _rsrEvalResourceDecision :: !PolicyEvaluationDecisionType
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ResourceSpecificResult' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'rsrMatchedStatements'
--
-- * 'rsrEvalDecisionDetails'
--
-- * 'rsrMissingContextValues'
--
-- * 'rsrEvalResourceName'
--
-- * 'rsrEvalResourceDecision'
resourceSpecificResult
    :: Text -- ^ 'rsrEvalResourceName'
    -> PolicyEvaluationDecisionType -- ^ 'rsrEvalResourceDecision'
    -> ResourceSpecificResult
resourceSpecificResult pEvalResourceName_ pEvalResourceDecision_ =
    ResourceSpecificResult'
    { _rsrMatchedStatements = Nothing
    , _rsrEvalDecisionDetails = Nothing
    , _rsrMissingContextValues = Nothing
    , _rsrEvalResourceName = pEvalResourceName_
    , _rsrEvalResourceDecision = pEvalResourceDecision_
    }

-- | A list of the statements in the input policies that determine the result
-- for this part of the simulation. Remember that even if multiple
-- statements allow the action on the resource, if /any/ statement denies
-- that action, then the explicit deny overrides any allow, and the deny
-- statement is the only entry included in the result.
rsrMatchedStatements :: Lens' ResourceSpecificResult [Statement]
rsrMatchedStatements = lens _rsrMatchedStatements (\ s a -> s{_rsrMatchedStatements = a}) . _Default . _Coerce;

-- | Additional details about the results of the evaluation decision. When
-- there are both IAM policies and resource policies, this parameter
-- explains how each set of policies contributes to the final evaluation
-- decision. When simulating cross-account access to a resource, both the
-- resource-based policy and the caller\'s IAM policy must grant access.
rsrEvalDecisionDetails :: Lens' ResourceSpecificResult (HashMap Text PolicyEvaluationDecisionType)
rsrEvalDecisionDetails = lens _rsrEvalDecisionDetails (\ s a -> s{_rsrEvalDecisionDetails = a}) . _Default . _Map;

-- | A list of context keys that are required by the included input policies
-- but that were not provided by one of the input parameters. This list is
-- used when a list of ARNs is included in the 'ResourceArns' parameter
-- instead of \"*\". If you do not specify individual resources, by setting
-- 'ResourceArns' to \"*\" or by not including the 'ResourceArns'
-- parameter, then any missing context values are instead included under
-- the 'EvaluationResults' section. To discover the context keys used by a
-- set of policies, you can call < GetContextKeysForCustomPolicy> or
-- < GetContextKeysForPrincipalPolicy>.
rsrMissingContextValues :: Lens' ResourceSpecificResult [Text]
rsrMissingContextValues = lens _rsrMissingContextValues (\ s a -> s{_rsrMissingContextValues = a}) . _Default . _Coerce;

-- | The name of the simulated resource, in Amazon Resource Name (ARN)
-- format.
rsrEvalResourceName :: Lens' ResourceSpecificResult Text
rsrEvalResourceName = lens _rsrEvalResourceName (\ s a -> s{_rsrEvalResourceName = a});

-- | The result of the simulation of the simulated API action on the resource
-- specified in 'EvalResourceName'.
rsrEvalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType
rsrEvalResourceDecision = lens _rsrEvalResourceDecision (\ s a -> s{_rsrEvalResourceDecision = a});

instance FromXML ResourceSpecificResult where
        parseXML x
          = ResourceSpecificResult' <$>
              (x .@? "MatchedStatements" .!@ mempty >>=
                 may (parseXMLList "member"))
                <*>
                (x .@? "EvalDecisionDetails" .!@ mempty >>=
                   may (parseXMLMap "entry" "key" "value"))
                <*>
                (x .@? "MissingContextValues" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@ "EvalResourceName")
                <*> (x .@ "EvalResourceDecision")

instance Hashable ResourceSpecificResult

-- | Contains information about an IAM role.
--
-- This data type is used as a response element in the following actions:
--
-- -   < CreateRole>
--
-- -   < GetRole>
--
-- -   < ListRoles>
--
--
-- /See:/ 'role'' smart constructor.
data Role = Role'
    { _rAssumeRolePolicyDocument :: !(Maybe Text)
    , _rPath                     :: !Text
    , _rRoleName                 :: !Text
    , _rRoleId                   :: !Text
    , _rARN                      :: !Text
    , _rCreateDate               :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Role' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'rAssumeRolePolicyDocument'
--
-- * 'rPath'
--
-- * 'rRoleName'
--
-- * 'rRoleId'
--
-- * 'rARN'
--
-- * 'rCreateDate'
role'
    :: Text -- ^ 'rPath'
    -> Text -- ^ 'rRoleName'
    -> Text -- ^ 'rRoleId'
    -> Text -- ^ 'rARN'
    -> UTCTime -- ^ 'rCreateDate'
    -> Role
role' pPath_ pRoleName_ pRoleId_ pARN_ pCreateDate_ =
    Role'
    { _rAssumeRolePolicyDocument = Nothing
    , _rPath = pPath_
    , _rRoleName = pRoleName_
    , _rRoleId = pRoleId_
    , _rARN = pARN_
    , _rCreateDate = _Time # pCreateDate_
    }

-- | The policy that grants an entity permission to assume the role.
rAssumeRolePolicyDocument :: Lens' Role (Maybe Text)
rAssumeRolePolicyDocument = lens _rAssumeRolePolicyDocument (\ s a -> s{_rAssumeRolePolicyDocument = a});

-- | The path to the role. For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
rPath :: Lens' Role Text
rPath = lens _rPath (\ s a -> s{_rPath = a});

-- | The friendly name that identifies the role.
rRoleName :: Lens' Role Text
rRoleName = lens _rRoleName (\ s a -> s{_rRoleName = a});

-- | The stable and unique string identifying the role. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
rRoleId :: Lens' Role Text
rRoleId = lens _rRoleId (\ s a -> s{_rRoleId = a});

-- | The Amazon Resource Name (ARN) specifying the role. For more information
-- about ARNs and how to use them in policies, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
rARN :: Lens' Role Text
rARN = lens _rARN (\ s a -> s{_rARN = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- role was created.
rCreateDate :: Lens' Role UTCTime
rCreateDate = lens _rCreateDate (\ s a -> s{_rCreateDate = a}) . _Time;

instance FromXML Role where
        parseXML x
          = Role' <$>
              (x .@? "AssumeRolePolicyDocument") <*> (x .@ "Path")
                <*> (x .@ "RoleName")
                <*> (x .@ "RoleId")
                <*> (x .@ "Arn")
                <*> (x .@ "CreateDate")

instance Hashable Role

-- | Contains information about an IAM role, including all of the role\'s
-- policies.
--
-- This data type is used as a response element in the
-- < GetAccountAuthorizationDetails> action.
--
-- /See:/ 'roleDetail' smart constructor.
data RoleDetail = RoleDetail'
    { _rdAssumeRolePolicyDocument :: !(Maybe Text)
    , _rdARN                      :: !(Maybe Text)
    , _rdPath                     :: !(Maybe Text)
    , _rdInstanceProfileList      :: !(Maybe [InstanceProfile])
    , _rdCreateDate               :: !(Maybe ISO8601)
    , _rdRoleName                 :: !(Maybe Text)
    , _rdRoleId                   :: !(Maybe Text)
    , _rdRolePolicyList           :: !(Maybe [PolicyDetail])
    , _rdAttachedManagedPolicies  :: !(Maybe [AttachedPolicy])
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'RoleDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'rdAssumeRolePolicyDocument'
--
-- * 'rdARN'
--
-- * 'rdPath'
--
-- * 'rdInstanceProfileList'
--
-- * 'rdCreateDate'
--
-- * 'rdRoleName'
--
-- * 'rdRoleId'
--
-- * 'rdRolePolicyList'
--
-- * 'rdAttachedManagedPolicies'
roleDetail
    :: RoleDetail
roleDetail =
    RoleDetail'
    { _rdAssumeRolePolicyDocument = Nothing
    , _rdARN = Nothing
    , _rdPath = Nothing
    , _rdInstanceProfileList = Nothing
    , _rdCreateDate = Nothing
    , _rdRoleName = Nothing
    , _rdRoleId = Nothing
    , _rdRolePolicyList = Nothing
    , _rdAttachedManagedPolicies = Nothing
    }

-- | The trust policy that grants permission to assume the role.
rdAssumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text)
rdAssumeRolePolicyDocument = lens _rdAssumeRolePolicyDocument (\ s a -> s{_rdAssumeRolePolicyDocument = a});

-- | Undocumented member.
rdARN :: Lens' RoleDetail (Maybe Text)
rdARN = lens _rdARN (\ s a -> s{_rdARN = a});

-- | The path to the role. For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
rdPath :: Lens' RoleDetail (Maybe Text)
rdPath = lens _rdPath (\ s a -> s{_rdPath = a});

-- | Undocumented member.
rdInstanceProfileList :: Lens' RoleDetail [InstanceProfile]
rdInstanceProfileList = lens _rdInstanceProfileList (\ s a -> s{_rdInstanceProfileList = a}) . _Default . _Coerce;

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- role was created.
rdCreateDate :: Lens' RoleDetail (Maybe UTCTime)
rdCreateDate = lens _rdCreateDate (\ s a -> s{_rdCreateDate = a}) . mapping _Time;

-- | The friendly name that identifies the role.
rdRoleName :: Lens' RoleDetail (Maybe Text)
rdRoleName = lens _rdRoleName (\ s a -> s{_rdRoleName = a});

-- | The stable and unique string identifying the role. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
rdRoleId :: Lens' RoleDetail (Maybe Text)
rdRoleId = lens _rdRoleId (\ s a -> s{_rdRoleId = a});

-- | A list of inline policies embedded in the role. These policies are the
-- role\'s access (permissions) policies.
rdRolePolicyList :: Lens' RoleDetail [PolicyDetail]
rdRolePolicyList = lens _rdRolePolicyList (\ s a -> s{_rdRolePolicyList = a}) . _Default . _Coerce;

-- | A list of managed policies attached to the role. These policies are the
-- role\'s access (permissions) policies.
rdAttachedManagedPolicies :: Lens' RoleDetail [AttachedPolicy]
rdAttachedManagedPolicies = lens _rdAttachedManagedPolicies (\ s a -> s{_rdAttachedManagedPolicies = a}) . _Default . _Coerce;

instance FromXML RoleDetail where
        parseXML x
          = RoleDetail' <$>
              (x .@? "AssumeRolePolicyDocument") <*> (x .@? "Arn")
                <*> (x .@? "Path")
                <*>
                (x .@? "InstanceProfileList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@? "CreateDate")
                <*> (x .@? "RoleName")
                <*> (x .@? "RoleId")
                <*>
                (x .@? "RolePolicyList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*>
                (x .@? "AttachedManagedPolicies" .!@ mempty >>=
                   may (parseXMLList "member"))

instance Hashable RoleDetail

-- | Contains the list of SAML providers for this account.
--
-- /See:/ 'sAMLProviderListEntry' smart constructor.
data SAMLProviderListEntry = SAMLProviderListEntry'
    { _samlpleARN        :: !(Maybe Text)
    , _samlpleCreateDate :: !(Maybe ISO8601)
    , _samlpleValidUntil :: !(Maybe ISO8601)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SAMLProviderListEntry' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'samlpleARN'
--
-- * 'samlpleCreateDate'
--
-- * 'samlpleValidUntil'
sAMLProviderListEntry
    :: SAMLProviderListEntry
sAMLProviderListEntry =
    SAMLProviderListEntry'
    { _samlpleARN = Nothing
    , _samlpleCreateDate = Nothing
    , _samlpleValidUntil = Nothing
    }

-- | The Amazon Resource Name (ARN) of the SAML provider.
samlpleARN :: Lens' SAMLProviderListEntry (Maybe Text)
samlpleARN = lens _samlpleARN (\ s a -> s{_samlpleARN = a});

-- | The date and time when the SAML provider was created.
samlpleCreateDate :: Lens' SAMLProviderListEntry (Maybe UTCTime)
samlpleCreateDate = lens _samlpleCreateDate (\ s a -> s{_samlpleCreateDate = a}) . mapping _Time;

-- | The expiration date and time for the SAML provider.
samlpleValidUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime)
samlpleValidUntil = lens _samlpleValidUntil (\ s a -> s{_samlpleValidUntil = a}) . mapping _Time;

instance FromXML SAMLProviderListEntry where
        parseXML x
          = SAMLProviderListEntry' <$>
              (x .@? "Arn") <*> (x .@? "CreateDate") <*>
                (x .@? "ValidUntil")

instance Hashable SAMLProviderListEntry

-- | Contains information about an SSH public key.
--
-- This data type is used as a response element in the < GetSSHPublicKey>
-- and < UploadSSHPublicKey> actions.
--
-- /See:/ 'sshPublicKey' smart constructor.
data SSHPublicKey = SSHPublicKey'
    { _spkUploadDate       :: !(Maybe ISO8601)
    , _spkUserName         :: !Text
    , _spkSSHPublicKeyId   :: !Text
    , _spkFingerprint      :: !Text
    , _spkSSHPublicKeyBody :: !Text
    , _spkStatus           :: !StatusType
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SSHPublicKey' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'spkUploadDate'
--
-- * 'spkUserName'
--
-- * 'spkSSHPublicKeyId'
--
-- * 'spkFingerprint'
--
-- * 'spkSSHPublicKeyBody'
--
-- * 'spkStatus'
sshPublicKey
    :: Text -- ^ 'spkUserName'
    -> Text -- ^ 'spkSSHPublicKeyId'
    -> Text -- ^ 'spkFingerprint'
    -> Text -- ^ 'spkSSHPublicKeyBody'
    -> StatusType -- ^ 'spkStatus'
    -> SSHPublicKey
sshPublicKey pUserName_ pSSHPublicKeyId_ pFingerprint_ pSSHPublicKeyBody_ pStatus_ =
    SSHPublicKey'
    { _spkUploadDate = Nothing
    , _spkUserName = pUserName_
    , _spkSSHPublicKeyId = pSSHPublicKeyId_
    , _spkFingerprint = pFingerprint_
    , _spkSSHPublicKeyBody = pSSHPublicKeyBody_
    , _spkStatus = pStatus_
    }

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the SSH
-- public key was uploaded.
spkUploadDate :: Lens' SSHPublicKey (Maybe UTCTime)
spkUploadDate = lens _spkUploadDate (\ s a -> s{_spkUploadDate = a}) . mapping _Time;

-- | The name of the IAM user associated with the SSH public key.
spkUserName :: Lens' SSHPublicKey Text
spkUserName = lens _spkUserName (\ s a -> s{_spkUserName = a});

-- | The unique identifier for the SSH public key.
spkSSHPublicKeyId :: Lens' SSHPublicKey Text
spkSSHPublicKeyId = lens _spkSSHPublicKeyId (\ s a -> s{_spkSSHPublicKeyId = a});

-- | The MD5 message digest of the SSH public key.
spkFingerprint :: Lens' SSHPublicKey Text
spkFingerprint = lens _spkFingerprint (\ s a -> s{_spkFingerprint = a});

-- | The SSH public key.
spkSSHPublicKeyBody :: Lens' SSHPublicKey Text
spkSSHPublicKeyBody = lens _spkSSHPublicKeyBody (\ s a -> s{_spkSSHPublicKeyBody = a});

-- | The status of the SSH public key. 'Active' means the key can be used for
-- authentication with an AWS CodeCommit repository. 'Inactive' means the
-- key cannot be used.
spkStatus :: Lens' SSHPublicKey StatusType
spkStatus = lens _spkStatus (\ s a -> s{_spkStatus = a});

instance FromXML SSHPublicKey where
        parseXML x
          = SSHPublicKey' <$>
              (x .@? "UploadDate") <*> (x .@ "UserName") <*>
                (x .@ "SSHPublicKeyId")
                <*> (x .@ "Fingerprint")
                <*> (x .@ "SSHPublicKeyBody")
                <*> (x .@ "Status")

instance Hashable SSHPublicKey

-- | Contains information about an SSH public key, without the key\'s body or
-- fingerprint.
--
-- This data type is used as a response element in the < ListSSHPublicKeys>
-- action.
--
-- /See:/ 'sshPublicKeyMetadata' smart constructor.
data SSHPublicKeyMetadata = SSHPublicKeyMetadata'
    { _spkmUserName       :: !Text
    , _spkmSSHPublicKeyId :: !Text
    , _spkmStatus         :: !StatusType
    , _spkmUploadDate     :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SSHPublicKeyMetadata' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'spkmUserName'
--
-- * 'spkmSSHPublicKeyId'
--
-- * 'spkmStatus'
--
-- * 'spkmUploadDate'
sshPublicKeyMetadata
    :: Text -- ^ 'spkmUserName'
    -> Text -- ^ 'spkmSSHPublicKeyId'
    -> StatusType -- ^ 'spkmStatus'
    -> UTCTime -- ^ 'spkmUploadDate'
    -> SSHPublicKeyMetadata
sshPublicKeyMetadata pUserName_ pSSHPublicKeyId_ pStatus_ pUploadDate_ =
    SSHPublicKeyMetadata'
    { _spkmUserName = pUserName_
    , _spkmSSHPublicKeyId = pSSHPublicKeyId_
    , _spkmStatus = pStatus_
    , _spkmUploadDate = _Time # pUploadDate_
    }

-- | The name of the IAM user associated with the SSH public key.
spkmUserName :: Lens' SSHPublicKeyMetadata Text
spkmUserName = lens _spkmUserName (\ s a -> s{_spkmUserName = a});

-- | The unique identifier for the SSH public key.
spkmSSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text
spkmSSHPublicKeyId = lens _spkmSSHPublicKeyId (\ s a -> s{_spkmSSHPublicKeyId = a});

-- | The status of the SSH public key. 'Active' means the key can be used for
-- authentication with an AWS CodeCommit repository. 'Inactive' means the
-- key cannot be used.
spkmStatus :: Lens' SSHPublicKeyMetadata StatusType
spkmStatus = lens _spkmStatus (\ s a -> s{_spkmStatus = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the SSH
-- public key was uploaded.
spkmUploadDate :: Lens' SSHPublicKeyMetadata UTCTime
spkmUploadDate = lens _spkmUploadDate (\ s a -> s{_spkmUploadDate = a}) . _Time;

instance FromXML SSHPublicKeyMetadata where
        parseXML x
          = SSHPublicKeyMetadata' <$>
              (x .@ "UserName") <*> (x .@ "SSHPublicKeyId") <*>
                (x .@ "Status")
                <*> (x .@ "UploadDate")

instance Hashable SSHPublicKeyMetadata

-- | Contains information about a server certificate.
--
-- This data type is used as a response element in the
-- < GetServerCertificate> action.
--
-- /See:/ 'serverCertificate' smart constructor.
data ServerCertificate = ServerCertificate'
    { _sCertificateChain          :: !(Maybe Text)
    , _sServerCertificateMetadata :: !ServerCertificateMetadata
    , _sCertificateBody           :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ServerCertificate' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'sCertificateChain'
--
-- * 'sServerCertificateMetadata'
--
-- * 'sCertificateBody'
serverCertificate
    :: ServerCertificateMetadata -- ^ 'sServerCertificateMetadata'
    -> Text -- ^ 'sCertificateBody'
    -> ServerCertificate
serverCertificate pServerCertificateMetadata_ pCertificateBody_ =
    ServerCertificate'
    { _sCertificateChain = Nothing
    , _sServerCertificateMetadata = pServerCertificateMetadata_
    , _sCertificateBody = pCertificateBody_
    }

-- | The contents of the public key certificate chain.
sCertificateChain :: Lens' ServerCertificate (Maybe Text)
sCertificateChain = lens _sCertificateChain (\ s a -> s{_sCertificateChain = a});

-- | The meta information of the server certificate, such as its name, path,
-- ID, and ARN.
sServerCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata
sServerCertificateMetadata = lens _sServerCertificateMetadata (\ s a -> s{_sServerCertificateMetadata = a});

-- | The contents of the public key certificate.
sCertificateBody :: Lens' ServerCertificate Text
sCertificateBody = lens _sCertificateBody (\ s a -> s{_sCertificateBody = a});

instance FromXML ServerCertificate where
        parseXML x
          = ServerCertificate' <$>
              (x .@? "CertificateChain") <*>
                (x .@ "ServerCertificateMetadata")
                <*> (x .@ "CertificateBody")

instance Hashable ServerCertificate

-- | Contains information about a server certificate without its certificate
-- body, certificate chain, and private key.
--
-- This data type is used as a response element in the
-- < UploadServerCertificate> and < ListServerCertificates> actions.
--
-- /See:/ 'serverCertificateMetadata' smart constructor.
data ServerCertificateMetadata = ServerCertificateMetadata'
    { _scmUploadDate            :: !(Maybe ISO8601)
    , _scmExpiration            :: !(Maybe ISO8601)
    , _scmPath                  :: !Text
    , _scmServerCertificateName :: !Text
    , _scmServerCertificateId   :: !Text
    , _scmARN                   :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ServerCertificateMetadata' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'scmUploadDate'
--
-- * 'scmExpiration'
--
-- * 'scmPath'
--
-- * 'scmServerCertificateName'
--
-- * 'scmServerCertificateId'
--
-- * 'scmARN'
serverCertificateMetadata
    :: Text -- ^ 'scmPath'
    -> Text -- ^ 'scmServerCertificateName'
    -> Text -- ^ 'scmServerCertificateId'
    -> Text -- ^ 'scmARN'
    -> ServerCertificateMetadata
serverCertificateMetadata pPath_ pServerCertificateName_ pServerCertificateId_ pARN_ =
    ServerCertificateMetadata'
    { _scmUploadDate = Nothing
    , _scmExpiration = Nothing
    , _scmPath = pPath_
    , _scmServerCertificateName = pServerCertificateName_
    , _scmServerCertificateId = pServerCertificateId_
    , _scmARN = pARN_
    }

-- | The date when the server certificate was uploaded.
scmUploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime)
scmUploadDate = lens _scmUploadDate (\ s a -> s{_scmUploadDate = a}) . mapping _Time;

-- | The date on which the certificate is set to expire.
scmExpiration :: Lens' ServerCertificateMetadata (Maybe UTCTime)
scmExpiration = lens _scmExpiration (\ s a -> s{_scmExpiration = a}) . mapping _Time;

-- | The path to the server certificate. For more information about paths,
-- see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
scmPath :: Lens' ServerCertificateMetadata Text
scmPath = lens _scmPath (\ s a -> s{_scmPath = a});

-- | The name that identifies the server certificate.
scmServerCertificateName :: Lens' ServerCertificateMetadata Text
scmServerCertificateName = lens _scmServerCertificateName (\ s a -> s{_scmServerCertificateName = a});

-- | The stable and unique string identifying the server certificate. For
-- more information about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
scmServerCertificateId :: Lens' ServerCertificateMetadata Text
scmServerCertificateId = lens _scmServerCertificateId (\ s a -> s{_scmServerCertificateId = a});

-- | The Amazon Resource Name (ARN) specifying the server certificate. For
-- more information about ARNs and how to use them in policies, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
scmARN :: Lens' ServerCertificateMetadata Text
scmARN = lens _scmARN (\ s a -> s{_scmARN = a});

instance FromXML ServerCertificateMetadata where
        parseXML x
          = ServerCertificateMetadata' <$>
              (x .@? "UploadDate") <*> (x .@? "Expiration") <*>
                (x .@ "Path")
                <*> (x .@ "ServerCertificateName")
                <*> (x .@ "ServerCertificateId")
                <*> (x .@ "Arn")

instance Hashable ServerCertificateMetadata

-- | Contains information about an X.509 signing certificate.
--
-- This data type is used as a response element in the
-- < UploadSigningCertificate> and < ListSigningCertificates> actions.
--
-- /See:/ 'signingCertificate' smart constructor.
data SigningCertificate = SigningCertificate'
    { _scUploadDate      :: !(Maybe ISO8601)
    , _scUserName        :: !Text
    , _scCertificateId   :: !Text
    , _scCertificateBody :: !Text
    , _scStatus          :: !StatusType
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SigningCertificate' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'scUploadDate'
--
-- * 'scUserName'
--
-- * 'scCertificateId'
--
-- * 'scCertificateBody'
--
-- * 'scStatus'
signingCertificate
    :: Text -- ^ 'scUserName'
    -> Text -- ^ 'scCertificateId'
    -> Text -- ^ 'scCertificateBody'
    -> StatusType -- ^ 'scStatus'
    -> SigningCertificate
signingCertificate pUserName_ pCertificateId_ pCertificateBody_ pStatus_ =
    SigningCertificate'
    { _scUploadDate = Nothing
    , _scUserName = pUserName_
    , _scCertificateId = pCertificateId_
    , _scCertificateBody = pCertificateBody_
    , _scStatus = pStatus_
    }

-- | The date when the signing certificate was uploaded.
scUploadDate :: Lens' SigningCertificate (Maybe UTCTime)
scUploadDate = lens _scUploadDate (\ s a -> s{_scUploadDate = a}) . mapping _Time;

-- | The name of the user the signing certificate is associated with.
scUserName :: Lens' SigningCertificate Text
scUserName = lens _scUserName (\ s a -> s{_scUserName = a});

-- | The ID for the signing certificate.
scCertificateId :: Lens' SigningCertificate Text
scCertificateId = lens _scCertificateId (\ s a -> s{_scCertificateId = a});

-- | The contents of the signing certificate.
scCertificateBody :: Lens' SigningCertificate Text
scCertificateBody = lens _scCertificateBody (\ s a -> s{_scCertificateBody = a});

-- | The status of the signing certificate. 'Active' means the key is valid
-- for API calls, while 'Inactive' means it is not.
scStatus :: Lens' SigningCertificate StatusType
scStatus = lens _scStatus (\ s a -> s{_scStatus = a});

instance FromXML SigningCertificate where
        parseXML x
          = SigningCertificate' <$>
              (x .@? "UploadDate") <*> (x .@ "UserName") <*>
                (x .@ "CertificateId")
                <*> (x .@ "CertificateBody")
                <*> (x .@ "Status")

instance Hashable SigningCertificate

-- | Contains the response to a successful < SimulatePrincipalPolicy> or
-- < SimulateCustomPolicy> request.
--
-- /See:/ 'simulatePolicyResponse' smart constructor.
data SimulatePolicyResponse = SimulatePolicyResponse'
    { _spEvaluationResults :: !(Maybe [EvaluationResult])
    , _spMarker            :: !(Maybe Text)
    , _spIsTruncated       :: !(Maybe Bool)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SimulatePolicyResponse' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'spEvaluationResults'
--
-- * 'spMarker'
--
-- * 'spIsTruncated'
simulatePolicyResponse
    :: SimulatePolicyResponse
simulatePolicyResponse =
    SimulatePolicyResponse'
    { _spEvaluationResults = Nothing
    , _spMarker = Nothing
    , _spIsTruncated = Nothing
    }

-- | The results of the simulation.
spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]
spEvaluationResults = lens _spEvaluationResults (\ s a -> s{_spEvaluationResults = a}) . _Default . _Coerce;

-- | When 'IsTruncated' is 'true', this element is present and contains the
-- value to use for the 'Marker' parameter in a subsequent pagination
-- request.
spMarker :: Lens' SimulatePolicyResponse (Maybe Text)
spMarker = lens _spMarker (\ s a -> s{_spMarker = a});

-- | A flag that indicates whether there are more items to return. If your
-- results were truncated, you can make a subsequent pagination request
-- using the 'Marker' request parameter to retrieve more items. Note that
-- IAM might return fewer than the 'MaxItems' number of results even when
-- there are more results available. We recommend that you check
-- 'IsTruncated' after every call to ensure that you receive all of your
-- results.
spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
spIsTruncated = lens _spIsTruncated (\ s a -> s{_spIsTruncated = a});

instance FromXML SimulatePolicyResponse where
        parseXML x
          = SimulatePolicyResponse' <$>
              (x .@? "EvaluationResults" .!@ mempty >>=
                 may (parseXMLList "member"))
                <*> (x .@? "Marker")
                <*> (x .@? "IsTruncated")

instance Hashable SimulatePolicyResponse

-- | Contains a reference to a 'Statement' element in a policy document that
-- determines the result of the simulation.
--
-- This data type is used by the 'MatchedStatements' member of the
-- 'EvaluationResult' type.
--
-- /See:/ 'statement' smart constructor.
data Statement = Statement'
    { _sSourcePolicyType :: !(Maybe PolicySourceType)
    , _sSourcePolicyId   :: !(Maybe Text)
    , _sEndPosition      :: !(Maybe Position)
    , _sStartPosition    :: !(Maybe Position)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Statement' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'sSourcePolicyType'
--
-- * 'sSourcePolicyId'
--
-- * 'sEndPosition'
--
-- * 'sStartPosition'
statement
    :: Statement
statement =
    Statement'
    { _sSourcePolicyType = Nothing
    , _sSourcePolicyId = Nothing
    , _sEndPosition = Nothing
    , _sStartPosition = Nothing
    }

-- | The type of the policy.
sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType)
sSourcePolicyType = lens _sSourcePolicyType (\ s a -> s{_sSourcePolicyType = a});

-- | The identifier of the policy that was provided as an input.
sSourcePolicyId :: Lens' Statement (Maybe Text)
sSourcePolicyId = lens _sSourcePolicyId (\ s a -> s{_sSourcePolicyId = a});

-- | The row and column of the end of a 'Statement' in an IAM policy.
sEndPosition :: Lens' Statement (Maybe Position)
sEndPosition = lens _sEndPosition (\ s a -> s{_sEndPosition = a});

-- | The row and column of the beginning of the 'Statement' in an IAM policy.
sStartPosition :: Lens' Statement (Maybe Position)
sStartPosition = lens _sStartPosition (\ s a -> s{_sStartPosition = a});

instance FromXML Statement where
        parseXML x
          = Statement' <$>
              (x .@? "SourcePolicyType") <*>
                (x .@? "SourcePolicyId")
                <*> (x .@? "EndPosition")
                <*> (x .@? "StartPosition")

instance Hashable Statement

-- | Contains information about an IAM user entity.
--
-- This data type is used as a response element in the following actions:
--
-- -   < CreateUser>
--
-- -   < GetUser>
--
-- -   < ListUsers>
--
--
-- /See:/ 'user' smart constructor.
data User = User'
    { _uPasswordLastUsed :: !(Maybe ISO8601)
    , _uPath             :: !Text
    , _uUserName         :: !Text
    , _uUserId           :: !Text
    , _uARN              :: !Text
    , _uCreateDate       :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'User' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'uPasswordLastUsed'
--
-- * 'uPath'
--
-- * 'uUserName'
--
-- * 'uUserId'
--
-- * 'uARN'
--
-- * 'uCreateDate'
user
    :: Text -- ^ 'uPath'
    -> Text -- ^ 'uUserName'
    -> Text -- ^ 'uUserId'
    -> Text -- ^ 'uARN'
    -> UTCTime -- ^ 'uCreateDate'
    -> User
user pPath_ pUserName_ pUserId_ pARN_ pCreateDate_ =
    User'
    { _uPasswordLastUsed = Nothing
    , _uPath = pPath_
    , _uUserName = pUserName_
    , _uUserId = pUserId_
    , _uARN = pARN_
    , _uCreateDate = _Time # pCreateDate_
    }

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- user\'s password was last used to sign in to an AWS website. For a list
-- of AWS websites that capture a user\'s last sign-in time, see the
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Credential Reports>
-- topic in the /Using IAM/ guide. If a password is used more than once in
-- a five-minute span, only the first use is returned in this field. This
-- field is null (not present) when:
--
-- -   The user does not have a password
--
-- -   The password exists but has never been used (at least not since IAM
--     started tracking this information on October 20th, 2014
--
-- -   there is no sign-in data associated with the user
--
-- This value is returned only in the < GetUser> and < ListUsers> actions.
uPasswordLastUsed :: Lens' User (Maybe UTCTime)
uPasswordLastUsed = lens _uPasswordLastUsed (\ s a -> s{_uPasswordLastUsed = a}) . mapping _Time;

-- | The path to the user. For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
uPath :: Lens' User Text
uPath = lens _uPath (\ s a -> s{_uPath = a});

-- | The friendly name identifying the user.
uUserName :: Lens' User Text
uUserName = lens _uUserName (\ s a -> s{_uUserName = a});

-- | The stable and unique string identifying the user. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
uUserId :: Lens' User Text
uUserId = lens _uUserId (\ s a -> s{_uUserId = a});

-- | The Amazon Resource Name (ARN) that identifies the user. For more
-- information about ARNs and how to use ARNs in policies, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
uARN :: Lens' User Text
uARN = lens _uARN (\ s a -> s{_uARN = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- user was created.
uCreateDate :: Lens' User UTCTime
uCreateDate = lens _uCreateDate (\ s a -> s{_uCreateDate = a}) . _Time;

instance FromXML User where
        parseXML x
          = User' <$>
              (x .@? "PasswordLastUsed") <*> (x .@ "Path") <*>
                (x .@ "UserName")
                <*> (x .@ "UserId")
                <*> (x .@ "Arn")
                <*> (x .@ "CreateDate")

instance Hashable User

-- | Contains information about an IAM user, including all the user\'s
-- policies and all the IAM groups the user is in.
--
-- This data type is used as a response element in the
-- < GetAccountAuthorizationDetails> action.
--
-- /See:/ 'userDetail' smart constructor.
data UserDetail = UserDetail'
    { _udGroupList               :: !(Maybe [Text])
    , _udARN                     :: !(Maybe Text)
    , _udPath                    :: !(Maybe Text)
    , _udCreateDate              :: !(Maybe ISO8601)
    , _udUserName                :: !(Maybe Text)
    , _udUserId                  :: !(Maybe Text)
    , _udUserPolicyList          :: !(Maybe [PolicyDetail])
    , _udAttachedManagedPolicies :: !(Maybe [AttachedPolicy])
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'UserDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'udGroupList'
--
-- * 'udARN'
--
-- * 'udPath'
--
-- * 'udCreateDate'
--
-- * 'udUserName'
--
-- * 'udUserId'
--
-- * 'udUserPolicyList'
--
-- * 'udAttachedManagedPolicies'
userDetail
    :: UserDetail
userDetail =
    UserDetail'
    { _udGroupList = Nothing
    , _udARN = Nothing
    , _udPath = Nothing
    , _udCreateDate = Nothing
    , _udUserName = Nothing
    , _udUserId = Nothing
    , _udUserPolicyList = Nothing
    , _udAttachedManagedPolicies = Nothing
    }

-- | A list of IAM groups that the user is in.
udGroupList :: Lens' UserDetail [Text]
udGroupList = lens _udGroupList (\ s a -> s{_udGroupList = a}) . _Default . _Coerce;

-- | Undocumented member.
udARN :: Lens' UserDetail (Maybe Text)
udARN = lens _udARN (\ s a -> s{_udARN = a});

-- | The path to the user. For more information about paths, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
udPath :: Lens' UserDetail (Maybe Text)
udPath = lens _udPath (\ s a -> s{_udPath = a});

-- | The date and time, in
-- <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the
-- user was created.
udCreateDate :: Lens' UserDetail (Maybe UTCTime)
udCreateDate = lens _udCreateDate (\ s a -> s{_udCreateDate = a}) . mapping _Time;

-- | The friendly name identifying the user.
udUserName :: Lens' UserDetail (Maybe Text)
udUserName = lens _udUserName (\ s a -> s{_udUserName = a});

-- | The stable and unique string identifying the user. For more information
-- about IDs, see
-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
-- in the /Using IAM/ guide.
udUserId :: Lens' UserDetail (Maybe Text)
udUserId = lens _udUserId (\ s a -> s{_udUserId = a});

-- | A list of the inline policies embedded in the user.
udUserPolicyList :: Lens' UserDetail [PolicyDetail]
udUserPolicyList = lens _udUserPolicyList (\ s a -> s{_udUserPolicyList = a}) . _Default . _Coerce;

-- | A list of the managed policies attached to the user.
udAttachedManagedPolicies :: Lens' UserDetail [AttachedPolicy]
udAttachedManagedPolicies = lens _udAttachedManagedPolicies (\ s a -> s{_udAttachedManagedPolicies = a}) . _Default . _Coerce;

instance FromXML UserDetail where
        parseXML x
          = UserDetail' <$>
              (x .@? "GroupList" .!@ mempty >>=
                 may (parseXMLList "member"))
                <*> (x .@? "Arn")
                <*> (x .@? "Path")
                <*> (x .@? "CreateDate")
                <*> (x .@? "UserName")
                <*> (x .@? "UserId")
                <*>
                (x .@? "UserPolicyList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*>
                (x .@? "AttachedManagedPolicies" .!@ mempty >>=
                   may (parseXMLList "member"))

instance Hashable UserDetail

-- | Contains information about a virtual MFA device.
--
-- /See:/ 'virtualMFADevice' smart constructor.
data VirtualMFADevice = VirtualMFADevice'
    { _vmdQRCodePNG        :: !(Maybe (Sensitive Base64))
    , _vmdBase32StringSeed :: !(Maybe (Sensitive Base64))
    , _vmdUser             :: !(Maybe User)
    , _vmdEnableDate       :: !(Maybe ISO8601)
    , _vmdSerialNumber     :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'VirtualMFADevice' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'vmdQRCodePNG'
--
-- * 'vmdBase32StringSeed'
--
-- * 'vmdUser'
--
-- * 'vmdEnableDate'
--
-- * 'vmdSerialNumber'
virtualMFADevice
    :: Text -- ^ 'vmdSerialNumber'
    -> VirtualMFADevice
virtualMFADevice pSerialNumber_ =
    VirtualMFADevice'
    { _vmdQRCodePNG = Nothing
    , _vmdBase32StringSeed = Nothing
    , _vmdUser = Nothing
    , _vmdEnableDate = Nothing
    , _vmdSerialNumber = pSerialNumber_
    }

-- | A QR code PNG image that encodes
-- 'otpauth:\/\/totp\/$virtualMFADeviceName\'$AccountName?secret=$Base32String'
-- where '$virtualMFADeviceName' is one of the create call arguments,
-- 'AccountName' is the user name if set (otherwise, the account ID
-- otherwise), and 'Base32String' is the seed in Base32 format. The
-- 'Base32String' value is Base64-encoded.
--
-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data,
-- despite what the AWS documentation might say.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This 'Lens' accepts and returns only raw unencoded data.
vmdQRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString)
vmdQRCodePNG = lens _vmdQRCodePNG (\ s a -> s{_vmdQRCodePNG = a}) . mapping (_Sensitive . _Base64);

-- | The Base32 seed defined as specified in
-- <http://www.ietf.org/rfc/rfc3548.txt RFC3548>. The 'Base32StringSeed' is
-- Base64-encoded.
--
-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data,
-- despite what the AWS documentation might say.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This 'Lens' accepts and returns only raw unencoded data.
vmdBase32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString)
vmdBase32StringSeed = lens _vmdBase32StringSeed (\ s a -> s{_vmdBase32StringSeed = a}) . mapping (_Sensitive . _Base64);

-- | Undocumented member.
vmdUser :: Lens' VirtualMFADevice (Maybe User)
vmdUser = lens _vmdUser (\ s a -> s{_vmdUser = a});

-- | The date and time on which the virtual MFA device was enabled.
vmdEnableDate :: Lens' VirtualMFADevice (Maybe UTCTime)
vmdEnableDate = lens _vmdEnableDate (\ s a -> s{_vmdEnableDate = a}) . mapping _Time;

-- | The serial number associated with 'VirtualMFADevice'.
vmdSerialNumber :: Lens' VirtualMFADevice Text
vmdSerialNumber = lens _vmdSerialNumber (\ s a -> s{_vmdSerialNumber = a});

instance FromXML VirtualMFADevice where
        parseXML x
          = VirtualMFADevice' <$>
              (x .@? "QRCodePNG") <*> (x .@? "Base32StringSeed")
                <*> (x .@? "User")
                <*> (x .@? "EnableDate")
                <*> (x .@ "SerialNumber")

instance Hashable VirtualMFADevice