{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.IAM.Types.EvaluationResult
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.IAM.Types.EvaluationResult where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.IAM.Types.OrganizationsDecisionDetail
import Amazonka.IAM.Types.PermissionsBoundaryDecisionDetail
import Amazonka.IAM.Types.PolicyEvaluationDecisionType
import Amazonka.IAM.Types.ResourceSpecificResult
import Amazonka.IAM.Types.Statement
import qualified Amazonka.Prelude as Prelude

-- | Contains the results of a simulation.
--
-- This data type is used by the return parameter of
-- @ @@SimulateCustomPolicy@@ @ and @ @@SimulatePrincipalPolicy@@ @.
--
-- /See:/ 'newEvaluationResult' smart constructor.
data EvaluationResult = EvaluationResult'
  { -- | Additional details about the results of the cross-account evaluation
    -- decision. This parameter is populated for only cross-account
    -- simulations. It contains a brief summary of how each policy type
    -- contributes to the final evaluation decision.
    --
    -- If the simulation evaluates policies within the same account and
    -- includes a resource ARN, then the parameter is present but the response
    -- is empty. If the simulation evaluates policies within the same account
    -- and specifies all resources (@*@), then the parameter is not returned.
    --
    -- When you make a cross-account request, Amazon Web Services evaluates the
    -- request in the trusting account and the trusted account. The request is
    -- allowed only if both evaluations return @true@. For more information
    -- about how policies are evaluated, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics Evaluating policies within a single account>.
    --
    -- If an Organizations SCP included in the evaluation denies access, the
    -- simulation ends. In this case, policy evaluation does not proceed any
    -- further and this parameter is not returned.
    EvaluationResult
-> Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails :: Prelude.Maybe (Prelude.HashMap Prelude.Text PolicyEvaluationDecisionType),
    -- | The ARN of the resource that the indicated API operation was tested on.
    EvaluationResult -> Maybe Text
evalResourceName :: Prelude.Maybe Prelude.Text,
    -- | A list of the statements in the input policies that determine the result
    -- for this scenario. Remember that even if multiple statements allow the
    -- operation on the resource, if only one statement denies that operation,
    -- then the explicit deny overrides any allow. In addition, the deny
    -- statement is the only entry included in the result.
    EvaluationResult -> Maybe [Statement]
matchedStatements :: Prelude.Maybe [Statement],
    -- | A list of context keys that are required by the included input policies
    -- but that were not provided by one of the input parameters. This list is
    -- used when the resource in a simulation is \"*\", either explicitly, or
    -- when the @ResourceArns@ parameter blank. If you include a list of
    -- resources, then any missing context values are instead included under
    -- the @ResourceSpecificResults@ section. To discover the context keys used
    -- by a set of policies, you can call GetContextKeysForCustomPolicy or
    -- GetContextKeysForPrincipalPolicy.
    EvaluationResult -> Maybe [Text]
missingContextValues :: Prelude.Maybe [Prelude.Text],
    -- | A structure that details how Organizations and its service control
    -- policies affect the results of the simulation. Only applies if the
    -- simulated user\'s account is part of an organization.
    EvaluationResult -> Maybe OrganizationsDecisionDetail
organizationsDecisionDetail :: Prelude.Maybe OrganizationsDecisionDetail,
    -- | Contains information about the effect that a permissions boundary has on
    -- a policy simulation when the boundary is applied to an IAM entity.
    EvaluationResult -> Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail :: Prelude.Maybe PermissionsBoundaryDecisionDetail,
    -- | The individual results of the simulation of the API operation specified
    -- in EvalActionName on each resource.
    EvaluationResult -> Maybe [ResourceSpecificResult]
resourceSpecificResults :: Prelude.Maybe [ResourceSpecificResult],
    -- | The name of the API operation tested on the indicated resource.
    EvaluationResult -> Text
evalActionName :: Prelude.Text,
    -- | The result of the simulation.
    EvaluationResult -> PolicyEvaluationDecisionType
evalDecision :: PolicyEvaluationDecisionType
  }
  deriving (EvaluationResult -> EvaluationResult -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: EvaluationResult -> EvaluationResult -> Bool
$c/= :: EvaluationResult -> EvaluationResult -> Bool
== :: EvaluationResult -> EvaluationResult -> Bool
$c== :: EvaluationResult -> EvaluationResult -> Bool
Prelude.Eq, ReadPrec [EvaluationResult]
ReadPrec EvaluationResult
Int -> ReadS EvaluationResult
ReadS [EvaluationResult]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [EvaluationResult]
$creadListPrec :: ReadPrec [EvaluationResult]
readPrec :: ReadPrec EvaluationResult
$creadPrec :: ReadPrec EvaluationResult
readList :: ReadS [EvaluationResult]
$creadList :: ReadS [EvaluationResult]
readsPrec :: Int -> ReadS EvaluationResult
$creadsPrec :: Int -> ReadS EvaluationResult
Prelude.Read, Int -> EvaluationResult -> ShowS
[EvaluationResult] -> ShowS
EvaluationResult -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [EvaluationResult] -> ShowS
$cshowList :: [EvaluationResult] -> ShowS
show :: EvaluationResult -> String
$cshow :: EvaluationResult -> String
showsPrec :: Int -> EvaluationResult -> ShowS
$cshowsPrec :: Int -> EvaluationResult -> ShowS
Prelude.Show, forall x. Rep EvaluationResult x -> EvaluationResult
forall x. EvaluationResult -> Rep EvaluationResult x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep EvaluationResult x -> EvaluationResult
$cfrom :: forall x. EvaluationResult -> Rep EvaluationResult x
Prelude.Generic)

-- |
-- Create a value of 'EvaluationResult' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'evalDecisionDetails', 'evaluationResult_evalDecisionDetails' - Additional details about the results of the cross-account evaluation
-- decision. This parameter is populated for only cross-account
-- simulations. It contains a brief summary of how each policy type
-- contributes to the final evaluation decision.
--
-- If the simulation evaluates policies within the same account and
-- includes a resource ARN, then the parameter is present but the response
-- is empty. If the simulation evaluates policies within the same account
-- and specifies all resources (@*@), then the parameter is not returned.
--
-- When you make a cross-account request, Amazon Web Services evaluates the
-- request in the trusting account and the trusted account. The request is
-- allowed only if both evaluations return @true@. For more information
-- about how policies are evaluated, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics Evaluating policies within a single account>.
--
-- If an Organizations SCP included in the evaluation denies access, the
-- simulation ends. In this case, policy evaluation does not proceed any
-- further and this parameter is not returned.
--
-- 'evalResourceName', 'evaluationResult_evalResourceName' - The ARN of the resource that the indicated API operation was tested on.
--
-- 'matchedStatements', 'evaluationResult_matchedStatements' - A list of the statements in the input policies that determine the result
-- for this scenario. Remember that even if multiple statements allow the
-- operation on the resource, if only one statement denies that operation,
-- then the explicit deny overrides any allow. In addition, the deny
-- statement is the only entry included in the result.
--
-- 'missingContextValues', 'evaluationResult_missingContextValues' - A list of context keys that are required by the included input policies
-- but that were not provided by one of the input parameters. This list is
-- used when the resource in a simulation is \"*\", either explicitly, or
-- when the @ResourceArns@ parameter blank. If you include a list of
-- resources, then any missing context values are instead included under
-- the @ResourceSpecificResults@ section. To discover the context keys used
-- by a set of policies, you can call GetContextKeysForCustomPolicy or
-- GetContextKeysForPrincipalPolicy.
--
-- 'organizationsDecisionDetail', 'evaluationResult_organizationsDecisionDetail' - A structure that details how Organizations and its service control
-- policies affect the results of the simulation. Only applies if the
-- simulated user\'s account is part of an organization.
--
-- 'permissionsBoundaryDecisionDetail', 'evaluationResult_permissionsBoundaryDecisionDetail' - Contains information about the effect that a permissions boundary has on
-- a policy simulation when the boundary is applied to an IAM entity.
--
-- 'resourceSpecificResults', 'evaluationResult_resourceSpecificResults' - The individual results of the simulation of the API operation specified
-- in EvalActionName on each resource.
--
-- 'evalActionName', 'evaluationResult_evalActionName' - The name of the API operation tested on the indicated resource.
--
-- 'evalDecision', 'evaluationResult_evalDecision' - The result of the simulation.
newEvaluationResult ::
  -- | 'evalActionName'
  Prelude.Text ->
  -- | 'evalDecision'
  PolicyEvaluationDecisionType ->
  EvaluationResult
newEvaluationResult :: Text -> PolicyEvaluationDecisionType -> EvaluationResult
newEvaluationResult Text
pEvalActionName_ PolicyEvaluationDecisionType
pEvalDecision_ =
  EvaluationResult'
    { $sel:evalDecisionDetails:EvaluationResult' :: Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails =
        forall a. Maybe a
Prelude.Nothing,
      $sel:evalResourceName:EvaluationResult' :: Maybe Text
evalResourceName = forall a. Maybe a
Prelude.Nothing,
      $sel:matchedStatements:EvaluationResult' :: Maybe [Statement]
matchedStatements = forall a. Maybe a
Prelude.Nothing,
      $sel:missingContextValues:EvaluationResult' :: Maybe [Text]
missingContextValues = forall a. Maybe a
Prelude.Nothing,
      $sel:organizationsDecisionDetail:EvaluationResult' :: Maybe OrganizationsDecisionDetail
organizationsDecisionDetail = forall a. Maybe a
Prelude.Nothing,
      $sel:permissionsBoundaryDecisionDetail:EvaluationResult' :: Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail = forall a. Maybe a
Prelude.Nothing,
      $sel:resourceSpecificResults:EvaluationResult' :: Maybe [ResourceSpecificResult]
resourceSpecificResults = forall a. Maybe a
Prelude.Nothing,
      $sel:evalActionName:EvaluationResult' :: Text
evalActionName = Text
pEvalActionName_,
      $sel:evalDecision:EvaluationResult' :: PolicyEvaluationDecisionType
evalDecision = PolicyEvaluationDecisionType
pEvalDecision_
    }

-- | Additional details about the results of the cross-account evaluation
-- decision. This parameter is populated for only cross-account
-- simulations. It contains a brief summary of how each policy type
-- contributes to the final evaluation decision.
--
-- If the simulation evaluates policies within the same account and
-- includes a resource ARN, then the parameter is present but the response
-- is empty. If the simulation evaluates policies within the same account
-- and specifies all resources (@*@), then the parameter is not returned.
--
-- When you make a cross-account request, Amazon Web Services evaluates the
-- request in the trusting account and the trusted account. The request is
-- allowed only if both evaluations return @true@. For more information
-- about how policies are evaluated, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics Evaluating policies within a single account>.
--
-- If an Organizations SCP included in the evaluation denies access, the
-- simulation ends. In this case, policy evaluation does not proceed any
-- further and this parameter is not returned.
evaluationResult_evalDecisionDetails :: Lens.Lens' EvaluationResult (Prelude.Maybe (Prelude.HashMap Prelude.Text PolicyEvaluationDecisionType))
evaluationResult_evalDecisionDetails :: Lens'
  EvaluationResult
  (Maybe (HashMap Text PolicyEvaluationDecisionType))
evaluationResult_evalDecisionDetails = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails :: Maybe (HashMap Text PolicyEvaluationDecisionType)
$sel:evalDecisionDetails:EvaluationResult' :: EvaluationResult
-> Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails} -> Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe (HashMap Text PolicyEvaluationDecisionType)
a -> EvaluationResult
s {$sel:evalDecisionDetails:EvaluationResult' :: Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails = Maybe (HashMap Text PolicyEvaluationDecisionType)
a} :: EvaluationResult) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The ARN of the resource that the indicated API operation was tested on.
evaluationResult_evalResourceName :: Lens.Lens' EvaluationResult (Prelude.Maybe Prelude.Text)
evaluationResult_evalResourceName :: Lens' EvaluationResult (Maybe Text)
evaluationResult_evalResourceName = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe Text
evalResourceName :: Maybe Text
$sel:evalResourceName:EvaluationResult' :: EvaluationResult -> Maybe Text
evalResourceName} -> Maybe Text
evalResourceName) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe Text
a -> EvaluationResult
s {$sel:evalResourceName:EvaluationResult' :: Maybe Text
evalResourceName = Maybe Text
a} :: EvaluationResult)

-- | A list of the statements in the input policies that determine the result
-- for this scenario. Remember that even if multiple statements allow the
-- operation on the resource, if only one statement denies that operation,
-- then the explicit deny overrides any allow. In addition, the deny
-- statement is the only entry included in the result.
evaluationResult_matchedStatements :: Lens.Lens' EvaluationResult (Prelude.Maybe [Statement])
evaluationResult_matchedStatements :: Lens' EvaluationResult (Maybe [Statement])
evaluationResult_matchedStatements = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe [Statement]
matchedStatements :: Maybe [Statement]
$sel:matchedStatements:EvaluationResult' :: EvaluationResult -> Maybe [Statement]
matchedStatements} -> Maybe [Statement]
matchedStatements) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe [Statement]
a -> EvaluationResult
s {$sel:matchedStatements:EvaluationResult' :: Maybe [Statement]
matchedStatements = Maybe [Statement]
a} :: EvaluationResult) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A list of context keys that are required by the included input policies
-- but that were not provided by one of the input parameters. This list is
-- used when the resource in a simulation is \"*\", either explicitly, or
-- when the @ResourceArns@ parameter blank. If you include a list of
-- resources, then any missing context values are instead included under
-- the @ResourceSpecificResults@ section. To discover the context keys used
-- by a set of policies, you can call GetContextKeysForCustomPolicy or
-- GetContextKeysForPrincipalPolicy.
evaluationResult_missingContextValues :: Lens.Lens' EvaluationResult (Prelude.Maybe [Prelude.Text])
evaluationResult_missingContextValues :: Lens' EvaluationResult (Maybe [Text])
evaluationResult_missingContextValues = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe [Text]
missingContextValues :: Maybe [Text]
$sel:missingContextValues:EvaluationResult' :: EvaluationResult -> Maybe [Text]
missingContextValues} -> Maybe [Text]
missingContextValues) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe [Text]
a -> EvaluationResult
s {$sel:missingContextValues:EvaluationResult' :: Maybe [Text]
missingContextValues = Maybe [Text]
a} :: EvaluationResult) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | A structure that details how Organizations and its service control
-- policies affect the results of the simulation. Only applies if the
-- simulated user\'s account is part of an organization.
evaluationResult_organizationsDecisionDetail :: Lens.Lens' EvaluationResult (Prelude.Maybe OrganizationsDecisionDetail)
evaluationResult_organizationsDecisionDetail :: Lens' EvaluationResult (Maybe OrganizationsDecisionDetail)
evaluationResult_organizationsDecisionDetail = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe OrganizationsDecisionDetail
organizationsDecisionDetail :: Maybe OrganizationsDecisionDetail
$sel:organizationsDecisionDetail:EvaluationResult' :: EvaluationResult -> Maybe OrganizationsDecisionDetail
organizationsDecisionDetail} -> Maybe OrganizationsDecisionDetail
organizationsDecisionDetail) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe OrganizationsDecisionDetail
a -> EvaluationResult
s {$sel:organizationsDecisionDetail:EvaluationResult' :: Maybe OrganizationsDecisionDetail
organizationsDecisionDetail = Maybe OrganizationsDecisionDetail
a} :: EvaluationResult)

-- | Contains information about the effect that a permissions boundary has on
-- a policy simulation when the boundary is applied to an IAM entity.
evaluationResult_permissionsBoundaryDecisionDetail :: Lens.Lens' EvaluationResult (Prelude.Maybe PermissionsBoundaryDecisionDetail)
evaluationResult_permissionsBoundaryDecisionDetail :: Lens' EvaluationResult (Maybe PermissionsBoundaryDecisionDetail)
evaluationResult_permissionsBoundaryDecisionDetail = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail :: Maybe PermissionsBoundaryDecisionDetail
$sel:permissionsBoundaryDecisionDetail:EvaluationResult' :: EvaluationResult -> Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail} -> Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe PermissionsBoundaryDecisionDetail
a -> EvaluationResult
s {$sel:permissionsBoundaryDecisionDetail:EvaluationResult' :: Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail = Maybe PermissionsBoundaryDecisionDetail
a} :: EvaluationResult)

-- | The individual results of the simulation of the API operation specified
-- in EvalActionName on each resource.
evaluationResult_resourceSpecificResults :: Lens.Lens' EvaluationResult (Prelude.Maybe [ResourceSpecificResult])
evaluationResult_resourceSpecificResults :: Lens' EvaluationResult (Maybe [ResourceSpecificResult])
evaluationResult_resourceSpecificResults = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Maybe [ResourceSpecificResult]
resourceSpecificResults :: Maybe [ResourceSpecificResult]
$sel:resourceSpecificResults:EvaluationResult' :: EvaluationResult -> Maybe [ResourceSpecificResult]
resourceSpecificResults} -> Maybe [ResourceSpecificResult]
resourceSpecificResults) (\s :: EvaluationResult
s@EvaluationResult' {} Maybe [ResourceSpecificResult]
a -> EvaluationResult
s {$sel:resourceSpecificResults:EvaluationResult' :: Maybe [ResourceSpecificResult]
resourceSpecificResults = Maybe [ResourceSpecificResult]
a} :: EvaluationResult) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The name of the API operation tested on the indicated resource.
evaluationResult_evalActionName :: Lens.Lens' EvaluationResult Prelude.Text
evaluationResult_evalActionName :: Lens' EvaluationResult Text
evaluationResult_evalActionName = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {Text
evalActionName :: Text
$sel:evalActionName:EvaluationResult' :: EvaluationResult -> Text
evalActionName} -> Text
evalActionName) (\s :: EvaluationResult
s@EvaluationResult' {} Text
a -> EvaluationResult
s {$sel:evalActionName:EvaluationResult' :: Text
evalActionName = Text
a} :: EvaluationResult)

-- | The result of the simulation.
evaluationResult_evalDecision :: Lens.Lens' EvaluationResult PolicyEvaluationDecisionType
evaluationResult_evalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType
evaluationResult_evalDecision = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EvaluationResult' {PolicyEvaluationDecisionType
evalDecision :: PolicyEvaluationDecisionType
$sel:evalDecision:EvaluationResult' :: EvaluationResult -> PolicyEvaluationDecisionType
evalDecision} -> PolicyEvaluationDecisionType
evalDecision) (\s :: EvaluationResult
s@EvaluationResult' {} PolicyEvaluationDecisionType
a -> EvaluationResult
s {$sel:evalDecision:EvaluationResult' :: PolicyEvaluationDecisionType
evalDecision = PolicyEvaluationDecisionType
a} :: EvaluationResult)

instance Data.FromXML EvaluationResult where
  parseXML :: [Node] -> Either String EvaluationResult
parseXML [Node]
x =
    Maybe (HashMap Text PolicyEvaluationDecisionType)
-> Maybe Text
-> Maybe [Statement]
-> Maybe [Text]
-> Maybe OrganizationsDecisionDetail
-> Maybe PermissionsBoundaryDecisionDetail
-> Maybe [ResourceSpecificResult]
-> Text
-> PolicyEvaluationDecisionType
-> EvaluationResult
EvaluationResult'
      forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ( [Node]
x
                      forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"EvalDecisionDetails"
                      forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ forall a. Monoid a => a
Prelude.mempty
                      forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (forall k v.
(Eq k, Hashable k, FromText k, FromXML v) =>
Text -> Text -> Text -> [Node] -> Either String (HashMap k v)
Data.parseXMLMap Text
"entry" Text
"key" Text
"value")
                  )
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"EvalResourceName")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( [Node]
x
                      forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"MatchedStatements"
                      forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ forall a. Monoid a => a
Prelude.mempty
                      forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (forall a. FromXML a => Text -> [Node] -> Either String [a]
Data.parseXMLList Text
"member")
                  )
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( [Node]
x
                      forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"MissingContextValues"
                      forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ forall a. Monoid a => a
Prelude.mempty
                      forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (forall a. FromXML a => Text -> [Node] -> Either String [a]
Data.parseXMLList Text
"member")
                  )
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"OrganizationsDecisionDetail")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"PermissionsBoundaryDecisionDetail")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( [Node]
x
                      forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"ResourceSpecificResults"
                      forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ forall a. Monoid a => a
Prelude.mempty
                      forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (forall a. FromXML a => Text -> [Node] -> Either String [a]
Data.parseXMLList Text
"member")
                  )
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String a
Data..@ Text
"EvalActionName")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String a
Data..@ Text
"EvalDecision")

instance Prelude.Hashable EvaluationResult where
  hashWithSalt :: Int -> EvaluationResult -> Int
hashWithSalt Int
_salt EvaluationResult' {Maybe [Text]
Maybe [Statement]
Maybe [ResourceSpecificResult]
Maybe Text
Maybe (HashMap Text PolicyEvaluationDecisionType)
Maybe OrganizationsDecisionDetail
Maybe PermissionsBoundaryDecisionDetail
Text
PolicyEvaluationDecisionType
evalDecision :: PolicyEvaluationDecisionType
evalActionName :: Text
resourceSpecificResults :: Maybe [ResourceSpecificResult]
permissionsBoundaryDecisionDetail :: Maybe PermissionsBoundaryDecisionDetail
organizationsDecisionDetail :: Maybe OrganizationsDecisionDetail
missingContextValues :: Maybe [Text]
matchedStatements :: Maybe [Statement]
evalResourceName :: Maybe Text
evalDecisionDetails :: Maybe (HashMap Text PolicyEvaluationDecisionType)
$sel:evalDecision:EvaluationResult' :: EvaluationResult -> PolicyEvaluationDecisionType
$sel:evalActionName:EvaluationResult' :: EvaluationResult -> Text
$sel:resourceSpecificResults:EvaluationResult' :: EvaluationResult -> Maybe [ResourceSpecificResult]
$sel:permissionsBoundaryDecisionDetail:EvaluationResult' :: EvaluationResult -> Maybe PermissionsBoundaryDecisionDetail
$sel:organizationsDecisionDetail:EvaluationResult' :: EvaluationResult -> Maybe OrganizationsDecisionDetail
$sel:missingContextValues:EvaluationResult' :: EvaluationResult -> Maybe [Text]
$sel:matchedStatements:EvaluationResult' :: EvaluationResult -> Maybe [Statement]
$sel:evalResourceName:EvaluationResult' :: EvaluationResult -> Maybe Text
$sel:evalDecisionDetails:EvaluationResult' :: EvaluationResult
-> Maybe (HashMap Text PolicyEvaluationDecisionType)
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
evalResourceName
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [Statement]
matchedStatements
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [Text]
missingContextValues
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe OrganizationsDecisionDetail
organizationsDecisionDetail
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe [ResourceSpecificResult]
resourceSpecificResults
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
evalActionName
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` PolicyEvaluationDecisionType
evalDecision

instance Prelude.NFData EvaluationResult where
  rnf :: EvaluationResult -> ()
rnf EvaluationResult' {Maybe [Text]
Maybe [Statement]
Maybe [ResourceSpecificResult]
Maybe Text
Maybe (HashMap Text PolicyEvaluationDecisionType)
Maybe OrganizationsDecisionDetail
Maybe PermissionsBoundaryDecisionDetail
Text
PolicyEvaluationDecisionType
evalDecision :: PolicyEvaluationDecisionType
evalActionName :: Text
resourceSpecificResults :: Maybe [ResourceSpecificResult]
permissionsBoundaryDecisionDetail :: Maybe PermissionsBoundaryDecisionDetail
organizationsDecisionDetail :: Maybe OrganizationsDecisionDetail
missingContextValues :: Maybe [Text]
matchedStatements :: Maybe [Statement]
evalResourceName :: Maybe Text
evalDecisionDetails :: Maybe (HashMap Text PolicyEvaluationDecisionType)
$sel:evalDecision:EvaluationResult' :: EvaluationResult -> PolicyEvaluationDecisionType
$sel:evalActionName:EvaluationResult' :: EvaluationResult -> Text
$sel:resourceSpecificResults:EvaluationResult' :: EvaluationResult -> Maybe [ResourceSpecificResult]
$sel:permissionsBoundaryDecisionDetail:EvaluationResult' :: EvaluationResult -> Maybe PermissionsBoundaryDecisionDetail
$sel:organizationsDecisionDetail:EvaluationResult' :: EvaluationResult -> Maybe OrganizationsDecisionDetail
$sel:missingContextValues:EvaluationResult' :: EvaluationResult -> Maybe [Text]
$sel:matchedStatements:EvaluationResult' :: EvaluationResult -> Maybe [Statement]
$sel:evalResourceName:EvaluationResult' :: EvaluationResult -> Maybe Text
$sel:evalDecisionDetails:EvaluationResult' :: EvaluationResult
-> Maybe (HashMap Text PolicyEvaluationDecisionType)
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe (HashMap Text PolicyEvaluationDecisionType)
evalDecisionDetails
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
evalResourceName
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [Statement]
matchedStatements
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [Text]
missingContextValues
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe OrganizationsDecisionDetail
organizationsDecisionDetail
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe PermissionsBoundaryDecisionDetail
permissionsBoundaryDecisionDetail
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe [ResourceSpecificResult]
resourceSpecificResults
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
evalActionName
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf PolicyEvaluationDecisionType
evalDecision