{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE DeriveGeneric      #-}
{-# LANGUAGE OverloadedStrings  #-}
{-# LANGUAGE RecordWildCards    #-}

{-# OPTIONS_GHC -fno-warn-unused-imports #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Network.AWS.IAM.Types.Product
-- Copyright   : (c) 2013-2016 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
module Network.AWS.IAM.Types.Product where

import           Network.AWS.IAM.Types.Sum
import           Network.AWS.Lens
import           Network.AWS.Prelude

-- | Contains information about an AWS access key.
--
-- This data type is used as a response element in the < CreateAccessKey> and < ListAccessKeys> actions.
--
-- The 'SecretAccessKey' value is returned only in response to < CreateAccessKey>. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.
--
-- /See:/ 'accessKey' smart constructor.
data AccessKey = AccessKey'
    { _akCreateDate      :: !(Maybe ISO8601)
    , _akUserName        :: !Text
    , _akAccessKeyId     :: !Text
    , _akStatus          :: !StatusType
    , _akSecretAccessKey :: !(Sensitive Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AccessKey' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'akCreateDate'
--
-- * 'akUserName'
--
-- * 'akAccessKeyId'
--
-- * 'akStatus'
--
-- * 'akSecretAccessKey'
accessKey
    :: Text -- ^ 'akUserName'
    -> Text -- ^ 'akAccessKeyId'
    -> StatusType -- ^ 'akStatus'
    -> Text -- ^ 'akSecretAccessKey'
    -> AccessKey
accessKey pUserName_ pAccessKeyId_ pStatus_ pSecretAccessKey_ =
    AccessKey'
    { _akCreateDate = Nothing
    , _akUserName = pUserName_
    , _akAccessKeyId = pAccessKeyId_
    , _akStatus = pStatus_
    , _akSecretAccessKey = _Sensitive # pSecretAccessKey_
    }

-- | The date when the access key was created.
akCreateDate :: Lens' AccessKey (Maybe UTCTime)
akCreateDate = lens _akCreateDate (\ s a -> s{_akCreateDate = a}) . mapping _Time;

-- | The name of the IAM user that the access key is associated with.
akUserName :: Lens' AccessKey Text
akUserName = lens _akUserName (\ s a -> s{_akUserName = a});

-- | The ID for this access key.
akAccessKeyId :: Lens' AccessKey Text
akAccessKeyId = lens _akAccessKeyId (\ s a -> s{_akAccessKeyId = a});

-- | The status of the access key. 'Active' means the key is valid for API calls, while 'Inactive' means it is not.
akStatus :: Lens' AccessKey StatusType
akStatus = lens _akStatus (\ s a -> s{_akStatus = a});

-- | The secret key used to sign requests.
akSecretAccessKey :: Lens' AccessKey Text
akSecretAccessKey = lens _akSecretAccessKey (\ s a -> s{_akSecretAccessKey = a}) . _Sensitive;

instance FromXML AccessKey where
        parseXML x
          = AccessKey' <$>
              (x .@? "CreateDate") <*> (x .@ "UserName") <*>
                (x .@ "AccessKeyId")
                <*> (x .@ "Status")
                <*> (x .@ "SecretAccessKey")

instance Hashable AccessKey

instance NFData AccessKey

-- | Contains information about the last time an AWS access key was used.
--
-- This data type is used as a response element in the < GetAccessKeyLastUsed> action.
--
-- /See:/ 'accessKeyLastUsed' smart constructor.
data AccessKeyLastUsed = AccessKeyLastUsed'
    { _akluLastUsedDate :: !ISO8601
    , _akluServiceName  :: !Text
    , _akluRegion       :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AccessKeyLastUsed' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'akluLastUsedDate'
--
-- * 'akluServiceName'
--
-- * 'akluRegion'
accessKeyLastUsed
    :: UTCTime -- ^ 'akluLastUsedDate'
    -> Text -- ^ 'akluServiceName'
    -> Text -- ^ 'akluRegion'
    -> AccessKeyLastUsed
accessKeyLastUsed pLastUsedDate_ pServiceName_ pRegion_ =
    AccessKeyLastUsed'
    { _akluLastUsedDate = _Time # pLastUsedDate_
    , _akluServiceName = pServiceName_
    , _akluRegion = pRegion_
    }

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the access key was most recently used. This field is null when:
--
-- -   The user does not have an access key.
--
-- -   An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
--
-- -   There is no sign-in data associated with the user
--
akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime
akluLastUsedDate = lens _akluLastUsedDate (\ s a -> s{_akluLastUsedDate = a}) . _Time;

-- | The name of the AWS service with which this access key was most recently used. This field is null when:
--
-- -   The user does not have an access key.
--
-- -   An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
--
-- -   There is no sign-in data associated with the user
--
akluServiceName :: Lens' AccessKeyLastUsed Text
akluServiceName = lens _akluServiceName (\ s a -> s{_akluServiceName = a});

-- | The AWS region where this access key was most recently used. This field is null when:
--
-- -   The user does not have an access key.
--
-- -   An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.
--
-- -   There is no sign-in data associated with the user
--
-- For more information about AWS regions, see <http://docs.aws.amazon.com/general/latest/gr/rande.html Regions and Endpoints> in the Amazon Web Services General Reference.
akluRegion :: Lens' AccessKeyLastUsed Text
akluRegion = lens _akluRegion (\ s a -> s{_akluRegion = a});

instance FromXML AccessKeyLastUsed where
        parseXML x
          = AccessKeyLastUsed' <$>
              (x .@ "LastUsedDate") <*> (x .@ "ServiceName") <*>
                (x .@ "Region")

instance Hashable AccessKeyLastUsed

instance NFData AccessKeyLastUsed

-- | Contains information about an AWS access key, without its secret key.
--
-- This data type is used as a response element in the < ListAccessKeys> action.
--
-- /See:/ 'accessKeyMetadata' smart constructor.
data AccessKeyMetadata = AccessKeyMetadata'
    { _akmStatus      :: !(Maybe StatusType)
    , _akmCreateDate  :: !(Maybe ISO8601)
    , _akmUserName    :: !(Maybe Text)
    , _akmAccessKeyId :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AccessKeyMetadata' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'akmStatus'
--
-- * 'akmCreateDate'
--
-- * 'akmUserName'
--
-- * 'akmAccessKeyId'
accessKeyMetadata
    :: AccessKeyMetadata
accessKeyMetadata =
    AccessKeyMetadata'
    { _akmStatus = Nothing
    , _akmCreateDate = Nothing
    , _akmUserName = Nothing
    , _akmAccessKeyId = Nothing
    }

-- | The status of the access key. 'Active' means the key is valid for API calls; 'Inactive' means it is not.
akmStatus :: Lens' AccessKeyMetadata (Maybe StatusType)
akmStatus = lens _akmStatus (\ s a -> s{_akmStatus = a});

-- | The date when the access key was created.
akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime)
akmCreateDate = lens _akmCreateDate (\ s a -> s{_akmCreateDate = a}) . mapping _Time;

-- | The name of the IAM user that the key is associated with.
akmUserName :: Lens' AccessKeyMetadata (Maybe Text)
akmUserName = lens _akmUserName (\ s a -> s{_akmUserName = a});

-- | The ID for this access key.
akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe Text)
akmAccessKeyId = lens _akmAccessKeyId (\ s a -> s{_akmAccessKeyId = a});

instance FromXML AccessKeyMetadata where
        parseXML x
          = AccessKeyMetadata' <$>
              (x .@? "Status") <*> (x .@? "CreateDate") <*>
                (x .@? "UserName")
                <*> (x .@? "AccessKeyId")

instance Hashable AccessKeyMetadata

instance NFData AccessKeyMetadata

-- | Contains information about an attached policy.
--
-- An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the < ListAttachedGroupPolicies>, < ListAttachedRolePolicies>, < ListAttachedUserPolicies>, and < GetAccountAuthorizationDetails> actions.
--
-- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
--
-- /See:/ 'attachedPolicy' smart constructor.
data AttachedPolicy = AttachedPolicy'
    { _apPolicyName :: !(Maybe Text)
    , _apPolicyARN  :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AttachedPolicy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'apPolicyName'
--
-- * 'apPolicyARN'
attachedPolicy
    :: AttachedPolicy
attachedPolicy =
    AttachedPolicy'
    { _apPolicyName = Nothing
    , _apPolicyARN = Nothing
    }

-- | The friendly name of the attached policy.
apPolicyName :: Lens' AttachedPolicy (Maybe Text)
apPolicyName = lens _apPolicyName (\ s a -> s{_apPolicyName = a});

-- | Undocumented member.
apPolicyARN :: Lens' AttachedPolicy (Maybe Text)
apPolicyARN = lens _apPolicyARN (\ s a -> s{_apPolicyARN = a});

instance FromXML AttachedPolicy where
        parseXML x
          = AttachedPolicy' <$>
              (x .@? "PolicyName") <*> (x .@? "PolicyArn")

instance Hashable AttachedPolicy

instance NFData AttachedPolicy

-- | Contains information about a condition context key. It includes the name of the key and specifies the value (or values, if the context key supports multiple values) to use in the simulation. This information is used when evaluating the 'Condition' elements of the input policies.
--
-- This data type is used as an input parameter to 'SimulatePolicy'.
--
-- /See:/ 'contextEntry' smart constructor.
data ContextEntry = ContextEntry'
    { _ceContextKeyValues :: !(Maybe [Text])
    , _ceContextKeyName   :: !(Maybe Text)
    , _ceContextKeyType   :: !(Maybe ContextKeyTypeEnum)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ContextEntry' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'ceContextKeyValues'
--
-- * 'ceContextKeyName'
--
-- * 'ceContextKeyType'
contextEntry
    :: ContextEntry
contextEntry =
    ContextEntry'
    { _ceContextKeyValues = Nothing
    , _ceContextKeyName = Nothing
    , _ceContextKeyType = Nothing
    }

-- | The value (or values, if the condition context key supports multiple values) to provide to the simulation for use when the key is referenced by a 'Condition' element in an input policy.
ceContextKeyValues :: Lens' ContextEntry [Text]
ceContextKeyValues = lens _ceContextKeyValues (\ s a -> s{_ceContextKeyValues = a}) . _Default . _Coerce;

-- | The full name of a condition context key, including the service prefix. For example, 'aws:SourceIp' or 's3:VersionId'.
ceContextKeyName :: Lens' ContextEntry (Maybe Text)
ceContextKeyName = lens _ceContextKeyName (\ s a -> s{_ceContextKeyName = a});

-- | The data type of the value (or values) specified in the 'ContextKeyValues' parameter.
ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)
ceContextKeyType = lens _ceContextKeyType (\ s a -> s{_ceContextKeyType = a});

instance Hashable ContextEntry

instance NFData ContextEntry

instance ToQuery ContextEntry where
        toQuery ContextEntry'{..}
          = mconcat
              ["ContextKeyValues" =:
                 toQuery
                   (toQueryList "member" <$> _ceContextKeyValues),
               "ContextKeyName" =: _ceContextKeyName,
               "ContextKeyType" =: _ceContextKeyType]

-- | Contains the results of a simulation.
--
-- This data type is used by the return parameter of 'SimulatePolicy'.
--
-- /See:/ 'evaluationResult' smart constructor.
data EvaluationResult = EvaluationResult'
    { _erMatchedStatements       :: !(Maybe [Statement])
    , _erEvalDecisionDetails     :: !(Maybe (Map Text PolicyEvaluationDecisionType))
    , _erResourceSpecificResults :: !(Maybe [ResourceSpecificResult])
    , _erEvalResourceName        :: !(Maybe Text)
    , _erMissingContextValues    :: !(Maybe [Text])
    , _erEvalActionName          :: !Text
    , _erEvalDecision            :: !PolicyEvaluationDecisionType
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'EvaluationResult' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'erMatchedStatements'
--
-- * 'erEvalDecisionDetails'
--
-- * 'erResourceSpecificResults'
--
-- * 'erEvalResourceName'
--
-- * 'erMissingContextValues'
--
-- * 'erEvalActionName'
--
-- * 'erEvalDecision'
evaluationResult
    :: Text -- ^ 'erEvalActionName'
    -> PolicyEvaluationDecisionType -- ^ 'erEvalDecision'
    -> EvaluationResult
evaluationResult pEvalActionName_ pEvalDecision_ =
    EvaluationResult'
    { _erMatchedStatements = Nothing
    , _erEvalDecisionDetails = Nothing
    , _erResourceSpecificResults = Nothing
    , _erEvalResourceName = Nothing
    , _erMissingContextValues = Nothing
    , _erEvalActionName = pEvalActionName_
    , _erEvalDecision = pEvalDecision_
    }

-- | A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the action on the resource, if only one statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
erMatchedStatements :: Lens' EvaluationResult [Statement]
erMatchedStatements = lens _erMatchedStatements (\ s a -> s{_erMatchedStatements = a}) . _Default . _Coerce;

-- | Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller\'s IAM policy must grant access. See <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html How IAM Roles Differ from Resource-based Policies>
erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType)
erEvalDecisionDetails = lens _erEvalDecisionDetails (\ s a -> s{_erEvalDecisionDetails = a}) . _Default . _Map;

-- | The individual results of the simulation of the API action specified in EvalActionName on each resource.
erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult]
erResourceSpecificResults = lens _erResourceSpecificResults (\ s a -> s{_erResourceSpecificResults = a}) . _Default . _Coerce;

-- | The ARN of the resource that the indicated API action was tested on.
erEvalResourceName :: Lens' EvaluationResult (Maybe Text)
erEvalResourceName = lens _erEvalResourceName (\ s a -> s{_erEvalResourceName = a});

-- | A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is \"*\", either explicitly, or when the 'ResourceArns' parameter blank. If you include a list of resources, then any missing context values are instead included under the 'ResourceSpecificResults' section. To discover the context keys used by a set of policies, you can call < GetContextKeysForCustomPolicy> or < GetContextKeysForPrincipalPolicy>.
--
-- If the response includes any keys in this list, then the reported results might be untrustworthy because the simulation could not completely evaluate all of the conditions specified in the policies that would occur in a real world request.
erMissingContextValues :: Lens' EvaluationResult [Text]
erMissingContextValues = lens _erMissingContextValues (\ s a -> s{_erMissingContextValues = a}) . _Default . _Coerce;

-- | The name of the API action tested on the indicated resource.
erEvalActionName :: Lens' EvaluationResult Text
erEvalActionName = lens _erEvalActionName (\ s a -> s{_erEvalActionName = a});

-- | The result of the simulation.
erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType
erEvalDecision = lens _erEvalDecision (\ s a -> s{_erEvalDecision = a});

instance FromXML EvaluationResult where
        parseXML x
          = EvaluationResult' <$>
              (x .@? "MatchedStatements" .!@ mempty >>=
                 may (parseXMLList "member"))
                <*>
                (x .@? "EvalDecisionDetails" .!@ mempty >>=
                   may (parseXMLMap "entry" "key" "value"))
                <*>
                (x .@? "ResourceSpecificResults" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@? "EvalResourceName")
                <*>
                (x .@? "MissingContextValues" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@ "EvalActionName")
                <*> (x .@ "EvalDecision")

instance Hashable EvaluationResult

instance NFData EvaluationResult

-- | Contains the response to a successful < GetContextKeysForPrincipalPolicy> or < GetContextKeysForCustomPolicy> request.
--
-- /See:/ 'getContextKeysForPolicyResponse' smart constructor.
newtype GetContextKeysForPolicyResponse = GetContextKeysForPolicyResponse'
    { _gckfpContextKeyNames :: Maybe [Text]
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'GetContextKeysForPolicyResponse' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'gckfpContextKeyNames'
getContextKeysForPolicyResponse
    :: GetContextKeysForPolicyResponse
getContextKeysForPolicyResponse =
    GetContextKeysForPolicyResponse'
    { _gckfpContextKeyNames = Nothing
    }

-- | The list of context keys that are used in the 'Condition' elements of the input policies.
gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]
gckfpContextKeyNames = lens _gckfpContextKeyNames (\ s a -> s{_gckfpContextKeyNames = a}) . _Default . _Coerce;

instance FromXML GetContextKeysForPolicyResponse
         where
        parseXML x
          = GetContextKeysForPolicyResponse' <$>
              (x .@? "ContextKeyNames" .!@ mempty >>=
                 may (parseXMLList "member"))

instance Hashable GetContextKeysForPolicyResponse

instance NFData GetContextKeysForPolicyResponse

-- | Contains information about an IAM group entity.
--
-- This data type is used as a response element in the following actions:
--
-- -   < CreateGroup>
-- -   < GetGroup>
-- -   < ListGroups>
--
-- /See:/ 'group'' smart constructor.
data Group = Group'
    { _gPath       :: !Text
    , _gGroupName  :: !Text
    , _gGroupId    :: !Text
    , _gARN        :: !Text
    , _gCreateDate :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Group' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'gPath'
--
-- * 'gGroupName'
--
-- * 'gGroupId'
--
-- * 'gARN'
--
-- * 'gCreateDate'
group'
    :: Text -- ^ 'gPath'
    -> Text -- ^ 'gGroupName'
    -> Text -- ^ 'gGroupId'
    -> Text -- ^ 'gARN'
    -> UTCTime -- ^ 'gCreateDate'
    -> Group
group' pPath_ pGroupName_ pGroupId_ pARN_ pCreateDate_ =
    Group'
    { _gPath = pPath_
    , _gGroupName = pGroupName_
    , _gGroupId = pGroupId_
    , _gARN = pARN_
    , _gCreateDate = _Time # pCreateDate_
    }

-- | The path to the group. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
gPath :: Lens' Group Text
gPath = lens _gPath (\ s a -> s{_gPath = a});

-- | The friendly name that identifies the group.
gGroupName :: Lens' Group Text
gGroupName = lens _gGroupName (\ s a -> s{_gGroupName = a});

-- | The stable and unique string identifying the group. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
gGroupId :: Lens' Group Text
gGroupId = lens _gGroupId (\ s a -> s{_gGroupId = a});

-- | The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
gARN :: Lens' Group Text
gARN = lens _gARN (\ s a -> s{_gARN = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the group was created.
gCreateDate :: Lens' Group UTCTime
gCreateDate = lens _gCreateDate (\ s a -> s{_gCreateDate = a}) . _Time;

instance FromXML Group where
        parseXML x
          = Group' <$>
              (x .@ "Path") <*> (x .@ "GroupName") <*>
                (x .@ "GroupId")
                <*> (x .@ "Arn")
                <*> (x .@ "CreateDate")

instance Hashable Group

instance NFData Group

-- | Contains information about an IAM group, including all of the group\'s policies.
--
-- This data type is used as a response element in the < GetAccountAuthorizationDetails> action.
--
-- /See:/ 'groupDetail' smart constructor.
data GroupDetail = GroupDetail'
    { _gdARN                     :: !(Maybe Text)
    , _gdPath                    :: !(Maybe Text)
    , _gdCreateDate              :: !(Maybe ISO8601)
    , _gdGroupId                 :: !(Maybe Text)
    , _gdGroupPolicyList         :: !(Maybe [PolicyDetail])
    , _gdGroupName               :: !(Maybe Text)
    , _gdAttachedManagedPolicies :: !(Maybe [AttachedPolicy])
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'GroupDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'gdARN'
--
-- * 'gdPath'
--
-- * 'gdCreateDate'
--
-- * 'gdGroupId'
--
-- * 'gdGroupPolicyList'
--
-- * 'gdGroupName'
--
-- * 'gdAttachedManagedPolicies'
groupDetail
    :: GroupDetail
groupDetail =
    GroupDetail'
    { _gdARN = Nothing
    , _gdPath = Nothing
    , _gdCreateDate = Nothing
    , _gdGroupId = Nothing
    , _gdGroupPolicyList = Nothing
    , _gdGroupName = Nothing
    , _gdAttachedManagedPolicies = Nothing
    }

-- | Undocumented member.
gdARN :: Lens' GroupDetail (Maybe Text)
gdARN = lens _gdARN (\ s a -> s{_gdARN = a});

-- | The path to the group. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
gdPath :: Lens' GroupDetail (Maybe Text)
gdPath = lens _gdPath (\ s a -> s{_gdPath = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the group was created.
gdCreateDate :: Lens' GroupDetail (Maybe UTCTime)
gdCreateDate = lens _gdCreateDate (\ s a -> s{_gdCreateDate = a}) . mapping _Time;

-- | The stable and unique string identifying the group. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
gdGroupId :: Lens' GroupDetail (Maybe Text)
gdGroupId = lens _gdGroupId (\ s a -> s{_gdGroupId = a});

-- | A list of the inline policies embedded in the group.
gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail]
gdGroupPolicyList = lens _gdGroupPolicyList (\ s a -> s{_gdGroupPolicyList = a}) . _Default . _Coerce;

-- | The friendly name that identifies the group.
gdGroupName :: Lens' GroupDetail (Maybe Text)
gdGroupName = lens _gdGroupName (\ s a -> s{_gdGroupName = a});

-- | A list of the managed policies attached to the group.
gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy]
gdAttachedManagedPolicies = lens _gdAttachedManagedPolicies (\ s a -> s{_gdAttachedManagedPolicies = a}) . _Default . _Coerce;

instance FromXML GroupDetail where
        parseXML x
          = GroupDetail' <$>
              (x .@? "Arn") <*> (x .@? "Path") <*>
                (x .@? "CreateDate")
                <*> (x .@? "GroupId")
                <*>
                (x .@? "GroupPolicyList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@? "GroupName")
                <*>
                (x .@? "AttachedManagedPolicies" .!@ mempty >>=
                   may (parseXMLList "member"))

instance Hashable GroupDetail

instance NFData GroupDetail

-- | Contains information about an instance profile.
--
-- This data type is used as a response element in the following actions:
--
-- -   < CreateInstanceProfile>
--
-- -   < GetInstanceProfile>
--
-- -   < ListInstanceProfiles>
--
-- -   < ListInstanceProfilesForRole>
--
--
-- /See:/ 'instanceProfile' smart constructor.
data InstanceProfile = InstanceProfile'
    { _ipPath                :: !Text
    , _ipInstanceProfileName :: !Text
    , _ipInstanceProfileId   :: !Text
    , _ipARN                 :: !Text
    , _ipCreateDate          :: !ISO8601
    , _ipRoles               :: ![Role]
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'InstanceProfile' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'ipPath'
--
-- * 'ipInstanceProfileName'
--
-- * 'ipInstanceProfileId'
--
-- * 'ipARN'
--
-- * 'ipCreateDate'
--
-- * 'ipRoles'
instanceProfile
    :: Text -- ^ 'ipPath'
    -> Text -- ^ 'ipInstanceProfileName'
    -> Text -- ^ 'ipInstanceProfileId'
    -> Text -- ^ 'ipARN'
    -> UTCTime -- ^ 'ipCreateDate'
    -> InstanceProfile
instanceProfile pPath_ pInstanceProfileName_ pInstanceProfileId_ pARN_ pCreateDate_ =
    InstanceProfile'
    { _ipPath = pPath_
    , _ipInstanceProfileName = pInstanceProfileName_
    , _ipInstanceProfileId = pInstanceProfileId_
    , _ipARN = pARN_
    , _ipCreateDate = _Time # pCreateDate_
    , _ipRoles = mempty
    }

-- | The path to the instance profile. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
ipPath :: Lens' InstanceProfile Text
ipPath = lens _ipPath (\ s a -> s{_ipPath = a});

-- | The name identifying the instance profile.
ipInstanceProfileName :: Lens' InstanceProfile Text
ipInstanceProfileName = lens _ipInstanceProfileName (\ s a -> s{_ipInstanceProfileName = a});

-- | The stable and unique string identifying the instance profile. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
ipInstanceProfileId :: Lens' InstanceProfile Text
ipInstanceProfileId = lens _ipInstanceProfileId (\ s a -> s{_ipInstanceProfileId = a});

-- | The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
ipARN :: Lens' InstanceProfile Text
ipARN = lens _ipARN (\ s a -> s{_ipARN = a});

-- | The date when the instance profile was created.
ipCreateDate :: Lens' InstanceProfile UTCTime
ipCreateDate = lens _ipCreateDate (\ s a -> s{_ipCreateDate = a}) . _Time;

-- | The role associated with the instance profile.
ipRoles :: Lens' InstanceProfile [Role]
ipRoles = lens _ipRoles (\ s a -> s{_ipRoles = a}) . _Coerce;

instance FromXML InstanceProfile where
        parseXML x
          = InstanceProfile' <$>
              (x .@ "Path") <*> (x .@ "InstanceProfileName") <*>
                (x .@ "InstanceProfileId")
                <*> (x .@ "Arn")
                <*> (x .@ "CreateDate")
                <*>
                (x .@? "Roles" .!@ mempty >>= parseXMLList "member")

instance Hashable InstanceProfile

instance NFData InstanceProfile

-- | Contains the user name and password create date for a user.
--
-- This data type is used as a response element in the < CreateLoginProfile> and < GetLoginProfile> actions.
--
-- /See:/ 'loginProfile' smart constructor.
data LoginProfile = LoginProfile'
    { _lpPasswordResetRequired :: !(Maybe Bool)
    , _lpUserName              :: !Text
    , _lpCreateDate            :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'LoginProfile' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'lpPasswordResetRequired'
--
-- * 'lpUserName'
--
-- * 'lpCreateDate'
loginProfile
    :: Text -- ^ 'lpUserName'
    -> UTCTime -- ^ 'lpCreateDate'
    -> LoginProfile
loginProfile pUserName_ pCreateDate_ =
    LoginProfile'
    { _lpPasswordResetRequired = Nothing
    , _lpUserName = pUserName_
    , _lpCreateDate = _Time # pCreateDate_
    }

-- | Specifies whether the user is required to set a new password on next sign-in.
lpPasswordResetRequired :: Lens' LoginProfile (Maybe Bool)
lpPasswordResetRequired = lens _lpPasswordResetRequired (\ s a -> s{_lpPasswordResetRequired = a});

-- | The name of the user, which can be used for signing in to the AWS Management Console.
lpUserName :: Lens' LoginProfile Text
lpUserName = lens _lpUserName (\ s a -> s{_lpUserName = a});

-- | The date when the password for the user was created.
lpCreateDate :: Lens' LoginProfile UTCTime
lpCreateDate = lens _lpCreateDate (\ s a -> s{_lpCreateDate = a}) . _Time;

instance FromXML LoginProfile where
        parseXML x
          = LoginProfile' <$>
              (x .@? "PasswordResetRequired") <*> (x .@ "UserName")
                <*> (x .@ "CreateDate")

instance Hashable LoginProfile

instance NFData LoginProfile

-- | Contains information about an MFA device.
--
-- This data type is used as a response element in the < ListMFADevices> action.
--
-- /See:/ 'mfaDevice' smart constructor.
data MFADevice = MFADevice'
    { _mdUserName     :: !Text
    , _mdSerialNumber :: !Text
    , _mdEnableDate   :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'MFADevice' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'mdUserName'
--
-- * 'mdSerialNumber'
--
-- * 'mdEnableDate'
mfaDevice
    :: Text -- ^ 'mdUserName'
    -> Text -- ^ 'mdSerialNumber'
    -> UTCTime -- ^ 'mdEnableDate'
    -> MFADevice
mfaDevice pUserName_ pSerialNumber_ pEnableDate_ =
    MFADevice'
    { _mdUserName = pUserName_
    , _mdSerialNumber = pSerialNumber_
    , _mdEnableDate = _Time # pEnableDate_
    }

-- | The user with whom the MFA device is associated.
mdUserName :: Lens' MFADevice Text
mdUserName = lens _mdUserName (\ s a -> s{_mdUserName = a});

-- | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
mdSerialNumber :: Lens' MFADevice Text
mdSerialNumber = lens _mdSerialNumber (\ s a -> s{_mdSerialNumber = a});

-- | The date when the MFA device was enabled for the user.
mdEnableDate :: Lens' MFADevice UTCTime
mdEnableDate = lens _mdEnableDate (\ s a -> s{_mdEnableDate = a}) . _Time;

instance FromXML MFADevice where
        parseXML x
          = MFADevice' <$>
              (x .@ "UserName") <*> (x .@ "SerialNumber") <*>
                (x .@ "EnableDate")

instance Hashable MFADevice

instance NFData MFADevice

-- | Contains information about a managed policy, including the policy\'s ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.
--
-- This data type is used as a response element in the < GetAccountAuthorizationDetails> action.
--
-- For more information about managed policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
--
-- /See:/ 'managedPolicyDetail' smart constructor.
data ManagedPolicyDetail = ManagedPolicyDetail'
    { _mpdPolicyName        :: !(Maybe Text)
    , _mpdARN               :: !(Maybe Text)
    , _mpdUpdateDate        :: !(Maybe ISO8601)
    , _mpdPolicyId          :: !(Maybe Text)
    , _mpdPath              :: !(Maybe Text)
    , _mpdPolicyVersionList :: !(Maybe [PolicyVersion])
    , _mpdCreateDate        :: !(Maybe ISO8601)
    , _mpdIsAttachable      :: !(Maybe Bool)
    , _mpdDefaultVersionId  :: !(Maybe Text)
    , _mpdAttachmentCount   :: !(Maybe Int)
    , _mpdDescription       :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ManagedPolicyDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'mpdPolicyName'
--
-- * 'mpdARN'
--
-- * 'mpdUpdateDate'
--
-- * 'mpdPolicyId'
--
-- * 'mpdPath'
--
-- * 'mpdPolicyVersionList'
--
-- * 'mpdCreateDate'
--
-- * 'mpdIsAttachable'
--
-- * 'mpdDefaultVersionId'
--
-- * 'mpdAttachmentCount'
--
-- * 'mpdDescription'
managedPolicyDetail
    :: ManagedPolicyDetail
managedPolicyDetail =
    ManagedPolicyDetail'
    { _mpdPolicyName = Nothing
    , _mpdARN = Nothing
    , _mpdUpdateDate = Nothing
    , _mpdPolicyId = Nothing
    , _mpdPath = Nothing
    , _mpdPolicyVersionList = Nothing
    , _mpdCreateDate = Nothing
    , _mpdIsAttachable = Nothing
    , _mpdDefaultVersionId = Nothing
    , _mpdAttachmentCount = Nothing
    , _mpdDescription = Nothing
    }

-- | The friendly name (not ARN) identifying the policy.
mpdPolicyName :: Lens' ManagedPolicyDetail (Maybe Text)
mpdPolicyName = lens _mpdPolicyName (\ s a -> s{_mpdPolicyName = a});

-- | Undocumented member.
mpdARN :: Lens' ManagedPolicyDetail (Maybe Text)
mpdARN = lens _mpdARN (\ s a -> s{_mpdARN = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the policy was last updated.
--
-- When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
mpdUpdateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
mpdUpdateDate = lens _mpdUpdateDate (\ s a -> s{_mpdUpdateDate = a}) . mapping _Time;

-- | The stable and unique string identifying the policy.
--
-- For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
mpdPolicyId :: Lens' ManagedPolicyDetail (Maybe Text)
mpdPolicyId = lens _mpdPolicyId (\ s a -> s{_mpdPolicyId = a});

-- | The path to the policy.
--
-- For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
mpdPath :: Lens' ManagedPolicyDetail (Maybe Text)
mpdPath = lens _mpdPath (\ s a -> s{_mpdPath = a});

-- | A list containing information about the versions of the policy.
mpdPolicyVersionList :: Lens' ManagedPolicyDetail [PolicyVersion]
mpdPolicyVersionList = lens _mpdPolicyVersionList (\ s a -> s{_mpdPolicyVersionList = a}) . _Default . _Coerce;

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the policy was created.
mpdCreateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
mpdCreateDate = lens _mpdCreateDate (\ s a -> s{_mpdCreateDate = a}) . mapping _Time;

-- | Specifies whether the policy can be attached to an IAM user, group, or role.
mpdIsAttachable :: Lens' ManagedPolicyDetail (Maybe Bool)
mpdIsAttachable = lens _mpdIsAttachable (\ s a -> s{_mpdIsAttachable = a});

-- | The identifier for the version of the policy that is set as the default (operative) version.
--
-- For more information about policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /Using IAM/ guide.
mpdDefaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text)
mpdDefaultVersionId = lens _mpdDefaultVersionId (\ s a -> s{_mpdDefaultVersionId = a});

-- | The number of principal entities (users, groups, and roles) that the policy is attached to.
mpdAttachmentCount :: Lens' ManagedPolicyDetail (Maybe Int)
mpdAttachmentCount = lens _mpdAttachmentCount (\ s a -> s{_mpdAttachmentCount = a});

-- | A friendly description of the policy.
mpdDescription :: Lens' ManagedPolicyDetail (Maybe Text)
mpdDescription = lens _mpdDescription (\ s a -> s{_mpdDescription = a});

instance FromXML ManagedPolicyDetail where
        parseXML x
          = ManagedPolicyDetail' <$>
              (x .@? "PolicyName") <*> (x .@? "Arn") <*>
                (x .@? "UpdateDate")
                <*> (x .@? "PolicyId")
                <*> (x .@? "Path")
                <*>
                (x .@? "PolicyVersionList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@? "CreateDate")
                <*> (x .@? "IsAttachable")
                <*> (x .@? "DefaultVersionId")
                <*> (x .@? "AttachmentCount")
                <*> (x .@? "Description")

instance Hashable ManagedPolicyDetail

instance NFData ManagedPolicyDetail

-- | Contains the Amazon Resource Name (ARN) for an IAM OpenID Connect provider.
--
-- /See:/ 'openIdConnectProviderListEntry' smart constructor.
newtype OpenIdConnectProviderListEntry = OpenIdConnectProviderListEntry'
    { _oicpleARN :: Maybe Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'OpenIdConnectProviderListEntry' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'oicpleARN'
openIdConnectProviderListEntry
    :: OpenIdConnectProviderListEntry
openIdConnectProviderListEntry =
    OpenIdConnectProviderListEntry'
    { _oicpleARN = Nothing
    }

-- | Undocumented member.
oicpleARN :: Lens' OpenIdConnectProviderListEntry (Maybe Text)
oicpleARN = lens _oicpleARN (\ s a -> s{_oicpleARN = a});

instance FromXML OpenIdConnectProviderListEntry where
        parseXML x
          = OpenIdConnectProviderListEntry' <$> (x .@? "Arn")

instance Hashable OpenIdConnectProviderListEntry

instance NFData OpenIdConnectProviderListEntry

-- | Contains information about the account password policy.
--
-- This data type is used as a response element in the < GetAccountPasswordPolicy> action.
--
-- /See:/ 'passwordPolicy' smart constructor.
data PasswordPolicy = PasswordPolicy'
    { _ppExpirePasswords            :: !(Maybe Bool)
    , _ppMinimumPasswordLength      :: !(Maybe Nat)
    , _ppRequireNumbers             :: !(Maybe Bool)
    , _ppPasswordReusePrevention    :: !(Maybe Nat)
    , _ppRequireLowercaseCharacters :: !(Maybe Bool)
    , _ppMaxPasswordAge             :: !(Maybe Nat)
    , _ppHardExpiry                 :: !(Maybe Bool)
    , _ppRequireSymbols             :: !(Maybe Bool)
    , _ppRequireUppercaseCharacters :: !(Maybe Bool)
    , _ppAllowUsersToChangePassword :: !(Maybe Bool)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PasswordPolicy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'ppExpirePasswords'
--
-- * 'ppMinimumPasswordLength'
--
-- * 'ppRequireNumbers'
--
-- * 'ppPasswordReusePrevention'
--
-- * 'ppRequireLowercaseCharacters'
--
-- * 'ppMaxPasswordAge'
--
-- * 'ppHardExpiry'
--
-- * 'ppRequireSymbols'
--
-- * 'ppRequireUppercaseCharacters'
--
-- * 'ppAllowUsersToChangePassword'
passwordPolicy
    :: PasswordPolicy
passwordPolicy =
    PasswordPolicy'
    { _ppExpirePasswords = Nothing
    , _ppMinimumPasswordLength = Nothing
    , _ppRequireNumbers = Nothing
    , _ppPasswordReusePrevention = Nothing
    , _ppRequireLowercaseCharacters = Nothing
    , _ppMaxPasswordAge = Nothing
    , _ppHardExpiry = Nothing
    , _ppRequireSymbols = Nothing
    , _ppRequireUppercaseCharacters = Nothing
    , _ppAllowUsersToChangePassword = Nothing
    }

-- | Indicates whether passwords in the account expire. Returns true if MaxPasswordAge is contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
ppExpirePasswords :: Lens' PasswordPolicy (Maybe Bool)
ppExpirePasswords = lens _ppExpirePasswords (\ s a -> s{_ppExpirePasswords = a});

-- | Minimum length to require for IAM user passwords.
ppMinimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural)
ppMinimumPasswordLength = lens _ppMinimumPasswordLength (\ s a -> s{_ppMinimumPasswordLength = a}) . mapping _Nat;

-- | Specifies whether to require numbers for IAM user passwords.
ppRequireNumbers :: Lens' PasswordPolicy (Maybe Bool)
ppRequireNumbers = lens _ppRequireNumbers (\ s a -> s{_ppRequireNumbers = a});

-- | Specifies the number of previous passwords that IAM users are prevented from reusing.
ppPasswordReusePrevention :: Lens' PasswordPolicy (Maybe Natural)
ppPasswordReusePrevention = lens _ppPasswordReusePrevention (\ s a -> s{_ppPasswordReusePrevention = a}) . mapping _Nat;

-- | Specifies whether to require lowercase characters for IAM user passwords.
ppRequireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
ppRequireLowercaseCharacters = lens _ppRequireLowercaseCharacters (\ s a -> s{_ppRequireLowercaseCharacters = a});

-- | The number of days that an IAM user password is valid.
ppMaxPasswordAge :: Lens' PasswordPolicy (Maybe Natural)
ppMaxPasswordAge = lens _ppMaxPasswordAge (\ s a -> s{_ppMaxPasswordAge = a}) . mapping _Nat;

-- | Specifies whether IAM users are prevented from setting a new password after their password has expired.
ppHardExpiry :: Lens' PasswordPolicy (Maybe Bool)
ppHardExpiry = lens _ppHardExpiry (\ s a -> s{_ppHardExpiry = a});

-- | Specifies whether to require symbols for IAM user passwords.
ppRequireSymbols :: Lens' PasswordPolicy (Maybe Bool)
ppRequireSymbols = lens _ppRequireSymbols (\ s a -> s{_ppRequireSymbols = a});

-- | Specifies whether to require uppercase characters for IAM user passwords.
ppRequireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
ppRequireUppercaseCharacters = lens _ppRequireUppercaseCharacters (\ s a -> s{_ppRequireUppercaseCharacters = a});

-- | Specifies whether IAM users are allowed to change their own password.
ppAllowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool)
ppAllowUsersToChangePassword = lens _ppAllowUsersToChangePassword (\ s a -> s{_ppAllowUsersToChangePassword = a});

instance FromXML PasswordPolicy where
        parseXML x
          = PasswordPolicy' <$>
              (x .@? "ExpirePasswords") <*>
                (x .@? "MinimumPasswordLength")
                <*> (x .@? "RequireNumbers")
                <*> (x .@? "PasswordReusePrevention")
                <*> (x .@? "RequireLowercaseCharacters")
                <*> (x .@? "MaxPasswordAge")
                <*> (x .@? "HardExpiry")
                <*> (x .@? "RequireSymbols")
                <*> (x .@? "RequireUppercaseCharacters")
                <*> (x .@? "AllowUsersToChangePassword")

instance Hashable PasswordPolicy

instance NFData PasswordPolicy

-- | Contains information about a managed policy.
--
-- This data type is used as a response element in the < CreatePolicy>, < GetPolicy>, and < ListPolicies> actions.
--
-- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
--
-- /See:/ 'policy' smart constructor.
data Policy = Policy'
    { _pPolicyName       :: !(Maybe Text)
    , _pARN              :: !(Maybe Text)
    , _pUpdateDate       :: !(Maybe ISO8601)
    , _pPolicyId         :: !(Maybe Text)
    , _pPath             :: !(Maybe Text)
    , _pCreateDate       :: !(Maybe ISO8601)
    , _pIsAttachable     :: !(Maybe Bool)
    , _pDefaultVersionId :: !(Maybe Text)
    , _pAttachmentCount  :: !(Maybe Int)
    , _pDescription      :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Policy' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pPolicyName'
--
-- * 'pARN'
--
-- * 'pUpdateDate'
--
-- * 'pPolicyId'
--
-- * 'pPath'
--
-- * 'pCreateDate'
--
-- * 'pIsAttachable'
--
-- * 'pDefaultVersionId'
--
-- * 'pAttachmentCount'
--
-- * 'pDescription'
policy
    :: Policy
policy =
    Policy'
    { _pPolicyName = Nothing
    , _pARN = Nothing
    , _pUpdateDate = Nothing
    , _pPolicyId = Nothing
    , _pPath = Nothing
    , _pCreateDate = Nothing
    , _pIsAttachable = Nothing
    , _pDefaultVersionId = Nothing
    , _pAttachmentCount = Nothing
    , _pDescription = Nothing
    }

-- | The friendly name (not ARN) identifying the policy.
pPolicyName :: Lens' Policy (Maybe Text)
pPolicyName = lens _pPolicyName (\ s a -> s{_pPolicyName = a});

-- | Undocumented member.
pARN :: Lens' Policy (Maybe Text)
pARN = lens _pARN (\ s a -> s{_pARN = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the policy was last updated.
--
-- When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
pUpdateDate :: Lens' Policy (Maybe UTCTime)
pUpdateDate = lens _pUpdateDate (\ s a -> s{_pUpdateDate = a}) . mapping _Time;

-- | The stable and unique string identifying the policy.
--
-- For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
pPolicyId :: Lens' Policy (Maybe Text)
pPolicyId = lens _pPolicyId (\ s a -> s{_pPolicyId = a});

-- | The path to the policy.
--
-- For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
pPath :: Lens' Policy (Maybe Text)
pPath = lens _pPath (\ s a -> s{_pPath = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the policy was created.
pCreateDate :: Lens' Policy (Maybe UTCTime)
pCreateDate = lens _pCreateDate (\ s a -> s{_pCreateDate = a}) . mapping _Time;

-- | Specifies whether the policy can be attached to an IAM user, group, or role.
pIsAttachable :: Lens' Policy (Maybe Bool)
pIsAttachable = lens _pIsAttachable (\ s a -> s{_pIsAttachable = a});

-- | The identifier for the version of the policy that is set as the default version.
pDefaultVersionId :: Lens' Policy (Maybe Text)
pDefaultVersionId = lens _pDefaultVersionId (\ s a -> s{_pDefaultVersionId = a});

-- | The number of entities (users, groups, and roles) that the policy is attached to.
pAttachmentCount :: Lens' Policy (Maybe Int)
pAttachmentCount = lens _pAttachmentCount (\ s a -> s{_pAttachmentCount = a});

-- | A friendly description of the policy.
--
-- This element is included in the response to the < GetPolicy> operation. It is not included in the response to the < ListPolicies> operation.
pDescription :: Lens' Policy (Maybe Text)
pDescription = lens _pDescription (\ s a -> s{_pDescription = a});

instance FromXML Policy where
        parseXML x
          = Policy' <$>
              (x .@? "PolicyName") <*> (x .@? "Arn") <*>
                (x .@? "UpdateDate")
                <*> (x .@? "PolicyId")
                <*> (x .@? "Path")
                <*> (x .@? "CreateDate")
                <*> (x .@? "IsAttachable")
                <*> (x .@? "DefaultVersionId")
                <*> (x .@? "AttachmentCount")
                <*> (x .@? "Description")

instance Hashable Policy

instance NFData Policy

-- | Contains information about an IAM policy, including the policy document.
--
-- This data type is used as a response element in the < GetAccountAuthorizationDetails> action.
--
-- /See:/ 'policyDetail' smart constructor.
data PolicyDetail = PolicyDetail'
    { _pdPolicyDocument :: !(Maybe Text)
    , _pdPolicyName     :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pdPolicyDocument'
--
-- * 'pdPolicyName'
policyDetail
    :: PolicyDetail
policyDetail =
    PolicyDetail'
    { _pdPolicyDocument = Nothing
    , _pdPolicyName = Nothing
    }

-- | The policy document.
pdPolicyDocument :: Lens' PolicyDetail (Maybe Text)
pdPolicyDocument = lens _pdPolicyDocument (\ s a -> s{_pdPolicyDocument = a});

-- | The name of the policy.
pdPolicyName :: Lens' PolicyDetail (Maybe Text)
pdPolicyName = lens _pdPolicyName (\ s a -> s{_pdPolicyName = a});

instance FromXML PolicyDetail where
        parseXML x
          = PolicyDetail' <$>
              (x .@? "PolicyDocument") <*> (x .@? "PolicyName")

instance Hashable PolicyDetail

instance NFData PolicyDetail

-- | Contains information about a group that a managed policy is attached to.
--
-- This data type is used as a response element in the < ListEntitiesForPolicy> action.
--
-- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
--
-- /See:/ 'policyGroup' smart constructor.
data PolicyGroup = PolicyGroup'
    { _pgGroupId   :: !(Maybe Text)
    , _pgGroupName :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyGroup' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pgGroupId'
--
-- * 'pgGroupName'
policyGroup
    :: PolicyGroup
policyGroup =
    PolicyGroup'
    { _pgGroupId = Nothing
    , _pgGroupName = Nothing
    }

-- | The stable and unique string identifying the group. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers> in the /IAM User Guide/.
pgGroupId :: Lens' PolicyGroup (Maybe Text)
pgGroupId = lens _pgGroupId (\ s a -> s{_pgGroupId = a});

-- | The name (friendly name, not ARN) identifying the group.
pgGroupName :: Lens' PolicyGroup (Maybe Text)
pgGroupName = lens _pgGroupName (\ s a -> s{_pgGroupName = a});

instance FromXML PolicyGroup where
        parseXML x
          = PolicyGroup' <$>
              (x .@? "GroupId") <*> (x .@? "GroupName")

instance Hashable PolicyGroup

instance NFData PolicyGroup

-- | Contains information about a role that a managed policy is attached to.
--
-- This data type is used as a response element in the < ListEntitiesForPolicy> action.
--
-- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
--
-- /See:/ 'policyRole' smart constructor.
data PolicyRole = PolicyRole'
    { _prRoleName :: !(Maybe Text)
    , _prRoleId   :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyRole' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'prRoleName'
--
-- * 'prRoleId'
policyRole
    :: PolicyRole
policyRole =
    PolicyRole'
    { _prRoleName = Nothing
    , _prRoleId = Nothing
    }

-- | The name (friendly name, not ARN) identifying the role.
prRoleName :: Lens' PolicyRole (Maybe Text)
prRoleName = lens _prRoleName (\ s a -> s{_prRoleName = a});

-- | The stable and unique string identifying the role. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers> in the /IAM User Guide/.
prRoleId :: Lens' PolicyRole (Maybe Text)
prRoleId = lens _prRoleId (\ s a -> s{_prRoleId = a});

instance FromXML PolicyRole where
        parseXML x
          = PolicyRole' <$>
              (x .@? "RoleName") <*> (x .@? "RoleId")

instance Hashable PolicyRole

instance NFData PolicyRole

-- | Contains information about a user that a managed policy is attached to.
--
-- This data type is used as a response element in the < ListEntitiesForPolicy> action.
--
-- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
--
-- /See:/ 'policyUser' smart constructor.
data PolicyUser = PolicyUser'
    { _puUserName :: !(Maybe Text)
    , _puUserId   :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyUser' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'puUserName'
--
-- * 'puUserId'
policyUser
    :: PolicyUser
policyUser =
    PolicyUser'
    { _puUserName = Nothing
    , _puUserId = Nothing
    }

-- | The name (friendly name, not ARN) identifying the user.
puUserName :: Lens' PolicyUser (Maybe Text)
puUserName = lens _puUserName (\ s a -> s{_puUserName = a});

-- | The stable and unique string identifying the user. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers> in the /IAM User Guide/.
puUserId :: Lens' PolicyUser (Maybe Text)
puUserId = lens _puUserId (\ s a -> s{_puUserId = a});

instance FromXML PolicyUser where
        parseXML x
          = PolicyUser' <$>
              (x .@? "UserName") <*> (x .@? "UserId")

instance Hashable PolicyUser

instance NFData PolicyUser

-- | Contains information about a version of a managed policy.
--
-- This data type is used as a response element in the < CreatePolicyVersion>, < GetPolicyVersion>, < ListPolicyVersions>, and < GetAccountAuthorizationDetails> actions.
--
-- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
--
-- /See:/ 'policyVersion' smart constructor.
data PolicyVersion = PolicyVersion'
    { _pvVersionId        :: !(Maybe Text)
    , _pvCreateDate       :: !(Maybe ISO8601)
    , _pvDocument         :: !(Maybe Text)
    , _pvIsDefaultVersion :: !(Maybe Bool)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'PolicyVersion' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pvVersionId'
--
-- * 'pvCreateDate'
--
-- * 'pvDocument'
--
-- * 'pvIsDefaultVersion'
policyVersion
    :: PolicyVersion
policyVersion =
    PolicyVersion'
    { _pvVersionId = Nothing
    , _pvCreateDate = Nothing
    , _pvDocument = Nothing
    , _pvIsDefaultVersion = Nothing
    }

-- | The identifier for the policy version.
--
-- Policy version identifiers always begin with 'v' (always lowercase). When a policy is created, the first policy version is 'v1'.
pvVersionId :: Lens' PolicyVersion (Maybe Text)
pvVersionId = lens _pvVersionId (\ s a -> s{_pvVersionId = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the policy version was created.
pvCreateDate :: Lens' PolicyVersion (Maybe UTCTime)
pvCreateDate = lens _pvCreateDate (\ s a -> s{_pvCreateDate = a}) . mapping _Time;

-- | The policy document.
--
-- The policy document is returned in the response to the < GetPolicyVersion> and < GetAccountAuthorizationDetails> operations. It is not returned in the response to the < CreatePolicyVersion> or < ListPolicyVersions> operations.
pvDocument :: Lens' PolicyVersion (Maybe Text)
pvDocument = lens _pvDocument (\ s a -> s{_pvDocument = a});

-- | Specifies whether the policy version is set as the policy\'s default version.
pvIsDefaultVersion :: Lens' PolicyVersion (Maybe Bool)
pvIsDefaultVersion = lens _pvIsDefaultVersion (\ s a -> s{_pvIsDefaultVersion = a});

instance FromXML PolicyVersion where
        parseXML x
          = PolicyVersion' <$>
              (x .@? "VersionId") <*> (x .@? "CreateDate") <*>
                (x .@? "Document")
                <*> (x .@? "IsDefaultVersion")

instance Hashable PolicyVersion

instance NFData PolicyVersion

-- | Contains the row and column of a location of a 'Statement' element in a policy document.
--
-- This data type is used as a member of the 'Statement' type.
--
-- /See:/ 'position' smart constructor.
data Position = Position'
    { _pLine   :: !(Maybe Int)
    , _pColumn :: !(Maybe Int)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Position' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'pLine'
--
-- * 'pColumn'
position
    :: Position
position =
    Position'
    { _pLine = Nothing
    , _pColumn = Nothing
    }

-- | The line containing the specified position in the document.
pLine :: Lens' Position (Maybe Int)
pLine = lens _pLine (\ s a -> s{_pLine = a});

-- | The column in the line containing the specified position in the document.
pColumn :: Lens' Position (Maybe Int)
pColumn = lens _pColumn (\ s a -> s{_pColumn = a});

instance FromXML Position where
        parseXML x
          = Position' <$> (x .@? "Line") <*> (x .@? "Column")

instance Hashable Position

instance NFData Position

-- | Contains the result of the simulation of a single API action call on a single resource.
--
-- This data type is used by a member of the < EvaluationResult> data type.
--
-- /See:/ 'resourceSpecificResult' smart constructor.
data ResourceSpecificResult = ResourceSpecificResult'
    { _rsrMatchedStatements    :: !(Maybe [Statement])
    , _rsrEvalDecisionDetails  :: !(Maybe (Map Text PolicyEvaluationDecisionType))
    , _rsrMissingContextValues :: !(Maybe [Text])
    , _rsrEvalResourceName     :: !Text
    , _rsrEvalResourceDecision :: !PolicyEvaluationDecisionType
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ResourceSpecificResult' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'rsrMatchedStatements'
--
-- * 'rsrEvalDecisionDetails'
--
-- * 'rsrMissingContextValues'
--
-- * 'rsrEvalResourceName'
--
-- * 'rsrEvalResourceDecision'
resourceSpecificResult
    :: Text -- ^ 'rsrEvalResourceName'
    -> PolicyEvaluationDecisionType -- ^ 'rsrEvalResourceDecision'
    -> ResourceSpecificResult
resourceSpecificResult pEvalResourceName_ pEvalResourceDecision_ =
    ResourceSpecificResult'
    { _rsrMatchedStatements = Nothing
    , _rsrEvalDecisionDetails = Nothing
    , _rsrMissingContextValues = Nothing
    , _rsrEvalResourceName = pEvalResourceName_
    , _rsrEvalResourceDecision = pEvalResourceDecision_
    }

-- | A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the action on the resource, if /any/ statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
rsrMatchedStatements :: Lens' ResourceSpecificResult [Statement]
rsrMatchedStatements = lens _rsrMatchedStatements (\ s a -> s{_rsrMatchedStatements = a}) . _Default . _Coerce;

-- | Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller\'s IAM policy must grant access.
rsrEvalDecisionDetails :: Lens' ResourceSpecificResult (HashMap Text PolicyEvaluationDecisionType)
rsrEvalDecisionDetails = lens _rsrEvalDecisionDetails (\ s a -> s{_rsrEvalDecisionDetails = a}) . _Default . _Map;

-- | A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the 'ResourceArns' parameter instead of \"*\". If you do not specify individual resources, by setting 'ResourceArns' to \"*\" or by not including the 'ResourceArns' parameter, then any missing context values are instead included under the 'EvaluationResults' section. To discover the context keys used by a set of policies, you can call < GetContextKeysForCustomPolicy> or < GetContextKeysForPrincipalPolicy>.
rsrMissingContextValues :: Lens' ResourceSpecificResult [Text]
rsrMissingContextValues = lens _rsrMissingContextValues (\ s a -> s{_rsrMissingContextValues = a}) . _Default . _Coerce;

-- | The name of the simulated resource, in Amazon Resource Name (ARN) format.
rsrEvalResourceName :: Lens' ResourceSpecificResult Text
rsrEvalResourceName = lens _rsrEvalResourceName (\ s a -> s{_rsrEvalResourceName = a});

-- | The result of the simulation of the simulated API action on the resource specified in 'EvalResourceName'.
rsrEvalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType
rsrEvalResourceDecision = lens _rsrEvalResourceDecision (\ s a -> s{_rsrEvalResourceDecision = a});

instance FromXML ResourceSpecificResult where
        parseXML x
          = ResourceSpecificResult' <$>
              (x .@? "MatchedStatements" .!@ mempty >>=
                 may (parseXMLList "member"))
                <*>
                (x .@? "EvalDecisionDetails" .!@ mempty >>=
                   may (parseXMLMap "entry" "key" "value"))
                <*>
                (x .@? "MissingContextValues" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@ "EvalResourceName")
                <*> (x .@ "EvalResourceDecision")

instance Hashable ResourceSpecificResult

instance NFData ResourceSpecificResult

-- | Contains information about an IAM role.
--
-- This data type is used as a response element in the following actions:
--
-- -   < CreateRole>
--
-- -   < GetRole>
--
-- -   < ListRoles>
--
--
-- /See:/ 'role'' smart constructor.
data Role = Role'
    { _rAssumeRolePolicyDocument :: !(Maybe Text)
    , _rPath                     :: !Text
    , _rRoleName                 :: !Text
    , _rRoleId                   :: !Text
    , _rARN                      :: !Text
    , _rCreateDate               :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Role' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'rAssumeRolePolicyDocument'
--
-- * 'rPath'
--
-- * 'rRoleName'
--
-- * 'rRoleId'
--
-- * 'rARN'
--
-- * 'rCreateDate'
role'
    :: Text -- ^ 'rPath'
    -> Text -- ^ 'rRoleName'
    -> Text -- ^ 'rRoleId'
    -> Text -- ^ 'rARN'
    -> UTCTime -- ^ 'rCreateDate'
    -> Role
role' pPath_ pRoleName_ pRoleId_ pARN_ pCreateDate_ =
    Role'
    { _rAssumeRolePolicyDocument = Nothing
    , _rPath = pPath_
    , _rRoleName = pRoleName_
    , _rRoleId = pRoleId_
    , _rARN = pARN_
    , _rCreateDate = _Time # pCreateDate_
    }

-- | The policy that grants an entity permission to assume the role.
rAssumeRolePolicyDocument :: Lens' Role (Maybe Text)
rAssumeRolePolicyDocument = lens _rAssumeRolePolicyDocument (\ s a -> s{_rAssumeRolePolicyDocument = a});

-- | The path to the role. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
rPath :: Lens' Role Text
rPath = lens _rPath (\ s a -> s{_rPath = a});

-- | The friendly name that identifies the role.
rRoleName :: Lens' Role Text
rRoleName = lens _rRoleName (\ s a -> s{_rRoleName = a});

-- | The stable and unique string identifying the role. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
rRoleId :: Lens' Role Text
rRoleId = lens _rRoleId (\ s a -> s{_rRoleId = a});

-- | The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
rARN :: Lens' Role Text
rARN = lens _rARN (\ s a -> s{_rARN = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the role was created.
rCreateDate :: Lens' Role UTCTime
rCreateDate = lens _rCreateDate (\ s a -> s{_rCreateDate = a}) . _Time;

instance FromXML Role where
        parseXML x
          = Role' <$>
              (x .@? "AssumeRolePolicyDocument") <*> (x .@ "Path")
                <*> (x .@ "RoleName")
                <*> (x .@ "RoleId")
                <*> (x .@ "Arn")
                <*> (x .@ "CreateDate")

instance Hashable Role

instance NFData Role

-- | Contains information about an IAM role, including all of the role\'s policies.
--
-- This data type is used as a response element in the < GetAccountAuthorizationDetails> action.
--
-- /See:/ 'roleDetail' smart constructor.
data RoleDetail = RoleDetail'
    { _rdAssumeRolePolicyDocument :: !(Maybe Text)
    , _rdARN                      :: !(Maybe Text)
    , _rdPath                     :: !(Maybe Text)
    , _rdInstanceProfileList      :: !(Maybe [InstanceProfile])
    , _rdCreateDate               :: !(Maybe ISO8601)
    , _rdRoleName                 :: !(Maybe Text)
    , _rdRoleId                   :: !(Maybe Text)
    , _rdRolePolicyList           :: !(Maybe [PolicyDetail])
    , _rdAttachedManagedPolicies  :: !(Maybe [AttachedPolicy])
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'RoleDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'rdAssumeRolePolicyDocument'
--
-- * 'rdARN'
--
-- * 'rdPath'
--
-- * 'rdInstanceProfileList'
--
-- * 'rdCreateDate'
--
-- * 'rdRoleName'
--
-- * 'rdRoleId'
--
-- * 'rdRolePolicyList'
--
-- * 'rdAttachedManagedPolicies'
roleDetail
    :: RoleDetail
roleDetail =
    RoleDetail'
    { _rdAssumeRolePolicyDocument = Nothing
    , _rdARN = Nothing
    , _rdPath = Nothing
    , _rdInstanceProfileList = Nothing
    , _rdCreateDate = Nothing
    , _rdRoleName = Nothing
    , _rdRoleId = Nothing
    , _rdRolePolicyList = Nothing
    , _rdAttachedManagedPolicies = Nothing
    }

-- | The trust policy that grants permission to assume the role.
rdAssumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text)
rdAssumeRolePolicyDocument = lens _rdAssumeRolePolicyDocument (\ s a -> s{_rdAssumeRolePolicyDocument = a});

-- | Undocumented member.
rdARN :: Lens' RoleDetail (Maybe Text)
rdARN = lens _rdARN (\ s a -> s{_rdARN = a});

-- | The path to the role. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
rdPath :: Lens' RoleDetail (Maybe Text)
rdPath = lens _rdPath (\ s a -> s{_rdPath = a});

-- | Undocumented member.
rdInstanceProfileList :: Lens' RoleDetail [InstanceProfile]
rdInstanceProfileList = lens _rdInstanceProfileList (\ s a -> s{_rdInstanceProfileList = a}) . _Default . _Coerce;

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the role was created.
rdCreateDate :: Lens' RoleDetail (Maybe UTCTime)
rdCreateDate = lens _rdCreateDate (\ s a -> s{_rdCreateDate = a}) . mapping _Time;

-- | The friendly name that identifies the role.
rdRoleName :: Lens' RoleDetail (Maybe Text)
rdRoleName = lens _rdRoleName (\ s a -> s{_rdRoleName = a});

-- | The stable and unique string identifying the role. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
rdRoleId :: Lens' RoleDetail (Maybe Text)
rdRoleId = lens _rdRoleId (\ s a -> s{_rdRoleId = a});

-- | A list of inline policies embedded in the role. These policies are the role\'s access (permissions) policies.
rdRolePolicyList :: Lens' RoleDetail [PolicyDetail]
rdRolePolicyList = lens _rdRolePolicyList (\ s a -> s{_rdRolePolicyList = a}) . _Default . _Coerce;

-- | A list of managed policies attached to the role. These policies are the role\'s access (permissions) policies.
rdAttachedManagedPolicies :: Lens' RoleDetail [AttachedPolicy]
rdAttachedManagedPolicies = lens _rdAttachedManagedPolicies (\ s a -> s{_rdAttachedManagedPolicies = a}) . _Default . _Coerce;

instance FromXML RoleDetail where
        parseXML x
          = RoleDetail' <$>
              (x .@? "AssumeRolePolicyDocument") <*> (x .@? "Arn")
                <*> (x .@? "Path")
                <*>
                (x .@? "InstanceProfileList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*> (x .@? "CreateDate")
                <*> (x .@? "RoleName")
                <*> (x .@? "RoleId")
                <*>
                (x .@? "RolePolicyList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*>
                (x .@? "AttachedManagedPolicies" .!@ mempty >>=
                   may (parseXMLList "member"))

instance Hashable RoleDetail

instance NFData RoleDetail

-- | Contains the list of SAML providers for this account.
--
-- /See:/ 'sAMLProviderListEntry' smart constructor.
data SAMLProviderListEntry = SAMLProviderListEntry'
    { _samlpleARN        :: !(Maybe Text)
    , _samlpleCreateDate :: !(Maybe ISO8601)
    , _samlpleValidUntil :: !(Maybe ISO8601)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SAMLProviderListEntry' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'samlpleARN'
--
-- * 'samlpleCreateDate'
--
-- * 'samlpleValidUntil'
sAMLProviderListEntry
    :: SAMLProviderListEntry
sAMLProviderListEntry =
    SAMLProviderListEntry'
    { _samlpleARN = Nothing
    , _samlpleCreateDate = Nothing
    , _samlpleValidUntil = Nothing
    }

-- | The Amazon Resource Name (ARN) of the SAML provider.
samlpleARN :: Lens' SAMLProviderListEntry (Maybe Text)
samlpleARN = lens _samlpleARN (\ s a -> s{_samlpleARN = a});

-- | The date and time when the SAML provider was created.
samlpleCreateDate :: Lens' SAMLProviderListEntry (Maybe UTCTime)
samlpleCreateDate = lens _samlpleCreateDate (\ s a -> s{_samlpleCreateDate = a}) . mapping _Time;

-- | The expiration date and time for the SAML provider.
samlpleValidUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime)
samlpleValidUntil = lens _samlpleValidUntil (\ s a -> s{_samlpleValidUntil = a}) . mapping _Time;

instance FromXML SAMLProviderListEntry where
        parseXML x
          = SAMLProviderListEntry' <$>
              (x .@? "Arn") <*> (x .@? "CreateDate") <*>
                (x .@? "ValidUntil")

instance Hashable SAMLProviderListEntry

instance NFData SAMLProviderListEntry

-- | Contains information about an SSH public key.
--
-- This data type is used as a response element in the < GetSSHPublicKey> and < UploadSSHPublicKey> actions.
--
-- /See:/ 'sshPublicKey' smart constructor.
data SSHPublicKey = SSHPublicKey'
    { _spkUploadDate       :: !(Maybe ISO8601)
    , _spkUserName         :: !Text
    , _spkSSHPublicKeyId   :: !Text
    , _spkFingerprint      :: !Text
    , _spkSSHPublicKeyBody :: !Text
    , _spkStatus           :: !StatusType
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SSHPublicKey' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'spkUploadDate'
--
-- * 'spkUserName'
--
-- * 'spkSSHPublicKeyId'
--
-- * 'spkFingerprint'
--
-- * 'spkSSHPublicKeyBody'
--
-- * 'spkStatus'
sshPublicKey
    :: Text -- ^ 'spkUserName'
    -> Text -- ^ 'spkSSHPublicKeyId'
    -> Text -- ^ 'spkFingerprint'
    -> Text -- ^ 'spkSSHPublicKeyBody'
    -> StatusType -- ^ 'spkStatus'
    -> SSHPublicKey
sshPublicKey pUserName_ pSSHPublicKeyId_ pFingerprint_ pSSHPublicKeyBody_ pStatus_ =
    SSHPublicKey'
    { _spkUploadDate = Nothing
    , _spkUserName = pUserName_
    , _spkSSHPublicKeyId = pSSHPublicKeyId_
    , _spkFingerprint = pFingerprint_
    , _spkSSHPublicKeyBody = pSSHPublicKeyBody_
    , _spkStatus = pStatus_
    }

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the SSH public key was uploaded.
spkUploadDate :: Lens' SSHPublicKey (Maybe UTCTime)
spkUploadDate = lens _spkUploadDate (\ s a -> s{_spkUploadDate = a}) . mapping _Time;

-- | The name of the IAM user associated with the SSH public key.
spkUserName :: Lens' SSHPublicKey Text
spkUserName = lens _spkUserName (\ s a -> s{_spkUserName = a});

-- | The unique identifier for the SSH public key.
spkSSHPublicKeyId :: Lens' SSHPublicKey Text
spkSSHPublicKeyId = lens _spkSSHPublicKeyId (\ s a -> s{_spkSSHPublicKeyId = a});

-- | The MD5 message digest of the SSH public key.
spkFingerprint :: Lens' SSHPublicKey Text
spkFingerprint = lens _spkFingerprint (\ s a -> s{_spkFingerprint = a});

-- | The SSH public key.
spkSSHPublicKeyBody :: Lens' SSHPublicKey Text
spkSSHPublicKeyBody = lens _spkSSHPublicKeyBody (\ s a -> s{_spkSSHPublicKeyBody = a});

-- | The status of the SSH public key. 'Active' means the key can be used for authentication with an AWS CodeCommit repository. 'Inactive' means the key cannot be used.
spkStatus :: Lens' SSHPublicKey StatusType
spkStatus = lens _spkStatus (\ s a -> s{_spkStatus = a});

instance FromXML SSHPublicKey where
        parseXML x
          = SSHPublicKey' <$>
              (x .@? "UploadDate") <*> (x .@ "UserName") <*>
                (x .@ "SSHPublicKeyId")
                <*> (x .@ "Fingerprint")
                <*> (x .@ "SSHPublicKeyBody")
                <*> (x .@ "Status")

instance Hashable SSHPublicKey

instance NFData SSHPublicKey

-- | Contains information about an SSH public key, without the key\'s body or fingerprint.
--
-- This data type is used as a response element in the < ListSSHPublicKeys> action.
--
-- /See:/ 'sshPublicKeyMetadata' smart constructor.
data SSHPublicKeyMetadata = SSHPublicKeyMetadata'
    { _spkmUserName       :: !Text
    , _spkmSSHPublicKeyId :: !Text
    , _spkmStatus         :: !StatusType
    , _spkmUploadDate     :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SSHPublicKeyMetadata' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'spkmUserName'
--
-- * 'spkmSSHPublicKeyId'
--
-- * 'spkmStatus'
--
-- * 'spkmUploadDate'
sshPublicKeyMetadata
    :: Text -- ^ 'spkmUserName'
    -> Text -- ^ 'spkmSSHPublicKeyId'
    -> StatusType -- ^ 'spkmStatus'
    -> UTCTime -- ^ 'spkmUploadDate'
    -> SSHPublicKeyMetadata
sshPublicKeyMetadata pUserName_ pSSHPublicKeyId_ pStatus_ pUploadDate_ =
    SSHPublicKeyMetadata'
    { _spkmUserName = pUserName_
    , _spkmSSHPublicKeyId = pSSHPublicKeyId_
    , _spkmStatus = pStatus_
    , _spkmUploadDate = _Time # pUploadDate_
    }

-- | The name of the IAM user associated with the SSH public key.
spkmUserName :: Lens' SSHPublicKeyMetadata Text
spkmUserName = lens _spkmUserName (\ s a -> s{_spkmUserName = a});

-- | The unique identifier for the SSH public key.
spkmSSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text
spkmSSHPublicKeyId = lens _spkmSSHPublicKeyId (\ s a -> s{_spkmSSHPublicKeyId = a});

-- | The status of the SSH public key. 'Active' means the key can be used for authentication with an AWS CodeCommit repository. 'Inactive' means the key cannot be used.
spkmStatus :: Lens' SSHPublicKeyMetadata StatusType
spkmStatus = lens _spkmStatus (\ s a -> s{_spkmStatus = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the SSH public key was uploaded.
spkmUploadDate :: Lens' SSHPublicKeyMetadata UTCTime
spkmUploadDate = lens _spkmUploadDate (\ s a -> s{_spkmUploadDate = a}) . _Time;

instance FromXML SSHPublicKeyMetadata where
        parseXML x
          = SSHPublicKeyMetadata' <$>
              (x .@ "UserName") <*> (x .@ "SSHPublicKeyId") <*>
                (x .@ "Status")
                <*> (x .@ "UploadDate")

instance Hashable SSHPublicKeyMetadata

instance NFData SSHPublicKeyMetadata

-- | Contains information about a server certificate.
--
-- This data type is used as a response element in the < GetServerCertificate> action.
--
-- /See:/ 'serverCertificate' smart constructor.
data ServerCertificate = ServerCertificate'
    { _sCertificateChain          :: !(Maybe Text)
    , _sServerCertificateMetadata :: !ServerCertificateMetadata
    , _sCertificateBody           :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ServerCertificate' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'sCertificateChain'
--
-- * 'sServerCertificateMetadata'
--
-- * 'sCertificateBody'
serverCertificate
    :: ServerCertificateMetadata -- ^ 'sServerCertificateMetadata'
    -> Text -- ^ 'sCertificateBody'
    -> ServerCertificate
serverCertificate pServerCertificateMetadata_ pCertificateBody_ =
    ServerCertificate'
    { _sCertificateChain = Nothing
    , _sServerCertificateMetadata = pServerCertificateMetadata_
    , _sCertificateBody = pCertificateBody_
    }

-- | The contents of the public key certificate chain.
sCertificateChain :: Lens' ServerCertificate (Maybe Text)
sCertificateChain = lens _sCertificateChain (\ s a -> s{_sCertificateChain = a});

-- | The meta information of the server certificate, such as its name, path, ID, and ARN.
sServerCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata
sServerCertificateMetadata = lens _sServerCertificateMetadata (\ s a -> s{_sServerCertificateMetadata = a});

-- | The contents of the public key certificate.
sCertificateBody :: Lens' ServerCertificate Text
sCertificateBody = lens _sCertificateBody (\ s a -> s{_sCertificateBody = a});

instance FromXML ServerCertificate where
        parseXML x
          = ServerCertificate' <$>
              (x .@? "CertificateChain") <*>
                (x .@ "ServerCertificateMetadata")
                <*> (x .@ "CertificateBody")

instance Hashable ServerCertificate

instance NFData ServerCertificate

-- | Contains information about a server certificate without its certificate body, certificate chain, and private key.
--
-- This data type is used as a response element in the < UploadServerCertificate> and < ListServerCertificates> actions.
--
-- /See:/ 'serverCertificateMetadata' smart constructor.
data ServerCertificateMetadata = ServerCertificateMetadata'
    { _scmUploadDate            :: !(Maybe ISO8601)
    , _scmExpiration            :: !(Maybe ISO8601)
    , _scmPath                  :: !Text
    , _scmServerCertificateName :: !Text
    , _scmServerCertificateId   :: !Text
    , _scmARN                   :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'ServerCertificateMetadata' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'scmUploadDate'
--
-- * 'scmExpiration'
--
-- * 'scmPath'
--
-- * 'scmServerCertificateName'
--
-- * 'scmServerCertificateId'
--
-- * 'scmARN'
serverCertificateMetadata
    :: Text -- ^ 'scmPath'
    -> Text -- ^ 'scmServerCertificateName'
    -> Text -- ^ 'scmServerCertificateId'
    -> Text -- ^ 'scmARN'
    -> ServerCertificateMetadata
serverCertificateMetadata pPath_ pServerCertificateName_ pServerCertificateId_ pARN_ =
    ServerCertificateMetadata'
    { _scmUploadDate = Nothing
    , _scmExpiration = Nothing
    , _scmPath = pPath_
    , _scmServerCertificateName = pServerCertificateName_
    , _scmServerCertificateId = pServerCertificateId_
    , _scmARN = pARN_
    }

-- | The date when the server certificate was uploaded.
scmUploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime)
scmUploadDate = lens _scmUploadDate (\ s a -> s{_scmUploadDate = a}) . mapping _Time;

-- | The date on which the certificate is set to expire.
scmExpiration :: Lens' ServerCertificateMetadata (Maybe UTCTime)
scmExpiration = lens _scmExpiration (\ s a -> s{_scmExpiration = a}) . mapping _Time;

-- | The path to the server certificate. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
scmPath :: Lens' ServerCertificateMetadata Text
scmPath = lens _scmPath (\ s a -> s{_scmPath = a});

-- | The name that identifies the server certificate.
scmServerCertificateName :: Lens' ServerCertificateMetadata Text
scmServerCertificateName = lens _scmServerCertificateName (\ s a -> s{_scmServerCertificateName = a});

-- | The stable and unique string identifying the server certificate. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
scmServerCertificateId :: Lens' ServerCertificateMetadata Text
scmServerCertificateId = lens _scmServerCertificateId (\ s a -> s{_scmServerCertificateId = a});

-- | The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
scmARN :: Lens' ServerCertificateMetadata Text
scmARN = lens _scmARN (\ s a -> s{_scmARN = a});

instance FromXML ServerCertificateMetadata where
        parseXML x
          = ServerCertificateMetadata' <$>
              (x .@? "UploadDate") <*> (x .@? "Expiration") <*>
                (x .@ "Path")
                <*> (x .@ "ServerCertificateName")
                <*> (x .@ "ServerCertificateId")
                <*> (x .@ "Arn")

instance Hashable ServerCertificateMetadata

instance NFData ServerCertificateMetadata

-- | Contains information about an X.509 signing certificate.
--
-- This data type is used as a response element in the < UploadSigningCertificate> and < ListSigningCertificates> actions.
--
-- /See:/ 'signingCertificate' smart constructor.
data SigningCertificate = SigningCertificate'
    { _scUploadDate      :: !(Maybe ISO8601)
    , _scUserName        :: !Text
    , _scCertificateId   :: !Text
    , _scCertificateBody :: !Text
    , _scStatus          :: !StatusType
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SigningCertificate' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'scUploadDate'
--
-- * 'scUserName'
--
-- * 'scCertificateId'
--
-- * 'scCertificateBody'
--
-- * 'scStatus'
signingCertificate
    :: Text -- ^ 'scUserName'
    -> Text -- ^ 'scCertificateId'
    -> Text -- ^ 'scCertificateBody'
    -> StatusType -- ^ 'scStatus'
    -> SigningCertificate
signingCertificate pUserName_ pCertificateId_ pCertificateBody_ pStatus_ =
    SigningCertificate'
    { _scUploadDate = Nothing
    , _scUserName = pUserName_
    , _scCertificateId = pCertificateId_
    , _scCertificateBody = pCertificateBody_
    , _scStatus = pStatus_
    }

-- | The date when the signing certificate was uploaded.
scUploadDate :: Lens' SigningCertificate (Maybe UTCTime)
scUploadDate = lens _scUploadDate (\ s a -> s{_scUploadDate = a}) . mapping _Time;

-- | The name of the user the signing certificate is associated with.
scUserName :: Lens' SigningCertificate Text
scUserName = lens _scUserName (\ s a -> s{_scUserName = a});

-- | The ID for the signing certificate.
scCertificateId :: Lens' SigningCertificate Text
scCertificateId = lens _scCertificateId (\ s a -> s{_scCertificateId = a});

-- | The contents of the signing certificate.
scCertificateBody :: Lens' SigningCertificate Text
scCertificateBody = lens _scCertificateBody (\ s a -> s{_scCertificateBody = a});

-- | The status of the signing certificate. 'Active' means the key is valid for API calls, while 'Inactive' means it is not.
scStatus :: Lens' SigningCertificate StatusType
scStatus = lens _scStatus (\ s a -> s{_scStatus = a});

instance FromXML SigningCertificate where
        parseXML x
          = SigningCertificate' <$>
              (x .@? "UploadDate") <*> (x .@ "UserName") <*>
                (x .@ "CertificateId")
                <*> (x .@ "CertificateBody")
                <*> (x .@ "Status")

instance Hashable SigningCertificate

instance NFData SigningCertificate

-- | Contains the response to a successful < SimulatePrincipalPolicy> or < SimulateCustomPolicy> request.
--
-- /See:/ 'simulatePolicyResponse' smart constructor.
data SimulatePolicyResponse = SimulatePolicyResponse'
    { _spEvaluationResults :: !(Maybe [EvaluationResult])
    , _spMarker            :: !(Maybe Text)
    , _spIsTruncated       :: !(Maybe Bool)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'SimulatePolicyResponse' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'spEvaluationResults'
--
-- * 'spMarker'
--
-- * 'spIsTruncated'
simulatePolicyResponse
    :: SimulatePolicyResponse
simulatePolicyResponse =
    SimulatePolicyResponse'
    { _spEvaluationResults = Nothing
    , _spMarker = Nothing
    , _spIsTruncated = Nothing
    }

-- | The results of the simulation.
spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]
spEvaluationResults = lens _spEvaluationResults (\ s a -> s{_spEvaluationResults = a}) . _Default . _Coerce;

-- | When 'IsTruncated' is 'true', this element is present and contains the value to use for the 'Marker' parameter in a subsequent pagination request.
spMarker :: Lens' SimulatePolicyResponse (Maybe Text)
spMarker = lens _spMarker (\ s a -> s{_spMarker = a});

-- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the 'Marker' request parameter to retrieve more items. Note that IAM might return fewer than the 'MaxItems' number of results even when there are more results available. We recommend that you check 'IsTruncated' after every call to ensure that you receive all of your results.
spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
spIsTruncated = lens _spIsTruncated (\ s a -> s{_spIsTruncated = a});

instance FromXML SimulatePolicyResponse where
        parseXML x
          = SimulatePolicyResponse' <$>
              (x .@? "EvaluationResults" .!@ mempty >>=
                 may (parseXMLList "member"))
                <*> (x .@? "Marker")
                <*> (x .@? "IsTruncated")

instance Hashable SimulatePolicyResponse

instance NFData SimulatePolicyResponse

-- | Contains a reference to a 'Statement' element in a policy document that determines the result of the simulation.
--
-- This data type is used by the 'MatchedStatements' member of the 'EvaluationResult' type.
--
-- /See:/ 'statement' smart constructor.
data Statement = Statement'
    { _sSourcePolicyType :: !(Maybe PolicySourceType)
    , _sSourcePolicyId   :: !(Maybe Text)
    , _sEndPosition      :: !(Maybe Position)
    , _sStartPosition    :: !(Maybe Position)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'Statement' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'sSourcePolicyType'
--
-- * 'sSourcePolicyId'
--
-- * 'sEndPosition'
--
-- * 'sStartPosition'
statement
    :: Statement
statement =
    Statement'
    { _sSourcePolicyType = Nothing
    , _sSourcePolicyId = Nothing
    , _sEndPosition = Nothing
    , _sStartPosition = Nothing
    }

-- | The type of the policy.
sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType)
sSourcePolicyType = lens _sSourcePolicyType (\ s a -> s{_sSourcePolicyType = a});

-- | The identifier of the policy that was provided as an input.
sSourcePolicyId :: Lens' Statement (Maybe Text)
sSourcePolicyId = lens _sSourcePolicyId (\ s a -> s{_sSourcePolicyId = a});

-- | The row and column of the end of a 'Statement' in an IAM policy.
sEndPosition :: Lens' Statement (Maybe Position)
sEndPosition = lens _sEndPosition (\ s a -> s{_sEndPosition = a});

-- | The row and column of the beginning of the 'Statement' in an IAM policy.
sStartPosition :: Lens' Statement (Maybe Position)
sStartPosition = lens _sStartPosition (\ s a -> s{_sStartPosition = a});

instance FromXML Statement where
        parseXML x
          = Statement' <$>
              (x .@? "SourcePolicyType") <*>
                (x .@? "SourcePolicyId")
                <*> (x .@? "EndPosition")
                <*> (x .@? "StartPosition")

instance Hashable Statement

instance NFData Statement

-- | Contains information about an IAM user entity.
--
-- This data type is used as a response element in the following actions:
--
-- -   < CreateUser>
--
-- -   < GetUser>
--
-- -   < ListUsers>
--
--
-- /See:/ 'user' smart constructor.
data User = User'
    { _uPasswordLastUsed :: !(Maybe ISO8601)
    , _uPath             :: !Text
    , _uUserName         :: !Text
    , _uUserId           :: !Text
    , _uARN              :: !Text
    , _uCreateDate       :: !ISO8601
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'User' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'uPasswordLastUsed'
--
-- * 'uPath'
--
-- * 'uUserName'
--
-- * 'uUserId'
--
-- * 'uARN'
--
-- * 'uCreateDate'
user
    :: Text -- ^ 'uPath'
    -> Text -- ^ 'uUserName'
    -> Text -- ^ 'uUserId'
    -> Text -- ^ 'uARN'
    -> UTCTime -- ^ 'uCreateDate'
    -> User
user pPath_ pUserName_ pUserId_ pARN_ pCreateDate_ =
    User'
    { _uPasswordLastUsed = Nothing
    , _uPath = pPath_
    , _uUserName = pUserName_
    , _uUserId = pUserId_
    , _uARN = pARN_
    , _uCreateDate = _Time # pCreateDate_
    }

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the user\'s password was last used to sign in to an AWS website. For a list of AWS websites that capture a user\'s last sign-in time, see the <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Credential Reports> topic in the /Using IAM/ guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. This field is null (not present) when:
--
-- -   The user does not have a password
--
-- -   The password exists but has never been used (at least not since IAM started tracking this information on October 20th, 2014
--
-- -   there is no sign-in data associated with the user
--
-- This value is returned only in the < GetUser> and < ListUsers> actions.
uPasswordLastUsed :: Lens' User (Maybe UTCTime)
uPasswordLastUsed = lens _uPasswordLastUsed (\ s a -> s{_uPasswordLastUsed = a}) . mapping _Time;

-- | The path to the user. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
uPath :: Lens' User Text
uPath = lens _uPath (\ s a -> s{_uPath = a});

-- | The friendly name identifying the user.
uUserName :: Lens' User Text
uUserName = lens _uUserName (\ s a -> s{_uUserName = a});

-- | The stable and unique string identifying the user. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
uUserId :: Lens' User Text
uUserId = lens _uUserId (\ s a -> s{_uUserId = a});

-- | The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
uARN :: Lens' User Text
uARN = lens _uARN (\ s a -> s{_uARN = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the user was created.
uCreateDate :: Lens' User UTCTime
uCreateDate = lens _uCreateDate (\ s a -> s{_uCreateDate = a}) . _Time;

instance FromXML User where
        parseXML x
          = User' <$>
              (x .@? "PasswordLastUsed") <*> (x .@ "Path") <*>
                (x .@ "UserName")
                <*> (x .@ "UserId")
                <*> (x .@ "Arn")
                <*> (x .@ "CreateDate")

instance Hashable User

instance NFData User

-- | Contains information about an IAM user, including all the user\'s policies and all the IAM groups the user is in.
--
-- This data type is used as a response element in the < GetAccountAuthorizationDetails> action.
--
-- /See:/ 'userDetail' smart constructor.
data UserDetail = UserDetail'
    { _udGroupList               :: !(Maybe [Text])
    , _udARN                     :: !(Maybe Text)
    , _udPath                    :: !(Maybe Text)
    , _udCreateDate              :: !(Maybe ISO8601)
    , _udUserName                :: !(Maybe Text)
    , _udUserId                  :: !(Maybe Text)
    , _udUserPolicyList          :: !(Maybe [PolicyDetail])
    , _udAttachedManagedPolicies :: !(Maybe [AttachedPolicy])
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'UserDetail' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'udGroupList'
--
-- * 'udARN'
--
-- * 'udPath'
--
-- * 'udCreateDate'
--
-- * 'udUserName'
--
-- * 'udUserId'
--
-- * 'udUserPolicyList'
--
-- * 'udAttachedManagedPolicies'
userDetail
    :: UserDetail
userDetail =
    UserDetail'
    { _udGroupList = Nothing
    , _udARN = Nothing
    , _udPath = Nothing
    , _udCreateDate = Nothing
    , _udUserName = Nothing
    , _udUserId = Nothing
    , _udUserPolicyList = Nothing
    , _udAttachedManagedPolicies = Nothing
    }

-- | A list of IAM groups that the user is in.
udGroupList :: Lens' UserDetail [Text]
udGroupList = lens _udGroupList (\ s a -> s{_udGroupList = a}) . _Default . _Coerce;

-- | Undocumented member.
udARN :: Lens' UserDetail (Maybe Text)
udARN = lens _udARN (\ s a -> s{_udARN = a});

-- | The path to the user. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
udPath :: Lens' UserDetail (Maybe Text)
udPath = lens _udPath (\ s a -> s{_udPath = a});

-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format>, when the user was created.
udCreateDate :: Lens' UserDetail (Maybe UTCTime)
udCreateDate = lens _udCreateDate (\ s a -> s{_udCreateDate = a}) . mapping _Time;

-- | The friendly name identifying the user.
udUserName :: Lens' UserDetail (Maybe Text)
udUserName = lens _udUserName (\ s a -> s{_udUserName = a});

-- | The stable and unique string identifying the user. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
udUserId :: Lens' UserDetail (Maybe Text)
udUserId = lens _udUserId (\ s a -> s{_udUserId = a});

-- | A list of the inline policies embedded in the user.
udUserPolicyList :: Lens' UserDetail [PolicyDetail]
udUserPolicyList = lens _udUserPolicyList (\ s a -> s{_udUserPolicyList = a}) . _Default . _Coerce;

-- | A list of the managed policies attached to the user.
udAttachedManagedPolicies :: Lens' UserDetail [AttachedPolicy]
udAttachedManagedPolicies = lens _udAttachedManagedPolicies (\ s a -> s{_udAttachedManagedPolicies = a}) . _Default . _Coerce;

instance FromXML UserDetail where
        parseXML x
          = UserDetail' <$>
              (x .@? "GroupList" .!@ mempty >>=
                 may (parseXMLList "member"))
                <*> (x .@? "Arn")
                <*> (x .@? "Path")
                <*> (x .@? "CreateDate")
                <*> (x .@? "UserName")
                <*> (x .@? "UserId")
                <*>
                (x .@? "UserPolicyList" .!@ mempty >>=
                   may (parseXMLList "member"))
                <*>
                (x .@? "AttachedManagedPolicies" .!@ mempty >>=
                   may (parseXMLList "member"))

instance Hashable UserDetail

instance NFData UserDetail

-- | Contains information about a virtual MFA device.
--
-- /See:/ 'virtualMFADevice' smart constructor.
data VirtualMFADevice = VirtualMFADevice'
    { _vmdQRCodePNG        :: !(Maybe (Sensitive Base64))
    , _vmdBase32StringSeed :: !(Maybe (Sensitive Base64))
    , _vmdUser             :: !(Maybe User)
    , _vmdEnableDate       :: !(Maybe ISO8601)
    , _vmdSerialNumber     :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'VirtualMFADevice' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'vmdQRCodePNG'
--
-- * 'vmdBase32StringSeed'
--
-- * 'vmdUser'
--
-- * 'vmdEnableDate'
--
-- * 'vmdSerialNumber'
virtualMFADevice
    :: Text -- ^ 'vmdSerialNumber'
    -> VirtualMFADevice
virtualMFADevice pSerialNumber_ =
    VirtualMFADevice'
    { _vmdQRCodePNG = Nothing
    , _vmdBase32StringSeed = Nothing
    , _vmdUser = Nothing
    , _vmdEnableDate = Nothing
    , _vmdSerialNumber = pSerialNumber_
    }

-- | A QR code PNG image that encodes 'otpauth:\/\/totp\/>virtualMFADeviceName\'>AccountName?secret=>Base32String' where '>virtualMFADeviceName' is one of the create call arguments, 'AccountName' is the user name if set (otherwise, the account ID otherwise), and 'Base32String' is the seed in Base32 format. The 'Base32String' value is Base64-encoded.
--
-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data,
-- despite what the AWS documentation might say.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This 'Lens' accepts and returns only raw unencoded data.
vmdQRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString)
vmdQRCodePNG = lens _vmdQRCodePNG (\ s a -> s{_vmdQRCodePNG = a}) . mapping (_Sensitive . _Base64);

-- | The Base32 seed defined as specified in <http://www.ietf.org/rfc/rfc3548.txt RFC3548>. The 'Base32StringSeed' is Base64-encoded.
--
-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data,
-- despite what the AWS documentation might say.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This 'Lens' accepts and returns only raw unencoded data.
vmdBase32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString)
vmdBase32StringSeed = lens _vmdBase32StringSeed (\ s a -> s{_vmdBase32StringSeed = a}) . mapping (_Sensitive . _Base64);

-- | Undocumented member.
vmdUser :: Lens' VirtualMFADevice (Maybe User)
vmdUser = lens _vmdUser (\ s a -> s{_vmdUser = a});

-- | The date and time on which the virtual MFA device was enabled.
vmdEnableDate :: Lens' VirtualMFADevice (Maybe UTCTime)
vmdEnableDate = lens _vmdEnableDate (\ s a -> s{_vmdEnableDate = a}) . mapping _Time;

-- | The serial number associated with 'VirtualMFADevice'.
vmdSerialNumber :: Lens' VirtualMFADevice Text
vmdSerialNumber = lens _vmdSerialNumber (\ s a -> s{_vmdSerialNumber = a});

instance FromXML VirtualMFADevice where
        parseXML x
          = VirtualMFADevice' <$>
              (x .@? "QRCodePNG") <*> (x .@? "Base32StringSeed")
                <*> (x .@? "User")
                <*> (x .@? "EnableDate")
                <*> (x .@ "SerialNumber")

instance Hashable VirtualMFADevice

instance NFData VirtualMFADevice